Page 2 of 3

Posted: Tue May 15, 2012 4:57 pm
by jhh
bli wrote:Do you want to say that the argument for banning terror without poll in order to "not to keep Longturn in limbo" was quite pointless?
Of course I didn't mean that. I've told before that I think it was right action and I would have done that, too.

The problem is just that only Terror's account is banned... and of course it's hard to really ban him when he has access to uncertain amount of accounts.

His IP address could be -- in theory -- banned, but that wouldn't really stop him, he would just change IP address like he did the few first attacks (using VPN).

We should make sure that there is no leaked passwords/hacked accounts in use and currently only way -- that I can think of -- would be to require email-based verification for all accounts or something else that can identify users.

Problem I think may be, that Longturn doesn't require email addresses for all users? That's another problem. I think email address should be required -- but another problem is that it shouldn't be public to other players as it practically ATM is.

Posted: Wed May 16, 2012 6:03 am
by kevin551
Am making this post for Zero.
He was away on vacation and has now returned.
His forum password has been changed. He cannot login.

His game account was also hacked but that password was not changed.

I think Jhh is right, we do need to check the security on all the user accounts.

Posted: Thu May 17, 2012 11:53 pm
by munk
akfaew wrote:
kevin551 wrote:Am making this post for Zero.
He was away on vacation and has now returned.
His forum password has been changed. He cannot login.
Then he should press the big button in his profile page on longturn.org
wouldn't that just cause the password that the hacker supposedly set (site/forum password) to overwrite the one Zero validly knows (game password)?

Posted: Sat May 19, 2012 3:00 pm
by kevin551
akfaew wrote: Then he should press the big button in his profile page on longturn.org
It is not possible for a normal user to reset his forum password in this way without also changing the website password.

If Terror hacked Zero's forum account then it seems likely that Zero's website password is also hacked. Hence Zero cannot access his profile page.

Posted: Sat May 19, 2012 6:26 pm
by Modeemirotta
I only saw some attempts (trying to log to accounts from the same ip in game and some other shit from same ip), I have heard that Zero has been hacked and that there are others. From my point of view, once again, doesn't look good for a new coming member of longturn. At least in some countries this would be a crime. To hack someones passwords. I know that admins/admin doesn't respect my opinion, but I still think that this kind of behavior should lead to perm ban. :/ Who's to say that this wouldn't happen again some other way even if the method he used this time is fixed? Telling that security has a flaw and using it to prove a point is totally a different thing. What do you really think that other communities would have done in this situation? (Still just my thoughts, and because "don't whine without a solution" a conclusion what i think should be done)

And don't take this wrong, I have no grudge agains't terror or anyone else, he is obviously bright as hell and maybe fun to play with, but this kind of actions just ruins the whole thing... :/

Posted: Sun May 20, 2012 9:12 am
by Modeemirotta
:) I will not start to fight about this thing too, but you really don't see the difference?

In Finland even using someone else's Username and Password is a crime.

http://www.poliisi.fi/poliisi/krp/home. ... 3E0056EDE0
http://www.heikniemi.fi/kirj/jur/rikos/tietomurto.html

I think that it goes far beyond the rules of this game.

But if you really don't see it... :D

Posted: Sun May 20, 2012 9:16 am
by Modeemirotta
akfaew wrote:
Modeemirotta wrote:Telling that security has a flaw and using it to prove a point is totally a different thing.
Terror was using it to prove a point, Modeemirotta. The newcommers from Finland kept their client open all day because it was not forbidden in the rules, and so they said it's OK. So terror hacked some accounts because it was not forbidden in the rules, and he said it's OK.

But yea, thanks for this. I had a really crappy day but after this I have something to laff at the whole day xD

Posted: Sun May 20, 2012 4:39 pm
by wieder
So, Akfaew, you are trying to tell us that hacking some accounts and disbanding all units is just as bad as keeping the client open 24/7?

Besides you have the rule that actually forbids what Terror was doing:

"Passwords are secret. Sharing passwords with other players is forbidden."

Terror broke the rules while hacking these accounts. He shared the passwords to himself and broke the rules at that point. In the rules, it is forbidden to share the password and while that is forbidden, that restriction is not limited to the player controlling the account. It clearly forbids anyone from sharing the password(s).

