How could I possibly out-do the events of this week? I became redundant a long time ago. Rob Malda gets anonymously bitchslapped by a World of Warcraft Administrator. He spends hours* writing a rant about how he totally understands, isn't angry, and then renames his character "Violated". Right.

When he says "the irony of the situation isn't lost on me", he's right. I'm sure the Atlantic Ocean isn't lost on him either. You just can't ignore something so vast, powerful, and... salty.

When Taco bitchslapped my public IP in his Apache config, I created an account named "Trolls" spelled backwards. We're pretty much the same guy. Except I can spell.

In the end, my job has been taken over by the pants of the Malda household, who has responded to Rob's second public posting since his wedding proposal by posting a couple pictures of her cleavage on the Internet with the caption "that'll show my husband, CmdrTaco, that he's not the ONLY one who knows how to assume fake ranks that they didn't earn!" and "Commander Cleavage(why am I posting this?!??)".

I almost got into an argument once with this lady at a gas station. I was talking on my cell phone, and she shut my pump down, turned on the PA, and told me my cell phone could kill everyone. The Eyes of The Gas Station were upon me. I went inside and mentioned that she was voicing a myth. Out poured a tirade of fiction about incinerated cell phone toting firebugs, and I felt it, you know, that old urge to refute stupidity.

But then I realized that being that stupid bitch at the gas station was its own punishment, and I kept driving.

Have fun playing Warcraft, Rob.

-s.

*Hours? Yes. There's not a single spelling mistake. He brooded over that shit.

Two password reset attempts on my account within hours of each other, different user agent, different offshore proxies. Yay for you guys!!! I'd thought all the love was gone.

XOXOXO!
  -s.

ps hi fv

Date: Sat, 11 Jun 2005 09:49:32 +0000

In case you get multiple emails you didn't request, the requester's IP
was 203.217.85.219. Its user agent was
"Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.7.6) Gecko/20050"
(not that you should trust that value, but it might be interesting).

Date: Sat, 11 Jun 2005 11:38:43 +0000

In case you get multiple emails you didn't request, the requester's IP
was 132.40.121.33. Its user agent was
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
(not that you should trust that value, but it might be interesting).

As an (occasional) contributing editor to Trollback, I can assure you that there will be some coverage of some new Slashcode features in the upcoming issue. Before I get to the meat, here's a summary roundup of recent changes:

Slashcode port & service scans anonymous posters.

Modbombing a single user now has adjustable consequences (on Slashdot, it is most likely a bonus, however the default consequence is set as a penalty).

The "excessive bad posting" detector has been given new teeth, blocking the class C subnet of anyone who a moderator disagrees with for periods ranging from weeks to months. See upcoming Trollback for details, or read some journals.

There's a new feature afoot right now, however, which has not been comitted to Slash's public CVS repository yet. The change involves setting someone's Karma from (whatever it was) to "Moderation Abuser". Presumably if you have excellent Karma, and a moderation you make is found to be unfair, your Karma will be changed to "Moderation Abuser". CmdrTaco has repeatedly stated that "Karma is worthless", so officially this doesn't mean anything - however unofficially, it could have big consequences for your account. Here's a first person account. Has anyone else observed this, and some possible consequences?

Comments are enabled, share what information you have.

-s.

P.S. I was finally removed from CmdrTaco's Friend-of-Friends list for this post in his journal, in which I revealed that they had changed Slashcode to adjust the token count of modbombers (in the middle of a diary where he was berating a user for modbombing...). Unable to get Brian Aker (Krow) to de-friend me, Taco de-friended Krow. Alas... sorry Brian! I realize that pointing out that Taco was writing an entire diary about something that Jamie had handled in the code months ago - without telling any of his readers it was handled - was going to be pretty embarassing for Rob, but I didn't expect him to act like such a child.
Right?
P.P.S. Has anyone looked at Slashdot's two year Alexa ranking? I wonder why their popularity has basically regressed to 2002 levels over the last year... thoughts?

