Life In 19x19

punishment for what? not securing unclassified information that belongs to Kaya. That doesn't make much sense.

What about their privacy policy? Anyway, I'm not looking for a debate. Private is still generally better.

Kirby wrote:In general, it is polite to inform a company privately of security issues before making it public. It's, of course optional, but a courtesy that one can make if they are truly interested in the security of a particular system.

I'm not saying you aren't generally correct, but in light of the following I'd say that making the issue public was the proper course of action to have it redressed.

Kaya.gs wrote:22:27 conanbatt(8d): thing we founders knew already, but now being so public is an issue

So, as illluck suspected, had he merely sent a private message he would, most likely, have only been asked to remain quiet about it, and the problem would have not been fixed.

And I am sorry to bring this up again, but this is similar to the whole "name" thing that I (and myself alone it would seem) have a problem with. If it (name confusion with KGS, security) truly becomes an issue then the solution will come too late; so Kaya.gs should be proactive with security issues, and this does not set a good precedent. This is the point illluck was making, I think.

Let's not be coy. The name confusion with KGS is intentional.

It was pointed out many times at the beginning of the project, and the reaction was "I already bought the domain."

mw42 wrote:I'm not saying you aren't generally correct, but in light of the following I'd say that making the issue public was the proper course of action to have it redressed.

Kaya.gs wrote:22:27 conanbatt(8d): thing we founders knew already, but now being so public is an issue

So, as illluck suspected, had he merely sent a private message he would, most likely, have only been asked to remain quiet about it, and the problem would have not been fixed.

You have no reason to believe that would have been the case, and the history of the project proves totally otherwise in every single case. Had illuck sent me that exact post as a private message, i would have done the same thing.
I wasnt a security issue, its was an authenticity issue. And it became urgent when it was known that someone was going to abuse it.
Some people in the Alpha even had logged on as me when we talked about it , days before illucks post.

In the past week since release, Kaya changed almost everything users asked for that was possible within the time-frame, from bugs to details. From blog posts to my communication accessibility(anyone can contact me at any time, and i have answered almost always VERY quickly) i have rarely let someone without an answer for more than 24hs. This very thread is an example of me answering pretty much any question or concern, and always doing so in a very timely manner.

Let's not escalate the conversation. You can like or dislike Kaya. Its not reasonable for me to expect everyone to like it or to become a fan and less so at this stage, where many people that have an opinion on it have not seen the server functioning. By the "same rule", dont expect to like everything we do or happens.
We make our decisions with the users as our number #1 priority and thats why we have such an open Feedback section. If there is something you would like Kaya.gs to change, you can propose it there even if you are not an actual user of it, and other users will vote on it if they like it. Then we choose on what we can do, or makes sense to do, and everytime providing an explanation.

mw42 wrote:And I am sorry to bring this up again, but this is similar to the whole "name" thing that I (and myself alone it would seem) have a problem with. If it (name confusion with KGS, security) truly becomes an issue then the solution will come too late; so Kaya.gs should be proactive with security issues, and this does not set a good precedent. This is the point illluck was making, I think.

When this matter become a conversation in this very thread, I was very flexible and gave a very clear condition for us to change the name from Kaya.gs to Kaya: that people vote on it.
https://kaya.uservoice.com/forums/130479-ideas-and-suggestions-for-kaya/suggestions/2226710-call-the-project-simply-kaya-

I closed it down on December 7, when we started to design the prizes for the Meijin donors to not cause an issue with sending them outdated material.

It received 8 votes in total from 4 people. That is 8%(4/64) of this months active users, or 2%(4/195) of the users since the feedback site creation . It has over 45 ideas above it being discussed, some of them having 8 times the number of votes.

To add a last thing to this matter, you can call this project kaya as 95% of the people do on a daily basis, including me and Pato. As much as KGS is a short(or used to be) for "Kiseido Go Server" Kaya is a short for Kaya.gs.
It is true the people that dislike that similarity, dislike it very much. I gave a way for us to change our minds on the name. Look a way for you to accept that Kaya.gs is just fine, and its not going to cause issues for KGS o Kaya, which there is no reason to.

Both at that matter as much as this, im totally open to dialogue and im very open minded. If i truly believe a different course of action will benefit end users, i will do it. If illucks intention were innocent and well-intended, he can always clarify that with me as he could when i sent him the private message , and as he can do now by sending me one.

Just commenting on one point:

illluck wrote:I did consider submitting a feedback regarding it, but I suspected that I would simply be asked to remain silent.

