Replace "demo" with "game". Now see how stupid the problem is regardless of that.
The demo could EASILY have been their test-bed for the system while they were still building it. If the demo fails, not a big problem. If the game fails... ARGH.
1) It's not worth keeping logs, certainly not for diagnosis, if they aren't synch'ed between servers when you're doing anything which relies on >1 server. If you have a client which will only ever choose ONE server and do all it's actions through that server, you can use the logs unsynch'd. Otherwise, they MUST be synch'ed. It's not hard to work this out. 2) Timesyncing costs *nothing* in practical terms. It doesn't even have to be to the Internet/UTC, so long as they are all synch'ed to each other. 3) Not spotting a *30-60 second* lag in a server response is pretty hideous for people who wrote the code. You don't have to have written the network library to spot this. 4) Using this as an excuse to put off demos, etc. is baloney. The people RUNNING the server and investigating the code behind the running servers should not be the same people as those who are creating new content, features, demos, etc. If they are, either it should be a strict seperation of time or you're understaffed. 5) Plus, DEMO COMES FIRST. I have no reason to try games any more unless they come with a nice demo. Steam is a god-send here... if you don't have a demo of a game on it, I won't bother to download several Gigabytes, waste my diskspace/bandwidth to play it because I *know* I can't get a refund if it's shit. I spent AGES looking for a demo of the second Tom Clancy Las Vegas thing and gave up in the end. Don't want it at all now, but I was going to buy it if the demo had been even half-decent.
Shit hardware exists. You can't necessarily patch it or fix it but you can replace it.
That said, I've never paid more than about £20 for a router, even back in the dark days of early broadband. My last one was an "eTec" (rebranded Conexant-something-or-other) and the one before that was a Trust (rebranded Conexant-something-or-other). They were the cheapest routers I could find and my purchasing decision for both went:
1) Does it do 8Mb? 2) Does it have >1 Ethernet connection?
Bearing in mind that I'm extremely pedantic about every specification of anything I buy, they are *ALWAYS* my most lacklustre purchase. I've *never* had a problem with them (except once when I enabled PPP Half-bridging and couldn't turn the bugger off, requiring a firmware re-download). One of them has been running constantly for at least the last few years, the other has been switched on and off every night for even more years, and I have another (an Amigo AMX rebranded-Conexant...) that has been waiting as a "hot-spare" all that time and never been used.
The school I do network admin for also has the cheapest, crappiest ADSL router running their entire business Internet connection (with appropriate firewalling and port-forwards done to intermediate machines before the "serious" network) and they haven't had a problem with it ever.
Don't take the crap that comes with the package deals, because it probably costs BT about £5 per unit. Instead, pop down to Maplin's or any store and just buy their cheapest ADSL/Ethernet router and get on with life. If you have a router that can't handle some connections, it is *seriously* crap. Just bin it. I never spend money on anything, but for £20, it's just not worth fighting with and *everyone* I know has a router that can do just about anything you ask of it nowadays. Similarly, ADSL "modems" are a waste of space. Get a router or nothing.
99% of everyone calls it a hard drive. It's not an American thing. I make sure to refer to it as a base unit - no confusion, then, if I tell them I've changed the CPU/hard drive in it.
It's not hard. If you give information, ANY INFORMATION, to anyone for anything you have to check *what* they are going to do with it. This means reading their T&C's, following up all that brings up etc. Or, you can just NOT give out personal information that you don't want spread around.
In the one instance, this means that when you sign up for a website with username, email or password requested, you should *always* check what's going to happen to that information (e.g. using your email for marketing). On the other hand, when you are logged into Facebook and scary warnings pop up about sharing your information... you should think twice before you agree and/or make sure that you NEVER use that account to post anything personal that you wouldn't want shared.
This has never been any different. I've filled in paper surveys which distribute the same personal information to God-knows-who-but-probably-only-the-people-listed-in-the-T&C's.
If you're that worried, don't fill in sexual quizzes on Facebook, or do it under a different identity. To be more honest, given the current state of that site, I'd be more worried that after filling in that kind of quiz, it would blast the results or even my answers to my listed friends and family even if it's just by posting them to my own page. That's a million times worse than having a drug company see a "TRUE" pop up in their advertising database against my Facebook ID. I can ignore the ads...
First, this is obviously stupid, like suggesting a "noblink" tag that asks the user if they want to stop tags from working on a website.
Second, if you are *dependent* on advertising, THESE PEOPLE DON'T CARE. They don't want to know. Call them freeloaders, thieves or whatever, but they get enough abuse from other (possibly worse) advertisers and they no longer pay heed to advertising anyway. Thus they would be a wasted impression of an advert. It's like the telemarketers who *insist* on calling me just minutes after I told them not to. You *really* think I'm just going to change my mind and buy something from you?
The websites that do sell advertising space have to think for a second: How long would I last in any other type of business if I relied on selling advertising space to recoup all my expenses? The answer can be measured in microseconds. At one point, there was an "ad-supported" UK ISP that offered free dialup (back in the days of 56k) for the cost of a toolbar displaying ads on your desktop. It was *really* quite good for many years and then tanked. That was the LARGEST company I have ever seen which has been able to survive solely by selling advertisement space (with the possible exception of Google, who have BILLIONS of users and an unrivalled search engine technology that actually GAVE them that power - if you get to compete with them, you'll never have to worry about money ever again anyway).
Give it up. Selling advertising space is not a business income. It's possibly a small sideline for a large website that's *already* successful by other means and that's it.
How much easier is it to print to a Windows printer already on your desktop, to a Fax number already in a stored contact database stored in your company's standard networking infrastructure? Just as simple. This is how most *modern* fax system works.
Fax *machines* may be dead, but Fax itself *isn't*.
Any half-decent system has automated fax reception/sending without this hassle.
I just set one up for a school. 20 minutes, old Linux PC, ancient 56K modem I found in a drawer, Hylafax. It recieves all faxes, removes spam, converts them to PDF, emails them to the right person with the PDF as attachment and, as a bonus, logs ALL transactions. Additionally the Hylafax Windows printer is on all desktop, two seconds to print and type in a fax number.
It's old tech, yes, but standard, reliable, easy, common and easily integrated. Some things NEED fax (i.e. faxes can be legally binding in some countries, whereas email isn't so clear-cut) and even large law firms still use it because it's a recognised technology. And to integrate into any modern network is 20 minutes work with an old external modem.
You might as well say that phone is obsolete because we have VoIP or Skype. Yes, technically. Practically, no for several decades.