It came to my attention recently that my ongoing trouncing of CmdrTaco had been interrupted by having myself retired from Whatsbetter.com. Of course I had to do my best to rectify the situation, and the good folks at Whatsbetter.com were happy to oblige. Much to my dismay they had interpreted my lack of recent journal posting as a sign of my demise. While I admit I owe you all a status update on Slashcode (it's coming!) I will have to make do for now with some tidbits from the mailbag:

--

Hey sllort,

I've re-enabled the item... One of my admins must have retired it. Your /.
jounal has not been updated in the last 5 months. Spending your time at K5
these days? Or have you found new and better places to troll ;-)

Enjoy the site,
-chris

>hello, noticed that in the following pairing:
>
>http://www.whatsbetter.com/display.pyt?item=14198&item=14199
>
>one Slashdot user was retired as "old" and the other was not. Just wanted
>to let you know that neither user is old nor retired, we both write
>journals regularly, here are the links:
>
>http://slashdot.org/~cmdrtaco/journal/
>http://slashdot.org/~sllort/journal/
>
>I do not like being retired as "old", i'm only 27, i'm active on the site
>and i'm as active now as when i was added.
>
>let me know what you decide,
>
>-sllort.

Of course, I have no idea what he's talking about with this "trolling" nonsense, but he's re-activated my account for more Taco-crushing, and that's what's important. Thanks, Chris.

--

Hi,

as far as I am unknown, the best thing is to introduce myself.

Working in political sciences but interested by IT since I'm 15 (4 years
already), I just took some distant glances at /., so far. I just got
involved in the overall /. picture, until I got moderation points, too
quickly in my opinion.

I quickly realized that some deep trends where impairing the very spirit of
what was in my mind a quite flawless system. I posted various documented
posts questionning Apple's software, marketing policy, prices policy etc.
until I just went aware that they were plainly ignored, or modded down. I
just had the bad taste to say that, at last, Windows XP was a respectable
OS. I just had the foolish idea of defending Oracle.

Then I decided to make some researches about people in the same frustrating
state of mind as mine. And quite quickly I found this by now old story about
the troll survey. I found that many many clever people were relayed in the
remote electronical sphere of purgatory. And that maybe you were the boldest
one of these.

So my questions are naturally coming to you : what do you think of Slashdot
by now ? Did you improve to evaluate how many people were backing you ? Are
they any other sites as /., with other moderation/participation systems ? If
not, what about building an alternative one ?

It just looks like many of us stay frustrated by the current status of /.
And frankly this is sad.
If in any case you can't/don't want to respond, plz leave a blank message.
I'll keep looking for freedom advocates.

Regards,
Jdif

p.s : reading Top Ten ?

Wow. "remote electronical sphere of purgatory". Putting aside for a moment your... diction... yes, I've spent some time at k5 recently. K5 is what Taco would call "navel gazer's anonymous", what Seth Finkelstein would call "more writer fair", and what I would call "fractionally less fucked up". As far as being upset with /. - well, they've managed to stay "in business" for five years, and nobody's threatening their market niche yet, though God only knows if they're profitable. It's a sad thing that some real assmasters are in charge, but we can always hope that something better will come along - or as you point out, we can do something about it.

As far as reading goes, allow me to suggest the September and October edition of Trollback - the new editorial staff deserves plenty of praise.

-s.

I just heard some sad news on talk radio - Slash Team icon Brian Aker's job at OSDN was found dead in the noncompetitive OSDN payroll ledger this morning. I'm sure trolls and /bots alike will miss him - even if you've been freaked by everyone, there's no denying that krow was the Slashcode contributor that didn't suck. Truly a Slashdot icon.

He will be missed.

Well, yesterday's IRC thing went off without me, though had I been there, my questions would have been dumped anyway, so no big deal. It's a pretty long log, so I took the liberty of snipping the good parts and adding some translations for those who don't speak Slash. Hope you enjoy, and I apologize in advance for any inaccuracies.

Question
Answer
Translation

<Questions> w00t asks: Will /. users ever be able to change the "look and feel" of Slashdot? Such as the colors, and general layout?

