OMG that is LOUSY DESIGN if the user does not see it it
should be INSTANTLY UNLOADED to preserve my preciousss
preciouss resourcesssss.

I happen to be a fan of win2k. They got it right…but
I guess that doesn't keep the bigbucks coming in so they
had to keep "innovating".

I know a guy who works for ms who swears up and down
that 7 is *awesome* and totally totally rules, will
be what Vista should have been, etc. I hope so. Really
my biggest gripe with Windows lately is that (to
steal a delightful turn of phrase) it is DRM masquerading
as an operating system. It just makes me resent whatever
under-the-hood stuff it is doing that Win2k didn't do.

BTW, how does this adobe flash proxy work?

-Crat
http://lpmuds.net

It's probably Flash talking locally to a program that makes a normal telnet connection, instead of Flash trying to connect itself.

Kudos!

So you're saying that my connection to a mud goes to Orrin's server, and then
he serves as a telnet proxy to the target mud. Ya?

Meaning that all my info, password, tells and chats go through a proxy
he can snoop, ya?

Orrin, is this right?

-Crat
http://lpmuds.net

It is telnet, every time you use a telnet connection your password is passed through X number of computers unencrypted, anyone at anytime can snoop it and discover your secrets.

Quite right.

I am simply curious whether Orrin has inserted himself into the list
of people in a position to snoop that stream. I did some tests with
netstat and his site, and sure enough, it does appear that for
at least one mud, that is exactly how it works. Orrin's client first
connects to Orrin's server, and data shuttles back and forth
across Orrin's machine.

Now I know.

-Crat
http://lpmuds.net

Um, it's a proxy so that the hosts don't have to have the flash file installed to accept….

Yeah, _any_ machine that info passes through can have a packet sniffer… maybe a little less omfg lets light the torches and tie the posts? Mudmagic's site client did the _exact same thing_.

So did TMCs java client. Casual packet sniffing by random 3rd parties isn't as widespread as people think. Especially when there's little to gain from it. So you're essentially just questioning Orrin's motives for no good reason at all, which I think is uncool.

I agree with you on this, i spoke with crat about this today on IMC as i felt that the question he asked was loaded and divisive, because as you have pointed out it called into question Orrin's motives for offering to proxy the use of Fmud to those who cannot run the flash policy. I now understand that it was not Crats intent to be divisive, but i think that the question could have been better worded.

hmm…




hmm…




Correct. I asked the question because I wanted to know the
answer. Ever since Orrin released his client I've found it
very nice and have said so repeatedly. I've worked with it
and found some technical roadblocks to using it. He found a
solution, and I wanted to know more about it.

That's number one.

Number two is that if it does work like every other telnet
proxy in the world (big deal) then I want to know that. I
agree that plaintext telnet being monitored is not unusual
or automatically sinister.

However.

No offense to folks here, but if one of you were in a position
to snoop into my activities on a mud, I'd damn sure like to know
it. It's worth knowing if someone here can snoop you, right? I
think there's a bit of a difference between your mud host being
able to snoop you and just-some-guy on this forum being
able to snoop you. It's worth knowing, and I wanted to know it.

I would add that I think it is a good idea for Orrin to make
more explicit on his web site how this client works and that
all data entered into it is visible to him. I'm not making a call
for pitchforks here. I am, however, asking for him to make
this information more obvious. If it's not just a portal, but
indeed an actual proxy, people should know that up front.

I see no torches here. Nor do I see me accusing anyone
of malicious intent. Let's calm down a bit, folks.

-Crat
http://lpmuds.net

I've stated several times that the mudgamers client uses a proxy and I'd have thought the implications of that were obvious. Both TMC and Mudmagic use(d) a proxy in the same manner for their java clients so I didn't think it was a particularly controversial move.

I have absolutely no interest in snooping anybody's game sessions, nor the time to engage with anyone who thinks otherwise.

