Token of Appreciation

JohnBoucher · December 31, 2018, 9:04pm

Getting a server error. We’ll email Steve

Bandwidth Limit Exceeded

The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.
Apache/1.3.37 Server at www.rackandroll.alakmalak.net Port 80

Mark_McLeod · December 31, 2018, 9:04pm

I assume this includes NEM’s?

Elgin_Clock · December 31, 2018, 9:04pm

Thanks Kathie and Jenny for the quick replies!!

I’m sure this puts some people at ease now. lol

Beth_Sweet · January 3, 2019, 12:13am

I included me, so go for it!

Astronouth7303 · December 31, 2018, 9:04pm

What was that email again?

RoboMom · January 3, 2019, 12:13am

Mark,
Of course!!!
The NEM’s are recognized as important members of a team.
The NEMO annual meeting is even listed in the “Essential Information” this year.

To address the other questions:

Not all areas have Senior Mentors. Steve is trying to reach out to the areas where he might not be able to capture the mentor names.
I sent him the 50 that I know of attending from Maryland from FVC, FLL and FRC. We have mentors (and a student from each team) from many of the Baltimore area teams attending after an invite from Team 1727, the Chesapeake RCA winner. A stuffed bus!

Mike_Martus · December 31, 2018, 9:04pm

I was asked by Steve Cramer from FIRST to post his e-mail.
scremer@usfirst.org.

Steve works for FIRST and is collecting the names of 4 mentors from each team to be able to give them a special gift delivered to their pit at the Championship.

YES this is for real … I checked.

The problem is that the response to the link he provided cannot handle the traffic ( I offered Chiefdelphi.com next year).

Time is short! He needs your team number and the 4 mentors you want to get a gift - ONLY four please.

E-mail him if you have not already done so.

RoboTIP · January 3, 2019, 12:14am

Mike Martus:

The problem is that the response to the link he provided cannot handle the traffic ( I offered Chiefdelphi.com next year).

Hi! This is a random person named Jackie Moore. I serve as the FIRST Senior Mentor for Illinois. I am working with Steve Cremer to try to recognize the many wonderful mentors who work tirelessly with the students on FIRST teams, but are often overlooked in the big picture. I apologize in advance for the length of this post.

Let me start by replacing some mis-information with facts.

The URL to the web page in question was communicated ONLY to primary contacts of teams officially registered to attend the Championship. It was not publicly shared anywhere else (other than by the person who posted it on Chief Delphi). The page requested (NOT required) ONE phone number - that of the person completing the form - to be used only if there were questions about the names supplied. There was (by design) no request for contact information for any of the mentors.

The only way anyone could access the resulting data would be to hack into the site and hack into the database. A successful hack would generate only a list of names. There was no way this information could be harmful to anyone. In fact, the delay in getting the email out was in some ways linked to the desire to be as careful as possible about protecting the privacy of the mentors we wanted to honor. (We also couldn’t contact all teams until all teams were identified after the 5th week events) There never was a ‘public listing of mentor names and phone numbers’ nor was that data ever contained in the resultant database. Anyone who has such a list obtained it illegally from some other source.

To collect the names of the mentors to be recognized, I obtained the services of a student at IIT (that would be the Illinois Institute of Technology reference ‘uncovered’ by the person looking for the source of the presumed hoax). This student’s willingness to help is consistent with the great mentor support we in Chicago have enjoyed from IIT. In fact, last year, IIT’s Office of the President underwrote our local Mentor Recognition Event. This is in addition to the financial support IIT provides the Midwest Regional Event and the great support they give local teams. The particular student helping us on this effort happens to have a global business providing internet services.

I am extremely disappointed and personally offended that the fact that this student is from India intensified the belief that the site was a hoax. The alleged search for the truth, readily revealed the truth (company name, site owner, etc), but it wasn’t seen as truth because the search was really for proof of a hoax. Would the same conclusion have been drawn if the domain name sounded more “American” or if the site owner’s name had been Johnson? Afterall, the approach taken by this web developer is similar to many big name companies who host sites for their clients.

For his willingness to serve, this student’s server suffered a denial of service attack which sadly seems to have originated from within the FIRST community. The center letter of FIRST stands for RECOGNITION and should be secondary only to Inspiration. Why then, is it so hard to believe that someone truly wanted to recognize mentors?

