not fair klei towards the player "kipper0k"

[Cheggf]

5 hours ago, Maxil20 said:

Kipper meanwhile was gloating about this incident, in the same discord, hours after he uploaded the trojan mods.

I hope all his bans are permanent and irrevocable. How could anyone pretend like he was just trying to draw attention to the vulnerability? He clearly wasn't. He's literally laughing about it, he just thinks it's funny. 

[Uedo]

1 hour ago, AliceShiki said:

Tbh, I think like Zarklord's response is 100% appropriate to the issue that Kipperok brought up.

"Make a server mod to download other people's local mods" is definitely not a problem. Mods are just harmless modifications to the game that simply alter game aspects, and there is nothing wrong with people using the same mod you are using locally.

Like... Yeah, who cares if that happens? Let's be real. You're most likely not even going to know other people are also using the same local mods as you, because you might very well never meet them in a server again. And even if you do find out they're using the same mod as you... So what? It's not like this will harm your game experience in any way, it's just two people using the same mod, this is definitely not an issue.

The actual real problem was that this vulnerability could let someone create a Worm or a Virus or a Trojan Horse or however else you wanna call it... This was not the issue Kipperok brought up, and Zarklord clearly didn't think of this implication. If Kipperok had brought it up as something that could potentially lead to Virus mods being created, Zarklord's response would have probably been very different, something along the lines of, "We'll investigate the issue internally and work on a solution", I'd guess.

Like, Zarklord's first reply is very clear, "At risk of what?" Zarklord clearly didn't notice the virus potential of this vulnerability, that's why the issue was handwaved... Kipperok saw a vulnerability and instead of reporting the actual issues it could cause, they reported a non-issue, then proceeded to try making a call for action by actually exploiting the vulnerability in a harmful way without even first telling Klei about the harmful ways that were possible with this exploit.

So yeah, I wouldn't even say Zarklord handwaving the issue was a problem. Someone brought up a non-issue and they treated it as a non-issue, because it was not brought to their attention that there was a real issue hidden within that vulnerability... You could maybe try arguing that Zarklord should have noticed the real harmful potential of this vulnerability themselves, but I can't take this argument seriously when Zarklord directly and openly asked what were the potential risks. I'm not gonna blame someone who took the initiative to actually ask the very perpetrator of the virus about what were the potential risks, and ended up getting an answer that didn't highlight the actual problem, only for Kipperok to create a virus later on. This just doesn't feel logical to me. Kipperok is 100% in the wrong here.

Depends, if i'm seeing how a mod I made works in a live environment, I understand the counter-point that perhaps you shouldn't join servers or have others join yours, but say for instance you have worked on an overlay mod for yourself (Many reasons to, colour blindness etc) and you enjoy playing a live environment but realistically you don't want people to really have it, it's not going to be an issue on a technical level if someone takes it (they're not your assets and you don't get the same protections for modding) but it is totally something that could be fixed, it's not a hard thing to implement.

This would be like telling your bank a very specific security issue you've noticed that isn't necessarily going to cause any issues legally or cause much damage, but is a legitimate gap in standard. Do they have to really do anything about it? No, if you're following the legal framework, you're fine. But is it something worth looking at and fixing? Yes, obviously it is if it raises security and promotes an ethical consumer standard.

It's an awful response in that regard, this is the vibe (I feel, I'm not claiming anyone else's feelings on it - before I get 8 replies of people telling i'm wrong because they don't get the same feeling) that comes about at times with Klei, the monumental dip in attitude to their community and the community management aspect of it has just rapidly declined and that's, personally, why I dip in-and-out playing this game. It STILL has such a good chance to stop being developed with the same disparate ideas all being pulled together into a Frankenstein's monster, and conclude naturally and satisfactorily. 

I just feel there's none of the charm anymore that used to be so captivating, both from the game and the community engagement. 

I agree with the ban though.