I agree. This is like saying that fax is obsolete because we have text/handwriting recognition. You are throwing away *far* too much is you image->text or speech->text, although they could be used for summary/convenience in certain cases. And sometimes you need alternate methods of communication - putting everything into the same basket (i.e. your email account) is just stupid.
Additionally, the loss of information doesn't necessarily make it more convenient at all. You go on holiday, lose/break your phone and swap the sim card (maybe with a borrowed phone). You don't *necessarily* get the capability to receive that text (e.g. Internet, email, etc.) but you can still listen to your voicemail. It's low-tech, but sometimes that helps.
Personally, I detest voicemail whether on mobile phones or in the office. It's a pain. But it still exists, gets specified and built-in because it's "free", easy, simple and works. It's for a medium that doesn't have a better alternative for saving messages (voice) and thus it isn't going anywhere. And I don't trust *anything* that claims to be able to do a "human" job... translating, understanding, transcribing, recognising, etc. Why? Because they cause more trouble than they are worth unless you want a quick, casual, inaccurate job. This includes any form of handwriting recognition, OCR, "image recognition" (web filter systems etc.), speech recognition, text-to-speech, computer translation, etc.
Article says that they "use open source". Doesn't mean they give ANYTHING back at all, because they are not distributing it, thus the HEADLINE is so false it's unbelievable.
For instance, say they took even a GPL'd piece of software, extended it to add marvellous and important new features and then KEPT IT IN HOUSE. They can still use it, still claim it's "open source" but they NEVER have to let anyone but themselves see that code.
It's bad editing, bad reviewing, bad summarising and just outright lying. There is nothing "Open" about anything being done here apart from the software that MS chose to use.
Windows admin by day. Linux zealot by night.:-) Guess where I get more productive work done.
Seriously, people who use non-Windows OS do so because of the *control* of the system. The stablity, etc. are nice bonuses but nothing special nowadays if you're sensible about what you do with your machine. It's why I liked DOS... I knew and could tweak *everything* that ran, and in what order, and what memory it used, etc. On *nix, I can still get that sort of control, down to modifying EVERYTHING that the bootloader/boot scripts do.
On Windows: No chance. Your life is in MS's hands until you get onto a desktop and by then so much has run, it's hard to fix anything that might be critical. If you can't get into Safe Mode... you're stuffed. If "Last Known Good Configuration" doesn't work, there's not much you can do. If you load an incompatible driver by accident, good luck pulling it out of the boot order. Even moving a system from an Intel to an AMD system will *bluescreen* the OS immediately (and you have to do Recovery Console, and issue an arcane command to disable a non-descript Windows service to do with Intel CPU's before you can get back into it). You might question that there are better ways to move images, etc. across but the point is that those are *silly*, *hardcoded*, *poor* restrictions that are unnecessary on any other OS and the "better way" is basically the *only* way that was left to fix the problem (i.e. avoid the problem, rather than fix it).
Define bloat. Hard disc space? Not at all. RAM? Not at all. Executable size? Not at all.
It would only need a tiny program capable of reading PCI id's and program names, maybe even Windows patch levels, a hashing algorithm and a built-in P2P facility. It would be *smaller* than most viruses which tend to be written in bloat-ridden languages like VB. A megabyte of executable means *nothing* anymore and you can barely see it transfer/run. I've seen 20-50Mb installers for single files, for God's sake.
Everything else would be stored on a P2P network (like Conficker does), for which the virus itself could easily suck a hundred megs or so of temporary disk space from every infected machine with nobody noticing. The rest is downloaded on an as-needed basis by the virus, based on the hashes of the programs it sees running and the hardware it sees installed. It downloads *just* those exploit modules (which, being modular, need do nothing more than compromise the program/hardware required and return administrative control to the original virus). It would come with, say, one built-in compromise which it uses to get into machines and once on-board distributes multiple versions of itself (possibly with a *different*, random built-in compromise in each one, so that it becomes autonomously updating and spreading).
Want to take advantage of a new vulnerability? Release a signed, hashed file onto the P2P network and watch it explode on millions of existing and new machines. Those machines already infected will pick up the new file and create derivatives for you, or use it to gain admin privileges if the machine they are on has the right hardware/software combination. For additional resiliency, have it track which are the most common types of successful infections over time and bias it's "generator" towards those (remember when virus meant "self-replicating"?). That way "new" compromises get more of a workout, and "successful" compromises are the mass that keep the rest of the swarm ticking over.
Get an assembler programmer to do it for you and you could do it in *literally* kilobytes by taking advantage of internal Windows libraries. Do it in VB or some large language and have it in under a Meg. You can't even *see* the loading time for a 1Mb executable any more, unless it's off a floppy or something.
I beg to differ, given the example in the same post you just replied to. Anything that registers to *read* a file in Explorer can spawn *real* processes (i.e. full copies of Adobe Reader) in the background in order to extract... the Author, Title, maybe a thumbnail.
I would call that "without your knowledge" (I don't remember seeing a security popup for that, even with non-privileged executables), "beyond reasonable means of disabling such facilities" (without uninstalling the entire damn program, or fiddling with associations by hand, and even they're just guesswork to what it actually would do) and "automatic" (I don't remember ever seeing *anything* tell me that it would be loading up every time I hover over a file in explorer). I'd add "out of your control" if you're a non-techy user, which is who Windows is *designed* for.
Additionally, this is STILL where 99% of viruses are coming from and the methods they using to propogate. Don't kid yourself that you'll *always* get a popup for these things, even with UAC. It's just NOT true. There are an unbelievable number of things running all the time that you have so little control over, they are effectively automatic and unstoppable to the vast majority of users. Hell, most users can't even stop LEGITIMATE apps like Quicktime, Realplayer, Java, etc. from running on startup and putting themselves in the taskbar without cancelling the setup entirely. It's up to the *application* to provide that interface most of the time, with a handful of registry locations / undocumented programs for the experienced user.
So you have two options. Never install software on Windows (might as well be running Linux, then!) or install software which puts itself into places you stand little-to-no hope of ever finding out / removing / undoing.
Install fresh machine. Put to latest patch level. Tell user to click everything they find online (but never "Yes" to a security dialog), insert every USB flash device they ever come across into it. Do you think they'll last a week before it blows up in their face? Do you think they can still get *anything* done?
(I'll tell you now, my non-Windows machines pass that test quite, quite flawlessly... Mac is the closest to having problems in that regard)
Install fresh machine. Put to latest patch level. Install bunch of commonly used programs from trusted sources in order to be able to run most websites, most programs out there. Don't install anything else. How much CRAP is in your taskbar that you can't *easily* get rid of without running the program in question and relying on there being a "don't run on startup" option? THIS IS A CONSUMER OS. Doing something *simple* like accidentally installing one antivirus program while another is running will bring a Windows machine to a complete, unusable halt (I've even dealt with bluescreens because of that exact situation) out of which the user has little hope of recovering without professional help.
