Playground Plus v1.0.11
A fully functional and freely downloadable multi-user realtime elsewhere-too talk server for UNIX
Playground Plus v1.0.11 - why, what, when and how?
The following email was sent to the angel mailing list regarding Playground Plus v1.0.11's release.
From: Silver <silver@ew....org>
Date: Mon, 26 Mar 2001 17:33:49 +0100 (IST)
Subject: [EW-List] Playground Plus 1.0.11
Well I never thought I'd say this but ...
Playground Plus 1.0.11 has now been released. For those of you who have
been following the library code and bugtrack, this will be nothing new.
Those of you who haven't (of which thats near enough everyone, so it feels
like) then this contains the following:
* All fixes in the PG+ bugtrack (including IP Mask exploit)
* Fix to idlemessage code
* Update to the version 3.0 of dynatext which is totally different from
previous versions to really piss people off - but is much better :o)
* All process_output implementations hacked out and ekto's put in
* Tagging for socials added
* "stats_info" code added
* -Wno-pointer-arith flag to suppress warnings from broken gcc added
* Updated nonconn masks for well known talker lists
You can download the update from http://pgplus.ewtoo.org as well as a
complete archive. Unfortunately those who have implemented some of the
fixes will have an slightly harder time updating and this is something
that I wish could have been avoided (after all, why punish those who have
actually worked on the code?).
Right, now thats over some of you probably have several hundred questions
and I'll try to explain. Firstly this isn't the start of maintenance of
the PG+ code, think of it as an emergency last minute bug fix, nothing
more, nothing less.
I still believe everything I said in my original posting for v1.0.10,
people do ride on the back of regular bug-fixes, don't bother to fix
things for themselves and even when the fix is presented to them still
don't bother to put it in. I've come across only a small selection of
talkers that actually have coders who have looked in the bugtrack and
implemented the stuff thats there. Looking at the access logs shows very
few visitors and those that do, come from the same selection of sites.
Which is a shame.
Version 1.0.11 is because of several things. An amount of persuasion from
members of the list was a small start followed by a number of well known
exploitable bugs and cockups. However in the last week or so a small group
of individuals (or maybe one individual I don't know) has been targeting
new PG+ talkers using the IP masking exploit to harrass and annoy
individuals and admins.
As well as that they have been posing as myself and demanding access to
the logs, code, hcadmin privs, claiming that the licence says that the
coders of PG+ should get HCAdmin (which is **NOT** the case, check it for
yourself) and a whole host of what could best be described as pathetic
attempts which has ultimately lead to individuals having rather a poor
impression of me and causing an large amount of headache for everyone
involved.
Of course, by doing this update I'm simply pandering to the lazy souls who
do not understand that if someone takes the time and effort to release a
patch for an exploit then its generally a good idea to implement it. You
could easily claim that doing this update is based purely on self-interest
and if the exploits didn't involve making me look crap then I'd have just
said "well, its their fault for not fixing the stuff on the bugtrack"
And you'd be right.
So, the code is there. Any further exploits will go up on the bugtrack and
it will still be the responsibility of the coders to update that code. It
never fails to amaze me that many people have not even looked at the whole
PG+ site. There is a HUGE faq there, a comprehensive selection of library
code, a bugtrack and message board. Looking back on the usage of them, I
wonder why I didn't just shove the code on an ftp site with one hyperlink.
Of course, I'm probably preaching to the wrong people. After all, you're
on the angel list, you know when fixes are released and I'd hope that you
do implement them. The culprits are probably those who don't know about
the list (although it is documented in at least two places) but I just
need to let off some steam :o)
Anyway, I'm off to slink back into obscurity again. Have fun.
Silver
ps. On a final point I'd like to thank all those who contributed fixes and
code to the update. The majority of it isn't mine and so credit where
credit is due to Lokie, Dakmuh, Blimey, ekto, Nick, Slaine, PeeKaBoo and
Segtor. Many thanks guys.
--
Silver has passed his "best before" date
Logged in since : Mar 26 17:04 (ewtoo.org time)
Email address : silver@ew....org (public)
"I pretend to work. They pretend to pay me."
_______________________________________________
EW-List mailing list
EW-List@angel.ew....org
http://gweezlebur.com/cgi-bin/mailman/listinfo/ew-list