No more bots!

Started by B_2

auntdeen Lv 1

The urlbot was developed and is maintained by ptfrog. His 15 year old daughter also plays - if anyone is going to be the most cautious and diligent about a url bot, it is a parent who knows that his own minor child will be clicking the bot links.

Ingame, exterior links are not clickable - neither are the exterior tinyurls that are generated by the bot. The tinys simply make it easier for folders who are only using ingame chat to type in the links. The bot is only doing what has been asked of many folders many times - to tiny a url so that someone can see it and be able to type in the link.

B_2 Lv 1

I'm sorry, but trust does not happen on the internet, and anyone who does trust a stranger is naive.

You may think that a bot owner is a nice polite parent, but it could be just as easily be a pervert or evil-doer using social engineering to lure people into complacency before replacing the harmless tiny URLs with something much more sinister.

There is no way to tell, and social engineering being what it is, it is best to remove the temptation, and only allow pure URLs that can be seen and evaluated. The naive will click on anything anyway, so let's just remove one more possible virus vector.

auntdeen Lv 1

The problem is that most urls cannot be seen in ingame chat.

You use external irc - many people don't, especially when they start playing the game.

During the days in September when we were inundated with new players, the (volunteer) mods and other veteran players needed to give directions to the tutorials on the wiki, or the videos. That was very time consuming, and repetitious.

On that basis alone, much less that many players now are doing some great research into proteins & wish to share the links, many people have wasted much of their time going to the tinyurl website to tiny a link so that someone else can at least see the link to type it in.

It's all trust, for goodness sakes. You choose not to, that's fine. The rest of us can decide for ourselves whether or not we trust any link, tiny or not - and in this day & age of spoofed websites, you can either make your own decisions about using a link - or to be perfectly safe, never use any that have been suggested to you.

I have never used any name but this one on the web in 15 years, so the thought of someone being "a pervert or evil-doer using social engineering to lure people into complacency before replacing the harmless tiny URLs with something much more sinister" is not usually uppermost in my mind - my browser is equipped with so much safety, and my computer with up to date protection (and I use a mac) that I don't worry about it. I choose which links I will go to, and will ignore any from people I suspect are malicious or uninteresting.

I'll leave that level of paranoia to others who have the expertise in multiple online identities. (And those who leave psuedo-bot links in global, I guess to try to get their point across - don't know because I wouldn't click them).

infjamc Lv 1

Again, I understand your concern. That's why I advocated the idea of scanning the links before conducting the tinyurl conversion if it's possible to do so.

Also, if you really want to be careful, where does the conspiracy theory stop? I mean, just look at the list of sponspors for Foldit– how can you know for sure that we aren't being deceived into designing a biological weapon? (Obviously, I'm being hyperbolic here. The point is simply that, while you cannot be 100% sure that the Foldit project is benign, you can be sure beyond a reasonable doubt. And the same can be said of the links that show up on global chat.)

ptfrog Lv 1

As the designer of the urlbot, I have to say I agree with this. There is no easy way to tell where these links will go, and I (or someone clever who manages to masquerade as urlbot) could certainly do something untoward with them.

Having considered, this, I decided to produce urlbot and (with permission) release it. My reasoning was as follows:

1) It's awfully useful. It might be better to add features to the client instead – but development resources are limited, and this fills a hole in the meantime.

2) The first time urlbot does something other than what it is advertised to do, it will no doubt be booted from the system. So the exposure of the fold.it community to a nefarious plan, whatever that plan might be, is quite limited.

I intend to release the code as open source – so folks can add URLbots to their own groups if they choose. I only have not done so because family health issues have prevented me from taking the time to do some minor cleanup. Of course, there is no way for a user to know if the code I am using is the code I release, and that issue is compounded if others are also running bots. (I would be delighted to make the urlbot service available to other groups as well, but that would give me access to their group conversations. Regardless of my good intentions, this seems imprudent at best.)

I worked very hard to make it urlbot useful without being intrusive; I think I succeeded in that. It does not shorten IMAGE URLs, since these are clickable. It does not shorten URLs that are already as short as – or not much longer than – a Tiny URL. It warns the user if the original URL was unreachable or appears malformed.

I would be happy to take suggestions on how to make it more useful. I would also be happy to remove it from global, if there is a consensus among the ops that I should do so.

And finally: If the devs, ops, or other muckymucks-in-charge want to run urlbot themselves, I will endorse and support that. (I think it's a fine idea, actually, with much to recommend it.) The code – written in Perl – is available for the asking.

auntdeen Lv 1

What you consider the correct decision may not be what many others would consider correct.