Operating systems have two choices: Expect arbitrary executables, and cover your arse as much as you can so that the *user* is always in control. Or forbid arbitrary executables.
The second one is what businesses, governments, and the military should be using. Everyone else needs *real* uninstall, proper program sandboxing, a "Task Manager" that cannot be intercepted or delayed no matter what the computer is doing, the facility to bypass, turn off, or otherwise disable ANY change that's made to the system without having to know what that was. (i.e. a "Last Known Good Configuration" that includes only the software installed at that time).
It really comes to something when I can spend an hour waiting for a PC to load because the user has filled it up with (non-damaging) cruft on their own accounts and it take *literally* hours to fix, even in "Safe Mode". Too much opportunity for crap, not enough control.
I've said for years - viruses are boring nowadays. There's so much *potential* for a really well-written, modular virus to wreak worldwide havoc but nobody's done it. Imagine a virus that inspects local hardware/software and downloads a set of hashed filenames for that data, each of which attacks that specific element of the computer and is updated regularly. E.g. it spots that you have a processor with an old errata bug, downloads the module for it (anonymous P2P) and uses that to gain admin privileges, or it sees a new update to McAffee and the download requests for that hash spark the original author (or a random strangers) interest and they write a new module to counteract whatever workaround has been put in place which *all* machines instantly start benefitting from.
In terms of permanent hardware damage:
Overwriting the HPA's on the disk drive? That could cause some fun.
Bad flash (hard to do with BIOS, and BIOS options to prevent it) - anything with firmware on basically - e.g. RAID cards, USB devices, even network routers!
Using weaknesses in hardware configurations (e.g. the IBM Thinkpad's that could be bricked by a perfectly valid, but unexpected, I2C write to one of their EEPROM chips - beyond non-IBM repair, I might add). Writing infinitely to Flash drives (would you notice a small process that starts 10 secs after you insert a USB drive and just reads and rewrites every block of data for ever?) or SSD's. Even Ubuntu nearly trashed people's drives by accident by repeatedly spinning them down and back up and making the SMART data go through the roof.
Using weaknesses in hardware *control* (e.g. overclocking everything, temperature monitoring, fan control, etc. but it's harder to damage a chip permanently nowadays because they are designed to slowdown/shutoff under extreme conditions - you'd almost certainly be able to cause an extreme nuisance, though).
Possibly (although this is *unlikely*) trying to do things like create power surges on the buses by repeatedly activating and shutting down hardware with various timings while watching the voltages on the lines, to see if you can cause an overload. I think that spinning disks/CD's + spinning fans + various heavy-duty CPU/GPU work etc. might well be able to take out some of the cheaper power supplies in a lot of machines.
Even things like setting the BIOS to boot from PXE first, then ZIP, then floppy, then CDROM would be enough to flummox 99% of users who would think that their machine had broken because it doesn't get into Windows, etc.
The most interesting concept to me would be to take out other hardware - maybe flash a printer with all 1's, or re-flash the local ADSL router or similar. So much stuff has firmware nowadays that it shouldn't be too difficult to wreak some havoc with just a big database of MAC's/ports/firmware specifications for some of the more popular types. Imagine a virus that (on discovering attempts to remove it) not only takes out your computer, but bad-flashes your printers, network hardware and iPod first! That'd make you think twice about automated anti-virus software or manual cleanup instead of just "reformat, reinstall".
Us "TuxTards" apologise profusely that Windows users (and in this, I'm including genuine administrators) are dumb animals. However, the "May contain nuts" brigade are everywhere and unfortunately we can't label every single possible security threat because then you'd end up with something worse than Vista's UAC. A simple "nothing is executable by default" suffices to stop this and insert the crowbar of "Do I *actually* want this program to run?", otherwise known as the execute bit.
The simple fact is that, on a general purpose operating system, if you are given the facility to execute programs of your own creation/downloading you can wreak havoc by spawning processes and touching anything you have permission to. Maybe not immediately, but eventually you will hit something bad if you just run programs willy-nilly. And 99.99999% of people who use an operating system as part of their business have *no* need to be able to run non-sanctioned executables. Ever. Windows is *dire* at limiting what can run, when and where and wants everything to be executable by default (even looking at the thumbnail for a PDF in Windows Explorer will spawn Adobe Acrobat in the background to get "file information" such as Author, etc.). The home users who *want* to run random crap are quite welcome to trash their systems because they have *no* way of telling what most things they download will do - you honestly DO NOT KNOW what your NVidia driver does to your system AT ALL. In the same way, the Linux users who want to run binary drivers and/or run arbitrary scripts they find on the net are welcome too.
The difference is that most of the time Windows executes things without your knowledge, out of your control, beyond reasonable means of disabling such facilities and quite often god-damn automatically (Autoplay, the thumbnail thing above, startup programs etc.) and sometimes automatically for EVERY user (thus users can cross boundaries and infect each other's use of the same computer). That's where the problem lies, not the running of arbitrary executables, but even *that* is an unnecessary "feature" on 99.9999% of people's desktop machine. Please explain why a secretary using Word 100% of the time even needs the facility to be able to run ANY other program at all, ever, and certainly not *arbitary* programs in *arbitrary* locations.
Minimum permissions necessary. If you don't need to run it, make it so it *can't* be run.
The next story is named: "Slashdot Poster Accuses Website Of Losing Site of Reality!"
The spelling mistake is, of course, deliberate and won't be changed until 100 people have made a fool of themselves by posting a comment and then looking dumb because it looks like they're correcting a spelling that's already correct to new viewers...
Until one day, you come in to work to be told that the company doesn't even exist any more?
And from what I read online, the turnover on staff was quite high during most of that time, and essentially they spent their time re-doing things they've already done. I can't imagine a worse job to be honest. Being employed to do the same thing that your friend did yesterday, knowing that it'll never finish. I would imagine anyone with half a brain got out of there a long time ago, which is probably part of the problem.
