Fable II's combat system was, I think, the perfect mix. The skill complexity was a bit shallow for a good, deep MMO, but it required "twitch" skills that were easy enough that you didn't have to have the reflexes of a 12 year old FPS prodigy to be very good. Leveling up your skills also significantly increased your combat ability, as well as allowed you to use new combinations that increased your combat potential even further. The result was that combat was not hard, but it was very immersive and FUN.
For example, someone with maxed out range abilities and a decent pistol could kill most any mob in the game without too much trouble. However, if you learned how to do the pistol combo attacks, that same skillset would let you clean the clocks of very large groups of the same mobs. This was a good thing, because while most areas you'd be fine in, there were some where a number of powerful mobs would come at you at once, and being able to take them on requires some skill.
And as for re-implementing it, I wonder what the GPL says, as anyone who's worked with the code in question is effectively contaminated.
If they re-wrote it, using the GPL'd code as a guidline or reference but did not copy anything directly from it, then the only thing that can prevent them from doing so is a patent. Copyright only applies when you are copying a work, not when you are creating a similar but different work. The GPL can only contaminate your work if you copy sections from GPL'd code symbol for symbol (either via the super easy copy/paste or by the more tedious hand copying). Copying and making changes are probably not sufficient.
IANAL, but my conclusion is pretty obvious, since if your suggestion were true not only would fair use be out the window, put there would only ever be one legal producer of any particulare IDEA. That shit would be insane. "He stole my idea" would be the basis for criminal (or perhaps only civil) action instead of just the whining that it is currently.
That's also one of the big risks for open sourced software, though it is a surprisingly smaller problem than you would think it would be. If what you figured out how to do was brilliant, significantly less brilliant people can re-create your accomplishment because you made your work freely available for them to follow.
The title/summary are not necessarilly incorrect, just ambiguous. English can do that, and if you aren't paying attention your meaning can be taken in a way other than you intended.
In this case, there are a few ways to read "German Health Insurance Card CA":
1.) The Health Insurance Card CA of German origin 2.) The CA for the German Health Insurance Card 3.) The Card CA for German Health Insurance 4.) The Insurance Card CA for German Health
Obviously they aren't saying 3 or 4, those work gramatically but don't make a lot of sense in the context of health insurance and certificate authorities. 1 and 2 though, work pretty well either way. They should have used the unambiguous form, obviously with a small amount of research we can see that 2 is the correct meaning, but a number of people will read the sentance to mean 1 instead, as you did.
It's poor writing, not an attack or attempt to slight Germans. Remember the old saying: Never ascribe to malice what can be explained by incompetance.
Lastly, while it was the CA's responsibility to ensure they have backups and the like, it is the client company's responsibility to ensure they can maintain their business. If the health insurance company never asked for or verified a disaster recovery plan, it's their ass that is in hot water if they cannot provide service.
Make no mistake, they WILL lose business over this, even if the failure isn't directly their fault.
Have you ever been to a 7-11 in Seattle? My buddy and I stopped in to about 4 or 5 7-11's looking for directions (we were just passing through and very unfamiliar with Seattle). The very first 7-11 we stopped at I was like "Holy shit, no way!" it was an Indian immigrant at the counter, barely spoke english, naturally didn't know jack about where anything was. So we drove and found another. It was being run by another Indian who also didn't know jack about the town (we were looking for a Walmart, apparently there was one a couple miles away, but we kept missing it). By the third 7-11 with an Indian who didn't know jack about the town it became a combination of realizing that sometimes the stereotype is not an exaggeration by any stretch and wondering how the hell they get by on a gas station attendant's salary without knowing where frickin walmart is. When we saw that the fourth 7-11 was also being run by an Indian, we decided to forget it and just head out of town. We managed to find a Walmart off the highway after not too long.
Here I thought it was just an over-exageration because the only 7-11 near where I live is run by hippies, oddly enough. Turns out the stereotype came about because it can be very, very true.
If people at your office can be trusted, you don't really take a huge risk by having a postit with the password.
Ahh, I see, so you hang out with the housekeeping staff and fully trust them too. You know, the ones who do the shitty job, are thoroughly underpaid but are easily smart enough to realize that somebody "out there" might find confidential information on your system very, very valuable? Same with the building owners your company leases to, right? You know, 16+ gig flash drives are very cheap and hold a lot of confidential information. Hell, if they're a little more technical than that they'll find a trojan on the internet and give themselves full access to your systems. There are plenty of IRC chat rooms with people willing to give you step by step advice to set it all up, especially if you're willing to share.
It's also suicidal to assume you know that nobody in your office would ever use your passwords to access your system, no matter how much you trust them. There are a lot of people who aren't as nice as you think they are, and there are even more situations that would sorely tempt even decent people to do not so decent things.
You can make systems invulnerable to brute-force attacks without making them vulnerable to social engineering. IT security demands balancing BOTH issues. As others have mentioned, 10 days to crack a password may as well be 100 years in most situations, especially when social engineering or security systems so complicated they force bad habits on the users can get you the password in minutes.
As an example, I worked helpdesk for an Army Guard armory with very strict security - they used biometrically locked smart cards with a 6 digit pin that had to be changed if it were ever locked out. There was also a password requirement should your smart card be locked out that would allow you access to your system, but it required 12 digits, 2 upper, 2 lower, 2 numbers and 2 special characters, it had to be changed every 90 days, and you couldn't use the last 20 passwords. The result? You could walk down the halway at any given time of day and find at least one or two offices with the smart card in the computer, a sticky note with the current pin on the monitor, and the user nowhere to be found.
Sure, the smart card system and password were essentially unbreakable, but they didn't need to be. Smart card resets, password resets, and sticky notes with passwords and pins were so common it was easilly the least secure system I've ever had the privilage of working with. It also severely hampered productivity.
That's because you have a shitty security analyst who doesn't actually care about keeping data safe. That's hardly a person you want in charge of your security, though often that's the way things end up.
Because zip encryption is incredibly weak and easy to crack? Seriously, it's the recommended jumping off point by many in order to learn how password cracking works.
Both of which are less than 57 billion possibilities. That would take about an hour to run through every possibility for a P4 computer, which means you are probably cracked in a half hour to 45 minutes or less on newer hardware. Compare that with simply requiring non-dictionary words, with numbers and symbols available for use, and the time to crack doubles.
