|
Adept Nightingale posted:Yeah, not real impressed with that myself. I'm not a fan, I'm just most interested in tarring the people who still have authority in the industry that are trying to play this off. and there are lots of them. And I get that. But I think it's important to recognize that, going back to 2017 and the Mentzer thread, Holden has kept saying "this isn't the time, focus on the people who are hurting." If now isn't the time to talk about these things, when is? People can be mad at Zak and Mearls AND Lindroos and Suleiman AND Holden and Morke. Get this poo poo out in the open. Don't keep kicking it down the line until the wave has passed.
|
# ? Feb 14, 2019 20:52 |
|
|
# ? May 23, 2024 19:45 |
|
Darwinism posted:I guess my point is that we absolutely have to stop having sympathy for doubting allegations against close people, because the real actual world has proven time and again that abusers don't abuse everyone they interact with so them not abusing you should have no bearing. And further, if you fall for that kind of thinking and then keep to associate with the person because they're just such nice people, have they reformed eh who cares hey everyone contribute to their financial success! then maaaaaybe you aren't an ally of any type even if you go on Twitter and yell at other people for doing bad things. This is well put, and I appreciate it. I hadn't seen that tweet boosting Morke before it was posted here, should have looked more closely at it before I replied.
|
# ? Feb 14, 2019 20:53 |
|
Lumbermouth posted:And I get that. But I think it's important to recognize that, going back to 2017 and the Mentzer thread, Holden has kept saying "this isn't the time, focus on the people who are hurting." If now isn't the time to talk about these things, when is? The more people insist we don't talk about this poo poo right now is the reason this poo poo keeps happening. Drive every one of those scum fucks out of the industry and directly into a woodchipper.
|
# ? Feb 14, 2019 21:14 |
|
Lumbermouth posted:
I feel like I need a glossary of who these people are? I now know who Zak S is, but who are all these other cast of characters?
|
# ? Feb 14, 2019 22:03 |
|
C.A. Suleiman was a sexual harasser employed by Green Ronin, owned in part by Nicole Lindroos, who promised a "timeline" that would explain why she defended him and attacked his victims as lying up until it was no longer viable to do so. ...over a year ago. It still hasn't shown up. Holden and Morke: read the last page or two.
|
# ? Feb 14, 2019 22:05 |
|
Mearls is the lead for D&D 5E, who invited Zak and noted fascist RPGPundit on as consultants. When people were understandably outraged, he solicited reports on their conduct to "investigate". Except he didn't actually investigate, but instead forwarded much if not all of them (intended to be read in confidence) to the shitheads themselves. Suleiman is Colin Suleiman/CAS from Green Ronin. He was notable for sexual harassment, related awful grooming of women, and targeting women in preparation for that. When his odious deeds came out he gave a non-apology, and his boss Lindroos insisted that at some later date she'd give a timeline exonerating CAS of any misdeeds. Said timeline has still not appeared and any mention of it to them tends to get you blocked. John Mørke had a similar stream of misdeeds to CAS over the years before he and his pal Holden Shearer got punted from working on Exalted 3E because they were trying to hold the project hostage to their own whims. (I recently discovered that someone I know in person was targeted by him, which makes the whole deal extra gross.) To this day Holden will still keep either defending Mørke directly or at least downplaying his prior actions, as noted above. At this point he deserves all the credibility of the Daily Mail, ie you'd seek independent verification if he claimed that the sky was blue. NGDBSS fucked around with this message at 22:16 on Feb 14, 2019 |
# ? Feb 14, 2019 22:13 |
|
Bedlamdan posted:Well, we should probably talk with Lowtax then, given that apparently NunsWithGuns was ripped off by the site without anything to show for it. I can at least confirm that I never made any purchases after the recent ban, and largely slept through my last probe. It's also possible that NunsWithGuns put in something NSFW or genuinely dangerous in the avatar, and a mod removed it before anyone noticed but I think they're more sensible than that.
