Software, Fitness, and Gaming – Jesse Warden

Blog

  • Anti-blogspam: MTGotoAndComment Deployment Methods?

    It’s too early to declare victory over blogspam utilzing a SWF form to pass a hidden variable to Perl via MTGotoAndComment’s Flash form. However, it’s been just about 24 hours since my initial deployment, and I’ve received no blogspam in the hundreds like usually happens in a 24 hour period.

    I’m risking underestimating my enemy by assuming they will not be able to solve the SWF form riddle by Sunday evening, so without another gerund use, I’m curious what forms of deployment people think is best, specifically, how the SWF is written and loaded.

    1. Create a AS2, Flash Player 7.0.53.0 version of MTGotoAndComment’s Flash form, and hand off with the necessarey Perl code (3 lines) to be added to lib/App/Comments.pm.
    2. Same as above, except create an AS1, Flash Player 6.0.0.0 version.
    3. Same as above, except create an AS1, Flash Player 6.0.79.0 version.
    4. Create an AS2, Flash Player 7.0.53.0, FP 6.0.79.0 version, a 6.0.0.0 version, and a loader movie to detect version, and load as necessarey.

    The reason I like #1 is I don’t get paid for this jazz, and it’s pure benevolence for my fellow man that I even spend time fighting off this evil. It’s quick, it works on all platforms & browsers (win, mac, linux, solaris, ie, safari, mozilla), and takes advantage of Flash Player 7’s speed of runtime, and speed to create content. If there is a bug found, it’s pretty quick for me to fix and re-deploy a new version.

    The reason I like #2 is so I can target the most amount of users, and I don’t have to code any Flash; I just rig the cab file in the HTML to point to that version #, and utilize St

  • Viva La Resi-staunch: French Canadians (?) Help Fight Blogspam

    Andy Makely sends me a translated link to gotoandplay.ca‘s Flash Form, created to replace MoveableType blogs commenting form in an effort to prevent blog spam. The only thing it does is prevent form auto-fill scripts from spamming your blog, and the instructions mention to rename your mt-comments.cgi file which the SWF reads from an XML config file.

    “Dude, this is worthless… the spammers can find the CGI file via google, and they hit the cgi directly, NOT my web page…”.

    To accentuate my point, 7 minutes after re-activating my mt-comments.cgi after installation of the Flash comments, I got a new blogspam.

    Then I got an idea. Some dude had written me in an email, talking about his solution. He basically added an extra form field for the user to type in a value, and have perl check to see if that value exists when the form data hits it.

    The flaw in that theory is that the blog spammer can read your comment page, see the new variable Perl is expecting, and modify his/her script as need be.

    …you can’t do that with Flash. You can decompile the script, but I don’t think most blog spammers know how to do that. Hidden form fields on HTML pages are easily spotted via View Source, but doing that in Flash requires a SWF decompiler… and I’ll have to test to see if they can spot the variable name when I get home to check via ActionScript Viewer.

    SO, I added the variable with a whack value:

    specialVar = “some whack string”;

    To the “MTgotoAndComment.fla” file, and recompile to the form.swf, and replace the one they give you.

    In Perl, I check for the value, and if it’s not there, I throw an exception… at least, that’s what the code looks like its doing, I don’t know Perl.

    After some tests, it appears to be working. IF this solution does work after this weekend, I’ll delve into further detail of how I got it to work, and then I’ll rewrite this form for AS2.

    …and to the blogspammers, I say…

  • Call a Woman a Dude

    This goes out to the Canuck last week, the cool mom in QA at BellSouth, and the cool mom in QA at Surgical Information Systems.

    SEE!? I was being politically correct!

    “Men report that they use dude with women with whom they are close friends, but not with women with whom they are intimate,” according to the study.

    CNN Article

    Via her majesty… who isn’t a dude.

  • Flash Remoting in AS2: RelayResponder2

    Flash MX 2004 with ActionScript v2.0 introduced enhanced syntax checking. For example, if you have a function in your class, and you mispell it, the compiler will throw an error, helping you easily find and correct the answer so your code will run as expected.

    The AS2 classes for Flash Remoting do not take advantage of this fact for RelayResponders. I fixed that. Instead of passing in strings for your result and fault functions, you can pass in the functions themselves, much like you do for the first format setInterval, or when utilizing the Delegate class.

    What’s different from the original (mx.rpc.RelayResponder)? Only that the __onResult and __onFault functions are now datatyped as Function vs. String, and called via Function.call(scope, param) vs. scope[string](param).

    import mx.rpc.Responder;

    class mx.rpc.RelayResponder2 extends Object implements Responder {

       private var __obj:Object;
       private var __onFault:Function;
   private var __onResult:Function;

       function RelayResponder2( resp:Object, resultFunc:Function, faultFunc:Function ) {
          super();
          __obj = resp;
          __onFault = faultFunc;
          __onResult = resultFunc;
       }

       function onFault( fault:mx.rpc.FaultEvent ):Void{
          __onFault.call(__obj, fault);
       }

       function onResult( result:mx.rpc.ResultEvent ):Void {
          __onResult.call(__obj, result);
       }
    }