Update to the "Drunken Batman is an asshole" story

Created 4/21/2006, updated 6 weeks ago16 minute read

First, as background if you haven’t read the original story, here it is.

Now for the update.

"Drunken Batman" has now (well, on 6 April actually, but its only just come to my attention) publicly stated that one of two things is the case. Either:

Wincent Colaiuta is mental, and just making the emails up. People that delusional are pretty rare, so I consider this to be a very low probability.

Or:

Someone is pranking him, and he doesn’t know enough about how these things work to realize what’s going on or what to look for, and is jumping to hysterical conclusions all across the board. I consider this to be a very high probability.

He later goes on to say the following:

After a quick search of his site for recent references to DrunkenBlog, my personal opinion is it didn’t even occur to this guy they weren’t from me, or that I’d never even seen his post. He had some resentments to grind, they fit in, his ego massaged out all the big red blinking warning signs that are all right there, and off he went. I certainly don’t expect a correction or retraction, as that’s how these things go. In a way, it’s always good to have a reminder that the weakest link when it comes to security is usually not the tools within the system, but a tool sitting in front of it.

So, to summarize:

He claims not to have sent the email messages attempting to crash my mail client

I accept him at his word. If he says he didn’t send them, then I believe him.

He suggests that I might be a liar and/or "delusional"

I am neither a liar nor delusional. I disapproved of his posting of the crasher image, and when I received the attack emails I was surprised and updated my article accordingly with information about the emails. I don’t think there’s anything delusional about my article but I do think that Mr "Batman’s" tone is offensive, condescending and insulting.

He accuses me of "jumping to hysterical conclusions"

Once again I have to disagree. I think my conclusions were logical enough: (1) "Drunken Batman" crosses the line by deliberately crashing hundreds (or even thousands) of people’s browsers; (2) I post an article stating my disapproval; (3) I receive two emails purportedly from "Drunken Batman" attempting to crash my email client. I really don’t think it’s that unreasonable to conclude that the emails most likely came from him.

He accuses me of being ignorant or stupid in various ways: "retarded kid", "tool", "sucker", "weakest link" and so forth

I think his insults are without foundation; those who know me know that this isn’t the case, and those who don’t know me need only look at the content of my website to tell whether I’m "stupid" or not. He thinks I’m a retarded kid; I think he’s an opinionated, egotistical loud mouth.

He says that it didn’t even occur to me that the emails might be from someone else

It’s true that I initially didn’t think about alternative explanations. I was incredulous, I couldn’t believe he’d sink so low; but neither did I think that any third party would be bored enough to monitor both his weblog and mine, register a Gmail account in his name, and then impersonate him just to amuse him or herself. Forced to choose between the two explanations, the least probable by a long shot was the "impersonation" one.

After posting my article I did receive a couple of emails from people who have previously corresponded with "Drunken Batman" who pointed out to me that the address in the emails is not the one that "Drunken Batman" has used with them in the past. For example, here are some comments:

Are you sure it really Michael "Drunkenbatman" Bell who sent you
the email containing the WebKit-crash-inducing image?


I'm not saying it to defend him. I certainly consider the way he
posted the crash-inducer on his weblog to be a dick move.


I'm just saying I'm not convinced that message you got came from
him. The handful of times I've exchanged email with him, he hasn't
been using Gmail.


The name is spelled "Drunken Batman". I'm not sure I've ever seen
him put a space in there, I think Bell always spells it either
"Drunkenbatman" or "drunkenbatman".


If it really was him who sent you the crasher via email, well
that's just astounding.


Ordinarily it would strike me as unlikely, but my gut feeling is
that Mr. Batman made several hundred enemies when posted that
crasher. I'm imagining, for example, someone who had a
half-written draft of a weblog post sitting in a text area field
in another tab or window of Safari when they encountered his
deliberate crasher.


One more thing: Drunkenbatman has stated several times that he's a
devout user of GyazMail; all my email from him has an X-Mailer
header saying:


    X-Mailer: GyazMail version 1.2.4


If it *was* DB who sent you that email, perhaps the explanation is
that because GyazMail uses WebKit for HTML messages, he couldn't
use it to send that picture to you.


I'm nowhere near as surprised as you are. Except for the email
bomb.

He says he doesn’t expect a correction or a retraction

We’ll he’s wrong about that too. I am not the delusional retard that he implies. It’s always only been my intention to post the facts and now that I have more facts I’m posting them here. As I stated in reply to one of the people who emailed me:

Like you, if it really is him who's been doing it I'm astounded. But
if I found out that it's not him I'll edit what I've written
accordingly. I'm not so much upset as utterly astounded that someone
so highly regarded would act like this guy is acting.

