Michael J. Radwin

Tales of a software engineer who keeps kosher and hates the web.

Currently Viewing Posts in The Web Sucks

Protecting email addresses, part 2

MVHS Spartan I wrote on Sunday about wanting to protect email addresses in the MVHS Alumni Internet Directory. I finally found some time to code it up.

The mailto: links have been replaced with a web form that alumni can use to send a message.

Since the website doesn’t require a login, it’s not totally spam-proof. I do include an MD5 hash of the real email address in the form as a hidden variable, so there’s some guarantee that you’ve at least first fetched the form from my website before hitting submit. This isn’t that much for security, but it means that someone writing a robot to abuse the site would have to do some extra work (fetch the webpage first, grab the hidden field, and then submit it back with the spam message).

I’m also using the Email::Valid module to check to make sure that the return address is RFC822 compliant.

People have often asked why the website doesn’t use a password/registration model like alumni.net or classmates.com, because it would certainly do more to discourage spammers. It turns out that spam hasn’t been too big of a problem for the 1500+ alumni listed on the website for the past seven years, and the complexity of passwords and registration just make life things to difficult when all you want to do is send a quick hello to someone you haven’t seen in 10 or 20 years. For the time being, the trust model is working well enough.

Usenet posts from 1993

At lunch today with Mike and David, we were talking about Google and whether the Pyra acquisition would be as successful as the Deja News acquisition. Both Mike and I had read somewhere that Google had managed to get Usenet archives going way back to the beginning, and how it’s become such a valuable historical resource.

So just for kicks, I went and searched Google Groups for author:mradwin@tsoft.net and found 15 posts, all from 1993.

They’re all related to desktop publishing. I used to love fonts. And you can see that I was interested in intellectual property ten years ago, even though I couldn’t spell.

What a trip!

Protecting email addresses for my Alumni Internet Directory

MVHS Spartan I’ve been publishing the Mountain View High School Alumni Internet Directory online since 1995. Think of it as an free version of classmates.com, but just for my high school.

Since a group of us started planning our 10-year reunion, I’ve been thinking about the website more recently. I’ve had RSS feeds on the site since the summer of 1999 (long before I ever heard of blogging), but I finally added the orange XML icon (View the raw XML source) today.

One of the things that has always made alumni timid about using the site is the possibility of getting spam. The fact that their email addresses are published on the web makes them good candidates for email harvester bots. I originally addressed this problem by adding a <meta name="robots" content="noindex,nofollow"> tag to the site, hoping that bots would respect that.

Later, I started using the decimal HTML entity encoder trick (listing addresses like mailto:mradwin&#64;yahoo&#46;com) but I’m sure spammers will catch onto that soon.

So the only thing left to do is to create a “send email to this user” form and list the addresses in the same way that Y! Groups does. The links will look to the user like mradwin@y..... but instead of being a mailto:, they’ll be regular hyperlink to a /bin/mail?to=<secret base64 encoded data> form which asks for an email address and sets the Reply-To header.

The 1500+ alumni registered on the site right now would definitely benefit from this feature. Plus, after changing the email links to use the email-protect form, I’d be able to remove the robots meta tag, which would allow Google and other legit search engines index the site better, increasing visibility to the larger alumni community.

I’ve just gotta find the time to code the thing.

[Update: I found some time to write the code. The mailto: links have been replaced with a web form]

JR Conlin wins the Favicon contest

radwin-favicon.gif JR Conlin has won the radwin.org favicon contest. Congratulations, JR! You’ll get your Grand Prize tomorrow at lunchtime.

JR’s entry pays tribute to the orange navigation bar present throughout the site. It’s a good color. Some might call it #ffcc99, but I prefer “radwin.org orange”, much the way Ray Sun describes the hue of the “e” on my desktop as “Internet Explorer blue”.

Postscript: my good friend Scott, who started the whole favicon contest by nagging me, now has his very own blog. Can’t wait to see what he writes.

Favicon contest ends in 27 hours

The radwin.org favicon contest, announced a week and a half ago, is almost over. Although we’ve already received an overwhelming number of submissions, your entry could still win. But you can only win if you submit it by 5pm tomorrow.

Don’t hold back! Here is your chance to show off your artistic talent on a 16×16 canvas!

New SpamAssassin

I just upgraded from SpamAssassin 2.42 to SpamAssassin 2.44.

So far so good, but then again, not much changed in the code. I don’t run spamd/spamc, so a newer ruleset is the biggest change I can see.

Favicon contest: win $5

My good friend Scott has been bugging me for about a week now to get a favicon for radwin.org.

I’m not the artist type (I still haven’t gotten past page 10 of Drawing on the Right Side of the Brain by Betty Edwards), so I need some help.

Therefore, in good capitalist tradition, I’m going to contract out the work to someone else. I’m proposing a contest: if I select your favicon for the site, you’ll win $5.

Contest rules:

  1. Contest begins Friday, 31 January 2003 at 12:00pm PST and ends Monday, 10 February 2003 at 5:00pm PST.
  2. The favicon must be generic enough to work for the entire Radwin Family website, not just for my blog.
  3. Employees of Michael J. Radwin and their immediate families (parents, children, siblings, spouse) are not eligible.
  4. If a Canadian wins, he or she will be required to answer a skill-testing question such as “What is 613 in binary?”
  5. If the winner and I hang out in person with any regularity, they can get the $5 prize in cold, hard cash. If not, payment will be sent via PayPal.
  6. Only original designs will be accepted. You can’t go and submit http://www.raysun.com/favicon.ico and expect to win.
  7. Void where prohibited by law.

Good luck, and may the best favicon win!

MovableType-2.6 release

Contrary to my pessimism yesterday about upgrading software, here’s a release I’m actually interested in:

Version 2.6. Version 2.6 is right around the corner. Some new features and improvements included in this planned release [Movable Type News]

Most of it doesn’t interest me too much, but I’d probably use Sanitize. I’ve already got an RSD file. I doubt I’ll license these ramblings via Creative Commons, but I’m interested in seeing what they mean by “support”. Leave it to technology to push the IP envelope.

Maybe jzawodn will upgrade from 2.21 so he can finally get TrackBack auto-discovery working.

New cartoon from Brian Frisk

off-my-lawn.gif Brian Frisk, creator of the We Are Robots cartoon series, has just published another cartoon entitled Off My Lawn#2: The Terrorist.

“Flag-waving is a fun, colorful pastime that’s great exercise for your arms while helping to stick it to the terror organization of your choice. But sometimes it isn’t enough. Thank God for Clyde. He’s one of the heroic few working to make sure that in this brave new world, you’re always innocent until proven different-looking.”

I am still AngryBot.