Indy Strikes in the Borcon Lab!
Vincent Parrett(AtoZed)
Vincent Parrett(AtoZed)
message news:3cebc6e5$1_1@dnews...
> http://www.atozedsoftware.com/images/borcon2002/after_lab.jpg
BTW, for those that didn't get it... this was a joke, the bsod's were not
real!!
--
Regards
Vincent Parrett
AtoZed Software
Email vin...@atozedsoftware.com
-------------------------------------------------------------------
Automate your build process with FinalBuilder
http://www.atozedsoftware.com
Rudy Velthuis (TeamB)
<vin...@nospam-atozedsoftware.com> says...
> BTW, for those that didn't get it... this was a joke, the bsod's were not
> real!!
Hard to tell with that resolution and a 17". <g>
--
Rudy Velthuis (TeamB)
"I have made this letter longer than usual because I lack
the time to make it shorter." -- Blaise Pascal
Levend Sener
Levend.
"Ritchie A." <ritc...@spamcop.net> schrieb im Newsbeitrag
news:1105_10...@forums.borland.com...
> On Wed, 22 May 2002 20:15:19 +0200, "Rudy Velthuis (TeamB)"
<rvel...@gmx.de> wrote:
> > In article <3cebd6f2$1_2@dnews>, "Vincent Parrett\(AtoZed\)"
> > <vin...@nospam-atozedsoftware.com> says...
> > > BTW, for those that didn't get it... this was a joke, the bsod's were
not
> > > real!!
> > Hard to tell with that resolution and a 17". <g>
>
> Those who went to the Advanced Servers in Indy were forewarned :)
>
> That was a *really* fun session. Learning about Indy's UDP components
*and* practical jokes at the same time.
>
> The Eliza demo made me nostalgic :)
>
> -- Ritchie Annand
>
>
>
Kudzu
@dnews:
> I heard that _something_ happened in the Lab ... but _what_ exactly ?
Soon. :)
Vincent did a write up that I'll be editing and posting as well as source code.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"
IntraWeb & FinalBuilder - http://www.AToZedSoftware.com
Posted by ELKNews 1.0.4-B
Empower your News Reader! http://www.atozedsoftware.com
Joi Ellis [TeamB]
> On Tue, 28 May 2002 19:52:22 +0200, "Levend Sener" <LSener@_NO_SPAM_think-factory.de> wrote:
>> I heard that _something_ happened in the Lab ... but _what_ exactly ?
>>
>> Levend.
> I didn't hear precisely, but if it's the same thing Chad was demoing, all computers in the lab would have come up with a
> big, scary NT-style blue screen.
> But the error message would be a haiku.
> IIRC, it would say to press any key to continue... and then when you hit one, it would say "No, I said hit the ANY key" :)
> Bad, bad, naughty Chad :)
That sounds like the time some engineers from my department were in an
NT 4 Server administration class, and one of them got bored and hacked into
the instructor's server (the one whose display is projected to the class)
and installed one of those bsod screensavers. Then he asked the guy a
detailed question that took so long to answer the screensaver kicked in...
--
Joi Ellis (TeamB) http://www.teamb.com/
No direct email, please.
For best results, post on news server newsgroups.borland.com!
Newsgroup Guidelines: http://www.borland.com/newsgroups/guide.html
Only posts which violate the rules in guide.html are subject to cancelation.
Scott Taylor
of this sort:
1. Open a few random windows on your boss's PC and take a full screenshot
(PRTSCRN)
2. Paste the screenshot into Paint and save as a BMP
3. Open the display properties and set this BMP to be the desktop wallpaper
4. Close all the windows you opened. The corresponding copies in the
wallpaper will remain "open".
(4a. For extra devious fun, delete a few critical desktop shortcuts...
their non-working counterparts will remain visible as well.)
5. Sit back and watch the fun as your boss clicks madly on the wallpaper
trying to close the open windows (and/or open new desktop applications).
6. If asked for your assistance, suggest a reboot. :)
Hours of fun.
st
"Joi Ellis [TeamB]" <j...@aravox.com> wrote in message
news:3cf4cf23_1@dnews...
Nick Hodges (TeamB)
wrote:
>
>Bad, bad, naughty Chad :)
The lab staff was not amused.
Nick Hodges
Lemanix Corporation
How to ask questions of techies --
http://www.tuxedo.org/~esr/faqs/smart-questions.html
Robert Kozak
complaining or getting upset.. I heard laughter.
Then again the whole event lasted less than 20 seconds I think so maybe some
people were just stunned.
Robert Kozak
"Nick Hodges (TeamB)" <nickh...@yahoo.com> wrote in message
news:6qq9fu85n02u5566n...@4ax.com...
JoeH
> The lab staff was not amused.
LOL. Indy-ana Jones and the Temple of DOM :-)
JoeH
Gus
> The lab staff was not amused.
Part of the lab staff was in the know the night before. I was there working
on my BoaF presentation and witnessed the preparation. It all in good fun.
Paul Gustavson
Iman L Crawford
> The lab staff was not amused.
Those without a sense of humor?
--
Iman
"Tragedy is when I stub my toe.
Comedy is when you fall into an open sewer and die."
Mike Orriss (TeamB)
No, those with a sense of responsibility.
It does not make Borland look good that somebody can interfere with all
the lab machines simultaneously, especially when they take a photograph
and then make it available to the whole world via newsgroups.
It was totally unprofessional and the people concerned should be ashamed,
not parade their glee!
Mike Orriss (TeamB and DevExpress)
Kudzu
news:VA.00002af6.0dbff64c@pcmike1:
> No, those with a sense of responsibility.
>
> It does not make Borland look good that somebody can interfere with all
> the lab machines simultaneously, especially when they take a photograph
> and then make it available to the whole world via newsgroups.
>
> It was totally unprofessional and the people concerned should be ashamed,
> not parade their glee!
I'm glad that such an unbiased party is able to clear the issue up again.
Bob Dawson
news:VA.00002af6.0dbff64c@pcmike1...
>
> No, those with a sense of responsibility.
