Is it mine yet?

[KirasEmail]

I've noticed that most muds say that they are a heavily modified version of
this code or that. Some of them are actually telling the truth, and some just
add a new race or two, change the greeting, and pretend to be modified. I am
currently working on my own mud project. I may or may not ever finish it, and
people may or may not ever play it. (weather I suceed or fail I'm having fun
writing the code....Ok, I'll get to my point). At what point does a mud go
from being a heavily modified Envy mud, to being MyMud version 1.0, based on
Envy? Obviously, you have to do more than ad a spell or two, but how much code
must be original? I know that all original credits must remain intact (Envy,
Merc, Diku etc.) and I'm not trying to take credit that I don't deserve, I'm
really just curious at what point is the transition made?

The Angel Kira

[FUNUCK]

My guess would be if over half of the source was yours or that you have so
radically changed the mudd that people think it is a new type of mudd. This is
just my stab at it.

[George Reese]

KirasEmail <kiras...@aol.com> wrote:
: I've noticed that most muds say that they are a heavily modified version of

The answer is never. Your work is always considered a derivative work
both legally and morally. If you want a work to call your own, write
it from scratch.

--
George Reese (bo...@imaginary.com) http://www.imaginary.com/~borg
"In our fear, we make an image, and that image we call God."
Antonius Block in The Seventh Seal
PGP Key: http://www.imaginary.com/servlet/Finger?user=borg&verbose=yes

[Garry Turkington]

On 2 Dec 1997, George Reese wrote:

> KirasEmail <kiras...@aol.com> wrote:
> : from being a heavily modified Envy mud, to being MyMud version 1.0, based on
> : Envy? Obviously, you have to do more than ad a spell or two, but how much code
> : must be original? I know that all original credits must remain intact (Envy,
> : Merc, Diku etc.) and I'm not trying to take credit that I don't deserve, I'm
> : really just curious at what point is the transition made?
>
> The answer is never. Your work is always considered a derivative work
> both legally and morally. If you want a work to call your own, write
> it from scratch.

I don't think he was trying to claim a deritavie mud wasn't. As soon as
you add one line of new code, that change is copyrighted to you, and
there's really nothing to stop you calling your mud "Mymud version 1.0",
as long as you keep all original credits and attributions and don't try to
claim your work is not derivitive. Unless you write your codebase
*entirely* from scratch, it will *always* be considered a derivitive work,
no matter what changes and additions you add.

Garry
--
G.A. Turkington g.turk...@qub.ac.uk Tel: +44-(0)1232-274618
Image Processing Specialist Group, The Queen's University of Belfast
"The road to hell is paved with melting snowballs." Larry Wall

[George Reese]

Garry Turkington <ga...@reddwarf.qub.ac.uk> wrote:

: On 2 Dec 1997, George Reese wrote:

:> KirasEmail <kiras...@aol.com> wrote:
:> : from being a heavily modified Envy mud, to being MyMud version 1.0, based on
:> : Envy? Obviously, you have to do more than ad a spell or two, but how much code
:> : must be original? I know that all original credits must remain intact (Envy,
:> : Merc, Diku etc.) and I'm not trying to take credit that I don't deserve, I'm
:> : really just curious at what point is the transition made?
:>
:> The answer is never. Your work is always considered a derivative work
:> both legally and morally. If you want a work to call your own, write
:> it from scratch.

: I don't think he was trying to claim a deritavie mud wasn't. As soon as
: you add one line of new code, that change is copyrighted to you, and
: there's really nothing to stop you calling your mud "Mymud version 1.0",
: as long as you keep all original credits and attributions and don't try to
: claim your work is not derivitive. Unless you write your codebase
: *entirely* from scratch, it will *always* be considered a derivitive work,
: no matter what changes and additions you add.

I interpreted the question as 'when is the code-base mine?'.
Naturally, any code you ever write is yours. But unless a work is
100% yours, the work as a whole is subject to any restrictions placed
upon you by the original work. In cases such as with NM, one
restriction is you can never change the name.

[Derek]

KirasEmail (kiras...@aol.com) wrote:
: I've noticed that most muds say that they are a heavily modified version of
: this code or that. Some of them are actually telling the truth, and some just
: add a new race or two, change the greeting, and pretend to be modified. I am
: currently working on my own mud project. I may or may not ever finish it, and
: people may or may not ever play it. (weather I suceed or fail I'm having fun
: writing the code....Ok, I'll get to my point). At what point does a mud go

: from being a heavily modified Envy mud, to being MyMud version 1.0, based on
: Envy? Obviously, you have to do more than ad a spell or two, but how much code
: must be original? I know that all original credits must remain intact (Envy,
: Merc, Diku etc.) and I'm not trying to take credit that I don't deserve, I'm
: really just curious at what point is the transition made?

As mentioned already, as soon as you make one change, technically you can
call the new product MyMud 1.0, based on Envy or whatever it was based on.

Sadly, there are quite a few derivative code bases out there that are little
more than the original code base with a few snippets patched in.

If you're going to release a "new" derivative to the community, please make
sure that most of the changes are your OWN any not just publically available
snippets.

Also, adding some spells races and classes hardly counts as a "new"
derivative. There should be new skills, as well as some decent code
enhancements and features. If the original code base is lacking of some
common MUD features, they should be added. Known bugs in the original code
base should be fixed.

"Heavily modified" has become the buzz-word in the mud community. Everyone
has a "heavily modified" mud... though how "modified" that mud actually is
is up to the discretion of the person running the mud.

If your mud truly is heavily modified, then it could easily become a new
derivative if you desired to make it publically available.

A good example of a derivative being heavily modified from the original, is
the difference between DikuMud and Merc2.x (Merc 1.0 wasn't THAT much
different from the original DikuMud, but Merc 2.0 was).

Most 1.x versions of derivatives are not that much different from the
original work. There are some exceptions (ie: Merc2.1 --> Smaug 1.x,
and Merc --> TheIsles/NiMud) to this rule, but the big developmental
changes rarely come out in the first release of a derivative.

[Richard Woolcock]

Derek wrote:

[snip]

> If your mud truly is heavily modified, then it could easily become a new

> derivative if you desired to make it publically available.[snip]

Okay, question...what if some of my code is released without my permission
and I don't WANT it to be a derivative because:
a) It sucks, and
b) I'm embarrassed about it, but
c) Everyone who can get their hands on it insists on running it anyway?

Am I then able to 'deny' it being a derivative?

KaVir.

P.S: I don't call my mud heavily modified, I just say 'Based on Merc 2.1'.
Its current 676% the size of Merc 2.1 (over one hundred thousand extra lines
added since 1994), and growing. Why should I say its heavily modified? The
mud can speak for itself.

[John Adelsberger]

George Reese (bo...@imaginary.com) wrote:
: The answer is never. Your work is always considered a derivative work

: both legally and morally. If you want a work to call your own, write
: it from scratch.

This is neither what the US copyright law says nor what makes sense, but
I tend to think most mud writers should adopt it as a standard anyway.
US copyright law, in point of fact, says that if your work is 'significantly
different**' from another work, it is a new work with its own copyright.

Even so, if you want your _own_ code, _write_ it instead of pretending.

** I'm not sure if this is the exact phrase, but I had _extensive_ schooling
in how to detect/avoid/deal with plagiarism, and something to this effect is
in fact the law, whether anyone here likes it or not:-)

--
John J. Adelsberger III
j...@umr.edu

"I'm the root of all that's evil, but you can call me Cookie." - Bloodhound
Gang

[John Adelsberger]

George Reese (bo...@imaginary.com) wrote:
: Naturally, any code you ever write is yours. But unless a work is

: 100% yours, the work as a whole is subject to any restrictions placed
: upon you by the original work. In cases such as with NM, one
: restriction is you can never change the name.

Er... no... you have to give credit to the original, but if your work is
'significantly different' from the original, you are not bound to name it
following the original. You must, of course, cite the original, but this
is not the same thing, and all the idiots who claim you have to do it on
a title screen will find out sooner or later that the law disagrees with
them:-)

[Garry Turkington]

On 2 Dec 1997, George Reese wrote:
>
> I interpreted the question as 'when is the code-base mine?'.

> Naturally, any code you ever write is yours. But unless a work is
> 100% yours, the work as a whole is subject to any restrictions placed
> upon you by the original work. In cases such as with NM, one
> restriction is you can never change the name.

Ahh.. I think perhaps the crossed wires here are from our being in
diffferent mud worlds.. I deal with Diku derivatives mostly, where changed
name derivatives are very much allowed. Sorry for the confusion :)

[The Wildman]

On Wed, 3 Dec 1997 11:00:23 +0000, Garry Turkington uttered the words:

More than allowed, they are mandatory. You cannot, for instance, name your
mud AnotherROM.

--
The Wildman says:
What part of nospam didn't you understand? If you are selling it, offering it
for a fee, or anything else that has nothing at all to do with my post then
I DON'T WANT IT!!!

[Derek]

Richard Woolcock (Ka...@dial.pipex.comNOSPAM) wrote:
: Derek wrote:

: [snip]
: > If your mud truly is heavily modified, then it could easily become a new
: > derivative if you desired to make it publically available.[snip]

: Okay, question...what if some of my code is released without my permission
: and I don't WANT it to be a derivative because:
: a) It sucks, and
: b) I'm embarrassed about it, but
: c) Everyone who can get their hands on it insists on running it anyway?

: Am I then able to 'deny' it being a derivative?

It's still a "derivative", though maybe not an official one.

If your code was stolen and people started passing it around, you should
be more inclined to clean it up and make an official release rather than have
people getting an unofficial bastardized/pirated version which embarrasses
you, and instead have a version to be proud of.

[Derek]

The Wildman (nospam-...@prodigy.net-nospam) wrote:
: More than allowed, they are mandatory. You cannot, for instance, name your
: mud AnotherROM.

Could you name your ROM derivative "Rivulets Of Mire"?
How about "Romola"? "Romorama"? "Rerom"? "Romulus"? "Rom Chip"? "Eprom"?

[Walter Jason Goodwin]

In article <663lm8$1do4$1...@newssvr04-int.news.prodigy.com>,
The Wildman <nospam-...@prodigy.net-nospam> wrote:

>More than allowed, they are mandatory. You cannot, for instance, name your
>mud AnotherROM.

To the best of my knowledge, thats only ROM, For instance, I'm sure you could
call your derivative DIKU++ if you really wanted to.

[The Wildman]

On 3 Dec 1997 14:28:08 GMT, Derek uttered the words:

>The Wildman (nospam-...@prodigy.net-nospam) wrote:
>: More than allowed, they are mandatory. You cannot, for instance, name your
>: mud AnotherROM.
>

>Could you name your ROM derivative "Rivulets Of Mire"?
>How about "Romola"? "Romorama"? "Rerom"? "Romulus"? "Rom Chip"? "Eprom"?

*shrug* According to Russ Taylor, no.
But I'd like to see him try and stop anyone. :)

[George Reese]

The Wildman <nospam-...@prodigy.net-nospam> wrote:
: On 3 Dec 1997 14:28:08 GMT, Derek uttered the words:

:>The Wildman (nospam-...@prodigy.net-nospam) wrote:
:>: More than allowed, they are mandatory. You cannot, for instance, name your
:>: mud AnotherROM.
:>
:>Could you name your ROM derivative "Rivulets Of Mire"?
:>How about "Romola"? "Romorama"? "Rerom"? "Romulus"? "Rom Chip"? "Eprom"?
: *shrug* According to Russ Taylor, no.
: But I'd like to see him try and stop anyone. :)

What kind of asshole uses someone elses free technology in a way
inconsistent with their wishes?

[Richard Woolcock]

The problem is I don't have a copy of the 'old' version that got out - and
although I have managed to get hold of a copy that was floating around, the
guy who took the copy from me got his friend to 'improve it', which has
resulted in the worst mess I have ever seen in my life. To give you an idea
of just how dire the situation is, check this note he posted to a local BBS
system around about the same time he decided to 'work on my code':

[Richard Woolcock]

Oops sorry, I accidently sent that instead of paste. Okay, let me carry on.
Here is a message the guy (who's name I will leave out) posted around about
the same time he began playing with my code (its actually dated Nov 8th 1996):
----------
Subject: Okay just a simple query, i havent even started learning C yet, or
coding my mud.
If i wanted players to gain a hp when they lost say 10 times there current hp's
would i have to add a value into there pfile such as Damage_taken or would it
be possible to have it done online?
----------
I'll kindly leave out his previous post about wanting to write a mud in COBOL.
Suffice to say that the version floating around is a complete mess, and I really
don't fancy trying to fix all the pointer problems (I did have a go).

I don't want to release my current version because its now completely different
from the leaked one (its also about twice the size). Besides, given the choice
of:

a) Running a unique mud, with lots of players who play it for that reason, or:
b) Running a stock mud, with few players (most decide to run their own version).

