schlitt.info - php, photography and private stuff ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :Author: Tobias Schlitt :Date: Thu, 19 Sep 2013 08:35:38 +0200 :Copyright: CC by-nc-sa === Web === - What AJAX is good for... I don't like AJAX really much. I think in most cases it's useless sweetness, that nobody needs in a web app (not to mention that all that Web2 ranting is completely ridiculous). Anyway, Tobias Struckmeier (a fellow eZ employee and user group mate) invited me to use Google Calendar a while ago. I did not try it out until now, but since I was searching for a good calendar application anyway, I just logged in (using my Gmail account) and played a bit with it. - ICQ spam sucks Since 1996 I'm using ICQ as an instant messaging service. While I was satisfied with it all the time, I'm now getting into real trouble with ICQ spam. Blocking unwanted messages from users that are not on your buddy list is not a problem (at least in Gaim, although this tools seems to forget the privacy settings now and then). But lately I receive constant masses of authorization request spam. It's a real annoyance to get about 50-200 of these messages per day and to reject all of them manually. I would be really near to leaving the ICQ network, if there weren't so many of my non-geek friends on ICQ. - Trakbacks on PEARWeb and PEAR::Services_Trackback I finally found some time and improved the trackback handling on PEARWeb: - Thoughts on trackback spam It's been a long while since I worked on my PEAR package Services_Trackback, mainly because I was much too busy with work and university. Nevertheless I made up my mind about how to solve the problem of the so-called trackback spam. In email environments people search for a solution to spam since email was invented and by now, no satisfactory solution was found (AFAIK, please correct me, if I'm wrong, I would be thrilled). Approaches here include complicated techniques like heuristic algorithms and easy ones like grey-listing, as well as sender identification (which is useless by now, since no unique standard exists and almost no program supports it). - Open Source Spam? Chregu and me recently seemed to have received or first "open source spam" (never knew, such existed...) at Planet-PHP. The following email landed in our mailbox (names obfuscated): - Fun with Google AdSense Since I wrote an article about going to Norway, I even receive Norwegian ads from Googles AdSense program. ;) - Indexing XML: What would you do? In a recent project one of the duties is to make a huge amount of XML documents searchable. I dealt with XML in several situations and used parts of XPath, XSL and Co., but this is a new challange. Be now I have made up my mind and thought about what to do, with so clear result, so I'm trying to ask the public for opinions. - Getting advertised on google My PEAR workshop recently get's advertised on Google using Google's AdWords: - PEAR::XML_RPC - Security vulnerability! As already mentioned, a huge bunch of PHP based applications have a security issue in their XML-RPC implementations. This also applied to PEAR::XML_RPC. If you are using this package, it's more than recommended to upgrade to the new version 1.3.1, which fixes the named issue. If you have your own or are using another ones XML-RPC implementation, please check immediatly if the issue exists there, too! There are several example exploits around the web, so take this issue seriously! - Services_Trackback - Thoughts on trackback spam A few weeks ago I announced the release of Services_Trackback 0.5.0, which has a new module system for integrating spam protections into your trackback mechanisms. While the most easy filter (the bad word list) worked quite well for the first time frame, but as usual it did not take long for the spammers to work around that with using entitie encoding. Of course to get around that from the anti spam point of view is very simple, too, with simply reconverting that stuff before running the bad word check. But that's not really the sense, because the spam fraction will not need long to come around this, too.