Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Bot is now a Mastodon bot | Star Rauchenberger | 2022-12-23 | 1 | -190/+73 |
| | |||||
* | Added timeout to image downloads | Kelly Rauchenberger | 2018-01-29 | 1 | -0/+3 |
| | |||||
* | Fixed deadlock after failed image download | Kelly Rauchenberger | 2017-12-16 | 1 | -1/+1 |
| | |||||
* | Added "life support" to the blacklist | Kelly Rauchenberger | 2017-04-27 | 1 | -0/+1 |
| | |||||
* | Updated verbly (new API) | Kelly Rauchenberger | 2017-04-10 | 1 | -284/+379 |
| | | | | Also updated libtwitter++, and blacklisted some problematic images. | ||||
* | Bot now takes path to config file as argument | Kelly Rauchenberger | 2016-12-13 | 1 | -4/+14 |
| | | | | That config file now also has to contain the paths to the verbly datafile and the font to use. | ||||
* | Updated libtwitter++ (new API, and fixing a curlcpp crash) | Kelly Rauchenberger | 2016-09-12 | 1 | -161/+152 |
| | | | | Also changed to use C++ APIs for randomization and sleeping. | ||||
* | Blacklisted an image server known to return bad images | Kelly Rauchenberger | 2016-04-18 | 1 | -74/+53 |
| | |||||
* | Merge branch 'master' of https://github.com/hatkirby/difference | Kelly Rauchenberger | 2016-04-16 | 1 | -0/+9 |
|\ | |||||
| * | Added Accept header to image requests | Kelly Rauchenberger | 2016-04-16 | 1 | -0/+9 |
| | | | | | | | | | | | | The canonical bot tweeted an image (https://twitter.com/differencebot/status/721395886291558400) containing an advertisement instead of the requisite object. Previously, the only defense against servers serving the wrong image was that we ignore 300 response codes. This image, when loaded in Google Chrome, loaded a document with a content type of text/html, which is also ignored by difference, and which executed JavaScript redirecting Chrome to a malware-infested page. difference, however, saw the response as an image with content type image/gif (notably different from the URL, which indicated a JPEG image). It turned out that Chrome was using an Accept header that prioritized text/html documents over most other content types, which the malicious server used to decide what content to serve. Changing difference to send the same header caused the malicious server to also serve the text/html document to difference, which difference then discarded. Whilst the Accept header being used now does prioritize text/html documents over images, servers with legitimate content will not use that information when deciding what document to serve. The malicious test URL is http://www.northvalleymedicalsupply.com/shop/products_pictures/adj%20hinge%20knee%20brace.jpg. | ||||
* | | Tweaked image generation | Kelly Rauchenberger | 2016-04-16 | 1 | -2/+3 |
|/ | |||||
* | Initial commit | Kelly Rauchenberger | 2016-04-15 | 1 | -0/+354 |