Bump the requirement up to 7 digits and no dictionary words, and it now takes almost a week for the same system to crack the password. Move to 40 digit+ passphrases and there is currently no system in the world that can even come close to brute forcing it.
If a "no dictionary words" policy is in place (and usually it is in these cases) then users typically do letter-substitution. I becomes 1 or !, a becomes @, o becomes 0, etc.
They still need a mnemonic to remember it, so it generally becomes an altered dictionary word. That's decent.
I think most people have the ability to come up with at least 8-char passwords...
That's a big assumption, and in my experience it is completely wrong. Anyone not somewhat numbers inclined has a very hard time coming up with a combination of numbers, letters, and symbols in 6 characters that they can remember. More characters just makes it worse. Throw in a password change policy every few months and a "can't use any of the last 20 passwords" and the fact that the average user is not very numbers-inclined and most people are seriously fucked.
Programmers, engineers, accountants, IT folks, that type of technical or numbers-heavy user is generally fine. But that's a pretty small subset of the total population. Most people hate math, don't like numbers, and aren't very good with any sort of cryptography, even the very simple letter substitution used in password creation.
That's true to an extent, however good training and a "no words" policy will provide the maximum amount of potential symbols that have to be run through. The training can be a short, 10 minute lesson on passwords and why it is important to keep them safe that the employees have to run through every couple of months, and the "no words" policy is very easilly implimented at the time of password creation. If your system is good enough to allow special characters like spaces, slashes, and other normally-excluded characters you can create a very hard to crack but easy to remember password policy.
One place I worked did the standard "6-10 characters, upper and lower case, numbers and symbols required" policy, and it was an obvious problem. You had passwords that were either too complicated and short to make any sense, and so were posted on post-it notes on the computers themselves, or you had passwords like 6t^T6t^ which is just shift, t, and 6 in rapid succession and is very very easy to figure out with just a glance at the keyboard while the user is typing it.
Even worse was the smart card policy - 6 numbers, 3 tries, no way to unlock it if you mis-typed it 3 times. You had go to the card office, do a finger-print scan, and come up with a new 6 number pin. Needless to say, cards were often left in the machines with sticky notes on the monitors with the pin on them. They spent hundreds of thousands of dollars on a system that required no technical skill at all to circumvent - even though they used bio-metrics and strict policies. Note that you could log in with either the smart card or the password, and with the constant changes to both they were both often forgotten, and needed a sticky note on the computer or desk to be remembered.
You must always remember that the user is the weakest link in any security system, so you must maximize the user's ability to maintain the security of the system. Being ultra-strict in ways the average user cannot handle will drastically reduce your overall security. If you go far enough, you may as well not even have passwords. You'd be about as secure and get a hell of a lot more work done.
The issue is that Google is now willingly allowing Joe Schmuck, a competitor, to use trademarks to their own benefit. This seems like a pretty obvious infringement issue.
Except for the fact that Joe Schmuck has every right to use his competitor's trademark in any way he sees fit, provided he does not attempt to confuse said trademark with his own product.
Buying the "Rosetta Stone" adword and putting in the add "Professional Language Learning Software" is perfectly legit and legal so long as the add does not imply that the language learning software company you are going to is Rosetta Stone.
If they dress up the web site to look very similar to the Rosetta Stone website, or are using their colors to confuse visitors, or are implying that they are affiliated with Rosetta Stone, they have Trademark Infringement. However, if they are simply saying "try us instead" or "we are better/cheaper/whatever than Rosetta Stone" then it isn't infringement. It's a legitimate use.
Google's policy, as far as I know, does not permit this and if they find out the ad gets pulled, because it is illegal. What Google was doing before was simply making it extremely difficult for infringement to occur by not allowing companies to buy the adwords of trademarks they don't own. That they can now does not mean doing so is automatically trademark infringement. You have to misrepresent yourself as your competitor to infringe trademark, and buying and using a trademarked adword doesn't even come close to doing that by itself.
IANAL, but there are a lot of trademark cases that support this, even one recently involving Google Adwords.
Vs running on running your confidential company communication on MS?
Which the company controls on its own servers, decides exactly who can do what with it, and where the information goes. MS is very, very good at that with their business products.
The only way a real business will change is to read its mail in a newspaper or have it dumped on the net.
Hmmm... MS is so vulnerable, I wonder why you aren't hearing about major companies losing data every day? All you hear about are the retards who do something completely insecure, like leaving a laptop in the back seat of their car, which would result in stolen data no matter WHAT your favorite OS is. Don't kid yourself into thinking that anything is uncrackable if a bad guy has physical position of your computer. If it is uncrackable, it's also unusable. There is no way around that.
Until this generation gets Enigma 'ed or Crypto AG'ed they will blindly trust MS and Google. Who would trust Google with its US gov seed money and NSA backrooms on every US (and friends) ISP pipe Google is connected via? Who would trust MS with decades of closed source bugs?
People trust MS because they have 25+ years of stellar service in the corporate arena. MS doesn't do funny business on their corporate products, they make too much money on them to risk it. All of the MS server products since NT (I honestly have no NT server experience) have been rock solid from day one, and are constantly updated and any bugs delt with in a timely manner. Their desktop products may be questionable, they may BS about bugs and exploits, and the defaults until Vista have been piss poor for security, but their server line is a whole separate ball game. They are bar none the best out there. It seems expensive to pay $15,000 for an OS and the rights to use it, but it becomes cheaper when you consider that it takes a very well built Linux system (which can run you $150,000+ a year for one guy to set up and maintain) to match a standard MS server setup that any numbnuts IT guy can configure well (which may only cost you $60,000 a year to set up and maintain). That's why MS dominates the server market too.
By default *anyone* interested can get in as you turn on a MS product.
By default *anyone* can get into just about anything, that's why we change the defaults. Duh.
MS dominates the server market because they make the best server OS. They dominate the desktop market because that's what people use at work, and it's easier to stick with what you know. Plus it's cheap and easy, as opposed to Macs which are expensive and easy, or Linux which is cheap and hard.
Exchange is easily the most powerful email server on the market. Nothing touches it so far.
Communicator is part of Exchange, it's not separate, you can't use the communicator client without an Exchange server. This means it integrates -very- tightly with Outlook. Sharepoint is separate but integrates tightly with Exchange as well, which allows nice integration into Communicator and Outlook. Live Meeting is tied in with all of them as well, and is becoming a very popular tool.
