My resignation, and some background of events lead to.

Discussion about the AutoHotkey Foundation and this website
User avatar
tank
Posts: 2295
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: My resignation, and some background of events lead to.

09 Oct 2015, 17:45

AND YOUR STILL MISSING THE POINT. I have been sysops I dont need an education. I dont have time to do the work. bring it up only if you plan on helping fix it. otherwise .... Ya Ya i know. I will no longer respond to this thread. clearly I am being trolled
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
User avatar
Drainx1
Posts: 60
Joined: 29 Sep 2013, 20:40
Location: Kansas

Re: My resignation, and some background of events lead to.

09 Oct 2015, 18:55

tank wrote:AND YOUR STILL MISSING THE POINT. I have been sysops I dont need an education. I dont have time to do the work. bring it up only if you plan on helping fix it. otherwise .... Ya Ya i know. I will no longer respond to this thread. clearly I am being trolled

Please resign. You told me that you don't have the time to do things, and that's why you assigned Joe to do them. If you really don't have the time, then there is no point in you being an admin, or fighting over this stuff. If you refuse to resign, or don't change your scheduling (in other words, make time for stuff here) then you are doing exactly what poly did.

Again, I have to iterate that the live site is not a place for people with little/no experience. Dev environments are great for people who are still learning and are on the lower end of the learning curve.

I am still finding it funny that when I recalled my offer to help, I was acknowledged and given access, and I tried to help anyway.

From what I have seen, and the issues that occurred, you have not been a sysop or at least are not a modern day sysop, and if you have/are, then you really do need education on it (and if you really did work at banks, then it might be easier to hack a bank than people think.) Preventive security is #1 and backups is #2.
Here is a nice cert (that looks good on a resume) https://aws.amazon.com/certification/ce ... associate/ for your education.

actually "clean Up someone else's mess" is essentially what all security work IS.

Is just BS. When programming, you NEVER want to build the app first, then add security on it.
You want to have preventative security before you go 'Oh shit.'
If there is a mod you installed on the system, then it is your responsibility to make sure it is secure to the best of your knowledge.

Since you think you are being trolled, I highly suggest you leave your post; or be nice enough to 'go without a fight,' since it took a long while to get poly to give up power.
guest3456
Posts: 2329
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 19:01

M0doJ wrote:I will be, but as I said before, if I simply point them out, I'm not helping them learn. And that is essentially the problem right there, you guys aren't sysops, yet have taken on the role. I do not envy them, it is a very difficult job, incredibly so without much experience. Hell, you can have all the programming experience in the world, and it will not qualify you for the role. It's something only experience can teach... it's a tough damn job, but if I were to fix them for them, or, as I believe is Drainx1's point overall if you put emotions aside, I would be doing them a disservice.


lol, so while you and Drainx are on idealistic crusades, tank and joedf have to deal with the real world. they are volunteers doing their best. if you want to help get things fixed, then help.

how does one 'learn'? like you said, its something only experience can teach. so you tell them how to fix it, they go through the experience and do the work themselves, and then they learn for next time. that's how you learn. you and Drainx sitting here criticizing is a waste of time.

unless you and Drainx are suggesting that, these two volunteers, simply study up on security and then try to find the holes in the site on their own? when they already are strapped for time living their own lives, doing their real world jobs, and volunteering to do this? you can't be serious. i don't think you people are trolling, i just think you're completely oblivious

and i wouldn't be surprised if M0doj is just Drainx on a VPN

guest3456
Posts: 2329
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 19:07

Drainx1 wrote:Since you think you are being trolled, I highly suggest you leave your post; or be nice enough to 'go without a fight,' since it took a long while to get poly to give up power.


tank hasn't exhibited any dictator tendencies at all. how can you compare him to poly?

you want him to give up his post, and then leave the post empty? who is gonna take up the role? you?

you are completely misguided and holding grudges. you need to check yourself. take a deep breath. it is you who should stand down.

User avatar
Drainx1
Posts: 60
Joined: 29 Sep 2013, 20:40
Location: Kansas

Re: My resignation, and some background of events lead to.

