I bet you had a shitfit about the TPM as well. Which happens to have three states, and I'll hilight the interesting ones for you: 1. Active 2. Inactive (just turns off) 3. Disabled (wipes keys)
Hell, and it's Dell letting you change this - hardly a company you'd expect to let you do so.
Yea, convention is overrated. We should all do things the way we want, back like the good old early 90s! Clearly things were better that way. Fuck standards and conventions.
Re:It'll cost a lot of money to promote
on
Occupy Flash?
·
· Score: 1
... and hence the reason it's not practical. The very problem you want to vote against prevents you from fixing via voting!
I'm joking though... because that's just one tiny piece. The rest of the infrastructure is indeed eating it's own dogfood - either directly, or via "citrix netscaler"
Glad to know I'm not the only one who thinks DJB makes no sense at all. Every time I see it it takes me half a freaking hour to figure out how to update a zone.
I think, my idiot friend, you need to go look up what a "crime" is - it has nothing to do with right or wrong, however much you might think or wish it was.
Yet I do know that the steamworks New Vegas is not encrypted. Or, if it was, they worked with the FOSE guys to allow them to build the New Vegas version. I cannot remember which.
Did you read my whole post? The substitutions were probably the smallest, least important part of the whole idea. You also didn't seem to catch that I'm not saying to perform the substitution consistently.
They probably won't patch it out. Fallout 3 and New Vegas could both be run sans-protection via bypassing the launcher as well. They knew well, but decided that third-party script extenders for modders and such were worth the 'risk'. I find this encouraging.
Wireshark works -better- on Linux. I don't know if you realized this, but you cannot capture localhost traffic on Windows*. That's the only difference though, otherwise the program works identically.
Don't know anything about SecureCRT or SecureFX, so I can say nothing here. I'm in the same boat as you regarding the games. Swap out Photoshop for a DAW and I'm in the same boat there, too.
* You have to do the capture in something like RawCap and load the capture file into Wireshark for analysis.
Games, and FL Studio. FL Studio being in Delphi and heavily using ASIO and DirectX's sound, works under wine but is hardly stable and not terribly fast... and most of the third-party plugins I own won't work.
I've had this idea of using pieces of different phrases from books and such (like quotes) that stand out to you. Chopping them up that way... the key is cutting and mixing unexpectedly however. Of course this depends on not having silly password length limits, or situations where you can enter any length but only the first 12 are used (and in my experience you are never told of this).
For example, use a password safe so you can use truely random long passwords, but the key to unlock the safe is 10 words, with inconsistant (but, perhaps, based on rhythm) vowel/punctuation substitutions, and the whole phrase is actually a juxtaposition of two or more 'subphrases' that wouldn't naturally go together. Here's an example taking a famous quote, a line from Back to the Future, and putting a little Yoda grammar in:
"Ten thousand gigawatts is all one needs, yes"
Now do some of the substitutions: ""T3n Thous4nd g1gaw4ttz is 4ll On3 ne3dz- yes"
Now that would be difficult to crack. The substitution part only helps if you don't do it consistently, but you have to have some scheme to remember it - even if it's as simple as only doing every other letter you'd substitute. The important bit is that you are not simply replacing parts of the character set with another, but supplementing it.
Most of these standards are created by non technical people who don't really understand the implications.
Rather, they seem to be implemented by non-technical people who don't really understand the implications. When this is NOT so, you find that well secured systems tend to be 'naturally' compliant.
My point is some people use the same password for their email.
Even worse, those of us who have really old accounts? Our steam sign-in name _is_ our email address... and having talked to support in the past, changing the name of an account is a large pain in the ass. You basically have to take a full inventory of your account and any relevant product keys...
My meaning is that there must be a percentage of users where the attacker has their email address AND password, and so could log right in and clean up the email chain behind them.
I bet you had a shitfit about the TPM as well. Which happens to have three states, and I'll hilight the interesting ones for you:
1. Active
2. Inactive (just turns off)
3. Disabled (wipes keys)
Hell, and it's Dell letting you change this - hardly a company you'd expect to let you do so.
Sure. Now, if you did that with an assassin then you might be in trouble, but assassions are no big deal.
Yea, convention is overrated. We should all do things the way we want, back like the good old early 90s! Clearly things were better that way. Fuck standards and conventions.
... and hence the reason it's not practical. The very problem you want to vote against prevents you from fixing via voting!
