It's perfectly possible to send E-Mail using SSL between servers. Google even prefers to do this. Use an HTTPS site as an E-Mail portal, and it won't matter if the communication is going through the US.
Unless the NSA has a copy of the site's key or has broken SSL crypto, they can log all the trafic they want. With perfect forward secrecy they can get the key latter, and still not know what's being said.
Note: I'm simplifying how SSL works for the sake of convenience.
That's true. While the US is getting a ton of flac from every direction, those of us in the US are primarily worried about domestic spying. Anything outside the US is their jurisdiction by law. On the other hand, there are valid reasons for India to do what they are doing.
The two things India is trying to do are send a message and secure their communications. The message part is pretty obvious, but the security part is still there. They know that the NSA has access to Gmail. Anything home grown might have plenty of backdoors, but it should at least make the NSA work for it. Maybe not very hard, but at least harder than a National Security Letter written on a postit note. After all, you'd think that vacuuming up the entire E-Mail database might leave some kind of trail.
At this point I'd make a comment about Indian IT, but I've seen some good people from there. It's just like China, I've worked with someone who knew nothing, and I've worked with people who are amazing. The trick is most companies hire cheap, and that goes double for outsourcing companies. Here's hoping that the Indian government doesn't go that route. If they do, they will at least be able to understand their workers, but the quality will be as bad as a typical US contractor.
The problem is that the agency responsible for all that shouldn't be the same agency looking at US citizens. That's not a moral, or even constitutional issue. It's a management one.
Go through all this data to do any of the things you refer to above are specific tasks. Things no one has a problem with. The problem comes when the NSA has information overload because every AT&T office in the middle of no where has a tap on it. I hope that last statement was just hyperbole, but you get my point.
Terrorism is such a nebulous term in the hands of bureaucrats and politicians. It's being used to justify huge amounts of departmental overreach. I want the NSA to watch Russia, and Iran, and North Korea. What I don't want is for them to watch everyone at home. Doing so makes as much institutional sense as replacing policemen with soldiers.
The fun thing is that 3/4 of the issues we're currently dealing with in fission are also a problem for fusion.
While fusion reactors don't have radioactive fuel.... Wait... Any fusion reactor we use in the near to mid future will be Tritium (H3) based. Tritium is radioactive. A large cost of servicing and decommissioning a fission reactor is radiation making the containment vessel, and coolant radioactive. Fusion reactors have the same problem.
In a 4th gen pebble bed reactor you have fuel that is individually contained in tennis ball sized capsules. Though, dust is a major issue with this design. With a toroid type fusion reactor you have huge amounts of plasma hotter than the sun being held in place by magnets that need to be the same temperature as liquid nitrogen. Guess what happens when the two have an accident. The first shuts down cleanly, though some radioactive dust may escape. The second goes up in a giant radioactive fireball.
I honestly don't get people claiming fusion is the end all be all answer to Earths energy problems. I'm all for the research, but that's because I see it as a better option for space based power, like ramscoop powered transtellars. I think it's because when the eco nuts and talk about fusion they mean "cold fusion." An idea that's about as realistic as a perpetual motion machine.
*-- Rich handicapped people buying time on poor people's bodies.
*-- Rich people buying time on poor people's bodies, in order to do criminal things.
They made a movie about that, except that it was "Rich people buying time on peoples bodies to do whatever the hell they wanted," and "Rich people buying time on death row inmate's bodies to make them kill each other."
An interesting Idea. This is exactly how fraternities handle things when they have to pull an individual chapter's charter.
Of course, there are major differences between the largest spy agency in the world, and an organization of college age men. The largest being that (good) fraternities have a national organization that monitors them, and is both capable and willing to preform such drastic action is necessary. Meanwhile, it looks like congress does nothing but talk.
This should only be a last resort though, especially since the contractors and employees would most likely just go to another part of the US government that does something similar. Every branch of the US military has it's own Cyber Command, and pretends to be in charge of "cyberwar." It's a giant bureaucratic power struggle, and just removing the NSA isn't necessarily going to make things better.
I would recommend repurposing the favorite method of censors, and copyright control freaks. Third party liability. Repeal the telco's spying immunity, and watch the lawsuits fly. You didn't need to be a tin foil hat conspiracy theorist to know that this kind of monitoring was going on. Not after the Room 641A debacle.
Don't hate on DARPA. However much you might dislike the USA or it's military, DARPA does a bunch of cool stuff. Quite a bit of which has nothing to do with weapons.
In this case they want a robot that can go into areas with biological, chemical, or nuclear hazards and preform as well as a Human can. The Fukishima nuclear incident (or disaster if you prefer) showed why current robots suck. Imagine if one of these things was able to activate a pressure release valve. Even with some radioactive release, they could have avoided the hydrogen explosion.
