What's new

Lets talk about reorganising.

Woody2371

Level 47
Jan 29, 2011
1,492
1
Credits
9,652
Points
0
Your above statement just makes me more scared to give you control. I am not being rude, just realistic. Do not take any statement about your proficiency in computing, computer security, or general knowledge as an insult, as it is not meant as such, however you must understand that as a group that supports a large amount of people, we must protect our data.



Also I see nowhere that says Fusion are the people these security measures will be set in place for, they will be there for everyone, and I can easily name off the top of my head a leading member of every clan BoN hosts that I would not want with full control over plugins and user tables.



Basically, please stop taking this personally and getting insulted. If you take this as an insult, fine, but there is no need to state so here. Our purpose here is to provide a valid and security-conscious solution to enable clans (like yourself) to have more autonomy.



For your reference:

Tutrie said:
I am not sure if plugins could but then again you shouldn't need to worry so much.

Give me a few lines of javascript and access to an account with permissions and I'll show you a server with no secure data left.
 

The Noodle

Level 48
Aug 1, 2010
1,755
2
Credits
19,650
Points
0
Also, the example of plugins on a server was just that, an example. It indicates that you'll install things that look like they'd benefit you, even if they don't. Research doesn't really count for much as I can create a bunch of accounts and reviews in a few hours. What I'm talking about is forum plugins that potentially have access to every file on the system. Including files for other projects. Files that contain sensitive information. Like credit card details.



Considering implementing this system is guaranteed to eat large chunks of my life in the near future to ensure that everything is working I'm slightly at the attitude being shown here. In the next post explain clearly which part of this proposed system disadvantages you / you have a problem with.



On a side note, another form of sensitive data, every ip of every computer every member of every clan has used to connect to every BoN service is stored on that server. Using that information I could remove every active member of your clan. Do you understand why we're trying to keep our files secure?
 

Tutrie

Level 21
Jul 11, 2011
175
0
Credits
9,436
Points
0
I don't question the security lol I think I may be coming out unclear. I am trying to explain that you should have a little trust in people. Sure you need to set-up rules to prevent it from happening but don't breathe down their backs as they set up their forum. Make a simple set of rules that give people the freedom and accessibility to easily make their forums without breaking anything or causing data loss. Simply, don't restrict it so much that we don't even want to bother with making a forum. Its hard to come up with a good balance of freedom and security. Letting clans express their individuality is important and restricting that is bad.
 

holidaY

Level 20
Jan 30, 2011
151
0
Credits
926
Points
0
"I also have learned that you can't hack past Minecraft and into the computer that runs it."



Please don't say 'can't be hacked' it's asking for a CHALLENGE ACCEPTED.
 

Tutrie

Level 21
Jul 11, 2011
175
0
Credits
9,436
Points
0
Lol makes sense.



I understand that just don't get too out of hand. I am not against anything you have said so far I am just worrying that its going to become too restricted. I want to promote security but prevent too many restrictions. So far everything is good and this has become way-off topic so lets just focus on trying to get this plan in action. What else exactly needs to be done before this could be implemented? A safe way to come up with security measures is to come up with a list of plugins that are allowed to be used and a list of plugins that are not allowed at all. Then anything that is not on either list can be approved or denied after inspection by Noodle or Tom. This way you don't have to go through every little thing a clan wants to put on the forum.
 

Tutrie

Level 21
Jul 11, 2011
175
0
Credits
9,436
Points
0
You don't list every plugin just as plugins come in case by case you add them to a list of a couple essential plugins. This list could just include some you feel as necessary or some of the plugins that BoN has. (Only like 2 or 3 just to get a start on a small list that can grow.) It would create much less work for you because then as more clans join BoN and make forums you won't have to go over the same plugins again and again to approve them. You can still check the forum before its used just to make sure its no tampered with. If its not a good idea I am not really sure why.... You still always check for tampering but having to approve everything over and over again I think will just get old.
 

The Noodle

Level 48
Aug 1, 2010
1,755
2
Credits
19,650
Points
0
One problem, if we let you install plugins yourself there's nothing stopping a malicious group from joining BoN and fucking shit up. Trust me, we've been looking at this from every angle. It is simply to great a security risk.
 

Tutrie

Level 21
Jul 11, 2011
175
0
Credits
9,436
Points
0
I see what your saying. What about groups that are have been here when this happens though. Such as Fusion and RMM. They just might decide to use your forums after this unless you host it for them. We are trusted would it be any harm to let us do it then just for extra protection by making sure we don't break anything or leave any security gaps you check it for us?
 

Woody2371

Level 47
Jan 29, 2011
1,492
1
Credits
9,652
Points
0
Tutrie. I don't trust anyone. Neither does Noodle.



This is not a personal thing, this is something learnt from experience. I suggest you realise the following:



A) Myself and Noodle do not have infinite time, contrary to popular belief.

B) Accepting/Denying plugins on a case-by-case basis will take a lot of time.

C) Our time is precious. If we did not think this ABSOLUTELY necessary we would not be doing it.