Gmail and Google Apps are cool, but they don't approach this level of facilitating communication. Microsoft makes things easy to the point that, if the backoffice side is set up properly, the user just says "Oh I just click here? Ok, that's easy".
I work for one of the largest companies in the world (like, top 25-50 big). It is set up on one massive domain trunk (which I think is crazy, but it works), I can access any server in the world from where I am sitting provided I have the right user access, with rather light protections against user installed software, and no restrictions on USB devices, etc. There are heavy user account restrictions and a computer not on the domain will go nowhere fast. We have had exactly one major malware outbreak in the last three years, and the only thing that warranted it as major was that it was very difficult to remove without interrupting service. It was not able to cause any damage at all.
With good IT tools (like active directory and utilities that facilitate automation) and strict MANAGEMENT regarding following IT policies it is trivial to secure and maintain the security of even a massive network involving hundreds of thousands of computers. About 30 people or so set the policies and ensure that they are being followed. This works because we use standard hardware with standard images and solid security templates, we leverage the local desktop support to fix machines that are, for one reason or another, not updating their templates or AV software or what have you, and IT has the authority to remove even a local executive's machine from the network if he refuses to allow them to bring it into compliance. If anything comes of it, the executive could easily find himself moved to a less desirable assignment if he is obviously wrong and refuses to follow policy.
The technical side of things simply requires IT staff that knows what the hell they are doing, and the authority to do what needs to be done. If a company refuses to A.) hire good people and B.) give them the authority to take appropriate action to secure the network, then the network will never be secure. What you are talking about is bad management, and not much more.
That's not to say IT runs things, nor should they, but they need support at the top executive level in order to do the job correctly. If they have to beg lower management to make any little change, then the network will not be secure. If local departments are permitted to buy their own equipment and actually put it on the corporate network, there is no way the network will be secure either. Ever. That's the kind of stuff you need to control to maintain security. Where I work, an unauthorized device could easily get you a visit from the local security guys, who also have the power to terminate your employment if the issue is a severe enough security threat. Nobody puts their own equipment on the network without permission first.
As bad as private bureaucracies are, public bureaucracies are worse, at least in the US. In the US, a government entity gets funding based largely by how much they spent the previous year - and not in a way that incentivises efficiency. When an entity does not spend all of their budgeted money, not only do they not get to use that money in the current year (because they ran out of things to spend it on), that amount usually gets dropped from their budget for the next year! Which means if they don't need the money this year, but may need it next year or the year after, they find bullshit projects to waste the money on until the time comes when they actually need it! They don't even have rollover accounts to save up money in times of excess for when they may need to spend it. It's use it or lose it now and in the future. It incentivises inefficiency
For this reason, the administrative overhead won't drop in the US if the health care system goes completely public like Canada's system, it will only rise. At best it will stay the same. After all, the second part of the equation is all those jobs! We can't lose those, no, everything must stay in place.
A well run government system has the potential to be bar-none the most efficient option. But it never happens, and is oftentimes far less efficient than the private option. What the US seems to be headed for is government funded insurance, which keeps everything bad about the current system - insurance companies and HMOs - and also tacks on the high taxes of public health care.
A friend of mine is fighting an insurance company (Blue Cross, I believe) for her asthma, she came close to dying once, it was extremely difficult to diagnose, but she is significantly healthier now. The insurance company is just refusing to pay some of the bills for BS reasons - like disagreeing with the diagnostic technology used! Judging by the way the US did MediCare, this problem will only get worse - the doctors won't be able to refuse so many customers and stay in business like they can with MediCare. They often refuse to use it since the government won't pay what a procedure costs and it is illegal for someone on MediCare to pay the difference. The new system will probably be that x100.
Many smart cards are dual purpose, and have RFID along with it. I'm actually surprised whenever I come accross an RFID card that is not also a smart card. If you read their descriptions a little closer, you'll notice that they are targeting employees working for companies with just such smart cards. That logo is something any smart card user will recognize. It's also a really really good idea to have something other than just wireless to read the card if you are using it for anything more than a door pass.
and it starts at $30000 a model, ROFLMAO. Thanks, umm , but NO thanks!
He claims 80gb/s route processing. Cisco's 20gb/s ASR1000 starts at $50,000, and it would cost another $45,000 to get it up to 80gb/s. I'm not talking about throughput, I'm talking about the ability to process routes.
Cisco's ASR9000 does terabit level processing, which is what the Caspian project was aimed at, but that one starts at $450,000.
The thing is though, QoS policies are the antithesis of the net neutral / traditional best effort internet.
That's nonsense, QoS is about prioritizing protocols from high time sensitivity to low time sensitivity. I.e. live voice and video are both very highly time sensitive. So much so that it is better to discard a delayed packet than to send it. A jpeg is not.
Net Neutrality is about blocking -access- so you can charge more for certain parts of the web, or throttling competitors service so you can drive customers to your service. Putting something like VOIP at the highest priority and the bittorrent protocol on the lowest priority is still net-neutral. VOIP is highest because it is very very sensitive to delays, but bittorent is set to the lowest priority because delays don't affect the finished product at all. Prioritizing the ISP's own VOIP protocol over their competitor's, or dropping 2 out of 3 bittorrent packets to discourage the use of the protocol, or blocking it altogether at the request of groups like the RIAA, however, are NOT net neutral.
There is a huge difference between Quality of Service and Net Neutrality. They co-exist just fine. What confuses people is the fact that the same techniques used to provide good QoS can be used to break Net Neutrality.
QoS isn't a bad thing, but the user should be in control of it, not the ISP
This statement shows you know fuckall about physical networking.
How is Joe Blow supposed to prioritize his -extremely- time sensitive VOIP packets over Bob Schlob's very non-time sensitive Bittorrent packets if Bob Schlob sets their priority to the same level? Voice needs to have higher priority to function, because the useage is very sensitive to delays. Delay a packet more than a few milliseconds and you might as well drop it because the person on the other end will notice it. You should not drop that bittorrent packet, but delaying it a few milliseconds won't hurt anything.
