| I'm proposing we write a simple canary spec, for canaries that are both human and machine readable. A format could be, for instance: * canary.txt in the root of the site. * Optional text introduction, describing the canary's purpose, the way rsync.com does. * PGP signed message with expiration date; content optional. * Replaced by either a 404 or a 451, the 451 for those who want to be more explicit and like to live dangerously. You probably shouldn't state you're compliant with the spec if you implement it. . I'm personally very willing to run a replacement canary watch, I'll see what I can set up over the weekend. I'm thinking of writing it in PHP, so it's easy to copy for others. I'm thinking it'd be nice to couple it with a spider that automatically indexes these canaries, and to also have captcha'd "add your own" option. Could anyone point me to a guide to setting up a HN-proof PHP server? |