About a 2 hour drive south of Atlanta, who's trying to make themselves into a combination Silycon Valley / Hollywood for the South East
This should have read: Macon-Bibb county is about a 2 hour drive south of Atlanta; Atlanta being the one who's trying to make themselves into a combination Sillycon[sic] Valley / Hollywood for the South East
Good thing this is Georgia and not Alabama. About a 2 hour drive south of Atlanta, who's trying to make themselves into a combination Silycon Valley / Hollywood for the South East. Atlanta has already started considering towns as far north as Ellijay and Blue Ridge to be "Suburbs" with a combined sustained population less than 50K over 825 square miles. Up in this region, most of the local EMCs have rolled out Fiber capable of 50Mbps symmetrical or better all over the rural mountains. These are towns about 100 miles north of Atlanta, and within 10 to 20 miles of the North Carolina Border. In 20 years time, I expect the state of Georgia above Houston County to the NC border to be known as Atlanta-Georgia; From Waycross south to become Savannah-Georgia; and everything inbetween to be Da-Sticks of Georgia.
Of course, I still have to agree with you on the ethical conduct part. Technical Competence, though? Metropolitan Georgia is in a lot better position with their Technology Infrastructure than anyone gives them credit for. Almost scarily so.
If I wanted an enterprise level overkill solution, I'd have grabbed a couple of Cisco 1800's for <$200 off eBay with the necessary modules and configured the proprietary VPN through IOS like I learned in college (this route is still not off the table either, just not preferred). Your SSG5's are going for about the same price on ebay and would require me to learn a system I'm not immediately familiar with, which wouldn't be a problem if I needed this to work in my own lab only. Just because I'm not current on consumer and open source options doesn't mean I don't know my shit on the enterprise level. I specifically asked this question because I'm trying to AVOID enterprise equipment in a home environment, retard (to show you the same courtesy as you have shown me)!
I want a solution that I can either use my equipment on hand, or be able to buy/build for less than $200 that my dad would be able to troubleshoot through a web interface and know WTF he's looking at in the event something goes south when I'm not immediately available. Any solution I go with I am going to have to take a vacation week to walk him through troubleshooting and he doesn't do well with command line.
Modem with 4 connect points is outside the house next to the Power Meter which is double locked, one for the service key and a padlock for our access to the connect points which my dad has the key for. There's an ethernet line on one of the connect points that comes out of there and goes into the basement where it goes into a locked closet with a thick metal door and deadbolt. Inside this room the cable comes into a large locked metal breaker box flush mounted in the wall just for this purpose; again, only my dad and I have the keys to this box. Inside this box is where we set up the wireless router, with the antennae removed from the unit itself and connected outside the room using extension cables with BNC connectors. All the physical connections in the house have to come into this box.
Diverting the outside connection to a server locked in the room and another line going back into the box to the router would be trivial to set up. I also have a lockable metal box with powered ventilation that a desktop workstation could fit in nicely with plenty of room to breathe (acquired from the local RadioShack when they were selling off their fixtures after the bankruptcy). Though based on most of the responses here I'm probably going to find some cheap routers (sub $100) that can run DD-WRT and OpenVPN to replace the one there and keep it inside the locked box. As far as wireless, I'll likely set up an AP or 2 on the main floor instead of the current setup that's not working very well outside the basement (for obvious reasons). Now that it's my dime going into this, my dad is more willing to let me have reign on the network and how things are set up.
Be prepared for him to learn how to bypass things...that's what kids do ya know.
Fully prepared and expecting it. He likes to figure out how things work like I used to. If he takes interest in trying to bypass the security it'll escalate like a chess game. So far he's more interested in building and programming electronic projects than getting online much. It can often be a battle of wills to even get him to use the internet to find his own answers when he's stuck.
If he's going to be using my or my Parents' network resources and the government says I'm responsible for what he does until he's 18, you bet your ass I'm going to do checks to make sure he isn't doing anything that will warrant a visit from the Feds. Beyond that, he has a pretty good amount of freedom and leeway on the web.
That said, I'll have to look into CRD to see if it'll work given the apparent constraints that my Parents' ISP has placed on the connection. Windows Remote Assistance was working for a while and that is primarily what we used whenever they needed some quick work or a tutorial on something they wanted to do with the computer... Unfortunately it just stopped working all of a sudden. We figured out that their ISP had started blocking ports; upon contact the ISP made it clear they weren't going to be helpful in opening them up for us. This is the reason for the desire of a VPN where every machine on my Parents' network will look like they exist on my local NAT so I can easily just point the RDP Client or SSH session to a known IP address and have the full access I need. Using RDP would also eliminate the need for someone to actually have to be at a desktop while I did maintenance. To facilitate this more, I plan on setting my parents' computers to respond to WoL packets as well.
