[Noisebridge-discuss] I am really disappointed with certain members of noisebridge

Crutcher Dunnavant crutcher at gmail.com
Fri Oct 30 21:44:26 UTC 2009 

Ian, you're being an ass.

No matter how much you "appreciate" Leif coming forward, you walked into
this with the threat of Legal Action for something that was obviously not a
DDOS attack.

If you can't tell the difference between this and malicious intent, maybe
you shouldn't work with computers.

On Fri, Oct 30, 2009 at 2:41 PM, Ian <ian at slumbrparty.com> wrote:

> Leif,
>
> Thanks for coming forward to say this. You are right in that it is
> possible to do the aforementioned curl voting anonymously. We made a
> design decision to allow anonymous voting to lower the barrier for
> participation. We have fraud detection counter measures to take care
> of those situations. You did not cause any damage, but we were more
> concerned with the intent. It was unclear to us whether it was people
> playing around or someone with malicious intent. if it was not the
> latter, then we are okay with people exploring the system.
>
> I really appreciate you talking about this on the list.
>
> Thanks,
>
> Ian
>
> On Fri, Oct 30, 2009 at 2:30 PM, Leif Ryge <leif at synthesize.us> wrote:
> > Ian,
> >
> > First and foremost, I offer you my sincere apology and my promise that I
> > personally will not (mis)use your company's service again.
> >
> > I was the one who pointed out last night that people could run
> > curl -d to=3 http://some-uservoice-url/votes
> > to vote for something, and that without cookies, they could keep voting.
> >
> > I would characterize this as harmless ballot-stuffing, rather than a
> DDOS,
> > but I understand that if it got out of hand it could certainly have the
> > effect of a DOS. I am very glad to hear it didn't take the site down.
> Taking
> > the site down was certainly nobody's intent; the intent was simply to get
> a
> > lot of votes on a single item, to demonstrate why voting on things with a
> > tool like this doesn't make any sense for a group like ours.
> >
> > I personally only sent a few hundred http requests, and in light of your
> > company's stated interest in legal action (which I think is entirely
> > unwarranted given that the whole thing was apparently a few thousand http
> > requests from a single location) I will not help determine who else sent
> > more. Obviously, like most things at noisebridge, this was in no way an
> > action of the organization and was only the action of a few individuals.
> >
> > I regret the strife that this caused you, and hope you can accept my
> > apology.
> >
> > ~leif
> >
> > Ian wrote:
> >>
> >> last night, there was an attempted DDOS on the noisebridge forum from
> >> 75.101.62.89 and 75.101.62.88. yes. those are both noisebridge IPs.
> >> they submitted around 35,000 votes to the forum and could have taken
> >> the entire uservoice site down.
> >>
> >> i have no problem with people voicing their concerns on the mailing
> >> list, but to do something destructive and illegal using noisebridge
> >> equipment against a company that one of its members works for simply
> >> because you didnt agree with its usage is beyond pathetic. rubin, for
> >> future reference, even though you may not mean anything destructive or
> >> personal with your "abrasive" (as you put it in your personal apology
> >> to me) comments on the list, other, weaker people on the list who are
> >> followers will take them in a different way.
> >>
> >> i tried to not censor anyone on the feedback forum and accommodate
> >> everyone and tried to play the role of strictly the forum admin. one
> >> of our staff deleted the suggestion about trying to get root on our
> >> site because, well, they simply viewed it as a threat against
> >> uservoice. i assured them finding security flaws was legitimate and
> >> will even benefit us. then they pointed to the suggestions about
> >> disparaging uservoice and my comment facilitating that. then again i
> >> reassured them i was only being the site administrator and that we
> >> shouldnt censor people who use our product even if their suggestions
> >> could hurt our business. the bottom line is i put my neck out to try
> >> to provide noisebridge with something that i thought would be useful
> >> and this is the thanks i get.
> >>
> >> aside from my current situation with the company, uservoice is talking
> >> about taking legal action against noisebridge for the DDOS attack. i
> >> have begged them to allow me to solve this without legal intervention.
> >> i ask that the people who were responsible name themselves and
> >> separate them from the rest of noisebridge. if you identify yourself,
> >> explain and apologize for your actions, i think i can convince the
> >> rest of uservoice to move past this.
> >>
> >> ian
> >> _______________________________________________
> >> Noisebridge-discuss mailing list
> >> Noisebridge-discuss at lists.noisebridge.net
> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>



-- 
Crutcher Dunnavant <crutcher at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091030/7a0076de/attachment-0003.html>

More information about the Noisebridge-discuss mailing list