Slashdot Mirror
AOL Blocks Links from LiveJournal
Martin continues:
"We've tried to contact AOL three different ways, all without success. We've also told our users to contact their tech support. At one point, an AOL
staffer pointed
out that FTP access still worked (which is probably because FTP has no
"Referrer" concept), and so, as an interim fix, we're rewriting all HTTP URLs
to use FTP on the AOL properties where that works instead. This means that
users can again host their images on the AOL webspace they're paying for, but
more importantly, it means they can simply link to their webpage.
We wouldn't be so upset if they were simply blocking images. Bandwidth use
is a valid concern, after all, and we even provide step-by-step
instructions for people to configure their webservers to prevent image
"theft". However, because they're blocking all access, including regular
links, this looks like it's either a mistake, or something more insidious (the
conspiracy theorists have pointed out that AOL has just launched their own
competing weblog product, also based on "journals").
Although CI Host
sued AOL recently for being blocked, we really don't want to do that. We
still suspect that this was all just a mistake, and hopefully, by making this
public, we'll manage to get their attention, since all our previous attempts
have failed."
Enable referrer logging
It's optional, so browsers don't need to send it. Mozilla/Firebird/etc (and Opera) can be easily modified to not send one, and the Google Toolbar could probably support blocking them, too (since IE isn't being updated). AOL is a big enough presence that this could have a significant impact on peoples' browsing.
Hopefully this is a temporary block giving them enough time to increase their bandwidth to the correct systems. And right now they are blocking everything so they can come up with a game plan.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Anything that discourages "blogging" can't be all bad.
Actually, you may want to investigate whether or not AOL has gone live with their blog offering ( article here). If so, it may be viewed as an intentional act.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Could you get around this using tinyurl? I'm not sure if it changes the HTTP_REFERRER or not.
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
This is a really level-headed, well played move on LJ's part - primarily because they're following the universal principle of assuming stupidity before malice. ;)
The Free desktop that Just Works
Following the second link in the text, I ended up at this image.
Yet another reason not to like AOL users. Now if you'll excuse me, I need to go wash out my eyes with nitric acid.
In the future, all spacecraft will be made of cheese.
Any else noticed that members.aol.com is sending an invalid content-type header?
I've seen iso8859 and text/iso8859-html, neither of which Firebird likes...
TODO: Something witty here...
It wouldn't help people with embedded links to images at AOL, but at least it could get people to AOL without any additional clicking.
Well not the whole AOL network, but the former mozilla division blocked links from slashdot (and still does), (Example). Any sites that cause major bandwidth use should be blocked, I'm sure some frequest slashdotters get the infamous Pink page of death.
Don't use an ISP that is "broken". AOL has little to recommend it.
I use Adelphia PowerLink at home. On the road, I have a dial up account with a local ISP with dial up numbers in the cities I frequently have to visit.
Corporatism != Free Market
...that people bend over backwards to accomodate companies with draconian policies like AOL? If I were running an ISP, the loss of a few customers because they suddenly discovered they could no longer send e-mail to AOL customers through no fault of my own would most likely be offset by new customers who understand that the earth does not revolve around AOL. So they're blocking incoming HTTP traffic based on referrer? Are there not more pressing problems to attend to rather than trying to please the AOL gods?
I'm not saying AOL is in the right. I'm simply saying that AOL (and companies like them) should be made to lie in the bed they make for themselves. Only when AOL customers start to be inconvenienced by AOL's own policies (rather than third parties patching together "workarounds" in a misguided attempt to protect the integrity of AOL) will they realize what AOL is up to...
"And now we have a request from an AOL user that suddenly they stopped getting LJ emails. They say AOL did just add some new spam filters, so that may relate.
It almost makes you think that they don't like us..."
AOLers are only getting sanitized Internet to the company's liking... Those who are not happy should switch.
have you been defaced today?
Anytime there's an article that whines about deep linking, a few dozen people post replies saying that the company could use the referer header to block all such requests. Now that a company is actually doing it, it's suddenly a bad idea. Which is it -- good technical solution or bad censorship?
I should also point out that some sites automatically block slashdot.org referers as a matter of self protection.
Toronto-area transit rider? Rate your ride.
Many times in a large organization changes are made where the impact across the enterprise isn't realized either through poor planning or lack of full testing. Sometimes you just miss something.
... try cooperation and information sharing rather than decalring war.
I do like their approach of hitting up the Slashdot crowd looking for more information and passing on what they have.
