Mean People Suck

I probably shouldn't blog this. I'm mad. I had a frustrating day. This is probably the worst time to blog.

Since I've launched ColdFusionBloggers.org, I've had to make a few tweaks because of people intentionally messing with the stats. I used to display the last 10 searches. I removed it. I used to display the top 10 searches. Then I was alerted to this post.

You know... I expected spammers to hit. I expected to see viagra, drugs, RC cars, etc. I didn't really expect to get screwed with by the people I was trying to actually help. It's crap like this that makes me want to log onto my server, load IIS, and just hit the shutdown button. I'll probably regret saying this - but hey - I've always been honest here so I figure there is no need to stop now. But I'm just really, really surprised.

Comments (29) Sep 13, 2007 8:59 PM Views: 2533

Comments

[Add Comment]
Robert Owen's Gravatar That Really Sucks.... I'm sorry.. It just reinforces my whole thought that people just suck.
# Posted By Robert Owen | 9/13/07 9:11 PM
Lola LB's Gravatar Gosh . . . this is really juvenile. Some people have way, way too much time on their hands.
# Posted By Lola LB | 9/13/07 9:24 PM
Justin's Gravatar Sorry Ray. Thanks for all you do man. I hope Mr. Idiot feels shame for being the town idiot.
# Posted By Justin | 9/13/07 9:36 PM
Dale Fraser's Gravatar Ray,

I feel your pain. I too have had to install CS3, Adobe installers aren't the greatest.

As for the messing with your site, well kids will be kids. I'm sure you will remember them when they want their site agregated.

PS: Love coldfusionbloggers.org it syncs my feeds faster than MXNA and Goog and the website look and UI are very sweet. Good job.
# Posted By Dale Fraser | 9/13/07 9:40 PM
existdissolve's Gravatar The world would be a better place without people. I mean, without mean people. Ahem.
# Posted By existdissolve | 9/13/07 9:41 PM
Shane Zehnder's Gravatar I understand the no edit on Galleon now.

Sucks people want to screw with one guys who does the most to help. Well, at least not all of us are annoying. I am only _slightly_ annoying. heh
# Posted By Shane Zehnder | 9/13/07 9:56 PM
Mary Jo's Gravatar Let me just say for the record, I greatly appreciate the effort you put in, both on your excellent blog and making life easier for so many of us by taking the time to do the aggregator. I know from experience myself that the negative stuff seems to weigh 100 times more than the positive stuff seems to balance, but nonetheless THANKS!
# Posted By Mary Jo | 9/13/07 10:40 PM
Russ Johnson's Gravatar Ray, dont be mad!! HEROES STARTS IN 10 DAYS!!! Fall season TV is right around the corner!!! Woo hoo!!
# Posted By Russ Johnson | 9/13/07 11:26 PM
Russ Johnson's Gravatar BTW, I think its safe to say that this guys feed should be removed from ColdFusion Bloggers! He's certainly lost his aggregation privileges!!
# Posted By Russ Johnson | 9/13/07 11:28 PM
Scott P's Gravatar TV time is coming - Geek TT ready to launch?
# Posted By Scott P | 9/14/07 12:00 AM
paul Verhoef's Gravatar Ray,

Just ignore the mean people, they are not worth the effort, I really enjoy your work and post.

Please keep up the good work

paul
# Posted By paul Verhoef | 9/14/07 1:32 AM
Gary Gilbert's Gravatar Ray,

Yep mean people suck. Pretty mean and stupid to post that or perhaps just ignorant? An email describing the exploit would have been more appropriate than encouraging folks to abuse it.

Sigh....

I know its hard but try not to let it bother you, the rest of us appreciate what you are doing for the community and I would hope not ream you like this dork did for a little "publicity"

Gary
# Posted By Gary Gilbert | 9/14/07 2:23 AM
Michael Evangelista's Gravatar I'll just add my voice to the many... THANK YOU RAY for the CFbloggers site... I have really <strike this>wasted a ton of otherwise perfectly productive work hours</strike> enjoyed it since being added, then subscribing to the RSS feed.

