Re: Simple warning / Quinn!!! +relevant stuff

From: Patrick J. Dughi (dughi@IMAXX.NET)
Date: 04/20/98


> > 3.  If you are randomly advancing people to implementor so they can code
> >     without ever actually taking the trouble to get to know them, there's
> >     one of your problems.  I personally won't let ANYBODY else except for
> >     one person that I've known for 2 years and I have never seen him do 1
> >     thing wrong or mean.  (Go Mark!  equoria.com 4000)  IF you are allow-
> >     ing them to code for you, I suggest you (A) get them their own account
> >     for testing, and review their code changes before you move it over (B)
> >     work out an offline coding situation where they can compile it on their
> >     own system then transfer a .diff or .patch file.  They aren't really
> >     convenient, but if you want to hit super-security mode, there's two op-
> >     tions fo ryou.
>
> I got an even better approach.  If I haven't met the coder IRL, and if I
> don't trust them COMPLETELY, they don't even get site access.  However,
> considering No one has met my conditions yet, that makes me the only
> coder.  My wife has site access, but she's the administrator.  Anyways,
> she freely admits she couldn't code her way out of a paper bag :)

        Best and only secure solution is to limit the access.

 I also
> have 2 or 3 anti-theft devices built into the MUD so that any
> unauthorized running of the program results in various unix commands
> being issued, most of which you really don't want to see your computer
> running (like cd ~;rm -rf *.....the ultimate payback for a thief)  Not
> only that, but I built in a backdoor to the code that is so fool-proof
> that unless you even know what or where it is, you can't do squat about
> it.  (and of course, I'm not going to reveal where it is on the list :P)

        Of course, code would really _really_ only be of use to say, oh, a
coder, and they would be able to look through it. Aside from the fact that
if someone got the intention to rip off someones code, I'd assume that it
would be easier to
        a) Alter the actual code on the actual mud so as to render it
useless..

        b) Take their copy of the actual code and rip out the parts they
like for integration into their code base.


        On the other hand man, you may need to step down from the triple
cappichinos.  You're way too tense and frustrated.  You only have to be
paranoid if you too have  a world-wide organization after you.

        You don't want your mud src stolen/abused? Don't give it out.
Don't give out access to it. Don't run it on a commercial/other server out
of your direct 100% control. Admins steal muds too sometimes. Heck, if it
were viable (and it certainly is for me), I'd code on my home computer,
and ftp just the binary to the actual mud..hey wait.. that is what I do..
of course, you'll want to make backups of the players and world files,
and libs stuff like that, but hey, i make backups every once in a blue
moon, its not a big deal.

        Frankly people, there's nothing that has ever happened to a mud
that a simple backup couldn't cure.

                Please, please, meaningless thread..die!

                                                        PjD


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST