ain't no sunshine
posted by max on August 08, 2006 at 08:11:28 PM
Well golly,
So much has happened in the last week, I figured I should make a news post about it! first off, I've made some major back end changes that I will go over inside.
as many of you know they removed me from the SoaP contest because someone votehacked under my name to intentionally get me disqualified. I emailed the company and they said they'd reinstate me yesterday. other than that I don't know so stop asking me.
I've written an article entitled "how to not get a site deleted" aka "how running YTMND has made me a giant asshole". read more inside.
----------
how to not get a site deleted
Every day I get a few emails from people who have sites made about them. their friends or enemies use YTMND as a medium of revenge or a catalyst to torture. In most cases, I just delete them as they aren't very humorous and usually aren't very clever. Once in a blue moon I get a letter from someone who is just going about it all wrong, so I thought I'd post an example of how not to get a personal site about you deleted.
From: leekaplin@***
Subject: Re Lee Kaplan is a "douchebag"
Gentlemen;
It has come to my attention that you are using a theatrical photo of me (I work as a professional actor as well as an inveistigative joiurnalist) with the caption "Lee Kaplan is a douchebag."
1. Only a douchebag would say "I work as a professional actor as well as an inveistigative joiurnalist".
2. Assume I care who you are or what you do.
3. Assume I am personally responsible for the site made about you.
These smears are usually put together by anti-Israel activists in the US. First, you do not have my permission to use my likeness unless you remove the douchebag comment accompanying it. Second, .I would think if you have some class, you would not let your site be used to smear people, especially without explanation.
4. Claim people made the site for any other reason than you being a douchebag (ie racism, sexism, nerdism etc).
5. Assume I actually want to use your likeness or anything that has to do with you.
6. Try and guilt me into deleting a site based on morals or class (lol!) of which I have neither.
My brother is a powerful litigating attorney and if I have to bring my family into suing you, I will. However,'
I am asking you amicably to remove the entire entry or delete the "douchebag" comment that is entirely vulgar and serves no purpose other than to smear me on the Internet.
7. The kicker: Try to threaten me with legal action.
8. Bonus points for threatening to use a family member to sue me.
Please respiond to this in writing.
Lee Kaplan (not a douchebag)
9. Re-iterating that you are, in fact, a douchebag. (Also failing to spellcheck threat emails!)
10.Writing a huge rant about how you want a site deleted and never even providing the URL.
(it's leekaplan.ytmnd.com by the way)
-------------
As for the site security changes you have no doubt noticed, my aim was to minimize the effect a cross site scripting attack could have.
I've rewritten the login code and some of the other parts of the site and completed the following:
* implemented real user levels
* completely removed the old login system and now use a challenge hash authentication system to avoid storing a raw password hash in a cookie or session.
* wrote a real logout function that completely destroys your session and cookies.
* added session ip checking to avoid session hijacking. a few users are having problems with this so I will probably make it a default user option.
* added a CAPTCHA to site deletion confirmation to avoid the scripting of any site deletion events.
* rewrote the censor() function to catch a huge amount of variations on swear words and preserve case when replacing.
So much has happened in the last week, I figured I should make a news post about it! first off, I've made some major back end changes that I will go over inside.
as many of you know they removed me from the SoaP contest because someone votehacked under my name to intentionally get me disqualified. I emailed the company and they said they'd reinstate me yesterday. other than that I don't know so stop asking me.
I've written an article entitled "how to not get a site deleted" aka "how running YTMND has made me a giant asshole". read more inside.
----------
how to not get a site deleted
Every day I get a few emails from people who have sites made about them. their friends or enemies use YTMND as a medium of revenge or a catalyst to torture. In most cases, I just delete them as they aren't very humorous and usually aren't very clever. Once in a blue moon I get a letter from someone who is just going about it all wrong, so I thought I'd post an example of how not to get a personal site about you deleted.
From: leekaplin@***
Subject: Re Lee Kaplan is a "douchebag"
Gentlemen;
It has come to my attention that you are using a theatrical photo of me (I work as a professional actor as well as an inveistigative joiurnalist) with the caption "Lee Kaplan is a douchebag."
1. Only a douchebag would say "I work as a professional actor as well as an inveistigative joiurnalist".
2. Assume I care who you are or what you do.
3. Assume I am personally responsible for the site made about you.
These smears are usually put together by anti-Israel activists in the US. First, you do not have my permission to use my likeness unless you remove the douchebag comment accompanying it. Second, .I would think if you have some class, you would not let your site be used to smear people, especially without explanation.
4. Claim people made the site for any other reason than you being a douchebag (ie racism, sexism, nerdism etc).
5. Assume I actually want to use your likeness or anything that has to do with you.
6. Try and guilt me into deleting a site based on morals or class (lol!) of which I have neither.
My brother is a powerful litigating attorney and if I have to bring my family into suing you, I will. However,'
I am asking you amicably to remove the entire entry or delete the "douchebag" comment that is entirely vulgar and serves no purpose other than to smear me on the Internet.
7. The kicker: Try to threaten me with legal action.
8. Bonus points for threatening to use a family member to sue me.
Please respiond to this in writing.
Lee Kaplan (not a douchebag)
9. Re-iterating that you are, in fact, a douchebag. (Also failing to spellcheck threat emails!)
10.Writing a huge rant about how you want a site deleted and never even providing the URL.
(it's leekaplan.ytmnd.com by the way)
-------------
As for the site security changes you have no doubt noticed, my aim was to minimize the effect a cross site scripting attack could have.
I've rewritten the login code and some of the other parts of the site and completed the following:
* implemented real user levels
* completely removed the old login system and now use a challenge hash authentication system to avoid storing a raw password hash in a cookie or session.
* wrote a real logout function that completely destroys your session and cookies.
* added session ip checking to avoid session hijacking. a few users are having problems with this so I will probably make it a default user option.
* added a CAPTCHA to site deletion confirmation to avoid the scripting of any site deletion events.
* rewrote the censor() function to catch a huge amount of variations on swear words and preserve case when replacing.