it does do lots of stuff differently, just not necessarily stuff that the end user actually sees
OMG that is LOUSY DESIGN if the user does not see it it should be INSTANTLY UNLOADED to preserve my preciousss preciouss resourcesssss.
I happen to be a fan of win2k. They got it right…but I guess that doesn't keep the bigbucks coming in so they had to keep "innovating".
I know a guy who works for ms who swears up and down that 7 is *awesome* and totally totally rules, will be what Vista should have been, etc. I hope so. Really my biggest gripe with Windows lately is that (to steal a delightful turn of phrase) it is DRM masquerading as an operating system. It just makes me resent whatever under-the-hood stuff it is doing that Win2k didn't do.
Meaning that all my info, password, tells and chats go through a proxy he can snoop, ya?
It is telnet, every time you use a telnet connection your password is passed through X number of computers unencrypted, anyone at anytime can snoop it and discover your secrets.
It is telnet, every time you use a telnet connection your password is passed through X number of computers unencrypted, anyone at anytime can snoop it and discover your secrets.
Quite right.
I am simply curious whether Orrin has inserted himself into the list of people in a position to snoop that stream. I did some tests with netstat and his site, and sure enough, it does appear that for at least one mud, that is exactly how it works. Orrin's client first connects to Orrin's server, and data shuttles back and forth across Orrin's machine.
Um, it's a proxy so that the hosts don't have to have the flash file installed to accept….
Yeah, _any_ machine that info passes through can have a packet sniffer… maybe a little less omfg lets light the torches and tie the posts? Mudmagic's site client did the _exact same thing_.
So did TMCs java client. Casual packet sniffing by random 3rd parties isn't as widespread as people think. Especially when there's little to gain from it. So you're essentially just questioning Orrin's motives for no good reason at all, which I think is uncool.
So did TMCs java client. Casual packet sniffing by random 3rd parties isn't as widespread as people think. Especially when there's little to gain from it. So you're essentially just questioning Orrin's motives for no good reason at all, which I think is uncool.
I agree with you on this, i spoke with crat about this today on IMC as i felt that the question he asked was loaded and divisive, because as you have pointed out it called into question Orrin's motives for offering to proxy the use of Fmud to those who cannot run the flash policy. I now understand that it was not Crats intent to be divisive, but i think that the question could have been better worded.
maybe a little less omfg lets light the torches and tie the posts
hmm…
Samson said:
you're essentially just questioning Orrin's motives
hmm…
The_Fury said:
it was not Crats intent to be divisive
Correct. I asked the question because I wanted to know the answer. Ever since Orrin released his client I've found it very nice and have said so repeatedly. I've worked with it and found some technical roadblocks to using it. He found a solution, and I wanted to know more about it.
That's number one.
Number two is that if it does work like every other telnet proxy in the world (big deal) then I want to know that. I agree that plaintext telnet being monitored is not unusual or automatically sinister.
However.
No offense to folks here, but if one of you were in a position to snoop into my activities on a mud, I'd damn sure like to know it. It's worth knowing if someone here can snoop you, right? I think there's a bit of a difference between your mud host being able to snoop you and just-some-guy on this forum being able to snoop you. It's worth knowing, and I wanted to know it.
I would add that I think it is a good idea for Orrin to make more explicit on his web site how this client works and that all data entered into it is visible to him. I'm not making a call for pitchforks here. I am, however, asking for him to make this information more obvious. If it's not just a portal, but indeed an actual proxy, people should know that up front.
I see no torches here. Nor do I see me accusing anyone of malicious intent. Let's calm down a bit, folks.
I've stated several times that the mudgamers client uses a proxy and I'd have thought the implications of that were obvious. Both TMC and Mudmagic use(d) a proxy in the same manner for their java clients so I didn't think it was a particularly controversial move.
I have absolutely no interest in snooping anybody's game sessions, nor the time to engage with anyone who thinks otherwise.
I would add that I think it is a good idea for Orrin to make more explicit on his web site how this client works and that all data entered into it is visible to him. I'm not making a call for pitchforks here. I am, however, asking for him to make this information more obvious. If it's not just a portal, but indeed an actual proxy, people should know that up front.
I see no torches here. Nor do I see me accusing anyone of malicious intent. Let's calm down a bit, folks.
Does the i3 router have a disclaimer that states that it is technically possible for the router maintainer to snoop all private tell discussions, that all private data is logged or loggable, that specifically that you have access to the data?
Does the i3 router have a disclaimer that states that it is technically possible for the router maintainer to snoop all private tell discussions, that all private data is logged or loggable, that specifically that you have access to the data?
I've stated several times that the mudgamers client uses a proxy and I'd have thought the implications of that were obvious. Both TMC and Mudmagic use(d) a proxy in the same manner for their java clients so I didn't think it was a particularly controversial move.
