Brian had a lot of stuff stolen from his shop. (Sorry for your loss,
Brian.)
I have tons of photos of my shop & "projects" (*), and a web site where I
could easily post the photos. (I count 21 "projects" within a few feet of
this computer.) But I just can't force myself to put them on my site. I
guess I just don't want to publish to the world at large the fact I have a
*substantial* investment in sawdust-making tools. Like my favorite boss
used to say, "What my competitors don't know can't hurt me."
Am I the only one?
-- Mark
(*) "Projects." Everyone posts such nice things on ABPW. But I've made
only 5 "furniture-grade" items so far. I have a full-time job, family
responsibilities, etc etc, and what seems to really "trip my trigger" is
*minimum* investment of time and $ for maximum *usefulness.*
- The inclined bookshelf on my desk started with two pieces of scrap.
Two passes on the table saw, 4 passes on the router table, glue up, and I
have a shelf that will last at least 200 years. QS oak would be prettier,
but I *LIKE* the useful MDF thing 75% of woodworkers and 99.997% of the
general public would have thrown away. ;-)
- Ditto my two monitor stands, foot rest, book holder and music CD rack.
;-)
I'd prefer to have the butler find old growth timber for me to make shoe
trees from. <g> But the finances only permit maximum enjoyment from
minimal investment.
[email protected] wrote:
> If you don't publish your address, how will a burglar find you?
www.markjerde.com ??? Plus 10 years of newgroups messages.
BTW, http://www.markjerde.com/aaaindex.html
;-)
-- Mark
Brian wrote:
>>If your ISP doesn't allow you to set access rights, you could also just
>>use a unique directory name nobody is likely to guess. Maybe something
>>like:
>>
>>www.yourURL.com/uniquename/
>
> Problem with this is that people surf the web looking for this with
> programs that download everything web directories and sub-directories.
> If it is there, they will find it.
Eh?
If he doesn't link to the folder from his homepage/rest of his site then
none of the programs that download web sites will find it.
He'd be quite safe if he just wanted to create a folder with a unique
name so it's on file somewhere remote. Unless he gives out the folder
name no search engine or program will find it.
However, I wouldn't rely on your ISP being able to prove the file has
been up there for any given amount of time... MOST ISPs don't log when
individual files are uploaded/touched.
Cheers,
Andy
[email protected] wrote:
> I work with computers and internet security for a living.
Likewise...
> The suggestions, so far, have been sensible.
>
> Yes, google will 'find' your stash of photos, despite a robot.txt file.
I'd also (with Wolfgang) be interested in knowing how Google would
"find" the folder? Does Google maybe try random combinations of letters
and numbers in order to try and crack unique folder names? Of course it
bloody doesn't!!!
Don't spread FUD...
> Deleting the blank index.html is not needed. if someone needs to see
> your work, then give them hte full URL with the uniquename.html in the URL.
I agree with that...
> Yahoo Groups is another possibility. You can create a 'private group'
> that only people you authorize may join. You can then limit the
> permissions of the photo gallery there, any way you wish.
However, I'm sure that Google's elite password cracking team that you've
hinted at will eventually get on to that security problem ;-)
> If you need help, or have specific questions, please feel free to
> congtact me, on or off this group.
Just the specific question of how Google's spider would find a folder
that isn't linked with a unique name?
Regards,
Andy
not necessarily Google but other programs similar to what I use to grab
web pages and sometimes sites. it has an option to "get all files in
all dirs", it also has the option of ignoring the robots.txt file.
so I do this to your page and then post it on my page as a "favorite",
then Google finds it. Since I don't post my favorites, I would not be
the source of the leak.
BRuce
Andy Jeffries wrote:
> [email protected] wrote:
>
>> I work with computers and internet security for a living.
>
>
> Likewise...
>
>> The suggestions, so far, have been sensible.
>>
>> Yes, google will 'find' your stash of photos, despite a robot.txt file.