|
# ? Feb 14, 2019 22:23 |
|
I'm sure Zak used to be better at this, like really infuriating to argue with, but he's being really bad this time, maybe because he's having to do it on twitter, as he's banned everywhere else, and can't do his normal gish gallop bullshit. Also as the two women defending him are posting, he's going quiet. Now i'm not saying he's outright sockpuppeting, but i'll not be surprised if he's trying to coordinate their responses. PST fucked around with this message at 22:42 on Feb 14, 2019 |
# ? Feb 14, 2019 22:25 |
|
Keep in mind that Suleiman's history of harassment was enough to have him banned from the Horror Writers Association-related events. Green Ronin said they removed him from the one project he was working with them on, but he still shows up in their social media discussions to chat with them. He also "somehow" got a hold of a Green Ronin contact list they created during a talent search for female and non-binary creators. They claim he was never in charge of the talent search but he contacted/creeped on some people on the list.
|
# ? Feb 14, 2019 22:26 |
|
It was pretty easy to get duped by Zak if you were even remotely inclined to take what he says in good faith He obsessively (obsessively) compiles any data that makes him look sympathetic and had plenty of supporters in the LGBTQ community, among women and people of color, etc Zak's personal life outside the internet seemed clean at a glance because the people around him were sheltering him. Mandy was with him for more than ten years before she came out about what he was doing. The dude is an expert at pulling the wool over people's eyes. I donated $25 to rainn and I'll donate another $25 on payday. I don't know what the gently caress to do with Maze of the Blue Medusa. Burn it? Mirthless fucked around with this message at 22:30 on Feb 14, 2019 |
# ? Feb 14, 2019 22:27 |
|
FactsAreUseless posted:You're a huge weirdo, Nuns just bought the avatar right as the site went down yesterday. It's just a weird coincidence, and it's easy for the admins to fix. We already chatted by PM. You need to chill like a lot. I'm not saying you guys stole Nuns's money, just that the site is prone to loving up and doing weird poo poo with people's money and accounts, and like you said, it has in fact hosed up. Good on you if you guys can sort this out, but it's not like weird bullshit going on with how the site is working has become less common as time goes on. Best of luck.
|
# ? Feb 14, 2019 22:36 |
|
Bedlamdan posted:I'm not saying you guys stole Nuns's money, just that the site is prone to loving up and doing weird poo poo with people's money and accounts, and like you said, it has in fact hosed up. Good on you if you guys can sort this out, but it's not like weird bullshit going on with how the site is working has become less common as time goes on. Best of luck. https://www.youtube.com/watch?v=OAqsU-BY58w
|
# ? Feb 14, 2019 22:47 |
|
Bedlamdan posted:I'm not saying you guys stole Nuns's money, just that the site is prone to loving up and doing weird poo poo with people's money and accounts, and like you said, it has in fact hosed up. Good on you if you guys can sort this out, but it's not like weird bullshit going on with how the site is working has become less common as time goes on. Best of luck. Shut the gently caress up
|
# ? Feb 14, 2019 22:47 |
|
guys what if bedladman... is zak??!!? ?
|
# ? Feb 14, 2019 22:51 |
|
Shardix posted:Shut the gently caress up Oh uh, my bad, SA acting like the equivalent of a vending machine that just eats your dollar without giving you your chips so you have to write a letter to the company is in fact, good, and cool, and furthermore Lowtax can use the n-word if he wants. Thanks goons. (USER WAS PUT ON PROBATION FOR THIS POST)
|
# ? Feb 14, 2019 22:51 |
|
Cat Face Joe posted:guys
|
# ? Feb 14, 2019 22:59 |
|
FactsAreUseless posted:Didn't Zak post here as Zak S at some point? Or was that RPG.net? 2012 was a long time ago, which is when I think it would have happened. He definitely had an account that was obviously him at some point, It was ZakS Or something like that
|
# ? Feb 14, 2019 23:00 |
|
FactsAreUseless posted:Didn't Zak post here as Zak S at some point? Or was that RPG.net? 2012 was a long time ago, which is when I think it would have happened.
|
# ? Feb 14, 2019 23:00 |
|
FactsAreUseless posted:Didn't Zak post here as Zak S at some point? Or was that RPG.net? 2012 was a long time ago, which is when I think it would have happened.
