CyanogenMod.com hijacked. Transition to CyanogenMod.org(cyanogenmod.org) |
CyanogenMod.com hijacked. Transition to CyanogenMod.org(cyanogenmod.org) |
edit: thanks to the mod that fixed it :)
The change doesn't really lose information; almost everything in the original title was false. Perhaps a better title would be "cyanogenmod.com hijacked by rogue admin, transitions to cyanogenmod.org". But the usual policy here when changing titles is to change it to the original title of the article, which is what it is now.
If it's a bot, you could have some random gunk in there, and it would flip over automatically. If it's human, they might not accept a (hex|base64|...) encoding of some magic number. Of course, said human could also read this, know what was going on, and modify their behavior accordingly.
Tricky.
I don't think it's a bot; it's just that the policy is that if the title is misleading or sensationalist, to prefer the original title of the article over anything else. So that's what the admins go with the vast majority of the time if anyone complains. In this case, the hijacking really is relevant, so they added that part back in again.
While it's true that cyanogenmod.com going down may not serve a functional problem to most people but it is a pretty sad story. I have used Cyanogen on a couple phones and all my Android devices use the Clockwork recovery, which is an incredible tool. I don't know the specifics but I don't think anybody on the Cyanogen team was receiving money for their work. Granted, there are premium versions in the Play Store, but certainly nobody is getting rich of Cyanogen or clockwork.
The fact that somebody is screwing them over just to make a couple bucks seems pretty terrible to me. These guys do this for fun and for the good of the community (not to mention for the good of Google), so my heart really goes out to them. I hope you get everything sorted out and get everything back up.
There is a PayPal donation form at the bottom of their site. I have donated in the past when they have asked and I'm sure I will this time if they make an appeal to pay for legal fees.
Again, so sad to see this happen to such a great group of devs.
And in the thread, he mentions that Swappa is doing the same thing, $500 a month plus $10 per device sold, though there's no way to verify if that's true. Swappa claims to donate $5 per device sold to Cyanogenmod, though who knows if that's been going to the actual project or this joker. http://swappa.com/cyanogenmod
That's some pretty serious fraud there, if this is true.
http://www.cyanogenmod.org/blog/domain-situation-has-been-re...
They will stay with the .org domain though, and have the previous .com domain redirect to it.
[1] http://get.cm/
And at worst, a policy of signing all emails makes it so he can't be framed; someone can't alter mails and claim they were sent in that state, and if this guy thought he was going to be caught and went into the mail server to try and plant the evidence so that when the deals fell through the real Cyanogen was still on the hook, he wouldn't be able to reproduce a valid signature and one would say "Cyanogen was obviously framed, as he would never certify a deal in an email without a cryptographic signature".
Just curious.
"Hi, we noticed that you are selling these cards with CyanogenMod builds. We do not however seem to have any agreements in place for this and feel it's only fair that you start contributing to the CyanogenMod project to continue selling your products."
And due to the small size (and lack of funds), the CyanogenMod.com domain was bought by a third-party back in 2009 and donated to CM, when CM was a much smaller project and had no online presence besides XDA.
I must be missing something (and speaking from a US perspective), but was $10 really unattainable in order to secure a domain? Three years worth would have been $30-ish dollars now. Genuinely curious what led up to this scenario.
Note: it's a shame most of the comments here are about the title of this post.
Indeed, I check the HN comments for interesting conversation, not drivel about whether or not the submitted article's title is sensationalist.
I always shiver a little if I have to dive into xda-forums, but this takes it to the next level. Puts all the actual hard working developers in a bad light.
Even once Android came out, there are enough binary blobs, like the actual phone firmware, drivers, the Play Store, the Google Apps, and so on, that a lot of the mods are just redistributions of the binary packages with a few configuration changes and some custom software on top, rather than a rebuild from source of AOSP.
I used to help run a convention, and one year the person who had designed the program book decided he deserved compensation and demanded a similar amount of money to let us use the design. We were left with only a couple of days to come up with a new design.
