Gee that sux mate. Everything resolved !
Why can’t these people ever just send a PM explaining vulnerabilities like this instead of being asshats?
That would imply their intentions were meant to be helpful and not simply to demonstrate control.
Hmmm, I know of people who were locked out of their Twitter accounts. We’ll see what happens later.
It triggers me that they used a Gintama image with their announcement. lol
Appears that the AL Twitter page was taken down. Hopefully Matt can get it back without too much hassle from Twatter.
Honestly I’m a little appalled at how this has transpired so far for everyone involved.
Sure, whoever “hacked” Dobbie was an egomaniac, but there are several problems that have lost my interest in this project completely:
It has been 5 hours and no other forum admin has downgraded Dobbie03, presumably still compromised, from his admin position (No offense, @sevenday4, but you’re a moderator and guessing by your reply to this thread you have no idea what’s going on and think it’s only his “Twitter account” that was compromised, and are doing nothing about his forum account or showing any broader concern for this situation)?
Dobbie03 is a fully-permissioned package maintainer. He controls the BitBucket and the package distribution channels. Some basic sleuthwork from this tweet would show that he had his passwords he uses for giving us package updates in his public dotfiles on GitHub. The repo was taken down, but he still links to them in his forum profile.
Everyone makes mistakes, but I have no faith in using Archlabs as my distribution now. I need a distro run by people who take security seriously, and don’t reuse (and treat carelessly) passwords for critical channels.
I apologize if this was harsh.
Really? Good ridance man.
@whatisgoingon, apparently you just joined 39 minutes ago. That in and of itself seems just a tad bit odd to me.
Firstly this is just plain assumptions, not everyone uses one password for literally all channels.
Secondly, Dobbie doesn’t have anything to do with package updates / security, that’s my end.
All of our packages are signed by me and only me, and I take the security of my accounts/passwords quite seriously.
@Glenn I agree, I’m not here to bash or defend anyone, fuck ups happen and this is no exception, but to assume things that aren’t known and state it as fact isn’t cool by my standards
No worries man. Things happen which are beyond our control. Most of us have total confidence in AL, it’s devs and mods. The Sun will come up tomorrow.
I’m in total agreement! I just stated what I have learned and that this is not an anomaly. But to categorize someone because of a situation without knowing the facts is in my mind is trouble. @whatisgoingon I have never seen a post from you before now, and you are attacking individuals without any foresight or with any intelligence. You jump at assumptions and you run your texts as if you know what you’re talking about when in reality you don’t know a damn thing. Before attacking people who you don’t know and the circumstances of the situation, why don’t stop and think before you point fingers at anyone. Your comment wasn’t harsh, it was stupid and without any intelligence at all. Please leave our forum if you think you are better than anyone else. Well Nate, this needs to be dealt with asap before any more uninformed individuals start thinking that they are better than anyone else starts their idiotic comments.
I agree! I am beginning to wonder if he is a shill who goes on forums to create trouble. He’s right I am a moderator, but that has nothing to do with this issue. Apparently, he doesn’t know how to read. Since he wants to leave, I am tempted to help him. Mistakes can and do happen, but I know Nate will take care of his end, and Matt will take care of his part. I wouldn’t worry about @whatisgoingon, and thank you for your kindness.
An over reaction if I ever saw one.
Yup, I fucked up. Did it affect anyone here? No.
The moment I realised what was going on I changed all passwords for myself. Nothing has been tampered with other than the AL twitter and this original post.
I won’t mention the personal loss from my stupidity.
@natemaia has explained how the packages etc are handled, and I have no input there so ArchLabs itself is all good.
I apologise and all I can offer is a promise that this won’t happen again. I appreciate the support and loyalty of all who have posted here.
I am embarrassed beyond words. If this incident has caused any of you to lose faith in ArchLabs, all I can do is apologise. If my ongoing involvement in ArchLabs is an issue to any of you please let me know.
Again thank you for your support.
Hey Matt, shit happens. Your Twitter account was hacked has nothing to do with your input. I use different passwords for all accounts. Not one is the same. I would also suggest changing passwords every so often so that your accounts remain safe. Someone who didn’t know how AL was just trying to cause trouble. It was after all your Twitter account that you use for AL, and doesn’t have anything to do with the actual distro. Some individuals are hackers who gets their hardon breaking into people’s accounts and or computer. In fact Twitter is also at fault, but then I really distrust any social media. It happened, you learned a lesson, time to move forward. Peace!
Don’t worry, a lesson was learnt.
To say I feel foolish is an understatement.
They can’t kill the Metal.
No they can’t, but they can kill my fragile mental state.
Well, shit happens ¯_(ツ)_/¯
As long as you have learned something it’s fine by me. Knowing that it didn’t impact AL as a whole is quite reassuring.
I have seen this sort of things happening all the time, but not so often (I will say never) the issue has been promptly reported and dealt with.
If anything, that increases my confidence in everyone involved in this project.
@whatisgoingon you had your 15 minutes of fame, at what cost? you should do something about it or, as @sevenday4 stated, adiós señor.
@Dobbie03 Kill your fragile mental state?
It will be sorted shortly from the mods here .
Seams real odd that he mentions this after the hack happened, he might know something, but it s only assumptions from my part here. & I don t believe in coincidences.