Search Results: "claviola"

6 November 2005

Andrew Pollock: [code] Obfuscating email addresses with JavaScript

So I got pet peeved by Carlos Laviola in relation to by recent pondering about how MacOS X's SSH agent starts up on login. Perfectly reasonable grounds for complaint. I have had people contact me in relation to blog posts in the past, so it's obviously not impossible. People know I'm a Debian developer and can put two and two together and wind up at Anyway, I'm the first to admit that my blog probably has too many of the Weblog Usability Top Ten Design Mistakes (something for me to work on). To date, I've been avoiding plastering my email address on my website because I didn't want to get it harvested. I try and use a per-list email address for this reason as well, and I haven't enabled blog comments because of comment spam, and because I haven't been clever enough to implement comments with Blosxom full stop. So I started getting an idea for reversibly encrypting my email address on my blog after reading about Hashcash for Wordpress the other day. I first started playing around with the Vernam cipher in High School, when I wanted to easily reversibly obfuscate some data for something. I'd read about this cipher in a magazine or something and seen it implemented in Pascal (it's not exactly hard). So I happened upon the idea of encrypting my email address with the Vernam cipher. Turns out another chap's already got a page for encrypting and decrypting on the fly with JavaScript. It even generates the JavaScript for putting in your own web pages. I had to use a different key to avoid getting dollar signs in the encrypted string, as this confused the tripe out of Blosxom (and me for a while when I tried to figure out what was going wrong). Then I thought it'd be nice to explain to people who had JavaScript disabled what they might be missing out on, so I fiddled around with some DOM stuff, and had some text get displayed if JavaScript was disabled. When JavaScript is enabled, this text is replaced by the decrypted text. So of course, like the Wordpress Hashcash, this is largely relying on the inability of spam bots to grok JavaScript. Once they can, this obfuscation technique is all for naught. Meanwhile, you can email me bit more easily now if you get the urge. View the source of my blog for an example of the implementation.

30 October 2005

Carlos Laviola: Enable comments on your journal

Andrew, if you're doing a lazyweb call of help, at least make sure you include some sort of form of contact. Your blog doesn't have comments enabled and I can't find your email address anywhere on your website (even on your resume link on the main site, which leads to a 404).

Not that I use Mac OS X anyway, but enable comments if you want feedback! I'm sure someone will eventually answer on planet, but it's not like IRC.

(Don't take this as a rant; it's more of a pet peeve.)