[gopher] Capability files are dangerous
Kim Holviala
kim at holviala.com
Mon May 14 16:24:05 UTC 2012
On May 14, 2012, at 19:14 , Cameron Kaiser wrote:
>> Actually.... The original poster was somewhat correct with that assumption.
>> I can now fairly reliably determine between UMN gopher client, Overbite
>> (the latest betas) and other gopher clients.
>
> How so? UMN has its idiosyncrasy about G+, but OverbiteFF and the Floodgap
> proxy should be nearly indistinguishable (and when I add caps to Overbite
> Android, it will be implemented in nearly the same way as OverbiteFF).
The only client *ever* to request "<TAB>$" is UMN gopher. By using the "users are stupid" logic it's fairly easy to determine that the user just wants to type "gopher foo.bar". And since Gophernicus already tracks users it's fairly easy to know that they're using UMN during the whole browsing session. Not foolproof, but fairly reliable.
As for caps.txt, apart from me and you the only thing to *ever* request caps.txt is Overbite. And I can easily differentiate between you/me & Overbite using simple timing measurements (hint: Overbites request timings are constant, ours aren't).
- Kim
More information about the Gopher-Project
mailing list