23 Oct, 2012, Hades_Kane wrote in the 1st comment:
Votes: 0
When we run across downloads in the repository that have pfile directors that include intact pfiles with passwords in them, is there anything we can do in order to request either modification of the download, or removal of the download as a result? I don't know what the policy of modifying other's uploads or anything like that is, but after a recent command about a backdoor on a codebase download, I downloaded the codebase to look for it and noticed the pfiles/passwords were still intact. I mean, they "encypted" to the best that a Dikurative is capable of, but I'm sure it wouldn't take much to reverse engineer the code that does that to extract actual passwords.
23 Oct, 2012, Hades_Kane wrote in the 2nd comment:
Votes: 0
*directory
*comment

At work and on the sly :p
23 Oct, 2012, Davion wrote in the 3rd comment:
Votes: 0
Edit: Wow, totally confused this with something else…

I updated the file a bit. But for MudMagic and ftpgame.org there's nothing we can really do. This isn't the only place they're available. There's no personal information. Closest thing I found was one guy requesting his pfiles saved because he was off to jail. Didn't say where or anything.
23 Oct, 2012, quixadhal wrote in the 4th comment:
Votes: 0
So, you're worried about evil hax0rz, who go after game accounts on games that have audiences of 10 million players, going after a 10 or 20 year old download of a free text MUD archive? Do you really think the MUD community, as a whole, is large enough to even get their attention?

And you want to PUNISH people for publishing their codebases?

Considering the state of things these days, I don't think driving even more people away from this tiny little genre is a good idea, and issuing the equivalent of a jaywalking ticket seems likely to do that.

Beyond the real danger of choking on something while you're laughing so hard at this, what exceptions are you going to place in such a "policy", so that codebases which have admin characters available aren't penalized for it? Not every codebase will auto-generate an admin wizard if one isn't present, and IMHO if it won't boot and let you log in as god/admin out of the box, it's broken. It's already too much to expect people to fix your compiler warnings/errors and spend more than 5 minutes looking at your codebase before going "NEXT" and moving on.

If we're gonna pick on security issues, I vote we take down any codebase which has a buffer overrun issue, as hackers use those to gain control of the account running the code. :)
23 Oct, 2012, Runter wrote in the 5th comment:
Votes: 0
It's a reminder that you should not use the same passwords on all your stuffs. You can't control how people handle your information you give them, for the most part.
23 Oct, 2012, Hades_Kane wrote in the 6th comment:
Votes: 0
quixadhal said:
So, you're worried about evil hax0rz, who go after game accounts on games that have audiences of 10 million players, going after a 10 or 20 year old download of a free text MUD archive? Do you really think the MUD community, as a whole, is large enough to even get their attention?

And you want to PUNISH people for publishing their codebases?

Considering the state of things these days, I don't think driving even more people away from this tiny little genre is a good idea, and issuing the equivalent of a jaywalking ticket seems likely to do that.

Beyond the real danger of choking on something while you're laughing so hard at this, what exceptions are you going to place in such a "policy", so that codebases which have admin characters available aren't penalized for it? Not every codebase will auto-generate an admin wizard if one isn't present, and IMHO if it won't boot and let you log in as god/admin out of the box, it's broken. It's already too much to expect people to fix your compiler warnings/errors and spend more than 5 minutes looking at your codebase before going "NEXT" and moving on.

If we're gonna pick on security issues, I vote we take down any codebase which has a buffer overrun issue, as hackers use those to gain control of the account running the code. :)


Umm, where did you get ANY of this?

Way to take something WAAAAY out of proportion.

1) Who said anything about "evil hax0rz", or people who target multi-million player games or any of that? Seriously, way to try to put a whole lot of words in the mouth of someone who said nothing even remotely close to that.

