Blue's WordPress Blog

Regular readers – yeah, right – might remember this post where I mentioned the ezboard CEO WordPress Blog entry where Labatt makes reference to a subset of the employment opportunities at ezboard / Yuku.

One vacancy he didn’t mention was the one for a Vice-President in charge of Revenue Development. On offer is “cash compensation in the six figures and equity options in the company” for anyone who takes the job and is successful in the role.

That’s a lot of money to be paid for from venture capital and/or advertising revenues. Maybe that’s why the whole issue of advertising revenue sharing with the Yuku board owners that was the USP when Yuku was launched at DEMOfall in 2005 has quietly disappeared from the public Yuku agenda?

And something else that’s been troubling me: remember the post from Labatt where he seeks to dispell rumours of lavish lifestyles?

“Rumors of yachts and mansions et al make us laugh (I wish. There are no yachts.  The closest we are to a yacht is my daughter’s yellow rubber ducky, and it is 3 inches long.)”

Perhaps the cost of living in San Fransisco is very high indeed, because if Labatt can afford to pay one of his staff a six figure sum then I’d expect him to be able to afford more than a rubber ducky.

If you were wondering what the demographic is that ezboard are seeking for Yuku, then look no further than this post from ezboard, Inc.’s CEO.

Follow the link to the NikeTalk ezboard – if you’re following the link from Labatt’s blorum be careful which bit you click on as even after three attempts he still hasn’t managed to get the links done properly – and then look at RawSheed’s userpic. Nothing too extraordinary there.

Now click on the name RawSheed to view his profile, now migrated to Yuku, where they allow animated userpics. Maybe the woman is in pain or about to sneeze? Hmm. I don’t think so…

Oh and don’t forget that by clicking on the link Labatt (and now I) so helpfully posted, you’ll be pushing up the cost of their Gold Community renewal so more revenue for Labatt.

Talking of Robert Labatt, ezboard, Inc.’s CEO, I just popped over to Labatt’s Yuku blorum and saw a post where he appears to be trying to emulate the guy Tom from MySpace, grinning inanely, wearing a stupid hat and giving a Yuku image the thumbs up.

He’s like that embarrassing relative when you were a kid…

Of course, clicking on the user profile of RobBusiness(d) we find that “that user was deleted from our system”

Can’t say I blame them, really…

It seems Robert Labatt is taking to heart what I’m writing here and that I’ve upset him. He’s made another couple of updates to his WordPress CEO Blog.

He writes:

“ezboard services are running in top form as well, with no recent downtime.”

Now I know that ezboard has been carefully deleting sticky topics noting server downtime in the ezboard Help [sic] Forums but if you read their Server Status Forum you’ll see that despite those deletions there are still a number of reports of servers being down. So either the ezboard customers are lying or mistaken or Labatt is.

Then Labatt seems to finally realise that it’s no good for him to make promises his minions can’t keep and that people like me will continue to point out when they again fail to meet their deadlines:

“Because I get nastygrams every time I give out a date on when something is going to be done I am only going to say that this is the order for the development of new stuff that we are working in on Yuku.  I expect most of it to be done this summer…but we’ll see.”

Hmm. In other words “the dates I’ve given you in order to encourage you to soldier on with ezboard throughout the spring were all pie in the sky. I don’t have a clue when we’ll manage to get Yuku working properly enough for you to begin migrating your ezboards across”. Pathetic really.

He goes on:

“I’ve been reading and occasionally posting on boards where folks are saying “I am worried”, “let’s consider moving off ezboard”, “those guys never get anything right” etc.  In response to those posts I’d like to say, you don’t have to do anything today.  Don’t panic.  You will have plenty of notice when there are major changes to ezboard.  And for the “they’ll never get it done” folks, can I remind you of the 100% uptime in the last 9 months and the near flawless account importing from ezboard to Yuku.”

I’d hazard a guess that the only ones panicking at the moment are ezboard! And maybe they should try posting in the Server Status Forum to tell their customers they’re all wrong about servers being down: they must be wrong, surely, if ezboard have had 100% uptime?

And that “near flawless” account importing? ezboard must have a different definition of “flawless” to mine. ezMish was boasting how she’d sorted 100 account migration support tickets in one day. 25,000 account migrations so far out of 14,000,000? Good grief… A 2% failure rate on that is 280,000 failures, with Mushy working 100 a day, it’ll only take 7½ years for her to clear them

But wait a minute! Labatt says that they’re “getting things done, reliably and responsibly” and they’ve tested the account migrations before they rolled it out. Except it clearly isn’t reliable!

Oh dearie me!

So ezboard calculates the charges it will make for its boards on the basis of its webstats. There’s no way for a board owner to check those page views or daily visits: you have to take everything ezboard tells you on trust.

