Domain: idunno.org
Stories and comments across the archive that link to idunno.org.
Comments · 9
-
Misleading summary.
-
XHTML and asp.net 2.0
asp.net 2.0 (and it's not a vs feature really, it's down to the controls built into the framework) are, finally, xhtml compliant. You can set a switch in web.config to use transitional or strict. There have been a few bugs (including one I reported) which are marked as fixed for release and I've done, as a learning exercise a site that is XHTML compliant with little effort in VS2005.
The effort comes in things like the membership controls, which, by default are table based. This kind of makes sense, because they won't know which stylesheets you're using for layout purposes. However there is the option to template these controls, which means you right the HTML yourself, but the backend is still provided by the built in controls. The only control I've found that refuses to give up a table is the wizard based "Create new user".
There are still problems with VS2005, niggles like style sheets not displaying if they're "included", nested master pages killing off GUI editing and so on, but nothing I've found that will kill XHTML, unless you're on a downlevel browser where will make a best attempt to spit something that renders.
The downlevel browser thing is a pain though, as the W3C validator isn't known to asp.net, so it will spit out XHTML transitional, despite your DTDs. To fix it you can add a
.browser file to explain to asp.net that the validator knows what it's doing. I produced one already, and provided it with some documentation for download. -
Re:Off topic, but VPCAfter the rebranding the sense of humour appears to have vanished.
(I did that especially for you)
-
nofollow won't stop it.
But the spammer doesn't care. They don't check if you're using nofollow, they just vandalise your comments and run. Thinking nofollow will stop this type of spam is akin to thinking spam assassin or dnsBLs stop spammers. It hasn't, it just means the crud doesn't end up in your inbox.
I've ended up having a little database which holds both referral spammers and comment spammer URLs, so anyone who either tries to send an http request with a site listed as the HTTP referrer or post a comment with those sites in gets redirected to a permission denied page.
But I could do that because I'm vain enough to roll my own code (and embarassing it is too). Most bloggers will have to wait for their blog software authors to add something like that and then for their hosts to update.
Now what we really need is something akin to the SURBL where blog spam and referral spam urls end up, then plugins for every major blog engine out there to use it.
-
Re:Easy SolutionWell referral spam has been going on for ages (I list mine, but don't link to the urls) and people still publish web logs.
Ease of use is going to win every time.
-
Re:EasyWhile that's almost an amusing troll I've noticed a trend recently where fake referrals are sent to random pages. I would guess this is to boast google page rankings, as some people will publish lists of referring sites on a crawlable page. In the last two weeks a certain canadian IP sent fake referrals for various pages on
- www.spankarchive.com
- www.spanking-adult.com
- www.spanking-porn.com
- www.spanking-punishment.com
- www.spankingstories.us
- www.spankphotos.com
- www.spankpics.net
Their ISP killed their account after 3 reported strikes.
Then there's em3.net, a scumware site that tried this last year. Following the links triggered attempted spyware downloads.
(If anyone is truely interested I have a partial list at http://idunno.org/misc/referralSpammers.aspx)
-
Re:Signal to noise ratio plan.Google started guess at RSS feed URLs, I noticed it (and blogged it, heh) on Sunday.
Despite the files not existing, and of course, no links to them, google tried to read
- atom.xml
- rss.xml
- index.rdf
So, why? Are they going to adjust ranking on sites that are obviously blogs because they have feeds?
-
Another direct x vulnerability
The classic Coffee Cup exploit
-
Filtering still costs... and other thoughts.
have it pretty bad since their SMTP servers are often being hijaaked to send email that nobody wants.
If an ISP is running an open relay, then they deserve to get highjacked. There's no excuse for that these days.
However, filtering at the SMTP level, whilst useful, still isn't a complete solution. Why not? Well
- Even if you drop the connection after the HELO/EHLO, your bandwidth is still being used. A lot of spamware doesn't even cope with dropped connections, or user not found messages, and will still sit there, attempting to send, using your bandwidth.
- No filtering is perfect. Either it doesn't catch enough, or it deletes too much. Simply tagging mail, and not deleting means your disk space is still being used to store the spam until your users decide what to do with it.
- DNS based RBLs are wonderful. I use them (stats are at oberon.idunno.org/spam/, but how much do you trust the black list providers? Then, of course, you have people suing the black list providers, who then bow out because it's easier than mounting a defence.
- "Free speech". Yes, we know free speech doesn't apply to spam, or to those of us outside the US, but the idiotic mindset of a spammer doesn't seem to realise that my private property negates their right to talk to me. And thus more legal threats begin.
So, what to do? Small ISPs will have problems. Spammers sign up with credit cards, do a spam run, and flee. So, you have the credit card number, FINE THEM. Put that in your contract.
What can be done about the big boys hosting spammers, Verio, Exodus et al? Block them at the routers.