Oh, if you feel like bashing the US Government, then I'll go ahead and feed you. The keyword is "safety." According to politicians, no freedom, no cost* is too much. Everything is for a safer world.
*All costs are billed to the US tax payer. Major campaign contributors should set up a meeting to discuss tax brakes to avoid these costs. Some "Truth Enhancement" may or may not be used. Read the full thousand page bill for details.
The reason why I think may of the wrappers will work is just because they aren't commonly used. Right now people can go pay for an OpenVPN service and download an installer that will do all the work for them. Like tor, OpenVPN is a big target.
The only other thing I can think of is ping times.* It might not look like it, but HTTP is horribly latency sensitive. After every web page is loaded, all the images and javascript are downloaded. Repeat for about a dozen times because javascript is horrible. So, try noscript, it might speed up your browsing. It certainly will make quite a few web pages less annoying.
*Once again, you probably already know this. Keep assuming that I'm just ranting for the noobs. We all were naive at some point. Then some helpful soul points us to TV Tropes or 4chan.
Some more info would be appreciated. So, here's the basics of a few things you can do to make sure it really is the network*. First use iperf on the client and server. Test it on both the tunnel interface and the WAN interface. Second, use top via a separate ssh session. Make sure OpenVPN isn't eating all your CPU or memory. Lastly, what provider are you using? Lately the default Debian build that Edis.at gave me needs an ifconfig up/down every other day.
I've had a similar problem when using my own VPS as an HTTP proxy via OpenVPN. It turned out, the proxy application was crap. Allowing the machine to route packets and using it as a default gateway for all traffic fixed the problem, or at least worked around it.
Now. If it really is blocking, there are a couple of ways around it. The more complicated ones involve using some other VPN application. When dealing with more than one client, that rapidly becomes annoying. A simple one is using an SSH connection as a SOCKS proxy for your browser. It's not elegant, but it works. Another way is to mask your OpenVPN connection by encapsulating the UDP or TCP packets. Once again, SSH port forwarding works, but that's a TCP solution. socat was designed to do things like that, so it seems like a good choice. Finally, there's Ping Tunnel. It embeds traffic in ICMP packets.
Whoever is throttling you might detect one or more of these, but they're probably using some sort of signature based detection. Just about anything that requires a command line should get through.
Remember, since you are technically savvy enough to roll your own, you are the one percent. Good luck, and please let us know how it goes.
*I know you're probably familiar with all of these things. Just assume that I put this section here for those who aren't.
Sounds like an excellent way to launder money, as well. Virtual goods with no real inventory....
Not so much. It's easy to buy the things from the company, but as soon as you try to sell them it becomes "Real Money Trading." Game companies have always tried to stop RTM. Traditional games at least have a valid reason for this. RTM encourages criminals to use bot farming. Meanwhile, games with micro transactions don't like it because it's a secondhand market eating into there profits.
The ethics of RTM are actually quite interesting. For any game where you can buy something in game with real money, it's hard to see the problem. Secondhand markets are good for a variety of reasons that I'm not going to get into here. Suffice it to say that morally there's no difference between RTM in a game with micro transactions and buying used games. In both cases, the main thing stopping people is company policy. It'll be interesting to see how the European Courts decisions involving selling licenses applies to things like this.
The most interesting example to me is EVE Online. They were a traditional game trying to find a solution to bot farming. Their solution was nontraditional in the extreme, especially since they did it before pay to play was a thing. I say that, but it really is just a different pay to play system. What they did is allowed players to use game time as an in game item. Players can then sell this item for in game money. This solves the need some players have by providing a pay to play system. EVE balances this by having item destruction as a core game mechanic, and requiring players to level up skills to use more advanced items.
All the systems I've mentioned try to reduce demand to the point where a bot farmer would have to sell items ridiculously cheaply to justify the risk the players are taking. EVE's dynamic market helps to balance out cost vs reward for players who want to use real money. On the other hand, games that don't do this risk a situation where the deal is too good to miss. With the ethical question gone, it's a careful balancing act.
Or I could be talking out my a**. I'm not an economist. I just play one on TV*.
Out of curiosity, have you ever run a reverse DNS lookup on those IPs? Or is that how you figured out who the outbound connections were attempting to talk to to begin with? Google analytics sounds like SC2 is rendering a web page somewhere, and triggering the javascript. I don't own the game, so I can't check.
This is why per process firewalls are so important. I'm personally using Comodo Free myself. It pains me to admit it, but this is actually one area where Windows is ahead of Linux.
Yes, that's right, Windows is ahead of Linux when it comes to security.