More companies should do like you said
Unfortunately, this trick really only works with MSIE. But it's better than nothing.The above should all be on one line. Check for extra white space where the line feed got placed by Slashdot's bug (thanks alot).
It should be strip_referrer.js with no space. Why does Slashdot do that??
A programmer is a machine for converting coffee into code.
...on usage of the customer webspace? Does it have to be a full site, or can it be a storage place for images/files linked to from another site? Consumers are paying for the AOL service, and getting AOL webspace as part of the deal - are there limitations on its utilization?
"The Tree of Liberty must be refreshed from time to time with the blood of Patriots and Tyrants." --Thomas Jefferson
I, for one, like the referer heading. It is useful to see where traffic is coming from and it really stinks that AOL is going to encourage people to mess with it, remove it, or spoof it. This will be the ONLY result of AOL's action. They may get a short break from livejournal links but people will work around it. The internet is about linking after all. If AOL want's to invent their own thing with their own rules they should make their own little private net like they used to have and they can remain one tight, happy, cloistered little clique. Of course if the referer header becomes useless maybe it would be a good opportunity to fix one of the most influential spelling errors in recent time and start using the refeRRer header instead.
Pretty soon AOL will have blocked all of it's lusers from the entire web.
That should AOL continue to block deep-linking (which they have the right to do so assuming that there is no contradictory clause in a user's contract) they should at least redirect users to a page explaining what is actually going on rather than leaving them to complain to LJ support.
to use sledgehammer tactics when it comes to something they don't like..
Stupid, stupid, stupid..
First rule of holes; When in one, stop digging.
A lot of websites let you bounce to other sites. Here are some demonstations
Debian link to aol.com
Yahoo link to aol.com
Google link to aol.com
Goatse link (yes, its true, goatse is useful!) to aol.com
Hopefully, unless AOL wants to block the internet off, people will get around, and we can always set up p2p based redirection system (ala freenet). To get trough.
When AOL needed help setting up their blogging software, who did they talk to? People like Dave Winer and other members of the net community.
So shouldn't there be some sort of Karma here where we, the blogging community, ostracize a bad player. They do it to spammers all the time, why not to the big guys. They'll eventually realize that it's not profitable to do so, and conform.
We could choose to disallow AOL urls into weblogs. We could prevent anybody with an AOL account having an RSS feed to a Blogger or LiveJournal. We could ban them from our conferences. Sounds like we're being assholes or "closed" by doing so, but I think it's important for people to check the bully to in the long-term enable the most openess possible.
Philosophistry
My more centrist side says...
My cynical side says...
Hey look! It's Triangle Man!
Unfortunately, killing the referer header breaks alot of sites which are blocking image pointing. We (KeenSpace) just put in header checking. We do it so that if a request for an image isn't from a webpage we host (eazy stuff to do), it's 404'ed.
We cut our bandwith by 50% that way.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
...welcome our new AOL overlords.
I'm getting a ritual circumcision as required by AOL CEO Levin as we speakKKKKALRRRRRRRRRRRRRRRRRRRRR.
(1) Break your user's websites.
(2) ???
(3) Profit!
AOL invented blanket blocking. I'm blocked from their SMTP server, and I've heard several different justifications for it.
I suspect that they are like SCO, in that no one with any self respect or knowledge will work for them. The first time I complained about being blocked, they replied that no one there knew how to allow a server on a "dynamic" subnet. (Dynamic my shiny metal ass.) Later, I heard that no one knew how to allow one ip address while blocking the rest of the subnet. As a result, I'm being accused of the half a billion pieces of spam my ISP's other customers send to AOL.
Let's hope that broadband finally kills those bastards off. I hope their stock falls so much in value that they start using outstanding shares as toilet paper. (I'd pay to use it as toilet paper, but they want a lot more than it's worth...)
You can't judge a book by the way it wears its hair.
I just blocked all AOL users from accessing my website. I am considering blocking incoming mail from AOL users, but I have to talk it over with my users first. If AOL will block internet hosts willy-nilly (they blocked me because I'm on a dynamic connection), then I might as well block them too.
Images hosted on Netscape and on FTP servers are now being blocked as well.
This block seems more intermittent, but it makes you wonder, since Netscape is owned by AOHELL...
