> Colloquy -> Check for updates... if you happen to be a user.
It seems that Colloquy General preference "automatically check for new versions" is on by default. I didn't even know about #16, but when Colloquy launched, it found new version, and, with a single click of myacceptance, downloaded the new version, installed it, put old version in trash, and relaunched. Nice.
On Jan 17, 9:27 am, Rosyna <ros...@gmail.com> wrote:
> They actually fixed it before the exploit was even published because > lhm/kf were actively using it on IRC to disconnect users.
You should be very careful before going around like an internet tough, accusing people with nothing more than your own speculation. Unless you can prove that (that is, using proofs you can't tamper with, which makes pasting something out of your Text Edit window plain invalid), we request you to keep away of any future claims like these.
It's the second time we ask you politely to stop the malicious non-sense you're getting into. We aren't going to enter any claims/counter-claims cycle with you, given that you are neither technically nor personally qualified for keeping good manners (that excludes insulting, fallacies and false claims like these, without any supporting argument other than your personal issues).
There are many people out there interested on making a fool out of yourself and complicating your day. We aren't the only ones you've been insulting, but you obviously know that. The fact that someone has targeted the IRC channel where you rant is just another proof.
Given your skill base, lack of care of any type and definitive malicious attitude, developing more hostilities with people out there isn't really the best thing for you. It's a suicidal path, literally. And this is sincere, friendly advice. We have nothing personal against you, besides being a malicious retard from times to times.
Anyway, back on topic (Rosyna, you manage to include a rant in every e-mail you send): the Colloquy development team has done a *great* job on the fix (preventing that prank from continuing). Probably one of the most timely fixes released during the MoAB, including OmniGroup's one. None credited their finding, though. Certainly better than Apple, for instance.
>On Jan 17, 9:27 am, Rosyna <ros...@gmail.com> wrote: >> They actually fixed it before the exploit was even published because >> lhm/kf were actively using it on IRC to disconnect users.
>You should be very careful before going around like an internet tough, >accusing people with nothing more than your own speculation. Unless you >can prove that (that is, using proofs you can't tamper with, which >makes pasting something out of your Text Edit window plain invalid), we >request you to keep away of any future claims like these.
The first link is hosting the original unmodified file. It's also why thinks like CSS don't show up. Nothing about it was modified. Also, it's not being hosted by me or anyone affiliated with me.
Furthermore, there's about 20+ people that can verify that the tachibanalabs.com link has the original text of the advisory.
FWIW, the original Ruby file's header said "the great #macdev raid".
>There are many people out there interested on making a fool out of >yourself and complicating your day. We aren't the only ones you've been >insulting, but you obviously know that.
That kind of seems a little like a threat.
> The fact that someone has >targeted the IRC channel where you rant is just another proof.
That's funny, I don't seem to remember ever mentioning the IRC channel or the fact I was on such an IRC channel....
>Given your skill base, lack of care of any type and definitive >malicious attitude, developing more hostilities with people out there >isn't really the best thing for you. It's a suicidal path, literally. >And this is sincere, friendly advice. We have nothing personal against >you, besides being a malicious retard from times to times.
Again, this seems like a threat... --
Sincerely, Rosyna Keller Technical Support/Carbon troll/Always needs a hug
Unsanity: Unsane Tools for Insanely Great People
It's either this, or imagining Phil Schiller in a thong.
> Rosyna: >> They actually fixed it before the exploit was even published because >> lhm/kf were actively using it on IRC to disconnect users.
> You should be very careful before going around like an internet tough, > accusing people with nothing more than your own speculation. Unless you > can prove that (that is, using proofs you can't tamper with, which > makes pasting something out of your Text Edit window plain invalid), we > request you to keep away of any future claims like these.
