|
Mirthless posted:i started screaming out loud, how in the gently caress can a business get that large and do something that stupid with user data? In a company like that (big, but not big big), security (both data and physical) is impossible to explain to anyone with the authority to fund it. If the company is at all nerd-poo poo adjacent it's worse, because the top people will have unshakeable views on what constitutes proper security, and those views will be deeply loving wrong.
|
#
?
Feb 15, 2019 02:51
|
|
|
|
| # ? May 20, 2024 20:33 |
|
|
Bosushi! posted:As far as accusations headed the other way, an OPP freelancer has accused Olivia of doxxing Rose Bailey, but there’s not much more to that other than the accusation. We’ve already gone over Holden. FWIW, I've talked to a few people about it. I've now heard four different stories now about how and when I supposedly doxed Rose. I've heard now that I've doxed her and deadnamed her on RPGsite or 4chan or Kiwifarms, depending on the version of the story. I've heard I posted her personal information on Craigslist. I've heard I gave people her phone number and told people to harass her at a convention. I've also heard that I gave her information to Zak. Every single time I hear this, it leaves me shaking with anger and upset. While I think the whole thing with my leaving OPP was utterly hosed, and even if their version of the story is 100% correct, I think it's gross, abusive treatment of a contractor. But that wasn't on Rose. Rose was doing what she had to do. I considered Rose a friend for years. The last time she and I spoke, she said something very kind and conciliatory with me, despite the utter bullshit of the circumstances. I'll never forget that. Most of these claims are so beyond ridiculous I can't even imagine taking them seriously. I cannot imagine anyone who even vaguely knows me thinking that I'd give anyone's info to Zak. Stuff posted on 4chan is publicly accessible for view. But they've stuck for some. And I've lost good friends over them. Every loving time these lies hurt another relationship, it stings that much more. There's a circle of OPP people, many of whom I've never interacted with personally, who are keeping this stuff afloat.
|
|
#
?
Feb 15, 2019 02:54
|
|
|
That Old Tree posted:Despite the revelation about "Mandy's" past posts, it doesn't seem cool to un-person someone even when they're being lovely. Okay Frances came out and claimed she'd spent a brief time living with Zak and Mandy, was never very fond of Mandy, and doesn't believe all the accusations about Zak. However she didn't live long with them both, hasn't seen them for years. She refused to comment on whether she believed Vivka, Hannah and Jennifer, she refused to engage on Zak's previous abuses and harassment, and after a dozen or so polite, non-attacking comments that went between pointing her to Zak's critics, or how her defence was meaningless, she then stopped defending him and made her twitter private. At no point wqas there any sign of her being harassed or insulted. Is that better?
|
|
#
?
Feb 15, 2019 03:00
|
|
|
Elector_Nerdlingen posted:In a company like that (big, but not big big), security (both data and physical) is impossible to explain to anyone with the authority to fund it. If the company is at all nerd-poo poo adjacent it's worse, because the top people will have unshakeable views on what constitutes proper security, and those views will be deeply loving wrong. That's precisely what governance and compliance managers are for.
|
|
#
?
Feb 15, 2019 03:00
|
|
|
That Old Tree posted:Despite the revelation about "Mandy's" past posts, it doesn't seem cool to un-person someone even when they're being lovely. That was definitely not my intention. He's absolutely still hiding behind the women in his life to lend credibility and given what we know, any statement that's not directly coming from someone is suspect.
|
|
#
?
Feb 15, 2019 03:01
|
|
|
PST posted:That's precisely what governance and compliance managers are for. Look I don't know what kind of properly run places you've worked at but hahahahahahaha hahahaha ahahahahahahaha.
|
|
#
?
Feb 15, 2019 03:07
|
|
|
atholbrose posted:The best part of that article is where 40 million records were taken from a streaming site which apparently stored the passwords in plain text. Yeah. Security tip for this day and age: if a site is hanging onto your password in such a way that they can give it back to you, it is not secure and you should consider that place toxic in terms of password reuse (even more so than best practices for password reuse ie "don't"). Properly hashed passwords is why the "recover my password" of yesteryear has become "reset my password" on any reasonable site. For folks curious about hashes and such, I like Tom Scott's video on the topic: https://www.youtube.com/watch?v=8ZtInClXe1Q though I'm sure there are a hundered other equally-good videos from bloggers/youtube personalities/anyone of this information-sharing type because it's an obvious early computer security question.
|
|
#
?
Feb 15, 2019 03:17
|
|
|
Elector_Nerdlingen posted:Look I don't know what kind of properly run places you've worked at but hahahahahahaha hahahaha ahahahahahahaha. I've not dealt with a bad governance and compliance manager On the other hand a friend has, and they made their life a misery so...okay fair point PST fucked around with this message at 03:37 on Feb 15, 2019 |
|
#
?
