You know, I just wanted to take a moment to say that I think the new policies regarding avoiding personal attacks will do everyone better in the long run, and are probably exactly what the hobby needs.

On the Hog Pit
I never really did agree that a place like the Hog Pit was necessary or "for the better". In fact, I think the concept of it was a lot like "The Purge". SURE give everyone a place where they can murder and commit crimes and it'll get it out of their system. The end result, I think, was that it normalized venom and incentivized people to attack one another for others' entertainment, to gain ground with fellow bullies, and to take one's personal issues out on victims for sport.

On going forward
It occurs to me that for YEARS there hasn't been a real gathering for people who MU to get together and be a COMMUNITY that actually enforced...respectful behavior. Sure, the Hog Pit was "opt-in" but it was easily the most popular place on the forum and bleed-over was constant. Every other day it seemed a topic needed to be moved to the Hog Pit because people were being nasty.

In short, ACTUALLY having a place where people can gather as a community to be respectful and (dare I say) neighborly will do people good in the long run. People were -afraid- to join MSB because of the venom, and now with the new policies and attitude in place I think you'll end up getting a lot of the nicer, more constructive types to feel welcome.

No offense to the people who like the L&L games, but this thought came to my head:

LORDS AND LADIES CHARACTER SHEET:

INSTRUCTIONS: Fill in the blanks, then you're ready to go.

My name is __________ of House ________ and I'm fucking __________, but I'm supposed to be fucking __________.

Check THIS out...

New Alien RPG is coming. Why this is intriguing (especially in a mush sense) is because this TT RPG is boasting tools to run 2 different kinds of games...

1. Campaign mode. Long term. Etc.

2. Cinematic mode, which is designed for 1 shots and single nights of gaming.

Cinematic mode may contain some tools and ideas (perhaps even systems) that might work well in some mush event contexts.

Either way, preorders start 5 days from now, and once the pre-order is verified you get the Cinematic Rules PDF starter kit.

Oh...and yes...it includes both "Ripley and the Nostromo" styled setting information (I.e. Space truckers come across alien eggs and Weyland-Yutani fuckery) as well as...

COLONIAL MARINES, BETCH

Squeeeeeeeeee.

In that light, I apologize for calling @saosmash a mean thing.

I missed an opportunity to private message or reply with something like "hey, come on, I'm not trying to piss on something you like, I'm just being snarky about a concept I don't get"

But instead I was like:

I missed an opportunity to present myself as who I am in spirit, and that's 100pct on me.

I think you did a good thing in the end @shangexile . I commend you for that.

@zombiegenesis I think that's an excellently worded summary, to be honest.

Even right now, the people who are still banned (some who are coming back to start trouble) are just gathering and saying nasty things about pretty much anyone who ever told them no or disagreed with them. It's super toxic and it's really not constructive to any sort of rationally comfortable environment that reasonable people would want to be a part of. It's just NOT OK.

I'd originally intended to hang back even if my ban was lifted, but seeing that an attempt is being made to course correct from "unmitigated personal attacks" to "trying to be more positive and foster an environment of respect"? I'm hanging around to see what's up. I'm glad to keep communicating with a vast number of you.

I think the major issue in the end is the concept of "reputational income" and what happens if you have a bad reputation being in this constant "eye of the beholder" state with some very disrespectful, very demanding, and very unfair people. You see a lot of posts from them with the "you need to change your behavior or else..." verbiage from them, and I recently likened it to someone like the mafia asking you "are you sure this is what you want?" after an extortion attempt.

Maybe people can just be regular people, right? With flaws, who make mistakes, who aren't perfect, and who don't need to live up to the demands and expectations of the same 15 or so blowhards with superiority complexes that demand everyone meet their standards or face ridicule/belittlement?

I've chimed off on this before (re: FC sexuality), but I don't think the concern is so much on the sexuality of the character. I think it has more to do with how the character will behave under the control of the player.

I have no issues with a female Captain America or even a gay Captain America (there might be a compelling story to tell in Steve Rogers arriving in the modern age and realizing that he can be gay in 2017 with a certain amount of respect that wasn't prevalent in 1941).

I like to think that players would approach those gender/sexuality issues as a means of compelling story.

HOW and EVER...

I think the real concern people have is in a Captain America transported to 2017 as FUCK EVERYTHING THAT MOVES BONDAGE SEX SWING NEVER INVOLVES IN ANY STORY AND SENDS EVERYONE DICK PICS Captain America, thus really putting aside any meaningful role playing with the character concept in favor of using the character as a sandbox Shang Alt.

