Bitcoin Forum
December 09, 2016, 09:50:25 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Bug Policy --- Admins need to enforce this  (Read 2799 times)
D.H.
Sr. Member
****
Offline Offline

Activity: 311


Bitcoin.se site owner


View Profile WWW
August 03, 2011, 03:02:10 PM
 #21

see? wikipedia disagree with you.

Not really. Here's some more text from that wikipedia page (also, note that BTCrow wrote "ethical full-disclosure"):

Quote
Even among those who believe in disclosure there are differing policies about when, to whom, and how much to disclose.
Some believe that in the absence of any public exploits for the problem, full and public disclosure should be preceded by disclosure of the vulnerability to the vendors or authors of the system. This private advance disclosure allows the vendor time to produce a fix or workaround. This philosophy is sometimes called responsible disclosure.

www.bitcoin.se - Forum, nyheter och information på svenska! (Forum, news and information in Swedish)
1481277025
Hero Member
*
Offline Offline

Posts: 1481277025

View Profile Personal Message (Offline)

Ignore
1481277025
Reply with quote  #2

1481277025
Report to moderator
1481277025
Hero Member
*
Offline Offline

Posts: 1481277025

View Profile Personal Message (Offline)

Ignore
1481277025
Reply with quote  #2

1481277025
Report to moderator
1481277025
Hero Member
*
Offline Offline

Posts: 1481277025

View Profile Personal Message (Offline)

Ignore
1481277025
Reply with quote  #2

1481277025
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481277025
Hero Member
*
Offline Offline

Posts: 1481277025

View Profile Personal Message (Offline)

Ignore
1481277025
Reply with quote  #2

1481277025
Report to moderator
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
August 03, 2011, 03:03:19 PM
 #22

uuhhh! people are really mad at me. Cheesy
i do as i do, work with it!

say i found a flaw in mtgox, that allowed me to empty random accounts.
if i just publicly showed people how to do it, they would fastly abandon mtgox, beacuse it was insecure.

problem solved!  

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Yuusha
Full Member
***
Offline Offline

Activity: 196



View Profile
August 03, 2011, 03:07:04 PM
 #23

uuhhh! people are really mad at me. Cheesy
i do as i do, work with it!

say i found a flaw in mtgox, that allowed me to empty random accounts.
if i just publicly showed people how to do it, they would fastly abandon mtgox, beacuse it was insecure.

problem solved!  
It would be a better idea to follow these steps:

1. Inform MtGox about the flaw so they are given a chance to fix it.
2. If it is not fixed, tell people that there is a flaw that MtGox refuses to fix, so they should empty their accounts, but do not post any details.
2a. After people have been given a chance to withdraw their funds and abandon MtGox, post the full details.
3. If the problem is fixed, post the flaw, in full, on the forum. Then people can decide on their own if MtGox should be abandoned or not.

Otherwise, people may not even have a chance to abandon MtGox. All their money may get stolen, because of you.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
August 03, 2011, 03:11:25 PM
 #24

uuhhh! people are really mad at me. Cheesy
i do as i do, work with it!

say i found a flaw in mtgox, that allowed me to empty random accounts.
if i just publicly showed people how to do it, they would fastly abandon mtgox, beacuse it was insecure.

problem solved!  
It would be a better idea to follow these steps:

1. Inform MtGox about the flaw so they are given a chance to fix it.
2. If it is not fixed, tell people that there is a flaw that MtGox refuses to fix, so they should empty their accounts, but do not post any details.
2a. After people have been given a chance to withdraw their funds and abandon MtGox, post the full details.
3. If the problem is fixed, post the flaw, in full, on the forum. Then people can decide on their own if MtGox should be abandoned or not.

Otherwise, people may not even have a chance to abandon MtGox. All their money may get stolen, because of you.
i don't care, about the other users. i did nothing wrong. i published information, are you gonna censor me?
i is not responsibly to take care of mtgox's users.
its also too complicated the whole 3-4 step thing.
much simpler with a 1 step thing.

Tongue

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Yuusha
Full Member
***
Offline Offline

Activity: 196



View Profile
August 03, 2011, 03:13:16 PM
 #25

I'd say it's everyone's responsibility to not be an asshole.
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
August 03, 2011, 03:15:29 PM
 #26

I'd say it's everyone's responsibility to not be an asshole.
are you insulting me because of my opinion?

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Yuusha
Full Member
***
Offline Offline

Activity: 196



View Profile
August 03, 2011, 03:18:40 PM
 #27

No, I'm calling you an asshole because you've made an asshole move.

"If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck."
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
August 03, 2011, 03:20:30 PM
 #28

No, I'm calling you an asshole because you've made an asshole move.

"If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck."
are you an asshole too then?
non-asshole are not insulting people.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
BTCrow
Sr. Member
****
Offline Offline

Activity: 243


BTCrow.com


View Profile WWW
August 03, 2011, 03:22:03 PM
 #29

uuhhh! people are really mad at me. Cheesy
i do as i do, work with it!

say i found a flaw in mtgox, that allowed me to empty random accounts.
if i just publicly showed people how to do it, they would fastly abandon mtgox, beacuse it was insecure.

problem solved!  

The point is that your act will create a higher risk of security incident for mtgox in this example.

The only benefit will be rewarded to you (and maybe not cause you're gonna be flamed lol) because you found a 1337 bug into.
So in this case only the ego of bug finder will benefit it.

Yuusha
Full Member
***
Offline Offline

Activity: 196



View Profile
August 03, 2011, 03:22:33 PM
 #30

Look, I didn't even directly call you an asshole. I said it was an asshole move to expose everyone's money to a security risk. You only took offense because you yourself have committed this act. This is akin to a murderer taking offense to someone saying murderers are criminals and sinners.
BTCrow
Sr. Member
****
Offline Offline

Activity: 243


BTCrow.com


View Profile WWW
August 03, 2011, 03:25:30 PM
 #31

more flame more lol *popcorn*

kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
August 03, 2011, 03:28:05 PM
 #32

Look, I didn't even directly call you an asshole. I said it was an asshole move to expose everyone's money to a security risk. You only took offense because you yourself have committed this act. This is akin to a murderer taking offense to someone saying murderers are criminals and sinners.
are you saying that i have stolen?
say if i did have a exploit against mtgox.
i could steal anyone's money.
i did not do that, i just released the exploit to the forum.

how does that make me a bad person?
are locksmiths also bad then? they can unlock people doors?

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Xephan
Jr. Member
*
Offline Offline

Activity: 42


View Profile
August 03, 2011, 03:29:30 PM
 #33

Why do I get the feeling that's not a real penguin in kokjo's avatar but a troll in disguise? Cheesy

186q9YUW3x8TVHC5aYBEqgZZYMxft8Cw9f
Yuusha
Full Member
***
Offline Offline

Activity: 196



View Profile
August 03, 2011, 03:30:31 PM
 #34

are you saying that i have stolen?
say if i did have a exploit against mtgox.
i could steal anyone's money.
i did not do that, i just released the exploit to the forum.

how does that make me a bad person?
are locksmiths also bad then? they can unlock people doors?
Locksmiths in general are not bad, no. But if a locksmith handed out keys to the bank to everyone in town, then yes, that person is bad.
BTCrow
Sr. Member
****
Offline Offline

Activity: 243


BTCrow.com


View Profile WWW
August 03, 2011, 03:31:18 PM
 #35

Look, I didn't even directly call you an asshole. I said it was an asshole move to expose everyone's money to a security risk. You only took offense because you yourself have committed this act. This is akin to a murderer taking offense to someone saying murderers are criminals and sinners.
are you saying that i have stolen?
say if i did have a exploit against mtgox.
i could steal anyone's money.
i did not do that, i just released the exploit to the forum.

how does that make me a bad person?
are locksmiths also bad then? they can unlock people doors?

Professional Locksmiths are not unlocking people doors for stealing their money or just to prove to other that they are able to unlock whatever they want. Doing this again will only benefit their ego, not helping people who forgot their keys to come back home.

Xephan
Jr. Member
*
Offline Offline

Activity: 42


View Profile
August 03, 2011, 03:31:19 PM
 #36

Look, I didn't even directly call you an asshole. I said it was an asshole move to expose everyone's money to a security risk. You only took offense because you yourself have committed this act. This is akin to a murderer taking offense to someone saying murderers are criminals and sinners.
are you saying that i have stolen?
say if i did have a exploit against mtgox.
i could steal anyone's money.
i did not do that, i just released the exploit to the forum.

how does that make me a bad person?
are locksmiths also bad then? they can unlock people doors?

Nah, it's not bad. It's just like if I found a loaded gun, and I passed it to a kid and tell him just point it at Kokjo and pull the trigger. It's not my fault if you got killed, I'm not a murderer, I could have killed you, but I didn't, I just released the weapon to a kid that's all. I'm sure you will understand and not blame me for anything Cheesy

186q9YUW3x8TVHC5aYBEqgZZYMxft8Cw9f
Moussekateer
Member
**
Offline Offline

Activity: 66


View Profile
August 03, 2011, 03:36:00 PM
 #37

Dear god I hope kokjo isn't given any actual responsibility in real life.

17BbBd3HqbSXPBTUipRyaAMaQ2NLnyoNPf
D.H.
Sr. Member
****
Offline Offline

Activity: 311


Bitcoin.se site owner


View Profile WWW
August 03, 2011, 03:48:36 PM
 #38

i don't care, about the other users

This is where you differ from most people in this thread. End thread?

www.bitcoin.se - Forum, nyheter och information på svenska! (Forum, news and information in Swedish)
petercyr
Jr. Member
*
Offline Offline

Activity: 36


View Profile WWW
August 03, 2011, 03:49:59 PM
 #39

kokjo, its pretty obvious that you're just trolling for attention. It does say "You are WRONG! Cheesy" in your profile. Pretty much reflects how you're going about this conversation. You're acting like a child who doesn't give a crap about anything and anyone. Great way to be, really....

Full disclosure without giving the dev a reasonable amount of time to fix the issue is wrong. If there is a bug that no one has exploited yet and you tell the dev, they fix it, no one got screwed then you either make the dev publicly inform everyone, or if they refuse you do it for them... By then, no one has time to fuck the whole site and all the members included. You're not just harming the site. You're harming all the members, the bitcoin community. Its not like every member is listening to you waiting for you to say when something has a problem so they can bail. Lots of people stand to lose when you do that kind of shit.

With bitcoin being the way it is, anyone can start a service or exchange. There is no authority to certify the security of these sites. When one of them fucks up and lots of people lose, it screws with bitcoin as a whole. People lose faith. There's absolutely nothing positive behind what you're doing. Its not even positive for you if you have anything to do with bitcoin unless all you do is troll the forums.

Believe what you will. It doesn't make it right and it doesn't make your intentions honorable either.

kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
August 03, 2011, 03:56:07 PM
 #40

Dear god I hope kokjo isn't given any actual responsibility in real life.
it is not my responsibility that other people fuck up. really!

i have no problem taking care of my own shit, but i will not take care of others shit if they do not pay me for it.
 

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!