tag:help.rubygems.org,2010-01-19:/discussions/problems/415-shawesome-gems-are-malicious-or-uselessly-squattingRubyGems.org: Discussion 2018-10-18T19:51:01Ztag:help.rubygems.org,2010-01-19:Comment/39346762010-11-22T22:32:02Z2010-11-22T22:32:02Zshawesome gems are malicious or uselessly squatting<div><p>There was a discussion started on the gemcutter list about this, I think. Adding <a href="mailto:eptics.shawesome@gmail.com">eptics.shawesome@gmail.com</a> to this discussion.</p></div>John Barnettetag:help.rubygems.org,2010-01-19:Comment/39346762010-11-22T22:39:23Z2010-11-22T22:39:23Zshawesome gems are malicious or uselessly squatting<div><p>Made this public.</p></div>Nick Quarantotag:help.rubygems.org,2010-01-19:Comment/39346762010-11-22T22:56:30Z2010-11-22T22:56:30Zshawesome gems are malicious or uselessly squatting<div><p>vote to kill.</p></div>James Tuckertag:help.rubygems.org,2010-01-19:Comment/39346762010-11-22T22:57:21Z2010-11-22T22:57:21Zshawesome gems are malicious or uselessly squatting<div><p>I'd like to hear back from this person, but if we don't hear something incredibly reasonable in a very timely fashion this abuse needs to die.</p></div>John Barnettetag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T00:29:01Z2010-11-23T00:29:01Zshawesome gems are malicious or uselessly squatting<div><p>Hey dudes,</p>
<p>I unfortunately decided to share my "gem squat" hack which I have been using non-maliciously for some time now.<br />
Over a night of fun times, we decided that it would be fun to exercise the rubygems.org API.<br />
Unfortunately, it does seem that our attempt at a fun joke turned into a nightmare for the whole setup.</p>
<p>I'd like to apologise for the abuse and I'll make sure to mention to those involved to not continue with this.</p>
<p>Thanks,<br />
Tim</p></div>Tim C-Stag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T00:33:54Z2010-11-23T00:33:54Zshawesome gems are malicious or uselessly squatting<div><p>Tim, are any of the gems on <a href="https://rubygems.org/profiles/shawesome">https://rubygems.org/profiles/shawesome</a> real? Or are they all trash?</p></div>John Barnettetag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T02:09:33Z2010-11-23T02:09:35Zshawesome gems are malicious or uselessly squatting<div><p>Feel free to delete everything except andywithoutatop.</p>
<p>Cheers,</p>
<p>Dylan.</p></div>Dylantag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T02:50:53Z2010-11-23T02:50:53Zshawesome gems are malicious or uselessly squatting<div><p>Hi Dylan,</p>
<p>I was given a heads-up from Tim to delete them all a few hours
ago, we're in the process of cleaning it up...and I already deleted
andywithoutatop. I was preparing to wipe out the whole account. The
gems and gemspecs are already gone from S3...if you dont have a
copy of the gem available we can get the gem from a mirror.</p></div>Nick Quarantotag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T02:51:26Z2010-11-23T02:51:26Zshawesome gems are malicious or uselessly squatting<div><p>Actually, I can look into S3's versioning API as well if you
don't have it locally...been meaning to do that. Let me know.</p></div>Nick Quarantotag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T02:53:27Z2010-11-23T02:53:28Zshawesome gems are malicious or uselessly squatting<div><p>Yo,</p>
<p>That's fine. I'm pretty sure that was only the stub. Andy
Without a Top will need some more iterations.</p>
<p>Cheers,</p>
<p>Dylan.</p></div>Dylantag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T14:56:44Z2010-11-23T14:56:44Zshawesome gems are malicious or uselessly squatting<div><p>Just curious, how did you guys actually push gems with the same
name up to the service? We have multiple gems with 88k+
dependencies and the same name. If you still have the gemspecs
available on your machine I'd like to inspect them. Thanks for
working with us here.</p></div>Nick Quarantotag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T15:26:18Z2010-11-23T15:26:18Zshawesome gems are malicious or uselessly squatting<div><p>Account and gems deleted. Looks like we need a unique index on
gem names, and limit the number of dependencies on a gem.</p></div>Nick Quarantotag:help.rubygems.org,2010-01-19:Comment/39346762010-11-23T19:06:30Z2010-11-23T19:06:31Zshawesome gems are malicious or uselessly squatting<div><p>Heya Nick,</p>
<p>Funnily enough that did become a pain while trying to upload the
gems. I did run in to multiple issues where it'd complain about the
name being taken. I think the gemspec is on another machine
somewhere. I'll try and dig it up if you need it.</p>
<p>Cheers,</p>
<p>Dylan.</p>
<p>PS. I think it was the universalsoldier platform we used to
create the gem that ensured it was shawesome enough to duplicate
itself.</p>
<p>"[after he shot four police officers in the super market with
ease] See! They're every where!"</p>
<p>PPS. Also, it seems it'd be nice to validate required ruby and
rubygems versions. Although the former could be somewhat limiting
the latter is actually controlled by a set of people so it wouldn't
be an issue. it'd also be nice to either deny a gem with a future
date or actually have it in the system and only release it when
that date comes around.</p>
<h1>This was mainly brought about by Jeremey's RubyConf talk and
lots of alcohol.</h1></div>Dylan