For what it's worth--it's difficult even for a non-impaired person to pull this off. So your best bet is to use mods regardless. We all do.
That said, there's only so far that game companies can reasonably provide accommodation. It's a video game. If you're visually impaired, that's going to be hard for you to entertain yourself with. Everyone is well aware of this, you're *impaired*. It's a tough life, but that's how it is.
One of my best buddies from WoW, whom I've stayed at his place and hung out with when we went to Blizzcon, is mostly deaf. He wears a cochlear implant to help him hear but when he takes it out he won't really hear a thing. He lives his life, enjoys it, has a great job, and recently purchased a large house in Burbank, California.
What's wrong with testing browsers in their default configuration? Anything? I fail to see the problem with that.
When comparing browsers you compare them in their default, standard configurations. Any OS or Browser can be configured to be hyper secure, this is a given. And this heavily skews the results.
For example, I can make a hyper-secure Windows machine or a hyper-secure Linux machine.
In my world, Outlook and Outlook express prevent you from launching executables in e-mail.
In my world, people should be using IE8 which has been proven to be the best at preventing socially-engineered malware (read: phishing sites, spam links, and malware-hosting sites) Source: http://nsslabs.com/browser-security-malware-3Q2009
This is very true. I have met quite a few people that play video games, watch movies, and yet have never shot a gun. It is always interesting taking them to the shooting range for their first time.
I've played violent video games for a majority of my life. The bloodier, the gorier, the noisier, the better it was.
But when my father brought home a deer one day and skinned it in the back yard, I cried. When my father shot a squirrel with a BB gun, I cried.
I can't stand killing living beings and creatures. And this is something ingrained in me, even today.
I suppose the rednecks would classify me as a pussy:P Which is interesting, because these are the same types of people that decry these sorts of video games. It's very disturbing in a way, that people would cry out against a video game but call you a pussy if you won't kill a bird, a deer, or a squirrel--and actually find enjoyment in it.
Taking a life in real life is far different than anything you could possibly do in a video game. And if you do not have the moral capability to understand that, then I suggest you seek help, as everyone else is stating.
Think about that for a few minutes, and get back to me. By and large, COD:MW2 is not the first nor the only video game to depict killing innocent civilians. There were games where that's all you did (Carmageddon series) to get points.
I'm an end user of most technology. I spend many of my days playing with things and always looking for ways to incorporate technology into my life. But the fact of the matter is that none of the things this guy rants on about is anything I care about. There are very clear limitations with everything this guy is saying.
I don't even jailbreak my iphone, to be honest. The ported applications are absolutely horrendous. They aren't even worth breaking open the phone--for free! Because iSSH is a better application, I'd rather pay $10 than go through the hassle of having to jailbreak my iphone just to use a "Free" ssh application.
That says a lot about the usability of the iphone in its default form.
True, but you also have to factor in that many other nations teach their children English early on, and many people, being closer together, are far more often exposed to other languages than the "average" American.
And by exposed I mean being so close to it that if you drive an hour down the road you're in an area where your native language isn't really used at all.
(This generally applies to Europe)
Once you become accustomed to learning multiple languages, learning others becomes significantly easier in comparison. Learning how to change your thought processing for a language that isn't your native tongue is the largest barrier.
Either way, none of this matters because a fact is a fact.
As far as how the DHS treats people who visit the country, that's an entirely separate entity from this education. Having been in and out of the country I've been treated good and bad by both sides of immigration (both entering another country and leaving/entering the US)
You forget that people get an education to become better at something, so your point about a "better Chinese student" versus an American student is somewhat irrelevant. You can't really define what constitutes a "better" student, because the results of which are not seen possibly for decades beyond that education.
Is it a student that studies all of the time? What about students who don't need to study all of the time yet still pass their classes? Is it a student that attends every class? What if you don't need to attend every class?
It can be argued that even if the American student isn't quite as educated or capable in a mental sense as the Chinese student, that the money should still go to the American student. After all, chances are he's going to stay within this country while the Chinese student may or may not have an allegiance to be here. After all, it's a lot easier to come to the US than it is to go to any other country from the US. This includes language.
