The revised mantra of Microsoft application security has been "Secure by default", a strategy that was applied with varying degrees of success to many of your products in recent memory. In security circles, this might seem like a no-brainer, but for consumer-level applications the strategy can be a nightmare. For a company that spends so much on usability and ease-of-use for end-users, the act of explicitly prohibiting certain operations or features seems to fly in the face of that investment. The users get what is perceived as a broken product, and the administrators get the headache of decreased security (say, after they install a patch that break "secure by default"). For various reasons, these two contradictory approaches seem to serve neither usability nor security.
In that vein, what other effective strategies have been considered? For years, the NSA has provided a unique service to the users of various products, including Microsoft Windows operating systems. They produce "hardening" guides for these products in an effort to ensure their continued security and viability in the wilds of the Internet. Has Microsoft ever considered producing guides like these, seeing as how they're the authors of their own products? In that vein, has Microsoft considered redacting the secure by default to enhance usability, yet instead produce tools or wizards that electorally enable hardening for your applications and OS'?
The revised mantra of Microsoft application security has been "Secure by default", a strategy that was applied with varying degrees of success to many of your products in recent memory. In security circles, this might seem like a no-brainer, but for consumer-level applications the strategy can be a nightmare. For a company that spends so much on usability and ease-of-use for end-users, the act of explicitly prohibiting certain operations or features seems to fly in the face of that investment. The users get what is perceived as a broken product, and the administrators get the headache of decreased security (say, after they install a patch that break "secure by default"). For various reasons, these two contradictory approaches seem to serve neither usability nor security.
In that vein, what other effective strategies have been considered? For years, the NSA has provided a unique service to the users of various products, including Microsoft Windows operating systems. They produce "hardening" guides for these products in an effort to ensure their continued security and viability in the wilds of the Internet. Has Microsoft ever considered producing guides like these, seeing as how they're the authors of their own products? In that vein, has Microsoft considered redacting the secure by default to enhance usability, yet instead produce tools or wizards that electorally enable hardening for your applications and OS'?/K
Yup, doing this with the native Windows XP client can be somewhat painful if your NIC hardware and device drivers aren't up to spec! If you can't control the desktop, this can be a nightmare.
I've found Funk Software's wireless Odyssey client can help smooth out the wrinkles by levelling out some of these steps. You can also choose a pre-configured deployment that will be able to assist you roll out this solution.
The Microsoft solution is particularly good if your environment is totally Windows-based. It comes bundled for free and is deeply integrated into the Windows platform. The amount of built-in applications that have the ability to leverage it is somewhat astounding, actually. From S/MIME (secure email), EFS (file encryption), Authenticode (code signing), Wireless 802.11x Authentication (using TKIP) and even authenticating to web applications (UPN mapping). The list goes on.
Fashioning it in Windows is quite simple, as Windows domain participants will automatically enroll for the types of certificates that you want, for example, allowing the machines to authenticate into the domain silently. I've written several detailed implementation how-tos on these subjects (kafkaATtelusDOTnet, if you're interested).
As soon as you leave the Windows world, then all these things become a bit trickier. No longer can you simply let the the Windows Certificate Services generate your certificates silently, since you'll need to intercede to generate the type of certificates that want. Controlling how these certificates are constructed becomes somewhat difficult (not impossible, just tricky). How and what you want will totally depend on the applications that you're using. You're probably far better off getting a PKI solution based on OpenSSL in that case, especially if you need to interoperate with non-Windows applications and devices (such as CISCO routers). If you don't have time to write any code, look into RSA Security. They're wayyyy cheaper than Verisign, and you don't have to deal with the hassle of outsourcing.
Another poster recommended using OCSP - thats fine, but I don't believe there is a native OCSP client built in to Windows. You either have to roll your own, or obtain one (RSA, for example, has one. As well as Computer Associates OCSPro). In fact, there is no reason why you can't implement both redundantly. Use both the CRL distributionpoints (CRLdP) extension *and* the AIA extension to get this done.
Another citation, I believe, referred to Peter Guttmans (very old) document on various PKI implementations, X.509 Style Guide. This document is horrendously outdated, as the tools and apps are far more widespread than they were wayyyy back in 2000.
Anyways, for what its worth, if you know what you're doing PKI has distinct advantages to add to your electronic security (although a blind reliance on it won't help you at all).
If you don't know what you're doing, then you'd better go with a vendor that will support you.
You can play with the 'click and dodge' approach, or resort to the less time-sensitive static attacks. You're certainly not locked into either, but just make sure you have lots of healing potions.:-)
If you're far from the server this method might work better for you.