Low priority does not mean the packet never comes through if there are higher priority packets continuously available. Say the highest priority is 1, and the lowest is 99 (it's often flipped but it works the same way). Live voice traffic would be at the top at 1, live video would be very close to it, with other applications being less and less time sensitive until you hit things like recorded audio and video and bittorrent, which are expected to run for long periods of time, move vast amounts of data, and somebody is waiting until it is nearly finished to do something with it, which would land it in the 99 spot. Each time that 99 priority bittorent packet is skipped over by a voice or any other protocol, it gets bumped up one in priority. That means the -worst- case scenario - floods of high priority traffic constantly moving through the router - the most that bittorrent packet will be skipped is 98 times, by the 99th it goes through. The router also doesn't wait until 98 other packets have gone through to send the 99 priority packet either. If there is a momentary break in the flood and there is nothing else waiting ahead of that 99 priority packet, it gets sent on.
This flow method would be no different, except it could let, say, three more bittorrent packets go at a time instead of just one without causing a significant delay to the high priority traffic. If it does what TFA says it does, then the high priority traffic will move through faster as well, improving the time for the low priority traffic in the process.
QoS should always be in the hands the ISP because they are the only ones who can DO any meaningful QoS. If you have some form of unique protocol that requires a high priority to function, you should make the ISP aware of it and let them know how they can detect it and prioritze it. They can evaluate your needs with the needs of the rest of their customers to determine the priority your protocol should get. That's what Quality of Service is, and it should be kept as far away from the customer's hands as possible, because people like you who don't understand physical networking will fuck it up and service will be piss poor for everyone. At best the user should be able to prioritize the protocols for their own network connection and that's it (and you can, by the way, if you have the right software or router). Anything past that should be handled by the ISP and the ISP only.
What should be illegal is ISPs using filtering and prioritization to kill a competitors service over their network. For example, an ISP should be giving VOIP traffic the highest priority on the network, but they should NOT be allowed to give their own VOIP traffic a higher priority than a competitor's VOIP traffic. HTTP traffic going to certain websites being throttled, with an extra charge to speed up those websites is even worse. That's what Net Neutrality is about - preventing ISPs from using QoS techniques to stifle competition and close up the internet. I fully support that.
I do not support you ruining my internet experience because you don't understand networking or good QoS methodologies.
The pure math argument against all software patents is intillectually dishonest and little more than "information longs to be free" nonsense. Information may want to be free, but it certainly takes effort to produce.
ANY patent is nothing more than a design or an idea put on paper. It is not the physical device you patent, but the design of the device. The only person allowed to use that design to produce a product is the inventor or anybody the inventor gives permission to. What is special about them is they are unique, novel, and produce some useful result of some kind.
Software should not be exempt from this, because the creation of software is a difficult creative process that falls well under the goals of the constitutional patent provisions. We need incentives to produce good software, and said software needs to be well understood in order to be improved upon for the good of society. However, because software is essentially just math for a specific purpose, the only thing really patentable is the method or structure of the math. That structure should be so novel that nobody had thought about doing things that way before.
Software is pure math in the same sense that the design of an automobile is pure math. It is written down in math, in the case of software it is even used via math (i.e. processed through the computer), but the idea behind it is often times NOT math, and the purpose or use of the software is usually NOT pure mathematical in nature. It is often not even related to mathematics. It's the idea, the design, that is patentable.
This should be as true for software as anything else. I think the problem is a lack of understanding of which parts are novel and which parts are the mathematical tools used to perform the work.
Novel methods or processes for any purpose should be patentable, regardless of how simple they are. If nobody else has done it, it should be fair game for a patent. Methods that are the essentially re-iterations of common methods but applied to software or business practices, without anything new and innovative, should not receive a patent. When your patent consists of the software equivalent of pulling trash out of a trash can and walking it to the dumpster, it should be denied. That's the case with the patent in TFA, it was simply a method of collecting data from multiple sites and displaying it in an organized way to the user. There was nothing innovative, it didn't do anything special with the data, it didn't have some new process that nobody has ever thought of to make the whole thing more efficient, it was simply data aggregation applied to financial purposes. It was very non-unique.
You may need to go younger, ever seen a toddler when mommy or daddy tells them "no"? They tend to pitch a fit, and try to break stuff.
These guys may be smart as hell, but they are little more than toddlers who can hack. They are definitely NOT worth paying attention to beyond what is necessary to track them down and put them in jail.
BTW, do you know what happens to guys like these when they get caught? After jail time, they are generally banned from computers. I.e. more jail time if they are caught using one. That's got to be a virtual death sentance for a hacker.
I'm not sure these guys thought this thing through, they are definitely public enough to be traceable. I hope they don't like where they live very much!
The ends don't justify the means. These are people willing to destroy other people's work to make their point, and it is not ethical. These guys have lost all right to take the moral high ground, and their arguments will now and forever be tainted with "Aren't these the guys who hacked Imageshack? Why the hell are we listening to them?"
I'll take script kiddies over assholes like these any day. They may have valid points, but they sure as hell don't have my support, not now anyway. These jackasses are nothing more than little children going around breaking things when things don't go their way.
They deserve to be in jail, not sought out for security advice. What the hell were they thinking?
Only 30% of IT projects succeed in meeting their original goals of time, cost, scope, or quality. In this sense 70% are "failures".
Nobody gets a bad reputation that "fails" if the project meets the needs of the company/client. Projects that fail completely are generally run poorly, and developer's reputations are not tarnished. Frankly, only an idiot would blame the developer unless they did a piss-poor job. But if that were the case, said developer would have been canned from the project and a new developer would be brought in. THAT looks bad. Finishing a project, no matter how rediculous or terrible it seems to you the developer, rarely has a negative impact. Even if a project gets canceled, it is more likely to affect the project manager's reputation or the reputation of whoever initiated the project.
Again, developers who do a poor enough job to be assigned blame for a project - unless it is a company full of asshats - are usually canned and replaced mid-project. If that didn't happen to you, you should not have a problem, and you could even use it to your advantage in your next job interview. Blame for these types of things are generally an internal company sort of thing, they rarely spread outside the company except for a few industries.
Quitting for anything other than ethical reasons or reasons that are completely unrelated to the job itself would probably tarnish your reputation if you brought it up in an interview. In that case, you should just forget it ever happened. It shouldn't come up unless they go digging for it, and they won't be able to get anything negative relating specific to you unless you specifically made the news somehow. In that case, be honest about your role in the project and be honest about what happened. Unless of course it was your fault the whole thing failed.;)
Fable II's combat system was, I think, the perfect mix. The skill complexity was a bit shallow for a good, deep MMO, but it required "twitch" skills that were easy enough that you didn't have to have the reflexes of a 12 year old FPS prodigy to be very good. Leveling up your skills also significantly increased your combat ability, as well as allowed you to use new combinations that increased your combat potential even further. The result was that combat was not hard, but it was very immersive and FUN.