In just the past week I have picked up a lot of great tips, met a few really decent web-folk, and been directly inspired to actually write something on my own blog from time to time.

I suggest you spend at least 17 seconds pondering the endless horde of CF junkies forever in your gratitude <strike this too> pummeling the offending stats-tweaker with over-ripe pomegranates</strike> and try not to let it bug you too much... you're an inspiration to us all.
# Posted By Michael Evangelista | 9/14/07 3:07 AM
Todd Rafferty's Gravatar Some stats definitely should remain behind the scene. When I was on moveabletype, every now and then, I would publish a list of top ten searches for giggles.
# Posted By Todd Rafferty | 9/14/07 6:04 AM
Russ "Snake" Michaels's Gravatar I know how you feel Ray. I had a couple of idiots trying to ruin CFDevCon for no good reason, and it makes you so angry when someone has to come along and try to ruin your work, especially when its not even something you get paid for. Unfortunately some people really don't care who they piss off because they think anonimity of the internet protects them.
# Posted By Russ "Snake" Michaels | 9/14/07 6:12 AM
Sammy Larbi's Gravatar Ray,

Just look at the bright side: there isn't much harm done and now you have a better site/product for tweaking it because it's out in the open.
# Posted By Sammy Larbi | 9/14/07 6:23 AM
Scott Stroz's Gravatar It would seem he is using BlogCFC, maybe its time to exploit one of those back doors Mr. Horn claimed there were.
# Posted By Scott Stroz | 9/14/07 6:35 AM
Ben Nadel's Gravatar Sorry you got messed with, but as some who (myself) has made a LOT of mistakes in the "coldfusion community", I would hope that you don't remove their feed from ColdFusionBloggers.org.

CFB is what I use for my primary feed aggregation and WebBiz DOES have some cool stuff on it. By removing that feed, you would hurt him AND us.
# Posted By Ben Nadel | 9/14/07 6:51 AM
Raymond Camden's Gravatar Well, today I feel better. I hope my blog entry didn't sound too much like a pity plea.

I got an email from someone today who said he was behind some of the stats (I don't think he was the guy who wrote the blog article). He apologized and I accept his apology (but can't write him back as he used a fake email). I'm past it - and just want to move on today.

Russ/Scott P: Geek the Tube _is_ ready to launch - I basically just need to write the intro. Scott P you need to IM me though.

Ben N: You've written bad stuff? I don't believe it. ;) I'm not going to remove him. I need to treat CFBloggers (and my other sites) as _community_ sites, not Ray sites, so I don't want to start down a route of taking things personally there. That's what this blog is for. ;)
# Posted By Raymond Camden | 9/14/07 7:38 AM
Christian Ready's Gravatar Ray, it looks like the individual removed the offending post. Curious, what did it say that was so dumb? Why are people so dumb?

Oh well, let your heart not be troubled. The ratio of your supporters to your detractors is approaching infinity.
# Posted By Christian Ready | 9/14/07 9:07 AM
Hauns in Africa's Gravatar The offending post was removed but thanks to Big Brother Google you can see it via the Google cache at:
http://72.14.209.104/search?q=cache:blog.brianflov...
# Posted By Hauns in Africa | 9/14/07 9:51 AM
Raymond Camden's Gravatar Just an FYI - the blog author pinged me a few minutes ago and apologized, which I definitely appreciate it.
# Posted By Raymond Camden | 9/14/07 9:56 AM
Tom Barr's Gravatar I've had sites (using phpNuke) get corrupted by a hackers bot. It's not fun but I learned a bit about security, open source, and Turkish IP addresses. It wasn't a nice action on the stat tweaker blogger's part and I amazed how dumb he was to post it and make himself the idiot of the CF village.
# Posted By Tom Barr | 9/14/07 11:18 AM
Raymond Camden's Gravatar Just so it is clear - I did know this was a possible issue. One thing I tend to preach/rant about when I do my ajax preso is to not assume Ajax requests are 'magically delicious' (I mean magically safe). Again - I expected it to get flooded with spam related stuff - not what I saw.
# Posted By Raymond Camden | 9/14/07 11:21 AM
Rob Rawlins's Gravatar Hey Ray,