>
>
> I'd also (with Wolfgang) be interested in knowing how Google would
> "find" the folder? Does Google maybe try random combinations of letters
> and numbers in order to try and crack unique folder names? Of course it
> bloody doesn't!!!
>
> Don't spread FUD...
>
>> Deleting the blank index.html is not needed. if someone needs to see
>> your work, then give them hte full URL with the uniquename.html in the
>> URL.
>
>
> I agree with that...
>
>> Yahoo Groups is another possibility. You can create a 'private group'
>> that only people you authorize may join. You can then limit the
>> permissions of the photo gallery there, any way you wish.
>
>
> However, I'm sure that Google's elite password cracking team that you've
> hinted at will eventually get on to that security problem ;-)
>
>> If you need help, or have specific questions, please feel free to
>> congtact me, on or off this group.
>
>
> Just the specific question of how Google's spider would find a folder
> that isn't linked with a unique name?
>
> Regards,
>
>
> Andy
--
---
BRuce
Httrack does, use it all the time.
Andy Jeffries wrote:
> Brian wrote:
>
>>> If your ISP doesn't allow you to set access rights, you could also
>>> just use a unique directory name nobody is likely to guess. Maybe
>>> something like:
>>>
>>> www.yourURL.com/uniquename/
>>
>>
>> Problem with this is that people surf the web looking for this with
>> programs that download everything web directories and sub-directories.
>> If it is there, they will find it.
>
>
> Eh?
>
> If he doesn't link to the folder from his homepage/rest of his site then
> none of the programs that download web sites will find it.
>
> He'd be quite safe if he just wanted to create a folder with a unique
> name so it's on file somewhere remote. Unless he gives out the folder
> name no search engine or program will find it.
>
> However, I wouldn't rely on your ISP being able to prove the file has
> been up there for any given amount of time... MOST ISPs don't log when
> individual files are uploaded/touched.
>
> Cheers,
>
>
> Andy
--
---
BRuce
BRuce wrote:
> not necessarily Google but other programs similar to what I use to grab
> web pages and sometimes sites. it has an option to "get all files in
> all dirs", it also has the option of ignoring the robots.txt file.
You CAN'T do that! The "get all files in all dirs" only works if the
site advertises (by a link or img src) the folder name. If it doesn't
your app won't find it.
As an example, I have just placed a folder on my site
www.andyjeffries.co.uk with a "random" name.
This folder contains a page called "bruce_findme.html" (there, if your
app does what you say - that may help).
In that file is a password. Post the password on here.
> so I do this to your page
But it won't work!
> and then post it on my page as a "favorite",
> then Google finds it. Since I don't post my favorites, I would not be
> the source of the leak.
Andy
BRuce wrote:
> Httrack does, use it all the time.
But as the httrack.com index page says:
"Simply open a page of the "mirrored" website in your browser, and you
can browse the site from link to link, as if you were viewing it online"
But there isn't a link to the unique directory name.
Seriously, the source code is available at:
http://download.httrack.com/cserv.php3?File=httrack.tar.gz
it's written in C under the GPL. You will find that it doesn't employ
backdoors or a randmon folder cracker. It simply gets the first page
you tell it to get, reads the links, gets each page in the links and
repeats. If there is NO link it will NOT be found...
As I said in another, post feel free to try it against my site and post
the password.
Andy
Andy Jeffries wrote:
> it's written in C under the GPL.
Meant to write "it's written in C and licensed under the GPL". I'm not
just quoting random buzzwords, I'm a Linux programmer (www.gphpedit.org)
and have released C code under the GPL...
I'm also Technical Director for an Internet Development Consultancy...
Cheers,
Andy
WebsterSteve wrote:
> Could you just rename the extention to .12x or something along those
> lines? If someone did run across the file, they wouldn't know what it
> was. When you need to access them, save them and rename the extention
> back to .jpg or whatever.