So, while Terror was proving a point, he actually failed in doing that. He really broke the rules with sharing the passwords for himself. We did not while keeping the client open.

Please don't try to tell us that keeping the client open 24/7 is as bad as hacking other players accounts. Accoding to Longturn rules it is not. And yeah... That stuff just sucks.

Posted: Sun May 20, 2012 5:10 pm
by jhh
akfaew wrote:I suggest 1 day of ban and then terror becomes an admin. Isn't that what the Finnish punishment is all about?
I didn't get this.

However these days I don't get much what akfaew is talking.

Posted: Sun May 20, 2012 6:49 pm
by wieder
Akfaew is refering to the practices of the finnish criminal system. Yeah, if you rape someone if Finland, you can get unpunished if you have a job and you would be in danger of losing it if you would go to jail. There have been some case where a rapist was left without any real punishment because the rape lasted only a short time and the victim knew the guy..

But.. There have been cases where someone stole money worth a couple of months paycheck and that man was sent to jail for years. You can get 6 years for making bad business decisions. That has happened. I think someone got some serious time for some mild hacking.

So in Finland you get the big ones for making some white collar crimes (econimic frauds, computer stuff...) but you walk for lot's of other stuff.

Finnish ways are strange so be carefull what you propose for Terror :D

I wouldn't go for that direction.

Posted: Sun May 20, 2012 9:43 pm
by munk
akfaew wrote:Terror was using it to prove a point, Modeemirotta. The newcommers from Finland kept their client open all day because it was not forbidden in the rules, and so they said it's OK. So terror hacked some accounts because it was not forbidden in the rules, and he said it's OK.
really? your position is that *anything* terror does against *anyone*, even the many accounts not even allied with the "newcommers", is just fine with you, and your excuse is that some people stayed connected longer than you would prefer? This is why you refuse to lift a finger to clean up the hacked accounts and restore them to the rightful owners?

Jesus, you are the worst game admin ever.

You do realize that by your logic, anyone can fuck with the system however they want as long as they are "proving a point"? Since that is the case, there's one last act of fuckery involving your completely arbitrary and ill-thought-out ranking system that I'm going to be in support of before I leave this retarded place, and I sincerely hope enough of us go along with it that you're forced to swallow it, balls and all.

adios, muchacho! (:

Posted: Sun May 20, 2012 9:56 pm
by munk
Oh, and BTW, like Zero, Modemirotta also has had his website password hacked and changed by terror. Do you also suggest that he "push the button" to overwrite his in-game password with the hacked website one so he can't get into the game either, like you advised before? I suppose that works best for you and your buddy terror, since it not only continues to allow terror to use his website account to vote and post bogus forum posts, but also locks these players out of all aspects of longturn.org and most likely encourages them to go away, which seems to be your main motivation.

Posted: Mon May 21, 2012 7:22 am
by Robodave
akfaew wrote:
Modeemirotta wrote:Telling that security has a flaw and using it to prove a point is totally a different thing.
Terror was using it to prove a point, Modeemirotta. The newcommers from Finland kept their client open all day because it was not forbidden in the rules, and so they said it's OK. So terror hacked some accounts because it was not forbidden in the rules, and he said it's OK.
This is a false equivalence, since there is a huge difference in severity. Both leaving your client open, and hacking other people's accounts, are against the rules; but leaving your client open is a bit unsportsmanlike, and hacking other people's accounts is making the game un-playable. The first should lead to a polite discussion, the second should lead to an instant ban.

Posted: Mon May 21, 2012 9:43 am
by ifaesfu
Robodave wrote: This is a false equivalence, since there is a huge difference in severity. Both leaving your client open, and hacking other people's accounts, are against the rules; but leaving your client open is a bit unsportsmanlike, and hacking other people's accounts is making the game un-playable. The first should lead to a polite discussion, the second should lead to an instant ban.
"Akfaew's equivalence" is in both ruining the game; the difference it's the time to get it. Hacking is like an atomic bomb.

Posted: Mon May 21, 2012 10:02 am
by wieder
""Akfaew's equivalence" is in both ruining the game; the difference it's the time to get it. Hacking is like an atomic bomb."

