World's Most Influential Person

http://www.time.com/time/arts/article/0,8599,1894028,00.html

  Quote

In a stunning result, the winner of the third annual TIME 100 poll, and new owner of the title world's most influential person, is Moot. The 21-year-old college student and founder of the online community 4chan.org, whose real name is Christopher Poole, received 16,794,368 votes and an average influence rating of 90 (out of a possible 100) to handily beat the likes of Barack Obama, Vladimir Putin and Oprah Winfrey. To put the magnitude of the upset in perspective, it's worth noting that everyone Moot beat out actually has a job.

 

Since Moot launched 4chan.org in 2003, the site has given birth to Internet memes as diverse as Lolcats and Rickrolling. 4chan averages 13 million page views a day and 5.6 million visitors a month; by some estimates it is the second largest bulletin board in the world.

 

For proof of Moot's influence on the web, one need look no further than the TIME 100 poll results. While Filipino boxer Manny Pacquiao got a larger vote total (20,391,818), the runner-up for the title of world's most influential person, Malaysian politician Anwar Ibrahim, received a mere 47 on the influence scale. (See the full results here.) Moot denies knowing about any concerted plan by his followers to influence the poll, though TIME.com's technical team did detect and extinguish several attempts to hack the vote. (See the full results here.)

 

Undoubtedly, many people will question Moot's worthiness of the title world's most influential person. TIME.com managing editor Josh Tyrangiel says that Moot is no less deserving than previous title-holders Nintendo video game designer Shigeru Miyamoto (2007) and Korean pop star Rain (2006). "I would remind anyone who doubts the results that this is an Internet poll. Doubting the results is kind of the point."

Hahhaha! Awesome

that's got my rofl

LOL. Congrats to anyone involved.

yeah, they cheated

i've heard it was an easy thing to do with that poll

anonymous delivers again.

Second biggest?

So what's the #1 if not teh 4chan ?

  Philip Glass said:

Second biggest?

 

 

So what's the #1 if not teh 4chan ?

2ch, obviously.

World's Most Naive Magazine

lol

I think I voted for 4chan

there actually seems to be a mild media obsession/visibility with the 4chan at this point

fox - hackers on steroids! internet hate machine!

the whole chanology thing

oprah - over 9000 penises! (should have been penii)

and most recently a statement of intent toward the RIA**

neal stephenson is/was a wise man. he doesn't like to draw distinctions between 'hackers', 'wise men', 'shamen', 'visionaries', etc. in his books (it's all hacking be it linguistic or neurological or whatever :D) - but i see many of his predictions being realised around me every day.

how long before the 4channers/anonymous buy their own island or someshit?

marblecake

rofl wow

Full story here

  Quote

The Beginning

 

Zombocom told me that it all started out when the folks that hang out on the random board of 4chan (sometimes known as /b/) became aware that Time.com had enlisted moot (the founder of 4chan) as one of the candidates in the Time.com 100 poll. A little investigation showed that a poll vote could be submitted just by doing an HTTP get on the URL:

 

http://www.timepolls.com/contentpolls/Vote.do ?pollName=time100_2009&id=1883924&rating=1where ID is a number associated with the person being voted for (in this case 1883924 is Rain's ID).

 

Soon afterward, several people crafted 'autovoters' that would use the simple voting URL protocol to vote for moot. These simple autovoters could be triggered by an easily embeddable 'spam URL'. The autovoters were very flexible allowing the rating to be set for any poll candidate. For example, the URL

 

http://fun.qinip.com/gen.php?id=1883924 &rating=1&amount=160could be used to push 160 ratings of 1 (the worst rating) for the artist Rain to the Time.com poll.

 

In early stages of the poll, Time.com didn't have any authentication or validation - the door was wide open to any client that wanted to stuff the ballot box. Soon these autovoting spam urls were sprinkled around the web voting up moot. If you were a fan of Rain, it is likely that when you visited a Rain forum, you were really voting for moot via one of these spam urls.

 

Soon afterward, it was discovered that the Time.com Poll didn't even range check its parameters to ensure that the ratings fell within the 1 to 100 range. The autovoters were adapted to take advantage of this loophole, which resulted in the Time.com poll showing moot with a 300% rating, while all other candidates had ratings far below zero. Time.com apparently noticed this and intervened by eliminating millions of votes for moot and restoring the poll to a previous state (presumably) from a backup. Shortly afterward, Time.com changed the protocol to attempt to authenticate votes by requiring that a key be appended to the poll submission URL that consisted of an MD5 hash of the URL + a secret word (AKA 'the salt').

 

"Needless to say, we were enraged" says Zombocom. /b/ responded by getting organized - they created an IRC channel (#time_vote) devoted to the hack, and started to recruit. Shortly afterward, one of the members discovered that the 'salt', the key to authenticating requests, was poorly hidden in Time.com's voting flash application and could be extracted. With the salt in hand - the autovoters were back online, rocking the vote.