The fact that the MUD community is small is in fact the point of it, and that people quite often use the same character names and often times the same passwords across many different MUDs. Even if a codebase was released 10 years ago, there's some chance that some of those same character names and passwords may match up. I make a habit of using different passwords for different MUDs, but I would wager the majority of MUDers do not. Already a player/builder from that game recognized the codebase, and it's not unlikely at all to think there is a chance he may still be in contact with other players from that game, or even still MUD with some of those players. If he were malicious and had the know-how, it also wouldn't be out of the question to think that an attempt to gain passwords for some of these people wouldn't be that difficult to do.

I'm glad Runter saw the point of my post, there.

2) Who said anything about PUNISHING anyone? Did you even READ what I asked about? Among which, was the option for the Admins to address a player directory full of pfiles? How would modifying an upload to remove hundreds of pfiles be like "issuing the equivalent of jaywalking ticket" or "driving more people away from" MUDing? Seriously dude, you are totally justifying your banner image of "Drama Bytes" right now :p

3) This isn't an issue of an Admin character or two or three or five being left in the directory for someone to be able to get started on the game, it's an issue of codebase releases containing hundreds of pfiles. It may also be important to note that not all codebases have encrypted passwords, and I want to say that even on ROM that is optional and that you can save passwords as they are if you choose (I won't swear by this, but I seem to recall running across that in the code).

Some games save your email information with your pfile too, which opens up the possibility of having potentially hundreds of email addresses out there of people known to have MUDed at one point or another. Not that I ever disclose my email on a game I play, but if I did, I sure wouldn't want that ever just carelessly uploaded in a codebase download on a gaming site.

Again, people have bad password habits, and I would even wager some players are dumb enough to use the same password for their character that they would with their email address.

There are issues here, even if you are too interested in trying to argue something that doesn't need to be, in order to see it.

What tangible harm is there to say in a post "Hey, this MUD has a full pfile directory" and have that cleared when it is ran across? I'm not suggesting some full scale crawl of the site with banhammers or deletions thrown toward any codebase that has done that, I'm asking what recourse or action as a user of this site that I may have if I run across any codebases that hast his.

Explain to me, where is the harm in that? Certainly, there must be some if your mocking and condescending post is to be justified. Seriously, way to attack someone that is honestly just genuinely concerned about something that I think could be harmful to the unfortunate people that trusted any personal information to this codebase or any others whose Admins may have uploaded the MUD with the pfiles intact.
23 Oct, 2012, quixadhal wrote in the 7th comment:
Votes: 0
Hades_Kane said:
1) Who said anything about "evil hax0rz", or people who target multi-million player games or any of that? Seriously, way to try to put a whole lot of words in the mouth of someone who said nothing even remotely close to that.


Well, somebody has to want to use the passwords. A normal person would ignore them, so one presumes there must be evil hax0rz out there downloading MUD codebases in the hopes they'll find passwords to abuse.

Hades_Kane said:
2) Who said anything about PUNISHING anyone?


You did.
Hades_Kane said:
is there anything we can do in order to request either modification of the download, or removal of the download as a result?

I would consider "removal of the download" punishment. "Thanks for taking the time to upload your work. Sorry it's not good enough for our standards, please go put more of your personal time into fixing it for us."

Hades_Kane said:
There are issues here, even if you are too interested in trying to argue something that doesn't need to be, in order to see it.


There are indeed.

One of the issues is the actual state of the MUD community these days. As you must admit, the popularity of text games has been on the decline for the last 20 years (yes, it's been that long). There are plenty of reasons for that. Amongst them, is the fact that many of the people who were extremely active in creating these codebases have jobs, families, and other commitments on their time.

In short, we should be thankful that ANY of these relics are still available, let alone that some of them are being updated and maintained to run in modern environments.

IMO, anything which makes it MORE DIFFICULT to share is working to the detriment of this struggling community.

You ask where the harm is in asking how to report codebases which violate this principle of not including arbitrary player data. The harm is two-fold. First, it takes time for someone to go follow up on these reports. If nobody does, there's no point in reporting. Second, let's assume some action will be taken against the violator… again, if nothing is done, it's pointless to report it. So, somebody has to spend the time to remove/flag the codebase in question, and then also take the time to (try to) track down the uploader and ask them to spend THEIR time modifying their donation, which then has to be re-validated to ensure it's now in compliance.