For example, someone with maxed out range abilities and a decent pistol could kill most any mob in the game without too much trouble. However, if you learned how to do the pistol combo attacks, that same skillset would let you clean the clocks of very large groups of the same mobs. This was a good thing, because while most areas you'd be fine in, there were some where a number of powerful mobs would come at you at once, and being able to take them on requires some skill.
And as for re-implementing it, I wonder what the GPL says, as anyone who's worked with the code in question is effectively contaminated.
If they re-wrote it, using the GPL'd code as a guidline or reference but did not copy anything directly from it, then the only thing that can prevent them from doing so is a patent. Copyright only applies when you are copying a work, not when you are creating a similar but different work. The GPL can only contaminate your work if you copy sections from GPL'd code symbol for symbol (either via the super easy copy/paste or by the more tedious hand copying). Copying and making changes are probably not sufficient.
IANAL, but my conclusion is pretty obvious, since if your suggestion were true not only would fair use be out the window, put there would only ever be one legal producer of any particulare IDEA. That shit would be insane. "He stole my idea" would be the basis for criminal (or perhaps only civil) action instead of just the whining that it is currently.
That's also one of the big risks for open sourced software, though it is a surprisingly smaller problem than you would think it would be. If what you figured out how to do was brilliant, significantly less brilliant people can re-create your accomplishment because you made your work freely available for them to follow.
The title/summary are not necessarilly incorrect, just ambiguous. English can do that, and if you aren't paying attention your meaning can be taken in a way other than you intended.
In this case, there are a few ways to read "German Health Insurance Card CA":
1.) The Health Insurance Card CA of German origin
2.) The CA for the German Health Insurance Card
3.) The Card CA for German Health Insurance
4.) The Insurance Card CA for German Health
Obviously they aren't saying 3 or 4, those work gramatically but don't make a lot of sense in the context of health insurance and certificate authorities. 1 and 2 though, work pretty well either way. They should have used the unambiguous form, obviously with a small amount of research we can see that 2 is the correct meaning, but a number of people will read the sentance to mean 1 instead, as you did.
It's poor writing, not an attack or attempt to slight Germans. Remember the old saying: Never ascribe to malice what can be explained by incompetance.
Lastly, while it was the CA's responsibility to ensure they have backups and the like, it is the client company's responsibility to ensure they can maintain their business. If the health insurance company never asked for or verified a disaster recovery plan, it's their ass that is in hot water if they cannot provide service.
Make no mistake, they WILL lose business over this, even if the failure isn't directly their fault.
Have you ever been to a 7-11 in Seattle? My buddy and I stopped in to about 4 or 5 7-11's looking for directions (we were just passing through and very unfamiliar with Seattle). The very first 7-11 we stopped at I was like "Holy shit, no way!" it was an Indian immigrant at the counter, barely spoke english, naturally didn't know jack about where anything was. So we drove and found another. It was being run by another Indian who also didn't know jack about the town (we were looking for a Walmart, apparently there was one a couple miles away, but we kept missing it). By the third 7-11 with an Indian who didn't know jack about the town it became a combination of realizing that sometimes the stereotype is not an exaggeration by any stretch and wondering how the hell they get by on a gas station attendant's salary without knowing where frickin walmart is. When we saw that the fourth 7-11 was also being run by an Indian, we decided to forget it and just head out of town. We managed to find a Walmart off the highway after not too long.
Here I thought it was just an over-exageration because the only 7-11 near where I live is run by hippies, oddly enough. Turns out the stereotype came about because it can be very, very true.
If people at your office can be trusted, you don't really take a huge risk by having a postit with the password.
Ahh, I see, so you hang out with the housekeeping staff and fully trust them too. You know, the ones who do the shitty job, are thoroughly underpaid but are easily smart enough to realize that somebody "out there" might find confidential information on your system very, very valuable? Same with the building owners your company leases to, right? You know, 16+ gig flash drives are very cheap and hold a lot of confidential information. Hell, if they're a little more technical than that they'll find a trojan on the internet and give themselves full access to your systems. There are plenty of IRC chat rooms with people willing to give you step by step advice to set it all up, especially if you're willing to share.
It's also suicidal to assume you know that nobody in your office would ever use your passwords to access your system, no matter how much you trust them. There are a lot of people who aren't as nice as you think they are, and there are even more situations that would sorely tempt even decent people to do not so decent things.
You can make systems invulnerable to brute-force attacks without making them vulnerable to social engineering. IT security demands balancing BOTH issues. As others have mentioned, 10 days to crack a password may as well be 100 years in most situations, especially when social engineering or security systems so complicated they force bad habits on the users can get you the password in minutes.
As an example, I worked helpdesk for an Army Guard armory with very strict security - they used biometrically locked smart cards with a 6 digit pin that had to be changed if it were ever locked out. There was also a password requirement should your smart card be locked out that would allow you access to your system, but it required 12 digits, 2 upper, 2 lower, 2 numbers and 2 special characters, it had to be changed every 90 days, and you couldn't use the last 20 passwords. The result? You could walk down the halway at any given time of day and find at least one or two offices with the smart card in the computer, a sticky note with the current pin on the monitor, and the user nowhere to be found.
Sure, the smart card system and password were essentially unbreakable, but they didn't need to be. Smart card resets, password resets, and sticky notes with passwords and pins were so common it was easilly the least secure system I've ever had the privilage of working with. It also severely hampered productivity.
That's because you have a shitty security analyst who doesn't actually care about keeping data safe. That's hardly a person you want in charge of your security, though often that's the way things end up.
Because zip encryption is incredibly weak and easy to crack? Seriously, it's the recommended jumping off point by many in order to learn how password cracking works.
Well yeah, naturally, you're dead after all.
However, the company will be fine because you always have administrators with the authority to access your stuff should you perish.
Both of which are less than 57 billion possibilities. That would take about an hour to run through every possibility for a P4 computer, which means you are probably cracked in a half hour to 45 minutes or less on newer hardware. Compare that with simply requiring non-dictionary words, with numbers and symbols available for use, and the time to crack doubles.
