Blog = Censorship. Go to Hell.

So the databases got hacked. So they caught it, so they have a plan for dealing with it.

Yanno thats GREAT.

Yanno whats NOT GREAT?

The fact that you've got COMMENTS OFF on an announcement that has so much potential for personal damage to your customers.

Oh and not to mention there was no in world announcement. NOBODY from Linden Lab is saying anything about this except via the blog...oh and we can't talk about it...or even express our concerns about it.

Screw your censorship. You screwed up and your customers deserve a viable outlet to discuss that.

Comments off my ass.

Do we get to see it first?

ee 3 mins later they must read the forums lol:

[10:41] Char Linden: Please see http://blog.secondlife.com/ for more info on passwords. If you have problems recovering/changing and have waited the designated 2 hours please email [email]support@lindenlab.com[/email]

Probably.

Yeah lets shut down the forums! That way no potential IPO investors can see that we've got problems.

DUMBEST. IDEA. EVER

The best part, I think, is that they're not letting people who forgot their security question/email address to change it over the phone.

It warms my heart, truly.

Fucking imbeciles.

Yeah its amazing. Its like SOE took over and no one told us.

Damn. And I was just getting ready to go post on the blog about this. And we can't?

What is wrong with these people? They should have someone manning the phones for the password problems all weekend (and most of it would be taken care of by Monday).

Good grief. I didn't even forget my own security question. A Linden typed it in wrong, I guess. (He was being helpful, and it was just another thing he suggested, not what I was calling about.)

Geez. I can't believe this stuff. I really can't.

coco

Honestly, though. What would having blog comments on achieve? Nobody would be able to ask a question, there'd be hundreds of other comments demanding compensation, swearing at Philip, saying they're going to LEAVE RIGHT NOW etc drowning anything else out.

Of course, in a threaded environment like, say, a forum, one can more easily see the real questions and identify what is venting and what isn't. But the blog isn't threaded, not on the basis of user threads anyway.

Well, having blog comments would only be useful if you actually wanted to learn what your customers are SAYING.

Now imagine - no blog comments and no forums either. (Aren't they supposed to be closed right about now?) THEN what? Just . . . nothing?

I don't LIKE nothing.

I wanted to post there to try to get them to recognize this for the severity that it is, and have some people work the weekend to answer the phones. My case wouldn't take very long at all, and then I'd be up and running.

They have put me out of business for the weekend.

Is there some technical reason why they just can't do anything about any of it till Monday? I don't think so, but if so, I'd like to hear it.

Imagine now, I ask you again. No forum talk, no comments on blogs. GAG ME WITH A GAG, why don't ya.

coco

it seems rude at first but having had some experience with moderating a PHP based webforum and having dealt with it getting hacked via a web exploit, turning comments off seems to me rather sensible regarding security, if the hack was perpetrated via the submit form to gain access to the database, like what happened to the forum I worked on back then. A friend of mine keeps comments off on his blog for similar reasons.

Just saying, it may not be censorship, but just being careful while they lock down the exploit.

Don't even joke. *shudders*

They said they'd locked down the exploit on Wednesday.

Coco, what would be the point of you posting to say "this is really severe, get some people on the phones" in the middle of hundreds of other posts where everyone is saying the same thing or mostly likely just ranting about how LL sux? Is that going to help anything? I think they know it's severe. I don't know if they anticipated quite how many people would not have their secret question answers perhaps, but if they didn't realise that lots of people didn't, they wouldn't have said "don't call til Monday" would they?

yes, indeed they said that, but it appears they were still doing that today, by resetting the passwords. I'm just offering my own experience in the matter but I realise it probably falls on deaf ears. PHP forums and blogs are not very secure... I'm actually quite surprised even this is still up, the forum I moderated - everything was down for a week until our programmer was sure enough to put the site back online again with the fixes in place.

Just saying, this stuff happens elsewhere too, and what was described, an exploit through the webservers, sounds eerily similar to what I have seen before.

Well, the good news is Robin has said in the SL Answers that if they decide to put people on the phones, they will let us know. So that is hopeful.

But they had to read SOMETHING to know all this, didn't they?

coco

not commenting on announcement such as having to change passwords is what? NOTHING, dudes!!! Do you REALLY think LL want to deal with the 5 billion comments about it? NO!... Keep it moving!

it's not censorship it's freaking smart!

Oh yeah totally, because it's LL's fault that people used fake e-mails and forgot the answers to their Secret Questions.

Personally i'm glad they aren't letting people change it over the phone easially, since they would just be replacing one security hole with another. Anyone who has had their 1st life name associated with their account would be totally vunerable. Also don't expect it to be simply call up and fix it over the phone. The LL account verification process requires you to produce ID.

I'll quote Philip with the answer to all this, since they had TWO DAYS TO BECOME PREPARED.



Gee, they could have waited until Monday to invalidate the passwords at this point. They could have had the people at the phones, ready to help out however they could. I mean, how many of them can remember their secret questions to all the sites they visit? I know I can't and thus, would have expected others to have forgotten.

Sorry, Cocoanut, this isn't aimed at you.. I'm just very peeved.

I imagine it was also probably down to being suddenly bombarded with a million phone calls...

The point is that, while the forums might have been contributory (and I think the forums should remain *anyway*, regardless of whether this had happened or not) comments on the blog entry wouldn't have been particularly helpful, because all of the irrational rants would have been lumped in with the sensible questions in a huge mess of a single thread. Now, when the forums are gone, and something like this happens, *then* we'll see a problem - people will be forced to ask Lindens in-world, and that's not going to make them too happy.

True. But I imagine then they just wouldn't go in world. That's the problem with retreating. You can never retreat far enough.

coco

Oh my god! LL GOM'd *everyone*!