• What are you working on? February 2012
    3,497 replies, posted
  • by the way [quote]My reasons for this were that no personal information or actual erasable data was hosted on the server.[/quote] What does this even [B]mean[/B]?
  • [QUOTE=ROBO_DONUT;34586933]I think he's just trying to garner sympathy after-the-fact.[/QUOTE] I think that too, but I also think that he needs help. Nobody should have such a close connection to their program that they make, because [b]when[/b] somebody breaks it, you will take it personally.
  • [QUOTE=BlkDucky;34586939]by the way What does this even [B]mean[/B]?[/QUOTE] That the server didn't have personal information, and that you could only append to and query from it, not remove entries.
  • [QUOTE=Jookia;34586949]I think that too, but I also think that he needs help. Nobody should have such a close connection to their program that they make, because [b]when[/b] somebody breaks it, you will take it personally.[/QUOTE] Well, to be fair, he was working on it for literally years. I think I'd feel the same way if someone broke my stuff like that. But then again, if I cared that much about it, I would actually [I]give it some security[/I].
  • [QUOTE=ROBO_DONUT;34586956]That the server didn't have personal information, and that you could only append to and query from it, not remove entries.[/QUOTE] The mistake is that could edit other entries too. [editline]7th February 2012[/editline] [QUOTE=BlkDucky;34586960]Well, to be fair, he was working on it for literally years. I think I'd feel the same way if someone broke my stuff like that.[/QUOTE] I don't mean that you shouldn't feel it, I mean that you shouldn't take it and actually base decisions off of the feeling, or think that because your code is broken, you're broken too. I also love how he ignore Linux in the post.
  • kids, seriously... when you find something to break you break it? what kind of philosophy is that? that's like throwing a stone into a window because they were stupid enough to build windows into the building!!!
  • [QUOTE=Eric95;34586785]Welp, looks like you guys broke Tommy Refenes when you destroyed Super Meat World [url]http://www.formspring.me/tommunism[/url][/QUOTE] Wasn't he a complete ass about it though? Seems like a sob story to get some attention/sympathy.
  • [QUOTE=BlkDucky;34586960]But then again, if I cared that much about it, I would actually [I]give it some security[/I].[/QUOTE] It actually would've been pretty tedious to secure, I think. Any kind of password or key would have to be stored in the client, meaning it would be trivial to get hold of, so really the only option would be to verify everything server-side, parse out the entire replay/level (whatever it is, I never really got into SMB), check that the author's name isn't an unintelligible mess of unicode combining characters, etc. [QUOTE=Nighley;34587028]kids, seriously... when you find something to break you break it? what kind of philosophy is that? that's like throwing a stone into a window because they were stupid enough to build windows into the building!!![/QUOTE] They found a vulnerability, reported it, left it alone, the dev. started talking down to them, and they 'illustrated' the problem. If they hadn't someone else would've, and the 'someone else' probably wouldn't have reported the problem and given them a chance to fix it.
  • [QUOTE=Nighley;34587028]that's like throwing a stone into a window because they were stupid enough to build windows into the building!!![/QUOTE] that's exactly what it is oh wait it's not It's like walking past an open vault to a bank and going 'hey man, you should probably block this', then getting told 'nah it's okay bro, trust me', then showing that it is clearly not okay. [editline]8th February 2012[/editline] [QUOTE=ROBO_DONUT;34587048]It actually would've been pretty tedious to secure, I think. Any kind of password or key would have to be stored in the client, meaning it would be trivial to get hold of, so really the only option would be to verify everything server-side, parse out the entire replay/level (whatever it is, I never really got into SMB), check that the author's name isn't an unintelligible mess of unicode combining characters, etc.[/QUOTE] Login system. Database that doesn't allow editing existing entries. Two options.
  • [QUOTE=Jookia;34587052]that's exactly what it is oh wait it's not It's like walking past an open vault to a bank and going 'hey man, you should probably block this', then getting told 'nah it's okay bro, trust me', then showing that it is clearly not okay.[/QUOTE] Well, if what he's saying is true he didn't have the ability to fix it at the moment, right?
  • [QUOTE=Jookia;34587052]Login system. Database that doesn't allow editing existing entries. Two options.[/QUOTE] The login system doesn't fix anything (it just attaches your name to it), and, IIRC, the database [i]didn't[/i] allow editing existing entries. I could be wrong, though.
  • [QUOTE=Eric95;34587083]Well, if what he's saying is true he didn't have the ability to fix it at the moment, right?[/QUOTE] Nobody knew that he had no ability to fix it. All he said was assurances that it's safe.
  • [QUOTE=ROBO_DONUT;34587106]The login system doesn't fix anything (it just attaches your name to it), and, IIRC, the database [i]didn't[/i] allow editing existing entries. I could be wrong, though.[/QUOTE] Implementing steamworks or a login system would fix it because then you would only be able to edit/delete your own worlds. Also the mysql user did have UPDATE access.