We'd seen mentions recently of gay fish Daken uncomfortably hitting on people IC and OOC, and mentions of Sex Magic Sorcerer Supreme Dr Strange.

So, in summary, I think the concern is less on gender/sexuality of the FC and more on whether or not they'll be used like a Harvey Weinstein extension of the player's whims, thus becoming more of a distraction than a contribution.

Friend's wife and fellow D&D group member has gone from ER to ICU to ventilator and sedation. Double pneumonia. Her Covid experience is going the wrong direction. Fuck this virus.

I've already got one memorial to attend after this nightmare ends so please do not go through airports unless it is absolutely necessary. Do not go to bars and restaurants unless absolutely necessary.

It's been made pretty clear by now that this virus doesnt care how little you're afraid of it. Dont fuck around and find out.

Counter-opinion:

There were different themes in behavior that I saw leading up to the bannings, with some people being far more disrespectful and venomous in their approach than others. Heck, I was even DM'ed to be informed what a slimy piece of shit I was, though in jest I was doing a little tongue-in-cheek trolling of the situation, myself.

If the focus of the forum going forward is to try to be respectful and positive, then some of those entitled personalities are best left off at that new forum they made (where when I was linked to it already saw personal attacks, fuck-marry-kill lists with actual people being listed as kill, etc). This forum isn't a paid-for service where users are entitled to getting what they want, nor is it required to maintain a level of "trust" even when "trust" is often mistaken for "doing what we say we want or else".

I recommend people who don't like it to let it go and glomp about it at that other place that's going to return to the same toxic behavior patterns.

@Auspice said in Disabilities and Mental Illness as Character Traits:

I also don't feel comfortable when someone has a disability for their character and they always have an 'escape' written in (is wheelchair bound, but can walk sometimes, is blind, but can see shapes and light now and then... etc.) that always comes into play when it's... convenient.

I hate that shit, mostly because the player took extra freebie points for being blind, but then doesn't roleplay it. Or, they took the points for taking some kind of BLIND flaw only to negate it with cybernetics.

It's like: "Dude, BLIND means CANNOT SEE. If your guy has cybernetic eyes, they can see, and therefore are no longer BLIND. If you can barely hear and then get a hearing aid or cochlear implants, the -4 to awareness checks doesn't apply."

But yes, I agree. Disabled but not is a peeve. It doesn't make me uncomfortable, I just think it's stupid, metagamey, and usually tied to jerking around with a character sheet.

But let's get to brass tacks, here.

House of the Dragon has GRRM's name on it. GRRM is an executive producer, writer, etc on it. GRRM has spoken positively about diversity of casting and has said he plans to introduce more BIPOC characters in upcoming novels...whenever those get finished. If GRRM felt it was so important that the Velaryons couldn't be black because of all of the reasons @Nymeria states that they simply cannot budge on non-white characters in their MUSH, he would have fought it tooth and nail.

It's not the ACTUAL CONTENT CREATOR who is taking a hard-line stance, crying about "woke SJW bullshit", saying racist things, or literally making the news for their toxicity. It's a pair of people who have decided more than once to gatekeep/act like the owners of someone else's actual work and do toxic things online in the name of someone who doesn't support their behavior.

With that in mind, I cannot say why I would allow those people to affect my legacy by remaining involved with them, why I would in any way support their MUSH, and hope that they get fired/cut loose to be left as a couple of MU hosts running a text-based chatty game in a world that they don't own.

Great, I'll pass this information along to my friend.

And I assure you that I would never do any such thing for personal entertainment value.

@Ganymede said in Ethical Question:

@Ghost said in Ethical Question:

IS IT ETHICAL to join a bunch of MUs and embed yourself in roleplay with people who don't like you as a means to repair your relationship with them by being cool with them...and then later reveal it was you all along?

Generally, I don't find myself in such ethical quandaries because I have neither the time nor the inclination to try and convince people who don't like me that I am likeable.

Generally, it's for that reason that I've never moderated an online forum and have never been in a situation where I've trained to maintain my popularity in spite of.

Question...

IS IT ETHICAL to join a bunch of MUs and embed yourself in roleplay with people who don't like you as a means to repair your relationship with them by being cool with them...and then later reveal it was you all along?

...asking for a friend.