Wherever we can give clans autonomy, we are. This entire move is about giving clans MORE autonomy, however when it is our servers and our data, there is a limit to how far we can go.



Also, your previous post does not make sense.
 

Lark

Level 5
Jul 23, 2011
26
5
Credits
14,015
Points
1
Give me a few lines of javascript and access to an account with permissions and I'll show you a server with no secure data left.



So basically: give me root and i'll wipe your server?



Lark's Answer: Give tom a towel so he can wipe himself?
 

Tutrie

Level 21
Jul 11, 2011
175
0
Credits
9,436
Points
0
This is a reply to Tom's post.



The first sentence is what mostly I disagree with. I don't necessarily trust anyone either but I do give them responsibility to do the right thing. That said I monitor everything they do with plugins. On the other hand I also get its a lot easier to monitor a Minecraft Server than it is forums.



Trusting that people will do the right thing is hard to do especially when you don't have a lot of time because then when they don't do the right thing it takes a lot of time to fix. I agree that you aren't here to baby-sit us and therefore don't want anything to go wrong but, if you use bad past experiences to try and create a new "good" thing it ultimately will end up in failure. I could give you many examples in history of where bad past experiences led to new "good" things to end up bad too. For instance the Al-Qaeda - US conflict is one of them. 30 years ago the US and the world gave weapons to help Al-Qaeda to repel the Soviet forces that tried to control the area and turn it into a communist region. Biggest example of bad experiences ever is that the only reason the world ever did this was because they did not like communism. This one past bad experience, the fact that world didn't like communism, led to supposedly a "good" thing when they gave Al-Qaeda weapons. The same weapons they use today to kill American Troops and terrorize anybody that is an enemy of their Jihad.



All of that said trust is an important thing and relying on past bad experiences to lead to new "good" things doesn't work. We learn from the past but how we use it is another. If you look at all the past good experiences and compile that into one then you will come up with something that is good. Biggest example of that is most likely the creation of Democracy. Of course you still use those past bad experiences as a caution. You learn from the mistakes you made and make sure they don't happen again but you don't base everything you do in life off of those bad experiences. More likely it is the good ones. Something as simple as giving gifts is using past good experiences to make something new that is good. You liked it when you got gifts so you decided to give gifts to other people. If you only use the bad experiences where you didn't get any gifts then you would end up not giving anyone else gifts. If they only used their bad experiences we would be in a world were compassion does not exist.



In short don't limit anything because of past bad experiences but rather limit them because you have learned from those past bad experiences. Really this all bubbles down into a defense for my proposal that made "no sense." Would it be such a big problem for Fusion and RMM to set-up their own forums with-out Noodle and Tom breathing down our backs about every plugin we use. Of course you should still check to make sure we didn't mess up anywhere. I just think if a clan proves themselves trustworthy why restrict them so much. This should go for any new clan that wants to use BoN as well. Until they are proven trustworthy they should be under the auspices of Noodle and Tom. When that time has passed they can be allowed to do things more freely.
 
Apr 5, 2011
15
0
Credits
13,516
Points
0
I'll go ahead and post so that people can stop posting on my behalf :)



First: I have never taken any webdesign classes. Not in college, not ever. I never even said I had. All I said was that I had experience, and that experience extends to XHTML and CSS only. Nothing involving php, javascript, etc.



Second: All I want out of any reorganization anything is the ability to throw a few subforums in our clan forum (primarily for a few towns on our server). Whether that means we stay on a general BoN listing or have our own room to breathe, that's all I want.



Third: We are in the process of dumping about half of our plugins. Tom or Noodle, if I need to hop on Mumble with you guys at some point to make sure we're doing things to your standard, just let me know. For reals. No sarcasms.



Fourth: This one is for everyone: please don't speak on my behalf. If you need me to say something, just ask. Speaking on anyone's behalf without their notice or approval is how false statements get spread.



That's all for now!
 

The Noodle

Level 48
Aug 1, 2010
1,755
2
Credits
19,650
Points
0
+1 to Rev.



As to not applying bad and good experiences...bad experiences are how we learn. For example, at one point in my childhood I wondered what the red switch on my psu did. So I flicked it, while it was on. I didn't do that again.



Computing is about learning from your mistakes, not your successes. Tutrie, if you really feel that it would be horrible having us monitor how you set up your forums then don't use them. This new system gives you more control not less.
 

Woody2371

Level 47
Jan 29, 2011
1,492
1
Credits
9,652
Points
0
Not much more to add except to emphasise what Noodle said: This new system gives you more control, I don't know why you are asking for more, it's like me giving you five dollars without you asking for it, and you turn around and ask for ten. You shouldn't be adding plugins all the time, as this just makes your server unstable, it is better to reach a point where you are happy with your server. Likely all this will change for you is that once every few months when you want to add something, you will need to check in with Noodle/Me. Easy.



I think you are overestimating how much restriction will be placed upon you.



In any case this is all I really have to add, otherwise I totally approve of reorganisation
 
Top