My resignation, and some background of events lead to.

Discussion about the AutoHotkey Foundation and this website
User avatar
Drainx1
Posts: 60
Joined: 29 Sep 2013, 20:40
Location: Kansas

My resignation, and some background of events lead to.

07 Oct 2015, 21:19

It is with a heavy heart that I am resigning from my mod post, and the forums entirely. I have been burned twice now.
There have been several reasons leading up to this, but most notably, it is the new management structure, how it operates, and the lack of proper server practices.

Long story:
It seems we just replaced polyethene with Tank and Joedf. Tank in particular must have full control, and if someone doesn't agree with what is going on, they can go to hell. This can be seen with what happened over the past 48 hours. I was given server access after pointing out several security issues (which are still present.) This led to me finding really big ones, such as a forum wipe, default credentials, open ports... I made a report in the staff section after three hours, outlining seven issues that needed attention.
Instead of Tank or Joe taking care of them, Tank asked me to take care of them. There is no point in me taking care of the issues if whoever responsible for them, doesn't learn from the mistake.
Here is a log of the events on my thread in the staff section since ~12 hours ago: http://removed
It should be noted, I was not attacking Joe, nor trying to. I was trying to state the fact that the cause of a mistake was not taught, or learned, and as the saying goes, "History will repeat itself."

It is funny how I and the one to blame for finding these things, when they shouldnt have been there to start with, and with more operation oversight, could have been taken care of in a matter of minutes as opposed to possibly months. Operation oversight was one of the points I tried to make early on so the larger mistakes would be less likely to happen.

Backups are not (and have never) been properly taken. Backups of the system, or just the database. They were never taken, and there still are zero offsite backups (Tank believes that an offsite backup means another instance on the same provider.)
DB backups are important and Joe learned this the hard way (though learned is not the word, because DB backups are still not taken) as he messed the database up, and had to pay money to have it restored.

Last night (10-6-2015) I had a talk with Tank about some of these issues, those logs can be found here: (in raw form with mirc formatting) http://removed

This morning, the databse died, which made autohotkey.com unaccessable for a little bit. Joe was the first to get a notice of it, however didn't do anything to fix it. Instead, I had to fix it, because either Joe didn't know how, or didn't know what was going wrong to start with.

This prompted a conversation with Tank this morning. That log can be found here: http://removed
This conversation turned dark pretty fast.

I have came to realize that Tank has been protecting Joedf ever since he has became admin, even after he makes mistakes, Tank does nothing to teach him how to avoid it in the future. Tank is letting Joe use AHK as a playground. Unlike under a development environment where changes are reverted and have no consequence, what Joe was able to do did have consequence, whether that ge messing up the database to leaving the install directory for the forums in place.

It was brought to my attention that other members of the admin team went to Tank and told him to change the way things were done, including that Joe was not capable of administrating the server, however they were shrugged off, or just ignored and told off.

TL;DR
I am resigning because the administration does not have the slightest clue about security, basic sysadmin principles, and now, I have been accused of being paid by polyethene to make Tank mad, which is just outright incorrect.
http://ahkscript.org/foundation/history.html is repeating itself, except instead of poly, it is Tank. As such, I am leaving because I cannot be a part of this again. AHK is too great to have power hungry egos floating around.

I love AHK, and have loved it, and always thought the community nice and mature. However because of the people who put themselves in charge, it makes the whole thing stink like rotten eggs.

I have also gotten word that there are a lot of personal attacks on me on the private side of the Trello board (https://trello.com/ahkscript/) (which is closed and where apparently the server updates are posted, not done publicly.) I wanted the forum updates to be public, and give notice. Tank did this on the last update, and I hope he continues to do so.

I'm done, and don't really feel like finishing the rest of this post. It's sad to see what AHK has come to, and sad to see the community caught in the crossfire with at least 3 turnovers of forum software, 3 owners with different ideals, and now a community which can't bear the brunt of a forum migration/archive going wrong.

If you really need me, you know where to find me.
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: My resignation, and some background of events lead to.

07 Oct 2015, 22:06

bye
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

07 Oct 2015, 22:08

maybe i'm misunderstanding.

joedf is a volunteer the last i heard. i don't see how you can expect a volunteer to be a perfect sysadmin.

tank offered you access to fix the problems, and you declined. so there was still no one capable of doing it. in that case, what do you expect? someone has to make their best effort. seems like thats whats being done..

User avatar
joedf
Posts: 8940
Joined: 29 Sep 2013, 17:08
Location: Canada
Contact:

Re: My resignation, and some background of events lead to.

07 Oct 2015, 22:09

:facepalm: I didn't fix it because, i didn't have time, i wasnt home at the time either, and it was on my phone... not because i didn't know how. I see that your only interest is to basically get rid of me like I'm some kind of annoyance and is useless, like I'm some kind of incompetent nitwit. Either way, there is a clear difference between constructive criticism and complaining. Instead of hearing something like "Oh well, you could have done it this was instead, here let me show you how I do it"... it was rather simply "Joe, no. thats not it. You're terrible. You've got no experience. And yet, I decide to not give you any of my experience" or maybe like "Nope, that's wrong. That's not good. etc etc etc". I dont get it. Obviously, I GAVE YOU server access so you could actually join in and do some changes yourself! Not just look, and then say it's not good... how is that in anyway "Constructive"? If I recall, Poly had REMOVED your server access, quite the opposite isn't it? I see maybe where Poly went wrong was because he was too abrupt for some people.
As you wrote, he who made the mistake should fix the mistake, otherwise they don't learn? That is an invalid argument (obviously). Also, it's completely contradictory to the term "team effort".

That said, I am not a dog nor i am ANYTHING like poly. You're a bully, you insult and place blame on others and then you do nothing about the issues claimed.
Sincerely, I am very disappointed in seeing a user leave (no matter who, that INCLUDES poly!). All AHK users are important. We all deserve Equity NOT equality, meaning those with less experience still deserve respect, no matter what.
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: My resignation, and some background of events lead to.

07 Oct 2015, 22:12

Over it I am removing the log of the staff forum because well its in the staff forum for a reason
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

08 Oct 2015, 09:12

i read the logs before the links were removed, and there was nothing bad in them at all. in fact, it just made Drainx look more unreasonable

User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: My resignation, and some background of events lead to.

08 Oct 2015, 09:30

I agree but i removed them ONLY because they were staff forum and were not to be public in the first place
Honestly, I am sick over this whole thing. I feel like i have failed JoeDF Lexikos and the whole community. I should have put a stop to it days ago. I failed DrainX as well, I know that sounds ODD but i feel that way. Anytime a leader looses the faith of those he chose to be at his side is a failure on the leaders part. There is so much more to this story and dialog. But in short i feel like i either failed to be concise or failed to understand, or perhaps i reacted to some sense of a ring of some truth to his words. I had to draw the line somewhere perhaps to late but when he attacked JoeDF i couldnt accept anymore. weather i am right or wrong i felt as tho i had to cut off an arm to save JoeDF and everyone else. I am sick to my stomach over the entire affair. This is not how i want conflicts concluded
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
just me
Posts: 9426
Joined: 02 Oct 2013, 08:51
Location: Germany

Re: My resignation, and some background of events lead to.

08 Oct 2015, 09:42

We are all individuals, aren't we? Some groups of individuals are able to work as a team, and some are not. You cannot know before you tried.
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

08 Oct 2015, 10:32

tank wrote:I agree but i removed them ONLY because they were staff forum and were not to be public in the first place
yep fair enough
tank wrote: Honestly, I am sick over this whole thing. I feel like i have failed JoeDF Lexikos and the whole community. I should have put a stop to it days ago. I failed DrainX as well, I know that sounds ODD but i feel that way. Anytime a leader looses the faith of those he chose to be at his side is a failure on the leaders part. There is so much more to this story and dialog. But in short i feel like i either failed to be concise or failed to understand, or perhaps i reacted to some sense of a ring of some truth to his words. I had to draw the line somewhere perhaps to late but when he attacked JoeDF i couldnt accept anymore. weather i am right or wrong i felt as tho i had to cut off an arm to save JoeDF and everyone else. I am sick to my stomach over the entire affair. This is not how i want conflicts concluded
this is how you learn to be better

in programming, we write some code, and put it out there. failures and oversights will happen: in the form of bugs. we then fix the code, and iterate. thats what you're doing now.

just know that your efforts are appreciated

User avatar
joedf
Posts: 8940
Joined: 29 Sep 2013, 17:08
Location: Canada
Contact:

Re: My resignation, and some background of events lead to.

08 Oct 2015, 10:46

That's what so cool with git!
I'll wait till everything is moved over.
And then, I can set that up.
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 08:02

I signed up right now, not to fuel drama, I could give a damn about any of it, I'm brand spanking new here...

But I can tell you all a few things, and admin's should take heed.

It's very obvious that this site lacks a proper sysop, and this forum needs some serious work.

I won't be the one to exploit the VARIOUS holes in security here, as I don't care to spread mischief, but believe me, there are many that are capable, that do.