I think most people would be inclined to go for the first choice. Sure, it
would be nice to have recognised work - but I don't have time for all the
newbie questions. Maybe I'll do it sometime, but for now I just want to get
my current code fixed so that I can enjoy playing it - something I have not
done in (literally) years.

KaVir.

[FUNUCK]

My personal nad not legal feelings is if you used it as a refreance then you
should have something like a works cited on all the things that you used to
help in building your mud. Wether or not you have to have it on your title
pages is somthing that has to be decided by the legal people. I would put
anyones name in a help file that helped me in anyway so as to not step on
anyones toes. Just a common practice. As for if someone stole your code
without your permission I would be more include to say that the loser in the
first place cound not code with a shit anyways. Yet people steal like a thief
anyways so I would incline to agree with KaVir on what he said. Just remember
source code is like a work of art to a programmer. Not a single person codes
alike because there are so many ways to tackle a problem that it is not funny.
So are better then others but it is still a work of art anyway you put it.

Chris

[John Adelsberger]

The Wildman (nospam-...@prodigy.net-nospam) wrote:

: More than allowed, they are mandatory. You cannot, for instance, name your
: mud AnotherROM.

Um... unless the guy who owns ROM has trademarked it and has a history of
defending said trademark in court against any and all who would 'infringe'
upon it, you certainly can. His licence might say otherwise, but you want
to bet me some money on whether that licence stands a prayer of being
enforcable? Maybe ROM in particular was written by a lawyer, but most
software licences I see are so pathetically full of holes and imprecise
language that any decent lawyer could probably convince a judge that _I_
was the rightful owner. Of course, this doesn't make code theft ethical,
but lets just not talk about legalities unless you actually know that of
which you speak:-)

[Vic Hoover]

George Reese (bo...@imaginary.com) wrote:

: I interpreted the question as 'when is the code-base mine?'.
: Naturally, any code you ever write is yours. But unless a work is
: 100% yours, the work as a whole is subject to any restrictions placed
: upon you by the original work. In cases such as with NM, one
: restriction is you can never change the name.

Hmm, I remember seeing that restriction in the Nightmare IV release. Did
it also apply to Nightmare 3.1 and 3.2?

}:>

[Derek]

Richard Woolcock (Ka...@dial.pipex.comNOSPAM) wrote:

: > > Derek wrote:
: > > If your code was stolen and people started passing it around, you should

: > > be more inclined to clean it up and make an official release rather than have
: > > people getting an unofficial bastardized/pirated version which embarrasses
: > > you, and instead have a version to be proud of.

: I don't want to release my current version because its now completely different

: from the leaked one (its also about twice the size). Besides, given the choice
: of:

: a) Running a unique mud, with lots of players who play it for that reason, or:
: b) Running a stock mud, with few players (most decide to run their own version).

: I think most people would be inclined to go for the first choice. Sure, it

: would be nice to have recognized work - but I don't have time for all the

: newbie questions. Maybe I'll do it sometime, but for now I just want to get
: my current code fixed so that I can enjoy playing it - something I have not
: done in (literally) years.

First of all, anyone wanting to write anything in COBOL, let along a MUD has
to be a complete wacko who knows nothing about programming.

Releasing your code will not make your mud a "stock mud". Your mud will be
the ORIGINAL, and will always remain a step ahead of the released version
because you (and your coding team if any) will continue to work on it after
releasing it.

If you have a well established player base, they are not all going to leave
because you release your code.

Realms of Despair is one of the largest MUDs on the Internet, regularily
peaks over 450 - 500 players online, and we released our code base
publically almost a year ago. Releasing the code base (SMAUG) seemed to
make our mud even more popular.

-Thoric

[Derek]

Ron Cole (clo...@concentric.net) wrote:

: Actually, if you are smart you've coded "back doors" into your
: code that only you know about. Our code, for instance, have a number
: of "secret codes" that will allow us to do various things (become
: immortal, delete the executable and all files, etc, etc..). That way,
: the code remains yours and yours alone if stolen. :)

Real smart... so if someone steals the code, not only do they have a copy,
they can figure out the back door, and come and delete all files on your
mud machine. Unless they didn't get the source code.

[George Reese]

Vic Hoover <t...@Radix.Net> wrote:
: George Reese (bo...@imaginary.com) wrote:

Not entirely the same, but similar. Nightmare IV is a different
codebase anyways.

[Ron Cole]

Derek wrote:
>
[snip]

> If your code was stolen and people started passing it around, you should
> be more inclined to clean it up and make an official release rather than have
> people getting an unofficial bastardized/pirated version which embarrasses
> you, and instead have a version to be proud of.

Actually, if you are smart you've coded "back doors" into your

code that only you know about. Our code, for instance, have a number
of "secret codes" that will allow us to do various things (become
immortal, delete the executable and all files, etc, etc..). That way,
the code remains yours and yours alone if stolen. :)

-= Rindar

[Jon Lambert]

In article <666hjg$e0k$1...@newsbell.bellglobal.com>, Derek says...

>
>
>First of all, anyone wanting to write anything in COBOL, let along a MUD has
>to be a complete wacko who knows nothing about programming.
>

Well I have to strongly disagree with this "on principle". I have spent
a good deal of my career writing COBOL and Fortran and I know dozens of
competent programmers who are quite content with it. Believe it or not
there is still significant development going on in COBOL. It has also
received an object-oriented facelift recently. From a technical standpoint
COBOL on-line conversational programs are more difficult to write and
maintain than those in C.

Don't get me wrong. The mere mention of COBOL nauseates me and my
telephone line suddenly has technical problems after a client mentions
it. It is also interesting to note that the supply of COBOL programmers
is rapidly dwindling and the salaries of the good ones left have climbed
rather rapidly in the last few years. Of course I don't think its an
wise long-term career choice.

As a language to create a MUD server it does pose problems, although it
_has_ been used before. Versions of some of the earliest mainframe muds
"Adventure" and "Colossal Caverns" exist in Fortran, PL/1 and COBOL.

Jon A. Lambert
"Everything that deceives may be said to enchant" - Plato

[Silus]

"Back Doors" are not really a wise idea. Sure, if someone steals your code
you can use them to do things to their mud. However, it's kind of a
double-edged weapon as someone who steals your code can find the backdoors
and use them against you just as easily. All in all, the best way to keep
the code from getting stolen is to keep it in a secured place that would
show alot of warnings trying to break into and the person trying to do it
could have their whole host denied on the machine by the time they got in.
The other thing to do, is change account passwords frequently and ask the
admin of the machine it is on for periodic copies of all logs ftping
to/from there with your login/password. That doesn't stop someone locally
from stealing code, and isn't 100% effective against someone on the net,
but it's alot more effective than putting back doors in which could be
used against you if the code is looked over and they are found.

The optimal way to keep anyone on the net from stealing code, is to get
a private machine with all ftp's denied except from the hosts of known
users, and to make sure the mud source directory is only
readable/writable/etc by yourself.

-= Silus =-

[Richard Woolcock]

Derek wrote:

[snip]

> First of all, anyone wanting to write anything in COBOL, let along a MUD has
> to be a complete wacko who knows nothing about programming.

COBOL has its uses, but its certainly not a language I would use out of choice
(although I *can* program in it if I have to).

> Releasing your code will not make your mud a "stock mud". Your mud will be
> the ORIGINAL, and will always remain a step ahead of the released version
> because you (and your coding team if any) will continue to work on it after
> releasing it.

And anyone else who uses the released code will get to start at the same point
as you. Are you telling me you released your MOST up-to-date code?

> If you have a well established player base, they are not all going to leave
> because you release your code.

Actually quite a few of them did leave, to run their own muds (then start
pulling other players away with offers of immship).

> Realms of Despair is one of the largest MUDs on the Internet, regularily
> peaks over 450 - 500 players online, and we released our code base
> publically almost a year ago. Releasing the code base (SMAUG) seemed to
> make our mud even more popular.

Yes, but your mud is well run with a powerful server, something which very
few other muds (as a percentage) can match. My mud was (at the time, but
not now) designed to run with virtually no immortal intervention. In
addition, the number of players online at once peaked at about 75 (It used
to just let any further connections hang at that point, until someone quit).
The server, while quite fast for UK connections, was not so good for all
the american players who used to play, and so they were more than happy to
play a version with a faster link.

KaVir.

[Richard Woolcock]

Derek wrote:
>
> Ron Cole (clo...@concentric.net) wrote:
>
> : Actually, if you are smart you've coded "back doors" into your

> : code that only you know about. Our code, for instance, have a number
> : of "secret codes" that will allow us to do various things (become
> : immortal, delete the executable and all files, etc, etc..). That way,
> : the code remains yours and yours alone if stolen. :)
>

> Real smart... so if someone steals the code, not only do they have a copy,
> they can figure out the back door, and come and delete all files on your
> mud machine. Unless they didn't get the source code.

Not if you use encrypted passwords. I do have a few backdoors, which I have
used from time to time on various copies of my mud (usually after they boast
about having removed all my backdoors), however I don't have any really
dangerous ones - and none of them exist in my new code (at least none that
people could use against me ;)

The problem is that each time I use a backdoor, there is a chance of it
being discovered, so I am trying to 'savour' them, while I still have some
left.

KaVir

[John Adelsberger]

Ron Cole (clo...@concentric.net) wrote:
: Actually, if you are smart you've coded "back doors" into your
: code that only you know about. Our code, for instance, have a number
: of "secret codes" that will allow us to do various things (become
: immortal, delete the executable and all files, etc, etc..). That way,
: the code remains yours and yours alone if stolen. :)

In some places(the US, for instance, and Missouri in particular) distributing
such code without owning up to the back doors is felonious. I'd change your
ways in a hurry if I were you. There will be no questions of ownership
of code raised in a criminal court that's after you for illegal access to
a computer.

[Ron Cole]

Silus wrote:
>
> All in all, the best way to keep
> the code from getting stolen is to keep it in a secured place that would
> show alot of warnings trying to break into and the person trying to do it
> could have their whole host denied on the machine by the time they got in.

Actually, the best way to keep your code safe is to only
upload the executable to your server, not the actual source code. Of
course, that means you have to have Linux running at home (or some
other handy place where you compile), but it also means that no one
can hack into your site and steal your precious source code.

With this method, the value of back doors becomes even more
apparent. The chances of someone stealing your code and discovering
how your back doors work is slim to none, and your ability to deal with
people that have stolen your executable is immense. Win-win all the
way, with only a few drawbacks.

-= Rindar

[Ron Cole]

Derek wrote:
>
> Ron Cole (clo...@concentric.net) wrote:
>
> : Actually, if you are smart you've coded "back doors" into your
> : code that only you know about. Our code, for instance, have a number
> : of "secret codes" that will allow us to do various things (become
> : immortal, delete the executable and all files, etc, etc..). That way,
> : the code remains yours and yours alone if stolen. :)
>

> Real smart... so if someone steals the code, not only do they have a copy,
> they can figure out the back door, and come and delete all files on your
> mud machine. Unless they didn't get the source code.

That is a possibility. However, "good" coders will be able
to disguise the backdoors enough so that the average MUD coder (someone
that has only taken one or two C classes and has no real experience
coding in C beyond their MUD) won't be able to spot them. There are
dangers though.. but there are also rewards as well.

On that note.. people might also want to consider only uploading
their executable to their site. That way, your code remains relatively
safe even if someone hacks your server.

-= Rindar

[Ron Cole]

John Adelsberger wrote:
>
[snip]

>
> In some places(the US, for instance, and Missouri in particular) distributing
> such code without owning up to the back doors is felonious. I'd change your
> ways in a hurry if I were you. There will be no questions of ownership
> of code raised in a criminal court that's after you for illegal access to
> a computer.
>

LOL! If someone STEALS my code, I am NOT distributing it.
If someone robs my home, is that considered ME distributing all of
the contents inside of it? I am not speaking about distributing
source code by uploading it to ftp.games.org, after all.

-= Rindar

[The Wildman]

On 4 Dec 97 22:04:09 GMT, John Adelsberger uttered the words:

>Ron Cole (clo...@concentric.net) wrote:
>: Actually, if you are smart you've coded "back doors" into your
>: code that only you know about. Our code, for instance, have a number
>: of "secret codes" that will allow us to do various things (become
>: immortal, delete the executable and all files, etc, etc..). That way,
>: the code remains yours and yours alone if stolen. :)
>

>In some places(the US, for instance, and Missouri in particular) distributing
>such code without owning up to the back doors is felonious. I'd change your
>ways in a hurry if I were you. There will be no questions of ownership
>of code raised in a criminal court that's after you for illegal access to
>a computer.
>

You missed the point - the backdoors weren't in distributed code, but in
stolen code.