It's Cox. Top tier used to be soft-capped at 400 Gigs which my household alone was pegging every month until they decided to raise all their caps. Now it's a 2TB cap that we barely use a quarter of. Until this situation arose, I had been considering dropping service down a tier and saving about $50 a month. Unfortunately the only other option I have for broadband (besides satellite) is 6Mbps DSL hard-capped @ 200 Gigs... though they can't tell me if I'm close enough to the CO or not.
You don't need to. Paranoid about it? Wipe the UUID field from the database upon successful verification of the email so it can't be queried against in the future. However it would be better to just do a sanity check in the code that if there's a boolean 1 in the "emailConfirmed" field after querying for the UUID, just notify the user that the account has already been confirmed and doesn't need to be again.
And what do you send for a password reset?
An email to the address on file that has a link to the password reset possibly pre-filling the userID field, but I tend to make the user type that in themselves. If they don't remember the userID... then they'll need to know other pertinent information that the account was created with, otherwise new account time. After the password is reset, then send a confirmation that only states this fact and not giving any identifying information in it beyond that. The same thing you should be doing for any type of change made at the user's account level. If the user is changing their email address, send a confirmation to both the old and the new address that it has been changed, then also reset emailConfirmed to 0, regen the UUID, and force the user to verify the new address, following the same procedure as if it were the first time.
But it doesn't stop Jane from decking you if you scream "Jane, you ignorant slut!" at her. Nor does that stop you from suing her for the medical costs associated with the black eye resulting from you being decked. Nor does that stop her from counter-suing for the slanderous defamation of her character. It only stops the government from putting you in prison for the rest of your life simply because of your opinion on Jane's promiscuity.
How you test for a brute-force vector without conducting a full brute force attack:
Hey, United, I was able to try 10 user/PIN combinations within 30 seconds of each other and did not hit any timeout walls or seeming account blocks. I was also able to directly use my real account/PIN combination on the 11th attempt that I manually did 5 seconds later and was able to get full access to my account. You might want to take a look at this to make sure that on a proper brute-force scale you're not caught with your pants down.
I have an idea. How about you learn somethingbefore you talk out of your ass? Brute force has never, in the entire lifetime of the phrase, meant that you were pegging a server while you are trying every possibility for the password on an account. Hell, if I send a username and next-in-series password at a rate of one every 20 minutes, that's still classified as a brute force attack, and unless the server is really anemic, there's no chance in Hell that the server is going down. If I'm doing that same type of attack at a rate of 200 attempts per second, or even 2000 attempts per second, that's still not going to blip much on the server's CPU unless it's already bogged with another process, and those are STILL classed as brute force.
The type of attack you're looking for is Distributed Denial of Service, which isn't generally for breaking into accounts but taking the server down with an overwhelming number of requests or pings that the server doesn't have the resources to be able to respond to any further requests.
How much performance does it need to growl "I'm BATMAN!"?
Apparently more than Christian Bale had. Dude seriously needed some Primatene Mist. Or at least a throat lozenge or something just to be able to understand his dialog.
Can't tell if you're willfully ignorant on this or just trolling.
Valve doesn't have a lot of games on Steam. 3rd Party development houses chose to use Steam as a Distribution/DRM platform. Valve has not one iota of power (yet) to dictate that games developed by 3rd parties must also have Linux Binaries. The only binaries that are in direct control of Valve are games that Valve has developed. This is not to say that at a point in the future where Valve believes that Steam as the sort of clout that all other developers cannot do without their service, Valve wouldn't make the terms that in order to make use of the Steam platform for their games, 3rd party devs must provide working Linux binaries as well.
To put it more accurately and succinctly, Valve cannot say "We, as developers, have a lot of games on Steam," since they only have direct claim to ~30 out of the "10,000". They can say, however "We, as a service, have hundreds of developers that use our platform to allow users to purchase thousands of their games (not Valve's games) through that platform." There's a league of difference between those two concepts of ownership over the binaries.
You seem to be confused between games that Valve created versus games created by other companies that use Valve's distribution service named Steam. There's only a small handful of games distributed through Steam that were actually developed by Valve themselves; almost 30 if you include comercial mods and expansions.
