 |  |  |  |  |  |  |  |
Ain't Misbehavin'
| View Poll Results: Pointing Out Issues (Even If Annoying to Admins) | |||
| Good |     | 7 | 50.00% |
| Bad |    | 2 | 14.29% |
| Otherwise |    | 5 | 35.71% |
| Voters: 14. You may not vote on this poll | |||
 |
•
•
Join Date: Apr 2004
Posts: 4,439
Reputation: 
Solved Threads: 249
Jus' havin' a little fun.
Tonight was most humorous and bewildering to me once again in the chat room.
There are moments there that folks talk the talk and walk the walk, but that is better done in the forums proper.
The chat room is the real lounge, IMO, and it's been a helluva free-for-all. Entertainment there, IMO, has been low-brow but quite excellent. Various technical issues are exposed and pursued with amusement and enjoyment.
For those that know we mean no harm, but relish enjoying the fringe elements of technology at moments, in a place that relatively few visit ATM, what is the problem?
Dash did Daniweb a favor with his exploit in terms of end results. I was a participant in exploring another realm of mischievousness (with others) in advance of a truly malicious person.
Is exposing issues with Daniweb a good thing or a bad thing? The work may suck with regard to fixing things. But I've always valued code testers who stay ahead of my game even though catch-up sucks.
[BTW, Dani, that's kinda what I mean about the "Evil Dave".]
Tonight was most humorous and bewildering to me once again in the chat room.
There are moments there that folks talk the talk and walk the walk, but that is better done in the forums proper.
The chat room is the real lounge, IMO, and it's been a helluva free-for-all. Entertainment there, IMO, has been low-brow but quite excellent. Various technical issues are exposed and pursued with amusement and enjoyment.
For those that know we mean no harm, but relish enjoying the fringe elements of technology at moments, in a place that relatively few visit ATM, what is the problem?
Dash did Daniweb a favor with his exploit in terms of end results. I was a participant in exploring another realm of mischievousness (with others) in advance of a truly malicious person.
Is exposing issues with Daniweb a good thing or a bad thing? The work may suck with regard to fixing things. But I've always valued code testers who stay ahead of my game even though catch-up sucks.
[BTW, Dani, that's kinda what I mean about the "Evil Dave".]
Last edited by Dave Sinkula; Aug 3rd, 2007 at 3:16 am.
"One of the methods used by statists to destroy capitalism consists in establishing controls that tie a given industry hand and foot, making it unable to solve its problems, then declaring that freedom has failed and stronger controls are necessary." --Ayn Rand
•
•
Join Date: May 2006
Posts: 1,580
Reputation:
Solved Threads: 52
So long as no real harm is done, I think finding bugs is extremely beneficial. Especially exploitable ones. Things like the XSS bug recently pointed out are very good to get fixed. Things like Rashakil's rep bot are less important and cause a stir, but I'd label it as mostly harmless (but not necessarily tolerable, entertaning as the fuss was).
Heck, I might have to start coming to the chat room
Heck, I might have to start coming to the chat room
theres's a chat room?
I am female. I like wrestling. I am not gay. BITE ME.
I also gaurentee nothing, including spellings and advice :P
Check my profile for large version of avatar. It's worth it ;)
I also gaurentee nothing, including spellings and advice :P
Check my profile for large version of avatar. It's worth it ;)
•
•
Join Date: Apr 2006
Posts: 5,051
Reputation:
Solved Threads: 332
Hopefully Dave and Josh aren't going to kill me for posting this - what happened was I was wondering if it was a bug that whenever you change your nickname in the IRC chat, the IRC page shows the member with the nickname you chose active (in other words, if I choose the nickname of "joshSCH" before he logs in, the IRC page would show the member joshSCH as active and posting). Then Josh and Dave changed their nicknames to the other's. Here's a little snippet of the log:
I thought it was kind of funny -- and stupid, but I certainly didn't expect them to get banned. I admit, I left before the whole thing was finished. But Dave does have a point: it's a vulnerability in the system. Exposing it isn't such a bad thing.
•
•
•
•
Evil_Dave is now known as joshSCH.
Josh: aw what
Josh is now known as joshSC1.
joeprogrammer: Heh >.>
joshSCH: Uh, hu-huh.
joshSCH: Hey Beavis!
joshSC1: shucks
joshSC1 is now known as Dav1.
joshSCH: I think capitalism sucks.
