tacitus - 2006/06/17 05:48
I'm all for healthy competition
and needling each other. I think
anyone who knows me knows I'm
anything but thin-skinned.
I enjoy a good romp either on gjs
or on justrage, or whatever.
This thing, though, crossed the
line between rough play
and actual harm.
I figured Tacitus would be
insufferably smug if he found
the bug he was looking for, but I
figured that was a small
price to pay for getting help
securing DS. What I did
not count on was him taking it
upon himself to delete
log files.
This is a serious problem,
because he was messing with
security, and if I can't tell
what he did, I have to
stop everything and reconstruct
the events by hand.
Whether it was malicious is
actually beside the point.
Either he's untrustworthy because
he was concealing bad
behavior, or he's untrustworthy
because he doesn't know
better than to tromp around
someone's logs as he pleases,
without so much as a hint of his
intentions to the
owner.
Either way, it was a breach of
trust I did not expect
from someone I've been supporting
as a leader in the
community.
I've been granted guest creator
and sometimes even guest
admin privileges on other
people's muds, and I have
never done anything but exactly
what I've announced
and only with permission, because
it's not my mud
and I understand that. This is
basic. It's obvious.
In someone else's house, you ask
before you perform
potentially irreversible changes,
or you can just
consider yourself a boor.
So there's that.
According to Tacitus he attempted
to delete logs without
asking permission out of a
concern that other people
might happen upon them and learn
the exploit. Aside
from the obvious objection that
he could have just
told me so I could decide for
myself, is the bizarre
fact that he went on gjs
intergossip to announce there
his achievement, and allowed
thespread of information about how
he did it. Any casual reader of
the gjs i3 log is
now in full possession of all the
details needed to
compromise a Dead Souls mud, if
given Creator status.
How this squares with his stated
intention of protecting
the community by deleting my logs
I can't say.
There are some folks out there
who find exploits in
commercial software, and share
the information
with the public in an attempt to
help people get
ahead of the curve. Even assuming
this is not
dangerous, it is common for
professional, responsible
programmers who find serious
flaws to give the
manufacturer a few days or weeks
to develop a
patch before outing the info. As
a colleague, this
is the least I would have
expected.
Instead I'm now spending what
little of the weekend
I had for myself reconstructing
free space to
find potentially deleted files,
and exhaustively
nailing down each exploit and
subexploit related to
this incident. Just because
Tacitus couldn't contain
his glee and pride at rooting me,
and couldn't
give me a couple of days to deal
with it
in a more deliberate and measured
way.
Well, Tacitus, you win. The big
bad Dead Souls
juggernaut had feet of clay,
after all.
However, you've lost any trust I
had in you, any
good will. Maybe it will change,
but at the moment
I just don't see myself feeling
up to dealing
with you. You didn't have to do
it this way.
I hope the schadenfreude was
worth it.
When you came back from watching
your
movie, this was your message:
Tacitus@TimMUD
<intergossip> How is that audit coming?
It's coming along fine. Thanks.
-Crat
Re:tacitus - 2006/06/17 06:00
I think Cratylus made some very
valid points however I think we all know that I wasn't trying to be
malicious - I was simply excited by my discovery. Furthermore, you told
me you were snooping and then I paged the log file and then proceeded
to delete (However, either the access file hadn't reparsed or you had
already removed me from the arch group so it failed) the log file that
contained the commands (eval and call logs) I used to find the exploit.
From today's events, I can only conclude we didn't truly realize the
lack of trust we had in each other in the first place or you are trying
to use this as some sort of publicity stunt.
As for the information being
released on intermud, I did not release the information directly.
Rather Duuk was cleaver enough to pry enough out of him to figure it
out on his own and then proceed to make fun of you - I can see how your
feelings can be a bit hurt.
I know if this happened to my
lib, I'd be very much embarassed too and I can understand why you are
making this post. I humbly appologize.
P.S. The audit comment was to
Hellmonger because he joking said that he'd audit my mudlib for me. If
you know this and that means that you are now auditing my mudlib, I
look forward to the results.
Post edited by: somerville32, at:
2006/06/17 06:02 Tacitus
Executive Director
Research, Education, and
Development
LPUniversity Foundation
Re:tacitus - 2006/06/17
06:18
For the record, I don't remember
saying anything about
watching you. While you were
messing with my lib, I was
in the middle of helping Samael.
That was the level of
trust I had in you. When you
started crowing about your
success, I started snooping you,
and saw you trying
to delete logs. You can imagine
my dismay. Given
that you were admin, were
deleting logs without telling me,
and I didn't know what you'd do
next, I ridded you on the spot
and locked the mud, but alas,
you'd already made yourself
an elder, so you recreated your
character and logged back
in. Not knowing what you *had*
done or what you *planned*
to do, I killed the mud process,
unmounted the filesystem,
and began the tedious process of
intrusion forensics.
You really don't need to suggest
I feel hurt because of Duuk.
I feel betrayed because of *you*.
You seem intent on provoking me
by claiming that my
statements are for some purpose
other than telling the truth.
I would suggest you read my
statements as declarations
of what I believe to be true,
regardless of how uncomfortable
that might make you.
-Crat