Feb 15, 2019 03:17
|
|
|
At this point the "passwords stored as cleartext" is the kind of base level fuckup that is notable for being unusual. Obviously it happens and it happens too often, but IME the technical side is generally pretty solid. Where companies get in trouble is on the human side - poor security practice and bad organizational structure. People with higher level privileges than they should, and lackluster standards and procedures. The big mistake leadership tends to make is to see cybersecurity as a technical problem with a technical solution. But the best systems and software on the market aren't going to do poo poo if you've given someone admin privileges who doesn't need them, and they get social engineered into giving out their password over the phone or leave their device unlocked on the train.
|
|
#
?
Feb 15, 2019 03:41
|
|
|
A core problem of these 'well, I never saw any' narratives is that they're from people who are either, a, from a person with serious potential for bias (romantic partner/fiscal dependent who can't be reached for direct comment), or b, only saw the relationship for a limited period of time, like Frankie's or Charlotte's (and Michelle, the strongest narrative, also has significant gaps in her exposure - at least a year long). That doesn't make them inherently wrong or unreliable but it does mean a grain of salt or two is necessary. I'm willing to believe in fact that they're just reporting what they personally saw, albeit with a slant towards painting a friend in a good light to try and deter what they perceive to be unjust harassment, which is what any friend would. The other problem, though, is that these accounts are also exactly what you see in abusive relationships - I literally can't count the number of friends of people in abusive relationships who never saw it unfold after years of working in and adjacent to social services and from my own friends bad relationships, I've even been there. I found out that a boyfriend of one of my closest friends had been torturing the poo poo out of her emotionally but there was never an indication at all of trouble when I was around because shockingly, abusers tend to be quite good at limiting exposure and creating seemingly ordinary 'jokes' or off-hand comments that can inflict emotional injury even in the open without ever being apparent to an outsider's perspective. So to me they're of limited value as evidence against Mandy and co's claims. EDIT: So I guess with the whole 'I believe women!' 'why don't you believe <x> then?!' bullshit I still do believe them, just not as strongly as the others.
|
|
#
?
Feb 15, 2019 03:44
|
|
|
I wrote an article discussing the systemic reasons why people like Mearls are reluctant to speak up.
|
|
|
#
?
Feb 15, 2019 03:45
|
|
|
Comrade Gorbash posted:At this point the "passwords stored as cleartext" is the kind of base level fuckup that is notable for being unusual. Obviously it happens and it happens too often, but IME the technical side is generally pretty solid. Where companies get in trouble is on the human side - poor security practice and bad organizational structure. People with higher level privileges than they should, and lackluster standards and procedures. Yeah, even for people who should really know better, "hacking" conjures images of those two people using one keyboard on NCIS to firewall their ICE at a cyber-intruder, but like most (all?) of the best-known hackings come down to "got the VP of customer outreach to go enter their credentials for 'password security verification' on qoogle.com."
|
|
#
?
Feb 15, 2019 03:49
|
|
|
Or, and this is also super common, such-and-such website's software is unpatched and three years out of date, and there are published vulnerabilities and scripts online all over the place that anyone with a moderate ability to google and download and run things can make use of.
|
|
#
?
Feb 15, 2019 03:53
|
|
|
It's probably just best to assume that all software is absolutely comically terrible until bedgrudgingly proven otherwise.
|
|
#
?
Feb 15, 2019 04:03
|
|
|
I work with passwords, can confirm this: 
|
|
#
?
Feb 15, 2019 04:09
|
|
|
Hey...that guy isn't the password inspector!
|
|
#
?
Feb 15, 2019 04:38
|
|
|
He's not the PABX maintenance guy, either, despite the way he's been working in your comms room for the last hour.
|
|
#
?
Feb 15, 2019 04:52
|
|
|
As a software engineer I feel the quote in the 4th panel (I know its xkdc) is pretty apt https://www.xkcd.com/2030/ "...our entire field is bad at what we do, and if you rely on us, everyone will die."
|
|
#
?
Feb 15, 2019 05:10
|
|
|
MachineIV posted:FWIW, I've talked to a few people about it. I've now heard four different stories now about how and when I supposedly doxed Rose. I've heard now that I've doxed her and deadnamed her on RPGsite or 4chan or Kiwifarms, depending on the version of the story. I've heard I posted her personal information on Craigslist. I've heard I gave people her phone number and told people to harass her at a convention. I've also heard that I gave her information to Zak. I'm sorry you have to deal with this poo poo
|
|
#
?