It isn't. I think just about everyone here realized a proxy is a proxy and was perfectly aware that using plain telnet to connect to a proxy is rather less than secure. It just seems that when connecting to that proxy, people get their hackles up. Whereas connecting to their MUDs directly doesn't seem to bother them. Despite obviously traveling across the great wide internet of insecureness.
I mean hell, nobody gets all upset and bothered about the fact that every last host who hosts MUDs on their boxes has the potential to snoop the connections. Nobody gets all upset and bothered about the fact that things like intermud are not only potentially snoopable, but already more or less are being snooped due to logs generated from the public channels. Most of us even use insecure email for things that really should be getting sent via an encrypted session. Plenty of people seem to have no trouble connecting to anonymous web proxies they know nothing about, ironically thinking themselves more secure than if they hadn't. A great many users don't even pay any attention to what their own PCs are freely offering the world - sometimes without their knowledge.
So yes, personally when I hear someone say something crackpotish like "but he can snoop me" I can only assume their either paranoid as hell, or have some other agenda behind it.
BTW, this forum uses plain text. Someone might be snooping what you say here. Watch out. *waves to the NSA*
I've stated several times that the mudgamers client uses a proxy and I'd have thought the implications of that were obvious. Both TMC and Mudmagic use(d) a proxy in the same manner for their java clients so I didn't think it was a particularly controversial move.
It isn't. I think just about everyone here realized a proxy is a proxy and was perfectly aware that using plain telnet to connect to a proxy is rather less than secure. It just seems that when connecting to that proxy, people get their hackles up.
This is a straw man argument. You are arguing against hackles unraised in this thread. I have suggested that disclosure on Orrin's site of the fact his client uses a proxy is a good idea.
It might interest you to know that I investigated the TMC client and found that it uses a proxy, AND that it claimed to establish a direct connection to each mud. When alerted to this infelicitous language, Iccy did the right and proper thing and changed it, to disclose that folks using that client were indeed using a telnet proxy.
That is what I expect of a responsible operator of a commercial website in a position to collect private information valuable to his paying customers.
Similar disclosure on his commercial site is what I expect of Orrin. Whether he actually *does* snoop on people is not my point.
Samson said:
So yes, personally when I hear someone say something crackpotish
It might interest you to know that I investigated the TMC client and found that it uses a proxy, AND that it claimed to establish a direct connection to each mud. When alerted to this infelicitous language, Iccy did the right and proper thing and changed it, to disclose that folks using that client were indeed using a telnet proxy.
That is what I expect of a responsible operator of a commercial website in a position to collect private information valuable to his paying customers.
Similar disclosure on his commercial site is what I expect of Orrin. Whether he actually *does* snoop on people is not my point.
Seems like an awful lot of effort for no real gain other than to alarm a whole lot of people over the plainly obvious. The whole "responsible operator" thing is a straw man as far as I'm concerned, and in looking at the thread you link, pretty much everyone there thought you were being paranoid about it.
It's just plain stupid to make such a big deal over something we all knew was painfully obvious. It's telnet. If the insecurity of the protocol is such a problem, don't use it.
I'm sure by now you realize I've got an agenda behind a lot of what I post, yes? That is of course the entire point of having a 1st amendment and all that, right? Or was there something else you wanted to say about my blog? And if you do, I'm sure the rest of everyone here would prefer you take it to PMs, as I have no intention of engaging in a debate about it here.
to make such a big deal over something we all knew was painfully obvious.
Orrin's client, as he distributes it, doesn't use his proxy. It is not obvious to a user of his client that the version on his website does use a proxy. Nor do I think it's obvious in general that this is how it works.
Samson said:
It's telnet. If the insecurity of the protocol is such a problem, don't use it.
Straw man. You mean like scarecrow? If I toss a match at him will he scream like a little girl? Hmm. And besides. I don't see what the big deal is. And isn't this something that you should have mentioned to him in PMs Crat? I mean.. If it's something you have a problem with, and it doesn't pertain to this site, would it not make more sense to handle it privately thus avoiding this big drawn out debate over insecurity issues.. Oh wait. How could you get #100 if the thread didn't have rambling arguments. :P
OMG that is LOUSY DESIGN if the user does not see it it
should be INSTANTLY UNLOADED to preserve my preciousss
preciouss resourcesssss.
I happen to be a fan of win2k. They got it right…but
I guess that doesn't keep the bigbucks coming in so they
had to keep "innovating".
I know a guy who works for ms who swears up and down
that 7 is *awesome* and totally totally rules, will
be what Vista should have been, etc. I hope so. Really
my biggest gripe with Windows lately is that (to
steal a delightful turn of phrase) it is DRM masquerading
as an operating system. It just makes me resent whatever
under-the-hood stuff it is doing that Win2k didn't do.
BTW, how does this adobe flash proxy work?
-Crat
http://lpmuds.net