Edit: This was in responce to a now deleted post about how the code error was NVDA's and how remote is not to blame. This post has been deleted, but I will still keep my reply.
Hi. I can see what you are saying to a certain extent. I think that we both have slightly different views on things. While NVDA is part of it, the keyhook I got locked into was indeed NVDA remote. This provented me from restarting my NVDA, shutting down safely, etc etc. And the way I look at it, He used remote to expand an NVDA issue. He didn't get crashed, everyone else did because he recoded / added to remote. And lets look at this from a different point of view. If I make some security software and someone uses it on there computer. The software has the ability to run system commands encase of maybe a hack or something. Well, in windows, if you kill csrss.exe, the system instantly bluescreens. So if I decide to be a dick and type that command and bluescreen the computer, is it windows fault? No, it's my fault and the software's fault, even though it is a windows issue. When I connected to that key, I clicked an option that says control another machine. This expressly implies that my computer is not to be controled or tampered with, that I am controling another machine. But a bunch of clients were crashed. Yes, it can be considered more of an NVDA thing, but it's still remote that caused it, thus in my opinion, is what to blame. Also, lets look at it from a clients point of view. Especially if I don't know much about computers and this happens, I ain't gonna give 2 shits who made the coding error because that's not what madders. The dev of the remote software I was using crashed me with it. Lets take the unix processer. You set the time to unix_timestamp-1 second, good buy to your system, at least in a way. So what if apple decided to be a dick and somehow remotely set some random iPhones to timestamp-1. Would you blame the unix processer? Or apple.

Direct quote from Sam's recount: "Ivan soto posted on his twitter, everyone, if you want to fuck me over, connect to this key, 123. This resulted in over 10 people connecting to said key."

So you're telling me that you're saying this program is unsafe, after he had 10 people connect to his computer. To add to this, he specifically asked people to fuck his computer over. Now, we have Tyler, an insanely good hacker, as well as the creator of the addon. Ivan specifically, willingly, and indirectly gave him permission to access his computer.

Now, I'm not a programmer on the level your friend group is. However, I do know that if you allow people that you don't know to connect to your computer, shit is going to go down. Sure, Tyler shouldn't have done what he did, but cmon, you brought this on yourselves.

I want to write a few things here, because I have very mixed feelings about this.
First, I don't care where the issue is or what caused it, Tyler or anyone who received money for writing this add-on should not be abusing it, regardless of how stupid it was to share a key and ask people to do something or connect to your computer. This is the point I've been trying to make on Twitter. I'm not sure why people rushed to Tyler's defense, because what he does is not really any different from what he's done before. This isn't a one time mistake.

Now with all of that said, I do realize I was slightly unreasonable here, I was mostly irritated that something like this was taken advantage of. The recording does sound heavily edited and mostly really just consists of a bunch of kids screeching and yelling and throwing out buzzwords. The issue here is certainly a problem and I was unable to follow everything going on before I finally just gave it up as a lost cause. Tyler has mentioned that the issue is of taking control of people's synths, but if someone's system was controlled when it wasn't supposed to, which I think might have been what the recording might have been getting at, this needs to be brought to light.

Otherwise, Thanks Chris for looking into this and trying to fix it and this has spun out. I do think that the add-on needs to be evaluated; I honestly don't trust that it is secure, especially the server portion which as far as I'm aware is not open source. Really Tyler's actions show some form of mallace and are not excusable; sadly, this brings the entire add-on into question for me.

I agree that what Tyler did was a dick move, and it's unfortunate that NVDA Remote was used to do it. It's even more unfortunate that Tyler was one of the developers of NVDA Remote.

This doesn't have anything to do with the security of NVDA Remote though. I share Toth's opinion that when you make posts like this, people are going to jump to conclusions and assume that NVDA Remote has some giant security flaw in it that makes it unsafe to use. In truth though, as long as you use NVDA Remote for its intended purpose and don't go sharing keys, something like this won't happen.

Also, what was your friend talking about the login screen looking different? I'm fairly certain that didn't happen and he was just contributing to the fear mongering.

Hi. Ross, of course I know what your getting at. Here is a point to consider. It is so easy to get someones NVDA remote key with remote.ini, that you hardly have to share keys. And lets not forget the keyhook which was remote. I guess I just feel that it was remote that conducted it, what was used to actually freez the system, I never saw that counting really. Like blaming oxygen for exploding and killing people, or feeding fires. Just my opinion on that particular matter. My biggest thing is tylers responce. He knew this for months yet didn't fix it. As a client, if I wasn't that good at programming etc, i'd think there was a huge ass flaw in remote. And if you want my honest opinion, NVDA is just being used in this situation to make one.

Sam

Fair enough. I do agree with you about how the remote.ini file needs to be hidden a bit better.

Lol yeah, the beginning of that file is total chaos and speculations. You may as well skip it and wait until they start talking in notepad. I just wanted to be as honest as possible and include everything that happened. Come on, what would a huge croud do if there was the sound of someone dropping a huge box on the ground onto someones toe. How many terrorest speculations do you think there would be.

What I ment was the sound. It it was large enough and landed right, it could sound like a gunshot if the sight was not scene. And yeah, i'm sure it did. There were like 7 people in that TT channel all with computer problems with different ideas of what caused it. If you disect each thing from each person it won't sceme like were all as mentally retarded as what it scemes now, but etc. Wait, injecting an NSA payload into the nexass? I do not recall that, in fact I know that was not said at all.

It's not through those words exactly, but yes. 8 bit login screen, a payload, someone mentioned the bios and recovery (which is after the bios), someone also mentioned embedding a file... just the random bits of technobabble that really made no sense. but yes. I was a bit confused why they thought their screen was ported to the NES.

@slender, this has nothing to do with remote.ini. I brought it up, but no, this is different, involving a developer of NVDA remote crashing there clients. At least read the text on the linked page which explains things. The recording is there for proof.

I love it. That will always be a source of comedy now, the beginning of that recording. Roooooooooofl. I think remote.ini is an issue just because it's so easy to get the keys. It may not be able to be fixed, but it's a step away from leaving the key in the lock. The real issue is a developer fucking over his clients.