lunanne wrote:

I respect those people but I don't agree with publishing the names of all the avatars someone has.

Unless of course this person gave permission for it, or this person is the one who posts them...

I don't agree with Tahgtahv's actions in this case, but, that's not my point. =P

Infact, the others actually called Tahg out for that, privately, appearantly.

Tahg only did that because the user was obviously using a hacked character. I disagree with using server knowledge etc to "test" certain things in a public area, especially if its something as major as a bahro which are only ever present when official story is going on. A lot of us are here for the story. It's what ties everything together and fans having the ability to run wild with it is cause for alarm.

That being said, it's great that we have some talented fans who can keep things going and potentially make bug fixes etc, the point is fans shouldn't be in control of official characters. That's in the tos that you cant even use the name of any in-game Cyan characters. At this point that would include the bahro so the hacker was asking for what they got. I feel tahg did the right thing in this case. That's my two cents.

_________________
MOUL KI# 10281985
MOULa KI# 1492059

Fear is the mind-killer

Loshem wrote:

Tahg only did that because the user was obviously using a hacked character. I disagree with using server knowledge etc to "test" certain things in a public area, especially if its something as major as a bahro which are only ever present when official story is going on. A lot of us are here for the story. It's what ties everything together and fans having the ability to run wild with it is cause for alarm.

That being said, it's great that we have some talented fans who can keep things going and potentially make bug fixes etc, the point is fans shouldn't be in control of official characters. That's in the tos that you cant even use the name of any in-game Cyan characters. At this point that would include the bahro so the hacker was asking for what they got. I feel tahg did the right thing in this case. That's my two cents.

Except, the bahro are an entire race, not specific characters. =P

They are still Cyan's characters that appear for more than a minute when story is going on.

While I appreciate the knowledge and the talent these people have, I don't think a Bahro in a public area was such a good idea. In fact, it exposed some previously unknown things. Holy moly, Uru has no security once you get the encryption keys? A $12 million game written by a professional team of programmers? Now that was unexpected.

Maybe a private Age would be better next time. Or at least talk so we know it's a fake and not the real thing.

dragossh wrote:

Or at least talk so we know it's a fake and not the real thing.

Or, give it an obvious name like "TestBahro."

_________________
OpenUru.org Minkata Test Shard is
OU-Minkata Shard Testers Guide (in laymen's terms)

Would "WheelieBahro" be a pun in poor taste?

_________________
OpenUru.org: An Uru Project Resource Site : Twitter : Perfect Speed Is Being There.

JWPlatt wrote:

Would "WheelieBahro" be a pun in poor taste?

Probably

_________________
MOULagain KI #: 66990

When I was your age, we rocket-jumped up hill both ways in boiling lava.

Permissions are needed in the vault.

Securing the client needs a dynamic dual key system, that changes per avatar, or per login

You really can't secure the client. I don't know what a dynamic dual key system is.

If I understand correctly, the problem is that any program that can access the vault has automatic free reign.

The reason you cannot fix this in the client is that you can't guarantee people will use only the approved client.

The only reasonable solution is for the vault to be reworked so that it enforces security, rather than relying upon players' goodwill to only connect to the vault using the Myst Online client. And, I expect this is not something that is going to be fixed quickly. We are going to have to live with the current model for a while longer (could be many months).

Regardless, the sky is not falling. From a purely technical perspective, Myst Online is not any less secure today than it was a week, or a month ago; it is exactly just as secure, but it is now less obscure. Now more people understand the limitations. This moment of understanding was an inevitability, though it might have been nice if it had waited until we could actually do something about it.

Have I grasped the situation adequately?

_________________

MOULa 26838 | Prologue Video Project: On Hold pending Minkata support
Visit rel.to to explore Myst, Uru, and D'ni communities!

I believe you have grasped the situation perfectly.

_________________
Live KI: 34914 The Story So Far
Again KI: 23247

May be gettin' taken' care of...http://mystonline.com/forums/viewtopic.php?t=21035

or not...I choose to think positive

_________________
Moul(A) Charura KI#00055400 Char Gearz KI#00706359 Cannon Belle KI#13686512 Teri Dactyl KI#12658065
_____________________________
How Many Times Does A Myst Player Play Myst Before A Myst Player Decides To Play Myst Again

24 - 48 hours...Way to go, guys.

_________________
Caution: Objects in mirror are dumber than they appear.

I think it's much better to spend two days making the game much more secure and stable, than to ignore the problem with the hope that nobody ever does anything malicious.

Heaven wrote:

24 - 48 hours...Way to go, guys.

Would you rather this or irrecoverable vault damage?