gsmith@brahms.UUCP (04/18/87)
Oh dear! There I was, snidely implying that Foothead might not understand the net and UNIX(*) that well, and in particular might not understand the implications of the phony arndt@prometheus appearing from daemon@ucbvax. Wrong, wrong, wrongo--and my sincere apologies. Obviously Foothead knew about all this. He must have. Because Foothead IS the phony Ken Arndt. This would explain why he was so annoyed at my original pointing out of this, above and beyond the standard Foothead irritabilities. Now, I posted an article yesterday "speculating" that this was true, as a counter to Foothead's duplicitous "speculations". As stated, this was based on mere stylistic analyses. But in fact, we had done some more checking, and already knew that Foothead was indulging in a "pseudoposition" of his own. To use George Greene's more accurate and assertive formulation, Foothead is a damn liar. Either that, or he is indeed the biggest master baiter on talk.religion.misc. First: where are the arndt@prometheus articles really coming from? Would you believe, Rich Rosen? No, not exactly. Specifically they come from the account rlr@borax.lcs.mit.edu. We have the following from the ucbvax news log: Apr 16 06:49:20 ucbvax sendmail[7351]: AA07351: message-id=<666@prometheus.UUCP> Apr 16 06:49:20 ucbvax sendmail[7351]: AA07351: from=<rlr@BORAX.LCS.MIT.EDU>, size=5888, class=0 Apr 16 06:49:38 ucbvax sendmail[7371]: AA07351: to=XXXX, delay=00:00:53, stat=Sent And for confirmation, over at borax: Apr 16 10:45:53 borax.lcs.mit.edu: 27885 sendmail: AA27885: message-id=<666@prometheus.UUCP> Apr 16 10:45:54 borax.lcs.mit.edu: 27885 sendmail: AA27885: from=rlr, size=5772, class=0 Apr 16 10:46:47 borax.lcs.mit.edu: 27887 sendmail: AA27885: to=XXXX, delay=00:00:57, stat=Sent (The XXXX is put there at Erik Fair's request. It is the standard method that the bitnetters and certain non-usenet arpanetters use for posting.) In other words, the phony <666@prometheus.UUCP> "Ken Arndt" article actually came from a "Rich Rosen" account at MIT. Did Rich do it? Well, Rich is in New Jersey, whereas Foothead is at MIT, which even a Californian like me knows is in a different state. So far, this is just Foothead-style kneejerk "reasoning". (Either that, or just Foothead-style pseudopositioning.) But what does Rich have to say about it? I sent him a letter asking about the rlr@borax account. According to him, this got set up during the Brahms-Rosen "we are all Rich Rosen" wars. He now has a password on it, and uses it to forward mail from Massachusetts. We might wonder, does Foothead know about it? Well, lo and behold, we find the following from the mail log at borax (and eddie concurred): Apr 15 18:46:44 borax.lcs.mit.edu: 20516 sendmail: AA20516: message-id=<8704152247.AA14732@EDDIE.MIT.EDU> Apr 15 18:46:45 borax.lcs.mit.edu: 20516 sendmail: AA20516: from=<fh@EDDIE.MIT.EDU>, size=1925, class=0 Apr 15 18:46:56 borax.lcs.mit.edu: 20519 sendmail: AA20516: to=<rlr@BORAX.LCS.MIT.EDU>, delay=00:00:32, stat=Sent This was the night before the <666@prometheus.UUCP> posting! In other words, we get mail traffic from Foothead to rlr@borax, and then mail traffic from rlr@borax to ucbvax here in Berkeley. Does Rich Rosen know that Foothead is sending mail to rlr@borax? rlr@pyuxe, the original genuine Rich Rosen, says not. He wonders how it is that Foothead is sending mail to rlr@borax but it isn't reaching him--after all, he "knows" it's used to forward mail to him. I will take a chance, and leap to the con- clusion that perhaps Foothead