<CmdrTaco> Maybe a little, but not much. 20:04
It's computationally expensive.
<hemos> The new machines will be 2x P3 1.4 Ghz, with 2 gigs of RAM.
<CmdrTaco> It's programatically tricky.

Even removing images will increase our computational workload. We'll never change this, but patches are always welcome.

Patches are always welcome tho ;)

<Questions> reefer asks: Is there any system in place or a plan on developing some system to prevent duplicate posts?

<CmdrTaco> Whatever. 20:06
Next.
<hemos> Reefer: There is one.

We have a pretty good system that we copied from fark, but Rob still sneaks a couple through.

<Questions> jew asks: At LWCE 2000 NYC, you stated that you were considering developing alternate systems of accessing the site's content than HTTP/HTML. You mentioned NNTP. Have you considered or implemented any alternate means of accessing the site, such as RRS? If not, why?

<CmdrTaco> We don't have time to implement much in the way of other protocols.
<hemos> CmdrTaco: We did try the chat thing with whatever program that was.
Er, not chat. 20:07
Discussion thing.
<CmdrTaco> Yeah, we had an IRC bot.
That gated stories & discussions.
Salsa.
That was fun.
Worked really well.
Nobody used it :)

The trolls had a very popular IRC bot called Slashbot that gated stories, and we murdered comments.pl and banned about a hundred IPs to shut it down, but we shut down our version because no one used it.

<CmdrTaco>Karma isn't worth anything. Why would we change that? 20:09

Except for: how many posts you can make a day, your initial comment score, your ability to moderate or metamoderate, and almost any other interaction with the site, that is. We'll never change karma's fictitious worthlessness like we did before.

<Questions> OcelotLM asks: Have you considered changing the Games colour scheme to something less garish?

<hemos> Hahahaha
<CmdrTaco> Whateever.
Next.
<hemos> You should have seen the first round of it.

Ok, ya, it sucks. Get over it. Remember Slashdot succeeded because our HTML is the best.

<CmdrTaco> (I'm just skipping trolls btw ;)

I'm not going to tell you why moderation is anonymous and why we IP banned www.w3c.org from our site. This is because the answers are not for those among us who do not drink the gin with the tonic.

<Questions> limerickey asks: What happened to John Katz?

<CmdrTaco> We had to let him go during a round of layoffs last summer.
We miss him, and were sad to see him go. 20:15
He added a lot to Slashdot, and it was really unfortunate.
<hemos> the acerbic nature of some of the people also turned him off.

Realized that if he continued to pander his career for Matrix fans, he'd never work as a journalist again. Also the trolls.

<Questions> sebi asks: Did you ever consider adjusting the amount of moderator points based on Metamoderation results (like add a point for every 100 fair metamods, subtract one for every 5 unfair ones ore something like that)

<CmdrTaco>what you are asking is does M2 affect getting M1 points.
And yes, it does.
If you meta modearte, you will get more mod points. 20:17
It isn't 1 point for 100 fairs or anything.
But it's a lot.
If you moderate good, and meta moderate whenever it is offered to you, you can get mod points fairly quickly.

See, we created a discussion site, which by its very existence proves that people disagree, otherwise there'd be no need for discussion, and then we've implemented a moderation system based on the idea that disagreement over what "to moderate good" means is impossible. There exists, in this world, "absolute good" and "absolute bad", and we have written a system to detect it in Perl. Thank you. Thank you very much.

<Questions> TrollBridge asks: Despite the junk that trolls (as I myself once was) have posted in the past, is it a fair statement to say they have indirectly contributed to the polishing of the Slashcode?

<CmdrTaco> I'm sure there is no web discussion system that is harder to crapflood than Slashdot.
So thanks for making us have to waste our time writing that code.
We COULD have had RSS for subscribers or NNTP interfaces or something.
<hemos> I can say personally that the trolls have taken time away from my kids birthda's.
So, I hope you feel very proud of that.
<hemos> What I would say is the trolls have made it so that we haven't made features
<hemos> but instead have had to think of ways to stop people from accessing the site.
It sucks having to program stuff to prevent a crapflood when we COULD be adding cool fun new shit for folks.