Exactly right. People rely on the lab machines to do things like check into
their respective companies' secure mail servers and conduct other business.
Shame on anyone involved in this unprofessional conduct--and if Borland knew
who did it and did not immediately bar them from the lab, then shame on them
as well.
And as for Indy, am I supposed to trust my secure communications needs to a
group of individuals who think it funny to hack strangers' machines for
their own amusement? Not likely.
bobD
JoeH
Well, I think it helps BorCon's reputation,
providing a harmless hacker practical joke.
Makes me want to go next year,
thinking about all the colorful character names
I missed this year - "Dr Bob", "Allessandro.Net",
"Jimmy Used-Disks", etc,
and now "The Great Masked Kudu Bandit" :-)
From the pics shared online, these are not
2-piece-suit-pointy-hair-boss conferences, thankfully.
JoeH
Mike Orriss (TeamB)
> I'm glad that such an unbiased party is able to clear the issue up again.
>
I admit that I'm biased - but only because I have my TeamB hat on. At the
time I was first trying to cancel the newsgroup message, I had no idea that
you were involved. Quite frankly, I was amazed to soon find that you were
associated with the action.
In actual fact, knowing that you would inevitably accuse me of bias has
kept me far quieter on this issue than I would have liked. I will say it
again - this was childish, unprofessional conduct by whoever did it.
This is my last word on the subject.
Ralph Friedman
in article <3cf61efb$1_1@dnews>, you wrote:
> From the pics shared online, these are not
> 2-piece-suit-pointy-hair-boss conferences, thankfully.
>
The problem is that, more-and-more, that is the crowd to which Borland is
pointing its attention. The days of the Barbarians are, sadly, long gone.
Borland seems to have forgotten that the individual developer exists.
--
Regards
Ralph (Garlin Software)
==
Man soll die Dinge nicht so tragisch nehmen wie sie sind
--Karl Valentin--
David R. Robinson
source code.
Great. That's just what we all need -- some template code for people to
use to try to one up this year's stunt.
David R.
David R. Robinson
Not only that, but stunts like that are what cause freedoms and
privileges that other people have to go away. Don't be surprise next
year if the lab has a lot of new restrictions thanks to this lovely
"joke". If so, we'll all know who to thank for it.
> And as for Indy, am I supposed to trust my secure communications needs
to a group of individuals who think it funny to hack strangers' machines
for their own amusement? Not likely.
Absolutely.
David R.
William Meyer
> The problem is that, more-and-more, that is the crowd to which Borland is
> pointing its attention. The days of the Barbarians are, sadly, long gone.
> Borland seems to have forgotten that the individual developer exists.
Sad, but true, but that dates from the first name change, I'm afraid. Not
only the name was changed, but the culture, as well. It seems never to have
recovered.
--
Bill
The "pursuit of happiness" is a guarantee, not of a happy life, but of the
right to labor for your own benefit.
- Posted with XanaNews -
Mark Boler
news:Xns921E86F...@127.0.0.1...
> I'm glad that such an unbiased party is able to clear the issue up again.
When will someone publish what actually happened? I'd like to know.
Mark
Iman L Crawford
> ashamed, not parade their glee!
I take you don't like any practical jokes? This souned harmless. If
Borland over reacts this is thier loss, as everything doesn't have to be
associated with furthering someone financial gain.
Mike Williams
> Borland over reacts this is thier loss, as everything doesn't have to be
> associated with furthering someone financial gain.
I think it depends on how much trouble was caused: were people prevented
from doing work, did the lab staff have to do extra work to clean things up,
etc. I wasn't in the lab when this happened so I don't have the answers.
-Mike
Nick Hodges (TeamB)
<wmhm...@earthlink.net> wrote:
>
>Sad, but true, but that dates from the first name change, I'm afraid. Not
>only the name was changed, but the culture, as well. It seems never to have
>recovered.
I disagree. Borcon was +all about+ the individual developer.
Ray Lischner
<ilcrawford.at.hotmail.dot.com> wrote:
> ...This soun[d]ed harmless.
The same argument is used by hackers who break into corporate networks.
It's "harmless" if they don't download any credit card numbers or other
corporate secrets.
Or it could by used by someone who breaks into your home, rummages around
but decides that your stuff isn't worth stealing. Because they didn't take
anything, is was "harmless."
--
Ray Lischner, author of Delphi in a Nutshell
http://www.tempest-sw.com/
Atanas Stoyanov
> not parade their glee!
Very disappointing - if I had known uncontrolled third-parties are having
access to install and run whatever they like on the computer lab machines
and then broadcast across the network, I would have certainly not used my
web e-mail.
Don't know about the legal status of this action, but Borland should put a
prominent notice/disclaimer next year that conference attendees should not
use those computers for any personal activities (check email/make online
purchases etc.).
Atanas
William Meyer
> I disagree. Borcon was +all about+ the individual developer.
We live in hope :)
Vincent Parrett(AtoZed)
news:3cf6350b$1_1@dnews...
It's not rocket science! Anyone who has done any programming with Indy could
knock together such a program in very short order. Maybe we should pull Indy
and for that matter, Borland should stop selling programming tools in case
someone writes a virus or something.... gimme a break!
--
Regards
Vincent Parrett
AtoZed Software
Email vin...@atozedsoftware.com
-------------------------------------------------------------------
Automate your build process with FinalBuilder
http://www.atozedsoftware.com
Douglas Development Group, L. L. C.
You should ALWAYS assume the computers and/or network connection in a public
setting are NOT secure. It is just the nature of the service. This
especially goes for webcafe's. Just because your web connection is
ssl-secured it does not mean the data isn't cached in the clear on that
computer or a proxy server. As the Indy team showed a simple tcp-port based
application can capture and activate processes with no user involvement
except for the initial application load (Question all website auto uploads).
If you want security
1) use your own equipment
2) link into your network through a SECURED VPN connection
3) go out to the internet from there.
Thats it.
Douglas T. Pavik
President/CIO
Douglas Development Group, L. L. C.
http://www.douglasdevelopmentgroup.com
FYI-- The #1 source of hackers gaining access to a system is not from the
outside but from access within the front doors.