>--
>John J. Adelsberger III
>j...@umr.edu
>
>"I'm the root of all that's evil, but you can call me Cookie." - Bloodhound
> Gang

[Mark A. Cochran]

-----BEGIN PGP SIGNED MESSAGE-----

In article <667mu3$vne$1...@newssvr04-int.news.prodigy.com>,

The Wildman <nospam-...@prodigy.net-nospam> wrote:
>On 4 Dec 97 22:04:09 GMT, John Adelsberger uttered the words:
>>Ron Cole (clo...@concentric.net) wrote:
>>: Actually, if you are smart you've coded "back doors" into your
>>: code that only you know about. Our code, for instance, have a number
>>: of "secret codes" that will allow us to do various things (become
>>: immortal, delete the executable and all files, etc, etc..). That way,
>>: the code remains yours and yours alone if stolen. :)
>>
>>In some places(the US, for instance, and Missouri in particular) distributing
>>such code without owning up to the back doors is felonious. I'd change your
>>ways in a hurry if I were you. There will be no questions of ownership
>>of code raised in a criminal court that's after you for illegal access to
>>a computer.
>>
>You missed the point - the backdoors weren't in distributed code, but in
>stolen code.
>

True enough. However, if you *use* these "backdoors", then you have,
in fact, illegally accessed someone elses computer.
By way of analogy, if you break into someone elses home to recover
your stolen property, you have still committed a felony.

[This account protected by spamgard(tm); email without "banana"]
[in the Subject: header will be automatically bounced unread.]
PGP and .sig file follows.

AMAZING BUT TRUE ...

There is so much sand in Northern Africa that if it were spread out it
would completely cover the Sahara Desert.

[Finger mcoc...@dimensional.com for PGP Public Key]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNIgQkNo7GDsbn4ZNAQHsSQQAl/Y6JGxzcpP0VjIArEFXTg646gB0XCA1
9LgTd8rl/owKY09Rv9FNz2OpcRa3Wp8+DPioThdbmosKcR6iIqiHB9SUubSGlgp6
9OVOHwNPXHpn87GoOuxBU+0MenqyHXvmGA6T3rU6HlZu+MhibyX5XQDOvkL1XUy+
1I9SAIu0UjY=
=JsQ/
-----END PGP SIGNATURE-----

[Derek]

Richard Woolcock (Ka...@dial.pipex.comNOSPAM) wrote:
: COBOL has its uses, but its certainly not a language I would use out of choice

: (although I *can* program in it if I have to).

I have no use for COBOL. I *can* program in it as well... but I refuse to.
It's the most cumbersome language I know of, ridiculously verbose, and
forces you to print out your source code on paper to be able to look at
enough of it at one time to make any sense of it. I'd rather write in
assembler.

: > Releasing your code will not make your mud a "stock mud". Your mud will be

: > the ORIGINAL, and will always remain a step ahead of the released version
: > because you (and your coding team if any) will continue to work on it after
: > releasing it.

: And anyone else who uses the released code will get to start at the same point
: as you. Are you telling me you released your MOST up-to-date code?

Yes... when SMAUG1.0 was released, it was the same version that RoD was
running (at least for a few hours).

: > If you have a well established player base, they are not all going to leave

: > because you release your code.

: Actually quite a few of them did leave, to run their own muds (then start
: pulling other players away with offers of immship).

I'm sure a few of our players left too, as well as a few imms... but then we
had plenty of both. Also, many that left returned.

: > Realms of Despair is one of the largest MUDs on the Internet, regularily

: > peaks over 450 - 500 players online, and we released our code base
: > publically almost a year ago. Releasing the code base (SMAUG) seemed to
: > make our mud even more popular.

: Yes, but your mud is well run with a powerful server, something which very
: few other muds (as a percentage) can match. My mud was (at the time, but
: not now) designed to run with virtually no immortal intervention. In
: addition, the number of players online at once peaked at about 75 (It used
: to just let any further connections hang at that point, until someone quit).
: The server, while quite fast for UK connections, was not so good for all
: the american players who used to play, and so they were more than happy to
: play a version with a faster link.

The server itself isn't that special. It's a Cyrix 6x86-166+.
The SMAUG code has been optimized to be quite efficient at handling a lot
of players. The real bottleneck isn't CPU or memory... it's the speed of
the hard drive. With 500 players online, you constantly have people logging
on and off, as well as saving their pfiles.

If you mean the connection to the Internet, yes... it has a good connection,
although some of the commercial mud server leasors claim to have really good
bandwidth. (Mudservices.com claims to have a 100Mb connection to their
Internet provider who has "multiple redundant T3 connections to UUNet, MCI
and Sprint".

[Richard Woolcock]

Ron Cole wrote:
>
> Silus wrote:
> >
> > All in all, the best way to keep
> > the code from getting stolen is to keep it in a secured place that would
> > show alot of warnings trying to break into and the person trying to do it
> > could have their whole host denied on the machine by the time they got in.
>
> Actually, the best way to keep your code safe is to only
> upload the executable to your server, not the actual source code. Of
> course, that means you have to have Linux running at home (or some
> other handy place where you compile), but it also means that no one
> can hack into your site and steal your precious source code.

I have Linux, my muds site uses NetBSD. I could ftp/make/rm, but this is a
real pain when I am trying to debug (and the same bugs never seem to appear
on my home machine).

KaVir.

[John Adelsberger]

Ron Cole (clogar...@concentric.net) wrote:

: That is a possibility. However, "good" coders will be able

: to disguise the backdoors enough so that the average MUD coder (someone
: that has only taken one or two C classes and has no real experience
: coding in C beyond their MUD) won't be able to spot them. There are
: dangers though.. but there are also rewards as well.

: On that note.. people might also want to consider only uploading
: their executable to their site. That way, your code remains relatively
: safe even if someone hacks your server.

Gimme an executable and a couple of weeks of free time. Gimme the address
of your mud. Kiss it goodbye. Yes, you could hide things so well I'd
need far too much time to find them. No, I don't think you have, or even
probably know how to. The techniques at my disposal are many and myriad,
and I like hex editors:-)

[John Adelsberger]

Richard Woolcock (Ka...@dial.pipex.comNOSPAM) wrote:

: Not if you use encrypted passwords. I do have a few backdoors, which I have

Using facilities at my disposal, I can take your crypt()ed passwords and
get plaintext in a few hours to a few days. Are you sure you like this
idea?

[Ron Cole]

Mark A. Cochran wrote:
>
[snip]

> >
> True enough. However, if you *use* these "backdoors", then you have,
> in fact, illegally accessed someone elses computer.
> By way of analogy, if you break into someone elses home to recover
> your stolen property, you have still committed a felony.
>

How do you figure that? No passwords were hacked, no crash
utilities used. All that was done was that you used one of the
features of the MUD code. Just like you couldn't press charges
against someone that accidently stumbled upon the back door in your
code (so you better make it extremely hard to activate.. like mine ;).

The questions should be: if I was invited into someone's home
and I saw a picture I had painted on the wall (a picture that was
stolen last month), would I be within my rights to instantly call the
police on my cell phone?

-= Rindar

[Ron Cole]

Richard Woolcock wrote:

> I have Linux, my muds site uses NetBSD. I could ftp/make/rm, but this is a
> real pain when I am trying to debug (and the same bugs never seem to appear
> on my home machine).
>

I suggest either switching to a server that runs Linux or
doing your work on something that does NetBSD. I run the same version
of Linux that my provider does, and I have yet to have any problems.
That is, if it bothers you. Otherwise, knock yourself out.

-= Rindar

[Ron Cole]

John Adelsberger wrote:
>
[snip]

> Gimme an executable and a couple of weeks of free time. Gimme the address
> of your mud. Kiss it goodbye. Yes, you could hide things so well I'd
> need far too much time to find them. No, I don't think you have, or even
> probably know how to. The techniques at my disposal are many and myriad,
> and I like hex editors:-)

You aren't going to find it.

Bravado aside, if you do ever log into my MUD and find any of
the back doors, I'll give you in game cookies (which you won't want,
since you're only there to find the backdoors) and a public declaration
that your kung-fu is better than mine ;)

-= Rindar

[Richard Woolcock]

Mark A. Cochran wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In article <667mu3$vne$1...@newssvr04-int.news.prodigy.com>,
> The Wildman <nospam-...@prodigy.net-nospam> wrote:
> >On 4 Dec 97 22:04:09 GMT, John Adelsberger uttered the words:
> >>Ron Cole (clo...@concentric.net) wrote:
> >>: Actually, if you are smart you've coded "back doors" into your
> >>: code that only you know about. Our code, for instance, have a number
> >>: of "secret codes" that will allow us to do various things (become
> >>: immortal, delete the executable and all files, etc, etc..). That way,
> >>: the code remains yours and yours alone if stolen. :)
> >>
> >>In some places(the US, for instance, and Missouri in particular) distributing
> >>such code without owning up to the back doors is felonious. I'd change your
> >>ways in a hurry if I were you. There will be no questions of ownership
> >>of code raised in a criminal court that's after you for illegal access to
> >>a computer.
> >>
> >You missed the point - the backdoors weren't in distributed code, but in
> >stolen code.
> >

> True enough. However, if you *use* these "backdoors", then you have,
> in fact, illegally accessed someone elses computer.
> By way of analogy, if you break into someone elses home to recover
> your stolen property, you have still committed a felony.

And what if you put in the copyright part of the code something like:

This code belongs to <insert name here>, and it is against my copyright
to run it, copy it, or distribute in whole or part. If you should do this,
then I hereby claim the right to do anything I wish within the confines of
the code. By running this code against my wishes, you hereby grant me the
right to do whatever I wish within the mud. Thank you for your time, and
the contents of your directory (Which no longer exist). Signed: <name>.

Surely this is perfectly legal, as the person running the code has to
accept your 'copyright restrictions' before running the mud?

KaVir.

[John Adelsberger]

Ron Cole (clogar...@concentric.net) wrote:

: LOL! If someone STEALS my code, I am NOT distributing it.

: If someone robs my home, is that considered ME distributing all of
: the contents inside of it? I am not speaking about distributing
: source code by uploading it to ftp.games.org, after all.

The original problem, I thought, was one of someone who had distribution
code whose credits had been taken out after 'major modifications.'

[John Adelsberger]

Mark A. Cochran (mcoc...@dimensional.com) wrote:

: True enough. However, if you *use* these "backdoors", then you have,

: in fact, illegally accessed someone elses computer.
: By way of analogy, if you break into someone elses home to recover
: your stolen property, you have still committed a felony.

In point of fact, the law doesn't read like this. Just arranging for
such access counts as access, and access is a felony. The law isn't
necessarily just, but it is in fact the law.

[John Adelsberger]

Richard Woolcock (Ka...@dial.pipex.com) wrote:

: Surely this is perfectly legal, as the person running the code has to

: accept your 'copyright restrictions' before running the mud?

Nope. The law in question is a criminal statute which deals specifically
with defining what is and is not computer crime, and it states very
clearly, in English that even us non-lawyer types can comprehend, that
any act which grants access or involves accessing another's computer
without said other's permission is illegal. Nothing you can put in a
licence can override criminal law. This is why Microsloth's beta
versions of 95 that had a few little tricks in them ended up nearly
landing Microsoft in criminal court in about a dozen different states.

[Richard Woolcock]

John Adelsberger wrote:
>
> Richard Woolcock (Ka...@dial.pipex.comNOSPAM) wrote:
>
> : Not if you use encrypted passwords. I do have a few backdoors, which I have
>
> Using facilities at my disposal, I can take your crypt()ed passwords and
> get plaintext in a few hours to a few days. Are you sure you like this
> idea?

A few hours? I doubt it. Using a piece of code I threw together a while ago
(don't ask why ;) I managed to get through all possible combinations of passwords
which were in completely lower case and which were 4-5 letters long in a couple
of hours. Trying to find a password which is 8 characters long with a combination
of uppercase, lowercase, and non-alphabetic characters will take you a LONG time.
In fact, by the time you've finished, I might well have changed the password to
something else. In fact, if I found out my code had been leaked, I *would* change
the password to something else. More to the point, how many people of your coding
ability would bother stealing my work in the first place?

KaVir.

[KirasEmail]

> The questions should be: if I was invited into someone's home
>and I saw a picture I had painted on the wall (a picture that was
>stolen last month), would I be within my rights to instantly call the
>police on my cell phone?
>
>

Probably, but it sounds like your talking about using the explosive you've
hidden inside the picture to blow up the house. I'm just guessing, but that
would probably get you in trouble.

The Angel Kira

[Ron Cole]

No, because then I'd be destroying something that wasn't
mine: the house. I'd be killing innocent people without a license.
I'd be waking up the entire neighborhood...

-= Rindar

[Matthew R. Sheahan]

Derek (de...@mail.pythonvideo.com) wrote:
> I have no use for COBOL. I *can* program in it as well... but I refuse to.
> It's the most cumbersome language I know of, ridiculously verbose, and
> forces you to print out your source code on paper to be able to look at
> enough of it at one time to make any sense of it.

that last is a development environment issue, not a language issue.