- Worst credit crunch in recent history, particularly affecting video game sales, IT workers, etc. - Most of the main/original/best developers *long gone*. - Posts from ex-developers about the diabolical lengths taken to reinvent wheels that had already been reinvented the week before and other enormous wastes of money. - Longest-running single game development in history (the *entire* Grand Theft Auto series, from the original DOS versions through to GTA4 were made in the timespan of *just* DNF... think about that - ATI and nVidia 3D cards DID NOT EXIST when the game was first announced, not to mention Google or a million other places, it was 3DFX or nothing and most people had *nothing*.). - Games being "95% done" mean nothing - games have been *completed* in the past but just abandoned before being published (mainly because they were crap, or because they wouldn't sell, or just because some idiot decided to cancel them at the last minute). Similarly 50% complete games *have* been released because the studio ran out of money and just needed to get something out there. It's not unusual at all in the industry. - You do not generate hype about a product which you are universally slated for delaying by announcing closure. For one thing, your shareholders will sue you - it might actually even be illegal to do so if you don't tell your stockholders that it *is* just a marketing exercise and that would see their share prices *plummet* which they would *not* approve of.
Not a marketing trick (if it is, it's the worst *ever* and likely to evoke lawsuits). Just plain crappy management. Don't go looking for convoluted answers when the simplest solution fits the bill - somebody finally decided to cut their losses.
Gotta love the site that lists all the things that have happened in the time DNF was "supposed" to be being made.
For instance, it took less time to implement and complete the entire Moon landing program. The Beatles were formed, released every song, and split up in less time than it's been since DNF's initial announcement. Wars came and went quicker. The *entire* GTA series of games was released since the announcement. 58 Mario games were made since the announcement.
It always was a farce, always will be a farce. Even if the source was released tomorrow, complete and playable in every detail, DNF would *still* be the biggest development farce in gaming. It should have had its tail cut long ago, rather than constant "reinvention". All we can hope is that the developers and producers involved learn a lesson and start getting things out of the door in their new jobs. It sounds like it was technically good at most points but reinventing the wheel and constant, inept, managerial interruptions turned it into a circus (so, what else is new?).
Surely anyone with a brain would have left 3DRealms *long* ago anyway, if this is how it was working?
But it's *not* just the RAM... you're missing the point. An existing OS (several in fact) does a better job *today* on lower spec hardware (and will support higher-spec hardware in the future). I don't *need* the RAM, or the OS upgrade. I stay where I am and, bingo, I'm in a better position! All systems ARE going to get faster in the future, and the stuff they need to do more complex. So why the hell would you choose an inferior tool for the job if the existing ones perform better? A tool that is slower *today* and thus will be slower *tomorrow* until some sort of logical limit kicks in (e.g. 64bit computing). On the basis that in five years you won't notice anyway? Good business decision!
And "just" upgrading is a problem when you have infrastructure in place. Where's the advantage to upgrading at all if it's a backwards step and *nothing* forwards?
To be honest, Vista was released in 2006. It's 2009 now. Three years and it's gone and (virtually) obsolete now. And you know what? I haven't had a single client ask me for it on a network basis. So any Vista upgrades I might have done would have been *really* worth it, wouldn't they? So I'm going to upgrade *anything* on the basis that 5-10 years from now the current new release (which will be obsoleted by its successor) will work nicely? Good move.
This is the point - it's a *waste*. There is *no* advantage to it today or tomorrow. The only possible advantage is perhaps some extended support life. But, hey, Windows 7 has a copy of XP in it, right? So that's supported until when? So my plain, ordinary copies of XP will be supported until roughly then too!
We're talking about users who run applications one at a time because they "lose" them if they accidentally hit minimise and can never find them again. And there's not much unusual in my users: bog-standard, well-educated, "trained" teaching staff at ordinary state and private schools. They are pretty indicative of 90% of office users out there (because they *are* the same users most of the time).
And an XP machine with 512Mb is *fine* for them (so long as it's properly managed - I do have to add that disclaimer - their home machines are 4Gb beasts that slug along like someone's manually flicking the clock lines on the processor). I do do cost/benefit analysis and it's just not worth the upgrades... all my machines can have them, all of them for only a pittance each, but it's not worth the performance increase available for the basic office use that they see. More time is wasted because our toner comes with little plastic strips on that have to be torn off than are ever lost by waiting those few microseconds for XP to flush stuff to disk.
Well... he has an email address that he wants people to talk to him on. The person is asking to be caught already. Even assuming Tor use, etc., that's a definite lead back to him right there. You're talking an open invitation for some agency to coerce Yahoo to plant something on his browser when that login is detected (a cookie would probably do for the simple cases, a Flash/Java/browser exploit or similar in an advert would easily do for the more complex). Hell, I wouldn't be surprised if it wasn't possible to get a Microsoft-signed Java app (and, thus, automatically run without prompting) into the pages that are made for his login with their co-operation and have it reveal the *real* IP address / routing.
You can *easily* string him along for four or five emails. He would have to be using extremely tight security each and every time in order to communicate safely (and thus I hope he ran / is running a sandboxed system via a good anonymising network for the purpose of creating and checking that mail account each and every time and that he *never* uses that sandbox for anything else).
And you're talking confidential patient records - this is no hero of the citizenry, it's some pillock with nmap. So I hope he does get caught. Yeah, expose the security holes (though even that is just asking for jailtime) but don't play with people's lives.
How he expects to receive any money is beyond me... there's no such thing as a "safe" bank account except in the movies. Or is he hoping for a large bag of cash to be thrown from the Golden Gate bridge at 13:37 or similar? I'm guessing that, somewhere, he's made a stupid, elementary and critical mistake which means that he'll be "caught" quite soon (as in, people know who he is and just have to do the paperwork to get him), if he's not already.
If you want to make a stand, make a stand, target an organisation, pick a purpose, hit the critical points without collateral damage. If you want to dick about and show what a hacker you are, that's when you take whatever you *can* find (e.g. extremely private medical records and personal details of random people) and threaten to spread it unless a ransom is paid. In short,
Go to Jail. Go directly to Jail. Do not pass Go. Do not collect $10 million.
Or none of the above. What about he gained remote access to the backup servers, encrypted their backups with a password of his choosing and deleted their other (presumably, rewritable / otherwise on-line) backups?
That way, he personally had access to them (without having to download them) and has removed everyone else's access. Even if he has just "lost" the latest backups for them, that's an incredibly serious breach that he could even get that close and relevant to a lot of people. He *could* have downloaded whatever he wanted and could have wreaked enormous havoc by *corrupting* the backups beyond recognition and not even get noticed. How many other large organisations use their host's backup facilities (which are normally run as "on-line" backups with occasional "off-line"/"off-site" backups) instead of their own? I know of several, but they don't host anything anywhere near as critical to this.
Either way, it's piss-poor server/network management and someone should be fingered for it. I'm guessing it's more likely an "IT Consultant" and/or someone who didn't listen to their systems administrator at the last round of budget estimates than the actual implementors of the system.
Replace "demo" with "game". Now see how stupid the problem is regardless of that.
The demo could EASILY have been their test-bed for the system while they were still building it. If the demo fails, not a big problem. If the game fails... ARGH.
