Re: Token of Appreciation
 

I included me, so go for it!

Re: Token of Appreciation
 

What was that email again?

Re: Token of Appreciation
 

Mark,
Of course!!!!!
The NEM's are recognized as important members of a team.:)
The NEMO annual meeting is even listed in the "Essential Information" this year.

To address the other questions:

Not all areas have Senior Mentors. Steve is trying to reach out to the areas where he might not be able to capture the mentor names.
I sent him the 50 that I know of attending from Maryland from FVC, FLL and FRC. We have mentors (and a student from each team) from many of the Baltimore area teams attending after an invite from Team 1727, the Chesapeake RCA winner. A stuffed bus!

Re: Token of Appreciation
 

I was asked by Steve Cramer from FIRST to post his e-mail.
scremer@usfirst.org.

Steve works for FIRST and is collecting the names of 4 mentors from each team to be able to give them a special gift delivered to their pit at the Championship.

YES this is for real ..... I checked.

The problem is that the response to the link he provided cannot handle the traffic ( I offered Chiefdelphi.com next year).

Time is short! He needs your team number and the 4 mentors you want to get a gift - ONLY four please.

E-mail him if you have not already done so.

Re: Token of Appreciation
 

[quote=Mike Martus;613452]
The problem is that the response to the link he provided cannot handle the traffic ( I offered Chiefdelphi.com next year).

Hi! This is a random person named Jackie Moore. I serve as the FIRST Senior Mentor for Illinois. I am working with Steve Cremer to try to recognize the many wonderful mentors who work tirelessly with the students on FIRST teams, but are often overlooked in the big picture. I apologize in advance for the length of this post.

Let me start by replacing some mis-information with facts.

The URL to the web page in question was communicated ONLY to primary contacts of teams officially registered to attend the Championship. It was not publicly shared anywhere else (other than by the person who posted it on Chief Delphi). The page requested (NOT required) ONE phone number - that of the person completing the form - to be used only if there were questions about the names supplied. There was (by design) no request for contact information for any of the mentors.

The only way anyone could access the resulting data would be to hack into the site and hack into the database. A successful hack would generate only a list of names. There was no way this information could be harmful to anyone. In fact, the delay in getting the email out was in some ways linked to the desire to be as careful as possible about protecting the privacy of the mentors we wanted to honor. (We also couldn't contact all teams until all teams were identified after the 5th week events) There never was a 'public listing of mentor names and phone numbers' nor was that data ever contained in the resultant database. Anyone who has such a list obtained it illegally from some other source.

To collect the names of the mentors to be recognized, I obtained the services of a student at IIT (that would be the Illinois Institute of Technology reference 'uncovered' by the person looking for the source of the presumed hoax). This student's willingness to help is consistent with the great mentor support we in Chicago have enjoyed from IIT. In fact, last year, IIT's Office of the President underwrote our local Mentor Recognition Event. This is in addition to the financial support IIT provides the Midwest Regional Event and the great support they give local teams. The particular student helping us on this effort happens to have a global business providing internet services.

I am extremely disappointed and personally offended that the fact that this student is from India intensified the belief that the site was a hoax. The alleged search for the truth, readily revealed the truth (company name, site owner, etc), but it wasn't seen as truth because the search was really for proof of a hoax. Would the same conclusion have been drawn if the domain name sounded more "American" or if the site owner's name had been Johnson? Afterall, the approach taken by this web developer is similar to many big name companies who host sites for their clients.

For his willingness to serve, this student's server suffered a denial of service attack which sadly seems to have originated from within the FIRST community. The center letter of FIRST stands for RECOGNITION and should be secondary only to Inspiration. Why then, is it so hard to believe that someone truly wanted to recognize mentors?

For those questioning why the URL was used to gather the information, please be aware that while some of you are fortunate to have a Senior Mentor in your area, most teams do not. While some Senior Mentors offered to help by supplying names, if we only collected the names of the teams being served by the 20 Senior Mentors, we would miss more than half of the mentors at the Championship. Relying on email only, meant that someone would have had to manually enter what could easily be 3,000 names, resulting in 3,000 opportunities to introduce an error. If each team's main contact entered the names, we would then have fewer opportunities for error, and a more manageable process for completing our recognition plans.

Unfortunately, someone decided they did not like that approach and deliberately trashed the database. This occurred sometime between the midnight posts proclaiming the site was a hoax and therefore should be shut down, and 9:00am. As a result, Steve Cremer has been frantically entering names for the past few days so we can be ready for the Championship. In addition, an entrepreneur and supporter of FIRST has become the victom of a hacker. The destructive action against the IIT student's server and database is not being taken lightly. We are activley pursuing the identity of the hacker and appropriate action will be taken.

I truly appreciate the offer of Chief Delphi to host such an application next year, but the problem was not one of bandwidth. The problem was the direct result of malicious activity. Once we determine WHY the site was targeted, we can then begin planning how to better capture the data we need to recognize what I consider to be FIRST's most valuable resource - the team mentors. In the meantime, I hope any teams whose mentors are present and do NOT get recognized at the Championship understand that this is not intentional. I, along with the other Senior Mentors, look forward to personally meeting and thanking as many of you as possible at the Championship.

Re: Token of Appreciation
 

Nobody said anything about the site owner's nationality. The main "proof of a hoax" seemed based on the impossibly short deadline, the fact that other pages on the site also asked for personal information, and the lack of obvious identification on the original email. I think it's reasonable to expect that official communication from FIRST would come from an official FIRST source, not from an AOL address.
No?
Without looking at the server logs, it seems plausible that this was just the "slashdot effect" of having a URL published in a spot where a large number of curious people see it all at once.

