Beautiful morning out there today. Not sure what I’m going to do with it. 🙂
Podcast: Play in new window | Download
-
Find me: Updated Links
Recent Comments
- ROBERT EVANS on Day 2754: Day Not Found
- ROBERT EVANS on Day 2753: Untitled For Some Reason
- Nate on Day 2752: Was A Sunny Day
- Robert Willey on Day 2752: Was A Sunny Day
- Robert Evans on Day 2745: Busy Day
My podcatcher is gpodder installed on Linux.
I am using doggcatcher on my android and working well.
I used to used gpodder on Ubuntu, that worked too 🙂
I am not the most fully informed on security topics, but I have to say your instincts sound right on the plugin and user agents.
Is this the plugin? http://wordpress.org/extend/plugins/bulletproof-security/
It is entirely possible that it does real, measurably useful things … but it sounds from what you were saying like it’s got a whitelist of user agents and anything not on that list gets denied.
If that is truly what it is doing, that is crazy. Any ‘bad guy’ can change a user agent string to pretend that their browser or other agent is something it is not, so it provides no security whatsoever, but what it does do is block ‘good guys’ from accessing things. The only people who may not figure out how to change what their user agent reports itself as being are regular users, and any road-blocks your site puts in their way can only harm their user experience, word-of-mouth buzz, and your book sales.
As for fear about someone copying your site … you’re 100% correct. Not only is the entire point of your site to allow people to download its content (this is what their web browsers do, to display it, as you know) but also, as you say, it is utterly trivial to copy down the content of any web site. Anything you can try to do to block it will NOT work, and will cause problems for the users you want to view/use the site.
I certainly hope the plugin provides some real security, not just the harmful security theatre of limiting what user agents are valid, and I hope that there’s a way to tell it “turn off that stupid feature”.
I do know that site hardening is a complex topic, and a royal pain. However I don’t believe I have seen this kind of blocking being deployed as a true security measure.
Its kind of like running your js scripts through a per-processor to make them non-human-readable; that will _technically_ prevent someone from stealing your script, however anyone truly savvy on the tech can reverse that process and get the original code.
But I very well could be completely wrong.