As you are well aware, the concept of "proof" is essentially inapplicable to something as ephemeral as internet communications. However, I witnessed the events to which Rosyna refers and can attest to the following:
* At or about 0800 this morning (Wed Jan 17 2007), Central European time, several persons on the #macdev channel on Freenode IRC were repeatedly disconnected with unusual quit messages. * Several of these persons attested they were using Colloquy. * It was established that the disconnects were immediately preceeded by invitations to channels with names along the lines of #%n%n%n%n. * At least one of these persons was able to catch the name of the person sending the invitation. * The whois command (or possibly whowas) showed that said person's host mask was kfinisterre@..., a name that is familiar to watchers of the MoAB spectacle. * There was a small amount of speculation at the time as to whether this was in fact a MOAB crew stunt, or someone attempting to dirty Mr. Finisterre's name. * The bug was quickly identified and fixed; offhand, I believe this was done by Alexander Strange. * At approximately 0845 CET I saw the MOAB-16 advisory. At that time, the page included a list of people "pwned" using this exploit. The list closely matched those who had been disconnected using the very vulnerability described in the advisory.
Unfortunately I am missing some details as I do not currently have access to my IRC logs. This can be rectified in an hour or so.
On Jan 17, 2007, at 12:53 AM, st...@info-pull.com wrote:
> Probably one of the most timely fixes released during the MoAB, > including OmniGroup's one. > None credited their finding, though. Certainly better than Apple, for > instance.
If you expect Apple, a huge corporation, to release patches every time you publish an exploit, you're more deranged than I thought -- I had you pegged as the type to include annoying sounds on his web page for no good reason, and to overuse internet cliché's like PWN.
Hubris indeed.
Seriously, LMH, you're not winning any hearts OR minds by posting here. Your overly defensive attitude towards Rosyna on this pretty much solidifies it in my mind that you WERE in fact using it to disconnect users.
Why do you bother posting here except to troll, anyway?
Children, please. Let's ignore everyone's extra-curricular activities and focus on our main goal- contributing to a more secure and reliable operating system.
I love this mailing list, but it's rapidly decaying into LMH posturing and people getting offended. Let's please keep it technical?
I'm going to take this opportunity to interject with the charter of this group:
"This group serves as a gathering place to discuss the technical and coding issues for MOAB bug fixes."
This conversation has taken a turn which doesn't have anything to do with the work required analyzing or preparing fixes. People are welcome to engage in conversations about who is or isn't trying to attacking who and who hates who's freedom... somewhere else. Please do not bait each other (or be baited) into attacks and accusations here, there are plenty of other forums for the circus sideshow antics of all sides.
On 1/17/07, Colin Barrett <tim...@lava.net> wrote:
> On Jan 17, 2007, at 12:53 AM, st...@info-pull.com wrote:
> > Probably one of the most timely fixes released during the MoAB, > > including OmniGroup's one. > > None credited their finding, though. Certainly better than Apple, for > > instance.
> If you expect Apple, a huge corporation, to release patches every time > you publish an exploit, you're more deranged than I thought -- I had > you pegged as the type to include annoying sounds on his web page for > no good reason, and to overuse internet cliché's like PWN.
> Hubris indeed.
> Seriously, LMH, you're not winning any hearts OR minds by posting > here. Your overly defensive attitude towards Rosyna on this pretty > much solidifies it in my mind that you WERE in fact using it to > disconnect users.
> Why do you bother posting here except to troll, anyway?
On Wed, Jan 17, 2007 at 01:32:53PM -0500, Remy Porter wrote:
> Children, please. Let's ignore everyone's extra-curricular activities > and focus on our main goal- contributing to a more secure and reliable > operating system.
> I love this mailing list, but it's rapidly decaying into LMH posturing > and people getting offended. Let's please keep it technical?
Indeed. I was just getting ready to write something similar... The only addition is:
Please remember that others may not follow short-circuits in your logic/thinking, and that others may say (write) things in a way that doesn't match the way you would. Keep a more open mind to what people are saying and, if you don't think they're on the right track, indicate so rather than saying they just don't get it or that they're morons. Cut the absolutes and you might just find that people are smarter and more aware than you think they are.
|
