So long as no real harm is done, I think finding bugs is extremely beneficial. Especially exploitable ones. Things like the XSS bug recently pointed out are very good to get fixed. Things like Rashakil's rep bot are less important and cause a stir, but I'd label it as mostly harmless (but not necessarily tolerable, entertaning as the fuss was).

Heck, I might have to start coming to the chat room :P

theres's a chat room?

There is an IRC chat:
http://www.daniweb.com/chat/

Hopefully Dave and Josh aren't going to kill me for posting this - what happened was I was wondering if it was a bug that whenever you change your nickname in the IRC chat, the IRC page shows the member with the nickname you chose active (in other words, if I choose the nickname of "joshSCH" before he logs in, the IRC page would show the member joshSCH as active and posting). Then Josh and Dave changed their nicknames to the other's. Here's a little snippet of the log:
Evil_Dave is now known as joshSCH.
Josh: aw what
Josh is now known as joshSC1.
joeprogrammer: Heh >.>
joshSCH: Uh, hu-huh.
joshSCH: Hey Beavis!
joshSC1: shucks
joshSC1 is now known as Dav1.
joshSCH: I think capitalism sucks.
Dav1: lol
Dav1 is now known as Dav3.
joshSCH: Ree-ligion is my name, God is my game.
Dav3: hi everyone, I'm retarded
Dav3: I can't even spell my name
joeprogrammer: You guys crack me up.
Dav3: I need a smoke
Dav3: :D
• joshSCH prays for Dav3.
joshSCH: Dav3, have you found Jesus?
Dav3: Yes, I praise jesus without even thinking for myself!
Dav3: I just do what I'm told, and thats that!
joshSCH: Good.
Dav3: yes sir
joshSCH: Good.
• Dav3 bows to the master
Dav3: What is thy bidding, my master?
joshSCH: Stop playing with yourself.
Dav3: yes, sir. I have my woman, here.
joshSCH: Deflate her.
I thought it was kind of funny -- and stupid, but I certainly didn't expect them to get banned. I admit, I left before the whole thing was finished. But Dave does have a point: it's a vulnerability in the system. Exposing it isn't such a bad thing.

haha.. it's cool, Joe. Yes, Dave and I were playing around a bit in the IRC, and at the same time exposing risks to Daniweb. We were able to change our nicknames, and trick the system into 'thinking' we were different members. While this may be easily uncovered by a simple whois query on our ips, some may still be fooled. I think everyone who registers at Daniweb should automatically have their nick registered in the IRC with the same password as their Daniweb account. And perhaps make people authenticate before using a nick (I'm no IRC guru, so I don't even know if this is possible). Right now this may not be a high priority for Daniweb, but I believe in the future the IRC may become more popular, and thus important to prepare now.

pointing out potential exploits to admins is fine. Doing so by writing and executing that exploit is definitely NOT fine.

True, but the only way to discover some exploits is by trying it yourself.. Wouldn't it be better if a trustful daniweb member discovered something by testing the system through hacking rather than an unknown, potential threat?

rashakil had to have known the hole existed before he started writing that exploit.
He should have reported that hole (plus possibly mentioning ways to abuse it) rather than execute the exploit.

What he did is the equivalent of breaking a rusty lock, clearing out the house, and leaving a note to the effect that you found that the lock was not secure.

Way to go Joeprogrammer, you wern't even there for the bad part of the conversation which is why I banned them. How about thinking before posting. The one thing that I have to say is that pointing out the system, and abusing the system are completely different.

The comments that were made earlier in the conversation are so unacceptable, I won't even repeat them, as they are childish and stupid.

I am still looking at the possabilities to prevent abuse like this in the future, although, I'm sad that I would even have to consider such measures with our userbase.

ya know, I have no idea whats going on :S

surprise surprise.. :p

Sorry about that, blud. It did briefly occur to me that I may have missed something, but based on what you had told me in IRC, I assumed that Dave and Josh and just taken things a little too far. I'm really sorry for jumping in like that.

Wait, it's a bug that people can logon as others on IRC? I thought that was a feature.

What do you think NickServ is for?

True, but the only way to discover some exploits is by trying it yourself.

That line might work had you only done it once, reported the flaw and been done with it. I am scrolling through todays log right ot see you are still doing it. This is not about trying to be "helpful" it's about you just trying to cause problems. Your reputation precedes you Josh.

