It is currently March 28th, 2024, 10:35 pm

it firm softserve hacked locked down plundered

Release announcements and important news from the developers.
User avatar
SilverAzide
Rainmeter Sage
Posts: 2588
Joined: March 23rd, 2015, 5:26 pm

Re: it firm softserve hacked locked down plundered

Post by SilverAzide »

jsmorley wrote: September 14th, 2020, 12:25 pm No real explanation for why your account was banned?
Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
Gadgets Wiki GitHub More Gadgets...
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

SilverAzide wrote: September 14th, 2020, 12:27 pm Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
I wonder if they are basing that on IP address. In the current state of things, IP address really means nothing. Spoofing your IP address to anything you want is really easy, and all the real "spammers" are doing that all the time. We don't ban spammers here based on IP address, as that just does more harm than good in the long haul.

But bummer... I have found in the past that getting to an actual human being at deviantART support is next to impossible, they have a HUGE site, and very few people who have any real power or authority.
User avatar
Yincognito
Rainmeter Sage
Posts: 7029
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

jsmorley wrote: September 14th, 2020, 11:41 am Image


My point has always been that it doesn't make sense to "deploy" Rainmeter in a business environment, as it simply can't be "controlled" by a central authority, someone responsible for security of the network and computers in a company. It is designed to be under the control of the ultimate end-user of the computer, and simply can't effectively be locked-down in any way. So given that, and given that a poorly designed or even purposefully evil skin that some less-sophisticated user can download and install from anywhere in the world can do great harm to both the individual computer and the overall company network, I would NEVER allow it to be used in any environment where security is a concern.

Even if you can be sure that every computer has a version of the Rainmeter executables that are directly from us, and are safe, and fully tested and verified, that is only half the battle. How do you stop an end-user from downloading a badly behaved skin from some Russian website and installing it? Any security administrator in a company that simply trusts that end-users are going to know what they are doing, and takes a "hands off" approach to protecting the company assets is a waste of a salary. Just go ahead and file for bankruptcy now, and save time.

It's going to depend a great deal on how computers are deployed and used in a given company, how many end-users you are trying to wrangle into reasonably safe behavior, and what your threshold for risk is, but make no mistake. Rainmeter is not particularly "secure" in a business environment.
Yes, but shouldn't that company's employees (it's them installing Rainmeter, not some regular "end-user" who doesn't know this and that, right?) be responsible and competent enough to be able to distinguish bad things (e.g. skins, software, download sources, etc.) from good ones? I mean, they're an IT company FFS. If they don't know, who else should know, correct? Not to mention they're paid to know this kind of things... O.O

That was my point. It doesn't invalidate what you said from a general point of view, it just assumes (probably wrongly so, as mentioned in my previous reply) that there's a reasonable level of competence and responsibility in such a company. It also asssumes that the employees don't invite their whole family (the actual less savy end-users, in theory) to play on the company's computers.

But then, it's Ukraine, and it's a target anyway, for obvious reasons, and I'm pretty sure this played a part in the story as well. :Whistle
Profiles: Rainmeter ProfileDeviantArt ProfileSuites: MYiniMeterSkins: Earth
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Yincognito wrote: September 14th, 2020, 12:31 pm Yes, but shouldn't that company's employees (it's them installing Rainmeter, not some regular "end-user" who doesn't know this and that, right?) be responsible and competent enough to be able to distinguish bad things (e.g. skins, software, download sources, etc.) from good ones? I mean, they're an IT company FFS. If they don't know, who else should know, correct? Not to mention they're paid to know this kind of things... O.O

That was my point. It doesn't invalidate what you said from a general point of view, it just assumes (probably wrongly so, as mentioned in my previous reply) that there's a reasonable level of competence and responsibility in such a company. It also asssumes that the employees don't invite their whole family (the actual less savy end-users, in theory) to play on the company's computers.