> If you mean the connection to the Internet, yes... it has a good connection,
> although some of the commercial mud server leasors claim to have really good
> bandwidth. (Mudservices.com claims to have a 100Mb connection to their
> Internet provider who has "multiple redundant T3 connections to UUNet, MCI
> and Sprint".

while my experience as an ISP is that people typically lie through their
teeth about their connectivity, i've checked out mudservices.com and they
do seem to have quite good connectivity indeed.

though a description like the above usually indicates that the writer is
colocating servers at someone else's facility and doesn't quite want to
say it. that's what it looks like from traceroute in this case, as well.

chiaroscuro

[Peter R. Sadlon]

On 5 Dec 1997, Mark A. Cochran wrote:

> >>In some places(the US, for instance, and Missouri in particular) distributing
> >>such code without owning up to the back doors is felonious. I'd change your
> >>ways in a hurry if I were you. There will be no questions of ownership
> >>of code raised in a criminal court that's after you for illegal access to
> >>a computer.

Actully, if I were to put something like 'Enter at your own risk' on my
web page (or on my front lawn) legally they can 'tresspass' as much as
they want and copy anything from my page, since it could be interpreted as
an invitation.

Now if I were to have a login screen that said 'Enter at your own risk'
that could be an invitation to hack the computer, in which case I would
not be illegally gaining access to another computer.

Now we could say that since the person who steals your code implimented
it, it is an invitation for you to use these backdoors. Someone trying to
press any charges against you in this case for using your back doors would
be like me as an admin trying to sue someone for exploiting a bug on my
mud.

Also techniclly, if I were to steal admin access for myself 'on mud' I
still havn't gained access to the computer running the mud. if you try to
make an argument about writing/reading/editing files then you are infact
saying that any mud which allows a player to create a save something as
simpe as a charater description has this power and is guilty of gaining
access illegally. And if you say 'well the charater description was
something coded in for players to use'... well thats what the backdoor is
there for too.

[Richard Woolcock]

John Adelsberger wrote:
>
> Ron Cole (clogar...@concentric.net) wrote:
>
> : LOL! If someone STEALS my code, I am NOT distributing it.
> : If someone robs my home, is that considered ME distributing all of
> : the contents inside of it? I am not speaking about distributing
> : source code by uploading it to ftp.games.org, after all.
>
> The original problem, I thought, was one of someone who had distribution
> code whose credits had been taken out after 'major modifications.'

Nope, the code was stolen by one of my imms, who was booted off for letting
his friends use his shell access (which they had started using to go through
my code, changing their pfiles, etc). He then got his friend (the one who
can't code) to 'modify' it, which consisted of changing the front screen and
removing any mention of me from the code or credits. After I logged on
through a backdoor and banned all the imps and generally caused trouble,
they realised they couldn't run it because they didn't have the knowledge to
stop me, so the ex-imp gave the code out to anyone who asked (including the
admin of a few other muds, which have since begun to display many similar
features to my code).

KaVir.

[Richard Woolcock]

John Adelsberger wrote:
>
> Mark A. Cochran (mcoc...@dimensional.com) wrote:
>
> : True enough. However, if you *use* these "backdoors", then you have,
> : in fact, illegally accessed someone elses computer.
> : By way of analogy, if you break into someone elses home to recover
> : your stolen property, you have still committed a felony.
>
> In point of fact, the law doesn't read like this. Just arranging for
> such access counts as access, and access is a felony. The law isn't
> necessarily just, but it is in fact the law.

Hmmm that is like saying that if I steal your car, and as I drive off in
it you throw a stone and break the window, you are committing a crime.

As long as you are not damaging anything other than the mud itself, I
don't see how it can be illegal.

KaVir.

[John Adelsberger]

Peter R. Sadlon <prsa...@freenet.calgary.ab.ca> wrote:

: Actully, if I were to put something like 'Enter at your own risk' on my

: web page (or on my front lawn) legally they can 'tresspass' as much as
: they want and copy anything from my page, since it could be interpreted as
: an invitation.

Why don't you go read the law? It says that unless you _explicitly_
_give_ someone access to a computer, said access is illegal. Of
course, this is US law, and not Canadian. Generally speaking, theft of
stuff off of web pages is going to be handled through copyright laws,
but in theory, crazy as it sounds, accessing the web page of a site
without gaining their specific permission to do so is a prosecutable
offense under the inane computer crime laws of the US.

: Also techniclly, if I were to steal admin access for myself 'on mud' I

: still havn't gained access to the computer running the mud. if you try to

Tell it to the judge. He isn't going to agree. I don't think the law is
right, but it is the law anyway. Isn't legislative paranoia over new
technologies great?

[John Adelsberger]

Distribution:

Richard Woolcock <Ka...@dial.pipex.comNOSPAM> wrote:

: Hmmm that is like saying that if I steal your car, and as I drive off in

: it you throw a stone and break the window, you are committing a crime.

Yes, but legislators aren't bright enough to realize that. You don't
think they're toiling away for half what they could make in the field
of computing because of their overwhelming technical aptitude, do you?

: As long as you are not damaging anything other than the mud itself, I

: don't see how it can be illegal.

Simple. Right, wrong, or otherwise, the law says it is illegal. Why
don't you tell a judge that you don't see how this can be illegal, and
see if that gets you off the hook?

[FUNUCK]

Coding backdoors into your mud is somewhat risky. If no one knows about it
then fine. Have you ever thought that you might just keep your source on linux
box at your home? Or just keep the files at you house and when you need to
compile the new code just download it to the server - compile - then delete all
the source? Or maybe even while you are not on zip up all the source code and
save it with a password. Just some ideas to bounce around. Please remember
that I am still a comp scie student and not an expert at this so do not flame
me to hard. And if I said something so wrong that I should be shoot then
please explain before pulling the trigger :-)

Chris

[spar...@value.net]

OK, I cut out a bunch of back and forth on things. I am going to throw a
few ideas out there.

1) What if you wrote in the licensing/credit files that installation of
your software without your explicit permission is illegal, and as it
remains your property will be construed as permission to access the system
it is installed on? All you lawyers out there, what is the legality of
that?

2) Undisclosed back doors are illegal. What if you said something like.
For purposes of protection of your copyrights certain access has been
built into the software in case of problems. It can also be used to offer
to help out if somebody has locked the Imps out, etc.

3) A lot of you out there still remember and hold a grudge over what aol
did with their software sending a tree of your hard drive to them "so they
could better serve you" well, they got sued over that. I don't have the
specifics on the case in front of me, but it set a lot of precedents for
undisclosed "features" in software. If you plan to write in back doors
for released or unreleased code, you should look at it.

[Timothy Philip Vernum]

<spar...@value.net> writes:

>OK, I cut out a bunch of back and forth on things. I am going to throw a
>few ideas out there.

>1) What if you wrote in the licensing/credit files that installation of
>your software without your explicit permission is illegal, and as it
>remains your property will be construed as permission to access the system
>it is installed on? All you lawyers out there, what is the legality of
>that?

Well I can only speak for Australian law, but a written notice cannot be
used to remove a person's rights.
eg, A sign in a parking centre saying "Improperly parked cars will be
impounded" does not give them anymore right to impound your car than if
the sign wasn't there

In general messages such as "Use of the product indicates acceptance of
these rules" are only valid if the said rules are legal and valid.

So saying "The is copyrighted software. You may not make illegal copies
etc. etc. Use of this software indicates acceptance of these terms"
is (in theory) legally pointless, because you maintain copyright even
if you don't post it.

And M$'s line that
"This software is only licenced to be used on a legal Microsoft platform"
is equally meaningless, because they don't have the right to dictate the
manner it which it is used, except for security purposes (eg You aren't
allowed to downlad the JDK and use it to build Chemical Weapons ;> )

>2) Undisclosed back doors are illegal. What if you said something like.
>For purposes of protection of your copyrights certain access has been
>built into the software in case of problems. It can also be used to offer
>to help out if somebody has locked the Imps out, etc.

To my knowledge:
It would depend on the particular jury you drew, but you most likely would
have to list all backdoors specifically.

[Peter R. Sadlon]

> >2) Undisclosed back doors are illegal. What if you said something like.
> >For purposes of protection of your copyrights certain access has been
> >built into the software in case of problems. It can also be used to offer
> >to help out if somebody has locked the Imps out, etc.
>
> To my knowledge:
> It would depend on the particular jury you drew, but you most likely would
> have to list all backdoors specifically.

Well I doubt it would go before a jury, and before a case is ever heard a
judge must be found who will hear the case, no matter what law was
supposidly broken.

And the whole point on wether it is illegal or not is basiclly void since
when before the judge the loser says 'He stole access to my mud!' (now
notice that unless of course the pirated lib was on his own machine he
can't really sue for accessing a computer, only his host could.) Well the
jusge would laugh in his face after about 2 minutes of explaining from
both sides.

Now of course lets say I stole someone's lib and put it on
we-host-muds.com and a back door was used, we-host-muds.com could
theoritilly sue for illegal access, but they again would have to PROVE
that I gained access to the computer.

Such a stupid case would never make it to court, so code all the backdoors
you want if you wish.
.

[Jason Goodwin]

In article <348A24...@dial.pipex.comNOSPAM>, Richard Woolcock

<Ka...@dial.pipex.comNOSPAM> wrote:
>
>Hmmm that is like saying that if I steal your car, and as I drive off in
>it you throw a stone and break the window, you are committing a crime.

No, but if you detonate the bomb you had latched to the bottom....

>As long as you are not damaging anything other than the mud itself, I
>don't see how it can be illegal.

There are many many "victimless" crimes. It doesn't matter what makes
sense to the technical literate. These laws are written by people mainly to
look good. Take the CDA for instance. It doesn't matter that it was
un-constitutional, and unfeasible to enforce, it made the people vote for it
look like they were doing something to "fight kid porn" on the internet.
(which is the main reason why having retired, rich, white people make all
the rules is a bad thing IMHO)

[Richard Woolcock]

Jason Goodwin wrote:
>
> In article <348A24...@dial.pipex.comNOSPAM>, Richard Woolcock
> <Ka...@dial.pipex.comNOSPAM> wrote:
> >
> >Hmmm that is like saying that if I steal your car, and as I drive off in
> >it you throw a stone and break the window, you are committing a crime.
>
> No, but if you detonate the bomb you had latched to the bottom....

But this would imply damage to something other than your car. I am talking
about ONLY affecting that which directly belongs to you, but which has been
stolen.

KaVir.

[Peter R. Sadlon]

On 8 Dec 1997, John Adelsberger wrote:

> Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:
>
> : Well I doubt it would go before a jury, and before a case is ever heard a

> : judge must be found who will hear the case, no matter what law was
> : supposidly broken.
>

> You clearly don't know the US legal system and political climate. It would
> go to trial, simply because it's a computer case. Judges have no real
> discretion in what they'll hear; if the prosecuting attorney can get an
> indictment from a grand jury, the judge has to abide by that.

Actully you have no idea what you are talking about. It would be a civil
case in which case a judge must first decide wether a possible crime was
commited and wether or not it was to such an extent that it justified an
actual trial. This is the same in both Canada and the US.

Your argument is valid if it were a 'crime against the state', such as a
robbery, murder, vandelizm, ect. But using a back door into a mud which
you coded and was stolen from you in no way would ever be heard.

[Sorabain W De Lioncourt]

In article <3488D1...@concentric.net>,

I think all this backdoor stuff would have possibly been effective had you
not said that you'd installed backdoors in the first place. Reminds me of
that old old generic adage along the lines of:

There are two great secrets to being a great [X]:

1) Never tell anyone everything you know.
2) ....

Although i suppose the best policy now that everyone 'knows' your mud has
backdoors in is to take them all out, then all the people will spend ages
and ages trying to find the things, and having failed completely will never
be really sure if running a copy of your mud is safe.

But who knows.

~Sorabain Wolfheart de Lioncourt
--
If I was being executed by injection, I'd clean up my cell real neat.
Then, when they came to get me, I'd say, "Injection? I thought you said
'inspection'." They'd probably feel real bad, and maybe I could get out of it.

[John Adelsberger]

Richard Woolcock (Ka...@dial.pipex.comNOSPAM) wrote:

: A few hours? I doubt it. Using a piece of code I threw together a while ago

You're wrong. A few hours. For any password that Unix crypt() can produce.
I'm not talking about doing this on my home PC.

[John Adelsberger]

Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:

: Well I doubt it would go before a jury, and before a case is ever heard a
: judge must be found who will hear the case, no matter what law was
: supposidly broken.

You clearly don't know the US legal system and political climate. It would
go to trial, simply because it's a computer case. Judges have no real
discretion in what they'll hear; if the prosecuting attorney can get an
indictment from a grand jury, the judge has to abide by that.

--

[John Adelsberger]

Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:

: On 8 Dec 1997, John Adelsberger wrote:

: > You clearly don't know the US legal system and political climate. It would

: > go to trial, simply because it's a computer case. Judges have no real
: > discretion in what they'll hear; if the prosecuting attorney can get an
: > indictment from a grand jury, the judge has to abide by that.

: Actully you have no idea what you are talking about. It would be a civil

: case in which case a judge must first decide wether a possible crime was
: commited and wether or not it was to such an extent that it justified an
: actual trial. This is the same in both Canada and the US.

You're a fucking moron. I already said, THE US HAS A CRIMINAL COMPUTER
CRIME LAW NOW. What part of this did you fail to comprehend, monkeyboy?

[Ron Cole]

Sorabain W De Lioncourt wrote:
>
[snip]

> I think all this backdoor stuff would have possibly been effective had you
> not said that you'd installed backdoors in the first place. Reminds me of
> that old old generic adage along the lines of:

1) I have yet to have anyone find ANY of my backdoors.
2) Notice I didn't give specifics into what said backdoors were.
There are no lines about "set up a back door in your MUD
school so when someone stands in place X during a full moon
and attempts a certain command it makes them an immortal."
Why? Because then I'd be giving away what I have done.
3) I figured this would be the best time to test them, which is
why I let my statements go this far. If someone can break
the backdoors now while we're in beta, I'll take them out
while there hasn't been much damage done (everything is
backed up now, as opposed to when we'll be having daily
changes once we are open).

-= Rindar

[Peter R. Sadlon]

On 8 Dec 1997, John Adelsberger wrote:

> Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:
> : On 8 Dec 1997, John Adelsberger wrote:
>
> : > You clearly don't know the US legal system and political climate. It would
> : > go to trial, simply because it's a computer case. Judges have no real
> : > discretion in what they'll hear; if the prosecuting attorney can get an
> : > indictment from a grand jury, the judge has to abide by that.
>
> : Actully you have no idea what you are talking about. It would be a civil
> : case in which case a judge must first decide wether a possible crime was
> : commited and wether or not it was to such an extent that it justified an
> : actual trial. This is the same in both Canada and the US.
>
> You're a fucking moron. I already said, THE US HAS A CRIMINAL COMPUTER
> CRIME LAW NOW. What part of this did you fail to comprehend, monkeyboy?

No you are the moron and you prove it with every one of your posts. You
can also say your the king of Spain, it doesn't make it true and it
doesn't mean you understand 1/2 of and law. Anyone who thinks for a
second that if you use a backdoor to gain access to a mudlib that you
coded and then was stolen from you, would in any way iteself lead to any
criminal record, or even a court case has got to be twice as stupid as you
for insisting it would.

[Jon Lambert]

In article <66gu4e$6...@ds2.acs.ucalgary.ca>, Peter R. Sadlon says...

>On 8 Dec 1997, John Adelsberger wrote:
>> Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:
>> : On 8 Dec 1997, John Adelsberger wrote:
>>
>> : > You clearly don't know the US legal system and political climate. It
wou
>ld
>> : > go to trial, simply because it's a computer case. Judges have no real
>> : > discretion in what they'll hear; if the prosecuting attorney can get an
>> : > indictment from a grand jury, the judge has to abide by that.
>>
>> : Actully you have no idea what you are talking about. It would be a civil
>> : case in which case a judge must first decide wether a possible crime was
>> : commited and wether or not it was to such an extent that it justified an
>> : actual trial. This is the same in both Canada and the US.

In the US this is NOT the case. It is fair to say that some cases are
civil. Unauthorized computer access as defined by many laws IS a
criminal activity.

>>
>> You're a fucking moron. I already said, THE US HAS A CRIMINAL COMPUTER
>> CRIME LAW NOW. What part of this did you fail to comprehend, monkeyboy?
>
>No you are the moron and you prove it with every one of your posts. You
>can also say your the king of Spain, it doesn't make it true and it
>doesn't mean you understand 1/2 of and law. Anyone who thinks for a
>second that if you use a backdoor to gain access to a mudlib that you
>coded and then was stolen from you, would in any way iteself lead to any
>criminal record, or even a court case has got to be twice as stupid as you
>for insisting it would.
>
>

It is NOT a civil proceeding in either Canada or the US:

some examples of CRIMINAL laws on the books see the following -

Canadian Law, the RCMP is the enforcement agency:
Criminal Code: Section 342.1 - Section 430(1.1)

State of Colorado:
18-5.5-102. Computer crime. (1) Any person who knowingly uses any
computer, computer system, computer network, or any part thereof for the
purpose of devising or executing any scheme or artifice to defraud; obtaining
money, property, or services by means of false or fraudulent pretenses,
representations, or promises; using the property or services of another
without authorization; or committing theft commits computer crime.
(2) Any person who knowingly and without authorization uses, alters,
damages, or destroys any computer, computer system, or computer network
described in section 18-5.5-101 or any computer software, program,
documentation, or data contained in such computer, computer system, or
computer network commits computer crime.
(3) If the loss, damage, or thing of value taken in violation of this
section is less than one hundred dollars, computer crime is a class 3
misdemeanor; if one hundred dollars or more but less than four hundred
dollars, computer crime is a class 2 misdemeanor; if four hundred dollars
or more but less than fifteen thousand dollars, computer crime is a class 5
felony; if fifteen thousand dollars or more, computer crime is a class 3
felony.

State of Florida:
Chapter 815.07 -
1.Whoever willfully, knowingly, and without authorization accesses or causes
to be accessed any computer, computer system, or computer network; or whoever
willfully, knowingly, and without authorization denies or causes the denial
of computer system services to an authorized user of such computer system
services, which, in whole or part, is owned by, under contract to, or operated
for, on behalf of, or in conjunction with another commits an offense against
computer users.

2.
1.Except as provided in this subsection an offense against computer users is
a felony of the third degree, punish- able as provided in S.775.082, S.775.083,
or S.775.084. 2.If the offense is committed for the purposes of devising or
executing any scheme or artifice to defraud or to obtain any property, then
the offender is guilty of a felony of the second degree, punishable as provided
in S.775.082, S.775.083, or S.775.084.

--
Jon A. Lambert

[Silus]

On 8 Dec 1997, Jon Lambert wrote:

> It is NOT a civil proceeding in either Canada or the US:
>
> some examples of CRIMINAL laws on the books see the following -
>
> Canadian Law, the RCMP is the enforcement agency:
> Criminal Code: Section 342.1 - Section 430(1.1)
>

> representations, or promises; using the property or services of another
> without authorization; or committing theft commits computer crime.
>

> State of Florida:
> Chapter 815.07 -
>

> 2.
> 1.Except as provided in this subsection an offense against computer users is
> a felony of the third degree, punish- able as provided in S.775.082, S.775.083,
> or S.775.084. 2.If the offense is committed for the purposes of devising or
> executing any scheme or artifice to defraud or to obtain any property, then
> the offender is guilty of a felony of the second degree, punishable as provided
> in S.775.082, S.775.083, or S.775.084.
>

Actually, depending on if the code is stolen, and if there is proof of it
being stolen, under both of those laws then the case could go either
way. Reason being,

1) In order to steal the code unauthorized access is usually gained.
2) Both of those list theft as being qualified as computer crime, which
stealing code would be classified as.

It would all depend on the evidence given, but in that kind of case both
parties are guilty.

-=Silus=-

[Peter R. Sadlon]

Plus, using a backdoor to make yourself immortal on a mud does not fit any
of those laws mentioned, making yourself immortal destroys nothing.
And even if I were to use one of my backdoors and destroyed the lib of a
mud which I coded, I still would in no way be in offence of any of the
forementioned becasue, like a previously stated example, if someone steals
my car, it is still MY car,itdoes not become property of the theif and
therefore I sincerly doubt that I would be sueing myself.

Also, on a side not, one comment that was made was something like 'in fact
even aranging access like this would be illegal' that would be untrue as
well in this case since I am not aranging to steal access on
my.stolenlib.com, I would have arranged to gain access on my mud which was
stolen.

[The Wildman]

Without having a lawyer reading over my shoulder and deciphering the legaleze,
it would appear that the following fact can be gleaned from the existing
laws -
Having a 'backdoor' or some such code in a program that allows the author
to access and possibly remove the entire program from a system on which the
said program was illegally installed is perfectly legal.
Examples - shareware games that cease functioning (or remove themselves from
the hd and leave files laying around that prevent reinstallation).

If you know of any precedents where shareware authors went to jail for
protecting their work, post that.

--
The Wildman says:
What part of nospam didn't you understand? If you are selling it, offering it
for a fee, or anything else that has nothing at all to do with my post then
I DON'T WANT IT!!!

[Jon Lambert]

In article <66higo$o...@ds2.acs.ucalgary.ca>, Peter R. Sadlon says...

>
>Plus, using a backdoor to make yourself immortal on a mud does not fit any
>of those laws mentioned, making yourself immortal destroys nothing.

The Colorado law states otherwise. Making yourself an immortal via a
backdoor could be construed as performing "unauthorized alteration of
data". State and federal laws vary widely, as well as jurisdiction in
interstate/federal matters.

>And even if I were to use one of my backdoors and destroyed the lib of a
>mud which I coded, I still would in no way be in offence of any of the
>forementioned becasue, like a previously stated example, if someone steals
>my car, it is still MY car,itdoes not become property of the theif and
>therefore I sincerly doubt that I would be sueing myself.

While the original theft of the lib is an illegal activity, the attempt
to reaquire or destroy it via unauthorized activity is also an illegal
activity. Your example of the car IS relevant though. If the car is
left parked on the street, recovery entails no legal difficulties.
However if the car is parked in someone's locked garage, attempting to
recover it can easily land you in jail for B&E. The solution to this
is to swear out a complaint to the legal authorities that have jurisdiction
over the server running the software and also your own legal authorities.
You would call the police if your car was stolen wouldn't you?

>Also, on a side not, one comment that was made was something like 'in fact
>even aranging access like this would be illegal' that would be untrue as
>well in this case since I am not aranging to steal access on
>my.stolenlib.com, I would have arranged to gain access on my mud which was
>stolen.

Correct. Implementing a backdoor is not illegal. Distributing software
with backdoors is also not illegal. However, generally speaking, if someone
were to use a backdoor to destroy someone's system, you may find yourself
liable to civil damages. Generally software vendors have some protections
against damages due to "bugs", but if these "bugs" are proved intentional
you may have big problems. So you shouldn't distribute software with
backdoors and ,if you insist on doing it, you should inform the
recipient/licensee.

Now this poses an interesting problem. Could someone who has stolen
software sue you for damages that arose from them using the "pirated"
software? I think not. Should you be the one to take advantage of
these backdoors? I think not.

A possible solution:

1) Attempt formal legal proceedings against the offender.

If this does not work...

2) Change your backdoors and publish a detailed description of
the current backdoors.

If the pirates do not have access to sources or have difficulty
in "coding their way out of a paper bag", it poses problems for
them.

--
Jon A. Lambert

[Jon Lambert]

In article <66hk6i$4i4e$1...@newssvr08-int.news.prodigy.com>, The Wildman says...

>
>Without having a lawyer reading over my shoulder and deciphering the legaleze,
>it would appear that the following fact can be gleaned from the existing
>laws -
>Having a 'backdoor' or some such code in a program that allows the author
>to access and possibly remove the entire program from a system on which the
>said program was illegally installed is perfectly legal.

Yes, but the action of accessing the computer system unauthorized or
without prior knowledge or approval is illegal in most states.
There is a subtle but important distinction.

>Examples - shareware games that cease functioning (or remove themselves from
>the hd and leave files laying around that prevent reinstallation).

Yep. But I would venture that those authors who perform a thorough
scrubbing of a file system open themselves up to civil or criminal
suits.

>If you know of any precedents where shareware authors went to jail for
>protecting their work, post that.

None, that I know of. How about those who write "shareware" viruses? ;)

--
Jon A. Lambert

[spar...@value.net]

ds2.acs.ucalgary.ca> <348ba...@news.cc.umr.edu> <66gu4e$6...@ds2.acs.ucalgary.ca> <66h36p$g...@sjx-ixn1.ix.netcom.com> <Pine.LNX.3.96.971208...@matrix.chaos.net>
Organization:

Ok, I am putting my 2 cents in up here. Actually I think back doors would
be looked upon as "vigilante" justice, which is still illegal. The code
being stolen is a crime, however, accessing the system with the stolen
code through a back door is also illegal. The law has often held up the
principle that two wrongs don't make a right. However, it sometimes is a
little more lenient on the revenger, if you don't cause any harm other to
the code that was stolen, you would probably get off with a slap on the
wrist so to speak.