On a more serious note. While that is a good idea, the secure payment system would still need the whole CC. While you can harden a system that only does one thing much more thoroughly, you're putting all the valuable data in one place for the attacker. It's still a good idea though, and companies should something like this.
Here's another thought. While some larger corporations have lax security for no explainable reason, cough Sony cough, many games that are being targeted are small one to ten man operations. Most of the time the companies just don't care. The cost of good security is more than the fine if a data leak does occur. Of those that do, most don't have the expertise, or the money to hire an expert.
Think about your isolated system. You would have to own the box, and have a private network between it and a front end server. A game created by a single person in their spare time is probably going to just rent a server, or go with a cloud provider. That doesn't allow the freedom necessary for good security.
As much as I hate to admit it, the best option might be outsourcing. Put all the responsibility on a 3rd party. This is done by using Amazon Payments, Google Wallet, or PayPal. It's not the best solution, but it does avoid the liability of keeping customer CC numbers on file.
May people, and courts have said that exact same thing. That driving is a privilege. The problem with that notion, is that it directly implies that living where you want is a privilege, not a right.
Something happened, so you lost your license. Too bad. Sell that house in the suburbs now and move to somewhere close to work. Oh, you mean work is in an industrial area where there are no apartments or houses. Well then, I guess you'd better start looking for a new job and a new house.
Seriously, it's disgusting. The fact that US police specifically make this point on ads just makes it worse.
Now having a license with self driving cars is a privilege, not a right. If courts and MADD* recognized that fact, these things would be everywhere within two years.
*Mothers Against Drunk Driving (I'm against drunk driving, but the adds and the unreasonable traffic stops they advocate just piss me off.)
The problem comes from two things. First, politicians equating slower speeds and safety. At least that's what they say. The second is speeding tickets are a huge revenue generator.
I see two different phenomena when driving. First is the small town with a 4 lane highway nearby. The highway goes from 65mph to 40mph with no hazards, like stoplights, but with speed cameras to make money. The second is cities with 45mph speed limit where everyone is going 70mph. A car going 45 is a hazard and is likely to be rear ended. Combine that with the recent news that politicians in some US states have special tags that mean they will never be ticketed, and you begin to see the problem.
Americans, and people in other parts of the world don't respect speed limits. They don't mean anything, and are just another bullshit law that needs to be followed. Everyone knows that the politicians talking about safety are really only talking about making more money.
I understand. I just chose a post that seemed to be related to write my little rant.
I'm not assuming supply and demand are equal. What I am saying is that the current method of choosing which get executed, and which get delayed is stupid and non deterministic. It's first come, first served, which results in companies paying millions of dollars to shave off 1/10 millisecond worth of latency. That number is for example use only, If you want a real number, Google it.
Let me give an example for a single tick.
Start of Tick. 1. The servers take all new buy and sell orders and process them. *Each buy and sell order is compared against both the new ones, and the old ones in the database. *Whenever a buy/sell match is detected a transaction takes place. **When this happens the relevant buy/sell orders are removed from the database and the list of new orders. ***********See bottom for when there are multiple possible matches. 2. The new orders (minus any removed) are entered into the database. 3. The new orders (minus any removed) are sent to all parties. End Of tick.
When there are multiple possible transactions there are a few things to keep in mind. 1. The seller wants the most money per item. 2. The buyer wants to pay the least money per item. 3. Buyers and sellers are working off knowledge of what was in the database of the last tick. They might not even know about this better deal that happened this tick. 4. Some orders are large, and some are small.
There are multiple ways of resolving this, including my earlier notion of bidding for a higher priority. I'm not going to say what's better. What I am going to say is fist come first served has resulted in some really stupid things.
One more thing:
Currently, buyers and sellers set a publicly available buy/sell amount. They also set a private amount with a minimum/maximum buy/sell price. The trick is HFTs constantly create and then cancel transactions to find these minimum and maximum amounts. I wouldn't be surprised if most brokerage services do this as well. To get rid of all this nonsense, I am against allowing transactions to be canceled. You'll see my proposed model doesn't even allow it. I am also for one publicly available number. This half-assed hiding does nothing but add complexity, and invite people to cheat the system.
Hope you enjoyed the dump. I'm not fully informed of how the system fully works, but on the other hand there are probably only a handful of people who really do. I wonder how old the codebase really is.
As things are now, they're supposed to be first come, first served. That's why all the HFTs pay mega bucks to be collocated in the same datacenter as the exchanges. This means any hickups affect the order that things are processed. It's non-deterministic by design.
It makes much more since to run on a tick. All transactions would processed once every second. You still need some sort of ordering, but it would allow for many things to happen. Including realtime offsite backups, and moving the servers without everyone screaming bloody murder.