The ITU-R has outlined 5 methods for the future of UTC [acma.gov.au]. Methods A1, A2, B, C1, C2, D, and E are from various delegations of the international assembly, and they are in serious disagreement with each other.
So...when you graph the equation 5/x, where X hits zero a line is drawn horizontally and vertically with arrows indicating infinity in all directions, with the two curves shooting off the page of it at the positive and negative points where x no longer equals zero? Funny...I always thought that the 0 lines are completely devoid of any marks, specifically to denote that there is no defined value, infinity or otherwise.
In the most trivial simplification x/0 will be either positive or negative infinity, depending on the sign of x. If x=0 then we can't even say that much.
Actually, in any possible case of x, the result is always both positive AND negative infinity...and it is also always neither. As I mentioned elsewhere, divide by zero is essentially quantum superposition at work. The denominator being zero means that there is no "observer" for the numerator to collapse into a definitive form...and therefore there is no possible way to define the entire equation. Undefined != infinity. Undefined == Undefinable.
if you divide zero apples with zero [people] - how many pieces do you have?
As I stated elsewhere [paraphrased to give a bit more detail for a non-AC]:
[This example] isn't 0/0. It's 0/1, which is 0. The person identified by you has to exist in the equation to be able to process the division, so by default there is 1 person. If there were 0 people then a Schrödinger's Cat situation emerges. Quantum superposition states that if there is no one to observe that there are 0 apples...then there are infinite apples at the same time there are none. To put it more simply, there would be 0 people to even care how many freaking apples there are to be divided. Therefore 0/0 is undefined, and in programming should always throw an exception that can be handled gracefully (ask user to verify inputs, etc). Defaulting 0/0 to 0 in programming is a very dumb idea as it will create more problems than it solves.
Getting a job at McDonalds and expecting to live on it still means "Do I use my money to eat for a few days, refrigerate my food for a month, or drive to work this week?" It's only a little easier if you happen to live within walking distance. If you're lucky enough to get into Wal-Mart, you're faring a bit better. Everyone else: Target, BestBuy, RadioShack, Kroger, GameStop, MovieStop, Mama's Pizza to Go, PapaJohn's, Wendy's, BK, Old Navy, Michael's, McAllister's... go in and ask for an application, you leave with a web address to go to. Hell, even with Wal-Mart the app is still online only. They just provide a single kiosk to use in store if you needed that option.
And of course they can afford a computer to do all this with, right?
Less than $50 at Goodwill or Salvation Army can get you a computer capable of getting online. Some of the local shops here will also sell used systems for $20-$40 with a guarantee to keep them running for up to a year... with payment plans offered to the really down and out that have to decide between a computer and groceries for a few days (been there, done that). This is done because unless you have an in at a local Mom & Pop shop the only way to get a job is to go to the Corporate website and fill out an application online, and then have a way to access your email during evening prime-time... because that's when a lot of these hiring managers send out their RFI emails to those who made it through the initial screening. And believe me, they watch the timestamps. They may not actually read the response emails until the morning, but if they see a response that's timestamped within 10 minutes of when they sent their e-mail out, that person gets a head start in the running.
Your principle isn't 0/0. It's 0/1, which is 0. You have to exist in the equation to be able to process the division, so by default there is 1 person. If there were 0 people then a Schrödinger's Cat situation emerges. Quantum supposition states that if there is no one to observe that there are 0 apples...then there are infinite apples at the same time there are none. Therefore 0/0 is undefined, and in programming should always throw an exception that can be handled gracefully (ask user to verify inputs, etc). Defaulting 0/0 to 0 in programming is a very dumb idea as it will create more problems than it solves.
And to that they'd say, so what? It wouldn't be their first loss. It wouldn't hurt any more than a slap on the wrist. It wouldn't damage their worst PR damage. You also seem to miss the whole thing of embrace. They wouldn't be reneging on any their promises. They'd feed Mono with Microsoft dev mindshare. They would build it up to become a strong product house. They would then make moves to bring Mono development more and more in-house...if not outright buy all rights to the product and its name.
It would then continue to develop and grow as Microsoft extends its functionality as an inhouse product. Finally, once they have deemed the project sunsetted, the product is extinguished.
This is the path they took with Halo. This is what they did with MechWarrior. This is (essentially) what happened with Cygwin. Unless Nadella is being completely sincere about a New Microsoft (so far he seems to be, which is good...but, we'll have to see what kind of track record he holds on the very long term), this is something that I believe we can expect to see again with Mono.