"Mr Batman" helpfully provides a PDF of my original article "in case it goes away", but I don’t have anything to hide; in light of this new information I’ve made the following edits to my original article:

Changed "the guy whose ugly mug you can see pictured on the right" to "pictured on the right"; I only added that in after I received the attack emails, but given that they apparently were not from him I’ll tone it down (no need to impugn his looks).
Added a note and a link to back to this update.
Inserted "or someone purporting to be him" in the description of the attack emails.

Changes that won’t be made to the original article

The article is still about "Drunken Batman" getting on "the shit list". His original act (knowingly posting the crashing image) still stands.

The original article stated something like, "I’ll be advising any that asks to avoid your website like the plague". After receiving the attack emails I later upgraded this to:

I’ll be advising anyone that asks me to avoid your website and all its self-important, opinionated ramblings like the plague.

After reading your response to me, filled with flaming insults, condescension and arrogance, I don’t see any reason for toning down my language. My recommendation to avoid your site stands, stronger than ever.

Comments from third parties

One thing I will say for "Mr Batman", he doesn’t censor people’s negative comments. Here’s a sample; I’ve inserted some comments of my own where appropriate in italics:

You’re still a dick for embedding the image instead of using a link.

You act like a dick, then you’re surprised than people think you’re a dick? Your name is now associated with malware, deal with it.

To be clear, posting a crasher image in a weblog article isn’t the same as writing "malware". Malware is software that runs on your computer with a destructive intent. What "Mr Batman" posted was an exploit for an existing vulnerability. It’s not the same as malware even if the destructive intent is the same (and it is). So if we’re disciplined with our use of terminology we can’t really accuse "Mr Batman" of propagating "malware" but we can lump him in the same moral basket as those that do write and knowingly distribute malware.

Looks like old Wince read to much unserfriendly lately and got an inspiration how to generate some traffic for his b-list blog. Just leave the blighter alone.

To be clear: I’m not trying to generate traffic to my "b-list blog". Look on my website (http://wincent.dev/) for links to the weblog; you’ll find one buried in the never-visited backwaters of the site. I’m a software developer, not a "weblogger". My personal weblog is where I post articles about stuff that I’m working on for people that want a behind-the-scenes look at my software development. I also post the occasional rant that I think may be of interest to the one or two friends that I know read the weblog. I don’t promote the weblog in any way. I don’t try to drive traffic to it. When I posted the original "Batman on the shitlist" article I didn’t make any attempt to contact the "Batman" himself; I merely posted it because I felt his conduct deserved comment. If one wants traffic I really think there are better ways to go about getting it; I see about 1,000 referrals from "Mr Batman" in my server logs: big deal.

I don’t really care that you don’t like my weblog or consider it "b-list"; what I don’t like is that you mistakenly think that I aspire for it to be anything else but that. My website gets a modest quarter of a million page views per month; of that figure the weblog accounts for a measly 5,000 page views. It’s just not something that is in any way important to me. My weblogging days are in the past; I was a "weblogger" years before "Mr Batman" started his website, before the term "weblog" had even been coined. I had my "five minutes of fame" when Mac OS X came out, attracting about 50,000 page views per day. I even got "real work" out of it, receiving payment for writing articles for a number of sites. I was even invited to write books. But years ago I decided that I was much more interested in software development and that’s my principal activity.

He is a dick because of the way he choose to report it.

Thanks DB, for pointing out a stupid bug to the teeming masses, and possibly actually getting something done. :)

That’s not how bugs should be "pointed out". If he really wanted to expose the vulnerability he should have posted a link to the image rather than inlining it and crashing the browsers of any unsuspecting sods unfortunate enough to hit his front page.

Let’s be utterly clear: "Mr Batman’s" conduct is not responsible for getting anything "done". Apple will fix this flaw. "Mr Batman’s" behaviour will not be the cause of the correction.

But the second time it wiped out my preferences and fucked with my bookmarks. Great. Nice work, asshole.

I totally get that it’s Apple’s bug, but it being Apple’s bug doesn’t free DB of, beyond a certain threshold, being a dick, just like similar bugs in Windows/IE/Outlook/whatever doesn’t free creators of malware from being dicks because they take advantage of them.

