Posts Tagged ‘spam’

2011w33

Sunday, August 21st, 2011

LaTeX

The adventures in LaTeX-land continues. Rikard didn’t want any page number displayed on the table of contents page, and after having tried a couple of different variants of \pagestyle{empty} and the likes we realized that for some reason that won’t work at all in the book-class. \pagenumbering{gobble}, however, seems to work in every class, but NOT inside the actual document (so I guess this means after having issued the first \chapter or \section command).

For the interested, I found the answer by searching and finding this post, which in turn lead me here.

RSS for logging purposes

I am toying with the idea of writing a small daemon which would create an RSS feed (or Atom or whatever is popular today, I don’t care) which I could then plug into feed2imap which I have on the server.

The idea then would be that I could write small monitoring scripts for whatever I wanted, check the temperature, check space on the disks, whatever, and have fcron execute these scripts every now and then, and the result of these scripts would be fed into the RSS daemon.

I haven’t thought this through yet at any rate, but I quite like the idea. We’ll see what comes of it :)

Revisiting my old friend Django

Grégoire (or as we like to call him, greg) began working on a Django implementation of the myConf concept, and I am helping out as best I can with it.

There were some template bugs which made the template overly complex which I am currently trying to iron out, and mostly the problem seems to boil down to that the input data to the template is stored in a way which makes access in the template harder than necessary.

So I’m attempting splitting the data up further, and using dictionaries as the overall structure, which of course meant that I needed to find how to iterate over a dictionary in Django.

I admit that it was quite some time since I read the Django docs, and had I done so I would eventually have found the solution, but google, as usual, beat me to finding the solution somewhere else.

The relevant parts are:

{% for key, value in dictionary.items %}{{ value }}{% endfor %}

Links

A non-intrusive (but javascript-required) approach to comment spam filtering. It’s probably a good solution, but I don’t like forcing users to activate javascript in their browser.

This is just plain frakking disgusting.

Interesting, and well-documented, approach to combating email spam.

Disposable email services

Wednesday, February 18th, 2009

I came across another one of these “disposable email services” (DES) yesterday. It had a pretty slick interface, and the front page had all the right texts (like “sticking it to the spamMAN” etc.) It all seem very good, except for one thing. They don’t tell you about when NOT to use their service.

That is also an interesting thing, a “service”. They are providing a functionality, for free. So how exactly are they making money? I didn’t see any ads on that particular site, so just how do they finance it? I wonder…

But returning to my original thought, they entice users with slogans, trying to come off as “one of the people”… “Sticking it to the MAN”… yeah…

The problem with these things are that sometimes people don’t think things through. “I want to sign up for this site XYZ, but what if it turns out that they will spam my inbox? I know, disposable email services!!!” Here’s the thing. You sign up for this service, they send an activation email, you respond to it, and now you have your new account at XYZ. If XYZ sends you spam, you won’t notice, because the DES eats the spam. However, your account now has a DES email bound to it (you can’t change it since then the threat of spam to your inbox surfaces) and that is bad. Really bad.

Playing the red team

Let’s for a second pretend that you are a person of lesser moral quality. And you wish to get hold of various user data (maybe even birth dates and credit card numbers). So you set up “disposable email service” and people start using it. On the front page you make sure to identify with the users (we all hate spam) and you solemnly swear that the email account will be disabled after 24 hours*.

*This particular site had a different system, you didn’t sign up for an account, you just entered [anything]@DES.example.org as the email address on site XYZ, and then on DES.example.org entered [anything]@DES.example.org which presented you with an inbox. (I tried entering asdf@DES.example.org and was rewarded with no less than 18 mails in that inbox, which means that not only are users possibly being frauded by DES.example.org, but all that stuff is also publicly visible to everyone else as well.)

However, being of lesser moral quality, you betray the users, you scan every email which has arrived to see which are spam (of course you also hate spam but hey, what’s a guy gonna do, right?) and which are activation emails. You let the users activate their accounts, and you wait a day or two (of course after 24 hours you pull the emails down, making them seem removed, as promised, while in reality they are still safe and sound on your server) you have a script go to site XYZ, find the “reset password” feature, and activate it. Boom!

A new mail arrives containing a notice that the password has been reset and a link to go to the site and change it. You go to the site, you change the password, and while you’re at it you jot down any user information.

The solution

I’m not saying that I know of any DES which does this (which is also why I am not printing the address of the site I was forwarded yesterday, no slander-charges for me thank you), all I’m saying is that there is indeed a time and a place for DES, but people usually don’t stop long enough to consider if it is wise to use a DES for all their needs. For sites which offer “free content” but demand that you sign up (if they don’t do this to harvest emails, to sell to spammers, I don’t know why they continue this idiocracy) a DES is excellent. For any service where you will want to insert your own personal information… well of course if you are worried about a site spamming up your inbox you shouldn’t put your personal information there to begin with, DES is not the way to go.

But then what? What if you’re unsure about whether XYZ will sell your email, but still want to sign up and still want to use personal information, then what?

Simple. Create a second email account. One which you don’t really care about, but which you have ultimate control over. If you notice a significant increase in spam after signing up for a new service, you keep that service to that “throw-away” email account. On the other hand, if there is no activity after having signed up, you could change the email in that account on XYZ to point to your real email. Easy.