Dropsafe

by Alec Muffett

scansoft just swept me…

…and some people seem to have a problem with them:

[www.kahunaburger.com]

Scansoft lmspider bannned

I’ve just added “lmspider lmspider@scansoft.com” and “lmspider (lmspider@scansoft.com)” with a “Disallow: /” to my robots.txt file. I’ve contacted them quite some time ago and never received a response to my question about the purpose of this spider. Until lmspider@scansoft.com responds to legitimate requests, I suggest you do the same on your server.

Quote: The lmspider user agent is a bot that collects text from the web. This is part of a research project here at Scansoft where we are trying to use web documents to improve the linguistic models we use in our speech recognition engine.

…and reading this does make me wonder whether or not it bothers me. I don’t think that it does, so long as they don’t detriment my bandwidth.

It reminds me a bit of Simon Phipps’ recent posting on Anonymous Commenting at [www.webmink.net] – as a security geek, Simon’s desire that comments received on his blog bear some manner of identifying mark seems hopeful, at best.

It is an article of faith with security guys that you should try in general to do something properly or not do it at all – or at least in the latter circumstance you should not rely on what you have wrought.

So: if I wanted accountability I would require digital signatures, PKI, some manner of non-repudiation, CRL checks, etc.

But I don’t. I can’t be bothered.

I am content with what I have – a space for people to sign their name if they wish, plus the fact that I log IP-address of all accesses, referrer records, date, time, and any other metainformation that can be squeezed out of Apache.

This does not stop people not-signing-their-name; nor does it prevent someone named Dave signing themselves as Geoff – having said something inflammatory – and thereby besmirching the name of the Geoff that I do know.

However, I have a reasonable audit trail, and I can check-up after the fact. For me, that suffices, even if I cannot count on a direct mapping of IP-address to person.

<THINKS>Identity? Ha! Don’t get me started on “identity” …</THINKS>

Comments

6 responses to “scansoft just swept me…”

  1. Geoff Arnold
    re: scansoft just swept me…

    BEGIN PGP SIGNED MESSAGE Hash: SHA1

    So does this help things? It’s a little awkward… needs better browser-side help, which shouldn’t be too hard.

    BEGIN PGP SIGNATURE Version: PGP 8.0.3

    iQA/AwUBQMBprT0uHSQWlM9sEQK3VQCg8ZVMgiJwMohEPWAKrVejiv4WUwUAnA3V caiGi7S0f3pQZHX+GutsvA3P =eCXm END PGP SIGNATURE

    Reply
  2. alecm
    re: scansoft just swept me…

    well, hypothetically it’d help, but practically it’d need better blog integration, and i’d need a copy of your public key to check it.

    hence why i don’t fash about it.

    Reply
  3. Geoff Arnold
    re: scansoft just swept me…

    http http://www.geoffarnold.com/geoff/keypage.html

    Reply
  4. Simon Phipps
    Hopeful

    As Blogger doesn’t offer me any alternatives then all I can work with is hope and the delete button. One day I will get a proper hosting service.

    S.

    Reply
  5. akecm
    re: Hopeful

    i am astonished – you get no traffic logs at all?

    Reply
  6. Simon Phipps
    re: Hopeful

    Only the ones I make with string & sticky tape (BlogPatrol and two other services, for which I am actually very grateful). Blogger is very primitive.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts