'Nother bug

[You too?]

 redwallwarlords.com/t/rwl.php?action=pvtmarketsell&prdlst[2]=runes&sell[runes]=1&do_sell=1&config[runes][market]=10000000000000000000&costs[runes]=1000000000000000000]http://www.redwallwarlords.com/t/rwl.php?action=p...000000000000000

By simple logic of extension, if you have to make sure people can't initialize values in bldlst and trplst, you should check prdlst too. ;)

*21     ?  The Kids Are Alright (#58)     11,202     $18,446,744,073,709,552,000     None     Fox     Southsward

Someone delete that please. Nevermind, already did.

[wolf bite]

redwallwarlords.com/t/rwl.php?action=pvtmarketsell&prdlst[2]=runes&sell[runes]=1&do_sell=1&config[runes][market]=10000000000000000000&costs[runes]=1000000000000000000]http://www.redwallwarlords.com/t/rwl.php?action=p...000000000000000

By simple logic of extension, if you have to make sure people can't initialize values in bldlst and trplst, you should check prdlst too. ;)


Someone delete that please. Nevermind, already did.

For those of you that don't know, that was beatle's proving he found a bug by exploting it rather then just telling us.

*moves to bugs *


Wolf Bite
(Admin Duties)

[Veranor]

 

redwallwarlords.com/t/rwl.php?action=pvtmarketsell&prdlst[2]=runes&sell[runes]=1&do_sell=1&config[runes][market]=10000000000000000000&costs[runes]=1000000000000000000]http://www.redwallwarlords.com/t/rwl.php?action=p...000000000000000

By simple logic of extension, if you have to make sure people can't initialize values in bldlst and trplst, you should check prdlst too. ;)


Someone delete that please. Nevermind, already did.

For those of you that don't know, that was beatle's proving he found a bug by exploting it rather then just telling us.

*moves to bugs *


Wolf Bite
(Admin Duties)

Wolf, I know you're going to want to jump on this one so you can make Beatles out to be a bad person again but what he did was:

1) Find bug
2) Test bug (hey maybe Retto might have fixed it cause it was essentially the same thing and there's no way to check because Retto has never released his code)
3) Confirmed it, then deleted the account that tested it.

He didn't buy out the markets, hit anybody, make himself an admin, or anything. Simply tested a bug and deleted his account.

[wolf bite]

 1)   Beatles already knew the bug existed because both games are working off the same basic code.
2)   If he did want to ?test? it he could have only done it once, not made himself a net of $440,000,087,260,280.
3)   Exploiting a bug to that extent can only be to show an attempt to but down our site.
4)   He posted the bug in open domain so we are vulnerable until it is repaired.
5)   As an admin of his own game, he would not appreciate people overexposing his bugs.
6)   There are a lot of ways for him to contact us if he really wants to be a ?coexisting? game.
7)   As a banned member and an Admin of a forum, he should have respect and understanding. Not make proxies and fake accounts to get around a ban. I am sure he would appreciate people not doing that to him.


Wolf Bite

[Veranor]

 

1)   Beatles already new the bug existed because both games are working off the same basic code.
2)   If he did want to ?test? it he could have only done it once, not made himself a net of $440,000,087,260,280.
3)   Exploiting a bug to that extent can only be to show an attempt to but down our site.
4)   He posted the bug in open domain so we are vulnerable until it is repaired.
5)   As an admin of his own game, he would not appreciate people overexposing his bugs.
6)   There are a lot of ways for him to contact us if he really wants to be a ?coexisting? game.
7)   As a banned member and an Admin of a forum, he should have respect and understanding. Not make proxies and fake accounts to get around a ban. I am sure he would appreciate people not doing that to him.


Wolf Bite

Maybe you didn't understand my point about it being the same bug more or less. Retto never releases the code so there is no way to know if he had fixed it without testing it. Also, if he was truly trying to take down the site he could have nuked everyone. All he did was demonstrate it can be used to give you an insane amount of net and deleted himself.


Also, this bug is easily fixed by adding ONE LINE OF CODE. It's not overexposing some fundamental flaw in the game. It has an easy fix, and would take Retto a second to fix it:

$prdlst = array();


Also how is he supposed to contact you if you don't want him on your  forum. Send telepathic messages?

[wolf bite]

 Oh please. Beatles could have in game mailed not to mention a ton of other ways, besides what he did. He could have told me he was working on a bug, then did it. Would he respect people doing the same on his server? He should treat people as he would wish to be treated. This is not the signs of a person that is working WITH us.

Seems your objection is to my one line statement which is fully true and was needed to explain that had happened.

For those of you that don't know, that was beatle's proving he found a bug by exploting it rather then just telling us.

