This week we had the great pleasure of interviewing MageUK (Peter), who is a tech administrator on Tip.It. Peter joined the administrative team in July 2008 and served in a variety of other staff positions before then.
I'm sure all of you are aware of the significant downtime on the main site and forums due to Tip.It being hacked. Peter was largely responsible for bringing us back online and fixing any security issues to avoid a repeat of what happened. As such, we at the Times would like to thank Peter by bringing attention to who he is and the great work he does maintaining the site.
What are you doing right now (school, work, etc)? And what do you hope to be doing in five years?
I recently finished University here in the UK and right now I'm just sort of relaxing for a bit before trying to find work. The course I took at University was Computer Science, which wasn't particularly fun, but should hopefully serve as a reasonable base for me to get a job. In five years I would hope to be settled down a bit more, and with a programming or web development job, I'm not particularly interested in doing anything else for a career.
If you could pick a company to work for, which one and why?
To be honest, working for Jagex seems pretty nice, although I'm not really sure I know Java well enough to go into a development role there. I guess the reason why would be the fact that we already work with them as a website and so already have a few contacts there and such.
How big is Silverion's closet?
It's actually pretty spacious, although for some reason, Rainy_Day just hangs out in the dark corner where people can't see what he's doing.
What is your earliest computer memory?
The earliest thing I can remember doing, but it certainly wasn't the earliest thing I have done, was reading some books my dad had on how to program in BASIC. We used to have an old BBC Master ( http://en.wikipedia.org/wiki/BBC_Master ) in our house and the programming books were pretty much type-what-you-see in order to produce the end result, but was a good way of learning the basics (no pun intended) as well.
What computer language are you most familiar with, and what has been your favorite project?
When did you first start/stop playing RuneScape?
Uhh, I'm not sure exactly when I stopped, I started in about 2005, and I think I probably played for 2 maybe 3 years before stopping. I log on occasionally to check the status of my account and to see if anything interesting is happening, and I actually still have membership.
What was/is your favorite skill or minigame on RuneScape?
I always liked Castle Wars, although the thing I probably enjoyed most, for some reason, was Barrows.
How did you learn about Tip.It?
I'm pretty sure it was just through search engines looking for quest guides. Nothing specifically led me to Tip.It although I do remember joining the IRC network which was probably what kept me here originally. Normally I don't really commit to websites, as I'm sure you can tell from my post count, I'm not a huge forum poster, so the IRC network kept me interested.
Do you regret joining the staff?
Not at all, I've been through just about every section of staff going I think. I joined the IRC Staff many years ago now, then I was invited to be a Forum Moderator, a position the administration actually fired me from because I wasn't active enough on the forum. :P After that I was Crew and then finally an Admin.
What has been your biggest accomplishment / forum upgrade on staff?
Probably actually convincing Silverion and the other Admins to let us switch over to IPB from phpBB. It wasn't so fun when it actually happened though and we endured days of downtime while all of the forum posts rebuilt!
How difficult was it to convince everyone to switch? How long did it take to start implementing after you received the go-ahead?
Not that difficult actually. I made a post with the pros and cons of switching, and there were more pros than cons, we agreed it would be a difficult process with no staff knowing how to use the boards etc. in advance, but that the trade-off was worth it. It probably took less than a month from me making that post to starting the switch.
How many hours of sleep did you get last week?
Given that I'm not doing all that much with my time right now, I actually sleep pretty well, although it's more the hours I keep that surprise people. I tend to sleep from 5am - 1pm or so.
How did the recent hack work? What was the fix, and how long did it take to fix?
It sounds cliché but the phrase "you're only as strong as your weakest link" fully applies here. While the forum database was their main target, they didn't actually break into the forum server, they got in through some older code on one of our other servers and penetrated the rest from there. There were solutions we could try in order to "clean up" the problem, but to be safe, we decided to erase everything on the servers and start afresh, selectively copying back what is needed for the site and forum to run. That is the reason that a couple of website features didn't work when we first came back up, and a few pages were missing on the forum, keeping track of everything proves difficult!
How much work is there left to do?
Not a large amount, there's a few behind the scenes things which we still need to sort out, but really not too much. Unfortunately I was away when we were attacked otherwise things would have been back online faster (would have had the forums back in one day rather than about 3). ;)
Is there any way to know how much user info was compromised?
In short, no. I talked about this in the thread about the hack on the forum, we can only know what data we had, it's pretty much impossible for us to tell exactly what was taken, which is why we advised our users to assume that the hackers had all of their details, since assuming the worst and being wrong is much safer.
Has Tip.It or TIF ever been hacked before?
Yes we have been compromised before. Most of it was before my time as an Administrator, but I'm aware that our forum database was leaked in 2006, and there have also been multiple fairly recent attempts on the web server which compromised a small part of it. We don't actually store any user data on our web server though, so simply getting into that did not get them any particularly useful information.
How secure are we now and how likely is it to happen again?
Since the recent events we've been aiming to beef up our security a lot more and segregate areas of Tip.It off into confined sections so that in future, a breach in one area of Tip.It should not affect or enable anything anywhere else. However, even with these measures in place, we always have to try to be vigilant. Like other large fan sites, we are a constant target for people who want to use or sell the information contained within, but we will continue to do our best to keep things secure.
And of course the age old question: boxers or briefs?
Tripsis: I can answer that one :D Boxers!
Special thanks to Peter for allowing us to interview him and for his continual hard work in allowing us to use the site with as few problems as possible.