@Juniper said in Telnet Safety:

bless faraday for having the patience for this

Bless your heart, too

Spaceballs 2 is in development with Josh Gad and Mel Brooks at Amazon, as reported by Variety Magazine. No word yet on the possibility of return actors (including Rick Moranis)

@faraday Mo' tech, mo' money, different problems

@faraday I think this would have been an amazing conversation over coffee, and I apologize. I don't mean for my tone to come across as accusatory as it did. I'll keep an eye on that, especially with you since you're awfully nice.

In my head this was more of a "DUDE...BUT..." type cubicle conversation about tech stuff, but one thing I think we did amazingly here is provide a point/counterpoint.

I am a former MUer with evident trust issues with the globulous "community" who is approaching this from the point of view of "...the bad scenario" and wanting to state out the width of possibilities to get them out there and undernconsideration

You are still prevalent in the community and are approaching this from a "stepping back from that, this is more likely" approach, and are providing a technical counterpoint about where the safety works and why it is better than it used to be (it is!)

I do think one thing is sure, though. Whatever next state the hobby takes will probably include someone either improving the insecure transmission issue through some new client/interface to cover that problem, or improvements to client/web interfaces using TLS to allow for more of the customization that MuClients provide.

And hot-damn, I'm still wondering about Diffie

@faraday said in Telnet Safety:

Absolutely everything in your nightmare scenario can be done if the game is running SSH/HTTPS. You're blaming the technology for a people problem.

Yes and no.

A person with admin-type access has access to connection level information even through HTTPS, and on-server can log/monitor communications, yes. That is correct.

But it is significantly harder for even someone with that admin access to utilize an HTTPS(TLS) connection to further exploit their own users without being detected or perform unwanted session redirects without being detected.

It is a people problem, yes, but to spoof a TLS connection you'd need a forged certificate and the actual public key of the target site. You don't need that with telnet. TLS mitigates a lot of the potential attack vectors, but even with TLS there are issues.

1. A user connected via HTTPS roleplaying with a player connected via telnet potentially exposes things further through the telnet player. The TLS user sends/receives encrypted data, but the same data (pages to telnet player, etc) are then transmitted to the telnet user in cleartext because the sessions are with the host and not P2P or arranged through something like "shared key/insecure network" security provided by Diffie Hellman.

(I'm now wondering if it's possible to implement something like Diffie-Hellman on a MU server....its sure AF old enough, and I now wonder if the Unix-based programming in a MU client could handle the exchange of a shared DH/AES key with the connected telnet user. Might be worth exploring for telnet users, and tls for https users.)

^^^ IF this is possible (being theoretical, here), I recommend including "log text" in the MU to record something like this:

• mask the shared key/IPs sent to the username's session, but keep the date and timestamps to ensure other staff aren't collecting data (The shared private key between host and client can be used to decrypt). ONLY access the non-masked information on a need-to-know basis, locked behind God privileges, and NOT accessible on the same staff logins even the headwiz uses regularly
• if the implementation is stable enough and works, require telnet users to accept the randomized shared key and connect via D-H to play on the game. Everyone is encrypted.
• IF possible (unknown), idle connections are released after being idle (other user disconnected) for an hour, release the DH shared key, and require a new one
• IF possible, include a list of blacklisted usernames and IPs who are to be denied the DH key. Forcing this may actually be the solution to further keeping people off of games.
• may require a client download on the user's side to complete the connection and run parallel to their MU client

(Again, D-H is deprecated as shit and crackable even in this implementation, but it is better than Telnet and further mitigates local router snooping telnet logs, as well as any other session interception reading issues. Im not sure if anyone has tried D-H over MU via telnet before, but if the BBSsystem can handle the handshaking and the client is a free and safe download, this could be the answer.)

2. If the certificate (for Ares I don't know off hand if it's the hosting site's certificates or faraday's, and no one should know where its stored) is exposed through any means, a malicious user can decrypt as desired

3. TLS 1.2 is still vulnerable to Raccoon, large ticket injection, Sloth, CRIME, BREACH, etc, but those require more skill and talent to breach, though MUs are not likely targets for these attacks. I doubt a MUser would go to these lengths.

@reimesu that sucks. I love a LOT of his movies. He's also got a pretty talented kid lol.

I remember an interview (Conan I think) where Donald said that his son has 5 middle names. When asked why, he said "Because I owed a lot of money at the time" or something like that lol

"Kiefer William Frederick Dempsey George Rufus Sutherland"

The real story is that he was named after 5 people his parents adored and admired.