 

Another challenge faced by the autovoters was that if you voted for the same person more often than once every 13 seconds, your IP would be banned from voting. However, it was noticed that you could cycle through votes for other candidates during those 13 seconds. The autovoters quickly adapted to take advantage of this loophole interleaving up-votes for moot with down-votes for the competition ensuring that no candidate received a vote more frequently than once every 13 seconds, while maximizing the voting leverage.

 

One of the first autovoters was MOOTHATTAN. This is a simple moot up-voter that will vote for moot about 100 times per minute. (Warning, just by visiting that site, you'll invoke the autovoter - so if you don't want to hack the vote, you should probably skip the visit).

 

 

 

Here's a screenshot of another autovoter, a program called Mooter, developed by rdn:

 

 

 

Mooter is a Delphi app (windows only) that can submit about 300 votes per minute from a single IP address. It will also take advantage of any proxies and cycle through them so that the votes appear to be coming from multiple IP addresses. rdn, the author of Mooter, has used Mooter to submit 20 thousand votes in a single 15 minute period. In the last two weeks, (when rdn started keeping track) Mooter alone has submitted 10,000,000 votes (about 3.3% of the total number of poll votes).

 

From the screenshot you can see that Mooter is quite a sophisticated application. It allows fine grained control over who receives votes, what type of rating they get, voting frequency, the proxy cycle, along with charts and graphs showing all sorts of nifty data.

 

In addition to highly configurable autovoting apps, the loose collective of #time_vote maintains charts and graphs of the various candidate voting histories. Here's a voting graph that shows the per-minute frequency of votes for boxer Manny Pacquiao.

 

More charts are available for browsing at (the very slow to load) http://fun.qinip.com/mvdc/mootvote.php

 

So with the charts, graphs, spam URLs and autovoters #time_vote had things well in hand. Moot would easily cruise to a victory. Although they still had some annoying competition, especially from fans of the boxer Manny Paquoia. Zombocom says that "it can take upwards of 4.5K votes a minute to keep Manny in his place". Despite the Manny problem, the #time_vote collective had complete dominance of the poll.

 

The Ultimate Precision Hack

 

At this point Zombocom was starting to get bored and so he started fiddling with his voting scripts. Much to his surprise, he found that no matter what he did, he was never getting banned by Time.com. Zombocom suspects that his ban immunity may be because he's running an ipv6 stack which may be confusing Time.com's IP blocker. With no 13 second rate limit to worry about, he was able to crank out votes as fast as his computer would let him - about 5,000 votes a minute (and soon he'll have a new server online that should give him up to 50,000 votes a minute.) With this new found power, Zombocom was able to take the hack to the next level.

 

Zombocom joked to one of his friends "it would be funny to troll Time.com and put us up as most influential, but since we are not explicitly on the list we'll have to spell it out. " His friend thought it was impossible. But two weeks later, "marblecake' was indeed spelled out for all to see at the top of the Time.com poll.

 

So what is the significance of 'marblecake'? Zombocom says: " Marblecake was an irc channel where the "

" video originated. Many believe we are "dead" or only doing hugraids etc, so I thought it would also be a way of saying : we're still around and we don't just do only "moralfag" stuff .

 

To actually manipulate the poll, Zombocom wrote two perl scripts. The first one, auto.pl is pretty simple. It finds the highest rated person in the poll that is not in the desired top 21 (recall, there are 21 characters in the Message) and down-votes them (you can view this as eliminating the riff-raff). The second perl script, the_game.pl is responsible for maintaining the proper order of the top 21 by inspecting the rating of a particular person and comparing that rating to what it should be to maintain the proper order and then up-voting or down-voting as necessary to get the desired rating. With these two scripts, (less than 200 lines of perl) Zombocom can put the poll in any order he wants.

 

Ultimately, this hack involved lots of work and a little bit of luck. Someone figured out the voting URL protocol. A bunch of folks wrote various autovoters, which were then used by a thousand or more to stack the vote in moots favor. Others, sprinkled the spam urls throughout the forums tricking the 'competition' into voting for moot. When Time.com responded by trying to close the door on the hacks, the loose collective rallied and a member discovered the 'salt' that would re-open the poll to the autovoters. The lucky bit was when Zombocom discovered that no matter what he did, he wouldn't get banned. This opened the door to the fine grained manipulation that led to the embedding of the Message.

 

At the core of the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters. So why do they do it? Why do they write code, build complex applications, publish graphs - why do they organize a team that is more effective than most startup companies? Says Zombocom: "For the lulz".

That is pretty fucking epic internetz

in other words, pretty sad

lol @ time.com's IT staff.