P.S. I thought it was funny.
Douglas Development Group, L. L. C.
activate an application on a win/x box if the application has rights. Just
take a look a the functions available in the base winsock.dll which has been
around since 1990 (year?).
Doug
Luk Vermeulen
>
> It's not rocket science!
It's not polite either, to do such a thing without consent and without
warning. I believe the matter is not that such a thing was written (which is
indeed, as you say, easy), but rather that it was installed on someone
else's computers and at the expense of unsuspecting users.
I do NOT have the benefit of all the facts in this matter, but so far my
opinion is that it was a joke in rather bad taste, and that no attempt
should be made to glorify or defend it, either in posts, write-ups or
pictures. Let it go.
-Luk-
Mark Boler
message news:3cf6b4cc$1_2@dnews...
> "David R. Robinson" <david@nospam_ibinstall.defined.net> wrote in message
> news:3cf6350b$1_1@dnews...
> > > Vincent did a write up that I'll be editing and posting as well as
> > source code.
> >
> > Great. That's just what we all need -- some template code for people to
> > use to try to one up this year's stunt.
>
> It's not rocket science! Anyone who has done any programming with Indy
could
> knock together such a program in very short order. Maybe we should pull
Indy
> and for that matter, Borland should stop selling programming tools in case
> someone writes a virus or something.... gimme a break!
While at it, let's ban guns, and knives, and scissors, and rocks, and pass
laws to make it against the law to decrypt anything, and how about face
recognition software - yeaa! Let's put it everywhere. Let's pass laws to
make people put special backdoors in their programs and give the backdoor
passwords to government officials. And expel students from schools for
possessing butter knives, that are locked in their cars, or for pointing
their fingers at another student in the shape of a gun and say "Bang!" -
Those things are certainly "unprofessional" and we DON'T want anyone to be
seen doing something unprofessional in public now would we?
The people that think these things are necessary, feel that anything that
might possibly disrupt, in the most innocous way, their cocoon of life,
should be banned, or is "unprofessional."
What part of having "fun" *is* professional? Who said everyone has to be
professional at ALL TIMES? Is their no way to have any fun any more? I don't
think the fun that was had was to anyone's detriment.
I just can't see how some people choose to lead such sterile lives. And then
expect others to do the same. I don't mean allowing peopple to viloate
someone else's rights, but allow them to have a little fun sometime.
Didn't mean to offend anyone, although I'm sure I probably did. I just wish
people would lighten up a little. We're PEOPLE; not ROBOTS.
Mark
Mark Boler
news:3cf6915d$1_2@dnews...
> > It was totally unprofessional and the people concerned should be
ashamed,
> > not parade their glee!
>
> Very disappointing - if I had known uncontrolled third-parties are having
> access to install and run whatever they like on the computer lab machines
> and then broadcast across the network, I would have certainly not used my
> web e-mail.
I've been following these threads, but it appears to me that some of the
responses are getting a little bit ridiculous also.
For instance "security"
People should not assume that the lab computers are secure, and cannot have
anything installed on them. If you want top security, use your own laptop
and hook into their ethernet or use the hotel's. When you use a computer in
the lab, expect that it could have had anything installed on it, whether or
not it was intentional, people use those machines to write untested
software, to try out new techniques they learned at the conference, etc. And
also to have fun. Sometimes fun means that they write software to remove
peoples hat's, or whatever.
You are also in a room where people can peer over your shoulder, etc. So if
you think you should be able to open secure mail, etc. there you are
mistaken. Those computers aren't intended to be secure.
As for profesionalism. I don't know exactly what happened, but it sounds
like an innocent enough stunt. I doubt anyone lost anything of value
(information, etc.). So you shouldn't expect those machines to hold, say,
important source code, emails, etc. would you? Then why the shock at
something being done to harmlessly have fun? I could see maybe if they did
this to your personal computers, which could compromise your security, but
then, these computers weren't meant to be secure now were they?
> Don't know about the legal status of this action, but Borland should put a
> prominent notice/disclaimer next year that conference attendees should not
> use those computers for any personal activities (check email/make online
> purchases etc.).
Why? Isn't it common sense to think they are shared computers? Do you need a
sign to tell you this?
Mark
David R. Robinson
Neither is writing a real virus, but that doesn't mean you should
publish the source to encourage others to do the same.
David R.
Atanas Stoyanov
public
> setting are NOT secure. It is just the nature of the service.
Sure, and your company's network can get hacked too, and you should not
trust your corporate infrastructure as well, or somebody can be hacking your
home ISP etc.
In practice one makes conscious decisions who to trust - in this case
Borland and their staff. However, Chad Hower says the Lab staff knew about
the hack attack and were even amused by having those third-party programs
run on the computers in the lab. If this is true - then I would expect
Borland's staff to inform me clearly that a third-party software is
currently snooping all the network traffic.
I find it very offensive that my personal information was not regarded as
something precious that Borland should conduct due diligence and try to keep
safe. Or if it was indeed decided that the computers are intended to play
with, then at least put a notice to warn potential users that they are being
spied upon.
Atanas
Atanas Stoyanov
>>
I could see maybe if they did this to your personal computers, which could
compromise your security, but then, these computers weren't meant to be
secure now were they?
<<
Agreed - and if the computers are intended for making jokes, then it should
be said so and I could join in.
Or if the computers are intended to check mail, then I expect that if
Borland staff knows about running third party software to either inform me,
or stop said software.
Atanas
Gus
> privileges that other people have to go away. Don't be surprise next
> year if the lab has a lot of new restrictions thanks to this lovely
> "joke". If so, we'll all know who to thank for it.
The policy should be that no one should install software on the lab machines
other than what's been improved (and to do so you must wear a red shirt).
But I'd like to share my take on what happened...
I was a witness to what I saw these gentlemen do the night before in
preparation (I was there from 11pm to 1:30am). It appeared to be in the
up-and-up. That is to say there were a few red shirts who appeared to be
aware of what they were doing (around midnight), and I thought at least a
few of them who encouraged the operation. In fact, there was at least one
shirt in the lab when I left. If there hadn't been a sense of "approval",
perhaps I would have likely questioned their actions. But I was focused
more on putting together my own presentation and felt no threat with what
they were doing.