For those questioning why the URL was used to gather the information, please be aware that while some of you are fortunate to have a Senior Mentor in your area, most teams do not. While some Senior Mentors offered to help by supplying names, if we only collected the names of the teams being served by the 20 Senior Mentors, we would miss more than half of the mentors at the Championship. Relying on email only, meant that someone would have had to manually enter what could easily be 3,000 names, resulting in 3,000 opportunities to introduce an error. If each team’s main contact entered the names, we would then have fewer opportunities for error, and a more manageable process for completing our recognition plans.

Unfortunately, someone decided they did not like that approach and deliberately trashed the database. This occurred sometime between the midnight posts proclaiming the site was a hoax and therefore should be shut down, and 9:00am. As a result, Steve Cremer has been frantically entering names for the past few days so we can be ready for the Championship. In addition, an entrepreneur and supporter of FIRST has become the victom of a hacker. The destructive action against the IIT student’s server and database is not being taken lightly. We are activley pursuing the identity of the hacker and appropriate action will be taken.

I truly appreciate the offer of Chief Delphi to host such an application next year, but the problem was not one of bandwidth. The problem was the direct result of malicious activity. Once we determine WHY the site was targeted, we can then begin planning how to better capture the data we need to recognize what I consider to be FIRST’s most valuable resource - the team mentors. In the meantime, I hope any teams whose mentors are present and do NOT get recognized at the Championship understand that this is not intentional. I, along with the other Senior Mentors, look forward to personally meeting and thanking as many of you as possible at the Championship.

Alan_Anderson · January 3, 2019, 12:14am

Nobody said anything about the site owner’s nationality. The main “proof of a hoax” seemed based on the impossibly short deadline, the fact that other pages on the site also asked for personal information, and the lack of obvious identification on the original email. I think it’s reasonable to expect that official communication from FIRST would come from an official FIRST source, not from an AOL address.

…the problem was not one of bandwidth…

No?

Bandwidth Limit Exceeded

The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.

Without looking at the server logs, it seems plausible that this was just the “slashdot effect” of having a URL published in a spot where a large number of curious people see it all at once.

sanddrag · January 3, 2019, 12:14am

I’m sorry, but I believe your above statements are not true. Look, go see it. It is there. It is not hacked: it is insecure. Malicious people can prey on our mentors with this publicly accessible data. This is not safe. Outside people know that these are FIRST team mentors, who will be out of town for a few days they have a full name, and a full phone number, and with that, can easily obtain a home address. I wouldn’t want to return home after Atlanta to find my door busted through, and all my valuables gone. I appreciate your efforts in recognizing the mentors, but I don’t think their recognition needs to come at the cost of putting them at risk for home invasion, or identity theft due to an insecure website done last minute. This is the day and age of internet safety and security. Your publicly accessible list is not safe, nor secure. Please make it so. FIRST prides itself on safety. It shouldn’t be limited to only the pit area.

Jeremiah_Johnson · December 31, 2018, 9:06pm

The only thing that set alarms off in my head was the fact that a phone number was asked for. I’m used to short, often rushed, deadlines in the FIRST community, the book submission being one of them. I didn’t see the actual website, however, just a warning of exceeded bandwidth. I still didn’t provide any phone numbers when I emailed Steve, but not because I didn’t have any onhand, but because anyone can make up an email address with anything as the @address.com using AOL now.

I hope this is for real, and I don’t doubt now that it isn’t.

JohnBoucher · December 31, 2018, 9:06pm

Sorry, but may I suggest that FSM emails not be posted in public forums? I believe they are sent to specific emails only and are not for general release.

Beth_Sweet · December 31, 2018, 9:06pm

Jackie,

While I thank you for your concerns regarding this issue, I hope that you realize that those who were weary were trying to protect their mentors.

Personally, I wasn’t too fond of the idea. It was not a usfirst.org website, nor a usfirst.org email address. That automatically raises red flags to someone whose father’s credit card has been stolen 4 times, 2 of which were online transactions. Yes, we were only asked to provide names, however when I clicked on the link sent in the email sent to me, the page did not exist, I had to follow the link in this thread.

Which brings me to my next point on how the site likely was hacked. The email’s content was posted in this thread in an attempt to verify validity. There are hundreds of spiders here each day, and I imagine that the website was logged onto by one of those.