09 Oct 2015, 19:17

guest3456 wrote:
M0doJ wrote:I will be, but as I said before, if I simply point them out, I'm not helping them learn. And that is essentially the problem right there, you guys aren't sysops, yet have taken on the role. I do not envy them, it is a very difficult job, incredibly so without much experience. Hell, you can have all the programming experience in the world, and it will not qualify you for the role. It's something only experience can teach... it's a tough damn job, but if I were to fix them for them, or, as I believe is Drainx1's point overall if you put emotions aside, I would be doing them a disservice.


lol, so while you and Drainx are on idealistic crusades, tank and joedf have to deal with the real world. they are volunteers doing their best. if you want to help get things fixed, then help.

how does one 'learn'? like you said, its something only experience can teach. so you tell them how to fix it, they go through the experience and do the work themselves, and then they learn for next time. that's how you learn.

unless you and Drainx are suggesting that, these two volunteers, simply study up on security and then try to find the holes in the site on their own? when they already are strapped for time living their own lives, doing their real world jobs, and volunteering to do this? you can't be serious. they don't have the time. if you do, then go for it.

i wouldn't be surprised if M0doj is just Drainx on a VPN

You seem to be forgetting (or because Tank removed the logs) I wanted them to learn, and they can't if I do it. I outlined the issues, and general ways to fix them.

Tank has been a dictator in the way of 'Fix them or go away.' He was told by several other staff that things needed changed and be done differently. He took those suggestions and threw them out the window with no reason why, or a reason that makes little sense to someone with experience.

I was a volunteer as well, and pointed these things out. Your point is completely invalid as I wasn't paid, they aren't paid; I was a volunteer, they are volunteers. It should also be noted that companies do PAY for security tests. Or even bugbounty programs.

I'd welcome other staff not related to this to check IPs to prove I'm not M0doJ.

I'm sorry, but I don't really see how you can be so deterministic when you have part of the story, most notably what Tank wants you to see. I really don't see how you can be defending Tank so much, but meh, he'll lose the data, not me.

If I wanted admin, or to take Tanks position, I wouldn't accept. Outright. You don't seem to know/remember I was admin under Poly before ahkscript started.
User avatar
Drainx1
Posts: 60
Joined: 29 Sep 2013, 20:40
Location: Kansas

Re: My resignation, and some background of events lead to.

09 Oct 2015, 19:28

It should also be noted that Tank and Joe have ELECTED to do this by themselves. They refuse to ask anyone for help, and will only 'accept' it if someone comes to them. In my case, they only offered it to me after I said I wasn't going to, but because I am a nice guy, I helped anyway.

They have not been in a position where they have asked for help, and Tank outright refuses to ask, when he knows he needs people. That smells of egotistic principles to me.

I also do not see how I can possibly be the bad guy here. I was given access, and reported what I found. Some of the things I couldn't fix because I wasn't aware how deep they went.
For instance, the DB username. That could be hardcoded in many places more than just the forum config file.
As far as ports, it would cause a lot of confusion to Tank and Joe if I changed up the SSH port, they wouldn't be able to connect; same with FTP.

I posted to the staff forum of my findings, that is nothing more than sending an internal email of a problem at a company.

I tried getting policies and procedures in place, which included notifying users, since platform updates were unannounced, and none of the community, or staff, knew what was happening.
lexikos
Posts: 5979
Joined: 30 Sep 2013, 04:07
GitHub: Lexikos

Re: My resignation, and some background of events lead to.

09 Oct 2015, 21:33

Drainx1 wrote:I also do not see how I can possibly be the bad guy here.
I got the impression that your insistence to remove joedf from his position and lack of willingness to compromise or cooperate is what painted you as the bad guy. And the melodrama certainly didn't help.

I appreciate your efforts, but I think that both you and tank are/were being unreasonable. I am disappointed in how things have turned out thus far.

I'd welcome other staff not related to this to check IPs to prove I'm not M0doJ.
I'm certainly not going to bother checking which IP address you posted from, since it would prove nothing. Then again, I don't care who any of you are. ;)

Tank has been a dictator in the way of 'Fix them or go away.'
From what I read of the logs you posted, it appeared to me that you were trying to dictate how tank will run the site, not just offering advice, and meanwhile apparently refusing to fill the role you demanded joedf vacate. Now you are creating drama and playing the victim - for instance, "I've been burned again" screams "drama queen". You were apparently refusing to take any action yourself, so I don't think your reaction to having your access revoked was particularly rational or well justified.