I suppose if they had any idea what "can of worms" they would open up, they
would have restrained from playing their practical joke. I know I wish I
had the for-knowledge, but like the few of us in the lab at that time, I
thought it was designed to create a fun, well-timed, "kodak" moment to be
laughed by all and not be taken seriously by anyone (I was also under the
assumption that the Red Shirts would all be in the know when the event
occured).
But this is a case where it goes to show you "perception is reality". They
didn't really hack in, but it appeared that way. They didn't cripple the
machines, but it appeared that way. I guess there's a big lesson learned
for all of us, which, can be easily avoided next time. The bottom line is
that policy should be "Red Shirt install only", and if you see strange
activity by a non-Red shirt report it to the appropriate authorities.
> > And as for Indy, am I supposed to trust my secure communications needs
> to a group of individuals who think it funny to hack strangers' machines
> for their own amusement? Not likely.
These guys shouldn't be crucified for what they did. I say let them
apologize, and let's forgive them.
That's my take,
Paul Gustavson
Luk Vermeulen
>
> I say let them apologize, and let's forgive them.
I agree.
-Luk-
Iman L Crawford
news:1568.3cf6...@prospero.island.local:
> networks. It's "harmless" if they don't download any credit card
> numbers or other corporate secrets.
Was anything illegal done in the Borland labs? If not, then it was a
harmless prank.
> Or it could by used by someone who breaks into your home, rummages
> around but decides that your stuff isn't worth stealing. Because they
> didn't take anything, is was "harmless."
I don't equate physically breaking into a home and getting past someones
computer security. One could result in the immediate loss of life, either
the intruder or the home owner. 90+% of network snooping will result in
nothing.
Hadi Hariri
> will result in nothing.
suddenly.
Hadi Hariri
> Borland and their staff. However, Chad Hower says the Lab staff knew
> about the hack attack and were even amused by having those third-party
> programs run on the computers in the lab. If this is true - then I
> would expect Borland's staff to inform me clearly that a third-party
> software is currently snooping all the network traffic.
>
the case I'm sure no Borland staff that were at the computer lab would have
permitted such a thing.
> users that they are being spied upon.
>
What spying? I'm not sure you realize what the joke was but please don't go
around accusing neither the authors nor Borland of allowing snooping
applications to be installed on the computer labs.
--
Hadi Hariri
http://www.hadihariri.com
Atanas Stoyanov
> the case I'm sure no Borland staff that were at the computer lab would
have
> permitted such a thing.
I am at a loss why the software was allowed to run hidden in the background
for the next day while unsuspecting users were checking their email.
If the goal of the so-called joke was to take a picture with all the
computers in the lab blue-screening, then this could have been done as soon
as the software was installed (late at night) under the supervision of the
Borland staff and then the software should have been promptly removed.
>>
> users that they are being spied upon.
What spying? I'm not sure you realize what the joke was but please don't go
around accusing neither the authors nor Borland of allowing snooping
applications to be installed on the computer labs.
<<
Unless there is an official endorsement of the action from Borland, please
don't go around and associate Borland's name with the action.
Atanas
Kudzu
What hack attack? This is the irritating part is the fact that certain parties
(Im not pointing fingers or naming names, so dont assume such) with axes to
grind have taken something simple and turned it into a hack attack.
Nothing was hacked, nothing was captured, etc.
Until the facts are posted, assumptions just further the rumor mill.
--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"
IntraWeb & FinalBuilder - http://www.AToZedSoftware.com
Posted by ELKNews 1.0.4-B
Empower your News Reader! http://www.atozedsoftware.com
Kudzu
> I just can't see how some people choose to lead such sterile lives. And
> then expect others to do the same. I don't mean allowing peopple to
> viloate someone else's rights, but allow them to have a little fun
> sometime.
I also find it interesting that those who were there found it quite funny.
While most of those on the extreme offensive were not there and are acting on
assumptions and possible biases.
Kudzu
> When will someone publish what actually happened? I'd like to know.
Im working on it, along with posting the MUCH requested source code with
instructions etc... give me a few more days.
Kudzu
>> again.
>>
> time I was first trying to cancel the newsgroup message, I had no idea
I didnt accuse of of being biased.
Kudzu
@dnews:
> Very disappointing - if I had known uncontrolled third-parties are having
> access to install and run whatever they like on the computer lab machines
> and then broadcast across the network, I would have certainly not used my
> web e-mail.
Uncontrolled third parties? Anyone who sits down at the machine had access to
it. You make it sound as though someone snuck it at 6 am with special access
or such.
Kudzu
news:3cf68a7d$1_1@dnews:
> from doing work, did the lab staff have to do extra work to clean things
> up, etc. I wasn't in the lab when this happened so I don't have the
> answers.
No data was lost, and no machines were crashed. And as soon as the machines
were rebooted, all traces were gone. Nothing was installed.
Atanas Stoyanov
You make it sound as though someone snuck it at 6 am with special access or
such.
<<
You make it sound as if my privacy should be willfully disregarded without
even a warning and I am expected to sheepishly smile and say "its ok, as
long as you had some fun". We will have to disagree on that.
>>
Nothing was hacked, nothing was captured, etc.
Until the facts are posted, assumptions just further the rumor mill.
<<
Fair is fair and I will further await for the unbiased facts to be posted by
Borland's staff that were there.
Atanas
Bob Dawson
"Iman L Crawford" <ilcrawford.at.hotmail.dot.com> wrote in message
>
> I take you don't like any practical jokes? This souned harmless.
You miss the point--neither you nor the indy team has the right to rule on
whether hacking a machine I'm using is 'harmless.' Only I can assent to
that, and I wasn't given the chance. And this has nothing to do with
having a sense of humor or liking a joke--it has to do with indy's total
lack of respect for the privacy of the collegues with whom it was sharing
computer resources.
bobD
Bob Dawson
>
> I also find it interesting that those who were there found it
> quite funny.