We're not going to address what the trolls have done, but the crapflooders have really fucked with us. We blur the distinction; you should too. P.S. even though no one could crapflood Fark.com to save their life, we're even tougher. The routine, unchecked scripted crapflooding of sid=20721 is proof.

<Questions> mmh asks: Will there ever be a section dedicated to site issues and discussions? Stuff like Slashcode updates, hardware issues, suggestions, etc. Whenever things come up in regular stories, people posting about it are off topic. It would be nice to have a place for this (and a place that you guys read to get the suggestions).

<CmdrTaco> www.slashcode.com has some of that.
<CmdrTaco> My journal has some more of that.
<hemos> The problem with one section for discussing is that then no works gets done.
<CmdrTaco> I don't foresee a Slashdot section dedicated to Slashdot.
There are only so many hours in the day,
I can't spend all of them talking about what I do,
<hemos> Because it's navel gazing at its finest.
<CmdrTaco> and then still have time left to DO anything.
We're not 50 people here.
And I don't want to read a website about Slashdot.
I hate reading websites where half hte content is discussion about the website.
CNN isn't about CNN.
many community driven content sites are OBSESSED with themselves.
I'd rather not be.
A couple forums a year. A journal entry a week. A few hudnred emails a day.
Isn't that enough :)

If we'd had a META section, or listened to our users, we could have ripped off the early-story subscriber plum years earlier - same thing with CAPTCHA. And I don't think we were ready for that then. So, no, sounds like a bad idea.

<Questions> pwrlnkid asks: Have you given any thought to allowing subscribers to see the story queue and "moderate it". Seems to be an easy way on your parts to get rid of dupes or old news.

<CmdrTaco> FAQ!
FINALLY!
Next.

Mention K5 again and I'll kill you.

<CmdrTaco> Mmm. Scotch.
<hemos> Man, I'm getting a G&T.

We watch anime. We lease our BMW's. We drink gin & tonics. We solved the drivel problem. Excuse us.

<hemos> Yeah, the patch situation is a fun one.
Because the reality is that hardly anyone submits pathces.
<hemos> So, yeah, the code is open...but really that just means people donwload it and install it.
<CmdrTaco> We don't get many patches. Which is really unfortunate. 20:44
<hemos> Yeah, essentially we have all the costs of being OSS
without any of the benefits.
<CmdrTaco> We spend a lot of time making the system (relatively) easy to install for others, but we're not actively getting a lot of benefit back.
We do it more out of a labor of love than for business reasons.
We really WANT this thing to be open source. We think its cool. 20:45
<hemos> Because we end up supporting people using it, but get nothing back.
Frankly, if I were deciding it strictly on business merits, it's current status as open source is a lot of work without much back.
<CmdrTaco> There is no other open source CMS that will work on the scale of slash.
But most people just want a dinky little site.
They can use one of the *nuke clones.
They don't need a steak, they're cool with hamburger ;)

We don't know why people don't feel motivated to contribute. It annoys us how at K5 there's all these cool features added by users like those awesome Dynamic Comments, and we're stuck back here in the Stone Age with Nested Mode (I mean STEAK MODE). Oh well - pass the alcohol .

<Questions> erigol asks: Have you considered setting up a slashdot Wiki, since Wiki's are, like, the rage, and stuff.

<CmdrTaco> Wiki is silly. Not scalalble.
<hemos> Wiki's make me want to guage my eyes out.
gouge, even.

WE MAKE THE STEAK. THE STEAK IS THE BEST. KEEP YOUR MUTTON AWAY.

<CmdrTaco> Users in .d bitching that we post Microsoft Ads ;)
<hemos> Hah.
<CmdrTaco> I can't understand why that offends people. I find it hilarious.
<hemos> The irony of that is amazing.
<CmdrTaco> SCO shoudl advertise with us.

How can something be bad ironic when it pays for our single malt? That's good ironic. Bad ironic is when we IP-ban the W3C, because that doesn't pay for STEAK, BMW leases, or gin. Puh-lease.

