Nungali Posted January 28, 2016 Great idea! Do a poll! But then this isn't a democracy is it? Should it be ? I thought that died out with the ancient Greeks ? 1 Share this post Link to post Share on other sites
Brian Posted January 28, 2016 Yup. There is no test system and since when do you believe the vendor's claims or the programmers' first iteration? Besides, I had to know what others can do and the only way to find out is to try and see. Nothing I did was irreversible and if the DBA's have auditing turned on in SQL, they should have a record. I am well aware. I would also debate your idea that it is other people's data. Once a post is posted on a forum, isn't the content of the post now owned by the public domain? If it were not public domain, then surely the site owner has no right to alter any data nor delete any data as it would be an infringement of writers' copyright. I don't recall seeing a comprehensive copyright waiver when I joined TTB many years ago. Did you offer your services? Did you contact dawei or Sean, express concern about the forum's security and get permission to conduct penetration testing? Or did you consent to a memorandum of understanding and then willfully violate it simply because you felt like it? If you were a pimply faced script kiddie, that would simply be childish. Instead, you are an IT professional with years of experience so your behavior is profoundly unethical at best. You, sir, are a garden variety hack and your claim now that you "had to know what others can do" is as bogus as your defense on the basis of ambiguous legalese. Compound that with your flippant admission of juvenile glee over the reaction of those you targeted and I would describe your behavior as not just unethical but malicious. I'm not the owner or Admin here so my response will simply be to not interact with you any further as a member of this community. I'm sure you won't mind. I certainly wouldn't never consider hiring you, though. 2 Share this post Link to post Share on other sites
liminal_luke Posted January 28, 2016 (edited) Huh? Original posters can now choose to delete posts by personal whim on threads in the General section? I had no idea. As far as I know it hasn´t happened to me, but if it did that would be a strong disincentive for me to post at all. Sometimes (well, increasingly) I´m just fooling around. Saying something because I imagine it´s funny or amusing. But sometimes I put some real thought into communicating something that I find important. If my posts disappeared simply because an OP disagreed with them, I´d have a problem with that. Edited January 28, 2016 by liminal_luke 1 Share this post Link to post Share on other sites
Tibetan_Ice Posted January 28, 2016 (edited) Did you offer your services? Did you contact dawei or Sean, express concern about the forum's security and get permission to conduct penetration testing? Or did you consent to a memorandum of understanding and then willfully violate it simply because you felt like it? If you were a pimply faced script kiddie, that would simply be childish. Instead, you are an IT professional with years of experience so your behavior is profoundly unethical at best. You, sir, are a garden variety hack and your claim now that you "had to know what others can do" is as bogus as your defense on the basis of ambiguous legalese. Compound that with your flippant admission of juvenile glee over the reaction of those you targeted and I would describe your behavior as not just unethical but malicious. I'm not the owner or Admin here so my response will simply be to not interact with you any further as a member of this community. I'm sure you won't mind. I certainly wouldn't never consider hiring you, though. Contract for tests on forum security? Penetration testing? Targeted? I randomly chose a thread in the Buddhist forum with no ill intent or targeting in mind. I did what any member of this forum could without any special knowledge or ability. I don't have to contract or get paid for my services. But you should pay me for putting up with your bullshit. Are you sure you don't have a hidden agenda here? You are being overly malicious here, so it would seem that you have some kind of axe to grind. Are you living unbound? Edited January 28, 2016 by Tibetan_Ice 1 Share this post Link to post Share on other sites
gatito Posted January 28, 2016 Huh? Original posters can now choose to delete posts by personal whim on threads in the General section? I had no idea. As far as I know it hasn´t happened to me, but if it did that would be a strong disincentive for me to post at all. Sometimes (well, increasingly) I´m just fooling around. Saying something because I imagine it´s funny or amusing. But sometimes I put some real thought into communicating something that I find important. If my posts disappeared simply because an OP disagreed with them, I´d have a problem with that. No. It doesn't apply to General Discussion. See here for where it does apply. Welcome to wéi wú wéi... 1 Share this post Link to post Share on other sites
