Ad Terras Per Aspera

Rob Levin passed away on the 16th.

Honestly, I don’t know what to write. I mean, he and I never saw eye to eye on things, and we used to fight back and forth constantly, but this sucks; you’re talking to a guy one day, and the next day you find out he’s dead.

Theres nothing I can really say anymore, or really, anything that matters. I was critical of his actions at times when he was alive, and I’m not going to take that back, not that I really can. I just hope that since he’s gone now, Freenode can continue on without him there to lead anymore. I may have not agreed with his choices, but I don’t think there are any people out there that could have brought Freenode this far.

The legacy he leaves behind is an IRC network that benefits the entire FOSS community, and I think that he should be remembered for this for a long, long time.

Rest in peace, old friend.

Just a short message, but #openttd of the OpenTTD project has moved to OFTC from Freenode.

So, it seems, Rob got a beat down not unlike what what the US military did to Nagisaki on August 6, 1945. Lots of collateral damage, lots of /kills, and lots of people running for cover and/or leaving the network.

The attack was perpetrated by user named Jmax, who is a member of Bantown. For those that have never heard of Bantown, think of them as the GNAA on steroids.

So, Jmax somehow acquired the ircd.conf from one of the volunteer servers (presumably the admin of that machine sent it to him), which contains the password hashes for all the oper accounts, including Rob’s.

Now, a one-way hash produced by MD5 is quite useless. You can get the password out of it, but it requires a lot of CPU power to do, as you have to guess every possible combination that fits the hash.

One of the Bantown members claims they have access to a giant Cray machine deep in a research facility somewhere that has 2048 CPUs, in addition to a few racks of dual Opteron machines. If this is true or not, I don’t know… but it does explain how they cracked it so quickly.

So, getting on with the show, Jmax cracks the hash, and notices one gigantic security flaw in Rob’s oper account… mainly that it uses levin@* as the hostmask. For those that don’t get hostmasks. Now, normally, this should be levin@*.isp.he.connects.to.com, so at least Jmax would have to compromise a computer that matched that hostmask.

Jmax logs into lilo’s oper accounts, and then proceeds to /squit and otherwise delink the entire network, /kill half the network, and set new topics for a bunch of big channels. He also delinked services and/or compromised hundreds of nickserv and chanserv passwords. (Which reminds me, its time to change your passwords, everyone.)

What Jmax did is basically legal according to Federal law. Will the FBI go after him? No. Jmax, Freenode, and Rob are all small fries. There was no money lost, there was no actual damage done, and stuff was fixed within a few hours.

Now, does this mean I condone such actions? No. What Jmax did was still wrong, yet unfortunately legal. Does this mean I still want to see changes in how Freenode is operated? Yes. Does this mean I still think Rob should drop Spinhome, and actually earn his pay from PDPC? Yes.

About two hours ago Freenode completely shut down due to a security issue: someone managed to log in to one of the servers as a privileged oper, either as lilo himself, or another oper that lilo has given priviledges to, and caused all the servers to go offline (probably via /squit).

Currently, I am not sure how this happened (though I have several theories on how, and by whom), but I would like to request that this never happen again. This is a very immature way to deal with Rob’s actions, and is not solving the problem. In fact, this is probably helping to undo all the work I’ve put into trying to help the community deal with Rob’s actions.

As much as I dislike Rob, and what he does, and how he abuses his position at Freenode and the PDPC for personal gain, stooping that low to take the entire network down is something that only an idiot would do. Honestly, I hope Rob finds you and has the FBI put your ass in jail.

Update: A blow by blow account of what happened is available from Tmandry. Also, someone has taken credit for doing this, on the Slashdot article about it.

Recently, Freenode has been under an attack by a Distributed Denial of Service attack. I’d like to say that, even though that Rob thinks otherwise, that I am not apart of the attack, nor do I support the attack in anyway.

I request that anyone who is currently engaging in any such attack that they please stop. As I’ve said before, I do not wish to see the network taken down or damaged in any way.