So you spend our tax dollars to educate some smart Chinese student who has a strong possibility of returning to his home country with his education, versus a student that is more than likely going to stay in the US, providing us with the knowledge he learned.
There are a lot of problems in the US Education system, but this sort of comparison isn't related to any of them.
For what it's worth, if you played WoW everyone was already told this day was coming. Way back when Wrath of the Lich King came out, people were told that we would eventually be forced to move to Battle.net logins. If you hadn't moved over by now, that's your dumb fault.
I did a sort of "audit" of IT people around me and their knowledge of TLS certificates and how to implement it--and most have no clue. It's really quite a shame. I've been working on doing all sorts of SSL stuff and many different implementations. The things I've tested and used:
-OpenVPN using pre-shared keys -OpenVPN with a CA infrastructure where OpenVPN verifies that a certificate was digitally signed by a CA. Interestingly enough, I haven't found anywhere to configure OpenVPN to only accept certain keys signed by the CA (it only verifies the CA signature) -SSH with key-authentication, password-protected keys -WinSCP with the same -Apache w/ SNI and virtual hosts with self-signed certificates -Apache w/ SSL and self-signed certificates, 1 host per IP -Apache w/ CACert signed certificate, providing a link on the HTTP version of the site to grab the CACert Root certificates. -Apache w/ SSL key authentication and PKCS #12 files on each client machine w/ Chrome, IE, and Firefox
Most of the information and documentation is spotty on setting all of this up. For example, OpenSSL's documentation on building certificate authorities is terrible, as they expect you to dump the CA certs/keys in the "demo" directory. For some of my earlier implementations I used OpenVPN's built-in scripts to create a CA, then public/private key pairs.
When you attempt to do client side authentication with SSL, Firefox gives you a cryptic error message if you forget to include the entire chain of trust within the pkcs #12 file. This is even if you put the CA Root cert into its Certificate store....you still need the entire chain of trust in the pkcs file. FF's exact error was "Failed for unknown reasons." When trying to find out why it failed, I actually got the answer in a completely unrelated IRC channel of nerds.
The Windows crypto store is still vulnerable to the null character bug, so this still puts IE and Chrome in the shitter with that. Shouldn't be a problem moving forward, however.
In fact, I would say I learned the most about SSL by Moxie Marlinspike's slides than I learned anywhere else, combined with knowledge accumulated over the years.
Honestly I think it's a lack of faith in the in-house IT department more than anything. The way it's set up at my company is that the in-house guys handle immediate issues that come up and are the technical liaisons between Host Company and Product/Services company. They are more or less middle men.
I can only imagine where this came from, probably the following:
-The amount of "LEARN COMPUTERS NOW AND QUADRUPLE YOUR PAY!" certification factories
-General overall incompetence on the part of the IT personnel as a whole. This generally has to do with a company wanting to provide a much lower pay grade
-Management who just doesn't understand IT. Your typical "if shit works, they don't feel like they should be paying you so much $. If shit breaks, then it's your ass." So instead there grew a market of consultants. People who are outside to the company that can come in and bang out a project, but not someone that has to be paid full time, and only on an as-needed basis.
-Companies who recognize the above and so really hype up that "OMFG YOU NEED THIS SERVICE NOW!"
And businesses wonder where all of their money is disappearing to. It's like, if you don't let your in-house IT people do their job, then of course you're going to spend tons of $.
But maybe I'm just living in a fantasy world where I expect my IT peers to be as knowledgeable if not more so than I am.
It is and it isn't simple. There is a lot of work that would have to go into making a secure hospital system particularly with the amount of wireless being brought into play now. And layer 2 security is not enough to get it done.
I agree, though, that the solutions are usually far less complex than people trying to make a ton of $ make them out to be. And companies and governments would probably save buttloads of money on IT if they stopped trying to place blame when shit hits the fan.
This is a problem we have at my company right now. They're looking at rolling out this huge, custom project that combines a few of the products we're using now but also has to interface to them. In addition we're rolling out a completely new IT project. The development of said software is a consulting firm. And I assure you the amount of $ we're spending on it is absolutely ridiculous, when they could probably save far more money by having in-house developers.
