Pages: 1 [2] 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Liang Nuren
|
Posted - 2011.04.12 03:56:00 -
[31]
Edited by: Liang Nuren on 12/04/2011 03:57:28
Originally by: Diomedes Calypso If the neighbor left his door unlocked and you didn't rent from him, your analogy would fit.. you can't just walk inot his house.
So if my land lord doesn't fix a leaky tap in 1 day after I say "yo dawg some **** broke in my hizouse", I can bust into his house and steal his toilet and take it to my house?
-Liang -- Eve Forum ***** Extraordinaire On Twitter
|
Siiee
Recycled Heroes
|
Posted - 2011.04.12 04:00:00 -
[32]
Originally by: Liang Nuren
So if my land lord doesn't fix a leaky tap in 1 day after I say "yo dawg some **** broke in my hizouse", I can bust into his house and steal his toilet and take it to my house?
I don't know about you, but I don't normally wash my hands in the toilet
|
Diomedes Calypso
|
Posted - 2011.04.12 04:05:00 -
[33]
Originally by: Liang Nuren Edited by: Liang Nuren on 12/04/2011 03:57:28
Originally by: Diomedes Calypso If the neighbor left his door unlocked and you didn't rent from him, your analogy would fit.. you can't just walk inot his house.
So if my land lord doesn't fix a leaky tap in 1 day after I say "yo dawg some **** broke in my hizouse", I can bust into his house and steal his toilet and take it to my house?
-Liang
You obviously didn't read my post. I explained what I thought was an acceptable scenario.
You can dispute what I thought were acceptable actions in my scenario.
You con't need to agree that my analogy is the MOST apt ...but my analogy specifially made it clear only under very limited circumstance where a person broke a commitment of trust that directly put your at risk that in a very limited fashion you could stretch normal boundries of behaviour to make a statement.
A broken pipe and another house is a pretty big stretch from someone opening a security risk and opening a roomates door to demonstrate the point that you're afraid about people coming in and touching your stuff
|
Julyan Fox
Caldari
|
Posted - 2011.04.12 04:10:00 -
[34]
Edited by: Julyan Fox on 12/04/2011 04:10:30 The guys saying those security bugs are inadmissible, CCP sucks; well to me those guys are naives. I mean look at Microsoft, my windows XP still get critical updates YEARS after the release.
Time to wake up.
You've been using programs, are using programs, will use programs, with security holes ; it's not the dev who are incompetents, it's those dudes that exploit these holes, for money, fame, that are incompetents at enjoying their life.
|
Liang Nuren
|
Posted - 2011.04.12 04:14:00 -
[35]
Originally by: Diomedes Calypso
A broken pipe and another house is a pretty big stretch from someone opening a security risk and opening a roomates door to demonstrate the point that you're afraid about people coming in and touching your stuff
The problem is that's not at all what he did - not by a long shot.
-Liang -- Eve Forum ***** Extraordinaire On Twitter
|
Shar Tegral
|
Posted - 2011.04.12 04:18:00 -
[36]
Originally by: Elyssa MacLeod I like it when ppl call ppl jackasses and make jackasses out of themselves for talking to obvious trolls
I dunno, the more I respond to you the more vitriol you spew. One of us will self obsolete ourselves and I'm betting it is not me. So who is the bigger fool? As to ass kissing, I'm not the one butt hurt enough to waging a troll war for someone not really all that worthwhile. CCP needed to be outted, Amen. But you can't white wash disruptive behavior as anything other than disruptive behavior. I think that's the part that many don't understand. Being a part of a society brings with it a contract of mutual acceptance. There are means and methods of dissenting, even upto rebellion and revolution, but each comes with a price that must be paid. In the real world, it is usually jail or even death depending on the severity of the situation. Here it is simple: You get ban-hammered. I've yet to earn a perma-ban but I'm not ashamed of the bans I've gotten in my time. Equally I understand what I did and where I took it. I'm not fool enough to try to foist off some idea that just because I was right excused me going over the lines. You do the deed, you pay the fines and you move on. So stop being a total ass and move on. Ooops, you can't. Again, who is the defective one?