Killing the small and unprotected nations ruins the game for them. It's allways ruining the game for someone if you put it that way.

Terror's hacking was prohibited in the rules. Keeping the client open is not. Besides, there is lot's of difference in keeping the client open and playing RTS. The first does not lead to the second one without user interations. If there were rules against RTS, all this would be easier to discuss. Yeah, it would be a pain in the bucket to enforce but still, if it is cancer, there should be a rule against it in the rules.

And still no word on auto attacks. Shame & schade!

Posted: Mon May 21, 2012 11:29 am
by ifaesfu
wieder wrote: Killing the small and unprotected nations ruins the game for them. It's allways ruining the game for someone if you put it that way.
That's part of the game and I use to be one of those small and unprotected nations since I'm not a good player.

wieder wrote:
Terror's hacking was prohibited in the rules. Keeping the client open is not.
"8. It is common courtesy to log out and let your enemy do his moves in peace, after you have done yours."
It's true you can't find the word "forbidden", but if you read it and take part in a game, I think you should respect that rule. It's in the rules section for any reason.

wieder wrote: If there were rules against RTS, all this would be easier to discuss.
I agree. We should discuss this kind of things that affects all the games.

Posted: Mon May 21, 2012 8:03 pm
by wieder
"Killing the small and unprotected nations is a defining feature of the game, not its ruination."

Yeah, it's not ruination. I'm just trying to reming you that being 24/7 was and is a feature of the LT30 game. As was that huge alliance and co-operation that got most of it's military power from the TNS.

However, for both of those there was consequences in the opinions of the players and it would be most unwise to ignore that. For every one of us.

Posted: Tue May 22, 2012 9:54 am
by det0r
wieder wrote:I'm just trying to reming you that being 24/7 was and is a feature of the LT30 game.
It's been a feature of previous games and it ruined them, thus a specific rule was created to stop it, but you all chose to ignore the rule.

Posted: Tue May 22, 2012 10:38 am
by wieder
"It's been a feature of previous games and it ruined them, thus a specific rule was created to stop it, but you all chose to ignore the rule."

As mentioned here before this, "courtesy to log out" is not telling that you have to log out. Besides, if we read that in detail, the rules tell that it's polite to log out *after* you have done your moves. However, most players in TNS did their last moves in the end of the turn. So, if you really want to read the rules that way, postponing the last moves jut to the end of the turn makes it impossible to log out before the next turn.

However I don't think the actual problem is having people logged in. The problem is about doing the RTS.

Do you want to forbid RTS or players logged in just because you feel unconfortable about that? I ask this because dealing with the other doesn't make both issues to go away. Sure, some player(s) are logging moves, but I have to remind you about logging having been specifically permitted in the rules.

I would like to see the RTS go away. There could be rules against that, sure. They could be hard to enforce but so it's very hard to be sure that no one is using any kind of auto attack features.

Could we please decide what is the real problem? Logging with 24/7 or RTS? I think everyone agrees that hacking and using other peoples accounts is a problem.

Posted: Tue May 22, 2012 11:25 am
by ifaesfu
wieder wrote: As mentioned here before this, "courtesy to log out" is not telling that you have to log out. Besides, if we read that in detail, the rules tell that it's polite to log out *after* you have done your moves. However, most players in TNS did their last moves in the end of the turn. So, if you really want to read the rules that way, postponing the last moves jut to the end of the turn makes it impossible to log out before the next turn.

Courtesy? What is courtesy? I have been told it's common courtesy to enter that home without shoes, but since they aren't gonna kill me if I keep wearing my shoes, why do I have to take off my shoes? I don't mind if I spoil the floor. Besides, I've seen someone entering covered in mud. He is evil, we are saints.

wieder wrote:However I don't think the actual problem is having people logged in. The problem is about doing the RTS.
I thought the same through ingnorance. At first sight it wouldn't be a problem if someone is 24/7 logged in if he doesn't do RTS. But it's hard to believe he isn't using any kind of script or he is going to resist the temptation of doing RTS always.


Anyway, I think this issue has been solved with the time limit per turn. Since it seems to work fine in ltex23b, the only problem now it's who wants to play games with time limit and who wants to play games trusting in the rest of players' "courtesy".