Feb 15, 2019 06:44
|
|
|
Benagain posted:I'm sorry you have to deal with this poo poo Same.
|
|
#
?
Feb 15, 2019 06:56
|
|
|
That Old Tree posted:Despite the revelation about "Mandy's" past posts, it doesn't seem cool to un-person someone even when they're being lovely. The strategy I've been using so far is to treat their testimony as honest (which is not the same as absolving Zak: I just assume it's true that Freddie did live with them, didn't see anything, and doesn't believe Zak abused Mandy) while at the same time doing my best to not drag them deeper into this in case they, like Mandy, are feeling lovely over this. It's surprisingly easy: since Zak is trying to DARVO, just not engaging with the people who are helping him D, A, and RVO is already the best strategy.
|
|
#
?
Feb 15, 2019 07:03
|
|
|
LatwPIAT posted:The strategy I've been using so far is to treat their testimony as honest (which is not the same as absolving Zak: I just assume it's true that Freddie did live with them, didn't see anything, and doesn't believe Zak abused Mandy) while at the same time doing my best to not drag them deeper into this in case they, like Mandy, are feeling lovely over this. The thing is: none of the direct factual claims in the statements made in support of Zak actually disprove any of the allegations against him. The fact that Zak's defenders didn't witness abuse, and don't believe it happened, is not evidence that the abuse didn't happen. The idea that the statements actual directly contradict the allegations of abuse is a gloss that Zak has added by purporting to interpret them in his own statement. He is trying to set up a false dichotomy. He suggests that if you believe his defenders you must conclude he is innocent when, in fact, it is possible to believe his defenders are being honest while realising that their accounts don't disprove the allegations against him.
|
|
#
?
Feb 15, 2019 07:48
|
|
|
thefakenews posted:The thing is: none of the direct factual claims in the statements made in support of Zak actually disprove any of the allegations against him. The fact that Zak's defenders didn't witness abuse, and don't believe it happened, is not evidence that the abuse didn't happen. Pretty much, yeah.
|
|
#
?
Feb 15, 2019 07:51
|
|
|
PST posted:I was in a meeting with some EU legislators recently which discussed gdpr (brexit-related) and they're not messing around in fully intending to escalate, there's been a 'get your house in order' lax approach, but that ended a while ago. 72 hours from being aware of it.
|
|
#
?
Feb 15, 2019 07:56
|
|
|
Unlucky7 posted:As a software engineer I feel the quote in the 4th panel (I know its xkdc) is pretty apt This is so true. So much essential computer infrastructure is held together with code that is, at best 'IDK, gently caress it, it works' levels of maintainable.
|
|
#
?
Feb 15, 2019 08:15
|
|
|
MachineIV posted:FWIW, I've talked to a few people about it. I've now heard four different stories now about how and when I supposedly doxed Rose. I've heard now that I've doxed her and deadnamed her on RPGsite or 4chan or Kiwifarms, depending on the version of the story. I've heard I posted her personal information on Craigslist. I've heard I gave people her phone number and told people to harass her at a convention. I've also heard that I gave her information to Zak. Every time i hear more of the poo poo you get, i get frustrated and angry by proxy all over again. My sympathies.
|
|
#
?
Feb 15, 2019 09:21
|
|
|
Well this doesn't look at all like Zak's normal MO and obsession with 'asking questions' does it? https://twitter.com/Questio27063903/with_replies Also here's GenCon's bullshit statement https://twitter.com/Gen_Con/status/1096118847357169665 Or...we're not doing anything, but we don't want to say we're not doing anything, so we're trying to hide that.
|
|
#
?
Feb 15, 2019 09:28
|
|
|
PST posted:Well this doesn't look at all like Zak's normal MO and obsession with 'asking questions' does it? So far the questions haven't been the usual throwing-Zak-a-softball-setup, and he seems to prefer real-seeming people over an obvious alt account. At the same time pestering Stokley and Kane (or Vivka, who is a victim and definitely shouldn't be forced to constantly remember this stuff) with questions isn't something we should be doing - for one it buys into Zak's framing that their answers can somehow absolve him of the accusations, and it allows him to control the conversation since his supporters are the only people available to answer questions. Zak leaves a reply for Questio that really doesn't show what Zak think it shows, though. LatwPIAT fucked around with this message at 10:28 on Feb 15, 2019 |
|
#
?