|
# ? Feb 14, 2019 23:02 |
|
Yeah, I mentioned it a few pages ago and people were ing at all the times where "Mandy" made a quip he "shared" in the post.Nuns with Guns posted:Yes, he posted exclusively in the big grognards.txt thread that's been goldmined, so you can find all his posts here https://forums.somethingawful.com/showthread.php?threadid=3098558&userid=185243
|
# ? Feb 14, 2019 23:04 |
|
Bedlamdan posted:Oh uh, my bad, SA acting like the equivalent of a vending machine that just eats your dollar without giving you your chips so you have to write a letter to the company is in fact, good, and cool, and furthermore Lowtax can use the n-word if he wants. Thanks goons. Well congratulations, you got yourself probated. Now what's the next step on your master plan?
|
# ? Feb 14, 2019 23:06 |
|
Plutonis posted:Well congratulations, you got yourself probated. Now what's the next step on your master plan? *wearing a cartoonish swami turban and holding an envelope to my head* waiting 3 days and doing the exact same poo poo over and over again
|
# ? Feb 15, 2019 00:17 |
|
Well this just made my day
|
# ? Feb 15, 2019 00:29 |
|
PST posted:Well this just made my day https://www.youtube.com/watch?v=eyPK_hDsMB4
|
# ? Feb 15, 2019 00:35 |
|
https://techcrunch.com/2019/02/14/hacker-strikes-again/ Roll20 had 4 million profiles worth of data stolen.
|
# ? Feb 15, 2019 00:48 |
|
Plutonis posted:https://techcrunch.com/2019/02/14/hacker-strikes-again/ Ouch. Fantasy Grounds looking better all of a sudden.
|
# ? Feb 15, 2019 00:59 |
|
Rhandhali posted:Ouch. Fantasy Grounds looking better all of a sudden. I wouldn't bet on that.
|
# ? Feb 15, 2019 01:09 |
|
PST posted:Well this just made my day
|
# ? Feb 15, 2019 01:12 |
|
Plutonis posted:https://techcrunch.com/2019/02/14/hacker-strikes-again/ Here's their preliminary statement: https://app.roll20.net/forum/post/7209691/roll20-security-breach quote:3:42PM (31 minutes ago)
|
# ? Feb 15, 2019 01:15 |
|
Leperflesh posted:Here's their preliminary statement: As a general point, they're not saying when they knew there was a breach And if they knew a while ago, and didn't admit to it then, there's a good chance they're hosed, I mean, they're automatically a little bit screwed, but if they knew in advance, and didn't notify customers, and that announcement is very obfuscated as to when they knew, then they're really hosed. As is every other company on that list. Sure it might not be the full 4% turnover or 20 million, but they're looking to affix measureable fines going forwards. I was in a meeting with some EU legislators recently which discussed gdpr (brexit-related) and they're not messing around in fully intending to escalate, there's been a 'get your house in order' lax approach, but that ended a while ago.
|
# ? Feb 15, 2019 01:26 |
|
PST posted:Well this just made my day Nice. Can you just look at people's patreon incomes, or did Zack post this? I tried to look him up on Grapheon and it says not found (Searching both "Zack Smith" and "Demon City") E: Apaprnetly "Demon City" doesn't work, but "DemonCity" makes him show up as "Zack Smith (DemonCity)" so, I guess Grapheon just has a crappy search algorithym. E2: It looks like the dive started Saturday (the 9th) Foolster41 fucked around with this message at 01:31 on Feb 15, 2019 |
# ? Feb 15, 2019 01:27 |
|
Leperflesh posted:Here's their preliminary statement: quote:We utilize bcrypt for password hashing, which means that it cannot be reverse-engineered for utilization with other sites or to access Roll20. this.... sounds like bullshit
|
# ? Feb 15, 2019 01:37 |
|
The WotC former cust-serv team lead who'd posted about how Mearls was out of line has said a little more. https://twitter.com/XPMatthewLee/status/1096194624220250114 I hope this doesn't get dropped as it's increasingly looking like he deceived his bosses and went outside normal SOP at the time, and quite possibly has done the same now.
|
# ? Feb 15, 2019 01:42 |
|
No, bcrypt is recognized as being pretty secure.
