Well, that was fast. If you don't count the two years it took badgering Mojang to get it done. After discovering a vulnerability in Minecraft server software that would crash it on command, Ammar Askar went to notify Mojang, expecting to help them make the product more robust. Developers replied stating they were working on the problem, but eventually nothing came about and further inquiries were ignored. Fed up of waiting for a fix, two days ago the exploit was released into the wild.
"I asked for updates in one month intervals over the course of 3 months and was ignored or given highly unsatisfactory responses. I kept my hopes up that the problem would be patched and checked the source code on new releases whenever I could." writes Askar on his blog. You'd think the Microsoft-owned Mojang would have the resources to deal with a flaw that was handed to them on a silver platter. If stumbled upon by another unscrupulous individual, it would be a prime opportunity to rain on many parades.
After repeated attempts to contact Mojang, and believing nothing was done to implement a fix, the exploit was released on on April 16th with the hope that action to resolve the issue would be provoked. However, Mojang believed they had resolved the issue, but hadn't actually tested their work against the malicious code because it was still possible to use the same trick to crash Minecraft servers.
When the exploit was finally released, Mojang resumed contact with Askar, and quickly released a working fix. The astute vanguard was finally vindicated, and subsequently remarked that "better communication would have easily alleviated this problem."
It's difficult to gauge whether any developer should prioritize their input based on outside comments, especially believing on some level that the issue was resolved. However, due to a dedicated fan, the end product saw a solid improvement that hopefully improves the experience of all Minecraft players.
Source: Slashdot
|