 

[Baguettes]

Uhh yeah about this. The ban was 100% deserved, honestly. It wasn't even just this, he went as far as going around and crashing Hounds Huggles (a Klei Official hosted server) by spamming chat with outrageous amounts of whitespace, up to 7652XXX lines worth of whitespace to crash clients and overload the server with packets (Referenced by a victim's chat log). The server was rendered unplayable days afterwards. Sorry, if you're doing this to send a message, you're doing it wrong. Like people said, the Bug Tracker exists for such reason.

This is clearly more for sh#ts and giggles, ruining people's days and just giving the devs more work that they could've easily been alerted to via the tracker, saving a LOT more time instead of having to track you down and ban you off the community for such behavior.

Link to said incident, filed as a bug report, is here: 

 

[ApoIIo]

lmfao. lol even.

[Bumber64]

Doesn't even seem like the exploit used was the one described in the report? More like the report was used as a way to manufacture permission to be an ass.

[YouKnowWho142]

it seems odd to me that this is even a debate, I hate the mindset of justifying bad actions to send a message especially when it affects other people

Edited May 17, 2025 by YouKnowWho142

[Duck986]

5 minutes ago, YouKnowWho142 said:

it seems odd to me that this is even a debate, I hate the mindset of justifying bad actions to send a message

It's not like other groups of people on other social media don't do that. Something in kipperok's actions can be justified for sure (like the attempt to bring attention to the problem), but his methods and damage overweights this by magnitudes of order.

Edited May 17, 2025 by Duck986

[konijnenmoed]

1 hour ago, Baguettes said:

Uhh yeah about this. The ban was 100% deserved, honestly. It wasn't even just this, he went as far as going around and crashing Hounds Huggles (a Klei Official hosted server) by spamming chat with outrageous amounts of whitespace, up to 7652XXX lines worth of whitespace to crash clients and overload the server with packets (Referenced by a victim's chat log). The server was rendered unplayable days afterwards. Sorry, if you're doing this to send a message, you're doing it wrong. Like people said, the Bug Tracker exists for such reason.

This is clearly more for sh#ts and giggles, ruining people's days and just giving the devs more work that they could've easily been alerted to via the tracker, saving a LOT more time instead of having to track you down and ban you off the community for such behavior.

Link to said incident, filed as a bug report, is here: 

 

Just a little side note: we don't know if Hound Huggles has been crashed the same way as the logs from that server showed. I made a new bug report for the chat message limit exploit, which was on another server (not the unplayable Hound Huggles at that time) and happened mid-game on a server with 80+ days at least. You can find it here:

 

Edited May 17, 2025 by konijnenmoed

[Valase]

1 hour ago, ApoIIo said:

lmfao. lol even.

I think that we can close the post then.

[Evelo]

"There is a weakness in the system! Let me exploit it and damage hundreds if not thousands of people to this weakness. I am the hero." - Kipperok probably.

[GenomeSquirrel]

As someone who used pub servers, should I look into getting anything scanned or deleted?

[Radicaljoe]

32 minutes ago, GenomeSquirrel said:

As someone who used pub servers, should I look into getting anything scanned or deleted?

 I think as long as you go into a game and still have control of your text chat you're fine. I believe klei fixed the issue awhile ago.

[JoeW]

Just to keep things from spiraling too far out of bounds here. I am not going to get into details on actions taken against a player account, but this is being mischaracterized a bit. 

What was said was not a report or statement about a serious problem, it was a casual question ("I wanted to know your opinion") somebody was asking and was given a casual response in that context. This wasn't a situation where somebody was reporting an issue and then ignored. Furthermore there was quite a bit more in the malicious mods than what was presented in that question above - which changes the context substantially. 

Miscommunication maybe - but none the less this wasn't a situation where an exploit or series of exploits had been discovered, documented and reported. In my opinion, it's really only in hindsight that one would see those comments as a "report". But back to the point. 

