[Noisebridge-discuss] I am really disappointed with certain members of noisebridge

Ani Niow v at oneletterwonder.com
Fri Oct 30 22:10:56 UTC 2009 

I was one of the people there last night that was "hey, let me try
that too!" We thought we were simply rigging the vote to show that
this kind of system wouldn't work well with Noisebridge, no one
realised it risked taking down the entire service. There was
absolutely no malicious intent of the people involved and I am truly
sorry if it caused strife at your job Ian. It was stupid, immature and
I can say that it will never happen again.



-Ani



2009/10/30 Rachel McConnell <rachel at xtreme.com>:
> Thanks Leif!
>
> It seems clear to me at this point that there was no malicious intent,
> and just a couple people saying, hey, let me try that too!  There may
> have been a beer or two as well, I suspect.
>
> Ian thanks for handling this well.  Leif thanks for handling this well.
>  I am proud of us all around.
>
> Rachel
>
> Leif Ryge wrote:
>> Ian,
>>
>> First and foremost, I offer you my sincere apology and my promise that I
>> personally will not (mis)use your company's service again.
>>
>> I was the one who pointed out last night that people could run
>> curl -d to=3 http://some-uservoice-url/votes
>> to vote for something, and that without cookies, they could keep voting.
>>
>> I would characterize this as harmless ballot-stuffing, rather than a
>> DDOS, but I understand that if it got out of hand it could certainly
>> have the effect of a DOS. I am very glad to hear it didn't take the site
>> down. Taking the site down was certainly nobody's intent; the intent was
>> simply to get a lot of votes on a single item, to demonstrate why voting
>> on things with a tool like this doesn't make any sense for a group like
>> ours.
>>
>> I personally only sent a few hundred http requests, and in light of your
>> company's stated interest in legal action (which I think is entirely
>> unwarranted given that the whole thing was apparently a few thousand
>> http requests from a single location) I will not help determine who else
>> sent more. Obviously, like most things at noisebridge, this was in no
>> way an action of the organization and was only the action of a few
>> individuals.
>>
>> I regret the strife that this caused you, and hope you can accept my
>> apology.
>>
>> ~leif
>>
>> Ian wrote:
>>> last night, there was an attempted DDOS on the noisebridge forum from
>>> 75.101.62.89 and 75.101.62.88. yes. those are both noisebridge IPs.
>>> they submitted around 35,000 votes to the forum and could have taken
>>> the entire uservoice site down.
>>>
>>> i have no problem with people voicing their concerns on the mailing
>>> list, but to do something destructive and illegal using noisebridge
>>> equipment against a company that one of its members works for simply
>>> because you didnt agree with its usage is beyond pathetic. rubin, for
>>> future reference, even though you may not mean anything destructive or
>>> personal with your "abrasive" (as you put it in your personal apology
>>> to me) comments on the list, other, weaker people on the list who are
>>> followers will take them in a different way.
>>>
>>> i tried to not censor anyone on the feedback forum and accommodate
>>> everyone and tried to play the role of strictly the forum admin. one
>>> of our staff deleted the suggestion about trying to get root on our
>>> site because, well, they simply viewed it as a threat against
>>> uservoice. i assured them finding security flaws was legitimate and
>>> will even benefit us. then they pointed to the suggestions about
>>> disparaging uservoice and my comment facilitating that. then again i
>>> reassured them i was only being the site administrator and that we
>>> shouldnt censor people who use our product even if their suggestions
>>> could hurt our business. the bottom line is i put my neck out to try
>>> to provide noisebridge with something that i thought would be useful
>>> and this is the thanks i get.
>>>
>>> aside from my current situation with the company, uservoice is talking
>>> about taking legal action against noisebridge for the DDOS attack. i
>>> have begged them to allow me to solve this without legal intervention.
>>> i ask that the people who were responsible name themselves and
>>> separate them from the rest of noisebridge. if you identify yourself,
>>> explain and apologize for your actions, i think i can convince the
>>> rest of uservoice to move past this.
>>>
>>> ian
>>> _______________________________________________
>>> Noisebridge-discuss mailing list
>>> Noisebridge-discuss at lists.noisebridge.net
>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>

More information about the Noisebridge-discuss mailing list