• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root This Is Why We Dont Have Nice Things

savoxis

savoxis

Android Expert
So,
I recieved a gtalk message from Trident at about 5am letting me know that someone had been not only snooping around the OTA server, but also posting links to beta builds therin. Now let me make one thing very clear to those of you that may be a little confused. If you happen across something and the developer of it (script, rom, theme, bootanimation, ANYTHING!) has not posted this publically there is a reason for this. Usually because it is still being tested, or just not meant for release. I will be the first to admit the security on the OTA server is lax. But come on people just because I didnt lock it down with passwords does not mean its all open free and clear.

The fact that people have been nosy and found betas up on the OTA is a little disturbing, but something I can get over. Betas leaking out is something that happens, something however that is not acceptable is this info being leaked PUBLICALLY on a forum, please keep it to yourself, if you find something you shouldnt (or even if your not sure) and above all ASK THE DEVELOPER. We all are quite vocal and it shouldnt be hard to get one of our attentions.

I understand it has been awile in between releases, we have a lot of very nice things cooking at the moment and I think if you all have a little bit of patience you will be happy with what you see. Unfortunatly not I have to divert time wich could be spend working on the rom, on securing the OTA server (which really shouldnt need it)


R.e.s.p.e.c.t...
 
It's ridiculous that someone would try to release it in the first place. Did he think he'd get applauded for it? I'd rather wait until it's completely ready to be released. I mean, little tweaks on the script makes it easy enough to wait. Release when you're ready, guys!
 
If Vel 1.1 is gonna be the final deal, I'll have to agree and wait 'til it's polished the way these releases most commonly are. Mad props to the guys for doing a bang-up job as of far. I don't really know what more to expect from these guys, as they've pretty much maxed it out ....or not?:rolleyes: I just hope some jerkass doesn't ruin it for the rest of us.
 
savoxis said:
So,
I recieved a gtalk message from Trident at about 5am letting me know that someone had been not only snooping around the OTA server, but also posting links to beta builds therin. Now let me make one thing very clear to those of you that may be a little confused. If you happen across something and the developer of it (script, rom, theme, bootanimation, ANYTHING!) has not posted this publically there is a reason for this. Usually because it is still being tested, or just not meant for release. I will be the first to admit the security on the OTA server is lax. But come on people just because I didnt lock it down with passwords does not mean its all open free and clear.

The fact that people have been nosy and found betas up on the OTA is a little disturbing, but something I can get over. Betas leaking out is something that happens, something however that is not acceptable is this info being leaked PUBLICALLY on a forum, please keep it to yourself, if you find something you shouldnt (or even if your not sure) and above all ASK THE DEVELOPER. We all are quite vocal and it shouldnt be hard to get one of our attentions.

I understand it has been awile in between releases, we have a lot of very nice things cooking at the moment and I think if you all have a little bit of patience you will be happy with what you see. Unfortunatly not I have to divert time wich could be spend working on the rom, on securing the OTA server (which really shouldnt need it)


R.e.s.p.e.c.t...
Click to expand...
I agree with what you say 100%

I however have a different take on the situation. Call me a conspiricy theorist but..... I think think that this was done maliciously. The person that did it only had the one post. That person obviously had knowledge of our stuff our site our inner workings. Therefore I conclude that this person is still with us under his regular Avatar name.

If he was Stupid he used the Same IP if he was not he masked his IP or used a Proxy.

Whoever it was This person was trying to make a statement and wanted to hurt Trident.

Its really sad. I dont believe this was some random guy who just happened on Tridents stuff and said hey I think I will innocently release this stuff.

Call me synical but this was done out of hate. :(
 
And people wonder why trident said no more. People just dont have the respect they should. Just dont forget most of us here got mad respect for the team and love what you guys have done for our little phones. But you always got those few willin to f it up for the rest of us.
 
swc2001 said:
I agree with what you say 100%

I however have a different take on the situation. Call me a conspiricy theorist but..... I think think that this was done maliciously. The person that did it only had the one post. That person obviously had knowledge of our stuff our site our inner workings. Therefore I conclude that this person is still with us under his regular Avatar name.

