Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
It is currently September 15th, 2024, 7:49 am
it firm softserve hacked locked down plundered
-
- Rainmeter Sage
- Posts: 2736
- Joined: March 23rd, 2015, 5:26 pm
Re: it firm softserve hacked locked down plundered
-
- Developer
- Posts: 22743
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
I wonder if they are basing that on IP address. In the current state of things, IP address really means nothing. Spoofing your IP address to anything you want is really easy, and all the real "spammers" are doing that all the time. We don't ban spammers here based on IP address, as that just does more harm than good in the long haul.SilverAzide wrote: ↑September 14th, 2020, 12:27 pm Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
But bummer... I have found in the past that getting to an actual human being at deviantART support is next to impossible, they have a HUGE site, and very few people who have any real power or authority.
-
- Rainmeter Sage
- Posts: 8127
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
Yes, but shouldn't that company's employees (it's them installing Rainmeter, not some regular "end-user" who doesn't know this and that, right?) be responsible and competent enough to be able to distinguish bad things (e.g. skins, software, download sources, etc.) from good ones? I mean, they're an IT company FFS. If they don't know, who else should know, correct? Not to mention they're paid to know this kind of things...jsmorley wrote: ↑September 14th, 2020, 11:41 am
My point has always been that it doesn't make sense to "deploy" Rainmeter in a business environment, as it simply can't be "controlled" by a central authority, someone responsible for security of the network and computers in a company. It is designed to be under the control of the ultimate end-user of the computer, and simply can't effectively be locked-down in any way. So given that, and given that a poorly designed or even purposefully evil skin that some less-sophisticated user can download and install from anywhere in the world can do great harm to both the individual computer and the overall company network, I would NEVER allow it to be used in any environment where security is a concern.
Even if you can be sure that every computer has a version of the Rainmeter executables that are directly from us, and are safe, and fully tested and verified, that is only half the battle. How do you stop an end-user from downloading a badly behaved skin from some Russian website and installing it? Any security administrator in a company that simply trusts that end-users are going to know what they are doing, and takes a "hands off" approach to protecting the company assets is a waste of a salary. Just go ahead and file for bankruptcy now, and save time.
It's going to depend a great deal on how computers are deployed and used in a given company, how many end-users you are trying to wrangle into reasonably safe behavior, and what your threshold for risk is, but make no mistake. Rainmeter is not particularly "secure" in a business environment.
That was my point. It doesn't invalidate what you said from a general point of view, it just assumes (probably wrongly so, as mentioned in my previous reply) that there's a reasonable level of competence and responsibility in such a company. It also asssumes that the employees don't invite their whole family (the actual less savy end-users, in theory) to play on the company's computers.
But then, it's Ukraine, and it's a target anyway, for obvious reasons, and I'm pretty sure this played a part in the story as well.
-
- Developer
- Posts: 22743
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
Computer security in a business environment is really, really complicated, and getting more so each and every day. To be honest, it's not a job I would ever want to have, as you can be "right" 99.999% of the time, and all that is for nothing if you are wrong just "once".Yincognito wrote: ↑September 14th, 2020, 12:31 pm Yes, but shouldn't that company's employees (it's them installing Rainmeter, not some regular "end-user" who doesn't know this and that, right?) be responsible and competent enough to be able to distinguish bad things (e.g. skins, software, download sources, etc.) from good ones? I mean, they're an IT company FFS. If they don't know, who else should know, correct? Not to mention they're paid to know this kind of things...
That was my point. It doesn't invalidate what you said from a general point of view, it just assumes (probably wrongly so, as mentioned in my previous reply) that there's a reasonable level of competence and responsibility in such a company. It also asssumes that the employees don't invite their whole family (the actual less savy end-users, in theory) to play on the company's computers.
But then, it's Ukraine, and it's a target anyway, for obvious reasons, and I'm pretty sure this played a part in the story as well.