I hear there are lag issues, but hopefully those will be resolved when the game goes live./Kafka
To say it sweetly : the best aspect of DDO is the gameplay. It seems as though all of Turbine's efforts have been focussed on that. And you know what? GOOD ON THEM. Its not perfect, but once you get past the two biggest problems - a somewhat sputtery UI and the generally muddy character of the graphics, you'll have fun.
Combat : Here is where DDO shines. As a MMORPG, it blends click with dodge very nicely. I can backstab, jump, tumble, climb, and never feel like I'm doing "the WoW thing" (aggro-heal-tank repeat) by just standing there and pressing my combos. Firing my bow yields a satisfying woosh-thunk. Wielding my dagger from the shadows is a treat when I do it right. Its somewhat disappointing to hear there's no PvP in the game, but they promise it will come. In the end, the RPGs that are about fighting stuff should make sure that the task is fun. WoW is not. DDO most definitely is!
Gameplay : Aside from combat, the instances are very interesting. Even though the adventures I experienced were basically linear channels through a dungeon, I still felt like I was exploring and discovering. There are environment puzzles to solve and secret doors to find. Very different from every MMORPG that I've ever played, and I have to admit quite satisfying.
The World : The hub style of MMO really bums me out, for many reasons. Every aspect of the gameplay exists within private instances. Groups are found in the town areas, ala Guild Wars. Due to this, all open-ended gameplay disappears and is replaced by simple, directed instancing. Your mileage may vary, but I prefer plundering vast open plains and mountains. Worlds are fun. Boxes less so.
Story : Hrm. I saw very little "story" in the game. None of the NPCs even speak, so this generally bleeds away any characterization or drama from the experience. Perhaps there will be larger "world arcs" to follow in the actual game.. I'm hoping so.
And thats about all I have time to say. Will I get the game? Well, seeing as how I'm a fan of Dungeons and Dragons and RPGs I will definitely be there on opening night. Whether I see enough to justify the monthly fee remains to be seen. I have high hopes, and my experience thus far has been quite positive. Will it unseat WoW? Doubtful. But rest assured, its the best WoW alternative out there.
Argh, I'm aging myself here but I *loved* Steve Jackson's "Fighting Fantasy" gamebooks. They combined a "choose your own adventure" novel with a simple d6 combat system, which let you play through an original story while avoiding traps and fighting monsters. I viewed them as a portable single-player D&D game, and tried every darned one I could get my hands on. The best (and most popular) was the "Sorcery!" series, which let you choose the path of a fighter or mage in a journey across an epic 4 huge books. Awesome!
If you remember those books, go check out this site, containing screenshots of all the old books. A fun trip down memory lane.
Pavel declined to say how much Sony was obliged to pay....But European press accounts said that Pavel....is now also receiving royalties on some Walkman sales.
I mentioned in the story that the high-resolution version of the client is only available to paid subscribers of Fileplanet. The good news is that they've lifted that restriction and its now available to all Fileplanet members, paid or unpaid:
"...designed to precede police into areas where there's no direct line of sight" - to go in before.
Re:Video games, MMO's and RPG's supplanting table
on
Dungeons and Shadows
·
· Score: 1
Nicely put.
The recent success of MMORPGs like WoW have been proven to have expanded the market.
This gives a greater chance that some of the neophytes to the genre will jump over into tabletop gaming to diversify their entertainment. Many of them are younger and have less demands on their time, thus can afford 9-hour runs in MC (and the like). Once they grow bored of the limitations inherent to computer-mediated games like WoW, it may bode well for tabletop fantasy RPG games.
I heard once that the Viet Cong usually had no trouble finding American soldiers deep in the jungle - because they could smell them long before they encountered them. I'll bet the smell of toothpaste carries further than most odours.
I know that if I were stuck in a rice paddy deep in enemy territory, I'd try to switch my diet to rice and water. If I smell the same as the enemy, they sure as hell won't be finding me merely by sniffin'.
This was a RSA spin-off, and was not a part of RSA Security Inc. The Security Service that Verisign provides (and was the core of their original business) is that of a managed PKI service, Root CA signing, S/MIME certificates and code-signing.
I noted that almost every response completely ignored the question and instead, plonked down the most pat and predictable "answer" that merely served as a placeholder for a "buy our game" message. Not like the/. editors didn't warn us though - their disappointment was very apparent.
It felt like I was speaking with my manager, lol.
Cmon Blizz! You can do better!
Its stories like this that dare me to troll. I literally thought that I was reading an Onion spoof...
Its even worse that this is presented as "big news", when the true banality of this revelation is oft-repeated throughout the world every day, without the use of anything "high tech" as *email* :
"Two Co-Workers Get in Office Scrap. Both Now Neither Co nor Worker."
