[Noisebridge-discuss] I am really disappointed with certain members of noisebridge

[Ian]

I'm sorry for categorizing it as a DDOS attack where n=2. I should
have said attempted DDOS attack. Voting 35k times in an hour is
abnormal behavior on most of our forums, especially one with a total
of around 50 votes. i'm sure you have seen much better DDOS attacks
taking down sites much larger than uservoice.

When I talked about legal action, it wasnt a threat coming from me. I
was relaying what other people were saying. I was trying to resolve
this so it didnt escalate to anything else. I'm sorry you feel that I
was trying to scare anyone.

Maybe someone with more skill in computers such as yourself could have
saw the difference between what happened and malicious intent, but
unfortunately, i am not and had to make sure via other means. in the
future, i will make sure not to apply for a computer related job at a
company you owned.

ian

On Fri, Oct 30, 2009 at 2:44 PM, Crutcher Dunnavant <crutcher at gmail.com> wrote:
> Ian, you're being an ass.
> No matter how much you "appreciate" Leif coming forward, you walked into
> this with the threat of Legal Action for something that was obviously not a
> DDOS attack.
> If you can't tell the difference between this and malicious intent, maybe
> you shouldn't work with computers.
>
> On Fri, Oct 30, 2009 at 2:41 PM, Ian <ian at slumbrparty.com> wrote:
>>
>> Leif,
>>
>> Thanks for coming forward to say this. You are right in that it is
>> possible to do the aforementioned curl voting anonymously. We made a
>> design decision to allow anonymous voting to lower the barrier for
>> participation. We have fraud detection counter measures to take care
>> of those situations. You did not cause any damage, but we were more
>> concerned with the intent. It was unclear to us whether it was people
>> playing around or someone with malicious intent. if it was not the
>> latter, then we are okay with people exploring the system.
>>
>> I really appreciate you talking about this on the list.
>>
>> Thanks,
>>
>> Ian
>>
>> On Fri, Oct 30, 2009 at 2:30 PM, Leif Ryge <leif at synthesize.us> wrote:
>> > Ian,
>> >
>> > First and foremost, I offer you my sincere apology and my promise that I
>> > personally will not (mis)use your company's service again.
>> >
>> > I was the one who pointed out last night that people could run
>> > curl -d to=3 http://some-uservoice-url/votes
>> > to vote for something, and that without cookies, they could keep voting.
>> >
>> > I would characterize this as harmless ballot-stuffing, rather than a
>> > DDOS,
>> > but I understand that if it got out of hand it could certainly have the
>> > effect of a DOS. I am very glad to hear it didn't take the site down.
>> > Taking
>> > the site down was certainly nobody's intent; the intent was simply to
>> > get a
>> > lot of votes on a single item, to demonstrate why voting on things with
>> > a
>> > tool like this doesn't make any sense for a group like ours.
>> >
>> > I personally only sent a few hundred http requests, and in light of your
>> > company's stated interest in legal action (which I think is entirely
>> > unwarranted given that the whole thing was apparently a few thousand
>> > http
>> > requests from a single location) I will not help determine who else sent
>> > more. Obviously, like most things at noisebridge, this was in no way an
>> > action of the organization and was only the action of a few individuals.
>> >
>> > I regret the strife that this caused you, and hope you can accept my
>> > apology.
>> >
>> > ~leif
>> >
>> > Ian wrote:
>> >>
>> >> last night, there was an attempted DDOS on the noisebridge forum from
>> >> 75.101.62.89 and 75.101.62.88. yes. those are both noisebridge IPs.
>> >> they submitted around 35,000 votes to the forum and could have taken
>> >> the entire uservoice site down.
>> >>
>> >> i have no problem with people voicing their concerns on the mailing
>> >> list, but to do something destructive and illegal using noisebridge
>> >> equipment against a company that one of its members works for simply
>> >> because you didnt agree with its usage is beyond pathetic. rubin, for
>> >> future reference, even though you may not mean anything destructive or
>> >> personal with your "abrasive" (as you put it in your personal apology
>> >> to me) comments on the list, other, weaker people on the list who are
>> >> followers will take them in a different way.
>> >>
>> >> i tried to not censor anyone on the feedback forum and accommodate
>> >> everyone and tried to play the role of strictly the forum admin. one
>> >> of our staff deleted the suggestion about trying to get root on our
>> >> site because, well, they simply viewed it as a threat against
>> >> uservoice. i assured them finding security flaws was legitimate and
>> >> will even benefit us. then they pointed to the suggestions about
>> >> disparaging uservoice and my comment facilitating that. then again i
>> >> reassured them i was only being the site administrator and that we
>> >> shouldnt censor people who use our product even if their suggestions
>> >> could hurt our business. the bottom line is i put my neck out to try
>> >> to provide noisebridge with something that i thought would be useful
>> >> and this is the thanks i get.
>> >>
>> >> aside from my current situation with the company, uservoice is talking
>> >> about taking legal action against noisebridge for the DDOS attack. i
>> >> have begged them to allow me to solve this without legal intervention.
>> >> i ask that the people who were responsible name themselves and
>> >> separate them from the rest of noisebridge. if you identify yourself,
>> >> explain and apologize for your actions, i think i can convince the
>> >> rest of uservoice to move past this.
>> >>
>> >> ian
>> >> _______________________________________________
>> >> Noisebridge-discuss mailing list
>> >> Noisebridge-discuss at lists.noisebridge.net
>> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>> >
>> >
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
>
>
> --
> Crutcher Dunnavant <crutcher at gmail.com>
>