(From the webz)
Kiefer Sutherland's five middle names were mostly chosen to honor multiple important figures in his life, including his mother (Dempsey was her maiden name), paternal grandfather Frederick, and father's close friend George. The reasoning behind Rufus remains a mystery, even to Sutherland himself. Pretty beautiful story and shows a bit of who Donald was

@faraday And that's fine! Please don't mistake my tone as hostile; I'm really not.

The reason why https was made as a standard for websites (and thus web portals like Ares) is the addition of Transport Layer Security (TLS) that simply encrypts the data to keep it private. If it was simply that https was the standard of the service you were using, that's great. At least connecting through the Ares portal it provides some of that.

I don't think that you're an idiot who doesn't care about basic security principles, but I do think that the differences in bias in this conversation have led you to the "the risk is low" stance, whereas mine is "the risk you are focusing on is low, but there are other risks." It's just that "ignoring" the risk should only be recommended if you know the potential totality of damage if it were exploited.

No, a user cannot "take control of your machine" through use of telnet/23, but it is one hell of a sieve that can be exploited to violate your privacy, engineer further attacks (up to and including infiltration), and due to the use of telnet the risk isn't just your local machine, but the local machines of the other users and the MU itself (in terms of data breach).

I've said it before and I'll say it again:

• The #1 issue about leaving your data everywhere is retention. It is simply possible (and has been done many times) that MU owners can collect your data, it is stored on server, angry staffers steal the codebase, and in a lot of these cases there are no real questions asked about what (or if anything) is done with that data once the server is stolen/closed down. When Fallcoast got stolen, people found all kinds of other peoples' data on that yoink. Email addresses, conversations in pages people thought were private, etc. It can all be grabbed, and that -can- include data you don't want unintended people to know (addresses, names, businesses, phone numbers, email addresses, etc)
• "Mal" from Serenity and his goons were notorious for going "dark" and sitting in to watch people's TS, monitor their pages, and in many cases players found themselves getting screwed over for stuff they didn't know other players were watching. Changes to telnet since then: None. Still possible everywhere.
• There is so little active trust in the community that I don't understand why people REFUTE this topic so badly, when it is a technical fact. It is 100% believed there are psychopaths and "bad actors" in the community, and 100% confirmed there are people who like to RP sex with kids in the same community (and some on this forum even refer to it as "age play" - airquotes and yikes), but...what(?)...24.5% belief that any one of those people would exploit the use of the open protocol to get intel on players? Doesn't make sense at all. Why does the trust sudden show up there?

There are people who spend actual time of their lives trying to hide from the likes of SpidJeurgOppWhoever like they're going to swoop in at any moment to ruin their lives and destroy their self-esteem, stating that they're "dangerous" and "probably violent" and other choice words like "sociopath" and "incel" (et cetera; et cetera; et cetera), but then when a guy like me says "you know these psychos can SO easily fuck your lives up with this, right?" That the risk isn't through your roleplay but -- yanno -- them skipping past trying to RP with you to literally stalk you (as a person), completely undetected....and people are like:

"Nah! I ain't Bank of America so it's cool"

I will say this, though, not that I would do anything like this, but if I had threatened in this thread to send details on how to do this to any of those "bad actors" I'd probably get banned and send a lot of people into a state of anxiety, which would prove the point that the risk isn't in the RP being snooped. The risks are quite literally in the vein of:

AN EASY SCENARIO THAT IS 100% POSSIBLE AND REQUIRES NO TALENT TO PULL OFF

• MUing: an open, free hobby shared with an unknown number (but confirmed) stalkers, paedos, etc
• there is a lot of "stranger danger" factor, with unlimited ways to sneak in and infiltrate
• New games are ultimately trusted long enough for at least one connection to "check it out", which would be sufficient to give an insecure/non-VPN ip address to start the process. I figure it would take me a couple of months to cultivate a new "identity" on this forum or the other one, say "I'm Dave from Florida, new to the hobby but a Linux guy, and I'm gonna try to make a game, too!". Maybe go to the other forum and talk shit about Derp or something for 5 minutes until people are like "DUDES THIS NEW DAVE IS FUCKING RAD" (it's not hard to get in with these crowds at all, really. All you have to do is hate the people they hate. I've been in and out of the clique myself a few times back in the day - not to their knowledge"+"). People are generally excited for new play opportunities, and since this isn't a big risk at all, no one needs to really worry about the telnet connection, right?
• Player-Attachments to MU Clients (and the ways you can store sites, macros, etc) almost all use telnet/23, and it is unlikely that people would get rid of those in favor of https without their embedded colored text, spawn windows, etc
• A patient enough person exploiting this could simply gather data (RP, pages, chats) over time, completely unaware to an entire playerbase to datamine information on players, their IP addresses, backtrace those to their geolocation, apply their name/location/kids names/dogs' names/cats' names/spouse names/alma mater and then apply those to social media searches on X/FB/Insta/LinkedIn. At this stage it gets downright creepy.
• They could then utilize those methods to prepare guessed passwords, perform penetration testing for other insecure parts of the users' machine(s), and use that to get additional access on the PC. Regardless of that, the geolocation data is sufficient enough to make physical contact if so desired, with either the desired user or their personal interests (work, family, safety)
• How many MU players (that you really don't know) have YOU received private information about from 3rd parties that includes their jobs (lawyers? We got any lawyers in the house?) their general locations, their names, their sexual preferences, etc. How many players do you know on this forum and through their posts alone how much have you learned about their lives, medical needs, emotional needs, their twitch streams, their online writing and blogs, their extensive posts about their personal lives and what they're going through? Don't want to scare anyone, but I think I've learned more about MUers from 3rd parties than from the actual people themselves, because as the Hog Pit proved, the desire to shame other players with personal information is somewhat higher, and if a socially engineered dogpiling campaign comes your way...well...you know your personal life information is open season.
• ^ If you think THIS is inaccurate, then tell that to everyone a certain MUer shared details of my private life and difficulties with my kiddo to dozens of 3rd parties without my consent as a result of being rejected romantically on a RL level and continues to share a self-edited version to this day.

(Note: The story others get is sans the part about their RL flirtation towards me, the request for space/rejection after a line was crossed with their flirtation in an unsolicited message to my RL cell phone that my partner saw and didnt appreciate, but apparently needed to provide a falsified version of myself and my RL situation to anyone who would listen as an emotional user of people and an emotionally draining "need" sponge. This is ultimately fucked up because I was dressed as an emotional abuser as a result of trying to set reasonable boundaries with someone who was emotionally cheating on their partner, but as a result I was publicly abused by this person out of spite, yet they needed it to be delivered as being my victim).

Ya tell a person you need space (and arent comfortable), they say "don't I get a say in this?" and "I'm always being chosen above other women", and then 10 pages later you find yourself on the bottom end of of accusation of being an abuser and user. Gotta love it when people cross your requested lines and then retaliate when you protect yourself from them, right?

(I digress, but it's entirely bizarre the number of people who do "OPPshit" that want everyone to keep OPP out.)

This kind of shit happens regularly to better people than I. IYKYK, and I know plenty of people have heard this story from one side. Your personal life details are cheap to trade and even easier to corrupt.

And for those of you who got personal information about me from those bs stories? I guarantee the same people are talking about your personal details, too.

• I literally know a few of your real-life names, which is crazy considering I can count of one hand the number of MUers I know who have told me their real-life names personally. A lot of that data just came conversationally and without request.
• IF the PC is breached, everything from logging to DNS cache poisoning to MITM is on the table, provided the talent, time, and willingness of the malicious actor

This is not a fantasy scenario. This is "Red team 101" and probably covered in the first few chapters of the Certified Ethical Hacker certification, but if not in the first few chapters it is definitely in there. People need to consider the actual 10,000 foot view of just what they're giving away to these other players, and need to understand that just because it's a direct page to "Steve" on "New England By Night" (PB Paul Walker or something), that the existence of telnet being used means that when you give "Steve" your phone number, there is absolutely no guarantee that a 3rd party isn't actively collecting that data, and in the MU community it is far more likely to be used in a personally harmful manner than a financial one. Not only is there no guarantee, it is sickeningly easy to do.

Either way, agree with me or not, fuck it, it's y'alls problem, but it is a problem. Good luck out there and please take this seriously, regardless of the counterpoint Fara provided. It's real.

"(+)" - Sidenote: I didn't "infiltrate" the clique, but when you're not declaring who you are it's shockingly easy to get picked up for a scene and then get included in chats about how bad everyone else is. ¯\(ツ)/¯ The fact that it happened multiple times is just...I guess a fringe benefit or somethin. It's hard to tell who other people are, too, when you don't care.