Hilarity ensues :P
I'm joking though... because that's just one tiny piece. The rest of the infrastructure is indeed eating it's own dogfood - either directly, or via "citrix netscaler"
Glad to know I'm not the only one who thinks DJB makes no sense at all. Every time I see it it takes me half a freaking hour to figure out how to update a zone.
Awesome!!
I've been known to keep subdirectories of /etc as SVN repository checkouts, but that grabs the whole thing!
The only thing I'd be worried about is accidentally uploading sensitive data (hashes and such).
That would matter if these were X-Rays. They are not, however.
I think, my idiot friend, you need to go look up what a "crime" is - it has nothing to do with right or wrong, however much you might think or wish it was.
Hmm. Odd.
Yet I do know that the steamworks New Vegas is not encrypted. Or, if it was, they worked with the FOSE guys to allow them to build the New Vegas version. I cannot remember which.
OK, I see your point now. Apologies.
No, but it helps to have a sense of humor... because that whole clusterfuck is quite simply not funny.
Did you read my whole post? The substitutions were probably the smallest, least important part of the whole idea. You also didn't seem to catch that I'm not saying to perform the substitution consistently.
They probably won't patch it out. Fallout 3 and New Vegas could both be run sans-protection via bypassing the launcher as well. They knew well, but decided that third-party script extenders for modders and such were worth the 'risk'. I find this encouraging.
Damn, that audio is almost as old as the Wilhelm Scream.
Who are you talking to? I just pulled from context you are talking about minecraft, but nobody in this thread seems to be except you?
Interestingly, at this time of year, I get the same feeling walking out to my car in the morning! Convenient!
Just turn off your heater for the full immersion experience.
I am not responsible for any damage related to broken pipes, hypothermia, or frostbite.
Lets be honest, this looks less like a bug and more like an easter egg!
Didn't have any trouble myself.
Sounds silly, but try changing your download location first in the settings, you might have better luck connecting via a different 'path'
Very true. Unfortunately my other hobby's tool of choice requires Windows, so I usually end up wasting time gaming instead.
Wireshark works -better- on Linux. I don't know if you realized this, but you cannot capture localhost traffic on Windows*. That's the only difference though, otherwise the program works identically.
Don't know anything about SecureCRT or SecureFX, so I can say nothing here. I'm in the same boat as you regarding the games. Swap out Photoshop for a DAW and I'm in the same boat there, too.
* You have to do the capture in something like RawCap and load the capture file into Wireshark for analysis.
Sounds familiar...
Games, and FL Studio. FL Studio being in Delphi and heavily using ASIO and DirectX's sound, works under wine but is hardly stable and not terribly fast... and most of the third-party plugins I own won't work.
I've had this idea of using pieces of different phrases from books and such (like quotes) that stand out to you. Chopping them up that way... the key is cutting and mixing unexpectedly however. Of course this depends on not having silly password length limits, or situations where you can enter any length but only the first 12 are used (and in my experience you are never told of this).
For example, use a password safe so you can use truely random long passwords, but the key to unlock the safe is 10 words, with inconsistant (but, perhaps, based on rhythm) vowel/punctuation substitutions, and the whole phrase is actually a juxtaposition of two or more 'subphrases' that wouldn't naturally go together. Here's an example taking a famous quote, a line from Back to the Future, and putting a little Yoda grammar in:
"Ten thousand gigawatts is all one needs, yes"
Now do some of the substitutions:
""T3n Thous4nd g1gaw4ttz is 4ll On3 ne3dz- yes"
Now that would be difficult to crack. The substitution part only helps if you don't do it consistently, but you have to have some scheme to remember it - even if it's as simple as only doing every other letter you'd substitute. The important bit is that you are not simply replacing parts of the character set with another, but supplementing it.
Most of these standards are created by non technical people who don't really understand the implications.
Rather, they seem to be implemented by non-technical people who don't really understand the implications. When this is NOT so, you find that well secured systems tend to be 'naturally' compliant.
My point is some people use the same password for their email.
Even worse, those of us who have really old accounts? Our steam sign-in name _is_ our email address... and having talked to support in the past, changing the name of an account is a large pain in the ass. You basically have to take a full inventory of your account and any relevant product keys...
My meaning is that there must be a percentage of users where the attacker has their email address AND password, and so could log right in and clean up the email chain behind them.