Cleaning up the mess over at MyBlogLog

by Mathew on February 24, 2007 · 7 comments

mybloglog.JPGMuch has been written about the “Shoemoney Affair,” in which the blogger known as Shoemoney wrote about a MyBlogLog hack that allowed unscrupulous types to spoof their identities, and was subsequently banned from the service, despite the fact that — as Tony Hung pointed out at Deep Jive Interests — MyBlogLog didn’t have a terms of service agreement that said anything about banning people (it has since developed one). The banning also happened despite the fact that, as Eric Marcoullier of MBL admits here, someone else had posted something about the same exploit over a month earlier (although it was on a French blog, and therefore might have been missed).

This all comes in the wake of several other MyBlogLog stumbles involving spam, which I wrote about recently. And while lots of people seem to enjoy taking shots at MyBlogLog CEO Scott Rafer and Eric Marcoullier and others, as though they were some giant evil corporation, I for one have been impressed with how quickly and honestly the team at MBL have responded to their various missteps and the resulting onslaught of criticism. In his latest post here, Eric says:

“A lot of people I respect immensely have written in to tell me that I screwed up, and after a point, it becomes impossible to avoid the truth. We banned Shoemoney originally to keep him from updating his list of User IDs on Wednesday night, which I think was the right thing to do. But after fixing the exploit, I should have unbanned him and thanked him for finding it. But I didn’t. I screwed up.”

Although there is still debate about whether Shoemoney should have been banned in the first place (like Steve Poland over at TechCrunch, I would argue he was just showing off, not being malicious, although Andy Beard doesn’t agree), Eric’s post is the kind of thing I like to see. With a small startup — albeit one that is now part of the giant Yahoo empire — it’s inevitable that mistakes are going to happen, as Caterina Fake points out in her post on the whole affair.

We can’t applaud startups for their gung-ho attitude and then slam then when they screw up. I think Eric and the rest of the team at MBL deserve a lot of credit for admitting their mistakes openly and clearly. Let’s move on.

  • http://andybeard.eu/ Andy Beard

    From a technical point of view, the 403 page they gave Shoemoney was very similar to how many spam and anti-hacking systems work, such as Bad Behavior on WordPress.

    When you block someone spamming or hacking you on a blog, do you point to your terms of service or comments policy?

    Eric and the team do deserve credit for taking the high road, but I don’t believe hacking and vendettas should be rewarded, especially as Shoemoney used to be in the computer security field professionally.

  • http://www.robhyndman.com Rob Hyndman

    Exactly right, ‘thew. The indignation-sphere needs to take a chill pill. The MBL guys strike me as the good guys.

  • Mathew

    I don’t think they should be rewarded either, Andy, but it was obvious that Shoemoney was trying to point out a vulnerability — you could argue that they should have thanked him, not blocked him.

  • http://andybeard.eu/ Andy Beard

    Well the next stage of this will be people hiring out-sourced programmers to hack open-source platforms and outing XSS exploits so fast, including scripts to use the the vulnerabilities.

    It isn’t normal for computer security specialists to release information about exploits and security holes before they can be fixed.

    As I have already written, services like Adsense are immune to people taking such action because there are financial incentives to keep in Googles good books, but Adsense isn’t immune to abuse in similar ways to what Shoemoney is saying about MBL.

  • Peter

    I know – lay off MyBlogLogFogDogSog already. They’re just a tiny little startup and they’re innocent in all this. I mean, they knew they had to do the right thing and they did it. It had nothing to do with public pressure, because that would mean that the tiny little startup called DogBlogLog caved to pressure from mere humans, and that is obviously not what happened here. The folks at MyDogBlog are a principled lot, dontchaknow, and this would never have been necessary were it not for those meddling kids.

  • Mathew

    Is that a hint of sarcasm I detect in your comment, Peter?

  • http://www.jimkukral.com Jim Kukral

    Exactly right. MBL did the right thing, and Shoe handled it well as well. I’m satisfied with how this turned out.

    Now, if only the Anna Nicole situation would go as easily… lol

Older post:

Newer post: