idle thought

time

Storage? I am Storage!
Joined
Jan 18, 2002
Messages
4,932
Location
Brisbane, Oz
Is this contest open to residents of Terra Australis? (Or in the case of Pradeep, former residents).
 

Tea

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
3,732
Location
27a No Fixed Address, Oz.
Website
www.redhill.net.au
I thought of running another little competition to see who could find it in this picture, but decided that this would be easier all around:

hereitis.jpg


See the little dark brown dot the arrow points to? That be the tree kangaroo. Climbs nearly as well as I do! Only not as pretty.
 

Tea

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
3,732
Location
27a No Fixed Address, Oz.
Website
www.redhill.net.au
By the way, they are about the same size as I'll be when I'm fully grown. Or, if you haven't had the pleasure of meeting me in the flesh yet, about the same as a small human. Weigh the same as petite adult woman or quite a bit more than a big dog. So, yes, that's a bloody long way up!
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
That is a fantastic picture Tannin. I assume, considering how in-focus the tree kangaroo is, that it was the focus of the shot. How high a resolution is the entire shot?
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,703
Location
Left Coast
I'm getting two instances of browser_error.png in Firefox... Displays as well as may be expected in Internet Exploder.
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,442
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
That's almost certainly because your browser is misconfigured, Sechs. You probably are blocking referers. This means that my webserver can't tell whether you are are from Storage Forum (i,e., it is supposed to hand your browser the pictures) or some random scumbag stealing bandwidth. I thought I saw a setting for it in the Fox just yesterday, but now I can't find it. In Opera, it's preferences / advanced / network / enable reffer logging (which, of course, is ticked by default). Maybe I was thinking of Opera. But that's what it will be.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,703
Location
Left Coast
No one needs to know from where I'm coming. That's private information, and I'm securing it.

Now, the only thing not working as expected is the serving of the pictures. If something that doesn't work as expected isn't configured correctly, then, clearly, Tannin's host is misconfigured.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
Tannin choosing not to share his bandwidth with people linking his pictures without permission seems a pretty reasonable decision. And this purpose seems to be the most useful application of referrers that I know of.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,703
Location
Left Coast
Perhaps he should have us ask for permission, rather than fishing around for our private information?

Keep in mind that the best of a bad thing is still bad. Just because it "seems to be the most useful application" does not make it a good one.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
I'd hardly consider the last page we visited private information. It's something that you can choose not to share, but that doesn't mean you should. I could go around in life not telling anyone my name, but it wouldn't be a good idea, and may prevent me from doing certain things.
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,442
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
Mate, you've got a pretty fair-sized misunderstanding happening here. Perhaps I better explain what a referer is and how it works.

The fundamental idea is very simple: a web server - any web server - needs to know where a request is coming from so that it can figure out what to do with it. For example, my server needs to know whether your browser requesting my image is a some random scumbag trying to steal my bandwidth (who can f*ck off elsewhere) or someone like you surfing Storage Forum, (who is very welcome to see it).

By blocking referers, you achieve no privacy increase whatever - the only thing a referer contains is the address of the page that is asking for the reffered object - nothing whatsoever about you, only the web page that is asking for (in this case) the picture.

Referers also provide the person running the website with aggregate information (i.e., non personally traceable info about hundreds or thousands of visitors) which is useful, and indeed essential, for all sorts of management tasks: without referers we would have no idea which site is sending how many visitors to what page.

Here, let's work an example. Let's say you run a small site about model cars. You pay US$50 a year for your hosting. All of a sudden, you have emails from your hosting company saying that you are over your bandwidth quota, your site shuts down, and you have heaps of extra visitors.

What should you do? Has the world + dog finally recognised that your model car site is the best one on the web and you are getting visitors from everywhere? Or is this a short-term thing because one particular major site has linked to you? Without referers, you have absolutely no idea what is going on, you can't make any sort of sensible decision. You are, in a word, rooted.

Enter referers: you hit your server logs and soon discover that 90% of your visitors are coming from one particular site. You have been Slashdotted. No problem, just wait a few days and most of the traffic will go away.

Let's work another example. You look at your site statistics and you discover that one particular page is getting masses more traffic than the others. Why? Is it that this page is the best one on your site and you should modify the others to bring them up to the same standard? Or are there problems with the other pages - people ain't visiting them much because they only work properly with Firefox and a lot of your visitors ae running IE, so they only go to the one part of our site that works for them? Or is it an external site that is deep-linking to you - in which case, you might need to consider modifying the linked-to page so that it provides a more generally useful introduction to your site, links to other pages you would like people to visit, and so on. Or is this the worst site on your page? Maybe the reason it gets so much traffic is that there is something very wrong with it and people go that far and then give up and go elsewhere.