Think about it, the stock exchanges can't be in more than one data center because otherwise the HFTs would freak. It's just too non deterministic to even have a failover location.
They could even have a bidding war for transaction priority. Instead of HFTs paying for microwave links, they could just straight up bid to have their transactions processed first in the queue.
Agreed. I would love it if my drivers license was a smart card. Provided that it's initialized properly so the private key never leaves the card. The corporation could then act as a gpg keyserver. If everyone had easy to use public key cryptography, I'd call that a win.
For people who keep talking about all businesses requiring it, have you looked at how the US does SSN. For non US readers, every American citizen is assigned a number at birth, or trying to work, etc.... Congress practically shouted that this number was not to be used for anything else. Take a guess how well that worked out. Identity theft in the US basically boils down to knowing someones name and SSN. The problem is EVERYONE NEEDS YOUR SSN. Hell, a Social Security card can be used in conjunction with a drivers license to prove US citizenship. I kid you not, since most people in the US don't have passports that's what they use. The card just has a name and a number on it. It never expires. Hell, because it's normally issued at birth there isn't even a photo.
Now, back on topic. There are quite a few ways for this electronic ID to go bad. The most obvious is if the government or corporation has copies of the private keys. If so, then the system is useless. Another is if the government logged every authentication request. That's pretty easy for them to do.
The EU is already considering requiring all companies to only use servers that comply with EU privacy regs. The US doesn't. That alone accounts for quite a bit of lost business. I'm pretty sure that in the face of, "Don't use US servers or we'll seize all your assets," that companies will reconsider the, "not an option."
Many older 32 bit programs come with a 16 bit installer. Back when 64 bit systems were the hot new thing this caused quite a few problems. You had to either find an extraction utility and do manual installation/registry edits, or you had to install it on a 32 bit machine with something to see what changed, and bundle those changes into a new installer.
Of course, Windows XP x64 didn't help there. It was just like XP, except almost no one provided drivers for it, and you had to disable code signing to install half of the drivers you could find. I had less driver issues with Linux on the same hardware. I wonder if anyone's still masochistic enough to be running that.
Cable companies should be scared of cord cutters, and anything that makes cord cutting easier. The article even talks about how significant, though still probably small, number of people are aware of and can use other options to get their shows. If Aereo ever put out a Roku app there would be barely any difference between them and a netflix like dvr.
On the other hand, I do not understand why broadcasters are freaking out. Even if Aereo does provide a DVR, it's not a fancy one like the Dish Auto Hopper. People still want to watch live TV, and when they do that it's more likely for them to see the adds. I would consider reaching a greater audience to be a good thing.
If Aereo ever stops region locking I will probably sign my parents up for the service. Their is no reason to pay a fortune just to watch the news and a few other things.
That's a good idea. The problem is implementation cost. Aereo has a dedicated antenna and DVR per customer. This is because it's illegal to make more than one copy of the signal received. They also play other fun technical/legal games to make sure they stay on the correct side of the law. Even then they're being sued by almost everyone.
Cable companies hate the idea of Aereo. The service is a cord cutter's dream. Many local TV stations don't do online streaming. If all someone wanted to watch was the news and a few popular channels that person could use Aereo instead of spending $100/month on cable. Add to that the broadcasters irrational fear of losing control. Then remember that more and more cable companies own or are owned by broadcasters.
Setting up an Aereo like service would work, but it would be expensive. It would also lend legitimacy to a company that the cable corps are trying to shut down. Worse still, it would give users a taste of cord cutting. All Aereo would have to do is come out with a set top box, and the cable companies would be completely outclassed.
For the purposes of the National Firearms Act the term Machinegun means:
Any weapon which shoots, is designed to shoot, or can be readily restored to shoot, automatically more than one shot without manual reloading, by a single function of the trigger
The frame or receiver of any such weapon
Any part designed and intended solely and exclusively or combination of parts designed and intended for use in converting a weapon into a machinegun, or
Any combination of parts from which a machinegun can be assembled if such parts are in the possession or under the control of a person."
This clearly falls under the the first point.
Ehh, who needs mod points.
By that definition, then nerf and airsoft machine guns are illegal. Clearly you're missing something. Either that, or the US laws really are that bad, and the only reason why everyone is not in jail is because of selective enforcement.
For those who don't realize it, selective enforcement means the government and police can throw anyone they dislike in jail. It's a major enabler of tyranny.
Slashdot Mirror
and?
It's perfectly possible to send E-Mail using SSL between servers. Google even prefers to do this. Use an HTTPS site as an E-Mail portal, and it won't matter if the communication is going through the US.