To me, that sounds like a great way to ensure that fewer people take the time to upload their old projects, since it goes from being a simple "Here's my old codebase for people to enjoy" to "Oh great, I have to fully audit my stuff to make sure it's sanitized? Nah, it's not that important."
24 Oct, 2012, Lobotomy wrote in the 8th comment:
Votes: 0
Hades_Kane said:
What tangible harm is there to say in a post "Hey, this MUD has a full pfile directory" and have that cleared when it is ran across?



Explain to me, where is the harm in that?

It would be easier for you to explain to us instead why it's your place or prerogative to remove the pfiles and/or othersuch data out of submitted files or to even be editing submitted files in the first place.

I don't see where you get the nerve to think that you should be playing net-nanny with submitted mud files, giving devs yet another reason to be wary of even submitting any code here at all; particularly when there are services like Sourceforge out there that are not only superior code hosting sites, but also services that are such that you don't have to worry about some admin or moderator going through your files and editing things out as they feel so inclined for whatever reason.

I'm also curious as to how you only go so far as editing out pfiles. Don't you think you should dig through other data in the mud submissions? How about any board notes left in submitted codebases? What if someone posted their physical address or phone number in a post somewhere on said mud? What about other commands that let you assign details to a character/account like email addresses, IM account names, and so on, and might be saved in files outside of the pfiles? Are you going to go through and edit all that out too, in the off chance someone who downloads the mud might be a prankster or worse who will use that information improperly? Surely you must feel the need to go another mile out of your way to protect people from all those kinds of remotely-if-plausible hypothetical threats too?

Oh, and what about the mud devs who upload their data here expecting that they should be able to download it again in the future intact and be able to start their game back up again from where they left off in the case of mud devs who leave the scene for a while? I know of a guy on my IM list for instance who has had to get a copy of his old mud from me on more than one occasion over the years who ended up losing the copy he had due to hard drive failures and othersuch; what if he was looking to get it from here and continue from where he left off, players and all? Oops, now all the guy's player data is gone and all his friends he wanted to bring back to said mud have to start over from scratch just because you took it upon yourself to "protect" them from themselves. Good job, guys.

Lastly, it'd be helpful for others in the future (assuming there's anyone left who still even wants to submit code here) if the mudbytes rules section for content submissions actually included some mention of it apparently being against the site rules (as evidenced by administrative action removing the aforementioned data) for codebases to contain indentifying or otherwise sensitive data, so that it's not simply left up to users submitting data to wonder if their data is going to be tampered with just because it happens to fall under the little bullshit catch-all "Disclaimer" that day.
24 Oct, 2012, LeMonseural wrote in the 9th comment:
Votes: 0
Wow I believe everything was just blown up in the wrong direction. Hades post was with good intent.
24 Oct, 2012, Davion wrote in the 10th comment:
Votes: 0
Well, the reason we have a submission process is so that these issues are addressed before its even up on the site. Its a different story with some of the merged repositories.

We do not edit your submissions, we just deny the upload and tell you what needs changing. Reasons we deny (other than legal/copyright) are if your submission is bogged down with bloat like object files, excessive logs, gdb cores, compiled code (not precompiled binaries for distribution…) and a few other things.

Often times when the player files are submitted a long with the source code, this does raise warning bells though. We would like to prevent open MUDs having their source released to the public with active pfiles. Honestly, this has only been an issue with DBZ muds (surprise!). We likely wont be changing how things are handled with regards to uploads.
24 Oct, 2012, KaVir wrote in the 11th comment:
Votes: 0
Davion said:
We do not edit your submissions, we just deny the upload and tell you what needs changing. Reasons we deny (other than legal/copyright) are if your submission is bogged down with bloat like object files, excessive logs, gdb cores, compiled code (not precompiled binaries for distribution…) and a few other things.

