From: Denny (firstname.lastname@example.org) To: email@example.com Date: Thu, 05 Jan 2006 14:31:44 +0000 Subject: Re: http://attrition.org/news/content/05-12-31.001.html Hi... do you seriously not know why morons don't notice your image substitution? It's because their IE cache holds the image from when they found it on your site, and so /for them/, it displays the original image when they view their page with it embedded. -- http://metamathics.org
From: security curmudgeon
To: Denny Date: Thu, 5 Jan 2006 09:56:00 -0500 (EST) Subject: Re: http://attrition.org/news/content/05-12-31.001.html : Hi... do you seriously not know why morons don't notice your image : substitution? It's because their IE cache holds the image from when : they found it on your site, and so /for them/, it displays the original : image when they view their page with it embedded. i'm aware this happens, but.. 1. that cache doesn't stay around forever. if the image is used on their main profile, when they view it seven/fourteen/whatever days later, it won't show up like they originally saw it 2. many times, they are posting it on the blog portion of the myspace profile. how is it one person can post, and another hundred read it and not notice or comment that the image is insulting them? 3. i need to read the IETF specs I guess, but it seems odd to me that i can view http://a.b/page.html which calls http://a.b/image.jpg, and it will cache *and display *the image even though http://c.d/hi.html will call the same image, but the web server will tell it load http//c.d/pic.gif instead. basically, the browser is remembering a cached, and potentially outdated link, without checking the server for a 301/302 response. mind you, most of my http knowledge comes from using a) opera, b) firefox and c) looking at http logs on attrition.org .. but based on that, it seems like image should not render, even if in cache. yes yes, i know it does, and i know it is likely doing the check for the image (which would result in the 301/302 error) without checking the (potentially) new href that caused it. 4. if number three is confusing, it is because its 8am and i've had too much to drink and haven't slept yet 5. none of this excuses 60,000 link attempts to my images in a 24 hour period. i don't care if it works in their browser or not, its flat out bad netiquette and abusing *my server* and *my bandwidth* because of *their stupidity*.