It IS applicable. This is the cod eexecuting. The further function applies points to ip range history.
######################################################## ######################################################## # (And now a word from CmdrTaco) # # I'm putting this note here because I hate posting stories about # Slashcode on Slashdot. It's just distracting from the news, and the # vast majority of Slashdot readers simply don't care about it. I know # that this is interpreted as me being all men-in-black, but thats # bull pucky. I don't want Slashdot to be about Slashdot or # Slashcode. A few people have recently taken to reading CVS and then # trolling Slashdot with the deep dark secrets that they think they # have found within. They don't bother going so far as to bother # *asking* before freaking. We have a mailing list if people want to # ask questions. We love getting patches when people have better ways # to do things. But answers are much more likely if you ask us to our # faces instead of just sitting in the back of class and bitching to # everyone sitting around you. I'm not going to try to have an # offtopic discussion in an unrelated story. And I'm not going to # bother posting a story to appease the 1% of readers for whom this # story matters one iota. So this seems to be a reasonable way for me # to reach you. # # What I'm talking about this time is all this IPID crap. It's a # temporary kludge that people simply don't understand. It isn't # intended to be permanent, or secure. These 2 misconceptions are the # source of the problem. # # The IPID stuff was designed when we only kept 2 weeks of comments in # the DB at a time. We need to track IPs and Subnets to prevent DoS # script attacks. Again, I know conspiracy theorists freak out, but # the reality is that without this, we get constant scripted # trolling. This simply isn't up for debate. We've been doing this # for years. It's not new. We *used* to just store the plain old IP. # # The problem is that I don't want IPs staring me in the face. So we # MD5d em. This wasn't for "security" in the strict sense of the word. # It just was meant to make it inconvenient for now. Not impossible. # Now I don't have any IPs. Instead we have reasonably abstracted # functions that should let us create a more secure system when we # have the time. # # What really needs to happen is that these IDs need to be generated # with some sort of random rolling key. Of course lookups need to be # computationally fast within the limitations of our existing # database. Ideas? Or better yet, Diffs? # # Lastly I have to say, I find it ironic that we've tracked IPs for # years. But nobody complained until we *stopped* tracking IPs and # put the hooks in place to provide a *secure* system. You'd think # people were just looking for an excuse to bitch... ######################################################## ########################################################
(Score: 5, Informative) by kolie on Monday October 20, @09:01PM
It IS applicable. This is the cod eexecuting. The further function applies points to ip range history.
########################################################
########################################################
# (And now a word from CmdrTaco)
#
# I'm putting this note here because I hate posting stories about
# Slashcode on Slashdot. It's just distracting from the news, and the
# vast majority of Slashdot readers simply don't care about it. I know
# that this is interpreted as me being all men-in-black, but thats
# bull pucky. I don't want Slashdot to be about Slashdot or
# Slashcode. A few people have recently taken to reading CVS and then
# trolling Slashdot with the deep dark secrets that they think they
# have found within. They don't bother going so far as to bother
# *asking* before freaking. We have a mailing list if people want to
# ask questions. We love getting patches when people have better ways
# to do things. But answers are much more likely if you ask us to our
# faces instead of just sitting in the back of class and bitching to
# everyone sitting around you. I'm not going to try to have an
# offtopic discussion in an unrelated story. And I'm not going to
# bother posting a story to appease the 1% of readers for whom this
# story matters one iota. So this seems to be a reasonable way for me
# to reach you.
#
# What I'm talking about this time is all this IPID crap. It's a
# temporary kludge that people simply don't understand. It isn't
# intended to be permanent, or secure. These 2 misconceptions are the
# source of the problem.
#
# The IPID stuff was designed when we only kept 2 weeks of comments in
# the DB at a time. We need to track IPs and Subnets to prevent DoS
# script attacks. Again, I know conspiracy theorists freak out, but
# the reality is that without this, we get constant scripted
# trolling. This simply isn't up for debate. We've been doing this
# for years. It's not new. We *used* to just store the plain old IP.
#
# The problem is that I don't want IPs staring me in the face. So we
# MD5d em. This wasn't for "security" in the strict sense of the word.
# It just was meant to make it inconvenient for now. Not impossible.
# Now I don't have any IPs. Instead we have reasonably abstracted
# functions that should let us create a more secure system when we
# have the time.
#
# What really needs to happen is that these IDs need to be generated
# with some sort of random rolling key. Of course lookups need to be
# computationally fast within the limitations of our existing
# database. Ideas? Or better yet, Diffs?
#
# Lastly I have to say, I find it ironic that we've tracked IPs for
# years. But nobody complained until we *stopped* tracking IPs and
# put the hooks in place to provide a *secure* system. You'd think
# people were just looking for an excuse to bitch...
########################################################
########################################################
########################################################
sub getIsTroll {
my($self, $good_behavior) = @_;
$good_behavior ||= 0;
my $user = getCurrentUser();
my $constants = getCurrentStatic();
my $ipid_hoursback = $constants->{istroll_ipid_hours} || 72;
my $uid_hoursback = $constants->{istroll_uid_hours} || 72;
my($modval, $trollpoint);
my $minicache = { };
# Check for modval by IPID.
$trollpoint = $self->calcTrollPoint("ipid", $good_behavior);
$modval = $self->calcModval("ipid = '$user->{ipid}'",
$ipid_hoursback, $minicache);
return 1 if $modval calcTrollPoint("subnetid", $good_behavior);
$modval = $self->calcModval("subnetid = '$user->{subnetid}'",
$ipid_hoursback, $minicache);
return 1 if $modval {is_anon};
# Check for modval by user ID.
$trollpoint = $self->calcTrollPoint("uid", $good_behavior);
$modval = $self->calcModval("comments.uid = $user->{uid}", $uid_hoursback);
return 1 if $modval = $trollpoint;
# All tests passed, user is not a troll.
return 0;
}