Unless the NSA has a copy of the site's key or has broken SSL crypto, they can log all the trafic they want. With perfect forward secrecy they can get the key latter, and still not know what's being said.
Note: I'm simplifying how SSL works for the sake of convenience.
That's true. While the US is getting a ton of flac from every direction, those of us in the US are primarily worried about domestic spying. Anything outside the US is their jurisdiction by law. On the other hand, there are valid reasons for India to do what they are doing.
The two things India is trying to do are send a message and secure their communications. The message part is pretty obvious, but the security part is still there. They know that the NSA has access to Gmail. Anything home grown might have plenty of backdoors, but it should at least make the NSA work for it. Maybe not very hard, but at least harder than a National Security Letter written on a postit note. After all, you'd think that vacuuming up the entire E-Mail database might leave some kind of trail.
At this point I'd make a comment about Indian IT, but I've seen some good people from there. It's just like China, I've worked with someone who knew nothing, and I've worked with people who are amazing. The trick is most companies hire cheap, and that goes double for outsourcing companies. Here's hoping that the Indian government doesn't go that route. If they do, they will at least be able to understand their workers, but the quality will be as bad as a typical US contractor.
The problem is that the agency responsible for all that shouldn't be the same agency looking at US citizens.
That's not a moral, or even constitutional issue. It's a management one.
Go through all this data to do any of the things you refer to above are specific tasks. Things no one has a problem with. The problem comes when the NSA has information overload because every AT&T office in the middle of no where has a tap on it. I hope that last statement was just hyperbole, but you get my point.
Terrorism is such a nebulous term in the hands of bureaucrats and politicians. It's being used to justify huge amounts of departmental overreach. I want the NSA to watch Russia, and Iran, and North Korea. What I don't want is for them to watch everyone at home. Doing so makes as much institutional sense as replacing policemen with soldiers.
The fun thing is that 3/4 of the issues we're currently dealing with in fission are also a problem for fusion.
While fusion reactors don't have radioactive fuel.... Wait... Any fusion reactor we use in the near to mid future will be Tritium (H3) based. Tritium is radioactive. A large cost of servicing and decommissioning a fission reactor is radiation making the containment vessel, and coolant radioactive. Fusion reactors have the same problem.
In a 4th gen pebble bed reactor you have fuel that is individually contained in tennis ball sized capsules. Though, dust is a major issue with this design. With a toroid type fusion reactor you have huge amounts of plasma hotter than the sun being held in place by magnets that need to be the same temperature as liquid nitrogen. Guess what happens when the two have an accident. The first shuts down cleanly, though some radioactive dust may escape. The second goes up in a giant radioactive fireball.
I honestly don't get people claiming fusion is the end all be all answer to Earths energy problems. I'm all for the research, but that's because I see it as a better option for space based power, like ramscoop powered transtellars. I think it's because when the eco nuts and talk about fusion they mean "cold fusion." An idea that's about as realistic as a perpetual motion machine.
You forgot the part where only two companies entered. Sure it's a race, but it's not much of one.
*-- Rich handicapped people buying time on poor people's bodies.
*-- Rich people buying time on poor people's bodies, in order to do criminal things.
They made a movie about that, except that it was "Rich people buying time on peoples bodies to do whatever the hell they wanted," and "Rich people buying time on death row inmate's bodies to make them kill each other."
Gamer
It still has some major plot holes that need to be overlooked, but I thought it was a decent sci-fi action flic.
An interesting Idea. This is exactly how fraternities handle things when they have to pull an individual chapter's charter.
Of course, there are major differences between the largest spy agency in the world, and an organization of college age men. The largest being that (good) fraternities have a national organization that monitors them, and is both capable and willing to preform such drastic action is necessary. Meanwhile, it looks like congress does nothing but talk.
This should only be a last resort though, especially since the contractors and employees would most likely just go to another part of the US government that does something similar. Every branch of the US military has it's own Cyber Command, and pretends to be in charge of "cyberwar." It's a giant bureaucratic power struggle, and just removing the NSA isn't necessarily going to make things better.
I would recommend repurposing the favorite method of censors, and copyright control freaks. Third party liability. Repeal the telco's spying immunity, and watch the lawsuits fly. You didn't need to be a tin foil hat conspiracy theorist to know that this kind of monitoring was going on. Not after the Room 641A debacle.
Considering it's Saturday, I'd agree.
Not everyone lives in the same time zone as you do.
Like to feed trolls? Check out 4chan.*
*I am so not responsible if you're dumb enough to follow that link.
Don't hate on DARPA. However much you might dislike the USA or it's military, DARPA does a bunch of cool stuff. Quite a bit of which has nothing to do with weapons.