As a matter of fact I was connected to my business's secure mail server when
the blue screen popped up and I realized I was working on a compromised
machine, and no, I did not think it the least funny.
And as for it being 'harmless fun,' I paid good money to attend the Indy
tutorial. But now that I know that the Indy team has no problem with
interfering with someone else's business for its own amusement, there's not
a bloody chance that I'd ever introduce Indy components into any app my
business relies on. So, are you going to give me the tutorial fee back that
I wasted? Does your notion of harmless include the irreparable damage you've
done to the Indy team's reputation as a source serious, professional, and
trustworthy code?
bobD
Bob Dawson
We have only your word for that. Now, since for no motivation but your own
amusement you've intentionally interfered with a machine I was using as a
part of my livelihood, how much do you think your word is worth to me?
Do you have any glimmer of understanding at all as to why, 'harmless' or
not as you see it, this prank was a bad idea and something you owe the
community an apology for?
bobD
Lasse Vågsæther Karlsen
<snip>
What was the computers meant to be used for?
--
Lasse Vågsæther Karlsen
PGP KeyID: 0x0270466B
Lasse Vågsæther Karlsen
> "Kudzu" <cp...@hower.org> wrote in message
>>
>> I also find it interesting that those who were there found it
>> quite funny.
>
> As a matter of fact I was connected to my business's secure mail
> server when the blue screen popped up and I realized I was working on
> a compromised machine, and no, I did not think it the least funny.
>
Why does your business have a secure mail server?
Nick Hodges (TeamB)
>No data was lost, and no machines were crashed. And as soon as the machines
>were rebooted, all traces were gone. Nothing was installed.
Perception is very important with regard to situations like this.
Nick Hodges
Lemanix Corporation
How to ask questions of techies --
http://www.tuxedo.org/~esr/faqs/smart-questions.html
JoeH
news:3cf76670$1_2@dnews...
> Does your notion of harmless include the irreparable damage you've
> done to the Indy team's reputation as a source serious, professional, and
> trustworthy code?
Wow, you are really pissed off. It's a shame.
SO out of proportion. As far as the 'community' goes
you don't speak for me. And after years of dedicated
FREE work to bring us rock solid Winshoes/Indy
resources I hardly think Chad or the rest of the Indy
squad deserves such hyperbole for having a sense of humor
different from yours. Lighten up or take it private.
JoeH
Joi Ellis [TeamB]
I think you're blaming the wrong people. Blame Microsoft for having such
a crappy, insecure platform and touting it as network secure in the first place.
This sort of hack doesn't need indy, anyone with a few windows clues could have
written it.
--
Joi Ellis (TeamB) http://www.teamb.com/
No direct email, please.
For best results, post on news server newsgroups.borland.com!
Newsgroup Guidelines: http://www.borland.com/newsgroups/guide.html
Only posts which violate the rules in guide.html are subject to cancelation.
Bob Dawson
>
> What was the computers meant to be used for?
A wide variety of reasons (personal and business communication, code
testing, Borland product exposure, access to session papers, web research,
whatever), none of which has anything to do with one user intentionally
interfering with another's work uninvited. As a matter of fact, the latter
appears to me to be incompatible with _any_ legitimate use.
bobD
Bob Dawson
> resources I hardly think Chad or the rest of the Indy
> squad deserves such hyperbole for having a sense of humor
> different from yours. Lighten up or take it private.
I do not interfere with Chad or the indy team by imposing my 'sense of
humor' on them, nor do I see that they have the right to interfere with me.
And I'd think that after the thousands of hours the team has worked on the
indy components, they would be more mindful of the reflection their actions
cast on their codebase.
bobD
Bob Dawson
> I think you're blaming the wrong people. Blame Microsoft for having
> such a crappy, insecure platform and touting it as network secure in
Nonsense. Microsoft's manifest failings are not the issue.
> This sort of hack doesn't need indy, anyone with a few windows clues could
> have written it.
Of course, just like anyone with a crowbar or lockpick toolset can invite
themselves into your house. So all thieve's are all innocent because some
locks aren't strong enough?
bobD
Bob Dawson
>
> Perception is very important with regard to situations like this.
>
say "Trust me, I'm not taking anything."
bobD
Joi Ellis [TeamB]
> "Joi Ellis [TeamB]" <j...@aravox.com> wrote in message
>> I think you're blaming the wrong people. Blame Microsoft for having
>> such a crappy, insecure platform and touting it as network secure in
> Nonsense. Microsoft's manifest failings are not the issue.
Of course they are. MS platforms are inherently insecure out of the box, and
even if one tries to lock them down, they're still a security seive full of
holes.
When I was at BorCon last year, I don't recall seeing or reading anything about
Borland promising the machines in the lab were safe or secure.
If you're this bent out of shape over a public product demo, questionable
though it may be, then why were you in a wide-open, insecure computer lab
in the first place?
>> This sort of hack doesn't need indy, anyone with a few windows clues could
>> have written it.
> Of course, just like anyone with a crowbar or lockpick toolset can invite
> themselves into your house. So all thieve's are all innocent because some
> locks aren't strong enough?
Um, no. You aren't blaming the maker of the crowbar because some thief is
mis-using it. But, you're blaming Indy because you think someone misused it.
Hadi Hariri
> please don't go around and associate Borland's name with the action.
>
staff at the lab would NOT allow for any snooping software to be installed
on the computer. I'm saying that if the Borland staff in the lab thought
that this was malicious or was a sniffing software they would not allow it.
I'm not saying that Borland endorsed it.
--
Hadi Hariri
Hadi Hariri
One of the reasons the article is going to be posted is so that you don't
need to take anyone's word on it.
> Do you have any glimmer of understanding at all as to why, 'harmless'
> or not as you see it, this prank was a bad idea and something you owe
> the community an apology for?
>
First of all, if an apology is due it would be to the lab users. Second of
all, again people are over-exagerating and jumping to conclusions. I
honeslty did not expect that there is such a lack of humour in the Borland
community. Even if some don't find it funny, I'm still amazed at the
reactions I'm seeing.