"Senior Accountant Fired After Overheard Making Fun of Boss at Office Party"
"Sales Engineer Canned For Slander After Voicemail of Supervisor Fails To Hang Up"
"Employee Gets Drunk. Employee Shoots Mouth Off. Employee Now Ex-Employee."
Slashdot Mirror
Second question stands as well.
The revised mantra of Microsoft application security has been "Secure by default", a strategy that was applied with varying degrees of success to many of your products in recent memory. In security circles, this might seem like a no-brainer, but for consumer-level applications the strategy can be a nightmare. For a company that spends so much on usability and ease-of-use for end-users, the act of explicitly prohibiting certain operations or features seems to fly in the face of that investment. The users get what is perceived as a broken product, and the administrators get the headache of decreased security (say, after they install a patch that break "secure by default"). For various reasons, these two contradictory approaches seem to serve neither usability nor security.
In that vein, what other effective strategies have been considered? For years, the NSA has provided a unique service to the users of various products, including Microsoft Windows operating systems. They produce "hardening" guides for these products in an effort to ensure their continued security and viability in the wilds of the Internet. Has Microsoft ever considered producing guides like these, seeing as how they're the authors of their own products? In that vein, has Microsoft considered redacting the secure by default to enhance usability, yet instead produce tools or wizards that electorally enable hardening for your applications and OS'?
The revised mantra of Microsoft application security has been "Secure by default", a strategy that was applied with varying degrees of success to many of your products in recent memory. In security circles, this might seem like a no-brainer, but for consumer-level applications the strategy can be a nightmare. For a company that spends so much on usability and ease-of-use for end-users, the act of explicitly prohibiting certain operations or features seems to fly in the face of that investment. The users get what is perceived as a broken product, and the administrators get the headache of decreased security (say, after they install a patch that break "secure by default"). For various reasons, these two contradictory approaches seem to serve neither usability nor security. In that vein, what other effective strategies have been considered? For years, the NSA has provided a unique service to the users of various products, including Microsoft Windows operating systems. They produce "hardening" guides for these products in an effort to ensure their continued security and viability in the wilds of the Internet. Has Microsoft ever considered producing guides like these, seeing as how they're the authors of their own products? In that vein, has Microsoft considered redacting the secure by default to enhance usability, yet instead produce tools or wizards that electorally enable hardening for your applications and OS'? /K
I've found Funk Software's wireless Odyssey client can help smooth out the wrinkles by levelling out some of these steps. You can also choose a pre-configured deployment that will be able to assist you roll out this solution.
Just another option....
/K
Fashioning it in Windows is quite simple, as Windows domain participants will automatically enroll for the types of certificates that you want, for example, allowing the machines to authenticate into the domain silently. I've written several detailed implementation how-tos on these subjects (kafkaATtelusDOTnet, if you're interested).
As soon as you leave the Windows world, then all these things become a bit trickier. No longer can you simply let the the Windows Certificate Services generate your certificates silently, since you'll need to intercede to generate the type of certificates that want. Controlling how these certificates are constructed becomes somewhat difficult (not impossible, just tricky). How and what you want will totally depend on the applications that you're using. You're probably far better off getting a PKI solution based on OpenSSL in that case, especially if you need to interoperate with non-Windows applications and devices (such as CISCO routers). If you don't have time to write any code, look into RSA Security. They're wayyyy cheaper than Verisign, and you don't have to deal with the hassle of outsourcing.
Another poster recommended using OCSP - thats fine, but I don't believe there is a native OCSP client built in to Windows. You either have to roll your own, or obtain one (RSA, for example, has one. As well as Computer Associates OCSPro). In fact, there is no reason why you can't implement both redundantly. Use both the CRL distributionpoints (CRLdP) extension *and* the AIA extension to get this done.
Another citation, I believe, referred to Peter Guttmans (very old) document on various PKI implementations, X.509 Style Guide. This document is horrendously outdated, as the tools and apps are far more widespread than they were wayyyy back in 2000.
Anyways, for what its worth, if you know what you're doing PKI has distinct advantages to add to your electronic security (although a blind reliance on it won't help you at all).
If you don't know what you're doing, then you'd better go with a vendor that will support you.
Congratulations, but many many people are reporting the problem. You just have a lucky touch. Its definitely a bug, that I hope they fix. /K
You can play with the 'click and dodge' approach, or resort to the less time-sensitive static attacks. You're certainly not locked into either, but just make sure you have lots of healing potions. :-)
If you're far from the server this method might work better for you.