This is my bluntly honest opinion, and I mean no offense by it.

On the flip side, I don't fully understand or agree with tank's decisions, and I agree with much of what you've said, if not the way you've spoken or acted.

You don't seem to know/remember I was admin under Poly before ahkscript started.
Drama aside, I don't think I understand the relevance of your past to the current situation.
just me
Posts: 5421
Joined: 02 Oct 2013, 08:51
Location: Germany

Re: My resignation, and some background of events lead to.

10 Oct 2015, 01:32

Are you guys ready now?

I'm wondering why this discussion came up so close after it was decided to lock poly's forum.

Has ahkscript.org already been moved to one of poly's servers?
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 02:17

guest3456 wrote:lol, so while you and Drainx are on idealistic crusades, tank and joedf have to deal with the real world. they are volunteers doing their best. if you want to help get things fixed, then help.


I spoke on that. Yes, I know there's a world outside. But they have a JOB here, a RESPONSIBILITY. It is on them to fix these things. If they can't, bring on someone who can.

Drainx1 wrote:
guest3456 wrote:how does one 'learn'? like you said, its something only experience can teach. so you tell them how to fix it, they go through the experience and do the work themselves, and then they learn for next time. that's how you learn.

unless you and Drainx are suggesting that, these two volunteers, simply study up on security and then try to find the holes in the site on their own? when they already are strapped for time living their own lives, doing their real world jobs, and volunteering to do this? you can't be serious. they don't have the time. if you do, then go for it.



Yes, I want them to study up on security, and find the holes, as ANY OTHER PERSON IN THEIR ROLE WOULD HAVE TO DO. Usually you wouldn't have a nice guy come a long and point it out, you would have it exploited and have to struggle to repair even more of a mess. You're MISSING THE POINT, and so is TANK. He has a responsibility. Put aside some time and buckle the hell down. I sure as hell don't have the time to fix someone else's problems.


guest3456 wrote:i wouldn't be surprised if M0doj is just Drainx on a VPN


Because we're the only one's that seem to understand personal responsibility? Accountability for self? I'll gladly evidence that I am not, with a post on one of my public social sites.

Drainx1 wrote:You seem to be forgetting (or because Tank removed the logs) I wanted them to learn, and they can't if I do it. I outlined the issues, and general ways to fix them.

I was a volunteer as well, and pointed these things out. Your point is completely invalid as I wasn't paid, they aren't paid; I was a volunteer, they are volunteers. It should also be noted that companies do PAY for security tests. Or even bugbounty programs.

I'd welcome other staff not related to this to check IPs to prove I'm not M0doJ.


We have a similar mindset, Draino. My goal wasn't to defend you, becoming your ally, I just read your post and went to check out the site's security. I was calling them to action. I'm sorry if my posts have made the situation worse for you, checking IP's will do no good, as I am on a VPN, but I will provide proof if the masses would like, lol.

Drainx1 wrote:I'm sorry, but I don't really see how you can be so deterministic when you have part of the story, most notably what Tank wants you to see. I really don't see how you can be defending Tank so much, but meh, he'll lose the data, not me.


Initially, I wasn't going to post here, I was going to corrupt the database for good, and watch them scramble to fix the mess, but I decided not to be malicious for my own joy. I'm not THAT guy any more. I'd rather help than harm, but, very much, this. " meh, he'll lose the data, not me."

Now, if I wanted to be Admin, well, I'd just take it. I wouldn't ask, I would flip the switch, and take over the site. Luckily for y'all, I won't, because I'd shut most of this place down, it's like a harbor for script kiddies and vidya-game h4x0rz. My advise to the users would be to learn a real, robust language, not script.
User avatar
cyruz
Posts: 244
Joined: 30 Sep 2013, 13:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 07:31

Why all this drama? Is it not possible to discuss the issue without getting emotional? If there will be no outcome from the discussion we could just start a poll and ask the community, as it has been done in the past...
ABCza on the old forum.
My GitHub.
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 11:51

cyruz wrote:Why all this drama? Is it not possible to discuss the issue without getting emotional? If there will be no outcome from the discussion we could just start a poll and ask the community, as it has been done in the past...


