Yes, i know what HMAC is as I used it to create the initial cookie
session store in Camping, which is now in _why's repo (yay!) but I
simply don't understand how HMAC helps at all in this situation.
Everyone who is able to comment (and let me be clear, that is everyone
with a copy of shoes) would need their own secret which is shared with
the shoes server. How is authenticating everyone as an anonymous
someone any different from assuming everyone is someone and doing no
auth at all? And since when is eavsdropping an issue on the topic of
ruby manual comments? What is the auth for? Is it just to proove to
the server that this is indeed shoes talking to it? If so, that's a
dodgy enough tactic in closed source, but this is open source! Nothing
could possibly stop someone from simply copying the hmac auth script
from the shoes manual in to their own spam bot, or more simply
modifing the manual itself to send comments some insane amount of
times instead of just once.
Insanity I say!
On 03/10/2008, at 10:33 PM, Hugh Sasse wrote:
On Fri, 3 Oct 2008, Bluebie, Jenna wrote:
How is spam a problem in a shoes-only interface? Don't spammers
only operate
on the web?
They're hardly going to code up a special adaptor for the spam bots
just to
spam poor _why, and I doubt many spammers would install shoes just
to spam the
manual. We don't need to even make the comments visible on the web
interface.
I feel like the web interface is a nice thing to have, but should
act as a
lowest common denominator for what we can do in the manual.
Ok, I think you're right. After what happened to Ruby Garden (who
would want
to bother attacking a web site about Ruby in the days before Rails
got big?
But they did. <sigh/>) I'm a bit cautious, especially about
inflicting it
on someone else.
Another option would be to force comments through the web UI to be
confirmed
through an email link, though overall I feel it's a good thing to
require
people to use shoes for this task, because at least then we know
that the
commentator actually has and uses shoes. I don't see what benifit
HMAC gives
when the key is embedded in to open source.
You get the key sent back to you on your initial mailing. HMac takes
your message, adds the key to it, and then computes the SHA-1 or MD5
hash. It then doesn't send the key, only the message and the hash.
Both parties know the key, but the eavesdropper doesn't. The reciever
gets the message, adds their copy of the key to it, and computes the
hash again. So messages without the correct Hash are clearly rubbish,
and can be safely ignored.
The real trouble would probably come from prankster shoobies
looking to cause
some havoc with their newfound skills. One way to work around that
would be to
store a unique identifier, perhaps generated by the uuid gem, the
first time
I'll have to look into uuid to see if both ends can know it.
they run shoes. It could be sent with their comments, or for extra
awesome
bonus points, we could even force the sending of this ID via an X-
Shoes-ID
header on outgoing http requests that use the ajaxy functionality
within
shoes, so anyone simply wrapping the code that sends comments in
the manual in
an 500.times { ... } loop would have all the requests identified to
the
server. In this way, if rebel shoobies ever did become a problem,
be simple
enough to rate limit on the server side off this ID. If they're
persistent
enough to recode the spambot using net/http, well, sucks to be us
then. :P
Yes. Trying to think as an evil nuisance, we need to be able to stop
them
circumventing this by grabbing a new copy of shoes.
One fun side effect of always using the ID in requests is that the
subsequent
spammy comments could be totally hidden from everyone else, while
when their
shoes requests the list of comments, it appears they successfully
spammed the
place. Mmmmm, nice warm trickery.
Yes.
The HMACy response challengey thing has me thinking now though...
We could
write a block of really heavily compressed & obfusicated code
(camping style!)
which no newbie would have a chance in heck of being able to read
and modify,
which could act as a kind of secret cypher for challenging the
client. Not
sure what use it would be, but sure could be fun to code. :)
Hmmm, I wrote some HMAC code a while back, but it is way too clear.
Hugh