If you're asked to stay silent, that doesn't force you to stay silent, right? You can tell them, see if they do the right thing, and then go public if they don't.

illluck wrote:This makes me very hesitant about whether I would provide ANY private (especially financial) information to Kaya in the future.

Too much paranoia hurts. If you have serious problem with Kaya how can you handle things like Carrier IQ espionage or Facebook?
Or if you want to complain only about Kaya why not talks about security vulnerabilities in their chosen technology instead?
I think it is better to focus on functionality and basic tests first and dont waste time on too much security. There is no reason for giving private information to Kaya other than your email so security isnt big problem atm.

When this matter become a conversation in this very thread, I was very flexible and gave a very clear condition for us to change the name from Kaya.gs to Kaya: that people vote on it.

I never read that there was a poll, and I imagine that if you had posted one here, where there is a broader community instead of buried in the feedback section of your site, you might have gotten a good deal more response. BTW, *all* of the people who commented on your poll were in favor of using the name kaya instead of kaya.gs.

Interesting point to bring up. The feedback site has been clearly linked to and I think it should be the eventual center of Kaya feature discussion. But for now, more people would be reached here even if a single forum thread isn't a very good way to do this. (not that I feel like my ideas have any better chance here than "buried" there)

I personally never thought of the name as a "feature," so I wouldn't have thought that such a discussion would take place there, and I didn't hear it announced here either. What I did hear was opposition to the idea here in this thread, and a rather breezy attitude of it not being such a big deal from the developer. It doesn't seem as if there was much serious interest in hearing feedback on this issue.

In a way, people already have voted on it. In online discussions, almost everybody calls it Kaya, not Kaya.gs. That might prompt Gabriel and Patricio to make it official, but it's up to them. Even if it remains Kaya.gs officially, everybody will know what you're referring to when you say Kaya outside the topic of goban materials, so perhaps it's not an urgent matter.

daal wrote: BTW, *all* of the people who commented on your poll were in favor of using the name kaya instead of kaya.gs.

The feedback service we use is a system based on votes : you can only give votes, not take them away. So anyone there would only be supporting the idea. As i said, 4/195 people that voted on the site, and they happened i think around the time i redirected users to that.

daal wrote:I never read that there was a poll, and I imagine that if you had posted one here, where there is a broader community instead of buried in the feedback section of your site, you might have gotten a good deal more response.

Its not buried, it had the same procedure as any other feature there, and even more as i referenced it in places where this topic was mentioned. Maybe you are considering that i should have started a campaign inciting people to vote, but that would be biased in one way or another.

For me the topic is quite settled because no new arguments came into the mix. I said before, our #1 priority are users, and i haven't heard any argument in this topic that had them in mind.
As i mentioned countless time in this issue, dropping the gs from the name means people will not find the site. Making it .com means we have to add things to the name, like kgs did.

Do we believe being named Kaya.gs makes the site easier to find for users? Yes.
Has the name confusion been happening? To my knowledge only one person ever i saw referenced Kaya as KGS, and i publicly called him on it.(it was on a blog)
Do we believe it affects KGS negatively in any way that some users could call Kaya.gs KGS? No.

I cant imagine what is the crisis scenario that you feel is so important to avoid. Some users googling kgs and seeing Kaya.gs in the list of sites?

1- Try googling Kgs. Kaya is not at least in the first 10 pages.
2- Try googling kaya. Right now even logged in, kaya.gs is barely creeped in the bottom of the first page. Without session, which means without googles profiled search, we are not at least in the first 5 pages.
3- Try googling kaya.gs . Undoubted first hit.

Just take a step back and look at this from our position.
What would any other server do if 2% of the users proposed it changed its name?

I lurk on L19 every now and again, and this thread finally spurred me to make an account and point out a few things. I don't intend to give any new information here, merely put some things together that may point out the obvious for many, and put together a larger puzzle for some. As he is the main factor here, I am afraid that sir Benmergui may be the blunt of much of this post. As I don't know him, I have little reason for animosity against him, but perhaps you should also view this as a learning experience on professionalism as you venture into the business world. It may also be worth stating that I do speak with illluck via Internet chatting on a semi-regular basis.

This post will not be regarding in any way the functionality or stability, or even credibility of the Kaya server project. It will only be regarding this recent development that has caused a bit of commotion.

illluck posted a concern he had with Kaya in a somewhat comical manner. He perhaps posted it to the wrong place, being publicly instead of privately, but it was addressing an issue of which all information was public, so it seems there is little cause to keep it off of the main development thread. Nonetheless, it was posted. This was met with a prompt and professional reply by Benmergui, as well as a fix to the alleged concerns. This was a correct course of action.