A third example: you are running the web site for a motherboard manufacturer. You know that one of the most important things for your customers is to be able to find the driver downloads page. Now the raw page stats tell you how many hits the driver download page is getting, but where are they coming from? Are your customers finding the driver pages easily from the link on the front page? Or are people having to buggerise about endlessly using Google and/or your internal search engine before they get what they need? Or resorting to the site map? Or some other route you haven't even thought of? Once again, the answer is there in your site logs: because Apache records the reffering pages, you can see that (e.g.) only 5% of visitors get to the download page via the main page - so now you know that you better make the links and navigation a bit more obvious.

You can't answer any of these questions above - or any of the hundreds of others like them - without referers. They are there for a purpose. Indeed, this is the reason referers were invented in the first place all those years ago: they are useful and important, maybe not to you, but certainly to the people who provide the web pages you like to visit.

Now you can choose to block referers if you want to. But you need to be aware of three things that necessarily follow from this pointless practice:
  • It will from time to time mess up your web surfing.
  • It denies the webmasters of the sites you visit the information that they need to do their jobs properly.
  • It makes you stand out like dog's balls in the site access logs - i.e., it reduces your privacy. It is exactly like wearing a full-face mask when you go shopping: everyone turns around and looks at you wondering who the idiot in the mask is. If you just wore a T-shirt and jeans like everyone else, no-one would even look at you.
 

e_dawg

Storage Freak
Joined
Jul 19, 2002
Messages
1,903
Location
Toronto-ish, Canada
It is exactly like wearing a full-face mask when you go shopping: everyone turns around and looks at you wondering who the idiot in the mask is. If you just wore a T-shirt and jeans like everyone else, no-one would even look at you.

Hiding in plain sight.
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,442
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
The server only ever sees the last address, Bozo. So, for example, when you hit this thread, the SF server saw your refferring address which was most likely the SF Pub and Brewery. Your browser downloaded this page which, among other things, contains a link to my site. So now my server gets into the act. Your browser sends a request to my site, asking for the image. Your browser tells my server three things: (1) the URL of the image it wants, (2) the URL of the referring page, (3) the IP address to send the image to. All three are necessary: the desired URL (because otherwise my server doesn't know what you want and can't send it), the referrer (because otherwise my server doesn't know if you are allowed to have my image or not), and your IP address (because otherwise my server doesn't know where to send the image and you never get it).

A quick read of the TOR page suggests that the request is passed on by the TOR network intact, except that my server never sees your IP address, only one of the TOR IP addreses - which is, in most cases, just fine. As long as there is some way of you getting the data anyway, I don't need to know your IP address and neither does my server. (If you use a router at home, this is in fact exactly what happens anyway: your machine is something like 192.168.1.103 but my server sees the IP address of your ADSL modem, which is completely different. So long as your router is smart enough to sort it all out, it doesn't matter.

If it turns out that the TOR network starts being a cloak for abuse - DOS attacks, bandwidth theft, stuff like that, then it is a simple matter to tell Apache to deny all requests from that IP range. In practice, this is very rarely needed.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,703
Location
Left Coast
Tannin, I think that you misunderstand the situation.

If you want people to see what you're serving, then it behooves you not to block it. Stopping people who you consider to be valid users from utilising your website is not a solution.

This is to say that a half-assed solution tends to lead to half-assed results.

I am not here to provide you with information. In fact, you serve files to me to provide me with information. If you want me to see it, the onus is on you to work through any issues you may perceive having. And if you don't want me to see it, giving false and largely useless information is certainly not going to tell me anything.

While folks such as myself may stick out "like dog's balls," when folks look and see someone in a mask, they see a person in a mask. While you may wonder who this idiot is, most will simply wonder why he or she is wearing a mask and move on.
 

Tannin

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
4,442
Location
Huon Valley, Tasmania
Website
www.redhill.net.au
Not even close.

OK, I tried being paitent and polite, even (remarkably enough) in the face of the offensive and plain wrong "fishing around for our private information" claim above. But I can see that that was a waste of time in your case. Lesson learned. So here is the plain, unvarnised version:

Like almost anyone else who runs a website I don't want people to see what I'm serving: I want honest, decent people to see what I'm serving, and I don't want to waste bandwidth on scumbags. It seems to be working pretty well.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Tannin, I learned quite a bit from your post. Thanks for that; I certainly appreciate the lucid explanation. For someone with no background / knowledge of these things, I got a very clear picture of the situation.
 

sechs

Storage? I am Storage!
Joined
Feb 1, 2003
Messages
4,703
Location
Left Coast
Tannin has resorted to back-handed attacks on my character. There's some classy behavior.
 
Top