--
Hadi Hariri
Hadi Hariri
> without even a warning and I am expected to sheepishly smile and say
> "its ok, as long as you had some fun". We will have to disagree on
> that.
>
--
Hadi Hariri
Bob Dawson
> misused it.
The folks responsible are self-announced in this forum and senior members of
the indy project. However, I'm perfectly willing to stipulate that the
perpetrators probably did not include the entire indy team.
bobD
Hadi Hariri
> Indy tutorial. But now that I know that the Indy team has no problem
> with interfering with someone else's business for its own amusement,
> there's not a bloody chance that I'd ever introduce Indy components
What if someone else were to make a REAL hack into a computer using Indy,
you would stop using it also?
PLus, there was no interferance, unless you think a blank form colored blue
and a couple of labels that dissapear when you hit the ESC key is a major
disruptance to your work.
And I don't see any reason why a "refund" should be called for here. You
attended a class by your own choice and I'm assuming you learnt from it. You
got the service you paid for. Whether you choose to use Indy from now or not
is your decision, and to be quite honest, if your reasons for not using Indy
is because of this joke, well that's up to you.
> the irreparable damage you've done to the Indy team's reputation as a
> source serious, professional, and trustworthy code?
>
I don't see any damage done to the Indy Team. As for the code being
trustworthy, it's Open Source. You can judge it yourself.
--
Hadi Hariri
Hadi Hariri
Not necessarily.
--
Hadi Hariri
William Meyer
> I
> honeslty did not expect that there is such a lack of humour in the
Borland
> community. Even if some don't find it funny, I'm still amazed at the
> reactions I'm seeing.
Actually, there have been many clear indications in these fora of just such
a lack of humor. Skins are thin, and offenses taken at the least
provocation.
--
Bill
"Those who want a world without adversity, struggle or competition in
effect want a world where the government plays Lady Bountiful with the
taxpayers' money." Thomas Sowell
- Posted with XanaNews -
Vincent Parrett(AtoZed)
when
> the blue screen popped up and I realized I was working on a compromised
> machine, and no, I did not think it the least funny.
Your machine was not "compromised"! No information was gathered, just a
simple udp server listening on a port for a specific command. Perhaps we
should have done something to compromise our machine (only kidding in case
ou don't get it!), at least we'd then deserve your wrath...
> And as for it being 'harmless fun,' I paid good money to attend the Indy
> tutorial. But now that I know that the Indy team has no problem with
> interfering with someone else's business for its own amusement, there's
not
> a bloody chance that I'd ever introduce Indy components into any app my
> business relies on. So, are you going to give me the tutorial fee back
that
> I wasted? Does your notion of harmless include the irreparable damage
you've
> done to the Indy team's reputation as a source serious, professional, and
> trustworthy code?
Well, better not use any windows sockets then, in fact, better disconnect
from the net right now and remove the tcpip protocol, find winsock2.dll and
delete that too. This has nothing to do with the quality or trustworthiness
of the Indy components.... As for whether the Indy components are serious,
professional components, thousands of users are quite happy with them....
I'll let them be the judge of that.
Vincent Parrett
AtoZed Software
Email vin...@atozedsoftware.com
-------------------------------------------------------------------
Automate your build process with FinalBuilder
http://www.atozedsoftware.com
Ray Fernandez
I thought the last episode of Seinfeld aired last year. Guess I was
mistaken.
RF-ARS Motorola
"Bob Dawson" <bda...@idtdna.com> wrote in message
news:3cf78967$1_2@dnews...
William Meyer
> You miss the point--neither you nor the indy team has the right to rule on
> whether hacking a machine I'm using is 'harmless.' Only I can assent to
> that, and I wasn't given the chance. And this has nothing to do with
> having a sense of humor or liking a joke--it has to do with indy's total
> lack of respect for the privacy of the collegues with whom it was sharing
> computer resources.
I cannot help but question the wisdom of making connection to a 3rd party
environment if you have such strong concerns for security. Certainly any
/assumption/ of security in such an environment would have been unwarranted.
John Herbster
From amongst all the hot air, I feel that there is a
lot to be learned about the state of computing and
computer programmers. Can anyone do a good
summary in a thousand words? --JohnH
Nick Hodges (TeamB)
wrote:
>First of all, if an apology is due it would be to the lab users. Second of
>all, again people are over-exagerating and jumping to conclusions. I
>honeslty did not expect that there is such a lack of humour in the Borland
>community. Even if some don't find it funny, I'm still amazed at the
>reactions I'm seeing.
Perhaps there is a lesson to be learned here.
Nick Hodges (TeamB)
wrote:
>'m saying that if the Borland staff in the lab thought
>that this was malicious or was a sniffing software they would not allow it.
I can tell you that the person in charge of the lab was _not_ amused,
and received a _lot_ of negative feedback from attendees.
Bob Dawson
> > Do you have any glimmer of understanding at all as to why, 'harmless'
> > or not as you see it, this prank was a bad idea and something you owe
> > the community an apology for?
> >
> First of all, if an apology is due it would be to the lab users.
Revision accepted: this prank was a bad idea and something those responsible
owe
the lab users an apology for.
bobD
Bob Dawson
> you would stop using it also?
Not at all, because the judgment of the indy designers would not be called
into question by the actions of a third party over whom they had no conrol.
> PLus, there was no interferance, unless you think a blank form colored
blue
> and a couple of labels that dissapear when you hit the ESC key is a major
> disruptance to your work.
Isn't that my call to make?
bobD
Bob Dawson
> Your machine was not "compromised"!
The machine was compromised in the sense that person or persons unknown were
running clandesdine and unauthroized code on it while I was using it. The
intent and nature of the compromise is unrelated to the fact of compromise.
> No information was gathered, just a
> simple udp server listening on a port for a specific command. Perhaps we
> should have done something to compromise our machine (only kidding in case
> ou don't get it!), at least we'd then deserve your wrath...
I've never said the code was intentionally malicious. Childish and
disrespectful (cavalier?) of the rights of others is about as far as I'd go.