Apparently, the Big White Taxi Service ezboard were having problems with the server being down having just renewed their Gold Community Status. I had a closer look.

Turns out they’ve just paid $526 for a year’s renewal. That’s £289. My hosting for a vBulletin board is £126 for a year.

Money for old rope…

Then I looked a bit further to make a proper comparison. Their board stats:
Founded: July 18, 2002
Daily Posts: 74
Total Posts: 86891
Daily Visits: 6199
Total Visits: 5558836

Ours?
Moved: July 1, 2005
Daily Posts: (ave.) 225
Posts today: 280 and climbing…
Total Posts: 81,759
Daily Visits: 1,600

Now, what stands out for me are:

1. We’re averaging three times as many daily posts as they are;
2. We’ve got nearly as many posts in one year as they have in four years; and
3. How is it that our ‘proper’ webstats show a quarter of their daily visits and yet we get three times as many posts?

Maybe their board just has a lot of readers? I can’t really see that as being the case.

Whatever the case, may be, ezboard isn’t a cheap option.

You know, one of things that keeps popping up in my mind when I think of the ezboard “hacking” incident – aka the Great ezBoard Disaster of 2005 – and the authentication hack noted here is a question.

If your basic, common or garden ex-ezboard user can find out that a hack has taken place and trace the source of that hack, why can’t ezboard, Inc. combined with the technical skills and expertise of the FBI manage to do likewise after more than a year?

I forgot to mention, Rob Labatt writes in his Yuku entry on 23 June 2006 that:

“BTW, we have fixed the slowness/outage issues mentioned earlier today.”

Excellent stuff. So I did my little speed test at around 3.00pm BST today, i.e. 7.00am at Yuku’s San Francisco base. I emptied my Firefox browser, closed it down and restarted it then started a stopwatch the moment I went to http://help.yuku.com then to its “Help forum and potential bugs” forum and then to its first non-sticky thread. At each point I waited for the page to be loaded before clicking on and stopped the clock the moment that last thread was finished loading. There were seven people online.

38 seconds.

Then the same on my vBulletin forum on one of 1&1 Internet’s shared servers. Loaded the board’s home page, then clicked on a public forum and then the first non-sticky thread (which had more avatars, etc. to load than the Yuku one). There were 16 users online including the Google Spider and two instances of the Yahoo! Slurp Spider to slow things down.

10 seconds.

I wonder how slow it’ll be when all the ezboard users and the ezboards themselves have been migrated over? 

If you recall, ezboard, Inc. claimed to have been the victim of a hacker when they lost 70,000 or so messages from our ezboard alone when the alleged hacker deleted current posts and the “backups” that we were paying them to keep for us – see my earlier post on this.

Following this data loss and the ensuing debacle with ezboard, Inc. clearly being caught with their pants down, followed by one of their Customer Services [sic] people making false accusations against me when I began asking awkward questions of them, I began watching and taking part on a board hosted by ezboard. As more and more details emerged in that forum, ezboard’s employees started editing and deleting posts and banning users taking part in an effort to silence us. Fortunately, copies of posts were kept and shortly before ezboard deleted the message board in its entirety, a full backup copy of the board was taken. Ironic isn’t it that some users could achieve what ezboard themselves had failed to do.

In the meantime, a number of us users were invited to start posting on a similar message board hosted by InvisionFree which was basically private for viewing purposes. That board included the only link at that time to the ezboard backup hosted on a secured server elsewhere. The server logs started showing access attempts from a number of unidentified IP addresses, so that raised some questions as to who they were and how they knew about the backup.

Around that same time, I discovered a security flaw in Yuku: in common with most message board systems, the board Administrators and Sysops can see the IP address of the person making posts on the board. Unfortunately, the implementation of Yuku at that time was such that although the IP addresses of those posting on forums such as the Yuku Help [sic] Forums were not visible when viewing the forums in a browser, they were as soon as the source code was viewed, so that any Tom, Dick or Harry could see the IP addresses of anyone who’d posted on the Yuku Help [sic] Forums.

Cross-checking the IP addresses from those running authentication hack attempts and the IP addresses for ezboard’s staff and CEO revealed a number of matches. Attempts had been made to access the ezboard backup using usernames and passwords that would only have been known to the ezboard users or those with enhanced privileges at ezboard, Inc.

Another message board has since been set up on InvisionFree to discuss ezboard and Yuku following the infiltration of the first one and there is a full discussion about the successful authentication hack attempt in this thread, which I’ll reproduce below:

“How ezboard employees hacked into my server…, … and our former Invisionfree board!

