|
Nippashish posted:Horrible analogy aside, he's completely right. So everyone rushing and taking down the db was not cool, I'll agree there. The issue here though is that he was told about a vulnerability and not only refused to take steps to fix it, but he actually took a condescending stance towards someone pointing out a massive security hole. When he took that stance, pretty much the only way to get any action done was to act on the vulnerability. I mean, this doesn't seem so serious at this point because it was only levels or whatever, but what if in the future he decided to put in in-app purchases and decided to store payment data or credit card info in there or whatever? It's not a leap to figure he'd do that with the attitude he was taking, and that's where the real problem is.
|
#
?
Dec 24, 2011 22:33
|
|
|
|
| # ? May 14, 2024 02:16 |
|
|
Look Around You posted:When he took that stance, pretty much the only way to get any action done was to act on the vulnerability ... It's not a leap to figure he'd do that with the attitude he was taking, and that's where the real problem is. "When she went out dressed like that pretty much the only thing that could have happened did. It's not a leap to figure out what a man would do after seeing her, and that's where the real problem is." So yeah, it's an offensive analogy, but it's very accurate.
|
|
#
?
Dec 24, 2011 22:46
|
|
|
I seriously can't believe we're loving having this discussion.
|
|
#
?
Dec 24, 2011 22:49
|
|
|
A better analogy would be that banks who leave their vaults unlocked and open are foolish and irresponsible, regardless the fact that robbery is immoral and illegal. Someone get a car involved in this, tia
|
|
#
?
Dec 24, 2011 22:50
|
|
|
Otto Skorzeny posted:A better analogy would be that banks who leave their vaults unlocked and open are foolish and irresponsible, regardless the fact that robbery is immoral and illegal. Leave your keys in an unlocked car and watch what happens when you make a claim on your insurance.
|
|
#
?
Dec 24, 2011 23:02
|
|
|
Look Around You posted:So everyone rushing and taking down the db was not cool, I'll agree there. The issue here though is that he was told about a vulnerability and not only refused to take steps to fix it, but he actually took a condescending stance towards someone pointing out a massive security hole. When he took that stance, pretty much the only way to get any action done was to act on the vulnerability. I mean, this doesn't seem so serious at this point because it was only levels or whatever, but what if in the future he decided to put in in-app purchases and decided to store payment data or credit card info in there or whatever? It's not a leap to figure he'd do that with the attitude he was taking, and that's where the real problem is. What people did to the db was literally the worst-case scenario for what could have happened and you can't assume he would have used a similar setup for actual payment stuff like that. That's just lazy for you to make that point.
|
|
#
?
Dec 24, 2011 23:05
|
|
|
Nippashish posted:"When she went out dressed like that pretty much the only thing that could have happened did. It's not a leap to figure out what a man would do after seeing her, and that's where the real problem is." I was going to write out a response to how the two do not compare at all but this is so loving ridiculous that it's not even worth it.
|
|
#
?
Dec 24, 2011 23:06
|
|
|
Look Around You posted:I was going to write out a response to how the two do not compare at all but this is so loving ridiculous that it's not even worth it. How do they differ at all?
|
|
#
?
Dec 24, 2011 23:07
|
|
|
Nippashish posted:"When she went out dressed like that pretty much the only thing that could have happened did. It's not a leap to figure out what a man would do after seeing her, and that's where the real problem is."
|
|
#
?
Dec 24, 2011 23:09
|
|
|
Markov Chain Chomp posted:How do they differ at all? At this point I'm convinced that you're either blatantly provoking him or are one of the most socially retarded people this website has ever seen.
|
|
#
?
Dec 24, 2011 23:10
|
|
|
Nippashish posted:"When she went out dressed like that pretty much the only thing that could have happened did. It's not a leap to figure out what a man would do after seeing her, and that's where the real problem is." I can't work out whether you're decrying the exploitation of this security vulnerability or endorsing the view that women who dress in revealing clothing are to blame if they get raped, but either way the analogy is an inane one.
|
|
#
?
Dec 24, 2011 23:10
|
|
|
Markov Chain Chomp posted:How do they differ at all? Databases don't have boobs
|
|
#
?
Dec 24, 2011 23:10
|
|
|
Markov Chain Chomp posted:How do they differ at all? Dressing provocatively leads to a rape. HOW DO THESE TWO THINGS DIFFER AT ALL
|
|
#
?
Dec 24, 2011 23:12
|
|
|
Goat Bastard posted:Databases don't have boobs Well, if you've read the Manga Guide to Databases,
|
|
#
?