Under Linux (which more and more people are using now), there is a
utility/command called "file" which examines a file's contents and tells
you what it is. For example, doing this on a renamed JPG file on my
machine tells me:
andy $file test.12x
test.12x: JPEG image data, JFIF standard 1.01, resolution (DPI), 72 x 72
It isn't perfect (there are some files it just says "Binary data" for),
but it would also detect if you renamed a zip file:
andy $ file ziptest.abc
ziptest.abc: Zip archive data, at least v1.0 to extract
Just thought I'd pose an argument as to why it wouldn't work... You
could of course put them in a password-protected Zip file...
Cheers,
Andy
DJ Delorie wrote:
> Post them in a subdirectory, and set access rights so that nobody can
> view them. That way, you have a record stored at your ISP but you
> don't tempt anyone.
>
> Better to put the photos in a safety deposit box, though.
If your ISP doesn't allow you to set access rights, you could also just
use a unique directory name nobody is likely to guess. Maybe something
like:
www.yourURL.com/uniquename/
To be extra safe, create a blank text file in that directory and name it
index.htm and save the real html file as uniquename.htm. If you need to
show it to somebody, just delete the bogus index.htm file then rename
uniquename.htm to index.htm.
Good luck!
-Rick
"[email protected]" wrote:
>
> Yes, google will 'find' your stash of photos, despite a robot.txt file.
>
This is interesting. Can you explain how Google can find a page, if
there are no links to it?
Wolfgang
--
"Holzbearbeitung mit Handwerkzeugen": http://www.holzwerken.de
Forum Handwerkzeuge:
http://www.woodworking.de/cgi-bin/forum/webbbs_config.pl
"Mark Jerde" <[email protected]> wrote in message news:<[email protected]>...
> Brian had a lot of stuff stolen from his shop. (Sorry for your loss,
> Brian.)
>
> I have tons of photos of my shop & "projects" (*), and a web site where I
> could easily post the photos. (I count 21 "projects" within a few feet of
> this computer.) But I just can't force myself to put them on my site. I
> guess I just don't want to publish to the world at large the fact I have a
> *substantial* investment in sawdust-making tools. Like my favorite boss
> used to say, "What my competitors don't know can't hurt me."
>
> Am I the only one?
>
> -- Mark
>
>
<snip>
If you don't publish your address, how will a burglar find you? If a
thief breaks into my shop I'd like to watch how he manages to load my
400-pound tablesaw into a pickup without drawing the attention of
neighbors or my dog. It's not to say that such thefts don't occur,
just that most thieves are looking for lighter weight, less bulky,
easy to sell/fence electronics, coin collections, etc. When my
brother's house was burglarized several years ago the thieves went for
the jewelry and the sound system. Not surprisingly, they left his
machinery and tools alone. They left his expensive TV alone, most
likely because it weighed 250 pounds.
DJ Delorie <[email protected]> wrote in message news:<[email protected]>...
> Post them in a subdirectory, and set access rights so that nobody can
> view them. That way, you have a record stored at your ISP but you
> don't tempt anyone.
>
> Better to put the photos in a safety deposit box, though.
Burn the pictures to CD. Make copies. Send them to each of your
(trustworhy) relatives. This is cheaper than a safety deposit box or
fire safe and you get geographic dispersion.
Jay
DJ Delorie wrote:
> Rick Nelson <[email protected]> writes:
>> If your ISP doesn't allow you to set access rights, you could also
>> just use a unique directory name nobody is likely to guess.
>
> Google will find it. Obscurity is of absolutely no value on the web
> these days.
<seriously>
How would Google find e.g.
www.markjerde.com/abc123xyzpugnoze/byteme.html ?
There is no link from the home page.
</seriously>
-- Mark
<[email protected]> wrote in message
news:WuWsc.116758$iF6.10997448@attbi_s02...
> I work with computers and internet security for a living.