In this case they want a robot that can go into areas with biological, chemical, or nuclear hazards and preform as well as a Human can. The Fukishima nuclear incident (or disaster if you prefer) showed why current robots suck. Imagine if one of these things was able to activate a pressure release valve. Even with some radioactive release, they could have avoided the hydrogen explosion.
Oh, if you feel like bashing the US Government, then I'll go ahead and feed you. The keyword is "safety." According to politicians, no freedom, no cost* is too much. Everything is for a safer world.
*All costs are billed to the US tax payer. Major campaign contributors should set up a meeting to discuss tax brakes to avoid these costs. Some "Truth Enhancement" may or may not be used. Read the full thousand page bill for details.
Glad to help.
The reason why I think may of the wrappers will work is just because they aren't commonly used. Right now people can go pay for an OpenVPN service and download an installer that will do all the work for them. Like tor, OpenVPN is a big target.
The only other thing I can think of is ping times.* It might not look like it, but HTTP is horribly latency sensitive. After every web page is loaded, all the images and javascript are downloaded. Repeat for about a dozen times because javascript is horrible. So, try noscript, it might speed up your browsing. It certainly will make quite a few web pages less annoying.
*Once again, you probably already know this. Keep assuming that I'm just ranting for the noobs. We all were naive at some point. Then some helpful soul points us to TV Tropes or 4chan.
Some more info would be appreciated. So, here's the basics of a few things you can do to make sure it really is the network*. First use iperf on the client and server. Test it on both the tunnel interface and the WAN interface. Second, use top via a separate ssh session. Make sure OpenVPN isn't eating all your CPU or memory. Lastly, what provider are you using? Lately the default Debian build that Edis.at gave me needs an ifconfig up/down every other day.
I've had a similar problem when using my own VPS as an HTTP proxy via OpenVPN. It turned out, the proxy application was crap. Allowing the machine to route packets and using it as a default gateway for all traffic fixed the problem, or at least worked around it.
Now. If it really is blocking, there are a couple of ways around it. The more complicated ones involve using some other VPN application. When dealing with more than one client, that rapidly becomes annoying. A simple one is using an SSH connection as a SOCKS proxy for your browser. It's not elegant, but it works. Another way is to mask your OpenVPN connection by encapsulating the UDP or TCP packets. Once again, SSH port forwarding works, but that's a TCP solution. socat was designed to do things like that, so it seems like a good choice. Finally, there's Ping Tunnel. It embeds traffic in ICMP packets.
Whoever is throttling you might detect one or more of these, but they're probably using some sort of signature based detection. Just about anything that requires a command line should get through.
Remember, since you are technically savvy enough to roll your own, you are the one percent. Good luck, and please let us know how it goes.
*I know you're probably familiar with all of these things. Just assume that I put this section here for those who aren't.
Sounds like an excellent way to launder money, as well. Virtual goods with no real inventory....
Not so much. It's easy to buy the things from the company, but as soon as you try to sell them it becomes "Real Money Trading." Game companies have always tried to stop RTM. Traditional games at least have a valid reason for this. RTM encourages criminals to use bot farming. Meanwhile, games with micro transactions don't like it because it's a secondhand market eating into there profits.
The ethics of RTM are actually quite interesting. For any game where you can buy something in game with real money, it's hard to see the problem. Secondhand markets are good for a variety of reasons that I'm not going to get into here. Suffice it to say that morally there's no difference between RTM in a game with micro transactions and buying used games. In both cases, the main thing stopping people is company policy. It'll be interesting to see how the European Courts decisions involving selling licenses applies to things like this.
The most interesting example to me is EVE Online. They were a traditional game trying to find a solution to bot farming. Their solution was nontraditional in the extreme, especially since they did it before pay to play was a thing. I say that, but it really is just a different pay to play system. What they did is allowed players to use game time as an in game item. Players can then sell this item for in game money. This solves the need some players have by providing a pay to play system. EVE balances this by having item destruction as a core game mechanic, and requiring players to level up skills to use more advanced items.
All the systems I've mentioned try to reduce demand to the point where a bot farmer would have to sell items ridiculously cheaply to justify the risk the players are taking. EVE's dynamic market helps to balance out cost vs reward for players who want to use real money. On the other hand, games that don't do this risk a situation where the deal is too good to miss. With the ethical question gone, it's a careful balancing act.
Or I could be talking out my a**. I'm not an economist. I just play one on TV*.
*Not really a TV actor.
Out of curiosity, have you ever run a reverse DNS lookup on those IPs? Or is that how you figured out who the outbound connections were attempting to talk to to begin with? Google analytics sounds like SC2 is rendering a web page somewhere, and triggering the javascript. I don't own the game, so I can't check.
