It is currently September 26th, 2020, 8:22 pm

it firm softserve hacked locked down plundered

Release announcements and important news from the developers.
User avatar
jsmorley
Developer
Posts: 21387
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Using it in a company setting aside, I will say that we go to some considerable lengths to ensure that when used on your home computer, as a "hobbyist" piece of software that you enjoy tinkering with, Rainmeter is quite "safe". As long as you get the software from us and nowhere else, and take some care about the skins you download and install (or even better, write yourself), and as always have a decent nightly backup of your system, Rainmeter is perfectly safe to use.
User avatar
SilverAzide
Posts: 956
Joined: March 23rd, 2015, 5:26 pm

Re: it firm softserve hacked locked down plundered

Post by SilverAzide »

redorbroder wrote: September 14th, 2020, 9:05 am Hello!
Found out the other day SilverAzide was missing which led me here.
[snip]
Thanks for any info and hopefully SilverAzide will be back soon!

Best regards,
redorbroder
Hi redorbroder!
I'm still alive, just not on DeviantArt. They have shown zero interest in working with me to get my account reactivated, but I'm not sure I really care. Yincognito is right I think, probably some algorithm decided I was a spammer and nuked my account. The Gadgets are still on the Rainmeter forums and on my GitHub site. Thanks, and good hearing from you again!
Last edited by SilverAzide on September 14th, 2020, 12:25 pm, edited 1 time in total.
Gadgets Wiki GitHub More Gadgets...
User avatar
jsmorley
Developer
Posts: 21387
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

SilverAzide wrote: September 14th, 2020, 12:23 pm Hi redorbroder!
I'm still alive, just not on DeviantArt. They have shown zero interest in working with me to get my account reactivated, but I'm not sure I really care. The Gadgets are still on the Rainmeter forums and on my GitHub site. Thanks, and good hearing from you again.
No real explanation for why your account was banned?
User avatar
SilverAzide
Posts: 956
Joined: March 23rd, 2015, 5:26 pm

Re: it firm softserve hacked locked down plundered

Post by SilverAzide »

jsmorley wrote: September 14th, 2020, 12:25 pm No real explanation for why your account was banned?
Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
Gadgets Wiki GitHub More Gadgets...
User avatar
jsmorley
Developer
Posts: 21387
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

SilverAzide wrote: September 14th, 2020, 12:27 pm Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
I wonder if they are basing that on IP address. In the current state of things, IP address really means nothing. Spoofing your IP address to anything you want is really easy, and all the real "spammers" are doing that all the time. We don't ban spammers here based on IP address, as that just does more harm than good in the long haul.

But bummer... I have found in the past that getting to an actual human being at deviantART support is next to impossible, they have a HUGE site, and very few people who have any real power or authority.
User avatar
Yincognito
Posts: 2629
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

jsmorley wrote: September 14th, 2020, 11:41 am Image


My point has always been that it doesn't make sense to "deploy" Rainmeter in a business environment, as it simply can't be "controlled" by a central authority, someone responsible for security of the network and computers in a company. It is designed to be under the control of the ultimate end-user of the computer, and simply can't effectively be locked-down in any way. So given that, and given that a poorly designed or even purposefully evil skin that some less-sophisticated user can download and install from anywhere in the world can do great harm to both the individual computer and the overall company network, I would NEVER allow it to be used in any environment where security is a concern.

Even if you can be sure that every computer has a version of the Rainmeter executables that are directly from us, and are safe, and fully tested and verified, that is only half the battle. How do you stop an end-user from downloading a badly behaved skin from some Russian website and installing it? Any security administrator in a company that simply trusts that end-users are going to know what they are doing, and takes a "hands off" approach to protecting the company assets is a waste of a salary. Just go ahead and file for bankruptcy now, and save time.

