Re: [code] switch bug (sort of) "Kenneth G. Cavness" at Oct 7, 97 07:04:35 pm

From: Andrew Helm (ashe@IGLOU.COM)
Date: 10/07/97

> > If you get the player killed it affects the player. If you forge things
> > from a player if affects the person behind the player. See my point?
> Actually, and I do apologize, no. I don't.
> If you take someone's mail and read it, it affects the player. So, are you
> also suggesting that if an implementor switches into a player, the
> implementor should not be able to:


Nice list of things that are borderline. However, all of that belongs
in policy files. We're talking about heretofor undocumented behavior
in the switch command. I made a statement that it needs fixed, and it
does. I don't care if you misinterpreted me, but if a player wants
to snoop mail they'll want to fix the switch command and if they don't
want to snoop mail they'll fix the switch command. Either way it
needs fixed. We both agree on this point, I'm sure. I'm a bit tired
of you arguing points I haven't tried to make. I've already made it
crystal clear what I am asserting and what I'm not. You have no

> You see, switching into another player is an EXTREMELY powerful function
> in the MUD. You claim that you can go to postmaster, type "receive mail",
> and read a persons' private MUDmail. You can also, however, go to
> Player Y, and as Player X tell Player Y something that would be damaging
> to player X. You have therefore acted unethically with the switch command,
> but amazingly enough, you have not found a bug. You've simply treated
> the switch command as a way to hurt someone else.

Again and again I've said you can call it whatever you want, but it
still needs fixed. How many times do I have to correct you on this point?

> It's intended by the switch-to-player command that the implementor acts
> as if (s)he were that player. Exactly as if. This. Is. Not. A. Bug.

Once again, you can call it whatever you want: unusual behavior,
unexpected behavior, a bug, an undocumented "feature", it still
needs fixed. What I mean is perfectly clear to you, and it is

> > > Perhaps it's not that we're taking offense at your suggestion, but rather
> > > in the way that you're suggesting it:
> >
> > Perhaps I was taking offense at the "heavy-handed, arrogant" methods
> > I percieved being used by those who responded to me. It goes both
> > ways.
> Certainly; and it also tends to spiral in upon itself, descending finally
> into a flamewar. At that point, people have to dichotomize. And in something
> like this, I highly doubt you truly intended for people to have to take
> sides.

No kidding. I'm not saying anything controversial, you're just
interpreting it that way. The sad thing is that I've made what
I mean perfectly clear multiple times.

> > > 3. Your heavy-handed, arrogant method of describing this whole "security
> > >    flaw" prompted strong reactions in others.
> >
> > When did I call it a security flaw? Don't put it in quotes then. :)
> You've called it several things, all of which boil down to the above.

I disagree.

> > > 4. If, in fact, you had simply alerted others to a possible security hole
> > >    individually, you would probably have been met with much less emphatic
> > >    of a response. Instead, you listed it as a universal problem, and as
> > >    such people found reason to disagree with you.
> >
> > Uhhh... alerted others individually? Do you mean send an individual
> > e-mail to everyone on the whole list instead of just sending it to
> > the list?
> Sorry; no, that's not at all what I meant. I meant that you could have alerted
> people that they might want to take a look at their policies and command
> levels to see if what you saw as a potential security problem would pose
> a threat to the privacy of the individuals on the MUD. Instead, you said
> repeatedly "This should be fixed".

No, not "instead". Rather, I include changing policy to be part of
changing the problem with switch. Go back and read what I've said,
you might be surprised. Especially the original message. I've
restated what I mean multiply times. If you continue to attribute
to what I said things that I've already told you I don't mean then
you're at fault. When I say fix switch, that means the switch in
stock circle doesn't cut it.

> As I've already mentioned, that
> phraseology (unwittingly?) implies that something is broken. If something
> is broken, there's absolutely no reason at all not to fix it. In this case,
> there is nothing broken; nothing truly needs "fixing".

*yawn* I've told you very clearly what I mean. When one person
refuses to listen to another person's explanation of terms it's
called playing with words. I consider it posible to "fix" something
that isn't broken. The whole switch issue remains uncontroversial.

> > but I've only claimed a very simple thing: the behavior of the switch
> > command requires fixing. If you got anything else out of it then it
> > was unintended.
> What needs "fixing"? You're claiming, according to my definition of "bug",
> that a bug exists in the code. You're claiming that it was never intended
> that a person be able to read mail if switched into another char. What else
> could you claim this to be other than a "bug"?

Once again, call it whatever you like. I have said multiply times
already that I don't care how you classify it, the stock circle
way of handling switch should be fixed. It's not in dire need of
being fixed, but it should be fixed. The switch command was not
intended to read mail. If you wish to use it for that purpose you
need to edit the code by adding something like George's patch.
You've taken something I've said that's very simple and run away
with it. I keep telling you we agree and that there's nothing I'm
saying that's all that controversial, and yet you keep going.

> > > On a written medium such as the Internet, it's best to get everything you
> > > mean to say right the first time, or expect to be called on portions of
> > > it that make no sense to the people you're writing to.
> >
> > This is ironic considering I said exactly what I meant the first time.
> Apparently not, since you continue to change terms on us, continue to
> wander around in a circle, yelling loudly that we just don't get it, that
> we're being "difficult", etc etc.

You've made the assertion that I'm changing terms. I believe I've kept
my original meaning consistent and at all possible avenues of explaining
how you might be misinterpreting it I have done so. I challenge you to
provide evidence for your assertion of being unclear.

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/08/00 PST