All I've got to say, get your crap together, or someone will make a spectacle of this site within days... I'm legitimately worried for y'all. Right now, this moment, I could play God. Do I want to be AHK forum's new administer? Should I wipe the forum's database? Luckily for y'all, I won't. But it didn't take me long to find a way in, and not just in phpBB. Someone with ill intent could shut y'all down.

Starting points for administration, without giving too much info. Hidden elements do not remove their function, and, ftp......

Honestly, take heed, and don't let your emotions, and anger, take away from very real complaints OP had. Security is not the responsibility of any mod, they are simply spam removers and glorified hall monitors. This is the responsibility of a Sysop and Forum Administrator. If you cannot find your own security holes, refuse to, or just plain don't know what your doing, feel free to message me and I will point them out to you. A fair warning, if you don't take me seriously, I'll prove it to you.
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 08:14

@Drainx1 There's an off-site backup of the system now ;)
If this site experiences catastrophic failure in my absence, -__-, I might be a nice guy and hand y'all your backups.

EDIT: Since I've decided I'm being a little douchey here, I'd like to note that I was only teasing about the backups as a nod to Drainx1's comment, I made no access to the server, this data has not been compromised. This can be seen if you inspect the logs, you should also be able to see my queries, and several insecure points I tried my best to make obvious. I do in fact, wish you all the best, my intention was to rile you up, and demonstrate the urgency of such issues, before someone else comes along and peeks in the right places. I am a friend, I come, and I very well may stay, in peace!
Last edited by M0doJ on 09 Oct 2015, 09:58, edited 1 time in total.
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 09:39

Sorry if I came across as an ass, that isn't my intention. And I do not mean to insult, I'm sure you guys are very capable, it's just glaringly obvious not enough focus has been put on security here.
User avatar
tank
Posts: 3122
Joined: 28 Sep 2013, 22:15
Location: CarrolltonTX
Contact:

Re: My resignation, and some background of events lead to.

09 Oct 2015, 13:19

M0doJ wrote:Sorry if I came across as an ass, that isn't my intention. And I do not mean to insult, I'm sure you guys are very capable, it's just glaringly obvious not enough focus has been put on security here.
Agree but i never disagreed. Lets not forget we arent securing fort knox here.
but good security takes alot of time and effort. I am well aware of owasp recomendations. what i lack is time. Like i told DrainX in so many words. "talk is cheap, get to work on the problem or shut the hell up"

I would love nothing more than to set up a full pen test and have time to work the results. I would love nothing more than to have time to do a proper threat assessment. to prioritize issue resolution. actually "clean Up someone else's mess" is essentially what all security work IS. If you in fact know anything about security you know this is the case. we are always patching holes in someone elses application. and sometimes our own. Finger pointing is meaningless. only action

thank you for your feedback
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
User avatar
joedf
Posts: 8940
Joined: 29 Sep 2013, 17:08
Location: Canada
Contact:

Re: My resignation, and some background of events lead to.

09 Oct 2015, 13:31

tank wrote:
M0doJ wrote:Sorry if I came across as an ass, that isn't my intention. And I do not mean to insult, I'm sure you guys are very capable, it's just glaringly obvious not enough focus has been put on security here.
Agree but i never disagreed. Lets not forget we arent securing fort knox here.
but good security takes alot of time and effort. I am well aware of owasp recomendations. what i lack is time. Like i told DrainX in so many words. "talk is cheap, get to work on the problem or shut the hell up"

I would love nothing more than to set up a full pen test and have time to work the results. I would love nothing more than to have time to do a proper threat assessment. to prioritize issue resolution. actually "clean Up someone else's mess" is essentially what all security work IS. If you in fact know anything about security you know this is the case. we are always patching holes in someone elses application. and sometimes our own. Finger pointing is meaningless. only action

thank you for your feedback
+1
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
guest3456
Posts: 3454
Joined: 09 Oct 2013, 10:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 14:33

M0doj, why not just msg tank with the security holes you've found? these guys are AHK coders, not sysops. if you can help, why not do it? to me, this is the same thing Drainx was displaying.

User avatar
joedf
Posts: 8940
Joined: 29 Sep 2013, 17:08
Location: Canada
Contact:

Re: My resignation, and some background of events lead to.

09 Oct 2015, 14:38

guest3456 wrote:M0doj, why not just msg tank with the security holes you've found? these guys are AHK coders, not sysops. if you can help, why not do it? to me, this is the same thing Drainx was displaying.
+1
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
M0doJ
Posts: 15
Joined: 09 Oct 2015, 07:31

Re: My resignation, and some background of events lead to.

