tacitus - 2006/06/17 05:48 

I'm all for healthy competition and needling each other. I think
anyone who knows me knows I'm anything but thin-skinned.
I enjoy a good romp either on gjs or on justrage, or whatever.

This thing, though, crossed the line between rough play
and actual harm.

I figured Tacitus would be insufferably smug if he found
the bug he was looking for, but I figured that was a small
price to pay for getting help securing DS. What I did
not count on was him taking it upon himself to delete
log files.

This is a serious problem, because he was messing with
security, and if I can't tell what he did, I have to
stop everything and reconstruct the events by hand.

Whether it was malicious is actually beside the point.
Either he's untrustworthy because he was concealing bad
behavior, or he's untrustworthy because he doesn't know
better than to tromp around someone's logs as he pleases,
without so much as a hint of his intentions to the

Either way, it was a breach of trust I did not expect
from someone I've been supporting as a leader in the

I've been granted guest creator and sometimes even guest
admin privileges on other people's muds, and I have
never done anything but exactly what I've announced
and only with permission, because it's not my mud
and I understand that. This is basic. It's obvious.
In someone else's house, you ask before you perform
potentially irreversible changes, or you can just
consider yourself a boor.

So there's that.

According to Tacitus he attempted to delete logs without
asking permission out of a concern that other people
might happen upon them and learn the exploit. Aside
from the obvious objection that he could have just
told me so I could decide for myself, is the bizarre
fact that he went on gjs intergossip to announce there
his achievement, and allowed thespread of information about how
he did it. Any casual reader of the gjs i3 log is
now in full possession of all the details needed to
compromise a Dead Souls mud, if given Creator status.

How this squares with his stated intention of protecting
the community by deleting my logs I can't say.

There are some folks out there who find exploits in
commercial software, and share the information
with the public in an attempt to help people get
ahead of the curve. Even assuming this is not
dangerous, it is common for professional, responsible
programmers who find serious flaws to give the
manufacturer a few days or weeks to develop a
patch before outing the info. As a colleague, this
is the least I would have expected.

Instead I'm now spending what little of the weekend
I had for myself reconstructing free space to
find potentially deleted files, and exhaustively
nailing down each exploit and subexploit related to
this incident. Just because Tacitus couldn't contain
his glee and pride at rooting me, and couldn't
give me a couple of days to deal with it
in a more deliberate and measured way.

Well, Tacitus, you win. The big bad Dead Souls
juggernaut had feet of clay, after all.

However, you've lost any trust I had in you, any
good will. Maybe it will change, but at the moment
I just don't see myself feeling up to dealing
with you. You didn't have to do it this way.
I hope the schadenfreude was worth it.

When you came back from watching your
movie, this was your message:

Tacitus@TimMUD <intergossip> How is that audit coming?

It's coming along fine. Thanks.


Re:tacitus - 2006/06/17 06:00

I think Cratylus made some very valid points however I think we all know that I wasn't trying to be malicious - I was simply excited by my discovery. Furthermore, you told me you were snooping and then I paged the log file and then proceeded to delete (However, either the access file hadn't reparsed or you had already removed me from the arch group so it failed) the log file that contained the commands (eval and call logs) I used to find the exploit. From today's events, I can only conclude we didn't truly realize the lack of trust we had in each other in the first place or you are trying to use this as some sort of publicity stunt.

As for the information being released on intermud, I did not release the information directly. Rather Duuk was cleaver enough to pry enough out of him to figure it out on his own and then proceed to make fun of you - I can see how your feelings can be a bit hurt.

I know if this happened to my lib, I'd be very much embarassed too and I can understand why you are making this post. I humbly appologize.

P.S. The audit comment was to Hellmonger because he joking said that he'd audit my mudlib for me. If you know this and that means that you are now auditing my mudlib, I look forward to the results.

Post edited by: somerville32, at: 2006/06/17 06:02 Tacitus
Executive Director
Research, Education, and Development
LPUniversity Foundation

Re:tacitus - 2006/06/17 06:18 

For the record, I don't remember saying anything about
watching you. While you were messing with my lib, I was
in the middle of helping Samael. That was the level of
trust I had in you. When you started crowing about your
success, I started snooping you, and saw you trying
to delete logs. You can imagine my dismay. Given
that you were admin, were deleting logs without telling me,
and I didn't know what you'd do next, I ridded you on the spot
and locked the mud, but alas, you'd already made yourself
an elder, so you recreated your character and logged back
in. Not knowing what you *had* done or what you *planned*
to do, I killed the mud process, unmounted the filesystem,
and began the tedious process of intrusion forensics.

You really don't need to suggest I feel hurt because of Duuk.

I feel betrayed because of *you*.

You seem intent on provoking me by claiming that my
statements are for some purpose other than telling the truth.

I would suggest you read my statements as declarations
of what I believe to be true, regardless of how uncomfortable
that might make you.