>
> The suggestions, so far, have been sensible.
>
> Yes, google will 'find' your stash of photos, despite a robot.txt file.
>
Rather that stash them in some place where security is a concern, burn a CD
and put a copy in the house, one in a safe deposit box, your mother's house,
or your desk/locker/toolbox at work.
Ed
[email protected]
http://pages.cthome.net/edhome
I work with computers and internet security for a living.
The suggestions, so far, have been sensible.
Yes, google will 'find' your stash of photos, despite a robot.txt file.
Deleting the blank index.html is not needed. if someone needs to see
your work, then give them hte full URL with the uniquename.html in the URL.
Yahoo Groups is another possibility. You can create a 'private group'
that only people you authorize may join. You can then limit the
permissions of the photo gallery there, any way you wish.
IF your ISP will permit you to use PHP based web applications, look into
getting and installing Gallery (http://gallery.menalto.com). This
nifty application can be used to safely put up your work and details,
with the options of limiting access to viewing the photos. the details
of hte photos (comments, descriptions, etc) are not contained in a file
that is accessed by the Google or Yahoo bots.
If you need help, or have specific questions, please feel free to
congtact me, on or off this group.
Sincerely,
Daniel Curry
Mark Jerde wrote:
> Brian had a lot of stuff stolen from his shop. (Sorry for your loss,
> Brian.)
>
> I have tons of photos of my shop & "projects" (*), and a web site where I
> could easily post the photos. (I count 21 "projects" within a few feet of
> this computer.) But I just can't force myself to put them on my site. I
> guess I just don't want to publish to the world at large the fact I have a
> *substantial* investment in sawdust-making tools. Like my favorite boss
> used to say, "What my competitors don't know can't hurt me."
>
> Am I the only one?
>
> -- Mark
>
>
> (*) "Projects." Everyone posts such nice things on ABPW. But I've made
> only 5 "furniture-grade" items so far. I have a full-time job, family
> responsibilities, etc etc, and what seems to really "trip my trigger" is
> *minimum* investment of time and $ for maximum *usefulness.*
> - The inclined bookshelf on my desk started with two pieces of scrap.
> Two passes on the table saw, 4 passes on the router table, glue up, and I
> have a shelf that will last at least 200 years. QS oak would be prettier,
> but I *LIKE* the useful MDF thing 75% of woodworkers and 99.997% of the
> general public would have thrown away. ;-)
> - Ditto my two monitor stands, foot rest, book holder and music CD rack.
> ;-)
>
> I'd prefer to have the butler find old growth timber for me to make shoe
> trees from. <g> But the finances only permit maximum enjoyment from
> minimal investment.
>
>
> I have tons of photos of my shop & "projects" (*), and a web site where I
> could easily post the photos. (I count 21 "projects" within a few feet of
> this computer.) But I just can't force myself to put them on my site. I
> guess I just don't want to publish to the world at large the fact I have a
> *substantial* investment in sawdust-making tools. Like my favorite boss
> used to say, "What my competitors don't know can't hurt me."
>
> Am I the only one?
>
> -- Mark
Could you just rename the extention to .12x or something along those
lines? If someone did run across the file, they wouldn't know what it
was. When you need to access them, save them and rename the extention
back to .jpg or whatever.
[email protected] wrote:
> "Mark Jerde" <[email protected]> wrote in message
> news:<[email protected]>...
>> Brian had a lot of stuff stolen from his shop. (Sorry for your loss,
>> Brian.)
>>
>> I have tons of photos of my shop & "projects" (*), and a web site where I
>> could easily post the photos. (I count 21 "projects" within a few feet
>> of
>> this computer.) But I just can't force myself to put them on my site.
>> I guess I just don't want to publish to the world at large the fact I
>> have a
>> *substantial* investment in sawdust-making tools. Like my favorite boss
>> used to say, "What my competitors don't know can't hurt me."