knows how to edit .forward files. I also notice that Foothead's mail to rlr@borax is 1925 bytes long. The article that <666@prometheus.UUCP> was responding to was <9322@decwrl.DEC.COM>, which was 1663 bytes long on our system. That does leave room for mail headers. And what a coincidence, were Foothead the perpetrator, he would read and save the original on eddie, and somehow get it over to borax. (A suggestion for next time: use something other than e-mail. Magnetic tape perhaps? :-) What about the Paul Koloc connection? According to Koloc, his prometheus was broken into and a phony arndt@prometheus account was set up. This happened just before April 1, and an April Fools' "joke" seems likely. Paul then had to remove the account and send out cancel messages on the bogus articles. He says a number of attempted entries were then rebuffed, the log showing the following: BAD LOGIN ATTEMPT arndt tty02 Tue Mar 31 12:45:56 1987 BAD LOGIN ATTEMPT ogin: tty02 Wed Apr 1 13:34:36 1987 BAD LOGIN ATTEMPT arndt tty02 Fri Apr 3 11:52:47 1987 BAD LOGIN ATTEMPT arndt tty02 Fri Apr 3 11:53:01 1987 BAD LOGIN ATTEMPT hey,_pau tty02 Fri Apr 3 11:53:59 1987 BAD LOGIN ATTEMPT arndt tty02 Fri Apr 3 11:54:18 1987 BAD LOGIN ATTEMPT arndt tty02 Mon Apr 6 16:44:44 1987 BAD LOGIN ATTEMPT arndt tty02 Mon Apr 6 16:44:56 1987 BAD LOGIN ATTEMPT arndt tty02 Tue Apr 7 11:25:03 1987 BAD LOGIN ATTEMPT arndt tty02 Tue Apr 7 11:25:13 1987 Curioser and curioser! Bogus arndt@prometheus articles, and a bogus arndt@prometheus login. And simultaneously, valspeak gets run on pmk@prometheus articles. Since Foothead is strongly implicated in the first--his insistent attempts to point the finger before anyone even suggested he was involved are truly laughable--we wonder. And we do recall, another, just amazing coincidence, Foothead indeed has been on an anti-Koloc and anti-Arndt rampage from the very beginning of his known net.existence. Far be it from us to ask Foothead to explain anything, or exhibit minimal honesty. For someone who goes around exclaiming how certain other posters are notorious liars, seeing him go into detail here would be like getting sex and marriage tips from Tammy Bakker. The rest of you can draw your own conclusions; those on the ARPANET can even go telneting around for themselves if they wish to check the above. We have a question for the system administrators: now what? Do note that genuine prometheus.UUCP articles are effectively cancelled by the pre-existence of the phonies at prometheus's feeds. Prometheus itself did not see them, since the netnews transfer algorithm checks paths first to avoid "obvious" redundancies. Let us guess at the answer: nothing. Just sit while the net degenerates as more and more Feethead join in on the fun. Sounds reasonable. But in conclusion, we would like to thank Foothead for exposing the kneejerk inability of many netters to distinguishing the real Ken Arndt's stated beliefs from an obvious forgery. Oh no, they just had to flame automatically. WE could tell they were phony from the beginning. And we think a lot (as in many) of his beliefs are screwy too. Pat Robertson for President? Like, fer shur, gag us with a pitchfork! ucbvax!brahms!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720 ucbvax!brahms!gsmith Gene Ward Smith /Brahms Gang/Berkeley CA 94720 Some billion years ago, an anonymous speck of protoplasm protruded the first primitive pseudopodium into the primeval slime, and perhaps the first state of uncertainty occurred. --I J Good (*) UNIX is a registered Trademark of AT&T.