I told people who made the post. I said he found a bug. I said that the reason there is a player with extreme net is because that bug was exploited. I said that he should have just told us.  All true facts. Do you see an insult, I don?t.

Why do the ADMINS of FAF feel they have to attack every action we take on RWL that could possibly be taking in some way as an insult, when RWL and the RWL Admins are freely bashed on FAF?


Wolf Bite

[Veranor]

 

Oh please. Beatles could have in game mailed not to mention a ton of other ways, besides what he did. He could have told me he was working on a bug, then did it. Would he respect people doing the same on his server? He should treat people as he would wish to be treated. This is not the signs of a person that is working WITH us.

Seems your objection is to my one line statement which is fully true and was needed to explain that had happened.



I told people who made the post. I said he found a bug. I said that the reason there is a player with extreme net is because that bug was exploited. I said that he should have just told us.  All true facts. Do you see an insult, I don?t.

Why do the ADMINS of FAF feel they have to attack every action we take on RWL that could possibly be taking in some way as an insult, when RWL and the RWL Admins are freely bashed on FAF?


Wolf Bite

*shrug*

It definitely has a negative tone. And he could have kept it secret is what I'm saying.

Whatever.

[Juska]

 Thanks beatles.

Don't start argueing guys.

[Badrang the Tyrant]

 

Why do the ADMINS of FAF feel they have to attack every action we take on RWL that could possibly be taking in some way as an insult, when RWL and the RWL Admins are freely bashed on FAF?

I don't feel that way wolf.  And I haven't seen a RWL bashing on FAF in a very long time...

[Devari]

1)   Beatles already knew the bug existed because both games are working off the same basic code.
2)   If he did want to ?test? it he could have only done it once, not made himself a net of $440,000,087,260,280.
3)   Exploiting a bug to that extent can only be to show an attempt to but down our site.
4)   He posted the bug in open domain so we are vulnerable until it is repaired.
5)   As an admin of his own game, he would not appreciate people overexposing his bugs.
6)   There are a lot of ways for him to contact us if he really wants to be a ?coexisting? game.
7)   As a banned member and an Admin of a forum, he should have respect and understanding. Not make proxies and fake accounts to get around a ban. I am sure he would appreciate people not doing that to him.


Wolf Bite

I may be an evil FAF admin and I may have left RWL months ago, but allow me to elaborate:

Answer to 1: That would be incorrect. This bug only exists in BAXX and unpatched BAXX-based games. prdlst only exists, to my knowledge, as a way to make adding resources easier - FAF worked from QM prom code with ADDITIONS from RWL (and other sources) - the code is essentially built on QM. FAF could be considered cousin to DEX, but not much relation to BAXX.

Answer to 2: I would think that he did that to show the severity of the bug - it's not just a couple little extra food slipping into an account, it's potentially game altering. If done slowly over a period of time to coincide with turn use, it could be hard to catch.

Answer to 3: See above answer. I think he was displaying the severity of the bug.

Answer to 4: Exposing it could make action upon it quicker to occur. Retto is busy, so it does take a while for him to fix things. It isn't NICE to expose it, but it does force some modicum of action to occur. Don't get me wrong, I don't hate Retto... It just takes him a while to fix things if they are not urgent.

Answer to 5: As an admin on FAF, I wouldn't mind public exposure of bugs - it forces action on our part. Also, would be only sent to Beatles, and he was away, the other 3-4 coders on the team (Veranor, nev, sh0e, and myself) would not know it exists. It wouldn't be fixed until Beatles was back, leaving a potential timeframe for exploitation.

Answer to 6: As I said, it DOES force action. See 2, 3, 4.

Answer to 7: As far as I can see, he did this simply to post the bug, not malicously circumvent the ban in order to cause forum disruption. Anyway, I don't think we even have any banned members....

I hope this clears up some of the reasoning behind all that. If you don't wish to listen to my arguments, then please don't continue to argue.

And, FYI, all FAF admins discourage RWL bashing on our forums, and, last I checked, we lock such topics.

Thanks for your time, and hi to everyone who I haven't seen in a long time! :)

[wolf bite]

 Not only do I disagree with every thing you said, but the underlining question is:

?What right does Beatles think he has to make the decisions on this forum or our games to break the rules??

Simply, the last time he did it we asked him not to. He had many other ways to tell us he found a bug.

Which brings another question:

?What would Beatles think if banned people hacked his server and posted on his forum??

Oh and I have done searches on your forum, RWL bashing is alowed.


Wolf Bite

[The dogs of Society howl]

 Ah, Elton, thanks for Yellow Brick Road.
These smilies look bad on the dark background.