Wealth, howsoever got, in Eve makes Lords of morons and gentlemen of thieves; Aptitude and intellect are needless here; 'Tis impudence and money that grants fame. |
dexington
Caldari Baconoration
|
Posted - 2011.04.12 04:22:00 -
[37]
He found a security flaw, told CCP about it and used it to do thing he shouldn't be doing...
Had this happend in-game, eg. someone finds an exploit tells ccp about it and at the same time use it to blow up some titans, then people would be screaming for his head on a stick. When he decided to access parts of the forums he shouldn't have access to, he knew he was doing something he shouldn't be doing.
|
Diomedes Calypso
|
Posted - 2011.04.12 04:43:00 -
[38]
Originally by: Liang Nuren
Originally by: Diomedes Calypso
A broken pipe and another house is a pretty big stretch from someone opening a security risk and opening a roomates door to demonstrate the point that you're afraid about people coming in and touching your stuff
The problem is that's not at all what he did - not by a long shot.
-Liang
True ... I suspect that the behaviour crossed the line in a big way but the calling card wasn't the part that crossed the line.
I was disputing a crappy analogy equating the issue of responding in a completely unnconneted ay. and defending the leaving of a calling card... while specifically making the distinction bettween a calling card (screen saver) and going further and abusing privacy (checking your roomates email which I said crossed the line)
I like analogies.
As for your landlord not fixing your leak, if it was the 5th time he blew fixing it off (yeah this Doesn't apply to the eve case...not a 5th time for the forums) I'd say going over to his house and drowning his petunias with the hose in his front yard would be a justified level of response that still officially broke the law in terms of trespassing and destruction of property.
Now, probaly not a great idea because he might raise your rent or evict you, but the point made would be in scale with the harm done and if you were going to leave and wanted to make a point on the way out, it certainly wouldn't be out of line.
Not all trespassing is equal. Not all destruction of property is equal. Going onto his yard and running his hose ruininng some potted perenial flowers bough for 99cents at target is a whole different thing than breaking into a house and ripping out a toilet that would take real money to put right.
No big bright line Crime/no crime.... there are times laws can be crossed in low harm way to make a statement without saying that all crime is justified
|
Q Command
|
Posted - 2011.04.12 04:46:00 -
[39]
Originally by: Dr BattleSmith
Originally by: Obsidian Hawk * Script kitty forgot to read the EULA that exploiting bugs is a bannable offence
Personally I was going to do a security appraisal of the new forums before release.
However I thought CCP would be morons and respond in this way to someone doing the testing they obviously failed to do.
EULA is one thing, "no one ever test our ****" is another thing entirely.
Keep in mind who they have hired to do their security.
The old saying of 'you get what you pay for' comes to mind.
It should be an interesting to see what crops up for 'issues' in the next bunch of releases.
Hint #1: You should do background checks on potential employees regardless of how little you pay them Hint #2: You should hire a reputable firm to do a code review as that is what real companies do these days
|
gargars
|
Posted - 2011.04.12 04:50:00 -
[40]
Edited by: gargars on 12/04/2011 04:55:34 OK I admit I am not the most knowledgeable person on this even after 4 years in the game, but I was in the new forums and watched this debacle unfold until the end.
As I understand it yah, he went a bit too far, but....
He petitioned it and waited and for a response... how many of us have had to wait hours / days / weeks for a petition to be read and responded to? It's one of the universal fails of Eve support.
Yes they seem to have a special email address for reporting security issues, but how many of us ever heard of it before this event? 1/10th of 1%? Where is it posted and how hard is it to find if you even guess where to look?
End result - he tried to do the right thing and got frustrated. IMO. I know the feeling. After that yah he may have done 'the wrong thing' but...
What he did got the forum and any possible nefarious breech taken down.
I really thought about this. He could have done so much worse - you have to admit that. He didn't.
IMO he deserves kudos for trying... and showing how disfunctional our ability to communicate with 'the powers' really is.