Slashdot Mirror
About a 2 hour drive south of Atlanta, who's trying to make themselves into a combination Silycon Valley / Hollywood for the South East
This should have read: Macon-Bibb county is about a 2 hour drive south of Atlanta; Atlanta being the one who's trying to make themselves into a combination Sillycon[sic] Valley / Hollywood for the South East
Good thing this is Georgia and not Alabama. About a 2 hour drive south of Atlanta, who's trying to make themselves into a combination Silycon Valley / Hollywood for the South East. Atlanta has already started considering towns as far north as Ellijay and Blue Ridge to be "Suburbs" with a combined sustained population less than 50K over 825 square miles. Up in this region, most of the local EMCs have rolled out Fiber capable of 50Mbps symmetrical or better all over the rural mountains. These are towns about 100 miles north of Atlanta, and within 10 to 20 miles of the North Carolina Border. In 20 years time, I expect the state of Georgia above Houston County to the NC border to be known as Atlanta-Georgia; From Waycross south to become Savannah-Georgia; and everything inbetween to be Da-Sticks of Georgia.
Of course, I still have to agree with you on the ethical conduct part. Technical Competence, though? Metropolitan Georgia is in a lot better position with their Technology Infrastructure than anyone gives them credit for. Almost scarily so.
Go to the link provided, click on "Suppression." The citation is found within the paragraph there.
If I wanted an enterprise level overkill solution, I'd have grabbed a couple of Cisco 1800's for <$200 off eBay with the necessary modules and configured the proprietary VPN through IOS like I learned in college (this route is still not off the table either, just not preferred). Your SSG5's are going for about the same price on ebay and would require me to learn a system I'm not immediately familiar with, which wouldn't be a problem if I needed this to work in my own lab only. Just because I'm not current on consumer and open source options doesn't mean I don't know my shit on the enterprise level. I specifically asked this question because I'm trying to AVOID enterprise equipment in a home environment, retard (to show you the same courtesy as you have shown me)!
I want a solution that I can either use my equipment on hand, or be able to buy/build for less than $200 that my dad would be able to troubleshoot through a web interface and know WTF he's looking at in the event something goes south when I'm not immediately available. Any solution I go with I am going to have to take a vacation week to walk him through troubleshooting and he doesn't do well with command line.
Not quite so easy.
Modem with 4 connect points is outside the house next to the Power Meter which is double locked, one for the service key and a padlock for our access to the connect points which my dad has the key for. There's an ethernet line on one of the connect points that comes out of there and goes into the basement where it goes into a locked closet with a thick metal door and deadbolt. Inside this room the cable comes into a large locked metal breaker box flush mounted in the wall just for this purpose; again, only my dad and I have the keys to this box. Inside this box is where we set up the wireless router, with the antennae removed from the unit itself and connected outside the room using extension cables with BNC connectors. All the physical connections in the house have to come into this box.
Diverting the outside connection to a server locked in the room and another line going back into the box to the router would be trivial to set up. I also have a lockable metal box with powered ventilation that a desktop workstation could fit in nicely with plenty of room to breathe (acquired from the local RadioShack when they were selling off their fixtures after the bankruptcy). Though based on most of the responses here I'm probably going to find some cheap routers (sub $100) that can run DD-WRT and OpenVPN to replace the one there and keep it inside the locked box. As far as wireless, I'll likely set up an AP or 2 on the main floor instead of the current setup that's not working very well outside the basement (for obvious reasons). Now that it's my dime going into this, my dad is more willing to let me have reign on the network and how things are set up.
Be prepared for him to learn how to bypass things...that's what kids do ya know.
Fully prepared and expecting it. He likes to figure out how things work like I used to. If he takes interest in trying to bypass the security it'll escalate like a chess game. So far he's more interested in building and programming electronic projects than getting online much. It can often be a battle of wills to even get him to use the internet to find his own answers when he's stuck.
If he's going to be using my or my Parents' network resources and the government says I'm responsible for what he does until he's 18, you bet your ass I'm going to do checks to make sure he isn't doing anything that will warrant a visit from the Feds. Beyond that, he has a pretty good amount of freedom and leeway on the web.
