Proletariat Porno
O.T.L.
Reiko Iwamaru
Shut down due to a security hole they found in zOMG!'s depths was a hole that could allow users---if this hole was exploited anyway---could allow user's to hack into the servers and hack into accounts and get into some seriously personal info if they did.
So... dangerous security hole + none of zOMG! staff members were there = shutting it down all together.
And remember how buggy and laggy zOMG! was before the shut down? And considering its old coding? The security hole is honestly unsurprising...but rather it gone instead of secretly endangering users right? It sucks, but we got our rings and other zOMG! items off soulbound, so we can sell them, trash them, etc.
Right, a massive security hole. That they must have known about for
months, because they announced they were shutting zOMG down for "maintenance"
four months before they actually shut it down. Must have been one heck of a vulnerability to kick them into action so fast, I tells ya. (But, of course, our account security was their primary concern. Except, y'know, for the fact that they left the vulnerable system just sitting there for months at a time before doing anything about it. Almost as if there really wasn't such a major vulnerability, and they just claimed there was so as to avoid saying they wanted to shut down zOMG because it wasn't making them enough money. But that would mean they weren't being honest about their reasons for shutting it down, and that would just be so unlike modern Gaia...)
As I've said before, their cover story doesn't make any sense, at least not from the information they've given. If they shut it down for a vulnerability, why did it take so long to do the actual shutdown? That they announced it so far ahead of time indicates the vulnerability shouldn't have been the reason for the shutdown, but, if it wasn't, there was no reason to shut it down at all. They claimed it was for "maintenance", but you shouldn't need to shut down a live system for that, even assuming you have anyone who knows enough about the code to perform any kind of maintenance at all, which they've claimed they didn't. Coding changes should normally be made in a separate environment than the live code, ported for testing/QA, then moved to the live system. If the alleged vulnerability existed, shutting down the live system might make sense, but then announcing it so far in advance would be dangerously irresponsible.
So, yeah: either they shut zOMG down because of the vulnerability, which means the early announcement doesn't make sense, or they shut it down for some other reason, in which case whatever that reason would be doesn't make sense. Either way, it doesn't make sense, and there's really no way to reconcile Gaia's actions and their statements in such a way that shows them to be entirely truthful about the whole situation.
(And that's not even getting into the issue of
how they found the alleged vulnerability. If no one at Gaia was familiar with zOMG's code - or even the language it was coded in, as has been claimed in the past - how did anyone even find it? Finding errors in code like that - especially if you're not looking for a specific issue - isn't particularly easy. And why was anyone even looking in the first place, after leaving it fallow all those years? It just doesn't add up.)
They announced
four months in advance they would be taking zOMG
offline to work on the coding (and maybe the servers? ). After a short while being
offline they said they found a security hole they had no idea how to fix and scrapped it.
I don't like zOMG is gone, but don't go around spreading lies.
I'm not spreading lies. I'm trying to explain why their timeline doesn't make any sense, because it doesn't.
Call the initial removal of zOMG a shutdown or taking it offline, whichever you prefer, but there's no effective difference between the terms. A system that's running but inaccessible (offline) is just as usable as a system that's not running at all (shut down). That's just a semantic issue, really.
Anyhoo, whatever you want to call it, there's still the important unanswered question:
why was the system taken offline? The answers of "to perform maintenance" or "to work on the code" just don't make any sense. As I've been trying to explain (since November, really):
you don't need to take a server offline to update its code. You just don't. There's really only two reasons I can think of that would necessitate doing so:
1) There's such a severe problem with the system that making it unavailable is better than leaving it online while it's being fixed. (Contradicted by the fact that the system was left up and running for as long as it was; either the problem was known and the system was left running with it, or the problem wasn't known and thus there was no reason to take it down.)
2) The only place you can modify the code is on the live production server. Voice of IT experience: you don't do that. It's just such remarkably bad form to handle code in that manner that it's impossible to believe that a web-based company could survive this long while following such egregiously bad practices. You keep your code in a development environment, firewalled from being accessed by the Internet at large. You make your changes, then port the code to a test environment (also inaccessible to the Internet at large) to work out as many kinks as you can. Then - and only then - do you port to the live environment. But there is no reason to take the live environment offline while you do all that; if you're not having any major issues, there's no reason the older code can't be run on the live system until the new code is ready for production. (And if there is a major issue, we go back to the previous point.)
So, again,
why was the system taken offline? If the claimed vulnerability did indeed exist, that would justify that decision, but then we hit the timeline problem: they announced it months ahead of time, so, if the vulnerability was the reason, why was the system not shut down immediately upon its discovery? If it wasn't discovered until after taking the system offline, for what reason
was the system taken offline, since it shouldn't have been for routine code updates?