Silus <si...@ods.ods.net> wrote:
> On 8 Dec 1997, Jon Lambert wrote:

> > It is NOT a civil proceeding in either Canada or the US:
> >
> > some examples of CRIMINAL laws on the books see the following -
> >
> > Canadian Law, the RCMP is the enforcement agency:
> > Criminal Code: Section 342.1 - Section 430(1.1)
> >
> > representations, or promises; using the property or services of another
> > without authorization; or committing theft commits computer crime.
> >

> > State of Florida:
> > Chapter 815.07 -
> >
> > 2.
> > 1.Except as provided in this subsection an offense against computer users
is
> > a felony of the third degree, punish- able as provided in S.775.082,
S.775.083,
> > or S.775.084. 2.If the offense is committed for the purposes of devising or
> > executing any scheme or artifice to defraud or to obtain any property, then
> > the offender is guilty of a felony of the second degree, punishable as
provided
> > in S.775.082, S.775.083, or S.775.084.
> >
> Actually, depending on if the code is stolen, and if there is proof of it
> being stolen, under both of those laws then the case could go either
> way. Reason being,

> 1) In order to steal the code unauthorized access is usually gained.
> 2) Both of those list theft as being qualified as computer crime, which
> stealing code would be classified as.

> It would all depend on the evidence given, but in that kind of case both
> parties are guilty.

> -=Silus=-

[spar...@value.net]

ds2.acs.ucalgary.ca> <348ba...@news.cc.umr.edu>
<66gu4e$6...@ds2.acs.ucalgary.ca> <66h36p$g...@sjx-ixn1.ix.netcom.com> <Pine.LNX.3.96.971208...@matrix.chaos.net> <66higo$o...@ds2.acs.ucalgary.ca>:
Organization:

Peter R. Sadlon <prsa...@freenet.calgary.ab.ca> wrote:

> forementioned becasue, like a previously stated example, if someone steals
> my car, it is still MY car,itdoes not become property of the theif and
> therefore I sincerly doubt that I would be sueing myself.

However, depending on how you react to your car being stolen, it may be
seen as endangering public safety, which is a crime. Also say you throw a
rock through your own car window, and hit the thief. Then you have
committed "assault with a deadly" weapon, and as some gun toting home
owners have found liable for his injuries. If you delete or rm the
contents of the directory with the mud in it, and inadvertently or
advertently delete ANY code the thief has writen, or any other items that
are not part of the "stolen" code you have committed a computer crime. I
don't even think you can delete the pfiles if they have been modified.
They could be frozen with a court order until the case is decided, but to
damage them would be a computer crime.

[The Wildman]

On 8 Dec 1997 21:10:02 GMT, Jon Lambert uttered the words:

>
>Yep. But I would venture that those authors who perform a thorough
>scrubbing of a file system open themselves up to civil or criminal
>suits.
>

I'm sorry. Was there any mention of destroying anything other than the
stolen software? I could have sworn that was all that was involved. I'll
agree - there is a HUGE difference between wiping someone's hd and just
wiping the program they shouldn't have in the first place.

[Timothy Philip Vernum]

My $0.02.
The following is on the login for all our university computers.
I can only presume it is taken from Australian law.

****************************************************************************
* ***** This service is for authorised persons ONLY ***** *
* WARNING: It is a criminal offence to: *
* 1. Obtain access to data without authority *
* (Penalty 2 years imprisonment). *
* 2. Damage, delete, alter or insert data without authority *
* (Penalty 10 years imprisonment). *
****************************************************************************

As far as I can see, deleting a mud without permission is 10 years.
Doesn't matter if you claim it as yours (especially since you just deleted
the evidence)

[John Adelsberger]

Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:

: Plus, using a backdoor to make yourself immortal on a mud does not fit any

: of those laws mentioned, making yourself immortal destroys nothing.

State of Missouri at least says that just gaining the access is illegal.
I don't have the law on me, but its probably on the web somewheres.

: And even if I were to use one of my backdoors and destroyed the lib of a

: mud which I coded, I still would in no way be in offence of any of the

: forementioned becasue, like a previously stated example, if someone steals

: my car, it is still MY car,itdoes not become property of the theif and
: therefore I sincerly doubt that I would be sueing myself.

Under at least the law in MO, altering a filesystem you don't have proper
authority to modify in _any_ way, even if it is to remove illegal stuff
you own, is a crime. Going through the proper channels to _have_ it
removed is not. In the same way, if I steal your car and park it in
my garage, and you break into my garage instead of just calling the cops,
we're both gonna go to jail.

[John Adelsberger]

Silus (si...@ods.ods.net) wrote:

: 1) In order to steal the code unauthorized access is usually gained.

No, usually someone who already has the access just abuses it:-)

: It would all depend on the evidence given, but in that kind of case both
: parties are guilty.

Yes, so maybe they both take it in the rear, but the claim made by a
certain Canadian whose name starts with Peter and ends with Sadlon,
that such a case would never make it to trial, is plain and simple
bullshit.

[Peter R. Sadlon]

On 8 Dec 1997, Jon Lambert wrote:

> In article <66higo$o...@ds2.acs.ucalgary.ca>, Peter R. Sadlon says...
> >

> >Plus, using a backdoor to make yourself immortal on a mud does not fit any
> >of those laws mentioned, making yourself immortal destroys nothing.
>

> The Colorado law states otherwise. Making yourself an immortal via a
> backdoor could be construed as performing "unauthorized alteration of
> data". State and federal laws vary widely, as well as jurisdiction in
> interstate/federal matters.

See the car example below...

> >And even if I were to use one of my backdoors and destroyed the lib of a
> >mud which I coded, I still would in no way be in offence of any of the
> >forementioned becasue, like a previously stated example, if someone steals
> >my car, it is still MY car,itdoes not become property of the theif and
> >therefore I sincerly doubt that I would be sueing myself.
>

> While the original theft of the lib is an illegal activity, the attempt
> to reaquire or destroy it via unauthorized activity is also an illegal
> activity. Your example of the car IS relevant though. If the car is
> left parked on the street, recovery entails no legal difficulties.

We are not talking about recovering it though, the example is that it is
still your car and if you smash in a window for example the theif could
not sue you.

Simularily, if I were to delete a lib form a computer which was stolen, if
I delete jsut teh stuff I coded then I have not done any damage to
anything that was not mine, I gained access to a lib which is mine, I
deleted files which were mine.

> were to use a backdoor to destroy someone's system, you may find yourself
> liable to civil damages. Generally software vendors have some protections

Somone's elses system, yes, someone's elses mud, maybe (but unless it were
some extream wierd case it wouldn't go to court) but your lib which was
stolen, no.

> you may have big problems. So you shouldn't distribute software with
> backdoors and ,if you insist on doing it, you should inform the

Again, this isn't about distributing code, its about protecting against
stolen code. When you distribute code anyways, its usually the source
code in which case any backdoors would be way easier to find then if
someone just sole an exe file. Plus the purpose of backdoors are for
safety of your mud, so having the same backdoors on a distributed version
as on yours is just stupid becasue somone can then hack your mud. Putting
in different back doors without documenting them though I would say leans
on the bounds of the illegal, but then again, that is not what this thread
is about.

[Peter R. Sadlon]

On 9 Dec 1997 spar...@value.net wrote:

> ds2.acs.ucalgary.ca> <348ba...@news.cc.umr.edu> <66gu4e$6...@ds2.acs.ucalgary.ca> <66h36p$g...@sjx-ixn1.ix.netcom.com> <Pine.LNX.3.96.971208...@matrix.chaos.net>

> Organization:
>
> Ok, I am putting my 2 cents in up here. Actually I think back doors would
> be looked upon as "vigilante" justice, which is still illegal. The code
> being stolen is a crime, however, accessing the system with the stolen
> code through a back door is also illegal. The law has often held up the

Ok, heres a little example...
One night I was moving spells and skills around into new directories, also
what was required was that I edit the help daemon so that it would search
for filen in the proper directoies. I then rebooted the mud and checked
one directory, but not the other, then went to sleep.

Now when I woke up the next morning I found that I had edited the daemon
for the 2nd directory incorretly and the daemon printed the source code
for the spells instead of the help info. Fortunatly we were in beta
testing and only one or two people saw the code, neither of which really
cared except to let me know the next day.

Now have those 2 people that saw the spell's code illegally accessing
anything? I don't think anyone would say I had a chance in hell at
holding that up in court. The exact is same for backdoors coded into your
lib then used when your lib is stolen.

The thief has the mud up and running, he installed the software for people
to use and log into. And to stop about 5 responces from morons on this
one point, keep in mind that the backdoors were NOT created to gain access
to other muds, and they were not added to a release version of the lib, so
someone who coded and used these backdoors couldn't be charged with
arranging to gain access to anything except their own mud, so keep that in
mind with your car annologies.

[Peter R. Sadlon]

On 9 Dec 1997, Timothy Philip Vernum wrote:

> My $0.02.
> The following is on the login for all our university computers.
> I can only presume it is taken from Australian law.
>
> ****************************************************************************
> * ***** This service is for authorised persons ONLY ***** *
> * WARNING: It is a criminal offence to: *
> * 1. Obtain access to data without authority *
> * (Penalty 2 years imprisonment). *
> * 2. Damage, delete, alter or insert data without authority *
> * (Penalty 10 years imprisonment). *
> ****************************************************************************

Ya, we have something simular, but what are the lines right after or right
before that... something like....

AIX Version 4.0
blaa blaa blaaa
login:

That warning is about logging into that system, not logging onto a game or
something running on that server, for example if I have a guest book, then
everyone who signs that guest book on my webpage is guilty of altering my
guestbook file. Every single piece of email recieved would be in
violation of it, since it alters people's mail folders.

That warning refers to accessing the machine in such ways like stealing
people's passwords ect.

[Peter R. Sadlon]

> Under at least the law in MO, altering a filesystem you don't have proper
> authority to modify in _any_ way, even if it is to remove illegal stuff
> you own, is a crime. Going through the proper channels to _have_ it
> removed is not. In the same way, if I steal your car and park it in

Here I think we see the problem... Who grants authority?
If mudservices.com give me access to run a mud I am assuming that I am not
illegally accessing their system by running my mud on it. They say 7
telnet connections to the root command at once for me and my immortals, so
I would assume that means that I can give authoirty to whom I wish to
access the computers (I'd probably be held accountable though)

And read one of my previous posts, you say _any_ way, well the examples of
email or guest books would seem to be in viloation of your imaginary law.

[Jon Lambert]

In article <66k2sb$r...@ds2.acs.ucalgary.ca>, Peter R. Sadlon says...

>On 8 Dec 1997, Jon Lambert wrote:
>
>> While the original theft of the lib is an illegal activity, the attempt
>> to reaquire or destroy it via unauthorized activity is also an illegal
>> activity. Your example of the car IS relevant though. If the car is
>> left parked on the street, recovery entails no legal difficulties.
>
>We are not talking about recovering it though, the example is that it is
>still your car and if you smash in a window for example the theif could
>not sue you.
>
>Simularily, if I were to delete a lib form a computer which was stolen, if
>I delete jsut teh stuff I coded then I have not done any damage to
>anything that was not mine, I gained access to a lib which is mine, I
>deleted files which were mine.
>

How are you proposing to access the car (data) in order to smash the
window (delete it) while it resides in my garage (my computer system)?

I simply state that any "unauthorized" access to my garage (computer
system) is subject to prosecution in many states and have provided some
references to support this claim.

--
Jon A. Lambert

[Peter R. Sadlon]

On 9 Dec 1997, Jon Lambert wrote:

> In article <66k2sb$r...@ds2.acs.ucalgary.ca>, Peter R. Sadlon says...
> >On 8 Dec 1997, Jon Lambert wrote:
> >
> >> While the original theft of the lib is an illegal activity, the attempt
> >> to reaquire or destroy it via unauthorized activity is also an illegal
> >> activity. Your example of the car IS relevant though. If the car is
> >> left parked on the street, recovery entails no legal difficulties.
> >
> >We are not talking about recovering it though, the example is that it is
> >still your car and if you smash in a window for example the theif could
> >not sue you.
> >

> How are you proposing to access the car (data) in order to smash the
> window (delete it) while it resides in my garage (my computer system)?
>
> I simply state that any "unauthorized" access to my garage (computer
> system) is subject to prosecution in many states and have provided some
> references to support this claim.

How about by remote control? If I had built into my car some remort
locking mechinism which ran off the car's computer (its a high tech car).
I can theoritlly have a remot to it that could do things like keep the
doors locked, or not allow the engine to turn or plugs to fire.

Now you could make a claim that my raido beams truspassed, but try to get
that into a court of law, you'd have just as much luck as trying to sue
someone for using a backdoor to a MUD of all things.

The difference here is simular to me breaking into your garage and
damaging the car, vs me accessing the car directly. Compared with me
logging into a shell account and deleteing files vs me logging into the
mud and deleteing files, or doing whatever to my lib.