Regarding the reputation spam ...

As if you had to guess, my take on it is that I am very against doing these things. It could have been just as effective to have come to me privately or posted some feedback saying, "Ya know, you can do so-and-so and that would exploit the system" and I would have said, "Ya know what, you're right. I'll have to figure out a workaround." There are times in life when you have to be at least somewhat diplomatic and follow the appropriate channels before taking extreme action. I can understand in cases where the higherups are ignoring you or aren't listening or don't understand and you feel you have no other alternatives available to get your message across. But that wasn't the case here. Diplomacy really does work. You should try it sometime. It seems to me that the appropriate way to ask for a raise at work is not to go on strike the very first day thinking that will get the message across as efficiently as setting up a meeting with your manager.

On a second note, what went on, especially with the reputation system, I took personal offense to because, for me, at least, this site is not just a nice hangout but it's my livelihood and my career that I hope to be banking the next 40 years of my life on. I can understand how you may think it was fun amusement that it just a couple of hours of extra cleanup duty for me. But it's much more than that. To me, it's the difference between telling some dirty jokes laying by the beach on the weekend and storming into my office at work and being vulgar in front of my boss. I had people to answer to for what you've done. There are advertisers who are my sole source of income who don't want their brands to be associated with such immaturity and there are investors who I have to personally answer to. I fully understand that to you guys the business side of things is for the most part this abstract concept that doesn't affect how you interact with DaniWeb or our community, and the only reason I am even mentioning this is because, well, you asked. :)

Regarding the IRC server, it is behaving exactly as I've designed it. If you don't want others to use your handle, then register it. There are instructions on how to do so on the IRC chat page and they have always been there. Additionally, I allow members to enter a custom handle in their member preferences. Because I have 'Dani' set in my member preferences, going to the IRC page showed that 'Dani' on the IRCs is 'cscgal' on the forums and the person who is logged in as 'cscgal' on the IRCs is an anonymous user. That's the intended behavior.

In fact, upon logging into the IRC server you are presented with an announcement saying to always listen to the ops and opers and not doing so will get you banned.

When an op asked you to stop and you didn't, you got banned. The ban worked.

I consider the entire IRC incident parallel to someone registering with the username 'DaniWeb Administrator' on the forums, refusing to agree to change their username when requested to by a moderator, and subsequently getting banned. That doesn't necessarily make the forums buggy just as coming onto the IRCs, not following the rules, and getting banned as a result, doesn't make the IRC server buggy. On the other hand, what I would consider a problem with the IRC server was if there wasn't an op on hand to handle the situation, just as I would consider it a problem with the forums if they were overtaken with spam and there weren't any moderators to handle it.

Addendum: I don't think that the poll you have for this thread is very fair. It asks the question if whether Pointing Out Issues (Even If Annoying to Admins) is good or bad. I am a huge advocate for constructive criticism and taking in all opinions and I encourage people to point out issues even if I get annoyed that people go on and on about ideas I don't like or if it's annoying because it's a lot of extra work to fix the problems. In that context, I would vote that it's a good thing to let the admins know how you feel even if you think they'll disagree with you (hey, you never know till you ask) or you're constantly annoying them with suggestion after suggestion. I would have voted 'good' if I wasn't aware of the events you were really talking about. In fact, this poll only makes sense in context to those who actually were witnesses to the reputation and IRC events. For that reason, I think the poll is totally biased.

wow.. Never seen you post so serious and business-like (a bit angry, as you certainly have every right to be).. I do agree with you about both issues.. however, the IRC incident wasn't as clear cut as an operator telling someone to stop, and that person not obeying. As I go back and look at the logs, it appears that people were just banned for seemingly no reason without warning.. No need to go into specifics as such an event shouldn't have occurred anyway. I suppose many Daniweb members don't quite know what goes on beneath the very nice looking forums webpages..

I just find the whole thing incredibly disrespectful because it's done despite deliberately knowing that you're crapping on everything I've built over the past couple of years just for the sake of some cheap laughs.

As I said, in the greater scheme of things, these types of actions should only be done by those who have already exhausted all conventional channels to get their point across and still aren't being heard - and most likely not even then. It's just all very disrespectful and distasteful and very offensive at a personal level.