I hear there are lag issues, but hopefully those will be resolved when the game goes live. /Kafka
Combat : Here is where DDO shines. As a MMORPG, it blends click with dodge very nicely. I can backstab, jump, tumble, climb, and never feel like I'm doing "the WoW thing" (aggro-heal-tank repeat) by just standing there and pressing my combos. Firing my bow yields a satisfying woosh-thunk. Wielding my dagger from the shadows is a treat when I do it right. Its somewhat disappointing to hear there's no PvP in the game, but they promise it will come. In the end, the RPGs that are about fighting stuff should make sure that the task is fun. WoW is not. DDO most definitely is!
Gameplay : Aside from combat, the instances are very interesting. Even though the adventures I experienced were basically linear channels through a dungeon, I still felt like I was exploring and discovering. There are environment puzzles to solve and secret doors to find. Very different from every MMORPG that I've ever played, and I have to admit quite satisfying.
The World : The hub style of MMO really bums me out, for many reasons. Every aspect of the gameplay exists within private instances. Groups are found in the town areas, ala Guild Wars. Due to this, all open-ended gameplay disappears and is replaced by simple, directed instancing. Your mileage may vary, but I prefer plundering vast open plains and mountains. Worlds are fun. Boxes less so.
Story : Hrm. I saw very little "story" in the game. None of the NPCs even speak, so this generally bleeds away any characterization or drama from the experience. Perhaps there will be larger "world arcs" to follow in the actual game.. I'm hoping so.
And thats about all I have time to say. Will I get the game? Well, seeing as how I'm a fan of Dungeons and Dragons and RPGs I will definitely be there on opening night. Whether I see enough to justify the monthly fee remains to be seen. I have high hopes, and my experience thus far has been quite positive. Will it unseat WoW? Doubtful. But rest assured, its the best WoW alternative out there.
Just my humble opinion.
Yours sheepishly, Kafka
If you remember those books, go check out this site, containing screenshots of all the old books. A fun trip down memory lane.
What are you doing posting on /.? Get back to mmogcharting! </jk> :-)
What does that mean? Is this yet another "PC is dead" barbs?
You mean, for both of them?
I mentioned in the story that the high-resolution version of the client is only available to paid subscribers of Fileplanet. The good news is that they've lifted that restriction and its now available to all Fileplanet members, paid or unpaid:
http://www.fileplanet.com/158497/download/Dungeons -&-Dragons-Online:-Stormreach-Client-%5BHigh-Resol ution%5D
> Wrong.
Wrong.
"...designed to precede police into areas where there's no direct line of sight" - to go in before.
Nicely put.
The recent success of MMORPGs like WoW have been proven to have expanded the market.
This gives a greater chance that some of the neophytes to the genre will jump over into tabletop gaming to diversify their entertainment. Many of them are younger and have less demands on their time, thus can afford 9-hour runs in MC (and the like). Once they grow bored of the limitations inherent to computer-mediated games like WoW, it may bode well for tabletop fantasy RPG games.
Just a thought...
I heard once that the Viet Cong usually had no trouble finding American soldiers deep in the jungle - because they could smell them long before they encountered them. I'll bet the smell of toothpaste carries further than most odours.
I know that if I were stuck in a rice paddy deep in enemy territory, I'd try to switch my diet to rice and water. If I smell the same as the enemy, they sure as hell won't be finding me merely by sniffin'.
Since Bliz made him change his nick he wanted to make damn sure that everyone on his server knew his new name was VIOLATED.
Now he can continue to reap the in-game fruits of his fame. ;-)
It is the closest most will ever get to 'seeing' a top quark.
Damn, slashdotted. I'm late to the party again. Then again, maybe this is the way phyicists are getting revenge for never being invited to those sorts of parties.
Good clarification. Except :
Security Services (formerly RSA)
This was a RSA spin-off, and was not a part of RSA Security Inc. The Security Service that Verisign provides (and was the core of their original business) is that of a managed PKI service, Root CA signing, S/MIME certificates and code-signing.
"You see that guy?!?"
"Yeah he must level 60!!"
I noted that almost every response completely ignored the question and instead, plonked down the most pat and predictable "answer" that merely served as a placeholder for a "buy our game" message. Not like the /. editors didn't warn us though - their disappointment was very apparent.
It felt like I was speaking with my manager, lol.
Cmon Blizz! You can do better!
Its stories like this that dare me to troll. I literally thought that I was reading an Onion spoof...
Its even worse that this is presented as "big news", when the true banality of this revelation is oft-repeated throughout the world every day, without the use of anything "high tech" as *email* :
"Two Co-Workers Get in Office Scrap. Both Now Neither Co nor Worker."
"Senior Accountant Fired After Overheard Making Fun of Boss at Office Party"
"Sales Engineer Canned For Slander After Voicemail of Supervisor Fails To Hang Up"
"Employee Gets Drunk. Employee Shoots Mouth Off. Employee Now Ex-Employee."
Yawn...