That's good, I find it really annoying downloading huge distributions and finding they're full of junk like that. However isn't a directory full of player files also bloat?

What if something like that slips through? What if you discover a codebase that had been uploaded ages ago, which contained massive bloat? Would it be left, removed, or cleaned up?

I remember some heated debates years ago when someone started adding a snippet to older codebases in the repository, and I can understand why that's a "bad thing". When it comes to fixing up older codebases so that they compile with modern compilers, I still think it's worth keeping the older version as well for historical purposes. But I can't see any value in hanging on to old core dumps, object files or player files.

And while we're on the subject of submissions, I'd still like some way to remove or at least mark obsolete code. It's irritating having to explain to people that despite its name, "KaVir's MUD Protocol Handler (Fixed Up Source Code)" is actually obsolete, and that they should instead download "KaVir's MUD Protocol Handler".
24 Oct, 2012, Davion wrote in the 12th comment:
Votes: 0
KaVir said:
That's good, I find it really annoying downloading huge distributions and finding they're full of junk like that. However isn't a directory full of player files also bloat?

What if something like that slips through? What if you discover a codebase that had been uploaded ages ago, which contained massive bloat? Would it be left, removed, or cleaned up?


I remember some heated debates years ago when someone started adding a snippet to older codebases in the repository, and I can understand why that's a "bad thing". When it comes to fixing up older codebases so that they compile with modern compilers, I still think it's worth keeping the older version as well for historical purposes. But I can't see any value in hanging on to old core dumps, object files or player files.

If it was uploaded VIA Mudbytes, it likely will not have those. If its in the merged repositories, they can be cleaned up a little as long as what was uploaded still remains intact (like I said, people don't need, or want .o files). As far as player files go, I'm thinking of this from a player perspective. This codebase was obviously not uploaded so it could become The Next Codebase. Its definitely a historical upload. If I wanted the nostalgia, maybe I want my old character that I spent 1000's of hours on.

KaVir said:
And while we're on the subject of submissions, I'd still like some way to remove or at least mark obsolete code. It's irritating having to explain to people that despite its name, "KaVir's MUD Protocol Handler (Fixed Up Source Code)" is actually obsolete, and that they should instead download "KaVir's MUD Protocol Handler".


Thanks for bringing this up. For now, I have featured you're snippet. A simple post in the discussion for file can work.
24 Oct, 2012, Hades_Kane wrote in the 13th comment:
Votes: 0
Quote
Well, somebody has to want to use the passwords. A normal person would ignore them, so one presumes there must be evil hax0rz out there downloading MUD codebases in the hopes they'll find passwords to abuse.


YOU presume. I don't think that such an assumption was a very logical or reasonable one based on context. You may try asking what someone is worried about before jumping to conclusions or blowing something way out of proportion.

Quote
You ask where the harm is in asking how to report codebases which violate this principle of not including arbitrary player data. The harm is two-fold. First, it takes time for someone to go follow up on these reports. If nobody does, there's no point in reporting. Second, let's assume some action will be taken against the violator… again, if nothing is done, it's pointless to report it. So, somebody has to spend the time to remove/flag the codebase in question, and then also take the time to (try to) track down the uploader and ask them to spend THEIR time modifying their donation, which then has to be re-validated to ensure it's now in compliance.


Thing is, when a person or team of people run a big site like this, there's things that require time. That's the nature of it. I never at any point said anything about "taking action against the violator" nor was anything in any of my posts about any of this intended or I think could even be construed as trying to light up torches and go after people. This isn't about people "violating policy" or any of this nonsense. My concern was people uploading potentially sensitive information for anyone to download. This is about -protecting- players or users or members of the community, not about punishing people that have sloppy uploads. Not allowing stolen code or Diku license violators to submit code is also probably something that discourages some submissions or participation, should we allow those too?