Bump the requirement up to 7 digits and no dictionary words, and it now takes almost a week for the same system to crack the password. Move to 40 digit+ passphrases and there is currently no system in the world that can even come close to brute forcing it.
If a "no dictionary words" policy is in place (and usually it is in these cases) then users typically do letter-substitution. I becomes 1 or !, a becomes @, o becomes 0, etc.
They still need a mnemonic to remember it, so it generally becomes an altered dictionary word. That's decent.
I think most people have the ability to come up with at least 8-char passwords...
That's a big assumption, and in my experience it is completely wrong. Anyone not somewhat numbers inclined has a very hard time coming up with a combination of numbers, letters, and symbols in 6 characters that they can remember. More characters just makes it worse. Throw in a password change policy every few months and a "can't use any of the last 20 passwords" and the fact that the average user is not very numbers-inclined and most people are seriously fucked.
Programmers, engineers, accountants, IT folks, that type of technical or numbers-heavy user is generally fine. But that's a pretty small subset of the total population. Most people hate math, don't like numbers, and aren't very good with any sort of cryptography, even the very simple letter substitution used in password creation.
That's true to an extent, however good training and a "no words" policy will provide the maximum amount of potential symbols that have to be run through. The training can be a short, 10 minute lesson on passwords and why it is important to keep them safe that the employees have to run through every couple of months, and the "no words" policy is very easilly implimented at the time of password creation. If your system is good enough to allow special characters like spaces, slashes, and other normally-excluded characters you can create a very hard to crack but easy to remember password policy.
One place I worked did the standard "6-10 characters, upper and lower case, numbers and symbols required" policy, and it was an obvious problem. You had passwords that were either too complicated and short to make any sense, and so were posted on post-it notes on the computers themselves, or you had passwords like 6t^T6t^ which is just shift, t, and 6 in rapid succession and is very very easy to figure out with just a glance at the keyboard while the user is typing it.
Even worse was the smart card policy - 6 numbers, 3 tries, no way to unlock it if you mis-typed it 3 times. You had go to the card office, do a finger-print scan, and come up with a new 6 number pin. Needless to say, cards were often left in the machines with sticky notes on the monitors with the pin on them. They spent hundreds of thousands of dollars on a system that required no technical skill at all to circumvent - even though they used bio-metrics and strict policies. Note that you could log in with either the smart card or the password, and with the constant changes to both they were both often forgotten, and needed a sticky note on the computer or desk to be remembered.
You must always remember that the user is the weakest link in any security system, so you must maximize the user's ability to maintain the security of the system. Being ultra-strict in ways the average user cannot handle will drastically reduce your overall security. If you go far enough, you may as well not even have passwords. You'd be about as secure and get a hell of a lot more work done.
The issue is that Google is now willingly allowing Joe Schmuck, a competitor, to use trademarks to their own benefit. This seems like a pretty obvious infringement issue.
Except for the fact that Joe Schmuck has every right to use his competitor's trademark in any way he sees fit, provided he does not attempt to confuse said trademark with his own product.
Buying the "Rosetta Stone" adword and putting in the add "Professional Language Learning Software" is perfectly legit and legal so long as the add does not imply that the language learning software company you are going to is Rosetta Stone.
If they dress up the web site to look very similar to the Rosetta Stone website, or are using their colors to confuse visitors, or are implying that they are affiliated with Rosetta Stone, they have Trademark Infringement. However, if they are simply saying "try us instead" or "we are better/cheaper/whatever than Rosetta Stone" then it isn't infringement. It's a legitimate use.
Google's policy, as far as I know, does not permit this and if they find out the ad gets pulled, because it is illegal. What Google was doing before was simply making it extremely difficult for infringement to occur by not allowing companies to buy the adwords of trademarks they don't own. That they can now does not mean doing so is automatically trademark infringement. You have to misrepresent yourself as your competitor to infringe trademark, and buying and using a trademarked adword doesn't even come close to doing that by itself.
IANAL, but there are a lot of trademark cases that support this, even one recently involving Google Adwords.
Vs running on running your confidential company communication on MS?
Which the company controls on its own servers, decides exactly who can do what with it, and where the information goes. MS is very, very good at that with their business products.
The only way a real business will change is to read its mail in a newspaper or have it dumped on the net.
Hmmm... MS is so vulnerable, I wonder why you aren't hearing about major companies losing data every day? All you hear about are the retards who do something completely insecure, like leaving a laptop in the back seat of their car, which would result in stolen data no matter WHAT your favorite OS is. Don't kid yourself into thinking that anything is uncrackable if a bad guy has physical position of your computer. If it is uncrackable, it's also unusable. There is no way around that.
Until this generation gets Enigma 'ed or Crypto AG'ed they will blindly trust MS and Google.
Who would trust Google with its US gov seed money and NSA backrooms on every US (and friends) ISP pipe Google is connected via?
Who would trust MS with decades of closed source bugs?
People trust MS because they have 25+ years of stellar service in the corporate arena. MS doesn't do funny business on their corporate products, they make too much money on them to risk it. All of the MS server products since NT (I honestly have no NT server experience) have been rock solid from day one, and are constantly updated and any bugs delt with in a timely manner. Their desktop products may be questionable, they may BS about bugs and exploits, and the defaults until Vista have been piss poor for security, but their server line is a whole separate ball game. They are bar none the best out there. It seems expensive to pay $15,000 for an OS and the rights to use it, but it becomes cheaper when you consider that it takes a very well built Linux system (which can run you $150,000+ a year for one guy to set up and maintain) to match a standard MS server setup that any numbnuts IT guy can configure well (which may only cost you $60,000 a year to set up and maintain). That's why MS dominates the server market too.
By default *anyone* interested can get in as you turn on a MS product.
By default *anyone* can get into just about anything, that's why we change the defaults. Duh.
MS dominates the server market because they make the best server OS. They dominate the desktop market because that's what people use at work, and it's easier to stick with what you know. Plus it's cheap and easy, as opposed to Macs which are expensive and easy, or Linux which is cheap and hard.
Exchange is easily the most powerful email server on the market. Nothing touches it so far.
Communicator is part of Exchange, it's not separate, you can't use the communicator client without an Exchange server. This means it integrates -very- tightly with Outlook. Sharepoint is separate but integrates tightly with Exchange as well, which allows nice integration into Communicator and Outlook. Live Meeting is tied in with all of them as well, and is becoming a very popular tool.