To me - one has to ask, if he waited for an answer to his petition - how many of us might have been 'hacked' by now because the 'shiny new forums' would still be up and running?
I know there are things about this I don't understand - flame me if you wish - but I think that covers most of us - I personally thank him. CCP obviously would not have figured it out on it's own in a timely manner. The fact there was still a problem after they claimed to have fixed it sort of says it all.
|
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 04:51:00 -
[41]
Originally by: Q Command
Hint #2: You should hire a reputable firm to do a code review as that is what real companies do these days
lulz
|
Misanth
RABBLE RABBLE RABBLE
|
Posted - 2011.04.12 04:52:00 -
[42]
Poor judgement gets fitting reward. -
|
Dr BattleSmith
PAX Interstellar Services
|
Posted - 2011.04.12 04:56:00 -
[43]
Originally by: gargars
IMO he deserves kudos for trying... and showing how disfunctional our ability to communicate with 'the powers' really is.
To me - one has to ask, if he waited for an answer to his petition - how many of us might have been 'hacked' by now because the 'shiny new forums' would still be up and running.
Truth.
Really they were told the new forums need another few months of dev by the chorus of "testers" who were ignored.
100% CCP's fault.
CCP Nathan "the data does not seem to support that polished quality sells" Evelgrivion "each passing year, each failure to deliver on expectations of basic competence" |
Montevius Williams
|
Posted - 2011.04.12 05:08:00 -
[44]
Originally by: gargars Edited by: gargars on 12/04/2011 04:55:34 As I understand it yah, he went a bit too far, but....
He petitioned it and waited and for a response... how many of us have had to wait hours / days / weeks for a petition to be read and responded to? It's one of the universal fails of Eve support.
That's irrelevent - I dont care if he had to wait a month for a response, he still violated the EULA. CCP took action. Period. End of story.
|
gargars
|
Posted - 2011.04.12 05:20:00 -
[45]
I get ya I do. I just think perhaps minimizing the number of people effected is more important than some rigid rule that might take days/weeks/months to take effect. I realize that is a fine line to walk. Some may prefer the EULA to be god. Some may prefer a case by case basis. Not slamming you, just my opinion. I prefer the way it went down compared to 1000 people being possibly hacked by a slow moving bureaucracy. To each their own.
Originally by: Montevius Williams
That's irrelevent - I dont care if he had to wait a month for a response, he still violated the EULA. CCP took action. Period. End of story.
|
Desert Ice78
Gryphon River Industries R-I-P
|
Posted - 2011.04.12 05:35:00 -
[46]
Originally by: gargars I prefer the way it went down compared to 1000 people being possibly hacked by a slow moving bureaucracy. To each their own.
I'm finding it a bit difficult to decide the rights or wrongs of all this, but I think Gargars has hit the nail on the head right here.
We all know how hard it is to get CCP's attention, endless miles of forum posting and petitions have little or no effect, they ignore the most persistant wailing and screaming. You want to get CCP's attention, then light a bonfire under their collective asses. And boy, did Catari light a bonfire....
CPP might of banned him, but the other 300,000 subs really need to thank him.
Ah, damn it...
(me/ gets off the fence)
...Free Catari
CCP: Consistency since 2003 |
Diomedes Calypso
|
Posted - 2011.04.12 05:40:00 -
[47]
Originally by: Montevius Williams
Originally by: gargars Edited by: gargars on 12/04/2011 04:55:34 As I understand it yah, he went a bit too far, but....
He petitioned it and waited and for a response... how many of us have had to wait hours / days / weeks for a petition to be read and responded to? It's one of the universal fails of Eve support.
That's irrelevent - I dont care if he had to wait a month for a response, he still violated the EULA. CCP took action. Period. End of story.
There is nothing wrong with CCP handling it this way.... btw.. I can justify much of the guys actions in terms of My perception of right and wrong but my justifications about the "morality" of his actions are a seperate matter than how ccp should respond.
