[Imc-drupal-dev] open publish

[ekes]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah the ever good reminder over security...

flowerchild at puscii.nl wrote:
>     * Calais � http://www.opencalais.com

Very cool service, get tags for your content, but it's a call out _with
the content_ to an external service on commercial non-controlled servers.

>     * Yahoo! BOSS � http://developer.yahoo.com/search/boss

Dunno what this one's usef for here, but...

>     * Flickr API � http://www.flickr.com/services/api/keys

Obviously embedding content from an external site, that makes users leak
their IP address without warning them. For this and youtube/blip.tv
embeds that are becoming ever more popular I think at 'click this to
embed the content' javascript widget would be good. Obviously hosting
the content on our own network (in the broader sense of autonomously
controlled servers) is better and more sustainable in the longer run.

>     * Google Maps � http://code.google.com/apis/maps"

And this also if it's embedding google maps. If it's just used for
geocoding, it's just giving out the public location information, but
probably doing it synchronously with a post being made.

Also quick scan of the package it uses mollom for spam filtering as
well, which is another callout, and requires IP addresses to be
available on the system and to mollom.

Anyone who thinks all this IP address stuff is overzelous security stuff
should look at what's happened recently in the UK where there was the
smallest sniff there *might* be IP addresses that the police could get
of someone making a post that could be 'related to their enquiries'
(there aren't IP logs there by the way).

After all that negativity I'll make a more positive post to follow :)

ekes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpmC70ACgkQR9het8OQC6VIrwCfXdSLNy6ZMo3nBYdJ4oL5dUTF
+BYAnjffXUfft38yH6f4F3MaeKBBwfdI
=GdO2
-----END PGP SIGNATURE-----