> ... This has nothing to do with the quality or trustworthiness
> of the Indy components.
Probably not, and that's what's so sad about it: Indy is damaged simply by
association ('Brought to you by the people who hacked the BorCon computer
lab!'). That something that you would be proud of?
bobD
Mark Boler
news:3cf6bc5d$1_2@dnews...
> > It's not rocket science!
>
> Neither is writing a real virus, but that doesn't mean you should
> publish the source to encourage others to do the same.
David:
Do you believe those things should be censored? Personally, I think there
might be some academic interest and value in these kinds of postings.
I also think the DMCA should be repealed.
Mark
Mark Boler
news:3cf6c879_1@dnews...
> [...] The bottom line is
> that policy should be "Red Shirt install only", and if you see strange
> activity by a non-Red shirt report it to the appropriate authorities.
Why? I thought part of the purpose of the machines was to try out the new
stuff. Borland will install Delphi on those machines and so some people will
be there learning new things, like writing and compilng and testing newly
hacked together programs. That would violate your "Red-Shirt-Install-Only"
since there are clearly new programs running on the machines that were not
there before.
> These guys shouldn't be crucified for what they did. I say let them
> apologize, and let's forgive them.
I don't even think they should have to apologize. Did they harm anyone?
Mark
Clay Shannon
"John Herbster" <Jo...@petronworld.com> wrote in message
news:3cf7923e_2@dnews...
Mark Boler
> "Mark Boler" <mbo...@vocaldata.com> wrote in news:3cf6bbba$1_1@dnews:
> > I just can't see how some people choose to lead such sterile lives. And
> > then expect others to do the same. I don't mean allowing peopple to
> > viloate someone else's rights, but allow them to have a little fun
> > sometime.
>
> I also find it interesting that those who were there found it quite funny.
on
> assumptions and possible biases.
That's interesting. I guess some people can't refrain from passing judgement
no matter what.
Mark
Mark Boler
> > quite funny.
>
when
> the blue screen popped up and I realized I was working on a compromised
> machine, and no, I did not think it the least funny.
If you want security, don't use a shared machine.
> And as for it being 'harmless fun,' I paid good money to attend the Indy
> tutorial. But now that I know that the Indy team has no problem with
> interfering with someone else's business for its own amusement,
How did they interfere with your business? Please explain that one? Giving
you a little bit of a "start" doesn't qualify. Did they steal or read your
messages that were on your "business's secure mail server" or did you
realize that once those files are on the shared machine, they are no longer
secure anyway?
> there's not
> a bloody chance that I'd ever introduce Indy components into any app my
> business relies on.
That's your loss. They are good components.
> So, are you going to give me the tutorial fee back that
> I wasted?
Give me a break! You don't like a practical joke and now you want money
back. How ridiculous! Do you ask your auto-maker for your money back for
your car if they do something you don't like?
> Does your notion of harmless include the irreparable damage you've
> done to the Indy team's reputation as a source serious, professional, and
> trustworthy code?
In your mind only. How does a practical joke diminish the value of the Indy
components?
Mark
Mark Boler
So they should stop living and only do things that are "Serious" and
"Professional" all their lives now?
Mark
Kyle Cordes
news:3cf76670$1_2@dnews...
> As a matter of fact I was connected to my business's secure mail
server when
> the blue screen popped up and I realized I was working on a
compromised
> machine, and no, I did not think it the least funny.
By the way, I think it's worth pointing out that this incident merely
reminded you that by accessing your private systems on a public machine,
you were implicitly trusting anyone with admin access to that machine.
They could easily install keyboard loggers, screen captures, etc. The
machine could easily be compromised in 100 different ways, it was
"rooted" by 100 people who you don't know. Most of those people work
for whatever organization runs the lab. A few don't, and you have no
way of know who all has such access and whether they are trustworth.
From a security perspective, a public lab machine is a pre-compromised
machine.
My recommendation is that if you need to access data in a secure manner
on the road, bring your own PC with you, don't use a machine that anyone
else has the ability to install software on (like a lab machine), and
connect to your systems via your VPN.
(I don't know enough about this incident to have an opinion on "harmless
prank" vs "mindbogglingly unprofessional".)
--
[ Kyle Cordes * ky...@kylecordes.com * http://kylecordes.com ]
[ Consulting, Training, and Software development tips and ]
[ techniques: Java, Delphi, ASTA, BDE Alternatives Guide, ]
[ JB Open Tools, EJB, Web applications, methodologies, etc. ]
Radek Jedrasiak
"Bob Dawson" <bda...@idtdna.com> wrote in message news:3cf799c7_2@dnews...
>
> Probably not, and that's what's so sad about it: Indy is damaged simply by
> association ('Brought to you by the people who hacked the BorCon computer
> lab!'). That something that you would be proud of?
>
Come on ! Get a life ! Just let it be.
What was it ? Did you mail something "illegal" at the time of the accident ?
Were you scared to death by the "bluescreen" ? Did it ruin your statistic
of "days between BSOD" ? Are you scared by the fact, that YOU could
not come up with a joke like this ? Did you take it for a real BSOD, and don't
want it to be just a joke ?
I don't get it.
From what i've read here, i think, it would be sufficient
to say: "I did not like that joke !"
By setting up *possible* consequences of the joke, it's not Indy
that's damaged, it's YOU, simply by association ('Brought to you by
the man who did not like a joke at the BorCon computer lab, and
got obnoxious about it !')
Cheerio
Radek
Bob Dawson
> of "days between BSOD" ? Are you scared by the fact, that YOU could
> not come up with a joke like this ?
The "not that key, the 'Any' key" joke is years old. You didn't know that?
bobD
Iman L Crawford
> There was NO snooping going on. I don't know how that word popped up
> suddenly.
Did not mean to imply Indy team did any snooping.
--
Iman
"Tragedy is when I stub my toe.
Comedy is when you fall into an open sewer and die."
Bob Dawson
>
> If you want security, don't use a shared machine.
There are alternatives between a police state and anarchy. I don't assume
nor would I want everything required to guarantee perfect security, but that
does not mean that I think manners or respect for the rights of others
unimportant. I think I have the right to be left alone whether or not there
happens to be a cop in the room. Weak security on Microsoft's part does not
excuse this action.