We did ban some things while we were investigating; however, there was a space of time where bans did not need to happen. Unfortunately permanent account bans were issued after communications with the author failed to end further disruptions. 

[Adgycarp]

7 hours ago, AliceShiki said:

Tbh, I think like Zarklord's response is 100% appropriate to the issue that Kipperok brought up.

"Make a server mod to download other people's local mods" is definitely not a problem. Mods are just harmless modifications to the game that simply alter game aspects, and there is nothing wrong with people using the same mod you are using locally.

Like... Yeah, who cares if that happens? Let's be real. You're most likely not even going to know other people are also using the same local mods as you, because you might very well never meet them in a server again. And even if you do find out they're using the same mod as you... So what? It's not like this will harm your game experience in any way, it's just two people using the same mod, this is definitely not an issue.

The actual real problem was that this vulnerability could let someone create a Worm or a Virus or a Trojan Horse or however else you wanna call it... This was not the issue Kipperok brought up, and Zarklord clearly didn't think of this implication. If Kipperok had brought it up as something that could potentially lead to Virus mods being created, Zarklord's response would have probably been very different, something along the lines of, "We'll investigate the issue internally and work on a solution", I'd guess.

Like, Zarklord's first reply is very clear, "At risk of what?" Zarklord clearly didn't notice the virus potential of this vulnerability, that's why the issue was handwaved... Kipperok saw a vulnerability and instead of reporting the actual issues it could cause, they reported a non-issue, then proceeded to try making a call for action by actually exploiting the vulnerability in a harmful way without even first telling Klei about the harmful ways that were possible with this exploit.

So yeah, I wouldn't even say Zarklord handwaving the issue was a problem. Someone brought up a non-issue and they treated it as a non-issue, because it was not brought to their attention that there was a real issue hidden within that vulnerability... You could maybe try arguing that Zarklord should have noticed the real harmful potential of this vulnerability themselves, but I can't take this argument seriously when Zarklord directly and openly asked what were the potential risks. I'm not gonna blame someone who took the initiative to actually ask the very perpetrator of the virus about what were the potential risks, and ended up getting an answer that didn't highlight the actual problem, only for Kipperok to create a virus later on. This just doesn't feel logical to me. Kipperok is 100% in the wrong here.

very well said, not just this post but also the other comments meticulously explaining why this course of action is not right. To think that it even needs explaining, alas.

All these things that transpired are a big pity and has caused nothing but grief in the community. When the io.open thingy was 'patched' ( I'm not gonna pretend to understand the details) it broke many benevolent mods, including essential mods for running moderated community servers. My perspective  is that of someone who is co-host of one such server. It caused a huge pain in the ass for my good friend Kova who is developing these type of mods that run the servers that a lot of my European friends enjoy playing in.

I have learned a set of two opposing definitions to the word "hacker":

• There is the ethical kind of hacker, who will find issues and flaws in a system, then properly notify the developers, optionally offering a solution, and allowing them the room to fix it, often without expecting any form of compensation for their good deed whatsoever.
• There is the malicious kind of hacker, the well known stereotype, who will break into a system/exploit a flaw or weakness, and cause mayhem in all kinds of ways. Either for personal gain, or for the mere sake of creating chaos.

Judging by the things that we've seen happening and even the shameless reactions by the guy himself, shown in picture format in this thread, it's obvious to me what type of hacker this person tends to be.
I'd love for others to read into this matter, looking at all the posts in this thread and the arguments that were made, and make up their mind to themselves: The things that this person has done leading up to their ban from klei, was it the ethical and morally right way to do things? To use your coding skills and knowledge to do the things they did, with whatever the intention was?

I personally don't think so.I I think that the banned person is not much more than a Malicious Hacker. I hope this post gets closed ASAP.

Kipper if you care to read this: Grow up. Find a better way to use your coding skills and talents. It's obvious that you are very clever and can do lots of great things. Please stop making this malware and ruining a video game for other people. You can do better.