If he was Stupid he used the Same IP if he was not he masked his IP or used a Proxy.

Whoever it was This person was trying to make a statement and wanted to hurt Trident.

Its really sad. I dont believe this was some random guy who just happened on Tridents stuff and said hey I think I will innocently release this stuff.

Call me synical but this was done out of hate. :(
Click to expand...

I agree with you. Hopefully when someone makes a post here it logs enough info they can compare it to others and find out who it was and ban them for good.
That said people need to refrain from blaming the Ally Community at large and refrain from throwing around derogatory terms directed at its users in general as seen in some other threads on this subject. It hasn't come from any of the developers but other forum members.
 
savoxis said:
So,
I recieved a gtalk message from Trident at about 5am letting me know that someone had been not only snooping around the OTA server, but also posting links to beta builds therin. Now let me make one thing very clear to those of you that may be a little confused. If you happen across something and the developer of it (script, rom, theme, bootanimation, ANYTHING!) has not posted this publically there is a reason for this. Usually because it is still being tested, or just not meant for release. I will be the first to admit the security on the OTA server is lax. But come on people just because I didnt lock it down with passwords does not mean its all open free and clear.

The fact that people have been nosy and found betas up on the OTA is a little disturbing, but something I can get over. Betas leaking out is something that happens, something however that is not acceptable is this info being leaked PUBLICALLY on a forum, please keep it to yourself, if you find something you shouldnt (or even if your not sure) and above all ASK THE DEVELOPER. We all are quite vocal and it shouldnt be hard to get one of our attentions.

I understand it has been awile in between releases, we have a lot of very nice things cooking at the moment and I think if you all have a little bit of patience you will be happy with what you see. Unfortunatly not I have to divert time wich could be spend working on the rom, on securing the OTA server (which really shouldnt need it)


R.e.s.p.e.c.t...
Click to expand...

To the devs I hope u don't think that this idiot is an accurate representation of the rest of us. Really hacking into a server a posting something amounts to stealing ans is well a crime in any other instance. I think I can safely speak for most of us by saying we would luv to see velocity 1.1 but it can understand if it is not. Thanks to all of u guys for everything u have done!
 
Dont get carried away.

The guilty party came to me and apologized. I consider this good so long as he/she thinks a little more before going off and doing things.

The server was not technically hacked, I had directory browsing enabled, anyone who was curious could get to http://velocity.awesomazing.com/velocity/scripts on port 80. This is one of the reasons I am not as pissed as I could be about this. I have slapped some putty over the hole and it is now "secure nuff" for what it is.
 
Of course starting the day off right with Bacon, Eggs, and Biscuits with Sausage Gravy is much more important. 9 out of 10 moderators recomend aginst banning on a empty stomach.
 
I know this is very frustrating to the whole velocity team...... I am a php developer and I have had one of my beta versions stolen off of my server lets just say the morn was stupid enough to leave my copy right in it. tracked him down and sent a nice little letter and he stopped....

savoxis I see you put a splash page in each directory but can I make another suggestion to you on that server? REMOVED BY ME After stupidly posting hole....... I wasnt snooping I just typed the address in wrong.... i sear. I just want to make sure the server doesn't get hacked.... That would be total BS..... Velocity is an amazing script I wish I could get it on my new phone :'(
 
tattedman said:
THANKS FOR FIXING -SAV(
Click to expand...

Different server. One I care much less about, and one thing. Don't publicly post security holes please, just as a matter of common courtesy, send a pm next time.

Last thing I need is a bunch of script kiddies trying to bruteforce into my fileserver
 
He im really sorry man..... Ill remove it right now..... I wasn't thinking....
It wont happen again..... I was angry about the fact someone was doing this..... at the time I didn't think it was that big of a threat but relooking at the situation I feel stupid..... that is a good cpanel so it shouldn't be that accessible by anyone. Iv used it and had someone try brutforce and no dice........
 
You must log in or register to reply here.
Back
Top Bottom