Quote
It would be easier for you to explain to us instead why it's your place or prerogative to remove the pfiles and/or othersuch data out of submitted files or to even be editing submitted files in the first place.


I did. At length.

Quote
I don't see where you get the nerve to think that you should be playing net-nanny with submitted mud files, giving devs yet another reason to be wary of even submitting any code here at all; particularly when there are services like Sourceforge out there that are not only superior code hosting sites, but also services that are such that you don't have to worry about some admin or moderator going through your files and editing things out as they feel so inclined for whatever reason.


Hmm, I probably picked up that nerve somewhere around the same place everyone else in the MUD community got the nerve to play net-nanny with license violators, codebase thieves, etc.

Quote
I'm also curious as to how you only go so far as editing out pfiles. Don't you think you should dig through other data in the mud submissions? How about any board notes left in submitted codebases? What if someone posted their physical address or phone number in a post somewhere on said mud? What about other commands that let you assign details to a character/account like email addresses, IM account names, and so on, and might be saved in files outside of the pfiles? Are you going to go through and edit all that out too, in the off chance someone who downloads the mud might be a prankster or worse who will use that information improperly? Surely you must feel the need to go another mile out of your way to protect people from all those kinds of remotely-if-plausible hypothetical threats too?


That's actually a valid point as well, those things, particular the "personal notes" of a game shouldn't be uploaded either. It is silly for anyone to have any sort of expectation of privacy or protection of their personal information on a MUD, but regardless, people still do use passwords for their characters they use elsewhere and people do use the in-game board systems for things they would likely be mortified for other people to have access to. You combine these things with the fact that many MUDs take email addresses or other personallty identifiable information, and that's a problem.

Quote
Oh, and what about the mud devs who upload their data here expecting that they should be able to download it again in the future intact and be able to start their game back up again from where they left off in the case of mud devs who leave the scene for a while? I know of a guy on my IM list for instance who has had to get a copy of his old mud from me on more than one occasion over the years who ended up losing the copy he had due to hard drive failures and othersuch; what if he was looking to get it from here and continue from where he left off, players and all? Oops, now all the guy's player data is gone and all his friends he wanted to bring back to said mud have to start over from scratch just because you took it upon yourself to "protect" them from themselves. Good job, guys.


I'd be more worried about the hundreds of people who logged into a game who didn't expect their personal information and private communications to become publicly available for download by anyone who wanted them, than a mud dev who was short sighted enough not to have any more backups than an upload to a MUD site that, as far as they know, could be gone tomorrow. It's those "no backup" or "single copy" MUD devs that also do the community a great disservice by putting up a MUD and betraying what should be a taken for granted level of trust that the work and time a player or builder is putting into their game won't be lost because of a computer glitch and they weren't smart enough to have a copy of the game in more than one place. As far as your friend? You are probably doing him a disservice by acting as a crutch for him. What if YOUR computer crashed, or you lost your internet or you guys were no longer in contact? Oops, guess he starts over from scratch because he couldn't be bothered signing up for any number of the probably hundreds of sites with free storage, or to burn his code to a CD or save it to a flash drive for just-in-case. Someone unable to put that little bit of work, I mean seriously, it's so ridiculously trivial, to secure his files and those of the players he may want to bring back, probably has no real business trying to run a MUD. Using a site like this as your personal storage or backup repository probably isn't the best idea either. If Mudbytes hadn't come along, imagine all of the loss that would have occured when Mudmagic went down, and had your buddy or anyone been using that site as their personal backup? Not my problem.

Quote
Lastly, it'd be helpful for others in the future (assuming there's anyone left who still even wants to submit code here) if the mudbytes rules section for content submissions actually included some mention of it apparently being against the site rules (as evidenced by administrative action removing the aforementioned data) for codebases to contain indentifying or otherwise sensitive data, so that it's not simply left up to users submitting data to wonder if their data is going to be tampered with just because it happens to fall under the little bullshit catch-all "Disclaimer" that day.


You didn't actually read the thread, did you?

