Warning to GSPs (Game Service Provider) You can be hacked with a Leather Mod! - Rust

[QUOTE=supersnail11;43494303]He did it to make it get fixed faster. Think, what's going to get fixed faster: an exploit that, as far as the GSP knows, only one person knows (but many more people might be exploiting it), or an exploit that everyone knows, and the GSP knows everyone knows? Sure, it might not be the most ethically sound (grey-hat), but garry doesn't care and it really didn't break anything. [/QUOTE] It's not about fixing it faster, it caused a kneejerk reaction by most GSP's (they had no choice) ruining the modding community. Now we're at the point where BMRF is the only one providing enough access to developers to get anything done and we're completely full now. It has done NOTHING positive and NOTHING has been fixed. [QUOTE] It's not his fault that they didn't set their servers up right in the first place. Create a user only for running the server and chroot them to the server directory (or whatever the equivalent is on windows, though Rust has linux builds and they should really be using those). They can't touch anything but the server and any other files in that directory. If they bothered to set their servers up right in the first place, this would've been a non-issue. [/QUOTE] This part is true, it's not his fault GSPs haven't been sandboxing properly. [QUOTE] No, it doesn't. [editline]11th January 2014[/editline] If you're still at a point in your life where you judge people on what they like to do, you're not really at a point where you can judge what someone else does.[/QUOTE] I definitely can, and most certainly will judge him for his actions, and anyone is free to judge me on mine. Being a secondlife playing furry is most definitely a red flag in my book. He asked me for a development server, I shot him down, his kind has no place in development communities, all he did was halt 90% of modding work being done when he had the chance to do it the proper way. All he has caused is grief. What he did was not constructive in any way, shape or form. [editline]11th January 2014[/editline] [QUOTE=elixwhitetail;43494470]What's your excuse for bringing unrelated furry drama shit onto Facepunch when the situation is already handled (this exploit is already known, according to Ideal-Hosting)? Stop being a concern troll.[/QUOTE] If by handled you mean the modding scene mostly halted then yes.

[QUOTE=BMRFMULTIBEAR;43494523]It's not about fixing it faster, it caused a kneejerk reaction by most GSP's (they had no choice) ruining the modding community. Now we're at the point where BMRF is the only one providing enough access to developers to get anything done and we're completely full now. It has done NOTHING positive and NOTHING has been fixed. [/quote] So why blame him? Why is it his fault that this exploit existed in the first place? You could blame Leather (though I wouldn't), or blame the GSPs. It's good that he found an exploit - there's an entire subforum for posting exploits. [quote] I definitely can, and most certainly will judge him for his actions, and anyone is free to judge me on mine. Being a secondlife playing furry is most definitely a red flag in my book. [/quote] Red flag for what? [quote]He asked me for a development server, I shot him down, his kind has no place in development communities, all he did was halt 90% of modding work being done when he had the chance to do it the proper way. All he has caused is grief. What he did was not constructive in any way, shape or form.[/quote] It's not constructive to get an exploit fixed? [quote]If by handled you mean the modding scene mostly halted then yes.[/QUOTE] You know that you can just download the server from everyone's favorite linux distro source, right?

[QUOTE=supersnail11;43494591]So why blame him? Why is it his fault that this exploit existed in the first place? You could blame Leather (though I wouldn't), or blame the GSPs. It's good that he found an exploit - there's an entire subforum for posting exploits. [/QUOTE] Finding an exploit is good, this is not the way to release it, unless you think ruining the modding scene is good I guess. [QUOTE] Red flag for what? [/QUOTE] If you don't get it, it probably means you're either a furry or play second life :^) [QUOTE] It's not constructive to get an exploit fixed? [/QUOTE] Tell me what's fixed. Because the exploit isn't that's for sure. [QUOTE] You know that you can just download the server from everyone's favorite linux distro source, right?[/QUOTE] You know the rust server doesn't run on Linux right? Wait no you don't. Shows how much you know about rust hosting.

[QUOTE=BMRFMULTIBEAR;43494631]If you don't get it, it probably means you're either a furry or play second life :^)[/QUOTE] "I judge people entirely by their fetishes and am proudly bigoted. So much so I will wear it on my sleeve." Of course, this is like 60% of golds. GSPs weren't properly sandboxing the server and mods. Welcome to Alpha. Shit's gonna happen.

[QUOTE=BMRFMULTIBEAR;43494631]If you don't get it, it probably means you're either a furry or play second life :^)[/quote] I don't play second life, and you're going to have to define what makes up a furry. [quote]Tell me what's fixed. Because the exploit isn't that's for sure.[/quote] I didn't say it is fixed yet, but it's not going to get fixed if no one knows about it. [quote]You know the rust server doesn't run on Linux right? Wait no you don't. Shows how much you know about rust hosting.[/QUOTE] There are Linux builds, but that's not what I meant by 'everyone's favorite linux distro source'.