gsmith@brahms.UUCP (04/22/87)
In article <3198@mirror.TMC.COM>, rs@mirror (Rich Salz) writes: >Nice work in tracking down what's going on, fellows; I appreciate >it, as do many others on the net, I'm sure. Many thanks Rich, but much is still unclear. Certain things would be nice to clarify. Certain other things will probably never be genuinely known. The eddie sysadmins are no longer interested. It will probably never be known whether Lee Harvey Foothead was acting alone... rlr@pyuxe (the original and genuine Rich Rosen) wishes to declare his innocence in the whole affair. We know from the logs that fh@eddie was sending e-mail to both rlr@borax and rlr@pyuxe separately. In particu- lar, we conjecture that fh@eddie knew that the .forward file at rlr@borax was changed. The real Rich Rosen tells us further that he has changed his rlr@borax password since this all broke out in the open. (This is why we are cross-posting back to *.religion and even posting again--Rich Rosen has gotten e-mail congratulating him for his clever Arndt sendups, and wants us to be more explicit.) We also know, according to the logs, that no one *but* fh@eddie sent e-mail to rlr@borax the week before the phony article <666@prometheus> was posted. We should have mentioned this the first time around, but it did not occur to us that this negative item had separate significance. Along these lines, we received mail from a long-time reader of *.religion to the effect that six weeks ago or so he saw fh@eddie remotely logged on to rlr@borax. Matthew and I are also a bit taken aback at the abrupt sinking of the fh@eddie account. We were having our little fun, casting our net of little clue by little clue, baiting the Fishhead. We're confident he will flounder in from some other port and muddy the waters well. (OK, so we've overfished our metaphors. So sue us.) We do not claim the evidence we found was conclusive of anything, nor do we believe that "proof", short of a notarized confession, even exists in any true sense as a philosophical point, so your insistence on such, Mikki, was completely unrealistic. Hell, it's not generally known who "Foothead" really is in the first place. For all we can tell, some super clever hacker who hates fh@eddie to the core was setting him up for the big fall, confident that the brahms gang would track down the news, mail and login logs on four machines that he purposely forged just for this purpose. We doubt it very much. We suspect that fh@eddie, half-bright boy that he is, was merely half-clever enough to use rlr@borax to half-hide his tracks. As long-time readers of *.religion all remember, anything is possible, but only a few things actually happen. We personally disapprove of eddie's strict policy concerning forged news. We have posted at times articles apparently from Santa Claus or "the real Rich Rosen" with a standard brahms gang signature. We don't think anyone was fooled by them. And we enjoyed the mod.announce April Fools' Day forging of a "Mark Horton" article, and the fake ubizmo@brahms "UCB Wrath Dept" articles some time back immensely. The fake "arndt@prometheus" articles, however, were feet of a different odor entirely. We do not deny that some people find vicious harassment of others quite hilarious, but even Mikki has "heartily agreed" that these particular forgeries were out of acceptable net.bounds. We also are sorry that Gene Spafford judges talk.* based on Bonehead's personal campaign to turn talk.religion.misc into a proctological exam- ination room. From the very beginning he stated that his purpose was to outflame the brahms gang and anyone else, etc. The grapevine we've heard says that Foothead wanted to be the big metaflamer of the flamers--we think he has overdone it for some months now, and this latest has merely blown up in his face. Unfortunately, talk.religion.misc and talk.* suf- fers for this. As a final comment, it was refreshing to see the real Ken Arndt. In case there was any lingering doubt, do note that it was crossposted to two max- imally inappropriate groups. ucbvax!brahms!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720 ucbvax!brahms!gsmith Gene Ward Smith /Brahms Gang/Berkeley CA 94720 Those imposters, then, whom they call mathematicians, I consulted without scruple, because they seemed to use no sacrifice, nor pray to any spirit for their divinations. --Saint Augustine
ooblick@mit-eddie.UUCP (04/22/87)
Since I opened my mouth on this issue in the first place, I feel obliged to clarify my views. First, I admit a big error in being upset about root using privileges when someone is accused of wrongdoing. I should have thought first. However, when said "root" then posts to the net that fh was using scripts in his login to "forge news and mail", this is where I get upset. This was blatently untrue. The scripts were used to allow Pooh and Paul Zimmerman news and mail access. I have been told that "time" was the reason why this was not checked out before action was taken. However, the time it has taken in posting to the net in the first place, then in response to complaints from myself and others, seem to indicate that it would have been much more prudent to check first. Therefore, the reasons posted to the net for removing fh were bogus. On the other hand, fh could just as easily (and without so much bullshit) have been removed for NO reason, or because it sure looks like he at least had something to do with the phony arndt articles. Not that I am crushed because fh is no more (quite the contrary), I just don't like the "act now, check later" attitude, and hope that other sysadmins do not adopt it. Mikki Barry