Feb 15, 2019 09:50
|
|
|
LatwPIAT posted:So far the questions haven't been the usual throwing-Zak-a-softball-setup, and he seems to prefer real-seeming people over an obvious alt account. At the same time pestering Stokley (or Vivka, who is a victim and definitely shouldn't be forced to constantly remember this stuff) with questions isn't something we should be doing - for one it buys into Zak's framing that their answers can somehow absolve him of the accusations, and it allows him to control the conversation since his supporters are the only people available to answer questions. Him pointing a bunch of people at his supporters and saying "get your answers here" sucks rear end, especially if people are actually doing it. We don't need to ask them anything, and we doubly don't need to ask any of the people he abused anything. We already have everything we need to know. Mandy and the others gave clear accounts, and Zak did too, but probably not in the way he thinks (a lawyer probably did not actually advise him to post this defense, and he starts the post proper off with a lie: "It’s strange to have to defend myself against the charge of not loving Mandy." No, that's not the charge, and never was. The charge is that you're abusive.)
|
|
#
?
Feb 15, 2019 10:37
|
|
|
Emy posted:Mandy and the others gave clear accounts, and Zak did too, but probably not in the way he thinks
|
|
#
?
Feb 15, 2019 10:48
|
|
|
Frankie's doubling down on the Zak is innocent front. https://www.reddit.com/r/rpg/comments/aqvblx/zak_and_mandy/?st=JS5XXAM8&sh=2a13dbb1 EDIT: Including a nice dose of 'actually Mandy was the abuser'. Loomer fucked around with this message at 12:28 on Feb 15, 2019 |
|
#
?
Feb 15, 2019 12:16
|
|
|
You know... assume for the sake of argument that Frankie and Mandy's accounts are mutually exclusive, and only one can be true, and onlookers like us need to determine which it is. Which story gels more with Zak's observed behaviour from the past decade? You know, the lies, the intimidation, the harassment, the impersonation, the ego as large and unassailable as a Dyson sphere... all that. Is it the one where he's a chill dude controlled by his girlfriend (who at the same time he used relentlessly as a shield from online criticism)? Or is it the one where he's an abusive piece of poo poo? I still believe Mandy.
|
|
#
?
Feb 15, 2019 12:53
|
|
|
potatocubed posted:You know... assume for the sake of argument that Frankie and Mandy's accounts are mutually exclusive, and only one can be true, and onlookers like us need to determine which it is. Of course, that's what makes this particular incident so clear-cut. Zak has been an rear end in a top hat and a bully for years, I wasn't surprised by Mandy's horrible recount of their relationship one bit. If it looks like poo poo, smells like poo poo, and someone walks over it and carries it around for years then turns around and says she stepped on Zak, you can assume it's poo poo. Zak is poo poo, is what I'm trying to say. Anyone defending him smells like poo poo, too. Possibly literally, considering the hobby.
|
|
#
?
Feb 15, 2019 13:15
|
|
|
Here's a pretty good blog from someone in the OSR. He abused this person's friend, then when they tried to cut ties guilt-tripped them into doing work for him. But mostly it's a pretty good apology and call to action.
|
|
#
?
Feb 15, 2019 13:17
|
|
|
Just like that, that Reddit post has been removed. Fortunately I have screenshots.
|
|
#
?
Feb 15, 2019 13:45
|
|
|
Loomer posted:Just like that, that Reddit post has been removed. Fortunately I have screenshots. I recommend against sharing them in public until there's a very good reason to do so. If Frankie chose to retract her statement, deleting it is a fairly reasonable thing to do.
|
|
#
?
Feb 15, 2019 13:50
|
|
|
Oh, I don't intend to unless there's a legitimate cause. I also nabbed them in the event it was pulled by the subreddit's mods rather than Frankie.
|
|
#
?
Feb 15, 2019 13:57
|
|
|
LatwPIAT posted:I recommend against sharing them in public until there's a very good reason to do so. If Frankie chose to retract her statement, deleting it is a fairly reasonable thing to do. Zak's directing it as his response to it being deleted is to demand it get put up on /OSR https://twitter.com/IHitItWithMyAxe/status/1096383742602444800
|
|
#
?
Feb 15, 2019 14:08
|
|
|
Edit: I was tired and angry and said something stupid. (USER WAS PUT ON PROBATION FOR THIS POST) CaptainRat fucked around with this message at 00:28 on Feb 16, 2019 |
|
#
?
Feb 15, 2019 14:15
|
|
|
|
| # ? May 20, 2024 20:33 |
|
|
So…most of his action on this front is either reply-tweets or tweets from his alt for his defunct Escapist series. Nothing that shows up directly on his main account. Nothing on his actual blog. I guess that needle moved. Edit: Huh, I guess Axe is for his blog? It's got more followers than his "personal" account. Still a bizarre segregation. That Old Tree fucked around with this message at 14:20 on Feb 15, 2019 |
|
#
?
Feb 15, 2019 14:16
|
|