Guild of Writers

[Whilyam]

I'm a bit suprised about how worked up everyone got about it. The joke seemed harmless enough to me. Hardly worth the lifelong banning some people "kindly requested".

Then again, the need for or value of memorials and graves is a bit alien to me, me and my family and friends never needed or valued them to remember the dead. Even in real life, grafitti on a tombstone has no more effect on me than grafitti on a piece of art or a wall. (To be clear: I don't like grafitti)

Well, correct me if I'm wrong, but if someone can alter the vault like this they can trigger malicious code as well. I'm probably wrong, though.

[Tahgtahv]

You are wrong. The worst someone could do is crash the server or crash the client.

[diafero]

At least in POTS/UU it is not possible to run malicious code on the server or other machines. However, within the game, you are god - an AdminKI for MOUL is certainly possible.

[Nadnerb]

Well, theoretically, the worst someone could do is create an infinite ref loop in the vault, and permanently crash the vault server until cyan goes into the database and extracts the bad refs with sql. (that is, unless the moul vault servers are smarter than the UU vault servers, which is possible)

Alternatively, if they wanted to be really, really, really evil, they could go about renaming players and ages and haphazardly deleting refs, thus making the vault entirely impossible to recover (without rolling back to a backup copy) and highly unusable.

[BAD]

You are wrong. The worst someone could do is crash the server or crash the client.

Before people jump on this.....

Cyan most certainly is backing up the server data almost constantly, so if the server did crash or get corrupted, they could easily fall back on a backup.

[Nadnerb]

This is true, but any such action would still cause significant downtime during the restoration process, and Cyan would most likely have no log of who did it, so they would be free to do it again when the servers came back up.

[BAD]

This is true, but any such action would still cause significant downtime during the restoration process, and Cyan would most likely have no log of who did it, so they would be free to do it again when the servers came back up.

Yes, I just made sure that was said right away so we don't get people freaking out that the server will get corrupted and Cyan can't do anything about it.

[Karkadann]

Im kinda wondering How Cyan feels about the incident, and whether it pushed open source back further or not. I believe they have a surplus of money and will be continuing to work on open source when they have a surplus of time. Its definitely a security issue, that needs to be dealt with, one more thing to do I guess before releasing open source.

If who ever did this is looking forward to getting open source I feel they may have just shot themselves in the foot, and have lengthened the path they have to travel with said injury

[diafero]

Its definitely a security issue, that needs to be dealt with, one more thing to do I guess before releasing open source.

I would put it the other way around... the code is full of possible security leaks, everyone dealing with the internal functionality of the engine knows that Uru effectively has no measures to limit a user's privileges besides the dataserver, which can even be easily switched of in UU/Alcugs. There are some who can circumvent it for MOUL.
Basically, when you run a UU/Alcugs Shard, you trust your players not to do bad stuff with the others on your server, or with the vault. While a lot was changed for MOUL, this incident proves that the basics did not change. Cyan obviously does not have the resources to change that as that would require either a re-design of the game or some additional sanitizing layer in the server. Open-source is the only way to gain these resources.

[Karkadann]

Well personally If I were Cyan and I was gonna Open source Uru live I would need time to not only do the open source thing to Uru Live and prepare it for distribution. I would need time to work all the bugs out so when I do release it I would be releasing a Quality product instead of the technical equivalent of swiss cheese. If it where not for the disrespectful aspect of this whole situation I don't think it would have been a issue.

My personal option of this situation is to me it seems like someone did not get what they wanted when they wanted it and this is the technical equivalent of a temper tantrum. They could have picked something a little less disrespectful.