*grabs the torch and the pitchfork and stands behind Crat* He made me light it, didnt he DavidHaley? :tongue: :tongue:

It may be the exhibitionist in me, but I always feel a slight tingle at the thought of being snooped. :redface:

Does the i3 router have a disclaimer that states that it is technically possible for the router maintainer to snoop all private tell discussions, that all private data is logged or loggable, that specifically that you have access to the data?

Yep.

http://lpmuds.net/intermud.html#security

-Crat

It isn't. I think just about everyone here realized a proxy is a proxy and was perfectly aware that using plain telnet to connect to a proxy is rather less than secure. It just seems that when connecting to that proxy, people get their hackles up. Whereas connecting to their MUDs directly doesn't seem to bother them. Despite obviously traveling across the great wide internet of insecureness.

I mean hell, nobody gets all upset and bothered about the fact that every last host who hosts MUDs on their boxes has the potential to snoop the connections. Nobody gets all upset and bothered about the fact that things like intermud are not only potentially snoopable, but already more or less are being snooped due to logs generated from the public channels. Most of us even use insecure email for things that really should be getting sent via an encrypted session. Plenty of people seem to have no trouble connecting to anonymous web proxies they know nothing about, ironically thinking themselves more secure than if they hadn't. A great many users don't even pay any attention to what their own PCs are freely offering the world - sometimes without their knowledge.

So yes, personally when I hear someone say something crackpotish like "but he can snoop me" I can only assume their either paranoid as hell, or have some other agenda behind it.

BTW, this forum uses plain text. Someone might be snooping what you say here. Watch out. *waves to the NSA*

This is a straw man argument. You are arguing against
hackles unraised in this thread. I have suggested that
disclosure on Orrin's site of the fact his client uses
a proxy is a good idea.

It might interest you to know that I investigated the
TMC client and found that it uses a proxy, AND that
it claimed to establish a direct connection to each
mud. When alerted to this infelicitous language, Iccy
did the right and proper thing and changed it, to
disclose that folks using that client were indeed
using a telnet proxy.

That is what I expect of a responsible operator of
a commercial website in a position to collect private
information valuable to his paying customers.

Similar disclosure on his commercial site is what I
expect of Orrin. Whether he actually *does* snoop on
people is not my point.



:)

-Crat
http://lpmuds.net

Seems like an awful lot of effort for no real gain other than to alarm a whole lot of people over the plainly obvious. The whole "responsible operator" thing is a straw man as far as I'm concerned, and in looking at the thread you link, pretty much everyone there thought you were being paranoid about it.

It's just plain stupid to make such a big deal over something we all knew was painfully obvious. It's telnet. If the insecurity of the protocol is such a problem, don't use it.



I'm sure by now you realize I've got an agenda behind a lot of what I post, yes? That is of course the entire point of having a 1st amendment and all that, right? Or was there something else you wanted to say about my blog? And if you do, I'm sure the rest of everyone here would prefer you take it to PMs, as I have no intention of engaging in a debate about it here.

A simple statement clarifying that it's a proxy isn't "an awful lot
of effort".



If it's so unremarkable, it shouldn't be alarming. You
can't have it both ways.



I think you should look up "straw man": http://en.wikipedia.org/wiki/Straw_man



Nice.




Orrin's client, as he distributes it, doesn't use his proxy.
It is not obvious to a user of his client that the version
on his website does use a proxy. Nor do I think it's obvious
in general that this is how it works.




That is a straw man.

-Crat
http://lpmuds.net

Straw man. You mean like scarecrow? If I toss a match at him will he scream like a little girl? Hmm. And besides. I don't see what the big deal is. And isn't this something that you should have mentioned to him in PMs Crat? I mean.. If it's something you have a problem with, and it doesn't pertain to this site, would it not make more sense to handle it privately thus avoiding this big drawn out debate over insecurity issues.. Oh wait. How could you get #100 if the thread didn't have rambling arguments. :P