Author Topic: RBL - Ephialtes (Read 7276 times)

cucumberdude · March 10, 2011, 03:30:27 AM

There's been a bit of hubhub about this recently, and if you read Sheath's 'Blockland Bulletin' you'll know that there's been a lot of controversy over this.

I decided to put together a 100% objective fact sheet detailing what's been going on, and it looks like tonight the whole thing has finally reached it's conclusion. Hopefully reading this will allow you to see for yourself what's really happening here.

Before you read this or comment, just know that I openly admit that I have made mistakes. Namely, my initial refusal to encrypt passwords. For this, I apologize. Kalphiter is/was of course right - having passwords unencrypted is a security risk. Again, I regret not being initially more receptive and reasonable about the matter and simply putting it in place ASAP. I'm stubborn like that.

http://sterlingvitcov.com/rbl.php

Enjoy the drama, and again - I encourage you to make up your own mind about this.

If you spot anything subjective about the timeline thing, please tell me and I'll fix it.

@EPHIALTES
I don't think this constitutes posting the website again - there is no link or anything. I have even used an acronym to refer to the service to avoid any removal of the topic. If that is even a problem, I can remove it, but I fear that the title might be ambiguous. It's entirely up to you.

Ad Bot · Advertisement

SeventhSandwich · March 10, 2011, 03:42:55 AM

So did passwords get leaked?

in which case I should change my forum password?

SeventhSandwich · March 10, 2011, 03:43:47 AM

olol I used my handicap password.

good thing I didn't use my good one.

Feep · March 10, 2011, 03:45:01 AM

why dont you get everyone else to post your topic.

we like it, it's coo beans.

i mean ephialtes is a coolbro at times, but he is also very brown town about his popularity on that site being in the negatives
why else would he take the link down???

cucumberdude · March 10, 2011, 03:45:05 AM

Did you read it?

No, not at all.

I can't prove that I haven't read them back when they were unencrypted, but I give you my word that I didn't take the time to trawl through a database of a thousand different people to try and find your password. Really, I pinky promise.

cucumberdude · March 10, 2011, 03:46:49 AM

No edit :C

anyways, that was in response to Sev

Quote from: Feep on March 10, 2011, 03:45:01 AM

why dont you get everyone else to post your topic.

we like it, it's coo beans.

i mean ephialtes is a coolbro at times, but he is also very brown town about his popularity on that site being in the negatives
why else would he take the link down???

I appreciate the support. Though, his rating is +57, not negative :3

Feep · March 10, 2011, 03:49:26 AM

Pah, still.

Technically you're not breaking any rules so he has no right to get rid of your linkies, who cares, it's an external link, it's our issue not his.

cucumberdude · March 10, 2011, 03:51:32 AM

Quote from: Feep on March 10, 2011, 03:49:26 AM

Pah, still.

Technically you're not breaking any rules so he has no right to get rid of your linkies, who cares, it's an external link, it's our issue not his.

Well, if the site really was a serious threat to Blocklanders, as a mod he could definitely justify removing it.

The fact is that now that passwords are encrypted, he's in the wrong to ban the site IMO.

Sefou · March 10, 2011, 03:55:53 AM

The sheet is too hard too read.

cucumberdude · March 10, 2011, 03:59:08 AM

Quote from: Sefou on March 10, 2011, 03:55:53 AM

The sheet is too hard too read.

Ay, it's a bit messy but I'm not sure how I can improve it - any ideas?

cucumberdude · March 10, 2011, 04:00:19 AM

Okay, I increased the spacing - that should help.

Destiny/Zack0Wack0 · March 10, 2011, 04:51:37 AM

Quoting this from my post in the Blockland Bulletin topic;

Quote from: Destiny/Zack0Wack0 on March 10, 2011, 04:34:51 AM

If you're stupid enough to sign up for a site that isn't professionally maintained (heck, I wouldn't even trust myself) with your global password, it's your own fault. HOWEVER, this should have been hashed from the beginning. Making an advertised site on a forum with people that aren't all tech smart with no password hashing was a bad idea. No doubt some children or people who just weren't thinking about it signed up with their global password. It's just asking for someone to come along and inject the passwords out of the database or something similar.

Why is it not hypocritical for Ephialtes' to say that no user-maintained websites should be allowed? Because Ephialtes is a professional programmer. You can go along thinking it's hypocritical all you like but at the end of the day we all know that Ephialtes can be trusted. RTB 2+ has been in service for a few years now. If Ephialtes was secretly sitting in his grandma's attic stealing unhashed passwords someone would have complained about it already.

Iban · March 10, 2011, 07:25:13 AM

We can all point and laugh at the people that would sign up with their global password that is then leaked as plain-text, but what you need to understand is that this is a community for children who will make these kinds of mistakes.

The service was petty and it's not really worth getting this upset over. Sure, it sucks when someone ruins your claim to fame, but I would rather it end this way than to have someone like Kalphiter get away with a bunch of people's passwords and end up taking their Neopets accounts or some stuff.

Destiny/Zack0Wack0 · March 10, 2011, 07:47:00 AM

Quote from: Iban on March 10, 2011, 07:25:13 AM

We can all point and laugh at the people that would sign up with their global password that is then leaked as plain-text, but what you need to understand is that this is a community for children who will make these kinds of mistakes.

The service was petty and it's not really worth getting this upset over. Sure, it sucks when someone ruins your claim to fame, but I would rather it end this way than to have someone like Kalphiter get away with a bunch of people's passwords and end up taking their Neopets accounts or some stuff.

I agree entirely.

cucumberdude · March 10, 2011, 11:25:33 AM

Quote from: Iban on March 10, 2011, 07:25:13 AM

We can all point and laugh at the people that would sign up with their global password that is then leaked as plain-text, but what you need to understand is that this is a community for children who will make these kinds of mistakes.

Again, NO PASSWORDS WERE LEAKED.

Quote from: Destiny/Zack0Wack0 on March 10, 2011, 04:51:37 AM

[...] HOWEVER, this should have been hashed from the beginning. [...]

Quote from: cucumberdude on March 10, 2011, 03:30:27 AM

Before you read this or comment, just know that I openly admit that I have made mistakes. Namely, my initial refusal to encrypt passwords. For this, I apologize. Kalphiter is/was of course right - having passwords unencrypted is a security risk. Again, I regret not being initially more receptive and reasonable about the matter and simply putting it in place ASAP. I'm stubborn like that.

Quote from: Iban on March 10, 2011, 07:25:13 AM

but I would rather it end this way than to have someone like Kalphiter get away with a bunch of people's passwords and end up taking their Neopets accounts or some stuff.

I suppose so. But honestly consider - what could I really want with a thousand lego game forum accounts?

I guess accounts ARE more valuable now that they are tied to keys. All the same, I'm pretty sure that if I was stealing accounts, people would notice. And trust me, I don't really want that on my record.