1) It's not worth keeping logs, certainly not for diagnosis, if they aren't synch'ed between servers when you're doing anything which relies on >1 server. If you have a client which will only ever choose ONE server and do all it's actions through that server, you can use the logs unsynch'd. Otherwise, they MUST be synch'ed. It's not hard to work this out.
2) Timesyncing costs *nothing* in practical terms. It doesn't even have to be to the Internet/UTC, so long as they are all synch'ed to each other.
3) Not spotting a *30-60 second* lag in a server response is pretty hideous for people who wrote the code. You don't have to have written the network library to spot this.
4) Using this as an excuse to put off demos, etc. is baloney. The people RUNNING the server and investigating the code behind the running servers should not be the same people as those who are creating new content, features, demos, etc. If they are, either it should be a strict seperation of time or you're understaffed.
5) Plus, DEMO COMES FIRST. I have no reason to try games any more unless they come with a nice demo. Steam is a god-send here... if you don't have a demo of a game on it, I won't bother to download several Gigabytes, waste my diskspace/bandwidth to play it because I *know* I can't get a refund if it's shit. I spent AGES looking for a demo of the second Tom Clancy Las Vegas thing and gave up in the end. Don't want it at all now, but I was going to buy it if the demo had been even half-decent.
Shit hardware exists. You can't necessarily patch it or fix it but you can replace it.
That said, I've never paid more than about £20 for a router, even back in the dark days of early broadband. My last one was an "eTec" (rebranded Conexant-something-or-other) and the one before that was a Trust (rebranded Conexant-something-or-other). They were the cheapest routers I could find and my purchasing decision for both went:
1) Does it do 8Mb?
2) Does it have >1 Ethernet connection?
Bearing in mind that I'm extremely pedantic about every specification of anything I buy, they are *ALWAYS* my most lacklustre purchase. I've *never* had a problem with them (except once when I enabled PPP Half-bridging and couldn't turn the bugger off, requiring a firmware re-download). One of them has been running constantly for at least the last few years, the other has been switched on and off every night for even more years, and I have another (an Amigo AMX rebranded-Conexant...) that has been waiting as a "hot-spare" all that time and never been used.
The school I do network admin for also has the cheapest, crappiest ADSL router running their entire business Internet connection (with appropriate firewalling and port-forwards done to intermediate machines before the "serious" network) and they haven't had a problem with it ever.
Don't take the crap that comes with the package deals, because it probably costs BT about £5 per unit. Instead, pop down to Maplin's or any store and just buy their cheapest ADSL/Ethernet router and get on with life. If you have a router that can't handle some connections, it is *seriously* crap. Just bin it. I never spend money on anything, but for £20, it's just not worth fighting with and *everyone* I know has a router that can do just about anything you ask of it nowadays. Similarly, ADSL "modems" are a waste of space. Get a router or nothing.
UK citizen here, working in UK workplaces.
99% of everyone calls it a hard drive. It's not an American thing. I make sure to refer to it as a base unit - no confusion, then, if I tell them I've changed the CPU/hard drive in it.
It's not hard. If you give information, ANY INFORMATION, to anyone for anything you have to check *what* they are going to do with it. This means reading their T&C's, following up all that brings up etc. Or, you can just NOT give out personal information that you don't want spread around.
In the one instance, this means that when you sign up for a website with username, email or password requested, you should *always* check what's going to happen to that information (e.g. using your email for marketing). On the other hand, when you are logged into Facebook and scary warnings pop up about sharing your information... you should think twice before you agree and/or make sure that you NEVER use that account to post anything personal that you wouldn't want shared.
This has never been any different. I've filled in paper surveys which distribute the same personal information to God-knows-who-but-probably-only-the-people-listed-in-the-T&C's.
If you're that worried, don't fill in sexual quizzes on Facebook, or do it under a different identity. To be more honest, given the current state of that site, I'd be more worried that after filling in that kind of quiz, it would blast the results or even my answers to my listed friends and family even if it's just by posting them to my own page. That's a million times worse than having a drug company see a "TRUE" pop up in their advertising database against my Facebook ID. I can ignore the ads...
First, this is obviously stupid, like suggesting a "noblink" tag that asks the user if they want to stop tags from working on a website.
Second, if you are *dependent* on advertising, THESE PEOPLE DON'T CARE. They don't want to know. Call them freeloaders, thieves or whatever, but they get enough abuse from other (possibly worse) advertisers and they no longer pay heed to advertising anyway. Thus they would be a wasted impression of an advert. It's like the telemarketers who *insist* on calling me just minutes after I told them not to. You *really* think I'm just going to change my mind and buy something from you?
The websites that do sell advertising space have to think for a second: How long would I last in any other type of business if I relied on selling advertising space to recoup all my expenses? The answer can be measured in microseconds. At one point, there was an "ad-supported" UK ISP that offered free dialup (back in the days of 56k) for the cost of a toolbar displaying ads on your desktop. It was *really* quite good for many years and then tanked. That was the LARGEST company I have ever seen which has been able to survive solely by selling advertisement space (with the possible exception of Google, who have BILLIONS of users and an unrivalled search engine technology that actually GAVE them that power - if you get to compete with them, you'll never have to worry about money ever again anyway).
Give it up. Selling advertising space is not a business income. It's possibly a small sideline for a large website that's *already* successful by other means and that's it.
How much easier is it to print to a Windows printer already on your desktop, to a Fax number already in a stored contact database stored in your company's standard networking infrastructure? Just as simple. This is how most *modern* fax system works.
Fax *machines* may be dead, but Fax itself *isn't*.
There is too much butter on those trays.
Any half-decent system has automated fax reception/sending without this hassle.
I just set one up for a school. 20 minutes, old Linux PC, ancient 56K modem I found in a drawer, Hylafax. It recieves all faxes, removes spam, converts them to PDF, emails them to the right person with the PDF as attachment and, as a bonus, logs ALL transactions. Additionally the Hylafax Windows printer is on all desktop, two seconds to print and type in a fax number.
It's old tech, yes, but standard, reliable, easy, common and easily integrated. Some things NEED fax (i.e. faxes can be legally binding in some countries, whereas email isn't so clear-cut) and even large law firms still use it because it's a recognised technology. And to integrate into any modern network is 20 minutes work with an old external modem.
You might as well say that phone is obsolete because we have VoIP or Skype. Yes, technically. Practically, no for several decades.
I agree. This is like saying that fax is obsolete because we have text/handwriting recognition. You are throwing away *far* too much is you image->text or speech->text, although they could be used for summary/convenience in certain cases. And sometimes you need alternate methods of communication - putting everything into the same basket (i.e. your email account) is just stupid.