Gmail and Google Apps are cool, but they don't approach this level of facilitating communication. Microsoft makes things easy to the point that, if the backoffice side is set up properly, the user just says "Oh I just click here? Ok, that's easy".
Er, bullshit?
I work for one of the largest companies in the world (like, top 25-50 big). It is set up on one massive domain trunk (which I think is crazy, but it works), I can access any server in the world from where I am sitting provided I have the right user access, with rather light protections against user installed software, and no restrictions on USB devices, etc. There are heavy user account restrictions and a computer not on the domain will go nowhere fast. We have had exactly one major malware outbreak in the last three years, and the only thing that warranted it as major was that it was very difficult to remove without interrupting service. It was not able to cause any damage at all.
With good IT tools (like active directory and utilities that facilitate automation) and strict MANAGEMENT regarding following IT policies it is trivial to secure and maintain the security of even a massive network involving hundreds of thousands of computers. About 30 people or so set the policies and ensure that they are being followed. This works because we use standard hardware with standard images and solid security templates, we leverage the local desktop support to fix machines that are, for one reason or another, not updating their templates or AV software or what have you, and IT has the authority to remove even a local executive's machine from the network if he refuses to allow them to bring it into compliance. If anything comes of it, the executive could easily find himself moved to a less desirable assignment if he is obviously wrong and refuses to follow policy.
The technical side of things simply requires IT staff that knows what the hell they are doing, and the authority to do what needs to be done. If a company refuses to A.) hire good people and B.) give them the authority to take appropriate action to secure the network, then the network will never be secure. What you are talking about is bad management, and not much more.
That's not to say IT runs things, nor should they, but they need support at the top executive level in order to do the job correctly. If they have to beg lower management to make any little change, then the network will not be secure. If local departments are permitted to buy their own equipment and actually put it on the corporate network, there is no way the network will be secure either. Ever. That's the kind of stuff you need to control to maintain security. Where I work, an unauthorized device could easily get you a visit from the local security guys, who also have the power to terminate your employment if the issue is a severe enough security threat. Nobody puts their own equipment on the network without permission first.
As bad as private bureaucracies are, public bureaucracies are worse, at least in the US. In the US, a government entity gets funding based largely by how much they spent the previous year - and not in a way that incentivises efficiency. When an entity does not spend all of their budgeted money, not only do they not get to use that money in the current year (because they ran out of things to spend it on), that amount usually gets dropped from their budget for the next year! Which means if they don't need the money this year, but may need it next year or the year after, they find bullshit projects to waste the money on until the time comes when they actually need it! They don't even have rollover accounts to save up money in times of excess for when they may need to spend it. It's use it or lose it now and in the future. It incentivises inefficiency
For this reason, the administrative overhead won't drop in the US if the health care system goes completely public like Canada's system, it will only rise. At best it will stay the same. After all, the second part of the equation is all those jobs! We can't lose those, no, everything must stay in place.
A well run government system has the potential to be bar-none the most efficient option. But it never happens, and is oftentimes far less efficient than the private option. What the US seems to be headed for is government funded insurance, which keeps everything bad about the current system - insurance companies and HMOs - and also tacks on the high taxes of public health care.
A friend of mine is fighting an insurance company (Blue Cross, I believe) for her asthma, she came close to dying once, it was extremely difficult to diagnose, but she is significantly healthier now. The insurance company is just refusing to pay some of the bills for BS reasons - like disagreeing with the diagnostic technology used! Judging by the way the US did MediCare, this problem will only get worse - the doctors won't be able to refuse so many customers and stay in business like they can with MediCare. They often refuse to use it since the government won't pay what a procedure costs and it is illegal for someone on MediCare to pay the difference. The new system will probably be that x100.
It's going to suck.
Many smart cards are dual purpose, and have RFID along with it. I'm actually surprised whenever I come accross an RFID card that is not also a smart card. If you read their descriptions a little closer, you'll notice that they are targeting employees working for companies with just such smart cards. That logo is something any smart card user will recognize. It's also a really really good idea to have something other than just wireless to read the card if you are using it for anything more than a door pass.
See sig.
and it starts at $30000 a model, ROFLMAO. Thanks, umm , but NO thanks!
He claims 80gb/s route processing. Cisco's 20gb/s ASR1000 starts at $50,000, and it would cost another $45,000 to get it up to 80gb/s. I'm not talking about throughput, I'm talking about the ability to process routes.
Cisco's ASR9000 does terabit level processing, which is what the Caspian project was aimed at, but that one starts at $450,000.
The thing is though, QoS policies are the antithesis of the net neutral / traditional best effort internet.
That's nonsense, QoS is about prioritizing protocols from high time sensitivity to low time sensitivity. I.e. live voice and video are both very highly time sensitive. So much so that it is better to discard a delayed packet than to send it. A jpeg is not.
Net Neutrality is about blocking -access- so you can charge more for certain parts of the web, or throttling competitors service so you can drive customers to your service. Putting something like VOIP at the highest priority and the bittorrent protocol on the lowest priority is still net-neutral. VOIP is highest because it is very very sensitive to delays, but bittorent is set to the lowest priority because delays don't affect the finished product at all. Prioritizing the ISP's own VOIP protocol over their competitor's, or dropping 2 out of 3 bittorrent packets to discourage the use of the protocol, or blocking it altogether at the request of groups like the RIAA, however, are NOT net neutral.
There is a huge difference between Quality of Service and Net Neutrality. They co-exist just fine. What confuses people is the fact that the same techniques used to provide good QoS can be used to break Net Neutrality.
QoS isn't a bad thing, but the user should be in control of it, not the ISP
This statement shows you know fuckall about physical networking.
How is Joe Blow supposed to prioritize his -extremely- time sensitive VOIP packets over Bob Schlob's very non-time sensitive Bittorrent packets if Bob Schlob sets their priority to the same level? Voice needs to have higher priority to function, because the useage is very sensitive to delays. Delay a packet more than a few milliseconds and you might as well drop it because the person on the other end will notice it. You should not drop that bittorrent packet, but delaying it a few milliseconds won't hurt anything.