Apech Posted January 28, 2016 Contract for tests on forum security? Penetration testing? Targeted? I randomly chose a thread in the Buddhist forum with no ill intent or targeting in mind. I did what any member of this forum could without any special knowledge or ability. I don't have to contract or get paid for my services. But you should pay me for putting up with your bullshit. Are you sure you don't have a hidden agenda here? You are being overly malicious here, so it would seem that you have some kind of axe to grind. Are you living unbound? No matter what your intention I think you have demonstrated that owner's permissions are not 'safe' in any part of this board. A particular point is that the hiding action is undetectable and irreversible by either the OP or the person who did it. So unless the original poster realises their comment has been hidden, as Rex did, there is no way of knowing it happened. Unless the Admin are going to trawl regularly for this kind of thing - or grant even more permissions such as 'unhiding' it is not actually possible to self moderate. Chaos could ensue. @T_I - I think at minimum having found you could do these things you should have at minimum PM'd Admin to let them know. Otherwise any idea that this was some kind test is invalid. @Admin & Tinkerer - I hope you are considering removing owner permissions completely now. Apart from anything else DaoBums as searchable resource is at risk if we can't rely on the records of past discussions. Add to this the objections by many individuals to posting in this environment. It's clear that the database software cannot allow owner permissions in a safe and reliable form . 4 Share this post Link to post Share on other sites
Daeluin Posted January 28, 2016 I think it was a matter of time before someone tried this. TI tried it, expecting that it wouldn't work, and not realizing the rules/agreement were the only checks and balances. Again, it could have been anyone. TI reported his findings in public, and the findings were addressed. Realizing how it works, TI has been apologetic. Yes the admins are aware of how to check for these things. Nothing really unusual or unexpected happening here. 3 Share this post Link to post Share on other sites
dawei Posted January 28, 2016 So now the motion is seconded, I move to have it voted on . It was already changed before your post http://thedaobums.com/topic/40354-the-deletion-or-hiding-of-posts-without-explanation/?p=670538 Share this post Link to post Share on other sites
rex Posted January 28, 2016 Yes, that was me. Sorry. I apologize. But you must admit, it was quite a wake up call when you realize that your post disappeared. I think Apech was awakened big time today too. Thanks Tibetan_Ice! It was clear from the inception of Owners Permissions this could be done. Surely you're shitting us when you say the wording of the agreement was ambiguous and it was a complete surprise to you that you could do this? Perhaps the only good that can come out of this shenanigan is the demonstration that Owners Permissions pose a clear danger to the board's long term integrity. The disconcerting thing is that the DaoBum Management Team seem quite blasé about this. Apech's thread is still missing - what's that all about? 1 Share this post Link to post Share on other sites
Brian Posted January 28, 2016 I think it was a matter of time before someone tried this. TI tried it, expecting that it wouldn't work, and not realizing the rules/agreement were the only checks and balances. Again, it could have been anyone. TI reported his findings in public, and the findings were addressed. Realizing how it works, TI has been apologetic. Yes the admins are aware of how to check for these things. Nothing really unusual or unexpected happening here. Actually, it was several pages later in the thread, after dawei had identified T_I as the culprit, that he posted this: It is funny to see the trolls squawk when they get their posts removed isn't it? I haven't had so much fun in a long time. It is even funnier to learn that I can hide other posts in threads that are not mine. I can even edit the titles!!!! See, I changed http://thedaobums.com/topic/39785-take-me-to-the-cosmic-pussycat-inside-tibets-secret-tantric-temple/ I would suggest that before you guys implement new policies, that you actually confirm that the software works the way it is supposed to through empirical testing. Right now, anyone with owner's permissions can go edit any body else's Topic title and hide posts in threads that they did not start. Or perhaps it is only in threads that the poster with Owner's permissions posts in? I will leave your debugging to your computer experts. He wasn't testing for the benefit of the forum community. Realizing how it worked, he continued until called on it because he hadn't "had so much fun in a long time." This behavior from a punk kid is to be expected; this behavior from an IT professional is a significant breach of ethics. As I said, though, I'm neither owner nor Admin so I'm not a decision-maker but he diminishes the profession by his behavior and I choose to not interact with him any further. (I doubt he'll mind...) 1 Share this post Link to post Share on other sites
Apech Posted January 28, 2016 Thanks Tibetan_Ice! It was clear from the inception of Owners Permissions this could be done. Surely you're shitting us when you say the wording of the agreement was ambiguous and it was a complete surprise to you that you could do this? Perhaps the only good that can come out of this shenanigan is the demonstration that Owners Permissions pose a clear danger to the board's long term integrity. The disconcerting thing is that the DaoBum Management Team seem quite blasé about this. Apech's thread is still missing - what's that all about? My thread is missing? Go to DEFCON 3 ... divert main power to the DaoBums shields. 2 Share this post Link to post Share on other sites
Apech Posted January 28, 2016 My thread is missing? Go to DEFCON 3 ... divert main power to the DaoBums shields. Shit! It really is missing. Mods? Admin? where is it? Share this post Link to post Share on other sites