I asked a question in good faith and intent, and got jumped all over for it. It was my opinion that sensitive information shouldn't be submitted, and asked if there was recourse for users of this site to submit complaints based on such, and as a result, if uploads could be modified to remove said information if that was within the site's policy or rights to do, and if that wasn't the case, what about removal of the downloads.

It was a question.

I think a reasonable reaction to my question or opinions on the matter if someone disagreed shouldn't have been mocking, condescending, aggressive, and confrontational posts, but posts either questioning my intent rather than abusrd assumptions being made on what I intended or was concerned about and putting words in my mouth, or just simply disagreement with stated reasons why. The whole tone of the replies just took a very unnecessary and menancing turn, and maybe it's the nature of an election year where it seems people can't politely or respectfully disagree with anything, but this was just ridiculous.


I'm glad that Runter, KaVir, LeMonseural, and Davion were able to participate in the discussion without the unnecessary aggressiveness.


Quote
As far as player files go, I'm thinking of this from a player perspective. This codebase was obviously not uploaded so it could become The Next Codebase. Its definitely a historical upload. If I wanted the nostalgia, maybe I want my old character that I spent 1000's of hours on.


I was thinking as a player too. As a player, I wouldn't want my potentially private information, from email address, to password, to private communication, to potentially my password, etc. just out there like that. But, I can see both sides, and thank you for answering the question. If this is the policy of the site, then it's the policy and I respect that :p
24 Oct, 2012, Runter wrote in the 14th comment:
Votes: 0
I personally think you shouldn't allow directories of personal information, but it's difficult to police. Without a doubt, it's irresponsible to distribute that information. If nothing else, sounding the alarm to other users that this is in the repository may make the original post in this thread worth while.
24 Oct, 2012, quixadhal wrote in the 15th comment:
Votes: 0
While I acknowledge that some people operate under the illusion that anything they do on the internet isn't 100% publicly plastered on a wall with floodlights and neon signs pointing at it, I also think the risk vs. reward here is incredibly tiny.

Even my old MUD uses encrypted passwords. I believe it started out with plain old crypt(), and then moved to sha256 before it shutdown and became a ghost MUD. Certainly, anyone who cared to put for a little effort could crack those… but I have to ask Hades, whom do you think is likely to put forth that effort?

Lobotomy and Davion brought up a good point about historical archiving. The biggest regret I have ever had with respect to running a MUD, was doing a player file wipe. I let my staff talk me into it, and years later, I would occasionally see an old player attempt to log in and either not be able to, or discover their old level 20 toon was gone and not feel like starting from scratch. Of course, I no longer run that MUD for anything but the nostalgia factor of having it run…. but losing former players because of a technical issue is stupid.

I do make some attempt to clean up my game for release here, but the entire game is also available via github, with the full contents of the account it's run from. Does that violate any player's privacy? No. I'll tell you why.

First, they have no privacy on a MUD. Admins can (and do) snoop them when bored, regardless of the rules you put in place. Players have been known to sneak or cast invisibility and follow others around too. And if the in-game lack of privacy isn't enough, you're connecting with TELNET, which is 100% plain text going across the internet.

At the end of the day, you are using a service that is run by someone that is NOT YOU. You have whatever rights the law requires they give you (and that varies from one host country to the next), and beyond that… whatever that admin feels like letting you have. I don't see any reasonable expectation of privacy unless the game specifically states it somewhere in the login or help files.

FWIW though, here's the bash script I use to generate backups. You'll note that the distribution backup does omit the player files, but it does retain message board data (which in my game is public anyways).