Dec 24, 2011 23:12
|
|
|
TRex EaterofCars posted:At this point I'm convinced that you're either blatantly provoking him or are one of the most socially retarded people this website has ever seen. Now now, we don't live in a black and white world of either-or,
|
|
#
?
Dec 24, 2011 23:12
|
|
|
Markov Chain Chomp posted:Well, if you've read the Manga Guide to Databases, Every once in a while you really do hit a home run, CptMath 
|
|
#
?
Dec 24, 2011 23:13
|
|
|
Markov Chain Chomp posted:Well, if you've read the Manga Guide to Databases, I stand corrected
|
|
#
?
Dec 24, 2011 23:13
|
|
|
Dicky B posted:Directly connecting to a MySQL database leads to security vulnerabilities. So any known security vulnerability deserves a great force of people hammering on it to exploit it? Even if the manpower behind the product is quite small and unable to deal with such an attack?
|
|
#
?
Dec 24, 2011 23:13
|
|
|
Markov Chain Chomp posted:Well, if you've read the Manga Guide to Databases, DBA-chan, am I ノルマライズド? Uguu~ (tn: ノルマライズド means 'normalized')
|
|
#
?
Dec 24, 2011 23:14
|
|
|
Whaaaa, what are we going to do on the B+-tree? POMF
|
|
#
?
Dec 24, 2011 23:15
|
|
|
Markov Chain Chomp posted:What people did to the db was literally the worst-case scenario for what could have happened and you can't assume he would have used a similar setup for actual payment stuff like that. That's just lazy for you to make that point. You can't assume that he wouldn't have either, especially judging by his blasé responses that "everything is fine" when it clearly isn't (people rendered the game unplayable with this exploit). Markov Chain Chomp posted:How do they differ at all? Fine. Nobody is relying on the girl to dress "not like a slut" or what the gently caress ever because they (potentially) have personal assets on the line. The way she dresses has no bearing on whether my money is where it should be at the end of the day. Conversely, people DO rely on stored information to be secure, just like they rely (as an above poster mentioned) on a bank vault being locked and secured. Accessing the database to get the guy to (hopefully) fix poo poo before people potentially get personal information stolen is nowhere near the same as someone raping a girl to prove I don't even loving know because this does not make sense to do. As I stated, based on his reaction, there is no way you can make any assumptions as to what he'll do with more sensitive data when he is already making horrible decisions (this setup is a horrible decision) and trying to justify them based on his "knowledge" of how to do things.
|
|
#
?
Dec 24, 2011 23:16
|
|
|
Markov Chain Chomp posted:So any known security vulnerability deserves a great force of people hammering on it to exploit it? Even if the manpower behind the product is quite small and unable to deal with such an attack?
|
|
#
?
Dec 24, 2011 23:18
|
|
|
Markov Chain Chomp posted:To be fair, what you guys are doing is blaming the victim. It's not any more convincing than when people blame women for being raped. BOOOOOOOOOOOOOOOOOooooooooooo HISS
|
|
#
?
Dec 24, 2011 23:32
|
|
|
Furthermore, I'm told that Weed Dog smokes a worrying surplus of cannabis,
|
|
#
?
Dec 24, 2011 23:40
|
|
|
hi tripwire
|
|
#
?
Dec 24, 2011 23:50
|
|
|
Perhaps a better analogy would be that someone pointed out that a dude slipped something into the woman's drink, to which she responds "gently caress you, I know what I'm doing" and pounds the drink. Her friend still manages to get her home okay, but her purse gets stolen in the process, which is sort of inconvenient but luckily she didn't have anything not easily replaceable in it anyway. Man that's a dumb analogy. Markov Chain Chomp posted:Well, if you've read the Manga Guide to Databases,
|
|
#
?
Dec 24, 2011 23:52
|
|
|
Edit: Welp, this might not have been the smartest thing to post.
|
|
#
?
Dec 24, 2011 23:52
|
|
|
I think the point is that responsible disclosure was followed, the other party decided that they neither wanted to fix the issue nor believed it was an issue, and it was distributed like any other exploit that makes its way around the internet. If anything it's entirely every bit of Team Meat's problem because not only were they told exactly what the issue was, but they even had a decent amount of time between when they were told of it and when the exploit actually got abused (certainly long enough to revoke UPDATE/INSERT!) I honestly fail to see where the problem is in this situation. If you tell somebody that leaving their wallet on their driveway to save time in the morning is a horrible terrible idea, and the next day their wallet is stolen, well, surprise, that's their fault. Team Meat could've easily avoided this by not acting like they knew everything and sticking their noses up. Makes me wonder how they intend to fix it. Maybe hiding the password in the source, or using a hacked-together API?
|
|
#
?
