Tdarcos wrote:

Tsummary wrote:Tsummary: Tdarcos spent 10 hours over 10 months writing a system that only he understands and cares about, and it still didn't work.

It works fine for current messages, and just because I may have mistaken an old message someone else forged does not make it a failure. Talented, professional certifiers sometimes certify forged art as authentic. Even experienced professionals make mistakes.

Tsummary wrote:Tsummary: Tdarcos spent 10 hours over 10 months writing a system that only he understands and cares about, and it still didn't work.

pinback wrote:

Tdarcos wrote: Okay, let me learn something. Since you probably won't tell me which one it was, give me an idea of the sort of things I should have looked for. I'd like an objective criterion to understand how I should have known.

Because you would never have written that. As everyone except you knew .003 seconds after having read it.

Tdarcos wrote:Discussing the new feature I just developed so that I was able to make my messages on Caltrops, when they contain my image reference, I thought it was a brilliant hack.

Originally I wanted to return an SVG image. Those are easy to do and the image is a text file, so it's not hard. While this worked when typed in as a URL, it failed in an IMG tag.

So I had it do a regular image file, and it creates an on-the-fly JPEG as a one-time image. The only thing I was worried about was browser caching, in which if there was one reference it might not go back and retrieve the image again, but apparently either it's not checking, there's no "last saved" value, or it is able to notice the image is not the same as the last one.

At first, I just had it "write" an image with a random number in a box, it was not really intended as an authentication. Then I looked at how Caltrops would send a browser request for the image, and, as it turns out, it was okay for the time being until people started impersonating me again.

Not that I care that much, but I thought it would be a fun exercise to see if I could find a way to allow me to distinguish uses of it between mine and impostors. And it was basically using the same method the telephone company uses to set off an alarm when someone tries to rob a pay phone, vs. being able to tell when a collector comes to empty the coin box legitimately.

Jonsey immediately recognized what I'm doing. Other people looked at the reference and said you could do cache poisoning and dns attacks because I'm not using HTTPS to retrieve the image (I'm too cheap to spend another $20 a year to get an SSL certificate for a non-revenue producing site). But all I'm doing is reading the HTTP_REFERRER to get the &pid= of the posting, then doing a database lookup to see if it's in there. Nothing earth shaking, just a simple proof of concept to see if it could be done.

Oh by the way, Pinback, if you really did forge one of my messages, it just showed that you had enough common sense to write something reasonable, literate and normal, as opposed to the typical three-year-old writing level of too many of Caltrops' inmates.

I just thought of it as a way to do a fun hack and to thumb my nose at the people over there, but nothing serious.

And in total programming time it was probably 2 sessions of 4-5 hours over 8-10 months, most of the time being in the second session to line up the text fields because each color change requires a different write to image statement.

Also, it now shows something different on a right-click and view image in Firefox.

But it definately was fun to do.

"I'm Tansin A. Darcos and I ... what the fuck do I need a Freshness seal for? I log in here!"

pinback wrote:Well, you tell me. Here was the fake post in question:

Subject: Also, yes I AM going to use the authenticity code in every message.

That way you will always know it is me, and not one of you other jerks just putting my name on a post and adding an image ref, which is totally impossible to do, because of how great at computers I am.

Now, tell me, between 0 and .003 seconds, how long did it take you to figure out this wasn't him?

Subject: Also, yes I AM going to use the authenticity code in every message.

That way you will always know it is me, and not one of you other jerks just putting my name on a post and adding an image ref, which is totally impossible to do, because of how great at computers I am.

pinback wrote:

Tdarcos wrote:

pinback wrote: No, what it showed is that you are the only person in the entire galaxy who cannot tell which of your posts are actually yours.

You really think that?

Yes. And so does everyone else.

If someone parodied your style that you would recognize any message from more than a year ago that someone else wrote?

Listen to me: Nobody would or could have ever confused my post with something you would have written. Ever. Ever ever ever.

Okay, let me learn something. Since you probably won't tell me which one it was, give me an idea of the sort of things I should have looked for. I'd like an objective criterion to understand how I should have known.

Because you would never have written that. As everyone except you knew .003 seconds after having read it.

Tdarcos wrote:

pinback wrote:

Tdarcos wrote:Oh by the way, Pinback, if you really did forge one of my messages, it just showed that you had enough common sense to write something reasonable, literate and normal, as opposed to the typical three-year-old writing level of too many of Caltrops' inmates.

No, what it showed is that you are the only person in the entire galaxy who cannot tell which of your posts are actually yours.

You really think that?

If someone parodied your style that you would recognize any message from more than a year ago that someone else wrote?

Okay, let me learn something. Since you probably won't tell me which one it was, give me an idea of the sort of things I should have looked for. I'd like an objective criterion to understand how I should have known.

pinback wrote:

Tdarcos wrote:Oh by the way, Pinback, if you really did forge one of my messages, it just showed that you had enough common sense to write something reasonable, literate and normal, as opposed to the typical three-year-old writing level of too many of Caltrops' inmates.

No, what it showed is that you are the only person in the entire galaxy who cannot tell which of your posts are actually yours.

To the rest of you, this was the best part: To show off how great his new anti-forgery system is, he went back and "certified" one of his old messages that he himself absolutely, definitely wrote.

Except it was one of MY posts. Which everyone reading it could tell immediately by the style and the content of the message.

Paul, the system you developed is great, but the only one to whom it is any use is you.

Tdarcos wrote:Oh by the way, Pinback, if you really did forge one of my messages, it just showed that you had enough common sense to write something reasonable, literate and normal, as opposed to the typical three-year-old writing level of too many of Caltrops' inmates.