Additionally, the loss of information doesn't necessarily make it more convenient at all. You go on holiday, lose/break your phone and swap the sim card (maybe with a borrowed phone). You don't *necessarily* get the capability to receive that text (e.g. Internet, email, etc.) but you can still listen to your voicemail. It's low-tech, but sometimes that helps.
Personally, I detest voicemail whether on mobile phones or in the office. It's a pain. But it still exists, gets specified and built-in because it's "free", easy, simple and works. It's for a medium that doesn't have a better alternative for saving messages (voice) and thus it isn't going anywhere. And I don't trust *anything* that claims to be able to do a "human" job... translating, understanding, transcribing, recognising, etc. Why? Because they cause more trouble than they are worth unless you want a quick, casual, inaccurate job. This includes any form of handwriting recognition, OCR, "image recognition" (web filter systems etc.), speech recognition, text-to-speech, computer translation, etc.
Article says that they "use open source". Doesn't mean they give ANYTHING back at all, because they are not distributing it, thus the HEADLINE is so false it's unbelievable.
For instance, say they took even a GPL'd piece of software, extended it to add marvellous and important new features and then KEPT IT IN HOUSE. They can still use it, still claim it's "open source" but they NEVER have to let anyone but themselves see that code.
It's bad editing, bad reviewing, bad summarising and just outright lying. There is nothing "Open" about anything being done here apart from the software that MS chose to use.
Windows admin by day. Linux zealot by night. :-) Guess where I get more productive work done.
Seriously, people who use non-Windows OS do so because of the *control* of the system. The stablity, etc. are nice bonuses but nothing special nowadays if you're sensible about what you do with your machine. It's why I liked DOS... I knew and could tweak *everything* that ran, and in what order, and what memory it used, etc. On *nix, I can still get that sort of control, down to modifying EVERYTHING that the bootloader/boot scripts do.
On Windows: No chance. Your life is in MS's hands until you get onto a desktop and by then so much has run, it's hard to fix anything that might be critical. If you can't get into Safe Mode... you're stuffed. If "Last Known Good Configuration" doesn't work, there's not much you can do. If you load an incompatible driver by accident, good luck pulling it out of the boot order. Even moving a system from an Intel to an AMD system will *bluescreen* the OS immediately (and you have to do Recovery Console, and issue an arcane command to disable a non-descript Windows service to do with Intel CPU's before you can get back into it). You might question that there are better ways to move images, etc. across but the point is that those are *silly*, *hardcoded*, *poor* restrictions that are unnecessary on any other OS and the "better way" is basically the *only* way that was left to fix the problem (i.e. avoid the problem, rather than fix it).
Define bloat. Hard disc space? Not at all. RAM? Not at all. Executable size? Not at all.
It would only need a tiny program capable of reading PCI id's and program names, maybe even Windows patch levels, a hashing algorithm and a built-in P2P facility. It would be *smaller* than most viruses which tend to be written in bloat-ridden languages like VB. A megabyte of executable means *nothing* anymore and you can barely see it transfer/run. I've seen 20-50Mb installers for single files, for God's sake.
Everything else would be stored on a P2P network (like Conficker does), for which the virus itself could easily suck a hundred megs or so of temporary disk space from every infected machine with nobody noticing. The rest is downloaded on an as-needed basis by the virus, based on the hashes of the programs it sees running and the hardware it sees installed. It downloads *just* those exploit modules (which, being modular, need do nothing more than compromise the program/hardware required and return administrative control to the original virus). It would come with, say, one built-in compromise which it uses to get into machines and once on-board distributes multiple versions of itself (possibly with a *different*, random built-in compromise in each one, so that it becomes autonomously updating and spreading).
Want to take advantage of a new vulnerability? Release a signed, hashed file onto the P2P network and watch it explode on millions of existing and new machines. Those machines already infected will pick up the new file and create derivatives for you, or use it to gain admin privileges if the machine they are on has the right hardware/software combination. For additional resiliency, have it track which are the most common types of successful infections over time and bias it's "generator" towards those (remember when virus meant "self-replicating"?). That way "new" compromises get more of a workout, and "successful" compromises are the mass that keep the rest of the swarm ticking over.
Get an assembler programmer to do it for you and you could do it in *literally* kilobytes by taking advantage of internal Windows libraries. Do it in VB or some large language and have it in under a Meg. You can't even *see* the loading time for a 1Mb executable any more, unless it's off a floppy or something.
Aw, you missed the *perfect* opportunity for a Crocodile Dundee quote...
*That's* not a spider... *This* is a spider... (slight grin at end optional depending on acting experience).
I beg to differ, given the example in the same post you just replied to. Anything that registers to *read* a file in Explorer can spawn *real* processes (i.e. full copies of Adobe Reader) in the background in order to extract... the Author, Title, maybe a thumbnail.
I would call that "without your knowledge" (I don't remember seeing a security popup for that, even with non-privileged executables), "beyond reasonable means of disabling such facilities" (without uninstalling the entire damn program, or fiddling with associations by hand, and even they're just guesswork to what it actually would do) and "automatic" (I don't remember ever seeing *anything* tell me that it would be loading up every time I hover over a file in explorer). I'd add "out of your control" if you're a non-techy user, which is who Windows is *designed* for.
Additionally, this is STILL where 99% of viruses are coming from and the methods they using to propogate. Don't kid yourself that you'll *always* get a popup for these things, even with UAC. It's just NOT true. There are an unbelievable number of things running all the time that you have so little control over, they are effectively automatic and unstoppable to the vast majority of users. Hell, most users can't even stop LEGITIMATE apps like Quicktime, Realplayer, Java, etc. from running on startup and putting themselves in the taskbar without cancelling the setup entirely. It's up to the *application* to provide that interface most of the time, with a handful of registry locations / undocumented programs for the experienced user.
So you have two options. Never install software on Windows (might as well be running Linux, then!) or install software which puts itself into places you stand little-to-no hope of ever finding out / removing / undoing.
Install fresh machine. Put to latest patch level. Tell user to click everything they find online (but never "Yes" to a security dialog), insert every USB flash device they ever come across into it. Do you think they'll last a week before it blows up in their face? Do you think they can still get *anything* done?
(I'll tell you now, my non-Windows machines pass that test quite, quite flawlessly... Mac is the closest to having problems in that regard)
Install fresh machine. Put to latest patch level. Install bunch of commonly used programs from trusted sources in order to be able to run most websites, most programs out there. Don't install anything else. How much CRAP is in your taskbar that you can't *easily* get rid of without running the program in question and relying on there being a "don't run on startup" option? THIS IS A CONSUMER OS. Doing something *simple* like accidentally installing one antivirus program while another is running will bring a Windows machine to a complete, unusable halt (I've even dealt with bluescreens because of that exact situation) out of which the user has little hope of recovering without professional help.