[Richard Woolcock]

Jon Lambert wrote:
> [snip]

> How are you proposing to access the car (data) in order to smash the
> window (delete it) while it resides in my garage (my computer system)?

You just invited me (and anyone else who wants a ride in 'your' new car)
into the garage, remember?

> I simply state that any "unauthorized" access to my garage (computer
> system) is subject to prosecution in many states and have provided some
> references to support this claim.

I have never heard of someone being prosecuted for logging on to a mud,
or using the features therein (Whoa...you cast a FIREBALL? Right, thats
it - expect to hear from my lawyer!).

Who should define what is and what is not a feature? Well, the person
who wrote it of course.

KaVir.

[Richard Woolcock]

John Adelsberger wrote:
>
> Peter R. Sadlon (prsa...@freenet.calgary.ab.ca) wrote:
>

> : Plus, using a backdoor to make yourself immortal on a mud does not fit any

> : of those laws mentioned, making yourself immortal destroys nothing.
>

> State of Missouri at least says that just gaining the access is illegal.

It is illegal to play muds in Missouri huh? Should I sue my Missouri players?

> I don't have the law on me, but its probably on the web somewheres.
>

> : And even if I were to use one of my backdoors and destroyed the lib of a

> : mud which I coded, I still would in no way be in offence of any of the
> : forementioned becasue, like a previously stated example, if someone steals
> : my car, it is still MY car,itdoes not become property of the theif and
> : therefore I sincerly doubt that I would be sueing myself.
>

> Under at least the law in MO, altering a filesystem you don't have proper
> authority to modify in _any_ way, even if it is to remove illegal stuff

Right so let me get this straight. Not only is it illegal to play on a mud
in some states, but in addition it is illegal to 'save' your character, post
a note, write an area, etc? These are all features of the game. Deleting
the entire source code is another (undocumented) feature of certain muds.
If this is illegal, then the unix 'rm' command must also be illegal. I'll
let the authors of unix off though, cos I'm a nice bloke (and I don't want
to get laughed out of court and get fined for wasting the courts time).

> you own, is a crime. Going through the proper channels to _have_ it
> removed is not. In the same way, if I steal your car and park it in

> my garage, and you break into my garage instead of just calling the cops,
> we're both gonna go to jail.

And what if you open your garage door and invite everyone in to come for
a ride in the car - and while in there, I press a buttom under my chair
which results in the engine falling apart? I invented the car, I own the
car, and I used a feature of the car *shrug*. Sure, if I tried to SELL
(read 'distribute') the car, then I would have to list all such features.
The car has not been sold though - it is the prototype, and still under
development. The 'disintergrating engine' is a feature - part of the
purpose of the car, in the same way as it might have a sunroof, central
locking, automatic windows, and so on. The feature does no harm to any
individual or external entity, it is just there in case of an emergency
(perhaps in case the breaks fail? *shrug* it doesn't have to be the best
designed feature, but it does serve a valid purpose). Ever tried sueing
a car company because you didn't like the 'air conditioning' feature?

KaVir.

[Timothy Philip Vernum]

"Peter R. Sadlon" <prsa...@freenet.calgary.ab.ca> writes:

>The thief has the mud up and running, he installed the software for people
>to use and log into. And to stop about 5 responces from morons on this
>one point, keep in mind that the backdoors were NOT created to gain access
>to other muds, and they were not added to a release version of the lib, so
>someone who coded and used these backdoors couldn't be charged with
>arranging to gain access to anything except their own mud, so keep that in
>mind with your car annologies.

Everyone I read has kept that in mind.

If you have a spare key to your car and you use it to get into the car after
it is stolen, that's okay.

If you know that the passenger door doesn't lock properly, and you use that
to get in it's okay.

But it is is parked in the theif's garage, then at best, you are committing
criminal trespass by getting into it.

If you have a remote control for you car to open the doors, and you do it
while the thief is next to it, so you knock him over, it's still assault.

Having means to get into the software isn't illegal.
Using them for an illegal purpose is. Conspiring to use them for an illegal
purpose may also get you into trouble.

So unless you have authority to access the server their mud is running on,
then using a back door to delete the mud is going to give you illegal
access to the file-system. It doesn't matter if the files are yours, the
file-system isn't.

And it's no use saying I didn't get access, I only had access to the mud,
because any hacker can say "I only got access to the shell as root."
When it comes down to the legalities, both the mud, and a shell are
programs which give you access to the file-system. If you use them
illegally, then it is a crime.
And being a crime you end up in a CRIMINAL case.

Note also, that if you do wipe the mud, you can no longer prove it was your
mud.

[Timothy Philip Vernum]

"Peter R. Sadlon" <prsa...@freenet.calgary.ab.ca> writes:

>On 9 Dec 1997, Timothy Philip Vernum wrote:

>> My $0.02.
>> The following is on the login for all our university computers.
>> I can only presume it is taken from Australian law.
>>
>> ****************************************************************************
>> * ***** This service is for authorised persons ONLY ***** *
>> * WARNING: It is a criminal offence to: *
>> * 1. Obtain access to data without authority *
>> * (Penalty 2 years imprisonment). *
>> * 2. Damage, delete, alter or insert data without authority *
>> * (Penalty 10 years imprisonment). *
>> ****************************************************************************

>Ya, we have something simular, but what are the lines right after or right
>before that... something like....

>AIX Version 4.0
>blaa blaa blaaa
>login:

>That warning is about logging into that system, not logging onto a game or
>something running on that server,

Running something like say a telnetd and shell ?
Yeah that's perfectly legal. I never went through that login screen,
I just telneted there. (which in this case would by-pass this screen)

> for example if I have a guest book, then
>everyone who signs that guest book on my webpage is guilty of altering my
>guestbook file. Every single piece of email recieved would be in
>violation of it, since it alters people's mail folders.

No.
By putting a guest-book up, you are giving people authority to write data
By accepting email, you are giving authority.

But no one gave you the authority to delete data from that mud.
You can claim it is yours all you like, you don't have the authority to
delete it.

What is you find a back-door in someone else's mud and use it to delete
their mud? It's not access to the computer itself, only the mud. Is that
legal? Ok so now it's not a mud, it's their web server. Is it legal?
It's still not the computer itself, just a process on their computer.

>That warning refers to accessing the machine in such ways like stealing
>people's passwords ect.

No it refers to "access to data without authority"
It doesn't say "logging in without authority"
Just because the warning doesn't get shown when you connect to the mud, the
law still applies.
Warning signs are just that. Warnings.

That said, I do recall reading somewhere, that a hacker got off his charges
once because he showed that the system he broke into has a "Welcome" screen.

I'm pretty sure the law has changed since then.

[Jon Lambert]

In article <348E56...@dial.pipex.comNOSPAM>, Richard Woolcock says...

>Jon Lambert wrote:
>> [snip]
>> How are you proposing to access the car (data) in order to smash the
>> window (delete it) while it resides in my garage (my computer system)?
>
>You just invited me (and anyone else who wants a ride in 'your' new car)
>into the garage, remember?
>

Does this mean that any mud may be deleted by those logging in?
Or is just pirated a mud unprotected by law?

Hypothetical 1:
I log in to your mud running on your server.
I discover you have a backdoor (or even an unknown bug).
From this backdoor/bug I delete all mud related files.
From system logs you are able to trace me right back to my ISP account.

Do you have any legal protection?

Hypothetical 2:
I steal your mud (hypothetical ok ;) )
You log in to "my" mud running on my server.
From the backdoor you delete all mud related files.
From system logs I am able to trace you right back to your ISP account.

Do I have any legal protection?

I maintain 'yes' in both cases. The legal protection I would invoke
would be based on the "ownership of the server". Of course I could
be wrong in my interpretation of the FL and CO state laws I posted.
But being on the other side has some consequences also, it makes
Hypothetical #1 a legal activity. No?

Consider that in the second case, if you had began legal proceedings
for theft of intellectual property (or somesuch) you would have
destroyed the evidence.

>> I simply state that any "unauthorized" access to my garage (computer
>> system) is subject to prosecution in many states and have provided some
>> references to support this claim.
>
>I have never heard of someone being prosecuted for logging on to a mud,
>or using the features therein (Whoa...you cast a FIREBALL? Right, thats
>it - expect to hear from my lawyer!).
>

Neither have I. Although consider the differences between a shell account
and mud account. Technically they are identical, at least from the legal
point of view.

I would hope the fireball would be considered authorized use.
Of course if PK is unauthorized... :P

--
Jon A. Lambert
"Everything that deceives may be said to enchant" - Plato

[Peter R. Sadlon]

> > for example if I have a guest book, then
> >everyone who signs that guest book on my webpage is guilty of altering my
> >guestbook file. Every single piece of email recieved would be in
> >violation of it, since it alters people's mail folders.
>
> No.
> By putting a guest-book up, you are giving people authority to write data
> By accepting email, you are giving authority.
>
> But no one gave you the authority to delete data from that mud.
> You can claim it is yours all you like, you don't have the authority to
> delete it.

You totally contridict yourself and effectivly say nothing. By putting
the mud up and allowing access you are giving people autority to log on
and save player files and to interact with the mud (the computer) on a
varity of levels.

By having the backdoors installed you also provide the ability and
authority for someone to log in and use the backdoors. You can't have it
both ways.

> That said, I do recall reading somewhere, that a hacker got off his charges
> once because he showed that the system he broke into has a "Welcome" screen.
>
> I'm pretty sure the law has changed since then.

Ya, I beleive that could have been the same inncident I was refering to
before when I mentioned that putting things like 'Enter at your own risk'
and such can be interpretted as a welcome and there-fore you can't sue
someone for tresspassing.

[Serhat Sakarya]

Sorabain W De Lioncourt (ba...@scallop.dcs.warwick.ac.uk) wrote:
: In article <3488D1...@concentric.net>,
: Ron Cole <clogar...@concentric.net> wrote:
: >John Adelsberger wrote:

[snip]

: Although i suppose the best policy now that everyone 'knows' your mud has
: backdoors in is to take them all out, then all the people will spend ages
: and ages trying to find the things, and having failed completely will never
: be really sure if running a copy of your mud is safe.

Of course you could always just _say_ there is a backdoor and let people
spends ages looking for it. ;-)

Btw, just out of curiosity: are you dealing with a codebase that is
distributed/public or not? If you only need one version of the code,
then there might be easier ways to protect it.

If it sortof public, then you might want to write a 'C -> rotten layout C'
converter and use it for certain pieces of code... isn't it easy to have
all C code on one long (10k) line? :-)

Regards,

Serhat Sakarya
--
If you wish te email me, please replace '[127.0.0.1]' in the 'from'
address with 'freud.et.tudelft.nl' - if you are really nice, you
may even give me a local account on your machine so the address
will work.

[Peter R. Sadlon]

On 10 Dec 1997, Timothy Philip Vernum wrote:

> "Peter R. Sadlon" <prsa...@freenet.calgary.ab.ca> writes:
>

[car stuff snipped]

> If you have a spare key to your car and you use it to get into the car after
> it is stolen, that's okay.

So like if I was able to have a hidden player file that was an immortal?

> If you know that the passenger door doesn't lock properly, and you use that
> to get in it's okay.

Ahh, so what if I broke the passenger door on purpose, in effect creating
a backdoor?

> But it is is parked in the theif's garage, then at best, you are committing
> criminal trespass by getting into it.

But if a mud is up and running then you are not tresspassing on property.
The mud is there and running and you log in, perfectlly legal and safe,
and all you do is use some code which you created and was installed by the
thief.

> If you have a remote control for you car to open the doors, and you do it
> while the thief is next to it, so you knock him over, it's still assault.

Techniclly you could make a case, but simularlly, if you knock someone
over how big of a chance would he have in court wioth getting a convicion?
But again knocking over someone would be equivilant to pushing over the
person who stole your mud?!?!? I really don't see where any physical
contact has simularities to anything we're talking about.

> So unless you have authority to access the server their mud is running on,
> then using a back door to delete the mud is going to give you illegal
> access to the file-system. It doesn't matter if the files are yours, the
> file-system isn't.

Again, you are not accessing the server, you are accessing the mud. Maybe
the concept of the 2 being different is above you or something, plus since
the mud is up and running it would be open to the public, and as I beleive
I pointed out in your other post you try to argue that things like email
and guest books are legal access while a mud isn't, which is just crap.
The mud being up and running gives autority just like a guest book up and
running does.

If a mud requires that charaters email an admin before getting a charater
and logging on, then I could see a possible case in that one situation.
Wether the mud is just currently closed, or they have a policy of
regersting all charaters. But then once a charater is granted that is
like granting authority to the mud.

> Note also, that if you do wipe the mud, you can no longer prove it was your
> mud.