> Please explain that one? Giving
> you a little bit of a "start" doesn't qualify.
And how far does your authority to make these decisions for me extend? What
else might a stranger do to me that I have no basis for objection to?
> Do you ask your auto-maker for your money back for
> your car if they do something you don't like?
I do not seriously expect anything back.
But as for your analogy, how about they disconnect your brakes and stearing
randomly now and then, just to give you a bit of a start? Just for a couple
of seconds...no harm done, right? Wouldn't that (suddenly stealing machine
control from the user) be the equivalent action?
bobD
Bob Dawson
> (I don't know enough about this incident to have an opinion on "harmless
> prank" vs "mindbogglingly unprofessional".)
Personally, I'd hope both.
bobD
Nick Hodges (TeamB)
Just so you don't feel blowing in the wind, I understand how you feel
and think you are totally justified.
Gus
what there intent was.
If they pulled off what the wanted to do "with Red Shirt participation",
there would be no newsgroup debate. Perhaps more of us would be laughing
in the after glow, but unfortunately (as I've said) "perception becomes
reality". The perception is that these gentlemen snuck in, and hacked and
crashed machines in front of everyone. The "Truth" is that the didn't
(not even close), but that's not what people have perceived.
This reminds me of H.G Well's "War of the Worlds" when it was read to a
radio audience by Orson Welles on Halloween night in 1938. The perception
was that what Mr. Welles was reading was actually taking place; Martians
where invading planet earth. Orson Welles and the radio station cought all
sort's of flak from that incident just like these two gentlemen.
> > These guys shouldn't be crucified for what they did. I say let them
> > apologize, and let's forgive them.
>
> I don't even think they should have to apologize. Did they harm anyone?
The reason I suggested they apologize is to just for them to say, "hey, we
didn't mean to cause any problems or rock any boats. Nothing detrimental
happened. It was all in good fun, but we apologize to anyone who felt that
our activities were less than appropriate. " Something that affect..
Paul Gustavson
David R. Robinson
there
> might be some academic interest and value in these kinds of postings.
No, I'm not saying they should be censored. I'm saying that making a
big deal out of the situation, boasting about it and publishing the
source for it isn't necessary IMHO.
David R.
Clay Shannon
referred to:
"Great" and "Caper" should be in the designation, something like "The Great
Indy Virtual Blue Screen of Death in the Lab Caper".
It might even make a good Hardy Boys book.
"Clay Shannon" <csha...@amfam.com> wrote in message
news:3cf7a033$1_1@dnews...
> Much ado about nothing
Justin Johnson
stearing
> randomly now and then, just to give you a bit of a start? Just for a
couple
> of seconds...no harm done, right? Wouldn't that (suddenly stealing machine
> control from the user) be the equivalent action?
Um, one would potentially endanger your life. The other didn't even
potentially endanger anything.
get a life. It was joke. Get the source, use the source Luke?) to show
exactly how they did something malicious or intrusive. Hell I wasn't in any
of the Indy sessions, and I was aware that they where going to pull a
practical joke.
One more thing. If you seriously sat down at a computer that had a
(UserID=borcon) and (password=borcon), just like numerous other machines in
the place, then you are an idiot to think you have any claim to using a
secure environment. Period. Security start at the login, and since that was
a sham, so is the rest. I wonder how many used their web email client to
access their work email and then didn't think to clear history after doing
so? Hmmm, maybe some !Cracker! (hackers are good, em'ca) came behind you and
browsed the history folder, or the temp files or the cookies, or whatever
else, and may have found information that you thought was 'secure' on a
machine that had open availability to whomever decides to sit in front of
it.
Now go away, or I shall taunt you some more.
Love Ya. Mean It.
Justin
Mark Boler
> We have only your word for that. Now, since for no motivation but your own
> amusement you've intentionally interfered with a machine I was using as a
> part of my livelihood, how much do you think your word is worth to me?
So we assume that more harm was done until proven otherwise? The conference
was held in the US. So innocence is assumed until proven guilty.
If you pinned your "livelihood" on the uninterrupted use of the lab
computers, then that's your own fault, not Chads.
> Do you have any glimmer of understanding at all as to why, 'harmless' or
> not as you see it, this prank was a bad idea and something you owe the
> community an apology for?
Do you have a glimmer of understanding of how unreasonable you are being?
Mark Boler
> Of course, just like anyone with a crowbar or lockpick toolset can invite
> themselves into your house. So all thieve's are all innocent because some
> locks aren't strong enough?
So now the Indy team broke into your secure machine?
Mark
Mark Boler
> blue
> > and a couple of labels that dissapear when you hit the ESC key is a
major
> > disruptance to your work.
>
> Isn't that my call to make?
Sure. It's your call. The rest of us will just sit here and laugh at you.
Personally, with so many "people" in the world all wanting to have a little
fun, I wonder how you live with it all your life. Don't you just HATE it
when someone else is having fun?
Mark
Mark Boler
> The machine was compromised in the sense that person or persons unknown
were
> running clandesdine and unauthroized code on it while I was using it.
Why does everything in the "new world" have to be "authorised."
I guess that makes some people have more of a sense of safety. When some
ethereal "authority" has given it's blessing to some program that's
installed on those computers.
The whole lot of the computers in the lab were open and inherently insecure.
Why would you have expected anything else? As many have said, if you want
security, use your own computer.
> I've never said the code was intentionally malicious. Childish and
> disrespectful (cavalier?) of the rights of others is about as far as I'd
go.
They were having fun. Does EVERYTHING someone does have to be full of
"respect" at all times? Even when having fun?
> > ... This has nothing to do with the quality or trustworthiness
> > of the Indy components.
>
> Probably not, and that's what's so sad about it: Indy is damaged simply by
> association ('Brought to you by the people who hacked the BorCon computer
> lab!'). That something that you would be proud of?
Nothing they do diminishes the value of their components. "Damage by
association" is only something in the minds of people who can't see that.
Mark