RSS[Site]
RSS[Blogmarks]
CSS Site Signature: #www-samrowe-com
This blog is "powered by" Parasite, which is a PHP/PEAR::DB blog written by yours truly.
On good days, Parasite supports Ian Hickson & Stuar Langridge's Pingback1.0. It hasn't been a good day in a VERY long time and likely never will be again!
The stuff that Parasite doesn't do for me is done in vim.
Being standards compliant is the only attempt this site makes at being IE friendly.
You can email me using the initials of this blog at this domain.
One: Have you heard the news?
Two: No, what's happened?
One: The good Lord has come down in human form and had himself killed!
Two: To what end?
One: With this act, the Devil is hoodwinked and all humanity saved!
Two: Gosh, that's simply lovely.
I had a request to implement Pingback in Rabbit Turd. I was interested in doing so, but while reading through the example I realized that it would be pretty trivial to DoS/Spam the hell out of someone by simply writing a script that does the following:
Alice decides she doesn't like Bob. So she tells her PingbackAttack script that the URL for Bob's Blog is http://bob.example.net/#foo.
Alice's PingbackAttack finds out the location of Bob's Pingback server via the methods described in the example above.
Alice's PingbackAttack feeds Bob's Pingback server a phony URL and makes a note of that URL so that when Bob's Pingback server asks for it, it feeds it some phony text along with a link to http://bob.example.net/#foo. It does this over and over and over.
If there's something in the API to stop this from happening, I'm not seeing it.