Anyways, it's more "evil time" from your friendly bug-finder Beatles. The Misinformation Squad is here.
1. RWL bashing is disallowed on FAF.
2. I had many other ways to tell you the bug, yes. None of those would get the bug fixed as rapidly. Also, I had a lot of ways of not telling you the bug. :P

?What would Beatles think if banned people hacked his server and posted on his forum??

3. I'd be glad they were kind enough to tell me the bug they used instead of having me have to reason it out. And that is a common sentiment among us coding admins, I think.
4. The hairiest question:

?What right does Beatles think he has to make the decisions on this forum or our games to break the rules??

Last I checked, testing a bug and then not exploiting it was not against the rules. There is a fine distinction between "testing" and "exploiting" -- the dictionary will clarify. Also, I don't believe I ever made a decision for this forum.

However, wolf bite, you have a very valid point. You don't want me to post bugs on RWL. Out of sight, out of mind. You'd much rather I just not exploit them and leave you alone. You'd rather reject the services of a bug-finder than value them. I think that sentiment is echoed by a lot of your staff. If that's how you feel -- I am not one to dispute with you. I am currently testing 3 other vulnerabilities on a private BAXX set-up I have. 2 seem certain, the other, not. I didn't have time to finish the testing, but it's fun picking through the code -- it's a thinking process, and helps one's own programming skills. But I wander. If you'd like, I won't test it on RWL's servers, or post it or anything like that. I'll let you know in a PM about the results, and tell Josh -- or The Mercenary, if you recall him -- or sh0e, trusting they will pass along the details to Retto in good time and not do anything nasty.

Forgive me if I sound like I'm blackmailing you -- I said this mostly in jest -- but if ever someone seemed ungrateful and snobbish, it's you. I'm having fun and sincerely trying to help (assuming you notify BAXX clones) and if you can't take that at face value, the problem is in your own mind.

[Devari]

 I was going to ask you to rebuke my points directly, but I'm afraid this will go nowhere. It appears that FAF is considered hostile here, case closed and all that. That makes me sad, but you are entitled to your own opinion. :(

If you feel you want to continue this discussion, you may PM me on FAF. I'm done here for another few months, as it appears prejudice will always win out. Funny how I was LIKED here before I went over to the "dark side"...  :rolleyes:

One final thing before I depart - this bug can not be casually exploited, as it were. You need a special browser tool to do it, but I won't say what.

Bye Everyone!

A song for everyone here: (pardon the swear within it)

Some things in life are bad,
They can really make you mad.
Other things just make you swear and curse.
When you're chewing on life's gristle,
Don't grumble, give a whistle!
And this'll help things turn out for the best...
And...

the music fades into the song

...always look on the bright side of life!
whistle

Always look on the bright side of life...
If life seems jolly rotten,
There's something you've forgotten!
And that's to laugh and smile and dance and sing,

When you're feeling in the dumps,
Don't be silly chumps,
Just purse your lips and whistle -- that's the thing!
And... always look on the bright side of life...

whistle
Come on!

other start to join in
Always look on the bright side of life...
whistle

For life is quite absurd,
And death's the final word.
You must always face the curtain with a bow!
Forget about your sin -- give the audience a grin,
Enjoy it -- it's the last chance anyhow!

So always look on the bright side of death!
Just before you draw your terminal breath.
Life's a piece of sh*t,
When you look at it.

Life's a laugh and death's a joke, it's true,
You'll see it's all a show,
Keep 'em laughing as you go.
Just remember that the last laugh is on you!

And always look on the bright side of life...
whistle
Always look on the bright side of life
whistle

[wolf bite]

 Please don?t twist my words to be things I have not said. I will in all sincerity make my thoughts known on this matter.

I have a lock picking set, my neighbor has cheap locks. I don?t break into her house, smash her dishes, leave her front door wide open, then leave a note telling her she is lucky it was just me and to get new locks.

Beatles,
You are a great programmer and we can use your help to find and fix bugs. This would in deed be much appreciated. Please make an account on turbo. In game mail me so I know what account is bug testing. If, and when, you find one, please don?t over exploit it. Let me know what the bug is. I will then get on Retto to fix the hole. When fixed, I will post my sincere appreciation for your time.

Davari,
Since when have you been put down or been disrespected? You are a nice guy and working for free on FAF to try to make a fun place for people is never looked at as a bad thing. Any thoughts and statements about the ?dark side? being FAF, have never been expressed here. Beatles? past actions are that of Beatles, not FAF, I do see the difference. You are welcome here and I see no animosity. To answer questions 2 through 7 are ?We tell people how to deal with bugs, we ask them to work WITH us to fix them.? (See above)


Wolf Bite