A lot of people seem to disagree with my original idea, being that white hat hackers should receive rewards for their work. I've listened to you all, and I've since revised said idea to this new one. I think you guys are right. A “reward” system would be too much. But I think it's very fair to include notable usernames in the credits section. What do you think?

Sounds like a good idea… k9lego.

Why should hackers receive awards?

AonymousGuy wrote:

Why should hackers receive awards?

exactly they should just be reported instead

AonymousGuy wrote:

Why should hackers receive awards?

Zparx wrote:

It would maybe promote hackers who may have bad intentions to not do any harm. I've seen countless projects hacked, strings inserted into cloud variables, even projects of my own have been (harmlessly and welcomingly) hacked. Who knows what a malicious attacker could achieve?

The word “hacker” doesn't necessarily mean the person has bad intentions. Lets say a hacker wanted to steal all of your information to your account. So one day you wake up and your password is changed and all your projects are permanently deleted. Now lets rewind. Lets say that said hacker didn't break into your account just yet. lets say the hacker knew that if they reported the exact way they were able to hack into your account, so that the Scratch Team can fix it, he would have some sort of reward. Do you think he's more inclined to report his findings, or to hack your account instead? Odds are, he's going to want the compensation.

Your attitude towards hackers are the reason they do harmful things. Major companies like Yahoo! and Facebook reward people for finding faults in their set up.

Zparx wrote:

AonymousGuy wrote:

Why should hackers receive awards?

Zparx wrote:

It would maybe promote hackers who may have bad intentions to not do any harm. I've seen countless projects hacked, strings inserted into cloud variables, even projects of my own have been (harmlessly and welcomingly) hacked. Who knows what a malicious attacker could achieve?

The word “hacker” doesn't necessarily mean the person has bad intentions. Lets say a hacker wanted to steal all of your information to your account. So one day you wake up and your password is changed and all your projects are permanently deleted. Now lets rewind. Lets say that said hacker didn't break into your account just yet. lets say the hacker knew that if they reported the exact way they were able to hack into your account, so that the Scratch Team can fix it, he would have some sort of reward. Do you think he's more inclined to report his findings, or to hack your account instead? Odds are, he's going to want the compensation.

Your attitude towards hackers are the reason they do harmful things.

you support hackers?

Blaze349 wrote:

you support hackers?

The ones that don't do any real harm. The ones that are out to help companies instead of destroying them. Yes. As I said, the word “hacker” doesn't mean criminal.

Facebook and Yahoo! do the very thing mentioned in this post. They reward people who find errors and faults in their network security. They don't “support hackers” they simply don't want their users at risk. They pay large amounts of money to someone with the kind of skill a hacker has. Hackers aren't all bad. Read up a bit.

Zparx wrote:

Blaze349 wrote:

you support hackers?

Hackers aren't all bad. Read up a bit.

yes they are

Zparx wrote:

Blaze349 wrote:

you support hackers?

The ones that don't do any real harm. The ones that are out to help companies instead of destroying them. Yes. As I said, the word “hacker” doesn't mean criminal.

Facebook and Yahoo! do the very thing mentioned in this post. They reward people who find errors and faults in their network security. They don't “support hackers” they simply don't want their users at risk. They pay large amounts of money to someone with the kind of skill a hacker has. Hackers aren't all bad. Read up a bit.

the scratchteam does not need help of people who hack

Blaze349 wrote:

Zparx wrote:

Blaze349 wrote:

you support hackers?

Hackers aren't all bad. Read up a bit.

yes they are

Zparx wrote:

Blaze349 wrote:

you support hackers?

The ones that don't do any real harm. The ones that are out to help companies instead of destroying them. Yes. As I said, the word “hacker” doesn't mean criminal.

Facebook and Yahoo! do the very thing mentioned in this post. They reward people who find errors and faults in their network security. They don't “support hackers” they simply don't want their users at risk. They pay large amounts of money to someone with the kind of skill a hacker has. Hackers aren't all bad. Read up a bit.

the scratchteam does not need help of people who hack

Yes they do.

Zparx wrote:

Blaze349 wrote:

Zparx wrote:

Blaze349 wrote:

you support hackers?

Hackers aren't all bad. Read up a bit.

yes they are

Zparx wrote:

Blaze349 wrote:

you support hackers?

The ones that don't do any real harm. The ones that are out to help companies instead of destroying them. Yes. As I said, the word “hacker” doesn't mean criminal.

Facebook and Yahoo! do the very thing mentioned in this post. They reward people who find errors and faults in their network security. They don't “support hackers” they simply don't want their users at risk. They pay large amounts of money to someone with the kind of skill a hacker has. Hackers aren't all bad. Read up a bit.

the scratchteam does not need help of people who hack

Yes they do.

no they don't
are you a hacker

A hacker is someone who finds security holes in a program. A “black hat” hacker exploits them, while “white hat” hackers report and help fix them.

I once reported a bug to the ST that i could read anyone's messages/notifications through the RSS feed. I was not rewarded.

scimonster wrote:

A hacker is someone who finds security holes in a program. A “black hat” hacker exploits them, while “white hat” hackers report and help fix them.

I once reported a bug to the ST that i could read anyone's messages/notifications through the RSS feed. I was not rewarded.

Zparx wrote:

The word “hacker” doesn't necessarily mean the person has bad intentions. Lets say a hacker wanted to steal all of your information to your account. So one day you wake up and your password is changed and all your projects are permanently deleted. Now lets rewind. Lets say that said hacker didn't break into your account just yet. lets say the hacker knew that if they reported the exact way they were able to hack into your account, so that the Scratch Team can fix it, he would have some sort of reward. Do you think he's more inclined to report his findings, or to hack your account instead? Odds are, he's going to want the compensation.

Your attitude towards hackers are the reason they do harmful things. Major companies like Yahoo! and Facebook reward people for finding faults in their set up.

Thanks for clarifying for anyone who doesn't know this, guys.

“Hacking” is a very misunderstood word in today's world, but not all hackers are malicious. Some try to expose flaws in security so that it can be fixed before someone with bad intent uses it, and companies have in the past offered rewards for people that can find holes. Google, for example, offered millions for anyone who could find and report vulnerabilities in Chrome.

@Blaze349 Please stop stereotyping hackers. Not all of them are bad, like people above already said.

While there is no formal reward system, we do depend on our more technically-oriented helpful community members to point out when there are flaws in our systems - and a number have been discovered over the years! Scratchers that help out in this way are held in high regard by the Scratch Team and their contributions to the community greatly appreciated. Naturally, when we have other technical or community opportunities (developer, moderator or mentor positions for example), we tend to consider our most helpful members first.

Zparx wrote:

AonymousGuy wrote:

Why should hackers receive awards?

Zparx wrote:

It would maybe promote hackers who may have bad intentions to not do any harm. I've seen countless projects hacked, strings inserted into cloud variables, even projects of my own have been (harmlessly and welcomingly) hacked. Who knows what a malicious attacker could achieve?

The word “hacker” doesn't necessarily mean the person has bad intentions. Lets say a hacker wanted to steal all of your information to your account. So one day you wake up and your password is changed and all your projects are permanently deleted. Now lets rewind. Lets say that said hacker didn't break into your account just yet. lets say the hacker knew that if they reported the exact way they were able to hack into your account, so that the Scratch Team can fix it, he would have some sort of reward. Do you think he's more inclined to report his findings, or to hack your account instead? Odds are, he's going to want the compensation.

Your attitude towards hackers are the reason they do harmful things. Major companies like Yahoo! and Facebook reward people for finding faults in their set up.

Oh sorry. I didn't understand.
But I'm not sure its necessary for them to get rewards on Scratch. What if instead they just got recognition for “debugging” or something? (Like on the About page)

ProdigyZeta7 found a hack for comments, and Lightnin found out and because ProdigyZeta7 showed how to hack comments, Lightnin was brought to attention to fix it. Also, testing hacking should only be done on your alternate accounts.

You need to ask permission first, though; larger sites suing you for doing this is perfectly viable.

turkey3_test wrote:

ProdigyZeta7 found a hack for comments, and Lightnin found out and because ProdigyZeta7 showed how to hack comments, Lightnin was brought to attention to fix it. Also, testing hacking should only be done on your alternate accounts.

Doh! I knew someone would mention that.

Zparx wrote:

I've seen countless projects hacked, strings inserted into cloud variables, even projects of my own have been (harmlessly and welcomingly) hacked.

Well, if I understand, it is poosible to insert strings inside a simple project with only one variable (which is a cloud variable called “x_pos”) and with only one script:

when green flag clicked
forever
    set [x_pos v] to (join (round (x position)) (x_pos))
end

Then when I use the project some time the variable will contain strings instead of digits.

Is this true?

Blaze349 wrote:

Zparx wrote:

Blaze349 wrote:

Zparx wrote:

Blaze349 wrote:

you support hackers?

Hackers aren't all bad. Read up a bit.

yes they are

Zparx wrote:

Blaze349 wrote:

you support hackers?

The ones that don't do any real harm. The ones that are out to help companies instead of destroying them. Yes. As I said, the word “hacker” doesn't mean criminal.

Facebook and Yahoo! do the very thing mentioned in this post. They reward people who find errors and faults in their network security. They don't “support hackers” they simply don't want their users at risk. They pay large amounts of money to someone with the kind of skill a hacker has. Hackers aren't all bad. Read up a bit.

the scratchteam does not need help of people who hack

Yes they do.

no they don't
are you a hacker

He meant a white hat hacker. There are some main differences:

A black hat hacker uses exploits for their own good (e.g. scamming, phishing).
A white hat hacker, on the other hand, discovers the exploit on software and reports it to the person who made the software so he/she can fix it.

“Yes they are” is an assertion that is simply untrue.