"we've already had this conversation. The DNS was changed in preparation to hand the domain back to Steve. You all jumped the gun." https://twitter.com/MrADeveci/status/268837555129167873
"DNS propagation can take 72 hours. The domain was transferred about an hour ago. It was transferred to another UK registrar." - https://twitter.com/MrADeveci/status/268881716876300288
UPDATE: Seems he really has handed the domain back now?: http://www.cyanogenmod.org/blog/domain-situation-has-been-re...
As you say, it's unlikely that there would be any intervention that quickly.
If the accused asshat actually paid for the domains at all, that's a whole nother story as they say.
Their original website was taken offline by a (now former) developer, forcing them to change domains. Seems like the title is perfectly accurate.
Imagine the headline "LA Lakers Closes!" That tells me the basketball team is no more. But, if instead their website was closed for a planned relaunch, then the headline should read "LA Lakers' Website Closes!" or "LALakers.com Closes!"
But in that case, no domain was transferred, it was just confusing from the start.
I think a simpler "we've been betrayed by an insider with access to everything, here's how we're fixing it, and yes, we're pursuing legal methods for dealing with this" would have been better. Leave out the gory details about who's hurt and whatnot. This is business. Still, this is better than half of the other "we've been betrayed" posts I've seen.
I cannot emphasize enough to developers and to startups: all war is about money, all business is about money. When you get to the point that you are making money, you are in business... and all business is war (imo). If you go in thinking like that (not freaked paranoia, but strategic defensive development), you will avoid a lot of this trauma.
I feel for you guys, I've been there.
Google already give you cyanogenmod.org when you search for cyanogenmod. Was this always their preferred domain, or is Google just that quick to update?
Post on cyanogenmod.org for those who prefer not to use Facebook: http://www.cyanogenmod.org/blog/psa-transition-to-cyanogenmo...
For the sake of posterity, the original title was "Cyanogenmod taken offline by developer", and the link was to the same story, but posted on Facebook.
Alternatively, you could use SSL certificates, but since the attacker controlled cyanogenmod.com, he probably could have social-engineered the CA to issue him an email certificate.
Trust is hard.
Anyway, the current headline is now more misleading, since it omits what makes the story interesting, and they aim to get the original domain back in any case. (This is the case even though the blog post has that same title.)
But I totally get the judgement of the previous editor as well. When in doubt, and given a poor headline (nah, it didn't say .com), go with the headline of the article that is linked. It's a good rule of thumb, and this was the exception.
Thanks for rolling with the punches, whoever is pulling strings.
The person owning the CyanogenMod.com domain was caught impersonating Steve to make referral deals with community sites. When confronted and asked to hand over control of the domain amicably, he decided he wanted 10K USD for it, which we won’t (and can’t) pay.
but, that could be a mistake if "owning" meant he simply took control of it at some point over the years.
(The confusion could have been avoided by assigning a nym to anyone who they didn't want to name explicitly.)
Again I don't think the title was meant to read that way, but yeah I agree that was not clear and the new title/direct link is much better.
So let's all go answer or up-vote philp's comment!
There's also the possibility that the developers had access to the "Google Webmaster Tools" for cyanogenmod.com, even though they didn't own the domain, and so just told Google that the site had moved.
Registrant:
MetServe Enterprises Limited
Kemp House
City Road
London, London EC1V 2NX
GB
Domain name: CYANOGENMOD.COM
Administrative Contact:
Enterprises, MetServe info@metserve.com
Kemp House
City Road
London, London EC1V 2NX
GB
+44.2081232629
Technical Contact:
Enterprises, MetServe info@metserve.com
Kemp House
City Road
London, London EC1V 2NX
GB
+44.2081232629
Doesn't have a person's name though.His profile on twitter says "Entrepreneur, with a passion for website design, development and all things technology. Director of Metserve Enterprises. London, UK · http://www.mradeveci.com
That seems like the guy.
Anyway he is having a conversation with the CM team over Twitter.