This is why per process firewalls are so important. I'm personally using Comodo Free myself. It pains me to admit it, but this is actually one area where Windows is ahead of Linux.
Yes, that's right, Windows is ahead of Linux when it comes to security.
We need to fix this.
That would be too easy. It'll never work.
On a more serious note. While that is a good idea, the secure payment system would still need the whole CC. While you can harden a system that only does one thing much more thoroughly, you're putting all the valuable data in one place for the attacker. It's still a good idea though, and companies should something like this.
Here's another thought. While some larger corporations have lax security for no explainable reason, cough Sony cough, many games that are being targeted are small one to ten man operations. Most of the time the companies just don't care. The cost of good security is more than the fine if a data leak does occur. Of those that do, most don't have the expertise, or the money to hire an expert.
Think about your isolated system. You would have to own the box, and have a private network between it and a front end server. A game created by a single person in their spare time is probably going to just rent a server, or go with a cloud provider. That doesn't allow the freedom necessary for good security.
As much as I hate to admit it, the best option might be outsourcing. Put all the responsibility on a 3rd party. This is done by using Amazon Payments, Google Wallet, or PayPal. It's not the best solution, but it does avoid the liability of keeping customer CC numbers on file.
May people, and courts have said that exact same thing. That driving is a privilege. The problem with that notion, is that it directly implies that living where you want is a privilege, not a right.
Something happened, so you lost your license. Too bad. Sell that house in the suburbs now and move to somewhere close to work. Oh, you mean work is in an industrial area where there are no apartments or houses. Well then, I guess you'd better start looking for a new job and a new house.
Seriously, it's disgusting. The fact that US police specifically make this point on ads just makes it worse.
Now having a license with self driving cars is a privilege, not a right. If courts and MADD* recognized that fact, these things would be everywhere within two years.
*Mothers Against Drunk Driving (I'm against drunk driving, but the adds and the unreasonable traffic stops they advocate just piss me off.)
The problem comes from two things. First, politicians equating slower speeds and safety. At least that's what they say. The second is speeding tickets are a huge revenue generator.
I see two different phenomena when driving. First is the small town with a 4 lane highway nearby. The highway goes from 65mph to 40mph with no hazards, like stoplights, but with speed cameras to make money. The second is cities with 45mph speed limit where everyone is going 70mph. A car going 45 is a hazard and is likely to be rear ended. Combine that with the recent news that politicians in some US states have special tags that mean they will never be ticketed, and you begin to see the problem.
Americans, and people in other parts of the world don't respect speed limits. They don't mean anything, and are just another bullshit law that needs to be followed. Everyone knows that the politicians talking about safety are really only talking about making more money.
You win all the US internets for today.
Now please assume the party escort submission position. The GlaDos (definitely not the NSA) is warming up the.... I mean is baking you a cake.
I understand. I just chose a post that seemed to be related to write my little rant.
I'm not assuming supply and demand are equal. What I am saying is that the current method of choosing which get executed, and which get delayed is stupid and non deterministic. It's first come, first served, which results in companies paying millions of dollars to shave off 1/10 millisecond worth of latency. That number is for example use only, If you want a real number, Google it.
Let me give an example for a single tick.
Start of Tick.
1. The servers take all new buy and sell orders and process them.
*Each buy and sell order is compared against both the new ones, and the old ones in the database.
*Whenever a buy/sell match is detected a transaction takes place.
**When this happens the relevant buy/sell orders are removed from the database and the list of new orders.
***********See bottom for when there are multiple possible matches.
2. The new orders (minus any removed) are entered into the database.
3. The new orders (minus any removed) are sent to all parties.
End Of tick.
When there are multiple possible transactions there are a few things to keep in mind.
1. The seller wants the most money per item.
2. The buyer wants to pay the least money per item.
3. Buyers and sellers are working off knowledge of what was in the database of the last tick. They might not even know about this better deal that happened this tick.
4. Some orders are large, and some are small.
There are multiple ways of resolving this, including my earlier notion of bidding for a higher priority. I'm not going to say what's better. What I am going to say is fist come first served has resulted in some really stupid things.
One more thing:
Currently, buyers and sellers set a publicly available buy/sell amount. They also set a private amount with a minimum/maximum buy/sell price. The trick is HFTs constantly create and then cancel transactions to find these minimum and maximum amounts. I wouldn't be surprised if most brokerage services do this as well. To get rid of all this nonsense, I am against allowing transactions to be canceled. You'll see my proposed model doesn't even allow it. I am also for one publicly available number. This half-assed hiding does nothing but add complexity, and invite people to cheat the system.