<Questions> Cephalien asks: Out of curiosity: Do you think that the ever-growing popularity of Slashdot, and the occasionally negative publicity offered there towards certain companies (Microsoft comes to mind), do you think that those companies might intentionally seed people to post comments? If so, how often, and how much do you think that effects the overall 'feel' of the comments about a story?

<CmdrTaco> I'm sure it happens to some degree.
<Aaton> CmdrTaco: no problem
<CmdrTaco> But astrotrufing by a major corporation will never outnumber Slashdot's population.

Unless they get ahold of that script that routinely floods sid=20721... but we don't talk about that.

<CmdrTaco> Web petitions are stupid. I delete them all.

My IQ is not zero, and I can prove it.

<CmdrTaco> I don't want to say something will "Never" appear on Slashdot.
If someone could convince me, I'd do anything.
Moderation with names attached?
Open Submissions Queue?
But few people understand the scope of such changes.

These two features have been implemented at K5 already, dumbfuck. Do you really think we'd copy someone else's feature? We're the STEAK, they're navel-gazing hamburger. Sister puh-leaze.

<CmdrTaco>What's sad is that anonymous posting serves a very important purpose.
It exists so that you can say thigns that might be held against you.

Remember how earlier we said Carnivore was watching so anonymous posting wasn't really anonymous? Keep thinking about that while I fix another drink..

There's an IRC interview with Taco & Hemos tonight. I won't be there, I have plans tonight. There are millions of things that could be asked: why are messages now batched so we can't tell when we've been mass moderated, why are the moderation totals hidden so we can't tell when a comment has been mass moderated, why are comment numbers randomized instead of starting at 1, what percentage of editor moderation is "Over/Underrated" (we've been handed the editor's aggregate M2 stats forever, why not document the loophole?)

The way they run these interviews is usually that you submit to a question bot, but can't talk, and they pick questions off the bot. In short, none of the above has any chance of getting asked. Neither do the following three questions, though they are probably the three questions to which the answer is the most interesting:

1. Why doesn't a Moderation Results message include the name of the Moderator?
2. Why aren't we told when an editor moderates our posts?
3. Why is the W3C HTML Validator at www.w3c.org IP banned from Slashdot?

Have fun folks, and remember, Never disturb a man.

The absolute best way to to get the W3C to validate your site is to ban their IP address. Because, if your HTML doesn't check out, who's the wiser?

I'd like to take this opportunity to congratulate Rob & co on not having a gigantically flawed W3C validator page for the first time in their illustrious five-year history. Way to go, guys!

Well, Fyodor wrote a rather lengthy reponse today, collating a whole bunch of geocities pages in order to prove that any allegation made against him is false, and that he is not a terrorist.

I don't really know what to make of his response: it's weird, because he kind of denies hacking sdem's computer, but he doesn't deny posting screenshots of sdem's page to his website, and talks about "trolling trolls" and "rhetorical devices".

I honestly can't make heads or tails of it - I thought that his page on breaking into sdem's machine was a much better piece of writing on his part - but here's the link for you all to try to make sense of:

http://interviews.slashdot.org/comments.pl?sid=65960&cid=6080152

Interestingly he accuses me of slander and says that he would press charges if he weren't busy with an important project. That certainly would be interesting, considering I could haul at least ten witnesses into any courtroom that saw his "Troll Hunting 101" post.

Completely weird.

Update: This comment by an AC claims that a user moderator, not an editor, was one party to the moderation attack on this comment. While an AC comment doesn't prove much, it is at this point pretty unlikely that editors were involved. I'd like to remind everyone reading that the name of the posting account isn't sufficient information to grade an entire post; in this case, the linked post is factual, polite and accurate, and fully deserving of the +5 Interesting score the users originally gave it.

--
Original journal entry:
--

Slashdot interviews send the best of the 5-rated user comments to an interview candidate. Users pick the best questions, and Slashdot sends the interview. Right?

Maybe.