Dec 25, 2011 00:25
|
|
|
Cross-posting from the TvTropes thread in PYF: This dude's profile may or may not be a horror, personally I think it looks kinda cool, but the explanation is. TvTropes uses a semi-custom markup and parser for its pages, which apparently can't handle nested markup; instead of parsing [foo [bar ]] as the sensible <foo> <bar> </bar> </foo>, it turns them into <foo> <bar></foo></bar>, which is somewhat less sensible, and since we no longer have a nice simple DOM tree to work with, poo poo gets crazy yo. I can't explain worth a drat, just read the explanation he provided.
|
|
#
?
Dec 25, 2011 00:25
|
|
|
Zamujasa posted:If you tell somebody that leaving their wallet on their driveway to save time in the morning is a horrible terrible idea, and the next day their wallet is stolen, well, surprise, that's their fault. Ok, this is obviously not the case and if you actually believe that you need to take a course on ethics and/or you're a retard.
|
|
#
?
Dec 25, 2011 00:27
|
|
|
Holy poo poo, that TVTropes page is amazing. I wonder how many terrible hacks have been added to the source to do these sorts of things, since they definitely don't seem to be standard markup.Markov Chain Chomp posted:Ok, this is obviously not the case and if you actually believe that you need to take a course on ethics and/or you're a retard. It's certainly a better analogy than rape.
|
|
#
?
Dec 25, 2011 00:35
|
|
|
Zamujasa posted:Makes me wonder how they intend to fix it. Maybe hiding the password in the source, or using a hacked-together API? How long would it really take them to hack together a web service to receive requests, check that they are acceptable and translate them into database queries? It doesn't sound like they have a great many things they need it to do, and they don't need to make it do anything very elaborate, because they're doing all the presentation work in the app. Just spit out JSON or something.
|
|
#
?
Dec 25, 2011 00:38
|
|
|
Hammerite posted:How long would it really take them to hack together a web service to receive requests, check that they are acceptable and translate them into database queries? It doesn't sound like they have a great many things they need it to do, and they don't need to make it do anything very elaborate, because they're doing all the presentation work in the app. Just spit out JSON or something. I guess, but I'm thinking from the perspective of someone who's just had their cage rattled; I would assume they'd take a bit more time to think about it and maybe read up on how to best handle user data in this case, to prevent this sort of thing from happening again. Then again, the fact this happened at all kind of calls that into question, so who knows.
|
|
#
?
Dec 25, 2011 00:51
|
|
|
TRex EaterofCars posted:At this point I'm convinced that you're either blatantly provoking him or are one of the most socially retarded people this website has ever seen. Check his post history and rap sheet and your questions will be answered. My reading of The Cavern of Cobol were made so much better once I learned who he was and started recognizing the avatar...
|
|
#
?
Dec 25, 2011 01:50
|
|
|
Zamujasa posted:Holy poo poo, that TVTropes page is amazing. I wonder how many terrible hacks have been added to the source to do these sorts of things, since they definitely don't seem to be standard markup. http://tvtropes.org/pmwiki/pmwiki.php/Tropers/Solstace?action=source Haha, what the hell
|
|
#
?
Dec 25, 2011 01:53
|
|
|
darthbob88 posted:TVTropes As far as I can tell, this entire mess is because they tried to use regex to parse
|
|
#
?
Dec 25, 2011 02:06
|
|
|
Hammerite posted:How long would it really take them to hack together a web service to receive requests, check that they are acceptable and translate them into database queries? It doesn't sound like they have a great many things they need it to do, and they don't need to make it do anything very elaborate, because they're doing all the presentation work in the app. Just spit out JSON or something. It would take half an hour in django or sinatra or whatever. Maybe a little longer if you wanted to parse the SQL requests so you didn't have to modify the client.
|
|
#
?
Dec 25, 2011 04:16
|
|
|
Dicky B posted:indie_game_developers.txt http://www.youtube.com/watch?feature=player_embedded&v=YtBZ68Fx1Kw that quote 1:34 "I'm like in a loving concentration camp [...] is another good one. I think they're both this dude?
|
|
#
?
Dec 25, 2011 05:26
|
|
|
the talent deficit posted:It would take half an hour in django or sinatra or whatever. Maybe a little longer if you wanted to parse the SQL requests so you didn't have to modify the client. But on the other hand, how would doing that help me portray myself as the victim of soulless modernity?
|
|
#
?
Dec 25, 2011 06:26
|
|
|
|
| # ? May 14, 2024 02:16 |
|
|
I think this issue could really get solved if someone could come up with just one more retarded analogy.
|
|
#
?
Dec 25, 2011 10:20
|
|