Daeluin Posted January 28, 2016 Actually, it was several pages later in the thread, after dawei had identified T_I as the culprit, that he posted this: ... He wasn't testing for the benefit of the forum community. Realizing how it worked, he continued until called on it because he hadn't "had so much fun in a long time." This behavior from a punk kid is to be expected; this behavior from an IT professional is a significant breach of ethics. That seems fair enough to me. I believe exploring potential vulnerabilities in sites one uses out-side of one's occupation is not unprofessional in the least. I'd rather my neighbor look quizzically at my fence post and give it a good kick for integrity than a random stranger. And I also believe it can be professional for this to be stated publicly. My neighbor may not feel it is his responsibility to walk the long (or short) way up to knock on my front door and hope I am home. Leaving a note on the road saying "Hey! Fix this fence post!" where I will see it is fine with me. However, setting up camp by the roadside and inviting passers by to come and look at the shoddiness of my fence, for his own entertainment... a friend of me this is not likely to make. I don't know if he heard or understood me when I told him why it was like that, and I didn't quite like it when he gaffawed at it with a few more onlookers. At least he was respectful about it when he finally got the message. In any case, who am I to judge. 1 Share this post Link to post Share on other sites
dawei Posted January 28, 2016 Shit! It really is missing. Mods? Admin? where is it? It's back... with the original name... And I changed your "banana" title change too Share this post Link to post Share on other sites
Brian Posted January 28, 2016 That seems fair enough to me. I believe exploring potential vulnerabilities in sites one uses out-side of one's occupation is not unprofessional in the least. I'd rather my neighbor look quizzically at my fence post and give it a good kick for integrity than a random stranger. And I also believe it can be professional for this to be stated publicly. My neighbor may not feel it is his responsibility to walk the long (or short) way up to knock on my front door and hope I am home. Leaving a note on the road saying "Hey! Fix this fence post!" where I will see it is fine with me. However, setting up camp by the roadside and inviting passers by to come and look at the shoddiness of my fence, for his own entertainment... a friend of me this is not likely to make. I don't know if he heard or understood me when I told him why it was like that, and I didn't quite like it when he gaffawed at it with a few more onlookers. At least he was respectful about it when he finally got the message. In any case, who am I to judge. I hear what you are saying but... Imagine that your neighbor is a professional fence builder. One approach might be for him to contact you and say "I think your fence looks a little shaky. Would you like for me to check it out?" Another approach might be for him to put a note on your door saying "I noticed your fence was shaky and when I touched it, it fell down. Sorry! Let me know if I can help to repair the damage." A third option might be for him to kick it down, say nothing until you called the cops, stand in the crowd laughing about it, and then later claim he did it as a professional courtesy -- and, besides, your "Private Property - Keep Out" sign didn't expressly prohibit kicking the fence from the outside, now did it? 3 Share this post Link to post Share on other sites
Apech Posted January 28, 2016 It's back... with the original name... And I changed your "banana" title change too the banana was an improvement Share this post Link to post Share on other sites
Tibetan_Ice Posted January 28, 2016 (edited) Actually, it was several pages later in the thread, after dawei had identified T_I as the culprit, that he posted this: He wasn't testing for the benefit of the forum community. Realizing how it worked, he continued until called on it because he hadn't "had so much fun in a long time." This behavior from a punk kid is to be expected; this behavior from an IT professional is a significant breach of ethics. As I said, though, I'm neither owner nor Admin so I'm not a decision-maker but he diminishes the profession by his behavior and I choose to not interact with him any further. (I doubt he'll mind...) Your malicious speach here is not appreciated. You are trying to paint me like some unethical maurader that is contravening some kind of IT Professional ethic, when in fact there is no "IT Professional Ethic" that IT professionals adhere to other than confidentiality agreements and codes of ethics that the organization that you work for makes you sign. I am not employed by TDB therefore I am not bound by any such agreement within an IT capacity. Further, I did not use any IT skills during my investigation other than clicking on buttons, something that anyone with owners permissions can do without any technical knowledge. If you think that what I did is horribly bad, then perhaps you should take a look at what real hackers could do. Like the ones from Amsterdam with the lastest decryption routines and hacks. Why would I not be concerned for the welfare of the site on which I post and have been a member of for years? As soon as I noticed that there was a thread about missing posts I responded. You may not like my tone, but then it's Apech's thread and he likes humour. And, I found it funny and quite unbelievable. So, if your agenda is to 'do me damage' by trying to prove some malicious intent, good luck with that. And, by calling me names and trying to prove ill intent in other posts not addressed to me, you are still in fact interacting with me. However, now you're doing it behind my back. Edited January 28, 2016 by Tibetan_Ice Share this post Link to post Share on other sites