The problem is they would have to find in-house developers, pay them, and find a project manager, probably still have a consultant to tell them how many people it would take to write it all, and then if it fails they would have to end up blaming themselves for the problems.
I can assure you that in this day and age, the $ they're spending is not what they should be spending on an IT project.
If they put it in the TOS that using a residential connection they are allowed to do this, there isn't much you can do. They do offer business services that do not have caps, limits, or otherwise such things.
So my suggestion is if you want guaranteed* service, look towards the business accounts.
Otherwise, you could always get a secondary DSL line backup account and do failover in the event your primary connection drops.
If your business depends on connectivity, using a residential service with no failover and no backup is your fault, not the ISP's.
Short of extremely locked down specific embedded operating systems, you are going to find systems that need configuration. There is no such thing as "good defaults" because everyone's needs and uses vary accordingly.
Both Linux and Windows have defaults that sort of leave the system vulnerable, with Linux the distributions vary as to what options are default and what aren't--but generally speaking no matter which system you go with you WILL have to go in and add further security tweaks to fit your needs.
Sandboxie charges for their software yet refuses to sign the driver so it will work on 64-bit Windows. Sorry to say, but eventually he's going to have to update or lose his customer base. Eventually we will move to all 64-bit Windows machines, and driver signing will be mandatory.
VDK hasn't even been updated in nearly 5 years so I would imagine that project is likely dead. It's also largely useless software.
Process Explorer and Procmon are both Microsoft applications. They work fine.
Slashdot Mirror
For what it's worth--it's difficult even for a non-impaired person to pull this off. So your best bet is to use mods regardless. We all do.
That said, there's only so far that game companies can reasonably provide accommodation. It's a video game. If you're visually impaired, that's going to be hard for you to entertain yourself with. Everyone is well aware of this, you're *impaired*. It's a tough life, but that's how it is.
One of my best buddies from WoW, whom I've stayed at his place and hung out with when we went to Blizzcon, is mostly deaf. He wears a cochlear implant to help him hear but when he takes it out he won't really hear a thing. He lives his life, enjoys it, has a great job, and recently purchased a large house in Burbank, California.
So what exactly happens in the absence of government? Or a Representative Democracy? Would abusive, rich, powerful individuals just disappear?
In addition, there was a Q3 update to this test that compared Safari 4. The test on which this article is based on does not apply.
What's wrong with testing browsers in their default configuration? Anything? I fail to see the problem with that.
When comparing browsers you compare them in their default, standard configurations. Any OS or Browser can be configured to be hyper secure, this is a given. And this heavily skews the results.
For example, I can make a hyper-secure Windows machine or a hyper-secure Linux machine.
In my world, Outlook and Outlook express prevent you from launching executables in e-mail.
In my world, people should be using IE8 which has been proven to be the best at preventing socially-engineered malware (read: phishing sites, spam links, and malware-hosting sites) Source: http://nsslabs.com/browser-security-malware-3Q2009
Reading your e-mail cannot infect your machine.
I've never followed this advice, seriously--ever.
:P
That said, I'm going to be developing a deployment of over 20,000 Windows 7 machines here. Booya
All I've got to say is: Yay imagex
good one.
photon:
It's pretty easy to understand your bias from your paragraph as well. I'm guessing you're somewhere further to the right.
You were quite quick in your description of the Conservative view to assault a group of people and use negative terms.
Believe me when I say, there are more than a few Conservatives that are far more than happy to take advantage of someone else's money in that country.
The only real difference is who gets to call the shots as to where that money goes.
This is very true. I have met quite a few people that play video games, watch movies, and yet have never shot a gun. It is always interesting taking them to the shooting range for their first time.
:P Which is interesting, because these are the same types of people that decry these sorts of video games. It's very disturbing in a way, that people would cry out against a video game but call you a pussy if you won't kill a bird, a deer, or a squirrel--and actually find enjoyment in it.
I've played violent video games for a majority of my life. The bloodier, the gorier, the noisier, the better it was.
But when my father brought home a deer one day and skinned it in the back yard, I cried. When my father shot a squirrel with a BB gun, I cried.
I can't stand killing living beings and creatures. And this is something ingrained in me, even today.