Take a look at the Fyodor Interview. Scroll down to this comment which asks, in a polite fashion, whether Fyodor has ever chosen to use his hacking skills to break the law, and cites the Slashdot troll hacking incident detailed earlier in my journal. This question received a score of 5 from the users of Slashdot, and was therefore eligible to be part of Fyodor's interview.

Today, alert reader Gendou pointed out that four days after the story posted, a flurry of moderation activity had occurred in this posts's thread. The post was moderated down as a "Troll", heavily, till it reached threshold 3, and every comment in the thread which mentioned Fyodor's hacking incident also received large quantities of "Troll" moderation.

Now, who gets moderator points, opens up a four day old story, and starts using moderation to push an agenda? More than 5 points were used in the attack, which means that either a large group of users acting in concert attacked the thread, or a user who is gaming Slashdot's system attacked the thread, or an editor did it. Who was bent on removing any shred of legitimacy from complaints that this question was not forwarded to Fyodor?

The users of Slashdot gave this comment a score of 5.

Slashdot Moderation is unaccountable, and I don't know who did this. For now, I'd like anyone who saw that the users of Slashdot moderate this question to 5 to vouch for that fact in the comments, as I am vouching here. We may never find out who manipulated the comment scores, but we can set the record straight.

Trollaxor.com has obtained a cache of Fyodor's "Troll Hunting 101", briefly posted to www.insecure.org/tmp/trolls in 2002 by Fyodor shortly after hacking the computer of a Slashdot prankster. I have been advised that the images and content in this cache have been modified to protect the name and personal information of Fyodor's hacking victim (SumDeusExMachina) which Fyodor initially saw fit to publish. The modifications appear in bold and are clearly marked as REDACTED.

I would like to invite anyone who witnessed this firsthand in 2002 to post a comment certifying that this content is accurate to the best of their recollection below in the comment section.

I personally certify that this content was posted to www.insecure.org in 2002, and that I personally loaded and witnessed it.

The Cache.

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that he was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man has in illegally penetrating computers across state lines and getting away with it. I'm sure that many companies would like to have a man of this caliber at their disposal in order to infiltrate and destroy their competitor's IT infrastructure.

Of course, no sane person would use this man's software without compiling it from inspected source, given his history. Fortunately the folks at Redhat pore over his code with a fine toothed comb before including it in their distribution, so if you've ever wanted to peer into the mind of a madman, I encourage you to take a look at Redhat's copy of nmap.

Also if anyone has a cached copy of fyodor's insecure.org/tmp/trolls page, please let me know in the comments so we can get it hosted. This particular piece of sordid Slashdot history just became more relevant.

Additional reading:
Sdem's account of the incident
Trolltalk cache, circa break-in
Cache of Fyodor's "Troll Hunting 101" from www.insecure.org/tmp/trolls

Verification:
Above are caches of both Fyodor's bragging about the break-in on his web site, and his bragging in a Slashdot comment about having hacked Sdem. Numerous people witnessed this and have posted comments in my following journal entries certifying to the veracity of these mirrors. To date, no one at Slash Team and no one at insecure.org has denied it. Nor will they; they have almost certainly been advised by legal counsel not to speak about it in public.

That said, any journalist or researcher wishing to pursue this story may wish to take additional steps. The Slashdot editorial staff was well aware of this story when it happened. Jamie McCarthy used Fyodor's information to penetrate the irc server Fyodor discovered and attack the irc bot he found there. Jamie McCarthy and Michael Sims are both aware of the details surrounding this incident and can confirm their recollection and involvement in the incident by email. Their email addresses are easily available to a curious researcher so I won't bother repeating them for spam robots, but suffice it to say that asking Jamie the question "did you see Fyodor's page on his web site in which he took screen captures from a hacked trolls computer" will probably yield you positive confirmation. There is the possibility that they won't want to involve themselves for legal reasons, but I doubt it. Jamie is historically honest to a fault and forthcoming when approached with a legitimate question.
So, if you're a doubter, email the Slashdot editorial staff. Fyodor is a Black Hat, and the eds know it.