  • [QUOTE=Eric95;34587083]Well, if what he's saying is true he didn't have the ability to fix it at the moment, right?[/QUOTE] Right, but "I'm at my parent's, I'll fix it when I get a spare minute, please don't break anything in the mean time" would have been a much better answer.
  • [QUOTE=ROBO_DONUT;34587106]The login system doesn't fix anything (it just attaches your name to it), and, IIRC, the database [i]didn't[/i] allow editing existing entries. I could be wrong, though.[/QUOTE] Login system would prevent spambots a little easier. Database did allow existing entries to be edited.
  • I think people shifting blame to the person being attacked is like telling a girl who just got raped "well you do dress slutty..."
  • [QUOTE=Nighley;34587133]I think people shifting blame to the person being attacked is like telling a girl who just got raped "well you do dress slutty..."[/QUOTE] Hi. Sorry, do you know the situation?
  • he summed it up pretty good: [QUOTE]What they did was the equivalent of walking into a playground and burning down the playground equipment for no other reason than there wasn't a gate around the playground. It's really sad...but people that can't create need to destroy.[/QUOTE] I don't know how you guys can defend the attacker other than just shifting blame to the "insecure" system. [B]That's what is fucked up in this world that we blame people not to be safe enough and find excuses why shit happens[/B].
  • [QUOTE=Nighley;34587168]he summed it up pretty good: I don't know how you guys can defend the attacker other than just shifting blame to the "insecure" system. [B]That's what is fucked up in this world that we blame people not to be safe enough and find excuses why shit happens[/B].[/QUOTE] You're totally right I'll just go back in time and fix it shall I?
  • [QUOTE=Nighley;34587133]I think people shifting blame to the person being attacked is like telling a girl who just got raped "well you do dress slutty..."[/QUOTE] So defacement and rape are basically the same? [QUOTE=Nighley;34587168]he summed it up pretty good: I don't know how you guys can defend the attacker other than just shifting blame to the "insecure" system. [B]That's what is fucked up in this world that we blame people not to be safe enough and find excuses why shit happens[/B].[/QUOTE] More accurately. [quote]What they did was the equivalent of walking into a playground. Complaining about the lack of a gate. Telling the owner about it getting a response 'nah it's okay bro, trust me' and then burning down the playground equipment for no other reason than the owner being a cock.[/quote]
  • So if you get mugged in the street and get stabbed or shot, will it be your fault if you die for not wearing a bullet proof vest?
  • [QUOTE=Richy19;34587283]So if you get mugged in the street and get stabbed or shot, will it be your fault if you die for not wearing a bullet proof vest?[/QUOTE] Well if you get a warning first then yes. This Threads title right now should be "WAYWO February 2012 Bad Analogies Edition".
  • [QUOTE=Nighley;34587168]he summed it up pretty good: I don't know how you guys can defend the attacker other than just shifting blame to the "insecure" system. [B]That's what is fucked up in this world that we blame people not to be safe enough and find excuses why shit happens[/B].[/QUOTE] Yes, we're a bunch of tactless hooligans who would kick your dog for no other reason than that it pleases us. We're the pinnacle of evil, and all that gets in our way is subject to destruction, especially if it is good and free and it ruins other people's fun. Grow up, seriously. If you're the dev of a popular piece of software, and you're made aware of a vulnerability, and you do nothing to protect your users, then you don't get to complain when shit inevitably goes down (which it will). The first rule of software development should be "it's the developer's fault".
  • [QUOTE=Maurice;34587335][img]http://i.imgur.com/7EXAb.gif[/img] ... what?[/QUOTE] [img]http://4.bp.blogspot.com/-_h6K0IbJqGQ/Tm7D6H0mIEI/AAAAAAAAAMc/-IPasu9ET8w/s1600/omgdash.gif[/img] [editline]![/editline] [IMG]http://i.imgur.com/ViHbB.png[/IMG]
  • I can see why he's upset - but it is a bit stupid to assume no-one would fuck with it just because they're not EA. People will always fuck with anything - just to prove it can be fucked with. It's a shame but that's the way us nerds work.
  • [QUOTE=garry;34587368]I can see why he's upset - but it is a bit stupid to assume no-one would fuck with it just because they're not EA. People will always fuck with anything - just to prove it can be fucked with. It's a shame but that's the way us nerds work.[/QUOTE] And even more importantly, he said that it was secure after turb warned him about it. I don't think he could possibly have done anything more stupid. He practically challenged everyone to break it even though he knew that it wasn't secure.
  • [QUOTE=Robber;34587430]And even more importantly, he said that it was secure after turb warned him about it. I don't think he could possibly have done anything more stupid. He practically challenged everyone to break it even though he knew that it wasn't secure.[/QUOTE] He didnt say it was secure, he said not to worry about it.