Administrator
Game Development
5731
Apr 17th 2013, 2:19:03
ok, I really don't want to be mean, but since you won't let it go....
1) Your analysis was wrong re: boxcar security issues. like I said, i'm not discussing it any more other than to say that qz and I feel that you're full of fluff. zarc didn't disagree, and we're the ones who can see the code, you cannot. your bug was discussed and determined to not be a bug.... I posted such and you demanded access to my code to audit it -- an absolutely unreasonable request to make in the best of circumstances.
2) You approached me numerous times? Really? I have exactly 3 messages in my inbox from you -- all in the last 24 hours -- and they are the following:
<<When I said "there's no actual problem, Copper is crying wolf" in that Boxcar thread>>
Title: "If you don't believe me"
Content:
If you don't believe me then just give me a piece of paper saying you give me full permission to conduct penetration testing against boxcar and I'll present you with a detailed list of all the things that are HORRIBLY with it security-wise...
<<After I closed the thread>>
Title: "Nice Mod Abuse"
Content:
You're so full of fluff pang. Send me line 11 from db_fns.php.
As I said I do this fluff for a living. I don't give a crap if you "intend" for boxcar to connect using a different user, you have a reference to the www-data user somewhere in your code or the error would not have occurred.
Don't be butt-hurt and delete my threads, its no one's fault but your own that your site is coded so poorly.
<<20 minutes later (presumably after Googling the error message that was displayed while Boxcar was messed up)>>
Title: <No subject>
Content:
So I stand corrected. You're not calling www-data what you're doing is making the mistake of not ensuring you have a connection before attempting a query so likely you're using mysql instead of PDO which is more secure and not deprecated...
3) Did you read the above messages? These were unsolicited -- my only response was to the last one saying 3 words: "leave me alone" because I was not interested in being harassed. Other folks (mainly LaF'ers) typicaly let me know of important bugs when they reveal themselves and I assume qz is more connected now than I'm with folks bringing bugs to him. And they typically have the courtesy to do it privately.
4) Who brings potentially huge security bugs to a public forum, attacks the developer and then demands they fix it or hand over code? lol, seriously... you want to work with me?
5) I know nothing about your training or background, other than that you think you're awesome. Normally when you want to work with someone you tell them something about yourself rather than assuming you are God's gift to software.
I hope you're doing well in whatever you're doing, but across the board your posts and messages make me run the same line of code over and over again:
$opinion['Mr. Copper']--;
Ain't nobody got time for that.
-=Pang=-
Earth Empires Staff
pangaea [at] earthempires [dot] com
Boxcar - Earth Empires Clan & Alliance Hosting
http://www.boxcarhosting.com