If he was especially rude about it, there is no reason that they should give him the benefit of the doubt even from my sense of "morality" .....so both can be right in how they acted in my mind and the result would be that he no longer played the game but shouldn't be disparaged.
BUT I 100% do think that CCP needs to take a message from how he responded .... that somehow their past actions have sent a message that they will not respond quickly or show any friendly gratitude for the advice people offer. If people feel like they'll be snapped at, not thanked for sharing an exploit, CCP has got to address that heads on, even if that still means he gets banned. They should look at the fact they needed to ban him as a failure, not as a proud response.
And Screggs has said exactly that. He abosolute hit head on the point that his departmenent needs to be more welcoming and appreciative to help in spotting breaches from the players.
He's a good guy and I'm confident that he undestands the nuances of the situation and that there were many levels of failures for the thing to happen. Personally I believe that the problem stems more from a system of corporate process but...plenty about that in other threads.
|
gargars
|
Posted - 2011.04.12 05:55:00 -
[48]
For me the problem is - I have seen CCP folks admit the same thing many many many times over four years... but it NEVER seems to change or any paradigm shift to occur... just admissions of 'yeah we need to do better on that' and singular apologies and promises it will change "soon" ... as a diet - over the years - it's sort of meaningless by now. No offense to Sreggs... I felt bad for his having to take all the abuse. I don't know what the answer is per se... just that year after year it gets old and does bother people who love the game.
Originally by: Diomedes Calypso
They should look at the fact they needed to ban him as a failure, not as a proud response... And Screggs has said exactly that. He abosolute hit head on the point that his department needs to be more welcoming and appreciative to help in spotting breaches from the players.
|
Florestan Bronstein
Test Alliance Please Ignore
|
Posted - 2011.04.12 06:59:00 -
[49]
Originally by: Sam Akiga Stop portraying him as some kind of hero.
confirming Catari is an Hero.
|
Patient 2428190
DEGRREE'Fo'FREE Internet Business School
|
Posted - 2011.04.12 07:16:00 -
[50]
Edited by: Patient 2428190 on 12/04/2011 07:18:55 Even if he had the purest of intentions, he still exploited a security loophole, and from that standpoint, he will stay banned.
I, do however, fully believe we wouldn't have gotten the quick CCP response to the security loopholes if he hasn't exploited them. If he would have sat on his hands after submitting his bug report/petition like they would have wanted... It would have been filed in the petition system clogged with "LOLOL U **** SUX" and would have been gotten around to much, much later. Oh irony.
He'll stay banned because he broke CCP's "cutting edge web project" with a security loophole. ...Then when you stopped to think about it. All you really said was Lalala. |
|
Liang Nuren
|
Posted - 2011.04.12 07:23:00 -
[51]
Edited by: Liang Nuren on 12/04/2011 07:24:02 I'd have a hell of a lot more sympathy for him if he'd filed a ****ing bug report with any sort of details about the bug. Apparently he feels doesn't get paid to write bug reports, but he does (somehow??) get paid to pen test the forums for lulz and exploits.
-Liang -- Eve Forum ***** Extraordinaire On Twitter
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2011.04.12 07:38:00 -
[52]
Just turn off the interwebs already!
Secure 3rd party service | my in-game channel 'Holy Veldspar' |
|
Pod Amarr
|
Posted - 2011.04.12 07:53:00 -
[53]
Edited by: Pod Amarr on 12/04/2011 07:56:23
Originally by: Dr BattleSmith lol
So lets get this straight.
* CCP fail web team convinces management they are awesome with hubris and garbage. * CCP commence using MS tech to write a "social network" (term used loosely). * CCP fail to check their new website with google ratproxy. * Obviously the code contains exploitable holes. A) MS B) CCP web team. * A random script kiddy finds the glaring holes. * Security through obscurity isn't good for CCP or us so some details are posted. * CCP kills the messenger.
Fail CCP. Fail CCP web team.
Pretty much this If some of my developers delivered this kind of garbage he would be packing his stuff in 15 minutes from the time I would find out. Reason being I would need 3 smokes so I do not choke him/her on the spot.