Michael Sternbach Posted January 28, 2016 I hear what you are saying but... Imagine that your neighbor is a professional fence builder. One approach might be for him to contact you and say "I think your fence looks a little shaky. Would you like for me to check it out?" Another approach might be for him to put a note on your door saying "I noticed your fence was shaky and when I touched it, it fell down. Sorry! Let me know if I can help to repair the damage." A third option might be for him to kick it down, say nothing until you called the cops, stand in the crowd laughing about it, and then later claim he did it as a professional courtesy -- and, besides, your "Private Property - Keep Out" sign didn't expressly prohibit kicking the fence from the outside, now did it? My thoughts on this exactly. 2 Share this post Link to post Share on other sites
Daeluin Posted January 28, 2016 I hear what you are saying but... Imagine that your neighbor is a professional fence builder. One approach might be for him to contact you and say "I think your fence looks a little shaky. Would you like for me to check it out?" Another approach might be for him to put a note on your door saying "I noticed your fence was shaky and when I touched it, it fell down. Sorry! Let me know if I can help to repair the damage." A third option might be for him to kick it down, say nothing until you called the cops, stand in the crowd laughing about it, and then later claim he did it as a professional courtesy -- and, besides, your "Private Property - Keep Out" sign didn't expressly prohibit kicking the fence from the outside, now did it? Let's remember that he didn't press it into litigation, but once he understood, he apologized and passed some nails to help fix the fence. Certainly that's worth something. Naturally that doesn't excuse everything, but personally I'll be moving on. 1 Share this post Link to post Share on other sites
Tibetan_Ice Posted January 28, 2016 My thoughts on this exactly. The better alternative is for the person whom built the fence to beta test the fence him/herself before turning it over to the pubilc. By building a faulty fence, should a storm arise with strong winds, or were the owner or the neighbour(s) to own several viscious pit bulls, that faulty fence could become a hazard to everyone. The owner has a responsibility to others not to build hazardous traps which might compromise the safety of others. Share this post Link to post Share on other sites
Daeluin Posted January 28, 2016 The better alternative is for the person whom built the fence to beta test the fence him/herself before turning it over to the pubilc. By building a faulty fence, should a storm arise with strong winds, or were the owner or the neighbour(s) to own several viscious pit bulls, that faulty fence could become a hazard to everyone. The owner has a responsibility to others not to build hazardous traps which might compromise the safety of others. Perhaps the issue here is that the owner deliberately replaced the fence with a sign saying how and where one is allowed to trespass. Someone misread the sign and trespassed as he liked and shouted about there not being a fence, but he was missing the point. 2 Share this post Link to post Share on other sites
Apech Posted January 28, 2016 Perhaps the issue here is that the owner deliberately replaced the fence with a sign saying how and where one is allowed to trespass. Someone misread the sign and trespassed as he liked and shouted about there not being a fence, but he was missing the point. Perhaps we could take turns sitting on the fence and then off the fence. Those on-fence could cause offence to the others - and disputes solved by fencing competitions. 1 Share this post Link to post Share on other sites
thelerner Posted January 29, 2016 Let's remember that he didn't press it into litigation, but once he understood, he apologized and passed some nails to help fix the fence. Certainly that's worth something. Naturally that doesn't excuse everything, but personally I'll be moving on. eeyup. moseying on past the fences. giddy-up little doggy the sunset awaits. Share this post Link to post Share on other sites
Tibetan_Ice Posted January 29, 2016 ... Yes the admins are aware of how to check for these things. ... So the admins have the ability to monitor this activity. But what about non OP users? Do you mean I will have to monitor all my posts in topics that I did not start to make sure that my posts did not get hidden? Is there some method of notifying the poster that their poster was hidden? If I subscribe to the thread, will I be emailed when my post is hidden? Do I now have to subscribe to all my posts? What is to prevent the OP to wait a month or so and then hide posts that they did not like? Have you sentenced me and every else in this forum to watching over their posts forever and ever in topics that they did not start, in forums or sub forums that have owners permissions turned on? Share this post Link to post Share on other sites
thelerner Posted January 29, 2016 (edited) I trust the mods. I assume the only posts at risk are going to be when threads degenerate into flame wars and that kind of hiding happening very rarely. In truth, the real threat to our 'great' writing is once threads are off the first page or two, they end up getting swept away by the hands of time. Its worthwhile for people to save the best of there writing in PPD's if for no other reason its easier to find. Tibetan Ice I've found your whole threads on Jhanas to be golden. Ultimately our writing, reputation and stature has to speak for itself. Edited January 29, 2016 by thelerner 1 Share this post Link to post Share on other sites