Yes, you read that right. The company who claims to be hacked in May 2005 accessed without permission my private webserver starting the 16th of february 2006, and after access was restricted with a password continued trying to access it after using a so-called authentication hacking attack, in this case using ezboard usernames and passwords trying to get in. This attack, logged in detail on my server, initially failed. The authentication was eventually cracked by a ezboard employee using information gleaned from a cloaked forum at Invisionfree called EzDisasterOf2005, a community for ezboard critics only. This forum only could have been accessed by using usernames and password equal to those at ezboard that some people used on that forum. A little further checking has given us evidence that at least one account had been breached that way and was used up until the 15th of April to access that private forum before all the passwords were changed. Of course by then we already basically stopped posting in that place and started a public one again; the one you’re reading right now.

Also I’ve learned ezboard filed complaints at Invisionfree about violation of certain copyright (against a private and cloaked forum they had no authorized access to!). Even though these few bits were removed in the end the complaint had no legal base at all, since criticism, comment and parody are fair-use, and so this was basicaly just plain harassment by ezboard, added to their unauthorized access.

Let me try to put it into context a bit and add some specifics as well. I have left some detail like IP addresses and hostnames out for security reasons. But you can be sure I’ve them all ready if challenged to provide them!

On February the 18th without any warning ezboard closed down a board called The Great Ezboard Disaster of 2005. It was locked down claiming accordance with the Terms of Use. Why exactly a board that existed already ten months, discussing quite candidly the The Great Hack as well as the future of ezboard and the coming Yuku was closed will remain a question. It doesn’t matter for this story though, even while I’ve some ideas since some material was posted there in February by a ‘newcomer’ that was censored out immediately by ezboard staff without warning. Maybe material for a future follow-up…

Back to that locked down board. In the summer of 2005 some of the members there already felt the need to have a cloaked board away from ezboard and started a private community at Invisionfree to speculate more freely about things all the while thinking ezboard might close down the older public board at some point. When posts at the original board, The Great Ezboard Disaster of 2005, started being edited by ezboard staff in February 2006 some of us wondered if the last days of that community finally had been entered. This brought me to the action of spidering the board to create an off-site archive. After spidering it was converted in into a PHPBB for ease of search by a great phpbb-mod called ezboard-conv.

After having posted the URL to the archive at the private and cloaked Invisionfree board for reference, right away a lot of IP addresses started accessing the archive. Some of those were very familiar but some were not: they belonged to ezboard staff. The way I knew this is because back then IP-addresses showed up in Yuku when posts or announcements were made by staff or the CEO. This ‘feature’ was disabled later on but helped to track down this hack. There are a couple of other sites where over time the link between IP and certain ezboard staff could be verified. It’s a 100% match without any doubt in terms of dynamic IP addresses or things like that. What do we have exactly then?

Unauthorized access of the private archive by so-called ezmods, to be more precise “alison aka ezAtlas aka Pink”, “mishmaroo aka ezMish”, “GoalieAunt” and “jennifer aka Ezjennifer”, as well as access from what appears to be a San Francisco office where ezboard often operates out from, using Covad as DSL supplier (just to let you know we have the details here). The most serious authentication hacking attack occurred from this last address only and we can only assume the ezmods followed or assisted in…. whatever they were looking for in an archived ezboard community they had nuked the day before themselves! The evidence of the authentication hacking consists of a logfile showing several ezboard accounts and passwords being used that were in use at the original ezboard community, see also the attachment to this post. All from the same IP address in San Francisco, one I know is used by ezboard staff, one I know is used to post CEO announcements and by the main developer at times.

I don’t know who accessed our private forum at Invisionfree using ezboard usernames and passwords from their user administration but we know from logfiles ‘mishmaroo Ezmish’ was still reading there in April 2006. We tracked down the account she had hijacked for this purpose and changed passwords there too.

So here we have the whole wonderful ezboard family, the ones we’re supposed to love and trust and feel bad for how they were ‘hacked’ in May 2005. But if hijacking accounts of other messageboard systems and guessing passwords to enter private servers is the habit for these people, I really start to wonder if these people can be trusted to tell the truth about anything at all, especially when they claim to be ‘hacked’ by some very mysterious shadowy hacker who had access to almost everything.

The case is too complex for a legal battle over hacking since my private server was not in the USA. While a case has been filed at various abuse departments the abuse is just too small for ISPs to take much action. But perhaps the truth can get out with this post nevertheless.

This boils down to ethics: why ezboard, as a ‘respected’ company, should attempt to access our password protected backups (as if they can be trusted with it), why they should hack, infiltrate or attempt to harass consumer groups. Feel free to respond or just draw your own conclusions.