Update (5/28/03): The information in this journal is outdated and no longer reflects the state of Slashcode; this journal is a historical record but no longer accurate. --

Remember everybody's favorite signature? Slashdot Math: 50+1-1 = 49. Taco was so incensed about that he decided to hide Karma from everyone so they couldn't criticize his math skills. This was a good idea, and one he should have stuck with.

Recently, Slashteam decided that printing moderation totals was a bad idea. It's part of a continuing development trend of hiding the Slash backend from the users (not a bad idea). Maybe Krow has been playing an audio version of Chromatic's O'Reilly article to Taco while he sleeps. Maybe Taco's pride has finally yielded enough that he's willing to listen to someone else. Who knows. For whatever reason, someone's trying to make it harder to game the Slash system by removing anything that could be construed as "points" (I'm wondering how they plan to make it impossible to count your friends, but that's another story).

Personally, I like to think that Trollback was responsible. But that's just ego talking.

In any event, moderation totals are now shown as percentages in an attempt to hide the number of times a post has been moderated. While it's pretty simple to reverse-engineer this number, you now need a calculator, which raises the bar a bit.

The funny thing, however, is that Taco has once again exposed his math skills to the world. So, once again, we get to put "Slashdot Math" in our .sigs. Are you ready?

Slashdot Math: 30+40+10 = 100

Enjoy,

-s.

Update: As many have pointed out in the comments, it is true that this change has a few side affects. One is that editors can now disguise their modbombing activity a little easier. The second is that by activating a division-based mod system, SlashTeam has proven that all its protestations about K5's moderation not scaling are a bogus. Of course, if you haven't accepted the fact that modbombing and handwaving are a way of life around here, you're blind, and you don't read my journal.

Many of you have seen that Verizon has been ordered to disclose customer profiles to anyone who sues them. This is pretty funny, and hopefully someone will sue Hillary Rosen's ISP soon. In the meantime, I'd like to point you in the direction of this interesting quote:

"Now that the court has ordered Verizon to live up to its obligation under the law, we look forward to contacting the account holder whose identity we were seeking so we can let them know that what they are doing is illegal," said Cary Sherman, president of the Recording Industry Association of America.

So we know two things:

1. The RIAA doesn't know who the account holder is
2. The RIAA wants to let the account holder know that he/she has broken the law

The only problem with this is that for the account holder to have broken the law, it must be proven that the account holder does not own a legally purchased copy of all the songs he or she downloaded. How can the RIAA know this about the account holder? Existing Fair Use law states that you can obtain a backup copy of a song you already own. Can the RIAA have charges brought against the account holder without proof that the account holder does not legally own all these songs?

I've spent a bit of time cataloging the names of every song on every CD I own. Having painstakingly removed anything which could possibly be available Live or As A Cover, I have a list of about 9,600 song titles which I can legally download. I am in the process of setting up my Gnotella agent to continually download all these songs. I have a little DB app which will overwrite my existing copy of each song with the new copy. This will ensure that at any given time, I have only one backup copy of each song I own, and also that my connection will look like a gigantic music leech 24/7.

I'm only one person, and the chances of the RIAA bringing suit against me are pretty low, even though they target high-bandwidth automated users. But I can hope (actually if I am sued my bravado will probably dissipate and I will piss my pants while I write the ACLU, EFF, and the Pope). The prospect of Trolling the RIAA is just too good to give up. And walking into court with a legally purchased, nicely aged copy of every single song I'm charged with obtaining illegally would be way too much fun.

Yes, for those wondering, I typed up the list of songs, dated it, took pictures of my entire cd collection and put it in the envelope, included the Washington Post, and I'm going to mail it to my bank certified mail with return receipt attn: my safe deposit box. That's the best I can do for proving I didn't purchase the music ex-post-facto.

If you like this little exercise in law-abiding, feel free to join me.

-s.

There's a new project on SourceForge for anyone who's ever been told to "submit a patch". I have no idea why they accepted it.

Addendum: This is not my project; I'm just linking to it.