Glad to see you airing your frustrations on your blog! I think it’s a healthy attitude to take, everyone should complain more, and it makes us feel better in the end :-)

This whole situation does pose a few interesting ideas and questions though, one of my main beefs with AJAX all along has been the security possibilities, it’s probably one of the reasons I’ve been VERY slow on the uptake of anything AJAX related, I've never been a JS fan, I'm sure plenty of people have read over opinionated posts from me in the past on the subject.

I'd be interested to see some serious presentations on the security exploits of AJAX and the ways to tackle them, as generally we're all Server Side developers and we all know about protecting our user produced content against SQL Injection and XXS, but for some reason many developers seem to forget these principles when dealing with JS.

It's a shame that Brain Flove had to blog about the exploit, that was a little unfair, he should have contacted you directly, on the other hand, I do like the concept of use challenging one another’s application security a little, and it’s a responsibility we should all share. I know when working on development for my application, I'll always buzz the dev server version over to some trusted developer friends and ask them to try and break it, and then we can work on actively patching the problems.

As CF developers we have quite a blessing when it comes to security, things like queryparam and script protect make it VERY simpler of us to build secure applications, and with J2EE sessions being as they are, they’re also very safe, at least from your average attacker, however this simplicity also probably makes us complaisant and I suspect a large number of people don’t make as much effort to strive for security as they should do... me included!... security isn’t really one of those things that can be ‘patched’ as an afterthought, it needs to be at the core of our design from the get go.

Thanks Ray,

Rob
# Posted By Rob Rawlins | 9/15/07 6:22 AM
Raymond Camden's Gravatar Rob, all good points, although, now that I think of it more, this was more a 'user submitted content' issue than an ajax issue.

When I present on Ajax I spend a few minutes covering the security features Adobe added, which are pretty darn nice, but Adobe can't prevent bad programming. :)
# Posted By Raymond Camden | 9/15/07 8:29 AM
Mike's Gravatar Here's another take on this...

http://www.webtrenches.com/post.cfm/mean-people-an...
# Posted By Mike | 9/15/07 2:00 PM
Ben Koshy's Gravatar Ray,

I used to run a few large community sites and they spanned from when I was first writing my first Coldfusion application all the way to some of my more later works. I have always found people tinkering and fiddling and trying to boost their stats and get the edge up... in the beginning no-one really notified me, i just noticed weird oddities in the data and stats and I looked at my code how I could prevent this from happening.

More recently when I wrote my own forum software, there been a slew of bugs, permission issues, and HTML hacks that caused different things to happen... sometimes people would send me a polite note, other times you have to rely on the community to point these out. Even if it means said community member takes an inappropriate action.

One thing I've learned... if you put software out there on the net... people are going to "test" it to its full abilities or disabilities.

I view it as a challenge and not something to get mad about. In fact it gives me something to do and ultimately makes me a better and more experience software developer.

Here's to "Trial by Fire!"

Sincerely,

Ben.
# Posted By Ben Koshy | 9/19/07 8:15 PM
Raymond Camden's Gravatar Maybe I'm not being clear. I do expect people to find/report security issues. As I said, I knew this was a potential security issue (showing content like that). My problem was with how people played with it. I am over it - but I just want to be sure folks know - if you find a security problem with my app - please don't hesitate to bring it to my attention.
# Posted By Raymond Camden | 9/19/07 8:18 PM
[Add Comment]