The Anonymous Patron Account

There was some interesting discussions on the Anonymous Patron account last week, so I thought I'd explain a little bit about how Slashcode works, and what gets stored where. Slashcode is an open source product so in theory I'm not telling you anything you couldn't figure out on your own. That's a fine theory, but in reality Slashcode is tough to install, and tough to run, so I doubt if anyone would want to install it just to see how things work.

The best and worst thing about the internet is how much anonymity we all have. It allows people to write about things they'd be afraid to talk about in person, and it theoretically encourages the free flow of ideas. It also greatly increases flame wars. The Anonymous Patron @ LISNews allows anyone to post things "anonymously" if they choose.

There are a few different ways to track who's doing what on any web server. One is cookies, another is IP address, Slaschode (that which powers LISNews) uses both in different ways. Slashcode does a good job of tracking who is doing what, while at the same time it tries protect anonymity. So, we get some kind of control, and still allow some sort anonymity. I've never looked into the cookie procedures, and I've only once tried to figure out who posted something based on IP address (thought that failed). So every time someone does something here the Apache logs record an IP address, a cookie is set, and Slashcode writes to a couple of tables. For those who want to know exactly what happens, it looks something like this:

$user->{ipid} = md5_hex($hostip);
$user->{subnetid} = $hostip;
$user->{subnetid} =~ s/(\d+\.\d+\.\d+)\.\d+/$1\.0/;
$user->{subnetid} = md5_hex($user->{subnetid});

For most of you that probably makes no sense, so I'll explain a little. The $hostip is an IP address of the computer responsible for whatever it was that just happened. Slashcode could just record that IP, but it plays nice, and records an "MD5 Hash" of that IP. It also records the http://en.wikipedia.org/wiki/Subnetwork ">Subnet as well.

LISNews authors have a variety of "super secret and exciting" powers. Some authors can only post stories, some can delete stories, and a select few of us have the ability to do all sorts exciting things like add and delete users, change passwords and see those MD5 Hashes as an IPID or a SUNETID link. We can browse by those and see what's been happening from an IP address based on that hash. Theoretically I could figure out what the MD5 really means and really know what an IP is doing, and probably figure out what a person is up to, but I really have better things to do with my time. It's not easy associating the real IP (which could point to a real person) and that IPID/SUBNET thing. Though it is easy to see everything an particular IP has done, and it's also easy to ban an IP, though I've only done that to spammers.

I don't write all this to chill any discussions, just to let ya'll know that it's sometimes easy to know which LISNewsterz are up to no good around here. It's rare that I even bother looking, but I think it's good for you guys to know we have that ability.

Comments

Dynamic IPs

I don't know if you're aware of this, but some an IP is basically assigned to a compurer when it accesses the internet. Someone who's computer is always linked to the net has a stable IP; it never changes. For someone like myself with a dial up account, the IP changes every time we log on. This is called a dynamic IP. That's what the cookies are for. The cookie on my hard drive identifies me to your slashcode in a way the IP cannot, of course.

Re:Dynamic IPs

Right, good point. I should've metioned that .

Re:Dynamic IPs

And, it doesn't have to be dial-up to be a dynamic IP. We have DSL and a web/mail server we keep running all the time. Our IP address is not the same as it was two weeks ago when I checked. I don't know if it was down and came back up, and we didn't notice, or what.

Syndicate content