However, that was not where the problem was. Benmergui proceeded to try to mock illluck for pointing out the problem in a rather public chat-room, and sent him a rather rude and angry message to belittle him, with an ounce of useful advice. This is not anywhere near professionalism. The PM especially illustrates a problem with an inflated ego, and was very childish. Obviously Benmergui did this because he thought it would be private, which only escalates illluck's reasons to publicly post it. You can't act professional in public forums and attack people giving suggestions in private. That will not do.

The posts that followed were largely in illluck's favour, if this is truly to be viewed as an argument between Benmergui and him, which shouldn't be the case to begin with. What happened next is perhaps the most disappointing. Benmergui makes a post that starts off well, addressing the issues and restoring confidence in his "founders" or donors, whatever you prefer to refer to them as. Indeed, it was pointed out that illluck's concern was not an issue in the first place! I am in awe and cannot fathom why it was an unpleasant surprise that illluck posted, then, as obviously this information was never intended to be kept private. Watch your word choice, Benmergui, if that is not truly what you meant from your first reply.

Then it degenerates:

I am sorry that you perceive something so negative about that private message i sent to Illuck. It might be lost in translation ,but even re-reading it after a good night sleep, the point still stands. He made an aggressive post, that showed me he had intentions of impersonating other users, which is why i promptly (in the next 2 hours) i put up the passwords, which were already implemented well from before, but i needed to be able to send them to as most founders that i could.

Regarding the chat in the server, it is taken quite out of context, as several founders know i even jokingly call dp such when something has to be done on the design/board functionality.

I find this quite laughable. It is completely undeniable that Benmergui's posts were fuelled by a temporary rage and the fear that a small oversight may have lost him some credibility. The "intentions of impersonating other users" was obviously not ill-founded, as it was to test to see if his original concern was valid. Had he intended to use this method, why on earth would he have posted his concern in the first place? Highly illogical. This also contradicts what Benmergui posted above, which clearly stated that there could be no possible harm in such actions, and it was a well-known fact among the donors. I also find it highly improbable that the chat quotation was out of context, since in any context one should not be attacking someone who merely raises a red flag of concern. Never publicly attack anyone related to your own business in any way. It never helps with image and will not build relationships with your client base. This is quite simple business sense. This is not even an issue with wording, it is an issue with attitude towards potential business.

Maybe i perceive a tone of agressiveness from this posts that other users don't, but they are certainly meant for that.
I did learn a lesson from this, and that holding this project raises my profile and some people can be tempted into damaging my image or worse, the projects image. I promess i will make an effort to keep such opportunities to the minimum.

And this brings me to my main problem. This is a classic attempt to shift blame and public opinion. What Benmergui has done here is not amicable by any standard. By now it must be apparent that a mistake, and possibly a few, have been made. Instead of addressing that a mistake was made, and apologizing or at least giving an explanation for actions taken, this serves as a method of attention diversion. Benmergui has now completely villainized illluck, as well as giving himself a little ego boost. This is, paired with the two preceding paragraphs, a final attempt to win back any lost souls who saw eye to eye with illluck, for reasons legitimate or misguided. This is childish and unprofessional to the highest degree. It is very close to bully tactics, and should be a warning sign to all reading it. It is certainly not a good insight into the ego and mentality of the author. It is precisely this that spurred me to create this monolith of text.

Other than some further contradictions in Benmergui's following post, I feel this is where most of this issue ends. I would like to clearly state that this is not an argument of any kind, nor is it to directly incur some form of inflammation. This is analysis, observation, and fact. I do not feel that the majority of this post can be disputed in any way, as it is made up of simple analysis on the provided information. Feel free to read or ignore at your leisure, but these would be some of my concerns, and includes several lessons that perhaps Benmergui, illluck and others must learn if they want to build a successful, healthy environment in their endeavours.

Best of fortune to all of you as you create this new server.

---Boredom.

Joaz Banbeck wrote:( FWIW, It is probably not a good idea to make it public anywhere, but that's not my concern right now. )[size=150]

This is debatable. While I understand your post, it is not a good idea to keep quiet about possible security problems all the time. I agree that contacting people privately first is usually the best idea, but security through obscurity should be fought against. I'll leave it at that, the matter can be (and has been) discussed elsewhere.