As I've just showed you in global:

Ingame, links that long are truncated and unreadable (that picture shows that the link cuts off at the _13). If it's a clickable image link from foldit - then it doesn't matter. If not - then it does!

Here's a foldit wiki link:

http://foldit.wikia.com/index.php?title=Fold.it_IRC_%28chat%29_Information&redirect=no

That shows up on ingame chat as:

http://foldit.wikia.com/index.php?title=Fold.it_I

In order to give a new person that wiki link - you must either tell them "to go to the foldit website, look for the wiki link at the top for the wiki, click on the link near top of front page of wiki for IRC information" - or you must go do a tinyurl for them.

The bot is simply getting the tinyurl - saving many of us time and effort typing the same things over & over again.

One last example that I showed you in global:

http://foldit.wikia.com/wiki/Lua_Functions_That_Should_Be_Implemented
http://foldit.wikia.com/wiki/Lua_Functions_Th ——————————–(how it shows ingame)

This is not my "display issue" as 3 other people checked during our discussion in global, and all had the same truncation at the same place ingame.

B_2 Lv 1

It sounds like you've provided the answer to both problems, even though one problem is of your own creation.

Simply direct the users to read the proper section of the "wiki", then you won't have to type long URLs to be converted by a high-risk URL shortener, and you can also eliminate an uncontrolled bot from the IRC server. I'm sure your scripters can come up with some canned narrative responses to the common questions that don't require the long links. "/me slaps noob with a trout, and directs the noob to the fold.it wiki to read up on LUA functions" No need to spoonfeed the full link.

Do you not understand that adding a third party re-director in the middle of the http request process is such a huge security risk?

URL shortener sites have been hacked with their stored "short" URLs being redirected to "evil" sites, they have tracked traffic through their sites, they have installed tracking cookies on the unsuspecting user's machines, redirected users to pages showing advertisements before ultimately redirecting them to the desired page, they have provided the desired site in a frame on a page with malicious java code, and a host of other less-than desirable practices. URL shorteners are one of the main tools of the trade of phishers and spammers. There is no guarantee that "tinyurl.com" has not already been compromised, or will not be compromised in the future.

They are bad news, no matter what the possible good intentions are for using these dodgy services.

ptfrog Lv 1

Interesting – so your objection is not only to the bot, but to URL shortener sites in general. I cannot speak to that, other than to say that I picked tinyurl because they have been around the longest (as far as I know), and have an excellent reputation.

You've got a point about teaching people how to find things on the Wiki; I kind of like that idea. I could probably analyze foldit links and attempt to direct people through the site. That might be tricky, since the fold.it site is not renowned for internal consistency, but it's worth thinking about. Of course, this would make the bot significantly noisier, and might make others unhappy.

But it does not solve the problem of long URLs for sites other than foldit sites – like CASP. The folks who help out in IRC take a lot of time and effort to do so – and while they are capable of writing click-through directions on any URL, I am in favor of any tool that makes their lives easier, and not harder. It also makes things easier for the recipients of the URL – who are probably being told to "read and learn," and if urlbot makes it more likely that this will happen, hooray! for urlbot.

(Admittedly, not all URLs posted to foldit are protein-related, but it is precisely the fun one can have with other folders that draws many people to this "game." So these should not be excluded.)

But the main justification for what I did is this: think back to how many times you've seen a request like "I can't see that whole URL. Can you post a tiny version?" It seems that URL shorteners are the solution of choice; all I've done is automated the process to save folks some time.

That said, I have an idea. What if I split the posted URL in such a way that it wraps in IRC? For 99+% of URLs, this would involve nothing more than adding a space after each slash. That way folks who do not trust tinyurl can type in the full version. Even folks who do use tinyurl would probably appreciate the security of being able to read the URL that they are being directed to. (I know that I would.) I dislike anything that adds noise to the IRC channel, but if it has value I'd be happy to add the feature. What saith the ops?

And if folks like the idea of teaching a noob to fish – that is, explaining how to find a link on the fold.it site, I can look into that as well. I might leave out the bit about the trout, though. :-) My thoughts: I suspect that anyone with enough interest will learn their way around anyway, so this might have a fairly low benefit-to-noise ratio. Still, I think that B_2 has a clever idea, and maybe we can find a way to use it.

One last note: I appreciate the sentiment behind such adjectives as "rogue" and "uncontrolled," but I remind you that urlbot is easily controlled. All it has to do is misbehave once, and poof – it's gone. So (in my mind) that moves the conversation onto one about the relative merits of URL shorteners vs utility and common usage. I have some additional thoughts on this, but for now I'll let the comments above stand.

spmm Lv 1

my 2cents - the URL shortener is really useful, I support keeping it - the definition bot is unnecessary and I support its removal.