Is there a way to tell if a third-party site has patched the bug? (Upgraded to 1.0.1g) Not much point in changing your password on that site before the vulnerability is fixed.

Someone wrote this: http://filippo.io/Heartbleed/

echo -e "quit\n" | openssl s_client -connect <HOSTNAME>:443 -tlsextdebug 2>&1| [ "` grep -c 'TLS server extension \"heartbeat\" (id=15), len=1'`" -gt 0 ] && echo 'Vulnerable'

That can false-positive, for what it's worth, in servers with fixed TLS heartbeats (instead of removing them).

If you add the live_console gem to a rails app, you can use netcat to run IRB against the live application. You can change the app's state from a console, like flushing a cache or even making a patch, without having to restart the app.

If a merchant doesn't want to be on our site, all they have to do is ask and we'll remove them.

The merchant is our friend. We bring them customers and sales. We avoid the things they hate, like linking customers away to another site. We also have some future features in mind that they'll really like.

We're also willing to let them run plurchase on their own servers, and in the future, will offer white-label functionality.

I evaluated cgiproxy at the beginning of this project, along with a variety of apache mods and other libraries. cgiproxy didn't work for most of the merchant sites that I checked. Was an oversight to ignore them thereafter though. Like you said, they've put a lot of time into special cases, and we can learn things from them.

Their primary goal is anonymous browsing. Ours is collaborative shopping, or more specifically, adding new functionality to existing sites. Our proxy lets us do amazing things with client state, image scraping, and more. A different tool for a different problem.

We plan on supporting both public & private. Mostly just UI work to add the public functionality. One idea: when in a public shopping group/room, we'd replace the little preview boxes with a stream of just-product-pages as people visit them.

you can also keep track of how people browse the site from page to page, etc. and draw lots of good stats. e.g. similar to amazon's "people who bought these also bought..." or "people who viewed this ultimately bought..." but globally across multiple sites

Yeah, we can have all kinds of fun things once we have a few thousand daily users. We could do stuff like: pair you with other camera shoppers if you're interested in cameras specifically, allow you to help other people shop for specific things (personal shopper), find out what people ultimately purchased when they looked at your current product, what other stores users visited when looking at the current product, etc