09 Oct 2015, 17:00

guest3456 wrote:M0doj, why not just msg tank with the security holes you've found? these guys are AHK coders, not sysops. if you can help, why not do it? to me, this is the same thing Drainx was displaying.
I will be, but as I said before, if I simply point them out, I'm not helping them learn. And that is essentially the problem right there, you guys aren't sysops, yet have taken on the role. I do not envy them, it is a very difficult job, incredibly so without much experience. Hell, you can have all the programming experience in the world, and it will not qualify you for the role. It's something only experience can teach... it's a tough damn job, but if I were to fix them for them, or, as I believe is Drainx1's point overall if you put emotions aside, I would be doing them a disservice.

Being responsible for a sites security means, when something is wrong, you go, OH NO WTF, and spend time hunting through mind numbing code, looking for issues. I do not expect any site to be fort knox, that's not what I'm saying guys, I just feel it isn't my responsibility to do your job. I will help you guys, but I only found access points, I don't have access to the backend allowing me to pinpoint the source of these issues. I'm assuming they are related to security flaws drainx brought up.

It does take time, I'm human... I understand that we all have lives away from the internet. The thing is, whether these are paid, or volunteer positions, these are jobs. I could give you all the answers, or I could guide you to finding the problem, and correcting it yourself. Which would be more rewarding? Which would help to gain needed experience in such a thing? Passing the buck is easy to do, but it boils down to whose responsibility is it? Is it mine? The newcomer? The outsider? Or is it the admin's? I would say it's the admins. If it's my job, then, uh, ha, I'll gladly accept paypal or bitcoin!

I get tank. I get joedf, but more than anything, I agree with Draino dude. I don't know what happened behind the scenes, I didn't catch the chat logs before removed, and I honestly don't care, but what I see is emotions getting the better of you all. It's a job that needs to be done. I will happily give you what I know, hell, I'll even stick around and continue to help! But whoever is in charge, needs to own up to it, and understand that yes, it is very much a case of "put up or shut up", but I have no responsibility here, nor do the mods, as far as site security goes. A forum mod is responsible for picking up trash, and keeping the peace. That was Draino's job, moderation. He pointed out flaws, that was already above and beyond his duties. To ask him to fix it is like, say, the principal of an elementary school going to the yard duty attendant, and saying, I know you're supposed to be watching the kids, but here, I don't have time, do all my work. That's actually quite a good comparison to the roles of a forum administrator, and a moderator, because a principal and yard duty, are in fact, an administrator and a moderator.

I guess I'm getting carried away, what I'm trying to say, ultimately,
Drainx1 wrote: There is no point in me taking care of the issues if whoever responsible for them, doesn't learn from the mistake.
, so yes,
guest3456 wrote: this is the same thing Drainx was displaying.
, but that's because there are two different philosophy's at play here, and I now understand that.

Tank, I'm assuming you inherited this role, you are the lead admin, yes? It seems to me you're doing your best to keep this place together. I feel that when I read your response, you're trying your ass off. But in a sense, in this situation, at least, you don't quite understand the purpose of the role you inherited (again, I'm assuming from things said) Administrator. It's a crappy role, and a thankless job. A full time, often pay-less job. But it doesn't give you true managerial power, you're not a boss, that can tell his employee's to do this, do that. And beyond that, mod's are far from employee's. I'm not trying to attack you, so i hope no one takes it that way, I'm trying to help mediate the situation. Everyone seems to be highly emotional about in situation. I think Drainx was right in saying it wasn't his responsibility fix it, and doing so would do more harm than good. I see where you come from, though. Things need to be done, and you don't have all the time in the world to do so... it's the approach I take to family. We are, "Something needs to be done? Get off your butt and do it, don't sit around and whine about it" guys. But at the same time, this boils down to a matter of personal responsibility, and who's job is what.

That's where DrainX was coming from. You give a man a fish, you feed him for a day, you teach a man to fish, you feed him for a life-time. I'm trying relay a sense of responsibility to you guys, as was DrainX. It isn't time to pass the buck off, it's time to buckle down and do what needs to be done. Again, I don't envy you, security can be HELL ON EARTH. But it's better than spending all this time invested in this site, only to have it taken over by some script kiddie who just discovered sql-injection.

I'm bad at getting my point across, I tend to go on a million tangents, and never focus on what I'm trying to say. Ha. But take what DrainX and I have been saying from an objective view, put all emotions and pride aside, and you will see our point of view on the matter.
gregster
Posts: 8927
Joined: 30 Sep 2013, 06:48

Re: My resignation, and some background of events lead to.

09 Oct 2015, 17:33

I think, we already found a perfect replacement for DrainX1...

Return to “About This Community”

Who is online

Users browsing this forum: No registered users and 18 guests