DB was making a point. And being a dick. He did not trust his readers to take him seriously enough unless he crashed their web browsers. That is incredibly insulting, imho. I didn’t get my browser crashed, and I still lost respect for DB.

He was wrong to underestimate his readers. He was wrong to crash their browsers. I know that for most people it was not a hardship, but given the size of his audience, I guarantee that it was a problem for someone. He should apologize.

Not only has "Drunken Batman" not apologized, he has left the offending image intact on his front page and gone on to post another article (also on the front page) that causes Safari to crash. I think this says a lot about his personality.

Evidently he’s on some kind of power trip in which he thinks pissing a lot of people off is the only way to get something done. When Apple fixes these vulnerabilities he’ll feel confirmed that he somehow "made it happen". In reality the only thing he will have "made happen" is that he will have lost some of his readership.

apparently you’ve angered this wincent guy enough to make him remove all mention of you from all other pages of his site.

That’s correct. I previously had a link back to an article that "Drunken Batman" had written concerning a GPL violation. Once he posted the crasher I removed the link. Why would I direct my readers (few though they may be) to a site that knowingly attempts to crash their browsers?

I’ve come to this blog for a couple of years. Attended Evening at Adler (which was a hoot and very informative), but this is disrespectful and ignorant. Really shows his true colors.

I’ve removed the bookmark and will not return. Fun while it lasted.

If I wanted to instruct people that they should have working batteries in their smoke detectors, dousing their houses with gasoline and lighting a match would make my point. It would also mark me as a psychopath.

Ain’t it funny how when you act like an anti-social 14 yo script kiddie hacker, that folks might start to get the wrong idea about you?

Before the JPG incident, I would’ve assumed without any thought that you were telling the truth and didn’t send Wincent any emails. But, to tell you the truth, sending the emails and then lying about it is the same kind of behavior that the JPG incident showed.

Perhaps you’re simply a liar. Works for me.

"Wincent Colaitua is mental, and just making the emails up." I find it revealing that this is the first place your mind went…

The JPG incident is not in good faith. It’s a whole different kettle of fish. I find it deeply wrong, harmful to the general vibe of the Mac community, and something all good folks should condemn.

And if DB wants to act like an anti-social asshole in the context of the JPG incident, he shouldn’t be surprised when folks begin to think he’s an anti-social asshole in other contexts. That’s how human perception works.

Oh wait… it wasn’t a joke, he really is a dick. I guess he made that point clear.

This is a clear case of the boy who cried "wolf".

You purposely posted an image meant to crash a browser. Now when people are sent an image purposely meant to crash a browser (embedded into an email reader), well, you have to understand that you’ve lost a bit of deniability. That’s how reputation works.

Ha ha, so you act like a stupid script kiddie, then you feel like you were the one wronged? Let me tell you something, kid: assuming responsibility when you screw up is one of the important things about adulthood. You deserve any shit you’ll get for that, including lack of future work opportunities.

Look, what DB did is basically indefensible. He intentionally caused some minor but real data loss to more than a handful of souls.

I didn’t read the original entry, but proving a point by causing people to lose data (even just their URL history) is at best disrespectful and can’t be justified.

There’s a difference between proving a point and being destructive.

Wincent should have known better than to believe information from an obvious attempt to spam him. He is no fool and surely knows how this works.

Well, as I said above, I think I quite rationally concluded that the emails most likely came from "Drunken Batman" himself. How, exactly, is "this" supposed to work? What seems more probable to you?

*Option A: Person indiscriminately crashes a bunch of people’s browsers; when challenged, shows no remorse or repentfulness; I criticize him; I receive two emails signed with his initials and with an address matching his name that attempt to crash my client. Given that I am dealing with an article written by asshole and an email written by an asshole, I assume that they’re actually the same asshole.*

*Option B: Person indiscriminately crashes a bunch of people’s browsers; when challenged, shows no remorse or repentfulness; I criticize him; a third party, who happens to read both the crasher’s weblog and mine (how likely is that, given the tiny number of people who read my weblog?), decides to register a Gmail account and impersonate the crasher for his own amusement. All of this occurs within the same 24 hour period. I am somehow expected to conclude that I’m dealing with two entirely separate assholes, one impersonating the other.*

Seriously, I just don’t see how anyone would consider "Option B" to be the more probable one. Remember that I have never had any contact with "Mr Batman" and so I had no way of knowing if he was a Gmail user or not. I find it indicative of the unpleasantness of "Mr Batman’s" personality that he would use my quite reasonable assessment of the probabilities as an excuse to label me as an ignorant "tool" who knows nothing about security. Laughable.