If Tank knows his stuff, I'd rather him not step down... the position needs a knowledgeable, and capable sysop. I'm too new here to make that kind of judgement. If he doesn't. or he simply cannot make time to perform properly under the title, then he could still act as Admin, but I would suggest calling in a seasoned sysop to take over that portion of responsibility. That would be the most effective move one could make, and could be done in earnest.

If that's how things are done, by all means, but I do not trust the masses to elect someone seasoned and capable, rather than someone popular. Evaluate real world experience, don't turn it into a popularity contest.
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 12:01

I don't think Tank is incapable. I don't know the man, I don't know his qualifications, nor his track-record. I'd say he seems knowledgeable enough. Were him and I differ, he sees this as yet another problem, that yes, is important, yes, requires work, but he'll get to it in time. I see it as something that needs to be addressed immediately. I will say someone has fixed something, and looked into holes allowing SQL-injection, so progress is being made here.
User avatar
joedf
Posts: 6335
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada, Quebec
Contact:

Re: My resignation, and some background of events lead to.

10 Oct 2015, 12:02

I just want the status quo :/
I take full responsibility for my mistakes. That said, there's no need for me to defend any position, anything or anyone anymore. I feel that this is beginning to be pointless and counterintuitive...
guest3456
Posts: 2329
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 12:03

Drainx1 wrote:You seem to be forgetting (or because Tank removed the logs) I wanted them to learn, and they can't if I do it. I outlined the issues, and general ways to fix them.


you seem to forget that i was the first person to respond to this thread, and i got a chance to read all of your logs before tank removed the links

the logs made you look worse

guest3456
Posts: 2329
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 12:05

cyruz wrote:Why all this drama? Is it not possible to discuss the issue without getting emotional? If there will be no outcome from the discussion we could just start a poll and ask the community, as it has been done in the past...


here is why there is drama:

there are two hackers/sysops who are on power trips wanting to display their omniscient knowledge, and are condemning and criticizing the volunteers who aren't as smart as them. the volunteers said, "hey if you know better, go ahead and help fix these issues for us". instead, they declined and started this crusade to point out how dumb everyone else is.

that sums it up

User avatar
cyruz
Posts: 244
Joined: 30 Sep 2013, 13:31

Re: My resignation, and some background of events lead to.

10 Oct 2015, 14:49

M0doJ wrote:
cyruz wrote:Why all this drama? Is it not possible to discuss the issue without getting emotional? If there will be no outcome from the discussion we could just start a poll and ask the community, as it has been done in the past...


If Tank knows his stuff, I'd rather him not step down... the position needs a knowledgeable, and capable sysop. I'm too new here to make that kind of judgement. If he doesn't. or he simply cannot make time to perform properly under the title, then he could still act as Admin, but I would suggest calling in a seasoned sysop to take over that portion of responsibility. That would be the most effective move one could make, and could be done in earnest.

If that's how things are done, by all means, but I do not trust the masses to elect someone seasoned and capable, rather than someone popular. Evaluate real world experience, don't turn it into a popularity contest.


We moved from the old forum and acted this way, as a community, all along. It's a technical problem, it can be discussed and if somebody comes up with a good solution we can upvote it. This or wine infinitely about how things should be managed.

guest3456 wrote:
cyruz wrote:Why all this drama? Is it not possible to discuss the issue without getting emotional? If there will be no outcome from the discussion we could just start a poll and ask the community, as it has been done in the past...


here is why there is drama:

there are two hackers/sysops who are on power trips wanting to display their omniscient knowledge, and are condemning and criticizing the volunteers who aren't as smart as them. the volunteers said, "hey if you know better, go ahead and help fix these issues for us". instead, they declined and started this crusade to point out how dumb everyone else is.

that sums it up


I mostly agree, but the technical/organizational problem maybe is real and should be faced. Possibly without getting emotional or flaunting our own power.
ABCza on the old forum.
My GitHub.
User avatar
tank
Posts: 2295
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Louisville KY
Contact:

Re: My resignation, and some background of events lead to.

10 Oct 2015, 15:07

we are not on any of Polys servers. I am unsure where that idea came from As of 3 weeks ago neither is Autohotkey.com.
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request

Return to “About This Community”

Who is online

Users browsing this forum: No registered users and 4 guests