[NCommander]

I don't mind portscanning per say if its clear you're doing it but a website should never trip a corporate firewall or IDS. We're going to re-rig this code to check the inbound IP against a local DNSBL or something similar and not something that will cause an IDS to shit itself. Generally, if I access a site on a port, I expect return traffic to come back only on that port (excluding protocols like FTP which are explicately multi-port). We officially support tor (and have our own hidden service) and are looking at connecting posts through SpamAssassin to automoderate crap down to -1 (this feature still fairly far out)

What got me upset was the fact that I respect users privacy, and to find out about this behaviour from a bug report notification pissed me off. In /code's defence, at that point, it was basically /., /.JP and Burrapuento as the last three slash sites on the internet so a lot of slashdot specific functionality has creped in over the years before the code drops stopped in 2009, with the documentation for independent sites being a bit stale.

EDIT: I've written a follow up on my SN journal: http://soylentnews.org/~NCommander/journal/277