I suppose the rednecks would classify me as a pussy
Taking a life in real life is far different than anything you could possibly do in a video game. And if you do not have the moral capability to understand that, then I suggest you seek help, as everyone else is stating.
caitsith:
repeat after me: It is a video game.
Let's repeat that: It is a video game.
Think about that for a few minutes, and get back to me. By and large, COD:MW2 is not the first nor the only video game to depict killing innocent civilians. There were games where that's all you did (Carmageddon series) to get points.
Do they even understand how to put it into perspective with their kid at all? Probably not.
I'm an end user of most technology. I spend many of my days playing with things and always looking for ways to incorporate technology into my life. But the fact of the matter is that none of the things this guy rants on about is anything I care about. There are very clear limitations with everything this guy is saying.
I don't even jailbreak my iphone, to be honest. The ported applications are absolutely horrendous. They aren't even worth breaking open the phone--for free! Because iSSH is a better application, I'd rather pay $10 than go through the hassle of having to jailbreak my iphone just to use a "Free" ssh application.
That says a lot about the usability of the iphone in its default form.
"There are tools that can do the Sharepoint Task on OSX"....like?
My perception of Europe is based on my own experiences, yes. This is correct. It's not like I'm conducting a scientific study for slashdot :P
pjt33:
True, but you also have to factor in that many other nations teach their children English early on, and many people, being closer together, are far more often exposed to other languages than the "average" American.
And by exposed I mean being so close to it that if you drive an hour down the road you're in an area where your native language isn't really used at all.
(This generally applies to Europe)
Once you become accustomed to learning multiple languages, learning others becomes significantly easier in comparison. Learning how to change your thought processing for a language that isn't your native tongue is the largest barrier.
Either way, none of this matters because a fact is a fact.
As far as how the DHS treats people who visit the country, that's an entirely separate entity from this education. Having been in and out of the country I've been treated good and bad by both sides of immigration (both entering another country and leaving/entering the US)
drsquare:
You forget that people get an education to become better at something, so your point about a "better Chinese student" versus an American student is somewhat irrelevant. You can't really define what constitutes a "better" student, because the results of which are not seen possibly for decades beyond that education.
Is it a student that studies all of the time? What about students who don't need to study all of the time yet still pass their classes? Is it a student that attends every class? What if you don't need to attend every class?
It can be argued that even if the American student isn't quite as educated or capable in a mental sense as the Chinese student, that the money should still go to the American student. After all, chances are he's going to stay within this country while the Chinese student may or may not have an allegiance to be here. After all, it's a lot easier to come to the US than it is to go to any other country from the US. This includes language.
So you spend our tax dollars to educate some smart Chinese student who has a strong possibility of returning to his home country with his education, versus a student that is more than likely going to stay in the US, providing us with the knowledge he learned.
There are a lot of problems in the US Education system, but this sort of comparison isn't related to any of them.
For what it's worth, if you played WoW everyone was already told this day was coming. Way back when Wrath of the Lich King came out, people were told that we would eventually be forced to move to Battle.net logins. If you hadn't moved over by now, that's your dumb fault.
I did a sort of "audit" of IT people around me and their knowledge of TLS certificates and how to implement it--and most have no clue. It's really quite a shame. I've been working on doing all sorts of SSL stuff and many different implementations. The things I've tested and used:
-OpenVPN using pre-shared keys
-OpenVPN with a CA infrastructure where OpenVPN verifies that a certificate was digitally signed by a CA. Interestingly enough, I haven't found anywhere to configure OpenVPN to only accept certain keys signed by the CA (it only verifies the CA signature)
-SSH with key-authentication, password-protected keys
-WinSCP with the same
-Apache w/ SNI and virtual hosts with self-signed certificates
-Apache w/ SSL and self-signed certificates, 1 host per IP
-Apache w/ CACert signed certificate, providing a link on the HTTP version of the site to grab the CACert Root certificates.
-Apache w/ SSL key authentication and PKCS #12 files on each client machine w/ Chrome, IE, and Firefox
Most of the information and documentation is spotty on setting all of this up. For example, OpenSSL's documentation on building certificate authorities is terrible, as they expect you to dump the CA certs/keys in the "demo" directory. For some of my earlier implementations I used OpenVPN's built-in scripts to create a CA, then public/private key pairs.