I don’t really fucking care my browser crashed. I can get over that. DB is still a dick for posting the image inline.

Precisely my opinion. I don’t care either that my browser crashed. I lost a bunch of open pages in tabs, easy enough to get back via bookmarks. I didn’t lose any work in progress. As such as I wasn’t actually angry at "Mr Batman" (although many people got that impression from my post); but I did strongly disapprove of his decision. My low opinion of him has only been confirmed by his stubborn insistence on maintaining the offending image on the front page of his site, where it continues to this day (along with another article which will crash anyone unfortunate enough to visit that site in Safari).

He’s not only an asshole for doing this, but a fool as well as it’s both harming his reputation and reducing his readership.

Wincent Colaitua posted some of the first truly useful information about Mac OS X when it was released five years ago. I don’t know if he’s a hothead or not but I can safely say that his blog is not a b-list blog and his contributions to the general understand of Mac OS X is as important as John Welch’s, John Gruber’s, or even Mark Liyanage’s. So, DB being a newcomer in comparison to Wincent might not know him, but Wincent does deserve props for his seminal web site for those of us who were just getting our feet wet with Mac OS X.

Nice to know that people still remember my rumor-mongering days. The truth is though I am much happier now working as a software developer rather than a rumor-monger. Any Tom, Dick or Harry can post rumors; I don’t have a lot of respect for people that do it, and even less for people who try to make a living off it. I have much more respect for people which are truly creative, produce software, or write educational, useful articles. I used to include "Mr Batman" in this latter category, but not any more.

Wincent Colaitua may know a lot about OS X, but he knows shocking little about mail headers.

Two things: Firstly, I didn’t even bother to inspect the headers for evidence of forgery. Why would anyone bother to forge a Gmail email address? The accounts are free and can be obtained by anyone. Why forge email from "someone@gmail.com" when you can just go and register it yourself? When you receive an email from "johnz23123@hotmail.com" do you bother to inspect the headers to make sure it’s really from John Z "23123"?

Secondly, there is no evidence of forgery in the headers. Look at email sent from a Gmail address; the headers look exactly like that. It seems to be the poster of that comment who knows "shocking little about mail headers".

As to DB, well… I find your blog entertaining and all, but posting that last image inline? Yeah, a tad immature. Intentionally exploiting a bug is never ok.

yes, DB was a bit of a dick, but the point was worth making.

Agreed, he was "a bit of a dick". I also believe that the vulnerability needed to be brought to Apple’s attention. What I do not believe is that this guy has a right to "make a point" by crashing other people’s applications. That’s just not how it’s done.

1 vote for db=dick

I recently started reading your blog and up until now I have enjoyed your writings. My Safari browser crashed when I tried to open your front page but luckily I did not lose any data as others have reported, but I took offence to your stunt. Subsequently reading articles written by you will not hold great importance to me in the future.

My computer system is my property and I consider anyone who performs unsolicited manipulation of my computer system that result in my applications crashing to be a malware author and a mere crook. You are no different than the much hated spammers that send me unsolicited mail. I am not interested in your motives only the consequences of your actions.

All this boils down to common courtesy and manners that you and your choir do not apparently possess.

As I have been programming in Cocoa for about a year now and I really enjoy reading the blogs of great software developers such as Wil Shipley, Gus Mueller and many more I would like to thank you for bringing to my attention the blog of Wincent Colaiuta. He has some very interesting articles on technical matters and sounds like a very rational person and a knowledgable Mac OS X developer.

Thanks.

lately I find DB turning into a bit of a prick

And DB I find it rather distasteful that a man in your position attacks someone in your blog with such vehemence and hostile innuendos as you did in your latest article. Your assumptions are very likely right, someone other than you was pestering him. But I fail to see how your "righteous" indignation is somehow more righteous than his. After all your actions were the catalyst in this whole affair.

Farewell for now

One of the things I find amusing about some of the comments that have been made in support of "Mr Batman" is that some of his defenders have attacked those who use tabs as not being sufficiently savvy. Use bookmarks, it’s called browser history, duh, etc. How soon we forget the days when only Mozilla had tabs, tabs were the poster-child of every Linux-adoring nerd. Now, accordingly to "Mr Batman’s" followers, if you rely on tabs or if you use them too much then you’re some kind of neophyte. Er, right…

Well I think I’ve already wasted more than enough time on this subject. Time to get back to coding…

blog