#!/bin/bash

NOW=`date "+%Y%m%d"`
SQL="wiley/backups/${NOW}_wiley.sql.bz2"

TAR="wiley/backups/${NOW}_wiley.tar.bz2"
FILES='wiley/.git wiley/.gitignore wiley/README wiley/WileyREADME wiley/attic wiley/bin wiley/docs wiley/etc wiley/lib wiley/public_html wiley/src'
EXCLUDE='–exclude=lib/log/[12r]* –exclude=wileymud* –exclude=*.[oa]'

DISTTAR="wiley/backups/${NOW}_wiley_dist.tar.bz2"
DISTFILES='wiley/README wiley/WileyREADME wiley/attic wiley/bin wiley/docs wiley/etc wiley/lib wiley/public_html wiley/src'
DISTEXCLUDE='–exclude=.git* –exclude=lib/log/[12r]* –exclude=wileymud* –exclude=*.[oa] –exclude=attic –exclude=lib/imc/*.hist –exclude=lib/i3/*.hist –exclude=wiley/lib/ply/*/*.* –exclude=src/convert/output/*'

cd /home

echo -en "Staring Database Backup…"
pg_dump wiley | bzip2 -9 >$SQL
echo -en "done.\n"

echo -en "Starting Stripped Backup…"
tar $DISTEXCLUDE -jcf $DISTTAR $DISTFILES
echo -en "done.\n"

echo -en "Staring Full Backup…"
tar $EXCLUDE -jcf $TAR $FILES
echo -en "done.\n"

cd /home/wiley
ls -l backups/${NOW}*


I should probably run that again.. it's been a while. :)
24 Oct, 2012, Runter wrote in the 16th comment:
Votes: 0
It's amazing to me that we're really having a debate about if it's responsible for a service to take the information users have given them over the years and post it all publicly. I can't really imagine a more irresponsible policy involving privacy concerns, and I wouldn't be shocked to find out that if big players did this they'd find themselves on the losing end of many lawsuits that erupted from it. Rightfully so.
24 Oct, 2012, Rarva.Riendf wrote in the 17th comment:
Votes: 0
No personal data, just imaginary names with imaginary password.
Those could just be considered test data.
To make a lawsuit, you would have to prove that the information is yours to begin with, and when no data can link it to you except your own words, it is pretty thin. (maybe with IP for the people who kept the same since then)
24 Oct, 2012, Ssolvarain wrote in the 18th comment:
Votes: 0
I don't think it really matters if it can stand up in court.

It's like breaking the DIKU license… you can without repercussion… but it's awfully inconsiderate of you.
24 Oct, 2012, Rarva.Riendf wrote in the 19th comment:
Votes: 0
Just being the devil advocate, I could just say those are randomized test data and who could prove the contrary. (I have not seen them, but from what I read from Hades, there is absolutely no personal data, so I do not think there are any reason to care). I would not say the same if there was mail or real name (often contained in the mail ) though.
24 Oct, 2012, Lobotomy wrote in the 20th comment:
Votes: 0
Hades_Kane said:
Quote
Well, somebody has to want to use the passwords. A normal person would ignore them, so one presumes there must be evil hax0rz out there downloading MUD codebases in the hopes they'll find passwords to abuse.


YOU presume. I don't think that such an assumption was a very logical or reasonable one based on context. You may try asking what someone is worried about before jumping to conclusions or blowing something way out of proportion.

No, Quix's point is perfectly valid because the exact premise of your initial post is that there's some kind of inherent threat in codebases containing pfiles as though there's some "hacker(s)" out there who are going to actually waste their time cracking some mud player's encrypted password from a released codebase for some moronic reason or another. In case you've already forgotten what you said in your initial post, here's the line in question:

Hades_Kane said:
I mean, they "encypted" to the best that a Dikurative is capable of, but I'm sure it wouldn't take much to reverse engineer the code that does that to extract actual passwords.

Much like the states trying to get voter ID laws passed (to screw with this year's elections), you strike me as someone who is trying to fix a problem that doesn't even exist.

Hades_Kane said:
Hmm, I probably picked up that nerve somewhere around the same place everyone else in the MUD community got the nerve to play net-nanny with license violators, codebase thieves, etc.

Really? Everyone else in the MUD community? Hyperbolic much, HK?