-
- Rainmeter Sage
- Posts: 8127
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
SilverAzide wrote: ↑September 14th, 2020, 12:27 pm Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
Precisely. It's natural to have such a detection algorythm for spammers on a large site, but you have to do it well and allow / care for the human interaction in matters related to the response to such events. On the other hand, I strongly believe DA started to go downhill ever since they required registration to be able to post, download, etc. That's one of the first signs they don't care much for the users' opinion and place other interests at the top, like alluded to earlier on another thread regarding advertising.jsmorley wrote: ↑September 14th, 2020, 12:30 pmSpoofing your IP address to anything you want is really easy, and all the real "spammers" are doing that all the time.
[...]
But bummer... I have found in the past that getting to an actual human being at deviantART support is next to impossible, they have a HUGE site, and very few people who have any real power or authority.
-
- Developer
- Posts: 22743
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
Agreed. In addition to all that, they have changed the environment in such a way that a particular community like Rainmeter "skins" are no longer supported as something separate, but just mixed into the overall vast sewer of furry pornography and endless anime drawings by 12-year-olds on the site.Yincognito wrote: ↑September 14th, 2020, 12:41 pm Precisely. It's natural to have such a detection algorythm for spammers on a large site, but you have to do it well and allow / care for the human interaction in matters related to the response to such events. On the other hand, I strongly believe DA started to go downhill ever since they required registration to be able to post, download, etc. That's one of the first signs they don't care much for the users' opinion and place other interests at the top, like alluded to earlier on another thread regarding advertising.
-
- Rainmeter Sage
- Posts: 8127
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
True that. This wasn't a matter of computer security though, IMHO, but rather a matter of employee behavior. This is easier to alleviate or correct than strict matters of security, at least in theory. None of them can be fully "fixed" though, and that's a matter of life in the end.jsmorley wrote: ↑September 14th, 2020, 12:36 pm Computer security in a business environment is really, really complicated, and getting more so each and every day. To be honest, it's not a job I would ever want to have, as you can be "right" 99.999% of the time, and all that is for nothing if you are wrong just "once".
-
- Developer
- Posts: 22743
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
One of the biggest challenges for a security administrator is how to "balance" the security needs of the company with giving appropriate "freedom" to the end-users, to ensure that they can effectively do their jobs and be creative, and not have them live in some version of North Korea. It's a balance that is really, really complicated to find.Yincognito wrote: ↑September 14th, 2020, 1:00 pm True that. This wasn't a matter of computer security though, IMHO, but rather a matter of employee behavior. This is easier to alleviate or correct than strict matters of security, at least in theory. None of them can be fully "fixed" though, and that's a matter of life in the end.
"Trust" and "assume" are not words that are, nor should be, in the vocabulary of any security administrator.
-
- Rainmeter Sage
- Posts: 8127
- Joined: February 27th, 2015, 2:38 pm
- Location: Terra Yincognita
Re: it firm softserve hacked locked down plundered
But isn't there the Rainmeter "group", where a skin can be added? Or is it a thing of the past and today you can't add your skin to that group anymore? I'm asking since it's been a while since I updated my things on DA, and I'm late with the "news" in that regard.jsmorley wrote: ↑September 14th, 2020, 12:45 pm Agreed. In addition to all that, they have changed the environment in such a way that a particular community like Rainmeter "skins" are no longer supported as something separate, but just mixed into the overall vast sewer of furry pornography and endless anime drawings by 12-year-olds on the site.
-
- Developer
- Posts: 22743
- Joined: April 19th, 2009, 11:02 pm
- Location: Fort Hunt, Virginia, USA
Re: it firm softserve hacked locked down plundered
There is the Rainmeter "group", which helps some with visibility. As long as an author adds their "submission", which is just thrown in the general pool, to the Rainmeter "group", that can make it a bit easier to find.Yincognito wrote: ↑September 14th, 2020, 1:05 pm But isn't there the Rainmeter "group", where a skin can be added? Or is it a thing of the past and today you can't add your skin to that group anymore? I'm asking since it's been a while since I updated my things on DA, and I'm late with the "news" in that regard.
What there used to be is a Rainmeter "category", which allowed skins to be separately listed and found on the general site, and probably as important, restricted submissions to the .rmskin file type. That restriction is no longer supported on the site.