The ban of the guy I understand on the forums the IP ban is just pathetic.
On the other hand google nbusr123 Now that is pathetic :D What some people call security. Pod |
Lt Angus
Caldari the united Negative Ten.
|
Posted - 2011.04.12 07:56:00 -
[54]
maybe not the best way of getting CCP attention but it damn well works
Shhhh, Im hunting Badgers |
Furb Killer
Gallente
|
Posted - 2011.04.12 08:03:00 -
[55]
Originally by: Akita T That's not QUITE how it happened. IF he would have ONLY reported it, he would not be banned now.
If he would have instead of exploiting the forums a bit for the lulz, exploited the game with some python injection and botting he would not be banned now and would be spacerich.
Just saying...
|
Aldo Bridger
|
Posted - 2011.04.12 08:11:00 -
[56]
Originally by: Liang Nuren
So if my land lord doesn't fix a leaky tap in 1 day after I say "yo dawg some **** broke in my hizouse", I can bust into his house and steal his toilet and take it to my house?
Pretty much this. He made a minimal effort to report and put maximum smug in all the while exploiting his newly found loopholes. He might have been the messenger, but he was burning bags of **** all over their doorstep rather that simply inform them of the fire hazard.
Originally by: Lt Angus maybe not the best way of getting CCP attention but it damn well works
OTOH, this is absolutely true.
|
Gavjack Bunk
Gallente Genos Occidere HYDRA RELOADED
|
Posted - 2011.04.12 08:15:00 -
[57]
Force CCP to act. Get banned.
It's a policy that has been in place since the beginning, he should have known better. In future, let CCP deploy their crap and let them slowly figure out how crap it is and then find somebody to blame before finding somebody to clean it up.
|
JitaBUGz TheGreat
|
Posted - 2011.04.12 08:23:00 -
[58]
FREE HAT!!!!
Oh sorry, wrong genre
Drama queens get there drama due's.
|
Tyburn Stannis
Caldari Xenon Salvage Inc.
|
Posted - 2011.04.12 08:59:00 -
[59]
Originally by: gargars
He petitioned it and waited and for a response... how many of us have had to wait hours / days / weeks for a petition to be read and responded to? It's one of the universal fails of Eve support.
Yes they seem to have a special email address for reporting security issues, but how many of us ever heard of it before this event? 1/10th of 1%? Where is it posted and how hard is it to find if you even guess where to look?
Answering those two points specifically - petitions can be answered in moments IF they are submitted on the correct category, are sufficiently serious issues, and contain facts about the incident. I have seen reports of very serious in-game issues with details of what, how, and where replied to within 20 minutes or even less if you get lucky. If you just send "something broken fix it NAOW!!!!" you quite rightly get shunted down the queue.
Secondly, there are people who give a damn about the game they play, and when reporting a serious issue ask the question "is there a better way to send this information". at which point you get referred to email address such as the security@ one. If they widely publicised these as you suggest, all that would happen is the petulant children and pranksters swamp them with "I can has my spaceshipz back pls it was killed by exploit hax!!111" instead of using the petition system.
|
Mister Short
|
Posted - 2011.04.12 17:40:00 -
[60]
Originally by: Desert Ice78
Originally by: gargars I prefer the way it went down compared to 1000 people being possibly hacked by a slow moving bureaucracy. To each their own.
I'm finding it a bit difficult to decide the rights or wrongs of all this, but I think Gargars has hit the nail on the head right here.
We all know how hard it is to get CCP's attention, endless miles of forum posting and petitions have little or no effect, they ignore the most persistant wailing and screaming. You want to get CCP's attention, then light a bonfire under their collective asses. And boy, did Catari light a bonfire....
CPP might of banned him, but the other 300,000 subs really need to thank him.
Ah, damn it...
(me/ gets off the fence)
...Free Catari
THIS
|
|
|
|
|
Pages: 1 [2] 3 :: one page |
First page | Previous page | Next page | Last page |