Also if the mud is totally wiped then there is no evidence that it exsted
or that you wiped it. Plus we are not talking about wiping out a whole
mud. Although that seems to be a main concern, remember that the topic
was the use of backdoors for any purpose and wether or not they are legal,
not wether or not deleteing a mud is.

[Peter R. Sadlon]

On 10 Dec 1997, Jon Lambert wrote:

> In article <348E56...@dial.pipex.comNOSPAM>, Richard Woolcock says...
> >Jon Lambert wrote:
> >> [snip]
> >> How are you proposing to access the car (data) in order to smash the
> >> window (delete it) while it resides in my garage (my computer system)?
> >
> >You just invited me (and anyone else who wants a ride in 'your' new car)
> >into the garage, remember?
> >
>
> Does this mean that any mud may be deleted by those logging in?
> Or is just pirated a mud unprotected by law?

Where did you get the idea that all of a sudden the mud was deleted? This
is about access through a backdoor in a mud and the claim that such access
is illegal. Not what someone does with that access.

> Hypothetical 1:
> I log in to your mud running on your server.
> I discover you have a backdoor (or even an unknown bug).
> From this backdoor/bug I delete all mud related files.
> From system logs you are able to trace me right back to my ISP account.
>
> Do you have any legal protection?

I would say no if it was a backdoor or a bug and you did it once, or twice
to be funny. If it were your code which I stole, again no. If it were
your code that you released then I think I would have a case. If it was a
design flaw in the mud and you went around to all simular libs doing the
same over and over then again yes.

Overall though since we are talking about backdoors, if you were to use a
backdoor I created on my mud to access it illegally then no I wouldn't
have a case.

> Hypothetical 2:
> I steal your mud (hypothetical ok ;) )
> You log in to "my" mud running on my server.
> From the backdoor you delete all mud related files.
> From system logs I am able to trace you right back to your ISP account.
>
> Do I have any legal protection?

No, you installed the code and ran it. Saying yes is like me trying to
sue someone irl for pking.

> Consider that in the second case, if you had began legal proceedings
> for theft of intellectual property (or somesuch) you would have
> destroyed the evidence.

Again, we are looking at 1 possible ending of gaining access, that is
deleteing the mud, which may or may not be legal. If I was made an admin
on a mud and I deleted it could you sue? The subject is wether or not
getting the access of anything through a backdoor is illegal.

[Walter Goodwin]

In article <66mbl2$r6h$1...@elektron.et.tudelft.nl>,

Serhat Sakarya <serhat@localhost> wrote:
>
>If it sortof public, then you might want to write a 'C -> rotten layout C'
>converter and use it for certain pieces of code... isn't it easy to have
>all C code on one long (10k) line? :-)

Er, wouldn't that depend on the editor? Most editors I've used have had
_some_ kind of limit on how much can go on one line :) Besides, putting
it on one line isn't very effective. they can just reformat. You've
actually got to work to really obfuscate your code. (but 2 weeks later,
you can't read it yourself ;)

On a similar note, as an example of how effective rotten layout of C code
is, take a look at this page :)

http://remus.rutgers.edu/~rhoads/Obfuscated_C/obfuscate.html

[Richard Woolcock]

Jon Lambert wrote:
>
> In article <348E56...@dial.pipex.comNOSPAM>, Richard Woolcock says...[snip]

> >You just invited me (and anyone else who wants a ride in 'your' new car)
> >into the garage, remember?
> >
>
> Does this mean that any mud may be deleted by those logging in?

Can players be killed by those logging in?
Can data (pfiles/notes/etc) be stored to HD by those logging in?
Can those who log in gain levels?
Can those who log in use chat/gossip/tell?
Can those who log in eat big pot pies from the bakery?

*shrug*, surely that depends on what the coder wants his/her mud to do.

Do you think if James Bond invited someone to sit in his new car, and
they pulled the 'self destruct' lever, then he could sue them? (Assuming
that nobody was injured of course...maybe the car would just fall apart).

> Or is just pirated a mud unprotected by law?
>

> Hypothetical 1:
> I log in to your mud running on your server.
> I discover you have a backdoor (or even an unknown bug).
> From this backdoor/bug I delete all mud related files.
> From system logs you are able to trace me right back to my ISP account.
>
> Do you have any legal protection?

Nope, because you have used a feature of the mud. Equally, you cannot
sue me for deleting your pfile - although I remember reading (a LONG time
ago) on the newsgroups about an immortal being threatened with legal action
after accidently wiping a load of pfiles (the player concerned decided that
he should be compensated for wasted time which he could have spent working).
Whether this was serious or not, I cannot say - but the very suggestion is
laughable. A backdoor may be an 'undocumented feature', but then so are
bugs, and I can't see myself managing to sue you for using one of those.

> Hypothetical 2:
> I steal your mud (hypothetical ok ;) )
> You log in to "my" mud running on my server.
> From the backdoor you delete all mud related files.
> From system logs I am able to trace you right back to your ISP account.
>
> Do I have any legal protection?

No, for the above reason.

> I maintain 'yes' in both cases. The legal protection I would invoke
> would be based on the "ownership of the server". Of course I could
> be wrong in my interpretation of the FL and CO state laws I posted.
> But being on the other side has some consequences also, it makes
> Hypothetical #1 a legal activity. No?
>

> Consider that in the second case, if you had began legal proceedings
> for theft of intellectual property (or somesuch) you would have
> destroyed the evidence.

The whole point of (me) using a backdoor in this situation is to avoid
the costly process of having to take legal action.

> >> I simply state that any "unauthorized" access to my garage (computer
> >> system) is subject to prosecution in many states and have provided some
> >> references to support this claim.
> >
> >I have never heard of someone being prosecuted for logging on to a mud,
> >or using the features therein (Whoa...you cast a FIREBALL? Right, thats
> >it - expect to hear from my lawyer!).
> >
>
> Neither have I. Although consider the differences between a shell account
> and mud account. Technically they are identical, at least from the legal
> point of view.

Hmmm on an LPmud perhaps, but diku accounts are dealt with somewhat
differently. Legally speaking however, I suppose they would be considered
the same.

> I would hope the fireball would be considered authorized use.

Why do you assume this?

> Of course if PK is unauthorized... :P

And what if you discover that by standing in room 'x' you are able to kill
me instantly with your fireball due to a very obscure bug. Have you not
used a 'backdoor'?

Out of interest I also wrote a couple of commands, one of which wiped all
c/h files, the other of which set my level to implementor. The code was
not hidden, the first was designed so that I could clear off the code after
a startup (when I didn't have shell access at the time), the second was used
in case I wanted to make myself mortal for a while (primarily because immortal
level characters have very limited interaction capabilities). The deletion
code was protected with an encrypted password within the code, while the level
setting command would only work for names I had hardcoded in. Both of these
were features, designed to help me operate the mud. Should these be considered
backdoors?

KaVir.

[Jon Lambert]

In article <66mfoa$9...@ds2.acs.ucalgary.ca>, Peter R. Sadlon says...

>On 10 Dec 1997, Jon Lambert wrote:
>

>> Does this mean that any mud may be deleted by those logging in?

>> Or is just pirated a mud unprotected by law?
>

>Where did you get the idea that all of a sudden the mud was deleted?

Perhaps from your earlier postings:
==Simularily, if I were to delete a lib form a computer which was stolen, if
==I delete jsut teh stuff I coded then I have not done any damage to
==anything that was not mine, I gained access to a lib which is mine, I
==deleted files which were mine.
and:
==Somone's elses system, yes, someone's elses mud, maybe (but unless it were
==some extream wierd case it wouldn't go to court) but your lib which was
==stolen, no.

>This is about access through a backdoor in a mud and the claim that such
>access is illegal. Not what someone does with that access.

I do believe the laws I posted have _everything_ to do with what
someone _does_ with the unauthorized access be it a backdoor, bug, or
simple password hacking.

Surely what you are discussing is access with the intent to "damage"
or "destroy" data on the server?
Or are you postulating that someone whose code had been stolen would access
their mud just to "get a leg up" in playing the stolen game, not to damage
data?

If this is the case, I can't really comment on it seriously.
Such a person could be said to have very strange motivations.
Eccentric might be too kind, perhaps.

>Again, we are looking at 1 possible ending of gaining access, that is
>deleteing the mud, which may or may not be legal. If I was made an admin
>on a mud and I deleted it could you sue?

Yes. There is some precedence for this. Your confusion is in trying to
make legal distinctions between a person you entrust to administer a
mud server, entrust to administer an e-mail server or entrust to
administer a UNIX server. There are none. The precedence I refer
to is companies that have sued employees for willful destruction
of company computer data they had authorized access to. It's not
limited to employees, but also to contractors. I do believe it's
applicable. Certainly the proof of the case is a bit more difficult
for the average mud administrator. Many arrangements are not formalized
and more casual.

There are also no legal distinctions between damage, alteration or
deletion. At least within the language of the ones I posted.

>The subject is wether or not
>getting the access of anything through a backdoor is illegal.

This is USENET. I'm not far from subject matter. At least I
haven't posited the possibility of the Pope deleting the mud under
divine direction. Yet... ;)

--
Jon A. Lambert

[Jon Lambert]

In article <348F64...@dial.pipex.comNOSPAM>, Richard Woolcock says...

>
>Out of interest I also wrote a couple of commands, one of which wiped all
>c/h files, the other of which set my level to implementor. The code was
>not hidden, the first was designed so that I could clear off the code after
>a startup (when I didn't have shell access at the time), the second was used
>in case I wanted to make myself mortal for a while (primarily because immortal
>level characters have very limited interaction capabilities). The deletion
>code was protected with an encrypted password within the code, while the level
>setting command would only work for names I had hardcoded in. Both of these
>were features, designed to help me operate the mud. Should these be
>considered backdoors?
>

OK. One more scenario and I'll leave the argument to stand or fall
down on it's own legs. :)

1) I telnet into server port 1234 (mud), crack this command password, and
delete the code.

2) I telnet into server port 23 (telnetd), crack the root password, and
delete the code.

Are you saying there is a legal distinction? You implied that there
probably is not. Surely the intended use of the mud command was to delete
the code. And surely the intended use of the 'rm' command was to delete
the code. Is this a case of "reasonable" use, "unauthorized" use or perhaps
"malicious" use. Or perhaps your own code _can_ be used against you and
you have no legal recourse? And by inference, if I logged into a IBM server
running their own product, I could willfully sabotage it?

--
Jon A. Lambert

[Richard Woolcock]

Jon Lambert wrote:
>
> In article <348F64...@dial.pipex.comNOSPAM>, Richard Woolcock says...
> >
> >Out of interest I also wrote a couple of commands, one of which wiped all
> >c/h files, the other of which set my level to implementor. The code was
> >not hidden, the first was designed so that I could clear off the code after
> >a startup (when I didn't have shell access at the time), the second was used
> >in case I wanted to make myself mortal for a while (primarily because immortal
> >level characters have very limited interaction capabilities). The deletion
> >code was protected with an encrypted password within the code, while the level
> >setting command would only work for names I had hardcoded in. Both of these
> >were features, designed to help me operate the mud. Should these be
> >considered backdoors?
> >
>
> OK. One more scenario and I'll leave the argument to stand or fall
> down on it's own legs. :)
>
> 1) I telnet into server port 1234 (mud), crack this command password, and
> delete the code.

You have used a feature of the mud which I didn't want to be used, but it
was a feature non the less. I invited you to play the mud, and therefore
use the features available.

> 2) I telnet into server port 23 (telnetd), crack the root password, and
> delete the code.

I would assume the 'root' did not invite you to attempt this? A server
is NOT free access, unless you connect as 'anonymous' or suchlike. Muds
are (generally) for anyone to connect to.

> Are you saying there is a legal distinction? You implied that there
> probably is not. Surely the intended use of the mud command was to delete

The difference is that you are invited to connect to the mud, but not to
connect onto the server. If I gave you the password to my shell account
and permission to use it, then you logged on and deleted everything in my
directory, would you be breaking the law? If you managed to hack the
password to my implementor character rather than the 'root' password,
would this be breaking the law?

> the code. And surely the intended use of the 'rm' command was to delete
> the code. Is this a case of "reasonable" use, "unauthorized" use or perhaps
> "malicious" use. Or perhaps your own code _can_ be used against you and
> you have no legal recourse? And by inference, if I logged into a IBM server
> running their own product, I could willfully sabotage it?

No, you would be breaking the law by cracking their password. If you were
given an account by IBM, then they would make you sign various documents
which could be used to severely screw you over were you to sabotage their
system.

I am not sure what were to happen if you didn't sign anything but still
managed to get an account - probably the person who gave you the account
would be held equally responsible. I strongly suspect that you would
have the pants sued off you for damages. Now suppose you did the same
thing to a mud - they make no money, and would have lost none. Besides
which if it was your code - and you had proof - I very much doubt anyone
would be stupid enough to actually take action against you.

KaVir.