That said, I'll have to look into CRD to see if it'll work given the apparent constraints that my Parents' ISP has placed on the connection. Windows Remote Assistance was working for a while and that is primarily what we used whenever they needed some quick work or a tutorial on something they wanted to do with the computer... Unfortunately it just stopped working all of a sudden. We figured out that their ISP had started blocking ports; upon contact the ISP made it clear they weren't going to be helpful in opening them up for us. This is the reason for the desire of a VPN where every machine on my Parents' network will look like they exist on my local NAT so I can easily just point the RDP Client or SSH session to a known IP address and have the full access I need. Using RDP would also eliminate the need for someone to actually have to be at a desktop while I did maintenance. To facilitate this more, I plan on setting my parents' computers to respond to WoL packets as well.
It's Cox. Top tier used to be soft-capped at 400 Gigs which my household alone was pegging every month until they decided to raise all their caps. Now it's a 2TB cap that we barely use a quarter of. Until this situation arose, I had been considering dropping service down a tier and saving about $50 a month. Unfortunately the only other option I have for broadband (besides satellite) is 6Mbps DSL hard-capped @ 200 Gigs... though they can't tell me if I'm close enough to the CO or not.
So how do you encrypt this UUID?
You don't need to. Paranoid about it? Wipe the UUID field from the database upon successful verification of the email so it can't be queried against in the future. However it would be better to just do a sanity check in the code that if there's a boolean 1 in the "emailConfirmed" field after querying for the UUID, just notify the user that the account has already been confirmed and doesn't need to be again.
And what do you send for a password reset?
An email to the address on file that has a link to the password reset possibly pre-filling the userID field, but I tend to make the user type that in themselves. If they don't remember the userID... then they'll need to know other pertinent information that the account was created with, otherwise new account time. After the password is reset, then send a confirmation that only states this fact and not giving any identifying information in it beyond that. The same thing you should be doing for any type of change made at the user's account level. If the user is changing their email address, send a confirmation to both the old and the new address that it has been changed, then also reset emailConfirmed to 0, regen the UUID, and force the user to verify the new address, following the same procedure as if it were the first time.
But if our Admins had to generate a new account every time a new customer needed one, when would they have time to play CounterStrike: Ghosts?
But it doesn't stop Jane from decking you if you scream "Jane, you ignorant slut!" at her. Nor does that stop you from suing her for the medical costs associated with the black eye resulting from you being decked. Nor does that stop her from counter-suing for the slanderous defamation of her character. It only stops the government from putting you in prison for the rest of your life simply because of your opinion on Jane's promiscuity.
How you test for a brute-force vector without conducting a full brute force attack:
Hey, United, I was able to try 10 user/PIN combinations within 30 seconds of each other and did not hit any timeout walls or seeming account blocks. I was also able to directly use my real account/PIN combination on the 11th attempt that I manually did 5 seconds later and was able to get full access to my account. You might want to take a look at this to make sure that on a proper brute-force scale you're not caught with your pants down.
I have an idea. How about you learn something before you talk out of your ass? Brute force has never, in the entire lifetime of the phrase, meant that you were pegging a server while you are trying every possibility for the password on an account. Hell, if I send a username and next-in-series password at a rate of one every 20 minutes, that's still classified as a brute force attack, and unless the server is really anemic, there's no chance in Hell that the server is going down. If I'm doing that same type of attack at a rate of 200 attempts per second, or even 2000 attempts per second, that's still not going to blip much on the server's CPU unless it's already bogged with another process, and those are STILL classed as brute force.
The type of attack you're looking for is Distributed Denial of Service, which isn't generally for breaking into accounts but taking the server down with an overwhelming number of requests or pings that the server doesn't have the resources to be able to respond to any further requests.
How much performance does it need to growl "I'm BATMAN!"?
Apparently more than Christian Bale had. Dude seriously needed some Primatene Mist. Or at least a throat lozenge or something just to be able to understand his dialog.
Can't tell if you're willfully ignorant on this or just trolling.
Valve doesn't have a lot of games on Steam. 3rd Party development houses chose to use Steam as a Distribution/DRM platform. Valve has not one iota of power (yet) to dictate that games developed by 3rd parties must also have Linux Binaries. The only binaries that are in direct control of Valve are games that Valve has developed. This is not to say that at a point in the future where Valve believes that Steam as the sort of clout that all other developers cannot do without their service, Valve wouldn't make the terms that in order to make use of the Steam platform for their games, 3rd party devs must provide working Linux binaries as well.