It's going to depend a great deal on how computers are deployed and used in a given company, how many end-users you are trying to wrangle into reasonably safe behavior, and what your threshold for risk is, but make no mistake. Rainmeter is not particularly "secure" in a business environment.
Yes, but shouldn't that company's employees (it's them installing Rainmeter, not some regular "end-user" who doesn't know this and that, right?) be responsible and competent enough to be able to distinguish bad things (e.g. skins, software, download sources, etc.) from good ones? I mean, they're an IT company FFS. If they don't know, who else should know, correct? Not to mention they're paid to know this kind of things... O.O

That was my point. It doesn't invalidate what you said from a general point of view, it just assumes (probably wrongly so, as mentioned in my previous reply) that there's a reasonable level of competence and responsibility in such a company. It also asssumes that the employees don't invite their whole family (the actual less savy end-users, in theory) to play on the company's computers.

But then, it's Ukraine, and it's a target anyway, for obvious reasons, and I'm pretty sure this played a part in the story as well. :Whistle
User avatar
jsmorley
Developer
Posts: 21387
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Yincognito wrote: September 14th, 2020, 12:31 pm Yes, but shouldn't that company's employees (it's them installing Rainmeter, not some regular "end-user" who doesn't know this and that, right?) be responsible and competent enough to be able to distinguish bad things (e.g. skins, software, download sources, etc.) from good ones? I mean, they're an IT company FFS. If they don't know, who else should know, correct? Not to mention they're paid to know this kind of things... O.O

That was my point. It doesn't invalidate what you said from a general point of view, it just assumes (probably wrongly so, as mentioned in my previous reply) that there's a reasonable level of competence and responsibility in such a company. It also asssumes that the employees don't invite their whole family (the actual less savy end-users, in theory) to play on the company's computers.

But then, it's Ukraine, and it's a target anyway, for obvious reasons, and I'm pretty sure this played a part in the story as well. :Whistle
Computer security in a business environment is really, really complicated, and getting more so each and every day. To be honest, it's not a job I would ever want to have, as you can be "right" 99.999% of the time, and all that is for nothing if you are wrong just "once".
User avatar
Yincognito
Posts: 2629
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

SilverAzide wrote: September 14th, 2020, 12:27 pm Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
jsmorley wrote: September 14th, 2020, 12:30 pmSpoofing your IP address to anything you want is really easy, and all the real "spammers" are doing that all the time.
[...]
But bummer... I have found in the past that getting to an actual human being at deviantART support is next to impossible, they have a HUGE site, and very few people who have any real power or authority.
Precisely. It's natural to have such a detection algorythm for spammers on a large site, but you have to do it well and allow / care for the human interaction in matters related to the response to such events. On the other hand, I strongly believe DA started to go downhill ever since they required registration to be able to post, download, etc. That's one of the first signs they don't care much for the users' opinion and place other interests at the top, like alluded to earlier on another thread regarding advertising.
User avatar
jsmorley
Developer
Posts: 21387
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Yincognito wrote: September 14th, 2020, 12:41 pm Precisely. It's natural to have such a detection algorythm for spammers on a large site, but you have to do it well and allow / care for the human interaction in matters related to the response to such events. On the other hand, I strongly believe DA started to go downhill ever since they required registration to be able to post, download, etc. That's one of the first signs they don't care much for the users' opinion and place other interests at the top, like alluded to earlier on another thread regarding advertising.
Agreed. In addition to all that, they have changed the environment in such a way that a particular community like Rainmeter "skins" are no longer supported as something separate, but just mixed into the overall vast sewer of furry pornography and endless anime drawings by 12-year-olds on the site.
User avatar
Yincognito
Posts: 2629
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

jsmorley wrote: September 14th, 2020, 12:36 pm Computer security in a business environment is really, really complicated, and getting more so each and every day. To be honest, it's not a job I would ever want to have, as you can be "right" 99.999% of the time, and all that is for nothing if you are wrong just "once".
True that. This wasn't a matter of computer security though, IMHO, but rather a matter of employee behavior. This is easier to alleviate or correct than strict matters of security, at least in theory. None of them can be fully "fixed" though, and that's a matter of life in the end.