Re: Token of Appreciation
 

I'm sorry, but I believe your above statements are not true. Look, go see it. It is there. It is not hacked: it is insecure. Malicious people can prey on our mentors with this publicly accessible data. This is not safe. Outside people know that these are FIRST team mentors, who will be out of town for a few days they have a full name, and a full phone number, and with that, can easily obtain a home address. I wouldn't want to return home after Atlanta to find my door busted through, and all my valuables gone. I appreciate your efforts in recognizing the mentors, but I don't think their recognition needs to come at the cost of putting them at risk for home invasion, or identity theft due to an insecure website done last minute. This is the day and age of internet safety and security. Your publicly accessible list is not safe, nor secure. Please make it so. FIRST prides itself on safety. It shouldn't be limited to only the pit area.

Re: Token of Appreciation
 

The only thing that set alarms off in my head was the fact that a phone number was asked for. I'm used to short, often rushed, deadlines in the FIRST community, the book submission being one of them. I didn't see the actual website, however, just a warning of exceeded bandwidth. I still didn't provide any phone numbers when I emailed Steve, but not because I didn't have any onhand, but because anyone can make up an email address with anything as the @address.com using AOL now.

I hope this is for real, and I don't doubt now that it isn't.

Re: Token of Appreciation
 

Sorry, but may I suggest that FSM emails not be posted in public forums? I believe they are sent to specific emails only and are not for general release.

Re: Token of Appreciation
 

Jackie,

While I thank you for your concerns regarding this issue, I hope that you realize that those who were weary were trying to protect their mentors.

Personally, I wasn't too fond of the idea. It was not a usfirst.org website, nor a usfirst.org email address. That automatically raises red flags to someone whose father's credit card has been stolen 4 times, 2 of which were online transactions. Yes, we were only asked to provide names, however when I clicked on the link sent in the email sent to me, the page did not exist, I had to follow the link in this thread.

Which brings me to my next point on how the site likely was hacked. The email's content was posted in this thread in an attempt to verify validity. There are hundreds of spiders here each day, and I imagine that the website was logged onto by one of those.

I am continuously grateful to all of the senior mentors out there and hope that they can all step out of the shadows a bit so that if a similar mass blast needs to be sent out in the future, we'll all know who it is from, and trust without confusion

Re: Token of Appreciation
 

Quite a bit more trust would have been established if it had been hosted by FIRST, NEMO, a team, or some other group associated with FIRST. It would also have been helpful to say on the page who was handling this (FIRST, NEMO, a team, a state planning group, individuals, etc). The lack of these clues, in addition to the very large security hole (both for privacy and for the server), made many of us seriously question the validity of the whole setup.

Having said that, I wish to apologize to Steve Cremer and the FIRST community at large for playing a major role in taking down the server. By taking out a legitimate site, no matter what other good doing so did, I did wrong. Nothing I say above or below changes this.

(Detailed explanation deleted by Mike Aubry Team 47 Chief Delphi)



(Detailed explanation deleted by Mike Aubry Team 47 Chief Delphi)

Understand that at the time I had good interests in mind -- protecting the FIRST community from phishing attacks.

This is also a good lesson for all those involved - webmasters writing forms, PR people writing pages, and all of us keeping our eyes out. I misunderstood the intent of the website, partly from the lack of information on the site, partly from my lack of research. I learned about unintended consequences and Murphy's law (I try to do a good thing and it turns out I'm hindering another good thing and hurting my own community).

Again, none of this excuses the fact that I unknowingly attacked and took down a legitimate site trying to accomplish an honorable goal -- recognizing mentors. Everyone involved (which is almost everyone in FIRST) has a right to dislike me for it.

If you wish to talk to me more, I will be at championships.

PS - You'll find every spoofed team has a team number greater than or equal to 2500.

Re: Token of Appreciation
 

Wow. Just.... wow. I understand that you realize this was wrong, but do you realize that this action would have been wrong even if it was not a legitimate site? This action is simply never appropriate.

Please, to you and any others reading this. Learn to be a good net citizen and handle things like an adult. Actions like this are unacceptable and are the kinds of things that give smart, computer-savvy students like yourself a bad name.

This is very disappointing. I thought our community was better than that.

Re: Token of Appreciation
 

This member of our community was acting to protect the safety of many other members of our community. While what he did may not be right, it was with good intentions, and for the greater good really. Anyone could take the information from that site, call up these mentors, and say "Hi, I'm calling from FIRST, and it appears that there was an error in processing your Championship registration payment. I need to verify your credit card information or you will be dropped from the event." or any number of other spoofs to sieze the identity of the innocent. He acted in the name of safety, and for that, we shall not punish him.

Re: Token of Appreciation
 

No. Good intentions do not excuse completely inappropriate behavior.

Correct action would have been contacting FIRST, contacting the owner of the site, posting here on CD, contacting the senior mentors, any number of things. Many of those things were already being done anyway.

Breaking the law (yes, he broke a federal law doing this!), even if you claim the intentions are valid, is not acceptable!!!

Re: Token of Appreciation
 

True, but likewise, good intentions (honoring our mentors) do not excuse pure ignorance (the publicly accessible list).

And in regards to breaking the law, I have about six thousand spam e-mails. I'm not spending tax dollars to investigate every one of those and lock up every one of those senders, and I'm thinking the rest of America wouldn't either.

But, I'm beginning to engage in a one-on-one discussion here, which is against CD rules, so,I'll stop now.

It's the championship folks! Let's leave CD behind, and admire the incredibly awesome artforms about to show their stuff in this oh so magnificent game we play!