(Attached: cleaned up logfile with authentication hacking in progress)”

This is what the attachment says:

h-68-167-xxx-xx.snfccasy.covad.net – - – [23/Feb/2006:09:55:47 +0800] “GET /ezboard/archive/tged2005/index.php HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – Dinkster123 xxxxxxx [23/Feb/2006:09:56:40 +0800] “GET /ezboard/archive HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – Dinkster123 xxxxxxx [23/Feb/2006:08:57:08 +0800] “GET /ezboard/archive/ HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – I love MJNet xxxxxxx [23/Feb/2006:10:12:13 +0800] “GET /ezboard/archive/ HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – RichardHMorris xxxxxxx [23/Feb/2006:10:12:40 +0800] “GET /ezboard/archive/ HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – zanack xxxxxxx [23/Feb/2006:10:13:21 +0800] “GET /ezboard/archive/ HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – AutobotXYZ xxxxxxx [23/Feb/2006:10:13:53 +0800] “GET /ezboard/archive/ HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – soggybendoggy xxxxxxx [23/Feb/2006:10:14:19 +0800] “GET /ezboard/archive/ HTTP/1.1″ 401 409 h-68-167-xxx-xx.snfccasy.covad.net – finally got it! xxxxxxx [23/Feb/2006:11:48:16 +0800] “GET /ezboard/archive/tged2005/index.php HTTP/1.1″ 200 21669 

Like the original post says, draw your own conclusions.

Of course, given that ezboard, Inc.’s CEO apparently reads this Blog (or at least someone claiming to be him and using the same IP address range as our records indicate), Rob Labatt might choose to ’set the record straight’ by commenting here…
 

The final update from Rob Labatt on his Yuku thing brings into play the “Feature Voter” – you’ll have to be registered with Yuku and logged in to actually view or use this facility.

Yuku say:

“At Yuku we believe that you know what features you want and when you want us to build them. We created the Yuku feature poll so you can tell us what features you want us to develop next.”

I’m frankly amazed that at this stage in Yuku’s development, some of the features being discussed are still at the “will we, won’t we” stage, given that most of them are already included in competing products available today (no, really available today…).

Not included amongst the features to be voted on are such items as the promised advertising revenue management sharing, the board backup facility – now promised to be available “eventually” (!), etc. but then given that the list is written by Yuku rather than the users, it’s not surprising they’re missing.

Amongst the items included are those they’ve already announced such as the Photobucket integration I mentioned earlier! No doubt this will then be used as a way to say, “look! We do listen to what you say and ask for!”

And the title of this post? Well, if you look at what Labatt said at DEMOfall in September 2005, he said they’d had 100 interviews with their biggest board owners and received 33,000 responses to a questionnaire (presumably) looking at what ezboard users wanted. So has this all been brushed aside in favour of the new “feature voter”? The one that’s so impressive that with the claimed Yuku/ezboard millions and millions of users, the most popular feature so far, “Domain HTML Pages”, has received a massive 19 votes!

ezboard, Inc.’s CEO, Robert Labatt’s positive spin on just how slow Yuku is (and their outages as I noted here last week) is on his Yuku Bleurgham.

He says they’re fixing the (unspecified) problem now and are installing some more servers.

Apparently, the “tons” of users using Yuku are what’s causing the slowness … which is good news! This is, of course, before all the ezboards are brought over to Yuku and the system flooded with the many millions of (claimed) ezboard users.

If you think it’s slow now…

But never mind:

 ”Keep it up! Make us slow (we can handle it and promise to fix it fast).”

Er, didn’t Labatt promise to make Yuku faster waaay back in March?

So, moving on to those updates ezboard’s CEO, Robert Labatt, in his own Yuku “blorum”.

When Yuku was opened up to ezboard users and just before my account was globally banned by ezboard from ezboard, I advised their then lead (only?) developer of an issue with including images hosted on Yuku in a post on Yuku, specifically just how difficult it was to accomplish this especially when compared with doing the same task in vBulletin. The message was subsequently deleted so I can’t link to it or give a certain date when I advised them of this, but I would guess it was sometime in February 2006.

So imagine my amusement when I read this post:

“…I know the images folders are not the easiest to use right now. We are developing new screens for images management that are waaay easier to use. And, we have a deal with PhotoBucket that will let you access your PhotoBucket account right from the post editor. Cool huh.”

For best impact, click through to that post (if you have JavaScript enabled and don’t mind a number of tracking elements cutting in…) and note that that post had to be created and then edited four times to get the image and the text in it

Waaay cool, Rob!

OK, setting aside that irony for one minute, let’s look at the ‘meat’ of that announcement: the “deal” with Photobucket.

Ignore for a moment the ease with which you can link to your online images hosted elsewhere in other blogging platforms and more particularly how with a hosted vBulletin installation, including your own images couldn’t be more simple.

Concentrate instead on the “deal” with Photobucket. Sounds good, eh? A waaay cool coup for Yuku/ezboard, isn’t it?

Whatever you do, don’t look at this blog entry from Photobucket themselves where they announce that capability for “any Web site” (emphasis added) and Photobucket’s Jwidget affiliate program if you don’t want the exclusivity illusion shattered. Yes, it’s available to any web site and Yuku/ezboard stand to make money from it.