I am continuously grateful to all of the senior mentors out there and hope that they can all step out of the shadows a bit so that if a similar mass blast needs to be sent out in the future, we’ll all know who it is from, and trust without confusion

Astronouth7303 · December 31, 2018, 9:07pm

Quite a bit more trust would have been established if it had been hosted by FIRST, NEMO, a team, or some other group associated with FIRST. It would also have been helpful to say on the page who was handling this (FIRST, NEMO, a team, a state planning group, individuals, etc). The lack of these clues, in addition to the very large security hole (both for privacy and for the server), made many of us seriously question the validity of the whole setup.

Having said that, I wish to apologize to Steve Cremer and the FIRST community at large for playing a major role in taking down the server. By taking out a legitimate site, no matter what other good doing so did, I did wrong. Nothing I say above or below changes this.

(Detailed explanation deleted by Mike Aubry Team 47 Chief Delphi)

Understand that at the time I had good interests in mind – protecting the FIRST community from phishing attacks.

This is also a good lesson for all those involved - webmasters writing forms, PR people writing pages, and all of us keeping our eyes out. I misunderstood the intent of the website, partly from the lack of information on the site, partly from my lack of research. I learned about unintended consequences and Murphy’s law (I try to do a good thing and it turns out I’m hindering another good thing and hurting my own community).

Again, none of this excuses the fact that I unknowingly attacked and took down a legitimate site trying to accomplish an honorable goal – recognizing mentors. Everyone involved (which is almost everyone in FIRST) has a right to dislike me for it.

If you wish to talk to me more, I will be at championships.

PS - You’ll find every spoofed team has a team number greater than or equal to 2500.

Dave_Flowerday · January 3, 2019, 12:14am

Wow. Just… wow. I understand that you realize this was wrong, but do you realize that this action would have been wrong even if it was not a legitimate site? This action is simply never appropriate.

Please, to you and any others reading this. Learn to be a good net citizen and handle things like an adult. Actions like this are unacceptable and are the kinds of things that give smart, computer-savvy students like yourself a bad name.

This is very disappointing. I thought our community was better than that.

sanddrag · January 3, 2019, 12:14am

This member of our community was acting to protect the safety of many other members of our community. While what he did may not be right, it was with good intentions, and for the greater good really. Anyone could take the information from that site, call up these mentors, and say “Hi, I’m calling from FIRST, and it appears that there was an error in processing your Championship registration payment. I need to verify your credit card information or you will be dropped from the event.” or any number of other spoofs to sieze the identity of the innocent. He acted in the name of safety, and for that, we shall not punish him.

Dave_Flowerday · January 3, 2019, 12:14am

No. Good intentions do not excuse completely inappropriate behavior.

Correct action would have been contacting FIRST, contacting the owner of the site, posting here on CD, contacting the senior mentors, any number of things. Many of those things were already being done anyway.

Breaking the law (yes, he broke a federal law doing this!), even if you claim the intentions are valid, is not acceptable!!!

sanddrag · January 3, 2019, 12:14am

True, but likewise, good intentions (honoring our mentors) do not excuse pure ignorance (the publicly accessible list).

And in regards to breaking the law, I have about six thousand spam e-mails. I’m not spending tax dollars to investigate every one of those and lock up every one of those senders, and I’m thinking the rest of America wouldn’t either.

But, I’m beginning to engage in a one-on-one discussion here, which is against CD rules, so,I’ll stop now.

It’s the championship folks! Let’s leave CD behind, and admire the incredibly awesome artforms about to show their stuff in this oh so magnificent game we play!

Daniel_LaFleur · January 3, 2019, 12:14am

There’s an old saying: “The road to hell is paved with good intentions”

Doing wrong, even while intending to do good, is wrong. The proper thing to have done was to report the possible phishing to the proper people (in this case the webmaster of the site, FIRST, and possibly the FBI {as federal laws may be being broken}).

Vigilanteeism (and thats what this is) is never acceptable, and should not be condoned by any community, especially one that proports itself as being GP.

It is my hope that Astronouth7303 and the rest of the CD community have learned from this experiance that it is better to work within the system than to take it upon oneself to go outside the laws.

sanddrag · December 31, 2018, 9:07pm

I’ve thought about this, and I do have to agree. The creation of the site to recognize the mentors seemed like a rushed effort. The takedown of the site was also a rushed effort. Neither was done properly. Both sides did some wrong here, and everyone has learned something, and I think we can move on. Can I get a thread close?