|
# ? Feb 15, 2019 01:43 |
|
Mirthless posted:this.... sounds like bullshit It's really not. A hashing algorithm is a one-way function; it takes an input of any length and outputs a fixed length output. For example, the SHA1 hash of the Bee Movie script is bbc87410cd9a06c6fae1478e70940ad1ff2b4f42. The key is that you can't go from that hash back to the original. The only way to recover the original text given a target hash value is to generate possible input texts, run the hashing algorithm, and see if the output matches your target. This makes it ideal for securing passwords; you can take the value the user gave you, run it through the algorithm, and see if the outputs match, but an attacker can't recover the password except by running a huge number of candidates through the algorithm. The problem (actually one of many problems) with using something like SHA1 for passwords, though, is that it's designed to be super fast. What you want is something that's actually kind of slow, such that the lag for processing a user's password is tolerable, but the lag from running the entire dictionary through it would be too much to be worth bothering with. That's what bcrypt is for. Edit: I should note that bcrypt was state of the art like a decade and a half ago. Even better algorithms for protecting passwords have been developed, attacked, and strengthed in the time since. If you need to implement password security for an actual app, please consult a source which goes into more detail than this post. inklesspen fucked around with this message at 02:01 on Feb 15, 2019 |
# ? Feb 15, 2019 01:46 |
|
The best part of that article is where 40 million records were taken from a streaming site which apparently stored the passwords in plain text.
|
# ? Feb 15, 2019 01:48 |
|
It's incredibly heartening to see Zak trying all the same bullshit tricks that he used to use to avoid accountability, only to find that no one is having any of it. "Look, I have this big long message from one of the I Hit It With My Axe ladies who told me out of the blue that says Mandy is a liar and that I am cool. No you can't talk to her, she protected her account and also she lives in Canada and doesn't have a phone 'cause her dad is mean."
|
# ? Feb 15, 2019 02:03 |
|
atholbrose posted:The best part of that article is where 40 million records were taken from a streaming site which apparently stored the passwords in plain text. that one absolutely blew me away i started screaming out loud, how in the gently caress can a business get that large and do something that stupid with user data? inklesspen posted:It's really not. A hashing algorithm is a one-way function; it takes an input of any length and outputs a fixed length output. For example, the SHA1 hash of the Bee Movie script is bbc87410cd9a06c6fae1478e70940ad1ff2b4f42. Thanks for the explanation, I appreciate it! Makes me feel a little better at least.
|
# ? Feb 15, 2019 02:20 |
|
If you guys are interested, check https://haveibeenpwned.com/ In addition to the extremely useful password and email address checking tools he has up there, you can read his blog posts laying out in pretty easily digestible chunks how these security mechanisms work. Meanwhile, you'll almost definitely find out that the passwords you've been using for years are all in various dictionaries, and you need to switch passwords. inklesspen posted:The problem (actually one of many problems) with using something like SHA1 for passwords, though, is that it's designed to be super fast. What you want is something that's actually kind of slow, such that the lag for processing a user's password is tolerable, but the lag from running the entire dictionary through it would be too much to be worth bothering with. That's what bcrypt is for. Just to add to this that "salting" passwords as they're stored is a way to mitigate the dictionary and rainbow attack vulnerabilities; and it's been standard enough for long enough that it's inexcusable for any company not to be salting their stored-as-hashed password tables. In the case of Roll20, there's not a lot of detail in the articles already linked, but it's likely that what happened is the various people who monitor what new password databases are showing up on the "dark web" noticed a new one claiming to be from Roll20, and informed them they had been compromised while composing the article, which they then published. It's possible they've known for months, of course... but that's a leap to a conclusion that is so far just pure speculation based on other companies' bad behavior. Leperflesh fucked around with this message at 02:51 on Feb 15, 2019 |
# ? Feb 15, 2019 02:49 |
|
|
# ? May 23, 2024 19:45 |
|
Lumbermouth posted:It's incredibly heartening to see Zak trying all the same bullshit tricks that he used to use to avoid accountability, only to find that no one is having any of it. Despite the revelation about "Mandy's" past posts, it doesn't seem cool to un-person someone even when they're being lovely.
|
# ? Feb 15, 2019 02:50 |