Stupidity like this won't affect me at all. I use the Proxomitron, and I have the referrer field set to \u (which I think is the default setting). \u inserts the current URL into the referrer field. So, for example, if I hit a link on www.slashdot.org/foo.htm to www.aol.com/foo.htm, the Proxomitron will send www.aol.com/foo.htm and not www.slashdot.org/foo.htm to the server. This is especially helpful for sites that return 404's to requests with blank referrers (since the server always thinks the request is coming from its domain when in reality it may not be.)
Reprise the theme song and roll the credits!
Cheapasses is right. You get what you pay for, and if you're paying for impossible things, you should beware the catch. There is no such thing as unlimited bandwidth, or unlimited space...merely limits that you haven't hit yet.
A t1 line is still over $700 per month, so burstable bandwidth starts at more than $2 per gigabyte. People who are on better pipes pay way less, of course, but then again they need to maintain them, and technicians start at about $25 per hour. Servers need to be powered, backed up and maintained to prevent hackattacks. So when somebody offers you unlimited bandwidth, unlimited space, unlimited email with 24x7 support for a pretty number like $7.77 or $5.55 or whatever, they're basically lying to you.
Check your AUP. Somewhere in there you'll find a line saying that your unlimited bandwidth can be terminated at any time if you use too much of it. Unlimited really means "We're not telling you the limits. But you'll know when you hit them." Generally because your site takes off. You get popular, people start laughing at your jokes and caring about your weblog. Then your provider cuts the cord. Sucks, don't it?
See, ISPs at all levels make money by overselling. They tell you you have a T1, when really it's fractional. They tell you you have 256 kbit upstream, then it maxes at 192. The most egregious example of this is the El-Cheapo webhost, an animal I despised so much that I started my own crummy service to combat it. If you have the know-how, and you have the time, I suggest you do the same. It can be a lot of fun and offsets the cost of big web projects. Just don't harbor any dreams of getting stinko rich.
I remember the first time I had a site get "overnight popular." It was a certain web comic that we begged to come on board. In about two weeks ge went from moving 2 gig a month to over 50. And because we small timers get the short end of the bandwidth stick, his bill was about $200. Not his bill FROM us, but the bill TO us from our host for just his transfer. We didn't mark it up. That's a lot of money when you're a hobbiest. Shit, that was as much as we paid for everybody else's bandwidth that month.
We have a policy of not touching people's sites or restricting tranfer, but if we hadn't known the guy (and known he was good for the money, which his new fans donated in droves, we even threw in $30), we probably would have had to use the "no contract" clause and take the site offline. Damned if I'm paying for somebody else's popularity...
Hey freaks: now you're ju
Am I the only one here that remembers AOL from back in the day? I'm talking 1994 here. Had it for a month, then they cancelled my account behind my back with no prior warning because i downloaded too much stuff. Back then, all they had was email. Now AOL is getting all restrictive again. This doesn't surprize me too much, but it'd be nice if they would keep the 'net a friendly place. I guess the current neophytes have prevented such action.
If you have paid for the space, and they put a block on, sue them..
"You lied to me! There is a Swansea!"
I believe sites that have been slashdotted in the past have done this same thing to prevent their server from getting flooded. I think it's AOL's right to do this, they don't want livejournal linking to them. The polite thing to do would be to say why in the error page though, not just give a 404.
On a technical note, you can set up a page with a META Refresh which will clear the referrer (a HTTP server transfer will keep the original referrer intact though)
If AOL is having a problem with people chewing up a huge amount of bandwidth using AOL as an imageserver for LiveServer, blocking all file types would be necessary unless AOL wants to screw with the content. The reason? IE doesn't care what you call an image - it can be "hotpr0n.html" and IE is "smart" enough to figure out it's a jpeg and display it. Plus, the pr0nmongers could always make AOL hosted iframes for their images, so even if AOL could spare the computing power to analyse every document it serves (to see if it's really an image) it wouldn't help. I've dealt with pr0nmongers before - they're very clever monkeys. And if it's wares or mp3s, that's even worse - you can fix the pr0nmongers with a simple apache mod to add a space to the beginning of every non-jpeg/gif/pdf/etc document so that mislabeled images will not display in a standard browser, but people hosting/collecting mp3s and wares will adapt. Anyone familiar with the "Iria" user-agent? If not, you don't know what AOL is dealing with...
US Democracy:The best person for the job (among These pre-selected choices...)
I don't have a problem with <obligatoryDerisiveness> AOhelL </obligatoryDerisiveness> preventing people from leeching images from their site, but there's a simple way to get around their prevention of direct links to their site: redirect using a META tag, which strips the referer header and makes it look like a direct request.