Low priority does not mean the packet never comes through if there are higher priority packets continuously available. Say the highest priority is 1, and the lowest is 99 (it's often flipped but it works the same way). Live voice traffic would be at the top at 1, live video would be very close to it, with other applications being less and less time sensitive until you hit things like recorded audio and video and bittorrent, which are expected to run for long periods of time, move vast amounts of data, and somebody is waiting until it is nearly finished to do something with it, which would land it in the 99 spot. Each time that 99 priority bittorent packet is skipped over by a voice or any other protocol, it gets bumped up one in priority. That means the -worst- case scenario - floods of high priority traffic constantly moving through the router - the most that bittorrent packet will be skipped is 98 times, by the 99th it goes through. The router also doesn't wait until 98 other packets have gone through to send the 99 priority packet either. If there is a momentary break in the flood and there is nothing else waiting ahead of that 99 priority packet, it gets sent on.
This flow method would be no different, except it could let, say, three more bittorrent packets go at a time instead of just one without causing a significant delay to the high priority traffic. If it does what TFA says it does, then the high priority traffic will move through faster as well, improving the time for the low priority traffic in the process.
QoS should always be in the hands the ISP because they are the only ones who can DO any meaningful QoS. If you have some form of unique protocol that requires a high priority to function, you should make the ISP aware of it and let them know how they can detect it and prioritze it. They can evaluate your needs with the needs of the rest of their customers to determine the priority your protocol should get. That's what Quality of Service is, and it should be kept as far away from the customer's hands as possible, because people like you who don't understand physical networking will fuck it up and service will be piss poor for everyone. At best the user should be able to prioritize the protocols for their own network connection and that's it (and you can, by the way, if you have the right software or router). Anything past that should be handled by the ISP and the ISP only.
What should be illegal is ISPs using filtering and prioritization to kill a competitors service over their network. For example, an ISP should be giving VOIP traffic the highest priority on the network, but they should NOT be allowed to give their own VOIP traffic a higher priority than a competitor's VOIP traffic. HTTP traffic going to certain websites being throttled, with an extra charge to speed up those websites is even worse. That's what Net Neutrality is about - preventing ISPs from using QoS techniques to stifle competition and close up the internet. I fully support that.
I do not support you ruining my internet experience because you don't understand networking or good QoS methodologies.
The pure math argument against all software patents is intillectually dishonest and little more than "information longs to be free" nonsense. Information may want to be free, but it certainly takes effort to produce.
ANY patent is nothing more than a design or an idea put on paper. It is not the physical device you patent, but the design of the device. The only person allowed to use that design to produce a product is the inventor or anybody the inventor gives permission to. What is special about them is they are unique, novel, and produce some useful result of some kind.
Software should not be exempt from this, because the creation of software is a difficult creative process that falls well under the goals of the constitutional patent provisions. We need incentives to produce good software, and said software needs to be well understood in order to be improved upon for the good of society. However, because software is essentially just math for a specific purpose, the only thing really patentable is the method or structure of the math. That structure should be so novel that nobody had thought about doing things that way before.
Software is pure math in the same sense that the design of an automobile is pure math. It is written down in math, in the case of software it is even used via math (i.e. processed through the computer), but the idea behind it is often times NOT math, and the purpose or use of the software is usually NOT pure mathematical in nature. It is often not even related to mathematics. It's the idea, the design, that is patentable.
This should be as true for software as anything else. I think the problem is a lack of understanding of which parts are novel and which parts are the mathematical tools used to perform the work.
Novel methods or processes for any purpose should be patentable, regardless of how simple they are. If nobody else has done it, it should be fair game for a patent. Methods that are the essentially re-iterations of common methods but applied to software or business practices, without anything new and innovative, should not receive a patent. When your patent consists of the software equivalent of pulling trash out of a trash can and walking it to the dumpster, it should be denied. That's the case with the patent in TFA, it was simply a method of collecting data from multiple sites and displaying it in an organized way to the user. There was nothing innovative, it didn't do anything special with the data, it didn't have some new process that nobody has ever thought of to make the whole thing more efficient, it was simply data aggregation applied to financial purposes. It was very non-unique.
You may need to go younger, ever seen a toddler when mommy or daddy tells them "no"? They tend to pitch a fit, and try to break stuff.
These guys may be smart as hell, but they are little more than toddlers who can hack. They are definitely NOT worth paying attention to beyond what is necessary to track them down and put them in jail.
BTW, do you know what happens to guys like these when they get caught? After jail time, they are generally banned from computers. I.e. more jail time if they are caught using one. That's got to be a virtual death sentance for a hacker.
I'm not sure these guys thought this thing through, they are definitely public enough to be traceable. I hope they don't like where they live very much!
The ends don't justify the means. These are people willing to destroy other people's work to make their point, and it is not ethical. These guys have lost all right to take the moral high ground, and their arguments will now and forever be tainted with "Aren't these the guys who hacked Imageshack? Why the hell are we listening to them?"
I'll take script kiddies over assholes like these any day. They may have valid points, but they sure as hell don't have my support, not now anyway. These jackasses are nothing more than little children going around breaking things when things don't go their way.
They deserve to be in jail, not sought out for security advice. What the hell were they thinking?
Only 30% of IT projects succeed in meeting their original goals of time, cost, scope, or quality. In this sense 70% are "failures".
Nobody gets a bad reputation that "fails" if the project meets the needs of the company/client. Projects that fail completely are generally run poorly, and developer's reputations are not tarnished. Frankly, only an idiot would blame the developer unless they did a piss-poor job. But if that were the case, said developer would have been canned from the project and a new developer would be brought in. THAT looks bad. Finishing a project, no matter how rediculous or terrible it seems to you the developer, rarely has a negative impact. Even if a project gets canceled, it is more likely to affect the project manager's reputation or the reputation of whoever initiated the project.
Again, developers who do a poor enough job to be assigned blame for a project - unless it is a company full of asshats - are usually canned and replaced mid-project. If that didn't happen to you, you should not have a problem, and you could even use it to your advantage in your next job interview. Blame for these types of things are generally an internal company sort of thing, they rarely spread outside the company except for a few industries.
Quitting for anything other than ethical reasons or reasons that are completely unrelated to the job itself would probably tarnish your reputation if you brought it up in an interview. In that case, you should just forget it ever happened. It shouldn't come up unless they go digging for it, and they won't be able to get anything negative relating specific to you unless you specifically made the news somehow. In that case, be honest about your role in the project and be honest about what happened. Unless of course it was your fault the whole thing failed. ;)