To put it more accurately and succinctly, Valve cannot say "We, as developers, have a lot of games on Steam," since they only have direct claim to ~30 out of the "10,000". They can say, however "We, as a service, have hundreds of developers that use our platform to allow users to purchase thousands of their games (not Valve's games) through that platform." There's a league of difference between those two concepts of ownership over the binaries.
You seem to be confused between games that Valve created versus games created by other companies that use Valve's distribution service named Steam. There's only a small handful of games distributed through Steam that were actually developed by Valve themselves; almost 30 if you include comercial mods and expansions.
The ITU-R has outlined 5 methods for the future of UTC [acma.gov.au]. Methods A1, A2, B, C1, C2, D, and E are from various delegations of the international assembly, and they are in serious disagreement with each other.
So...when you graph the equation 5/x, where X hits zero a line is drawn horizontally and vertically with arrows indicating infinity in all directions, with the two curves shooting off the page of it at the positive and negative points where x no longer equals zero? Funny...I always thought that the 0 lines are completely devoid of any marks, specifically to denote that there is no defined value, infinity or otherwise.
In the most trivial simplification x/0 will be either positive or negative infinity, depending on the sign of x. If x=0 then we can't even say that much.
Actually, in any possible case of x, the result is always both positive AND negative infinity...and it is also always neither. As I mentioned elsewhere, divide by zero is essentially quantum superposition at work. The denominator being zero means that there is no "observer" for the numerator to collapse into a definitive form...and therefore there is no possible way to define the entire equation. Undefined != infinity. Undefined == Undefinable.
So, practically speaking, if there are zero people to care about how many apples there are... who's there to define that there's 0 apples available?
if you divide zero apples with zero [people] - how many pieces do you have?
As I stated elsewhere [paraphrased to give a bit more detail for a non-AC]:
Getting a job at McDonalds and expecting to live on it still means "Do I use my money to eat for a few days, refrigerate my food for a month, or drive to work this week?" It's only a little easier if you happen to live within walking distance. If you're lucky enough to get into Wal-Mart, you're faring a bit better. Everyone else: Target, BestBuy, RadioShack, Kroger, GameStop, MovieStop, Mama's Pizza to Go, PapaJohn's, Wendy's, BK, Old Navy, Michael's, McAllister's... go in and ask for an application, you leave with a web address to go to. Hell, even with Wal-Mart the app is still online only. They just provide a single kiosk to use in store if you needed that option.
And of course they can afford a computer to do all this with, right?
Less than $50 at Goodwill or Salvation Army can get you a computer capable of getting online. Some of the local shops here will also sell used systems for $20-$40 with a guarantee to keep them running for up to a year... with payment plans offered to the really down and out that have to decide between a computer and groceries for a few days (been there, done that). This is done because unless you have an in at a local Mom & Pop shop the only way to get a job is to go to the Corporate website and fill out an application online, and then have a way to access your email during evening prime-time... because that's when a lot of these hiring managers send out their RFI emails to those who made it through the initial screening. And believe me, they watch the timestamps. They may not actually read the response emails until the morning, but if they see a response that's timestamped within 10 minutes of when they sent their e-mail out, that person gets a head start in the running.
Your principle isn't 0/0. It's 0/1, which is 0. You have to exist in the equation to be able to process the division, so by default there is 1 person. If there were 0 people then a Schrödinger's Cat situation emerges. Quantum supposition states that if there is no one to observe that there are 0 apples...then there are infinite apples at the same time there are none. Therefore 0/0 is undefined, and in programming should always throw an exception that can be handled gracefully (ask user to verify inputs, etc). Defaulting 0/0 to 0 in programming is a very dumb idea as it will create more problems than it solves.
they would lose
And to that they'd say, so what? It wouldn't be their first loss. It wouldn't hurt any more than a slap on the wrist. It wouldn't damage their worst PR damage. You also seem to miss the whole thing of embrace. They wouldn't be reneging on any their promises. They'd feed Mono with Microsoft dev mindshare. They would build it up to become a strong product house. They would then make moves to bring Mono development more and more in-house...if not outright buy all rights to the product and its name.
It would then continue to develop and grow as Microsoft extends its functionality as an inhouse product. Finally, once they have deemed the project sunsetted, the product is extinguished.
This is the path they took with Halo. This is what they did with MechWarrior. This is (essentially) what happened with Cygwin. Unless Nadella is being completely sincere about a New Microsoft (so far he seems to be, which is good...but, we'll have to see what kind of track record he holds on the very long term), this is something that I believe we can expect to see again with Mono.