[QUOTE=elixwhitetail;43494649]"I judge people entirely by their fetishes and am proudly bigoted. So much so I will wear it on my sleeve." Of course, this is like 60% of golds. GSPs weren't properly sandboxing the server and mods. Welcome to Alpha. Shit's gonna happen.[/QUOTE] Good thing I'm not a gold member then. Then again I can see you're a furry by your name. Obviously you feel attacked :^) These would be the proper steps to fixing an exploit. 1. Message GSP's that you found an exploit and that you will release it in 3 days. 2. Wait 3 days 3. Release it This way you give them the chance to fix it, something that hasn't been done as they were forced to shut everything down instantly (besides us as we were already sandboxing). [editline]11th January 2014[/editline] [QUOTE=supersnail11;43494674]I don't play second life, and you're going to have to define what makes up a furry. I didn't say it is fixed yet, but it's not going to get fixed if no one knows about it. [/QUOTE] Telling EVERYONE without any chance to prepare for GSPs is not the right way. [QUOTE] There are Linux builds, but that's not what I meant by 'everyone's favorite linux distro source'.[/QUOTE] As I said you obviously have no clue about rust hosting, I advise you stop speaking about issues you don't understand. [IMG]http://puu.sh/6gRAY.png[/IMG]

[QUOTE=BMRFMULTIBEAR;43494682]Good thing I'm not a gold member then. Then again I can see you're a furry by your name. Obviously you feel attacked :^)[/quote] That's my title, not my name. [quote]These would be the proper steps to fixing an exploit. 1. Message GSP's that you found an exploit and that you will release it in 3 days. 2. Wait 3 days 3. Release it This way you give them the chance to fix it, something that hasn't been done as they were forced to shut everything down instantly (besides us as we were already sandboxing).[/quote] So instead of releasing the exploit, they should be threatened with the release of an exploit? [quote]Telling EVERYONE without any chance to prepare for GSPs is not the right way.[/quote] Just download the server yourself and run it. It's not hard. [quote]As I said you obviously have no clue about rust hosting, I advise you stop speaking about issues you don't understand.[/QUOTE] You think that calling me a furry who plays second life is a good insult. [editline]11th January 2014[/editline] And yes, there are linux builds.

Like someone named MULTIBEAR has any grounds for calling someone a furry. :v: [QUOTE=supersnail11;43494729]So instead of releasing the exploit, they should be threatened with the release of an exploit?[/QUOTE] I'd suggest Googling "responsible disclosure" before continuing that line of argument, I'm just gonna say.

[QUOTE=elixwhitetail;43494757]I'd suggest Googling "responsible disclosure" before continuing that line of argument, I'm just gonna say.[/QUOTE] Obviously it's not really a threat, but this is an alpha. You should expect bugs and exploits, and you should expect them to be publicly known. That's why there's an entire subforum for people to publicly post exploits.

[QUOTE=supersnail11;43494729]That's my title, not my name. [/QUOTE] Wasn't quoting you bud. [QUOTE] So instead of releasing the exploit, they should be threatened with the release of an exploit? [/QUOTE] Yes, as it gives them time to respond. It's industry standard. [QUOTE] Just download the server yourself and run it. It's not hard. You think that calling me a furry who plays second life is a good insult.[/QUOTE] What? [QUOTE]And yes, there are linux builds. [/QUOTE] No there aren't. The Linux build is non-functional, if you don't believe me read the SCREENSHOT DIRECTLY FROM AN EMAIL I RECEIVED FROM GARRY.

[QUOTE=BMRFMULTIBEAR;43494790]Wasn't quoting you bud.[/quote] eh [quote]What?[/quote] From everyone's favorite source for Linux distros. It's bannable to actually say the name. [editline]11th January 2014[/editline] technically bannable to hint at it too so shhh [editline]11th January 2014[/editline] [QUOTE=supersnail11;43494770]Obviously it's not really a threat, but this is an alpha. You should expect bugs and exploits, and you should expect them to be publicly known. That's why there's an entire subforum for people to publicly post exploits.[/QUOTE] Adding on to this, as I've pointed out in previous posts, this is questionably ethical but it gets the job done. I don't think people should be blaming him for it and I certainly don't think people should be bringing pointless drama into this thread because of it. [highlight](User was banned for this post ("Hinting at warez / Dumb" - Craptasket))[/highlight]

[QUOTE] Adding on to this, as I've pointed out in previous posts, this is questionably ethical but it gets the job done. I don't think people should be blaming him for it and I certainly don't think people should be bringing pointless drama into this thread because of it.[/QUOTE] You keep saying it gets the job done but it didn't, why won't you answer this? Is it fixed? No. Is there any hint that it will be fixed? No Why? Because they were forced to instantly close everything down. The ONLY job it got done was KILLING the modding scene. Do you hate modding? Because hating modding is the ONLY way you can claim it got the job done.

[QUOTE=BMRFMULTIBEAR;43494919]You keep saying it gets the job done but it didn't, why won't you answer this? Is it fixed? No. Is there any hint that it will be fixed? No Why? Because they were forced to instantly close everything down. The ONLY job it got done was KILLING the modding scene. Do you hate modding? Because hating modding is the ONLY way you can claim it got the job done.[/QUOTE] It makes things get fixed faster than they would if he kept it a secret, which is what I mean by 'get the job done'. While I don't know if things would've gone better if he'd gone with responsible disclosure, this isn't the worst way to do it.

How to fix: Sandbox and restrict the server and mods properly. [URL="http://facepunch.com/showthread.php?t=1346124"]Wait for garry to implement better modding support.[/URL]

[QUOTE=elixwhitetail;43495009]How to fix: Sandbox and restrict the server and mods properly. [URL="http://facepunch.com/showthread.php?t=1346124"]Wait for garry to implement better modding support.[/URL][/QUOTE] We already have our rentals sandboxed properly so we can continue offering proper service, we were already doing it from the start.