Hades_Kane said:
I'd be more worried about the hundreds of people who logged into a game who didn't expect their personal information and private communications to become publicly available for download by anyone who wanted them, than a mud dev who was short sighted enough not to have any more backups than an upload to a MUD site that, as far as they know, could be gone tomorrow. It's those "no backup" or "single copy" MUD devs that also do the community a great disservice by putting up a MUD and betraying what should be a taken for granted level of trust that the work and time a player or builder is putting into their game won't be lost because of a computer glitch and they weren't smart enough to have a copy of the game in more than one place. As far as your friend? You are probably doing him a disservice by acting as a crutch for him. What if YOUR computer crashed, or you lost your internet or you guys were no longer in contact? Oops, guess he starts over from scratch because he couldn't be bothered signing up for any number of the probably hundreds of sites with free storage, or to burn his code to a CD or save it to a flash drive for just-in-case. Someone unable to put that little bit of work, I mean seriously, it's so ridiculously trivial, to secure his files and those of the players he may want to bring back, probably has no real business trying to run a MUD. Using a site like this as your personal storage or backup repository probably isn't the best idea either. If Mudbytes hadn't come along, imagine all of the loss that would have occured when Mudmagic went down, and had your buddy or anyone been using that site as their personal backup? Not my problem.

First of all, hundreds of people? Lets be realistic here: We're talking about muds, and about muds whose source code is ever actually released; those muds generally aren't those in the top-ten with large player counts. At best, it's tens of people. Secondly, good job attacking and making sweeping assumptions about a person you know nothing about other than the little snippet I mentioned in my post for example-sake. I thought he was just unfortunate at best for having his hard drives die on him through no fault of his own, or merely lazy at the worst, but apparently according to you he's doing a great disservice to the mud community. Cool. Anyhow, lastly, that's a nice set of double-standards you have going on there: Aren't you doing a disservice to mud players out there who don't have the sensibility to change passwords between muds by acting as their crutch? Someone unable to put that little bit of work, I mean seriously, it's so ridiculously trivial, to pick secure passwords and change passwords between muds probably has no real business playing a MUD, right? How is it that the matter of players potentially having poor password (n)etiquette isn't also "not your problem"? :rolleyes:

Hades_Kane said:
You didn't actually read the thread, did you?

I asked a question in good faith and intent, and got jumped all over for it. It was my opinion that sensitive information shouldn't be submitted, and asked if there was recourse for users of this site to submit complaints based on such, and as a result, if uploads could be modified to remove said information if that was within the site's policy or rights to do, and if that wasn't the case, what about removal of the downloads.

It was a question.

I did read the thread, and the primary point I'm trying to raise here in regards to what I've apparently been seeing go on at Mudbytes once again as evidenced by stuff like…
Davion said:
We do not edit your submissions, we just deny the upload and tell you what needs changing. Reasons we deny (other than legal/copyright) are if your submission is bogged down with bloat like object files, excessive logs, gdb cores, compiled code (not precompiled binaries for distribution…) and a few other things.

…is the matter of admins/moderators acting out of sync with the stated site policies and failing to provide users with the information they need to know in order to be compliant in the first place. You know what I see when I check the site rules section regarding content submissions? This:



Not one mention of any of the stuff regarding pfiles, object files, excessive logs, gdb cores, etc. You know what I see when I go to the Upload File section of the Code Repository? This:



Not even any mention of any content submission rules at all, or even a link to the aforementioned page and section.

To a certain extent, the tone of the thread to me at the onset was that stealth edits to submissions were being done - largely in part due to Davion's follow-up comment of "I updated the file a bit." - and I may have been mistaken about that (I hope), but my larger point regarding the lack of effort made to properly inform users of this site about what all of the policies are regarding submissions stands.

Maybe, just maybe, if users of this site even knew beforehand that they're not supposed to have player files and such present in submitted files, it wouldn't happen and thus wouldn't illicit any of the over-reactive hand-wringing that started this thread in the first place. :rolleyes:
0.0/46