Nope, Notch is responsible for the development of a client which does break upon receiving an invalid character. You could say they are responsible for creating servers which allow said character to pass through chat, though that should not be their responsibility. As the character does not crash the server, protection should be client-side.
To claim your motives are purely altruistic is a load of crap. If you really gave a ****, you would get in touch with Notch privately and explain the vulnerability and how you accomplished it. Instead, you try and justify your griefing with the notion that this forces Notch to make changes that you claim can only be done as the result of violence. You are correct in the assumption that he is now forced to make those changes, but meanwhile you are dicking over other players for your own amusement.
There is a term that refers to people who feel no empathy for their victims. Its called being a "psychopath". You know what you are doing is hurting other players, but you don't give a rats ass.
So what if the client is trusting the server? Custom servers are unoffical, and are unsupported by Notch, so he does not have a duty to use client side stuff to secure them. Plus there are nastier attacks that the client can't do **** about in some custom servers.
Rollback Post to RevisionRollBack
I disagree with you, therefore you are wrong.
Quality of output = Skill * Effort
Hey hey hey. Notch will tell me when this thread is hurting his sales, and when he does, I'll happily close it, or if the owner decides to. Do not speak for Notch, Notch is a perfectly sentient person who can speak for himself, thank you.
Hey hey hey. Notch will tell me when this thread is hurting his sales, and when he does, I'll happily close it, or if the owner decides to. Do not speak for Notch, Notch is a perfectly sentient person who can speak for himself, thank you.
Though he can't speak on the forums, he forgot his forum password. XD
Notch rarely checks the fourms from what I can tell. And the sales reduction is being masked by the xmas effect. I really can't prove that it's hurting sales, but it seems alot more likely that it is hurting sales than not.
Rollback Post to RevisionRollBack
I disagree with you, therefore you are wrong.
Quality of output = Skill * Effort
But even though this guy isn't doing much damage, others could. And the worst part is the panic. They see the word hack, and they panic even though it doesn't affect them.
Rollback Post to RevisionRollBack
I disagree with you, therefore you are wrong.
Quality of output = Skill * Effort
Hey i saw this topic and just wanted to post that all the IP's that have dos attacked and abused verify names on my server are from QWEST and Denver, Colorado too i think i see a pattern. Maybe its all the same person changing their dynamic ip on all servers? if it helps, here's the ips:
65.101.249.48 (verifynames abuser)
yay, Drama i realy do enjoy everyone getting involved in some coder kiddies fantasy, makes me feal all warm and fuzzy inside. Also, i laff at anyone who scripted a server from scratch ( Excluding python, because it is one of the most easyiest languages you can learn...) And cannot stop this person from attacking. So please stop spreading drama arround like idiots, and to all you people just running a server, i expect, from all the drama, there to be a patch to combat this very soon.
Precisely my motives. This may encourage Notch to patch the client, though that "fix" would be a dodgy one. Certain vulnerabilities you would not expect from those with the talent to create a custom server (more difficult than it sounds, trust me) still exist. Basic precautions need to be taken place when making this type of software, and those basic precautions need to be made public...or more readily viewable, perhaps.
It boggles my mind when someone makes a beautiful, multi-map capable piece of server software, which does not verify who is connecting to it. Especially when even the server owner is not verified, and any average-joe like myself can spawn water in the sky. WoM has impressed me, their software is very secure. WoM has the right idea, though there's something Notch can work on; surely, there far are more efficient ways to handle an invalid character than breaking.
You are a sick twisted *******!
Rollback Post to RevisionRollBack
Quote from CMKMStephens »
Quote from Kdapro »
Imagine if the chinese got bored when they built the great wall of China..
WoM has the right idea, though there's something Notch can work on; surely, there far are more efficient ways to handle an invalid character than breaking.
...
You idiot. The vanilla server handles invalid chars just as well with verify-names=true.
Though the explanation to the archives flaw is that the coder was probably drunk at the time.
Rollback Post to RevisionRollBack
I disagree with you, therefore you are wrong.
Quality of output = Skill * Effort
WoM has the right idea, though there's something Notch can work on; surely, there far are more efficient ways to handle an invalid character than breaking.
...
You idiot. The vanilla server handles invalid chars just as well with verify-names=true.
Though the explanation to the archives flaw is that the coder was probably drunk at the time.
You, my friend, are the idiot. I was not speaking of the vanilla server, nor verify-names, in that quote.
As I said previously, there are far more efficient ways for the client to handle an invalid character than breaking.
:sad.gif:
To claim your motives are purely altruistic is a load of crap. If you really gave a ****, you would get in touch with Notch privately and explain the vulnerability and how you accomplished it. Instead, you try and justify your griefing with the notion that this forces Notch to make changes that you claim can only be done as the result of violence. You are correct in the assumption that he is now forced to make those changes, but meanwhile you are dicking over other players for your own amusement.
There is a term that refers to people who feel no empathy for their victims. Its called being a "psychopath". You know what you are doing is hurting other players, but you don't give a rats ass.
Quality of output = Skill * Effort
Though he can't speak on the forums, he forgot his forum password. XD
Quality of output = Skill * Effort
Quality of output = Skill * Effort
65.101.249.48 (verifynames abuser)
65.101.248.87
67.41.127.212 (DOS attack Ips)
67.41.125.245
Since this event, out server (D3 Custom Server, run by ATM) has resolved this issue.
Quality of output = Skill * Effort
i dont use it for hax or something. just saying
Yes, but then they can simply look for your server again. Your IP is in the play page.
Quality of output = Skill * Effort
That's wrong. You can use /banip and stop them from DDoSing you.
He's right, seen this work.
Quality of output = Skill * Effort
You are a sick twisted *******!
...
You idiot. The vanilla server handles invalid chars just as well with verify-names=true.
Though the explanation to the archives flaw is that the coder was probably drunk at the time.
Quality of output = Skill * Effort
You, my friend, are the idiot. I was not speaking of the vanilla server, nor verify-names, in that quote.
As I said previously, there are far more efficient ways for the client to handle an invalid character than breaking.