..... in the header of myPage2.html, include this meta tag:
For example:
If you want to link from livejournal.com/myPage1.html to members.aol.com/~myOtherPage.html, then make the link go to livejournal.com/myPage2.html
<meta http-equiv="refresh" content="0; url=http://members.aol.com/~myOtherPage.html">
It works accross all browsers and appears to AOL as if somebody just typed that URL directly into the address bar of their browser.
While AOL offers a package that gives "complete internet access", they forget to mention that if you post files online (and you are still online, thus, you should have COMPLETE access, which in my mind goes both ways. After all, FTP will connect back to you), they only go half way.
Come on. False advertising! They give you a proxied connection to the Internet. You don't have a public IP that somebody can call your BF1942 server from. Full access means you have a public IP address, people can go bi-directional.
Why call it complete when it's nothing more than proxied?!?
I once had to visit an AOL office up in the San Mateo hills in the Bay Area. They gave us an address, which we followed. It led to one office building that had an AOL logo as part of a common office space. But, we couldn't find the suite. So, we went to the "information desk", and asked the guy. "They are across the street at Suite XXXX". Come on! So we go across the street. Their offices look loked you were joining the Borg. Leather chairs that were 6" off the ground, all Halogen track lighting. Very secretive. Just plain wierd.
Just head over to here and get the extension. There is even a "Ref=URL" checkbox to make your browser always use the current URL as the referer string so unless websites start blocking themselves, no problem. The good news is that it was just updated to be Firebird compatible as well.
My, undereducated guess is that AOL's done this because they have their own homogenated, cuticized, totally non-open-slammed-shut, AOL blogs. Yes, folks! According to their information:
"Everyone has a story to tell; what's yours? Create an AOL Journal about your summer vacation, being pregnant or trying to find a new job. AOL makes it easy, fast and fun!"
"Get Started Today
Create a Journal
Build your own blog
with our cool tools. "
It's all right there. I didn't have the heart to actually check out the blogs.
What do we need with an open-source, customizable system like LJ's, complete with lively, growing user communities? Who needs software that might foster an actual original thought? Interacting with strangers is so...icky! We can pay lots of money instead to record our sanitized inmost feelings on the AOL version.
They're probably staying awake nights figuring out how to block links from independent systems like Moveable Type. Could Slashdot be far behind?
Anne
DUCT TAPE: The Election Supervisors' Secret Weapon
From: http://www.livejournal.com/community/lj_biz/195987 .html
Subject: AOL blocking LiveJournal.com, try two
From: Evan Martin
To: postmaster@aol.com
Organization: Danga Interactive
Date: Tue, 26 Aug 2003 16:23:40 -0700
Hello,
I mailed you yesterday about a problem we're having interoperating with AOL member pages. (I have included that text below.)
Since we haven't heard back from you, we've instituted a temporary workaround. However, this is not a technically correct solution, nor will it work in all cases.
In technical terms: we rewrite URLs to AOL member pages to use FTP instead of HTTP so there is no Referer header sent.
Because we haven't heard back from you, I can only hope that this problem was accidentally caused by some automated system process, and eventually you will be able to fix it. If there is anything more we can do to help speed that process, please let us know.
-- Evan from LiveJournal.com
...don't.
You miss one of the key aspects to Livejournal, the whole community aspect to it. LJ lets you incorporate your friend's journal entries into your own pages, find people with similar interests etc. That kind of thing just isn't available if you take the DIY approach.
Really, I can't say I'm surprised that AOL would want to block image inline image traffic from blog sites, as that shit eats your bandwidth like nobody's business.
I "run" a (dormant) photo website on a commercial hosting service. I pay about twenty bucks a month for the diskspace and capped bandwidth - a reasonable amount, I think, which allows me to serve my users without garish adbanner detritus.
The ordinary site traffic is reasonably stable and keeps well below my bandwidth cap, but parasitic inline traffic comes on top of that, drawing close to redline.
I'm very seriously considering blocking livejournal and any other blog site I can think of, as their users frequently inline my images, eating a little of my bandwidth each time one of their blog pages are loaded. I have some car photos which about fifty retarded pimply teens have inlined on their pages for apparently decorative purposes.
I'm much too busy to go out and chase down every offender, but at the same time I've been reluctant to activate a simple block rule to get rid of the inline traffic once and for all. I guess I should follow AOL's example, eh?