>>
>> Am I the only one?
>>
>> -- Mark
>>
>>
> <snip>
>
> If you don't publish your address, how will a burglar find you?
If you have a domain name he can get your address from InterNIC. If you
have a listed phone number, if he knows your approximate location, if he
knows your real name, and if your name is even slighly unusual he can
probably find you from a reverse phone book lookup. Someone who is into
that sort of thing probably has a few dozen other ways to find someone.
> If a
> thief breaks into my shop I'd like to watch how he manages to load my
> 400-pound tablesaw into a pickup without drawing the attention of
> neighbors or my dog. It's not to say that such thefts don't occur,
> just that most thieves are looking for lighter weight, less bulky,
> easy to sell/fence electronics, coin collections, etc. When my
> brother's house was burglarized several years ago the thieves went for
> the jewelry and the sound system. Not surprisingly, they left his
> machinery and tools alone. They left his expensive TV alone, most
> likely because it weighed 250 pounds.
I seem to recall someone's gun collection getting stolen even though he had
it in a massive safe bolted to the structure of the house. The thieves ran
a chain around the safe, attached it to their truck, and drove off. The
safe remained intact, the house didn't. Once they had it outside the house
they just loaded it up and drove off and opened it at their leisure.
Wouldn't work with a saw (at least not and have it good for much afterwards)
but thieves can come prepared and aren't necessarily incompetent--four guys
with a dolly can probably manage to get it out right quick, and two guys
with a winch on the truck could probably manage.
OTOH, sometimes you get the last laugh--some twit stole my laptop the day
after it died beyond economical repair.
--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
> If your ISP doesn't allow you to set access rights, you could also just
> use a unique directory name nobody is likely to guess. Maybe something
> like:
>
> www.yourURL.com/uniquename/
>
> To be extra safe, create a blank text file in that directory and name it
> index.htm and save the real html file as uniquename.htm. If you need to
> show it to somebody, just delete the bogus index.htm file then rename
> uniquename.htm to index.htm.
>
> Good luck!
> -Rick
Problem with this is that people surf the web looking for this with
programs that download everything web directories and sub-directories.
If it is there, they will find it.
One option would be to use a program like WinRAR to encrypt all your
pictures into a single .RAR file. Use a password you'll remember
years from now, and store the file on CD or DVD somewhere safe. I
like the idea of someone's to keep redundant copies in several
locations.
Brian.
On Wed, 26 May 2004 10:47:08 -0400, "J. Clarke"
<[email protected]> wrote:
>If you have a domain name he can get your address from InterNIC. If you
>have a listed phone number, if he knows your approximate location, if he
>knows your real name, and if your name is even slighly unusual he can
>probably find you from a reverse phone book lookup. Someone who is into
>that sort of thing probably has a few dozen other ways to find someone.
Of course, many people register domain names to PO boxes, work
addresses, or hosting companies. Cell phones work great as contact
numbers.
Barry
DJ Delorie <[email protected]> writes:
> Google will find it.
Clarification: someone, somewhere, who happens to know the URL
(perhaps you mentioned it once or something) will bookmark it, and it
will end up on a "My Bookmarks" page or something, and google finds it
there.
It's way too risky to rely on obscurity to keep robots away. The web
is too big for that to be a reasonable expectation.
Rick Nelson <[email protected]> writes:
> If your ISP doesn't allow you to set access rights, you could also
> just use a unique directory name nobody is likely to guess.
Google will find it. Obscurity is of absolutely no value on the web
these days. If you choose this route, learn how to set up a
robots.txt file to keep most search robots out (not all honor it).
Be careful to not list the unique name in the robots.txt but
the directory it resides in, like
http://www.myhost.com/something/randomurl/photos.jpg
Then list /something/ in robots.txt.
OTOH, I do use the random-name with blank-index trick for my photo
gallery, but then, I'm not so worried about what people will do with
my pictures.