[Noisebridge-discuss] I am really disappointed with certain members of noisebridge

Leif Ryge leif at synthesize.us
Fri Oct 30 21:30:32 UTC 2009


Ian,

First and foremost, I offer you my sincere apology and my promise that I 
personally will not (mis)use your company's service again.

I was the one who pointed out last night that people could run
curl -d to=3 http://some-uservoice-url/votes
to vote for something, and that without cookies, they could keep voting.

I would characterize this as harmless ballot-stuffing, rather than a 
DDOS, but I understand that if it got out of hand it could certainly 
have the effect of a DOS. I am very glad to hear it didn't take the site 
down. Taking the site down was certainly nobody's intent; the intent was 
simply to get a lot of votes on a single item, to demonstrate why voting 
on things with a tool like this doesn't make any sense for a group like 
ours.

I personally only sent a few hundred http requests, and in light of your 
company's stated interest in legal action (which I think is entirely 
unwarranted given that the whole thing was apparently a few thousand 
http requests from a single location) I will not help determine who else 
sent more. Obviously, like most things at noisebridge, this was in no 
way an action of the organization and was only the action of a few 
individuals.

I regret the strife that this caused you, and hope you can accept my 
apology.

~leif

Ian wrote:
> last night, there was an attempted DDOS on the noisebridge forum from
> 75.101.62.89 and 75.101.62.88. yes. those are both noisebridge IPs.
> they submitted around 35,000 votes to the forum and could have taken
> the entire uservoice site down.
> 
> i have no problem with people voicing their concerns on the mailing
> list, but to do something destructive and illegal using noisebridge
> equipment against a company that one of its members works for simply
> because you didnt agree with its usage is beyond pathetic. rubin, for
> future reference, even though you may not mean anything destructive or
> personal with your "abrasive" (as you put it in your personal apology
> to me) comments on the list, other, weaker people on the list who are
> followers will take them in a different way.
> 
> i tried to not censor anyone on the feedback forum and accommodate
> everyone and tried to play the role of strictly the forum admin. one
> of our staff deleted the suggestion about trying to get root on our
> site because, well, they simply viewed it as a threat against
> uservoice. i assured them finding security flaws was legitimate and
> will even benefit us. then they pointed to the suggestions about
> disparaging uservoice and my comment facilitating that. then again i
> reassured them i was only being the site administrator and that we
> shouldnt censor people who use our product even if their suggestions
> could hurt our business. the bottom line is i put my neck out to try
> to provide noisebridge with something that i thought would be useful
> and this is the thanks i get.
> 
> aside from my current situation with the company, uservoice is talking
> about taking legal action against noisebridge for the DDOS attack. i
> have begged them to allow me to solve this without legal intervention.
> i ask that the people who were responsible name themselves and
> separate them from the rest of noisebridge. if you identify yourself,
> explain and apologize for your actions, i think i can convince the
> rest of uservoice to move past this.
> 
> ian
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss




More information about the Noisebridge-discuss mailing list