Operating systems have two choices: Expect arbitrary executables, and cover your arse as much as you can so that the *user* is always in control. Or forbid arbitrary executables.
The second one is what businesses, governments, and the military should be using. Everyone else needs *real* uninstall, proper program sandboxing, a "Task Manager" that cannot be intercepted or delayed no matter what the computer is doing, the facility to bypass, turn off, or otherwise disable ANY change that's made to the system without having to know what that was. (i.e. a "Last Known Good Configuration" that includes only the software installed at that time).
It really comes to something when I can spend an hour waiting for a PC to load because the user has filled it up with (non-damaging) cruft on their own accounts and it take *literally* hours to fix, even in "Safe Mode". Too much opportunity for crap, not enough control.
I've said for years - viruses are boring nowadays. There's so much *potential* for a really well-written, modular virus to wreak worldwide havoc but nobody's done it. Imagine a virus that inspects local hardware/software and downloads a set of hashed filenames for that data, each of which attacks that specific element of the computer and is updated regularly. E.g. it spots that you have a processor with an old errata bug, downloads the module for it (anonymous P2P) and uses that to gain admin privileges, or it sees a new update to McAffee and the download requests for that hash spark the original author (or a random strangers) interest and they write a new module to counteract whatever workaround has been put in place which *all* machines instantly start benefitting from.
In terms of permanent hardware damage:
Overwriting the HPA's on the disk drive? That could cause some fun.
Bad flash (hard to do with BIOS, and BIOS options to prevent it) - anything with firmware on basically - e.g. RAID cards, USB devices, even network routers!
Using weaknesses in hardware configurations (e.g. the IBM Thinkpad's that could be bricked by a perfectly valid, but unexpected, I2C write to one of their EEPROM chips - beyond non-IBM repair, I might add). Writing infinitely to Flash drives (would you notice a small process that starts 10 secs after you insert a USB drive and just reads and rewrites every block of data for ever?) or SSD's. Even Ubuntu nearly trashed people's drives by accident by repeatedly spinning them down and back up and making the SMART data go through the roof.
Using weaknesses in hardware *control* (e.g. overclocking everything, temperature monitoring, fan control, etc. but it's harder to damage a chip permanently nowadays because they are designed to slowdown/shutoff under extreme conditions - you'd almost certainly be able to cause an extreme nuisance, though).
Possibly (although this is *unlikely*) trying to do things like create power surges on the buses by repeatedly activating and shutting down hardware with various timings while watching the voltages on the lines, to see if you can cause an overload. I think that spinning disks/CD's + spinning fans + various heavy-duty CPU/GPU work etc. might well be able to take out some of the cheaper power supplies in a lot of machines.
Even things like setting the BIOS to boot from PXE first, then ZIP, then floppy, then CDROM would be enough to flummox 99% of users who would think that their machine had broken because it doesn't get into Windows, etc.
The most interesting concept to me would be to take out other hardware - maybe flash a printer with all 1's, or re-flash the local ADSL router or similar. So much stuff has firmware nowadays that it shouldn't be too difficult to wreak some havoc with just a big database of MAC's/ports/firmware specifications for some of the more popular types. Imagine a virus that (on discovering attempts to remove it) not only takes out your computer, but bad-flashes your printers, network hardware and iPod first! That'd make you think twice about automated anti-virus software or manual cleanup instead of just "reformat, reinstall".
Us "TuxTards" apologise profusely that Windows users (and in this, I'm including genuine administrators) are dumb animals. However, the "May contain nuts" brigade are everywhere and unfortunately we can't label every single possible security threat because then you'd end up with something worse than Vista's UAC. A simple "nothing is executable by default" suffices to stop this and insert the crowbar of "Do I *actually* want this program to run?", otherwise known as the execute bit.
The simple fact is that, on a general purpose operating system, if you are given the facility to execute programs of your own creation/downloading you can wreak havoc by spawning processes and touching anything you have permission to. Maybe not immediately, but eventually you will hit something bad if you just run programs willy-nilly. And 99.99999% of people who use an operating system as part of their business have *no* need to be able to run non-sanctioned executables. Ever. Windows is *dire* at limiting what can run, when and where and wants everything to be executable by default (even looking at the thumbnail for a PDF in Windows Explorer will spawn Adobe Acrobat in the background to get "file information" such as Author, etc.). The home users who *want* to run random crap are quite welcome to trash their systems because they have *no* way of telling what most things they download will do - you honestly DO NOT KNOW what your NVidia driver does to your system AT ALL. In the same way, the Linux users who want to run binary drivers and/or run arbitrary scripts they find on the net are welcome too.
The difference is that most of the time Windows executes things without your knowledge, out of your control, beyond reasonable means of disabling such facilities and quite often god-damn automatically (Autoplay, the thumbnail thing above, startup programs etc.) and sometimes automatically for EVERY user (thus users can cross boundaries and infect each other's use of the same computer). That's where the problem lies, not the running of arbitrary executables, but even *that* is an unnecessary "feature" on 99.9999% of people's desktop machine. Please explain why a secretary using Word 100% of the time even needs the facility to be able to run ANY other program at all, ever, and certainly not *arbitary* programs in *arbitrary* locations.
Minimum permissions necessary. If you don't need to run it, make it so it *can't* be run.
The next story is named: "Slashdot Poster Accuses Website Of Losing Site of Reality!"
The spelling mistake is, of course, deliberate and won't be changed until 100 people have made a fool of themselves by posting a comment and then looking dumb because it looks like they're correcting a spelling that's already correct to new viewers...
Until one day, you come in to work to be told that the company doesn't even exist any more?
And from what I read online, the turnover on staff was quite high during most of that time, and essentially they spent their time re-doing things they've already done. I can't imagine a worse job to be honest. Being employed to do the same thing that your friend did yesterday, knowing that it'll never finish. I would imagine anyone with half a brain got out of there a long time ago, which is probably part of the problem.
- Worst credit crunch in recent history, particularly affecting video game sales, IT workers, etc.
- Most of the main/original/best developers *long gone*.
- Posts from ex-developers about the diabolical lengths taken to reinvent wheels that had already been reinvented the week before and other enormous wastes of money.
- Longest-running single game development in history (the *entire* Grand Theft Auto series, from the original DOS versions through to GTA4 were made in the timespan of *just* DNF... think about that - ATI and nVidia 3D cards DID NOT EXIST when the game was first announced, not to mention Google or a million other places, it was 3DFX or nothing and most people had *nothing*.).
