Thanks for hints! On 29 ноя, 22:15, Silicon Dragon <sdr...@gmail.com> wrote: > First of all, it is very well possible to do all of the malicious actions > even *without* bots. > We have managed to reverse-engineer parts of the wave<->web protocoll, and > are able to read full wave contents of all public waves. See > archive.waverz.com for implementation. I miss the way this was implemented.
> Second, using that, it's fairly trivial to do full backups of wave data, > which can be restored to a new wave. And can you please point out to the way of restoring content? Or there's only method if it was backuped? > Third, you can build trust networks by using the Google groups > solution<http://archive.waverz.com/googlewave.com!w+VJoH3a3CK/_>, Great! The feature with google groups seems working, with pecularities though. > along with > WaveNotify<http://archive.waverz.com/googlewave.com!w+uOcHp3yOA/>(for > e-mail notifications). Until permission checks are implemented, this > is the best way to keep malicious intents out of your group's waves. > Fourth, using a protector bot, and a known blacklist (remember: wave invites > are still a precious commodity), it's fairly trivial to restore all edits > done by malicious bots, or users. Full-featured bot warfare requires more complicated things. A participant can easily remove protecting bot (either readonlie, or blacklisted-bouncie before he bounces malicious user) And thus needed at least two guard-bots to put them back when protecting bots removed (and put each other as well, thus at least 2). And neither of bot can store their setup (blacklist, guidelist) in contentblips or datadocuments, because they are insecurely accessible, and more advanced warbot may have a time to remove that setup. Thus, yet another bot required to store these configs elsewhere in datastore maybe, and coordinate protecting and guarding bots :) That's appear to be somewhat tricky thing :) And of courcse, all warbots can easy change app-id to be missed in blacklists. > >Who knows how he tracked his friends? > > Probably the same way all bots do: by storing participants of the waves it's > been contacted by. > > As you can see, lots of solutions are already available, even without > blowing the public-group-experiment up :) > > -SDr -- You received this message because you are subscribed to the Google Groups "Google Wave API" group. To post to this group, send email to google-wave-...@googlegroups.com. To unsubscribe from this group, send email to google-wave-api+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-wave-api?hl=en.