When you attempt to do client side authentication with SSL, Firefox gives you a cryptic error message if you forget to include the entire chain of trust within the pkcs #12 file. This is even if you put the CA Root cert into its Certificate store....you still need the entire chain of trust in the pkcs file. FF's exact error was "Failed for unknown reasons." When trying to find out why it failed, I actually got the answer in a completely unrelated IRC channel of nerds.
The Windows crypto store is still vulnerable to the null character bug, so this still puts IE and Chrome in the shitter with that. Shouldn't be a problem moving forward, however.
In fact, I would say I learned the most about SSL by Moxie Marlinspike's slides than I learned anywhere else, combined with knowledge accumulated over the years.
Honestly I think it's a lack of faith in the in-house IT department more than anything. The way it's set up at my company is that the in-house guys handle immediate issues that come up and are the technical liaisons between Host Company and Product/Services company. They are more or less middle men.
I can only imagine where this came from, probably the following:
-The amount of "LEARN COMPUTERS NOW AND QUADRUPLE YOUR PAY!" certification factories
-General overall incompetence on the part of the IT personnel as a whole. This generally has to do with a company wanting to provide a much lower pay grade
-Management who just doesn't understand IT. Your typical "if shit works, they don't feel like they should be paying you so much $. If shit breaks, then it's your ass." So instead there grew a market of consultants. People who are outside to the company that can come in and bang out a project, but not someone that has to be paid full time, and only on an as-needed basis.
-Companies who recognize the above and so really hype up that "OMFG YOU NEED THIS SERVICE NOW!"
And businesses wonder where all of their money is disappearing to. It's like, if you don't let your in-house IT people do their job, then of course you're going to spend tons of $.
But maybe I'm just living in a fantasy world where I expect my IT peers to be as knowledgeable if not more so than I am.
It is and it isn't simple. There is a lot of work that would have to go into making a secure hospital system particularly with the amount of wireless being brought into play now. And layer 2 security is not enough to get it done.
I agree, though, that the solutions are usually far less complex than people trying to make a ton of $ make them out to be. And companies and governments would probably save buttloads of money on IT if they stopped trying to place blame when shit hits the fan.
This is a problem we have at my company right now. They're looking at rolling out this huge, custom project that combines a few of the products we're using now but also has to interface to them. In addition we're rolling out a completely new IT project. The development of said software is a consulting firm. And I assure you the amount of $ we're spending on it is absolutely ridiculous, when they could probably save far more money by having in-house developers.
The problem is they would have to find in-house developers, pay them, and find a project manager, probably still have a consultant to tell them how many people it would take to write it all, and then if it fails they would have to end up blaming themselves for the problems.
I can assure you that in this day and age, the $ they're spending is not what they should be spending on an IT project.
I assure you that it is like this at private companies, too. The money spent is CYA money, nothing else. And it is quite the doozy.
#1304615
If they put it in the TOS that using a residential connection they are allowed to do this, there isn't much you can do. They do offer business services that do not have caps, limits, or otherwise such things.
So my suggestion is if you want guaranteed* service, look towards the business accounts.
Otherwise, you could always get a secondary DSL line backup account and do failover in the event your primary connection drops.
If your business depends on connectivity, using a residential service with no failover and no backup is your fault, not the ISP's.
cinnamon:
Short of extremely locked down specific embedded operating systems, you are going to find systems that need configuration. There is no such thing as "good defaults" because everyone's needs and uses vary accordingly.
Both Linux and Windows have defaults that sort of leave the system vulnerable, with Linux the distributions vary as to what options are default and what aren't--but generally speaking no matter which system you go with you WILL have to go in and add further security tweaks to fit your needs.
Dear Mr. AC,
Sandboxie charges for their software yet refuses to sign the driver so it will work on 64-bit Windows. Sorry to say, but eventually he's going to have to update or lose his customer base. Eventually we will move to all 64-bit Windows machines, and driver signing will be mandatory.
VDK hasn't even been updated in nearly 5 years so I would imagine that project is likely dead. It's also largely useless software.
Process Explorer and Procmon are both Microsoft applications. They work fine.