- Games being "95% done" mean nothing - games have been *completed* in the past but just abandoned before being published (mainly because they were crap, or because they wouldn't sell, or just because some idiot decided to cancel them at the last minute). Similarly 50% complete games *have* been released because the studio ran out of money and just needed to get something out there. It's not unusual at all in the industry.
- You do not generate hype about a product which you are universally slated for delaying by announcing closure. For one thing, your shareholders will sue you - it might actually even be illegal to do so if you don't tell your stockholders that it *is* just a marketing exercise and that would see their share prices *plummet* which they would *not* approve of.
Not a marketing trick (if it is, it's the worst *ever* and likely to evoke lawsuits). Just plain crappy management. Don't go looking for convoluted answers when the simplest solution fits the bill - somebody finally decided to cut their losses.
Gotta love the site that lists all the things that have happened in the time DNF was "supposed" to be being made.
For instance, it took less time to implement and complete the entire Moon landing program.
The Beatles were formed, released every song, and split up in less time than it's been since DNF's initial announcement.
Wars came and went quicker.
The *entire* GTA series of games was released since the announcement.
58 Mario games were made since the announcement.
It always was a farce, always will be a farce. Even if the source was released tomorrow, complete and playable in every detail, DNF would *still* be the biggest development farce in gaming. It should have had its tail cut long ago, rather than constant "reinvention". All we can hope is that the developers and producers involved learn a lesson and start getting things out of the door in their new jobs. It sounds like it was technically good at most points but reinventing the wheel and constant, inept, managerial interruptions turned it into a circus (so, what else is new?).
Surely anyone with a brain would have left 3DRealms *long* ago anyway, if this is how it was working?
But it's *not* just the RAM... you're missing the point. An existing OS (several in fact) does a better job *today* on lower spec hardware (and will support higher-spec hardware in the future). I don't *need* the RAM, or the OS upgrade. I stay where I am and, bingo, I'm in a better position! All systems ARE going to get faster in the future, and the stuff they need to do more complex. So why the hell would you choose an inferior tool for the job if the existing ones perform better? A tool that is slower *today* and thus will be slower *tomorrow* until some sort of logical limit kicks in (e.g. 64bit computing). On the basis that in five years you won't notice anyway? Good business decision!
And "just" upgrading is a problem when you have infrastructure in place. Where's the advantage to upgrading at all if it's a backwards step and *nothing* forwards?
To be honest, Vista was released in 2006. It's 2009 now. Three years and it's gone and (virtually) obsolete now. And you know what? I haven't had a single client ask me for it on a network basis. So any Vista upgrades I might have done would have been *really* worth it, wouldn't they? So I'm going to upgrade *anything* on the basis that 5-10 years from now the current new release (which will be obsoleted by its successor) will work nicely? Good move.
This is the point - it's a *waste*. There is *no* advantage to it today or tomorrow. The only possible advantage is perhaps some extended support life. But, hey, Windows 7 has a copy of XP in it, right? So that's supported until when? So my plain, ordinary copies of XP will be supported until roughly then too!
Ha ha ha!
We're talking about users who run applications one at a time because they "lose" them if they accidentally hit minimise and can never find them again. And there's not much unusual in my users: bog-standard, well-educated, "trained" teaching staff at ordinary state and private schools. They are pretty indicative of 90% of office users out there (because they *are* the same users most of the time).
And an XP machine with 512Mb is *fine* for them (so long as it's properly managed - I do have to add that disclaimer - their home machines are 4Gb beasts that slug along like someone's manually flicking the clock lines on the processor). I do do cost/benefit analysis and it's just not worth the upgrades... all my machines can have them, all of them for only a pittance each, but it's not worth the performance increase available for the basic office use that they see. More time is wasted because our toner comes with little plastic strips on that have to be torn off than are ever lost by waiting those few microseconds for XP to flush stuff to disk.
Well... he has an email address that he wants people to talk to him on. The person is asking to be caught already. Even assuming Tor use, etc., that's a definite lead back to him right there. You're talking an open invitation for some agency to coerce Yahoo to plant something on his browser when that login is detected (a cookie would probably do for the simple cases, a Flash/Java/browser exploit or similar in an advert would easily do for the more complex). Hell, I wouldn't be surprised if it wasn't possible to get a Microsoft-signed Java app (and, thus, automatically run without prompting) into the pages that are made for his login with their co-operation and have it reveal the *real* IP address / routing.
You can *easily* string him along for four or five emails. He would have to be using extremely tight security each and every time in order to communicate safely (and thus I hope he ran / is running a sandboxed system via a good anonymising network for the purpose of creating and checking that mail account each and every time and that he *never* uses that sandbox for anything else).
And you're talking confidential patient records - this is no hero of the citizenry, it's some pillock with nmap. So I hope he does get caught. Yeah, expose the security holes (though even that is just asking for jailtime) but don't play with people's lives.
How he expects to receive any money is beyond me... there's no such thing as a "safe" bank account except in the movies. Or is he hoping for a large bag of cash to be thrown from the Golden Gate bridge at 13:37 or similar? I'm guessing that, somewhere, he's made a stupid, elementary and critical mistake which means that he'll be "caught" quite soon (as in, people know who he is and just have to do the paperwork to get him), if he's not already.
If you want to make a stand, make a stand, target an organisation, pick a purpose, hit the critical points without collateral damage. If you want to dick about and show what a hacker you are, that's when you take whatever you *can* find (e.g. extremely private medical records and personal details of random people) and threaten to spread it unless a ransom is paid. In short,
Go to Jail. Go directly to Jail. Do not pass Go. Do not collect $10 million.
Or none of the above. What about he gained remote access to the backup servers, encrypted their backups with a password of his choosing and deleted their other (presumably, rewritable / otherwise on-line) backups?
That way, he personally had access to them (without having to download them) and has removed everyone else's access. Even if he has just "lost" the latest backups for them, that's an incredibly serious breach that he could even get that close and relevant to a lot of people. He *could* have downloaded whatever he wanted and could have wreaked enormous havoc by *corrupting* the backups beyond recognition and not even get noticed. How many other large organisations use their host's backup facilities (which are normally run as "on-line" backups with occasional "off-line"/"off-site" backups) instead of their own? I know of several, but they don't host anything anywhere near as critical to this.
Either way, it's piss-poor server/network management and someone should be fingered for it. I'm guessing it's more likely an "IT Consultant" and/or someone who didn't listen to their systems administrator at the last round of budget estimates than the actual implementors of the system.