But then, it's Ukraine, and it's a target anyway, for obvious reasons, and I'm pretty sure this played a part in the story as well. :Whistle
Computer security in a business environment is really, really complicated, and getting more so each and every day. To be honest, it's not a job I would ever want to have, as you can be "right" 99.999% of the time, and all that is for nothing if you are wrong just "once".
User avatar
Yincognito
Rainmeter Sage
Posts: 7029
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

SilverAzide wrote: September 14th, 2020, 12:27 pm Nope, their entire response was, in full: "Spammer". <Sigh> Considering I rarely ever did anything with DA, it's somewhat odd to say the least. I'm not even sure what that means in the context of DA.
jsmorley wrote: September 14th, 2020, 12:30 pmSpoofing your IP address to anything you want is really easy, and all the real "spammers" are doing that all the time.
[...]
But bummer... I have found in the past that getting to an actual human being at deviantART support is next to impossible, they have a HUGE site, and very few people who have any real power or authority.
Precisely. It's natural to have such a detection algorythm for spammers on a large site, but you have to do it well and allow / care for the human interaction in matters related to the response to such events. On the other hand, I strongly believe DA started to go downhill ever since they required registration to be able to post, download, etc. That's one of the first signs they don't care much for the users' opinion and place other interests at the top, like alluded to earlier on another thread regarding advertising.
Profiles: Rainmeter ProfileDeviantArt ProfileSuites: MYiniMeterSkins: Earth
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Yincognito wrote: September 14th, 2020, 12:41 pm Precisely. It's natural to have such a detection algorythm for spammers on a large site, but you have to do it well and allow / care for the human interaction in matters related to the response to such events. On the other hand, I strongly believe DA started to go downhill ever since they required registration to be able to post, download, etc. That's one of the first signs they don't care much for the users' opinion and place other interests at the top, like alluded to earlier on another thread regarding advertising.
Agreed. In addition to all that, they have changed the environment in such a way that a particular community like Rainmeter "skins" are no longer supported as something separate, but just mixed into the overall vast sewer of furry pornography and endless anime drawings by 12-year-olds on the site.
User avatar
Yincognito
Rainmeter Sage
Posts: 7029
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

jsmorley wrote: September 14th, 2020, 12:36 pm Computer security in a business environment is really, really complicated, and getting more so each and every day. To be honest, it's not a job I would ever want to have, as you can be "right" 99.999% of the time, and all that is for nothing if you are wrong just "once".
True that. This wasn't a matter of computer security though, IMHO, but rather a matter of employee behavior. This is easier to alleviate or correct than strict matters of security, at least in theory. None of them can be fully "fixed" though, and that's a matter of life in the end.
Profiles: Rainmeter ProfileDeviantArt ProfileSuites: MYiniMeterSkins: Earth
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Yincognito wrote: September 14th, 2020, 1:00 pm True that. This wasn't a matter of computer security though, IMHO, but rather a matter of employee behavior. This is easier to alleviate or correct than strict matters of security, at least in theory. None of them can be fully "fixed" though, and that's a matter of life in the end.
One of the biggest challenges for a security administrator is how to "balance" the security needs of the company with giving appropriate "freedom" to the end-users, to ensure that they can effectively do their jobs and be creative, and not have them live in some version of North Korea. It's a balance that is really, really complicated to find.

"Trust" and "assume" are not words that are, nor should be, in the vocabulary of any security administrator.
User avatar
Yincognito
Rainmeter Sage
Posts: 7029
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: it firm softserve hacked locked down plundered

Post by Yincognito »

jsmorley wrote: September 14th, 2020, 12:45 pm Agreed. In addition to all that, they have changed the environment in such a way that a particular community like Rainmeter "skins" are no longer supported as something separate, but just mixed into the overall vast sewer of furry pornography and endless anime drawings by 12-year-olds on the site.
But isn't there the Rainmeter "group", where a skin can be added? Or is it a thing of the past and today you can't add your skin to that group anymore? I'm asking since it's been a while since I updated my things on DA, and I'm late with the "news" in that regard.
Profiles: Rainmeter ProfileDeviantArt ProfileSuites: MYiniMeterSkins: Earth
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: it firm softserve hacked locked down plundered

Post by jsmorley »

Yincognito wrote: September 14th, 2020, 1:05 pm But isn't there the Rainmeter "group", where a skin can be added? Or is it a thing of the past and today you can't add your skin to that group anymore? I'm asking since it's been a while since I updated my things on DA, and I'm late with the "news" in that regard.
There is the Rainmeter "group", which helps some with visibility. As long as an author adds their "submission", which is just thrown in the general pool, to the Rainmeter "group", that can make it a bit easier to find.

What there used to be is a Rainmeter "category", which allowed skins to be separately listed and found on the general site, and probably as important, restricted submissions to the .rmskin file type. That restriction is no longer supported on the site.