Hope you enjoyed the dump. I'm not fully informed of how the system fully works, but on the other hand there are probably only a handful of people who really do. I wonder how old the codebase really is.
I just wish the market operated on a tick.
As things are now, they're supposed to be first come, first served. That's why all the HFTs pay mega bucks to be collocated in the same datacenter as the exchanges. This means any hickups affect the order that things are processed. It's non-deterministic by design.
It makes much more since to run on a tick. All transactions would processed once every second. You still need some sort of ordering, but it would allow for many things to happen. Including realtime offsite backups, and moving the servers without everyone screaming bloody murder.
Think about it, the stock exchanges can't be in more than one data center because otherwise the HFTs would freak. It's just too non deterministic to even have a failover location.
They could even have a bidding war for transaction priority. Instead of HFTs paying for microwave links, they could just straight up bid to have their transactions processed first in the queue.
Agreed. I would love it if my drivers license was a smart card. Provided that it's initialized properly so the private key never leaves the card. The corporation could then act as a gpg keyserver. If everyone had easy to use public key cryptography, I'd call that a win.
For people who keep talking about all businesses requiring it, have you looked at how the US does SSN. For non US readers, every American citizen is assigned a number at birth, or trying to work, etc.... Congress practically shouted that this number was not to be used for anything else. Take a guess how well that worked out. Identity theft in the US basically boils down to knowing someones name and SSN. The problem is EVERYONE NEEDS YOUR SSN. Hell, a Social Security card can be used in conjunction with a drivers license to prove US citizenship. I kid you not, since most people in the US don't have passports that's what they use. The card just has a name and a number on it. It never expires. Hell, because it's normally issued at birth there isn't even a photo.
Now, back on topic. There are quite a few ways for this electronic ID to go bad. The most obvious is if the government or corporation has copies of the private keys. If so, then the system is useless. Another is if the government logged every authentication request. That's pretty easy for them to do.
The EU is already considering requiring all companies to only use servers that comply with EU privacy regs. The US doesn't. That alone accounts for quite a bit of lost business. I'm pretty sure that in the face of, "Don't use US servers or we'll seize all your assets," that companies will reconsider the, "not an option."
Many older 32 bit programs come with a 16 bit installer. Back when 64 bit systems were the hot new thing this caused quite a few problems. You had to either find an extraction utility and do manual installation/registry edits, or you had to install it on a 32 bit machine with something to see what changed, and bundle those changes into a new installer.
Of course, Windows XP x64 didn't help there. It was just like XP, except almost no one provided drivers for it, and you had to disable code signing to install half of the drivers you could find. I had less driver issues with Linux on the same hardware. I wonder if anyone's still masochistic enough to be running that.
The whole situation is weird.
Cable companies should be scared of cord cutters, and anything that makes cord cutting easier. The article even talks about how significant, though still probably small, number of people are aware of and can use other options to get their shows. If Aereo ever put out a Roku app there would be barely any difference between them and a netflix like dvr.
On the other hand, I do not understand why broadcasters are freaking out. Even if Aereo does provide a DVR, it's not a fancy one like the Dish Auto Hopper. People still want to watch live TV, and when they do that it's more likely for them to see the adds. I would consider reaching a greater audience to be a good thing.
If Aereo ever stops region locking I will probably sign my parents up for the service. Their is no reason to pay a fortune just to watch the news and a few other things.
Ehh, who needs mod points.
That's a good idea. The problem is implementation cost. Aereo has a dedicated antenna and DVR per customer. This is because it's illegal to make more than one copy of the signal received. They also play other fun technical/legal games to make sure they stay on the correct side of the law. Even then they're being sued by almost everyone.
Cable companies hate the idea of Aereo. The service is a cord cutter's dream. Many local TV stations don't do online streaming. If all someone wanted to watch was the news and a few popular channels that person could use Aereo instead of spending $100/month on cable. Add to that the broadcasters irrational fear of losing control. Then remember that more and more cable companies own or are owned by broadcasters.
Setting up an Aereo like service would work, but it would be expensive. It would also lend legitimacy to a company that the cable corps are trying to shut down. Worse still, it would give users a taste of cord cutting. All Aereo would have to do is come out with a set top box, and the cable companies would be completely outclassed.
Yes it is.
This clearly falls under the the first point.
Ehh, who needs mod points.
By that definition, then nerf and airsoft machine guns are illegal. Clearly you're missing something. Either that, or the US laws really are that bad, and the only reason why everyone is not in jail is because of selective enforcement.
For those who don't realize it, selective enforcement means the government and police can throw anyone they dislike in jail. It's a major enabler of tyranny.