Dav1: lol
Dav1 is now known as Dav3.
joshSCH: Ree-ligion is my name, God is my game.
Dav3: hi everyone, I'm retarded
Dav3: I can't even spell my name
joeprogrammer: You guys crack me up.
Dav3: I need a smoke
Dav3:
• joshSCH prays for Dav3.
joshSCH: Dav3, have you found Jesus?
Dav3: Yes, I praise jesus without even thinking for myself!
Dav3: I just do what I'm told, and thats that!
joshSCH: Good.
Dav3: yes sir
joshSCH: Good.
• Dav3 bows to the master
Dav3: What is thy bidding, my master?
joshSCH: Stop playing with yourself.
Dav3: yes, sir. I have my woman, here.
joshSCH: Deflate her.
"Technological progress is like an axe in the hands of a pathological criminal."
All my posts may be freely redistributed under the terms of the MIT license.
All my posts may be freely redistributed under the terms of the MIT license.
haha.. it's cool, Joe. Yes, Dave and I were playing around a bit in the IRC, and at the same time exposing risks to Daniweb. We were able to change our nicknames, and trick the system into 'thinking' we were different members. While this may be easily uncovered by a simple whois query on our ips, some may still be fooled. I think everyone who registers at Daniweb should automatically have their nick registered in the IRC with the same password as their Daniweb account. And perhaps make people authenticate before using a nick (I'm no IRC guru, so I don't even know if this is possible). Right now this may not be a high priority for Daniweb, but I believe in the future the IRC may become more popular, and thus important to prepare now.
Last edited by joshSCH; Aug 5th, 2007 at 1:35 am.
pointing out potential exploits to admins is fine. Doing so by writing and executing that exploit is definitely NOT fine.
As people are clearly allowed to attack me but I'm not allowed to defend myself, I no longer post to this site.
True, but the only way to discover some exploits is by trying it yourself.. Wouldn't it be better if a trustful daniweb member discovered something by testing the system through hacking rather than an unknown, potential threat?
rashakil had to have known the hole existed before he started writing that exploit.
He should have reported that hole (plus possibly mentioning ways to abuse it) rather than execute the exploit.
What he did is the equivalent of breaking a rusty lock, clearing out the house, and leaving a note to the effect that you found that the lock was not secure.
He should have reported that hole (plus possibly mentioning ways to abuse it) rather than execute the exploit.
What he did is the equivalent of breaking a rusty lock, clearing out the house, and leaving a note to the effect that you found that the lock was not secure.
As people are clearly allowed to attack me but I'm not allowed to defend myself, I no longer post to this site.
Way to go Joeprogrammer, you wern't even there for the bad part of the conversation which is why I banned them. How about thinking before posting. The one thing that I have to say is that pointing out the system, and abusing the system are completely different.
The comments that were made earlier in the conversation are so unacceptable, I won't even repeat them, as they are childish and stupid.
I am still looking at the possabilities to prevent abuse like this in the future, although, I'm sad that I would even have to consider such measures with our userbase.
The comments that were made earlier in the conversation are so unacceptable, I won't even repeat them, as they are childish and stupid.
I am still looking at the possabilities to prevent abuse like this in the future, although, I'm sad that I would even have to consider such measures with our userbase.
--
<Something clever here>
RHCDS/MCP/DCSP
<Something clever here>
RHCDS/MCP/DCSP
|
Other Threads in the Geeks' Lounge Forum
- Previous Thread: The Biggest Mathematical Miracle in the World
- Next Thread: Oklahoma Police Kill 5-Year Old Boy While Shooting at Snake
| Thread Tools | Search this Thread |
Latest Geeks' Lounge Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for Geeks' Lounge
article bankruptcy bear beard beijing children clocks code cognitive_disorder complaint console consoles cracked.com daniweb design development disk election empty facebook feed financialcrisis fun games gaming garbage google grandtheftauto gta halo3 hardware hunting internet java kindle king knife library life linux mad manly marketing mars merger microsoft ms murder netbook networking news nintendo obama odf office operating opinion os outlook pain parenting planning playstation population ps3 ps4 python research rss search security sims software sony source study subversion survey systems tablet thelostanddamned timeisonmyside. unsolved unused usarmy vapid videogames viruses wakoopa wave wii windows windows>all windows_wins world wow www xbox xbox360 zomg_conspiracy
