What's the minimum amount of runtime the script needs before it can return something useful (ie: profitable) ?
If a user comes and goes in 5 minutes, is there any benefit to mining for such insignificant amounts of time? Or are they hoping some users will leave the browser open and forget about it, allowing the hours of mining.
Putting aside all the victim blaming for a second...
This is meant to be a private (closed-source) application, with a private API interacting to the private server.
Why the hell can anyone (read: unauthenticated users) access private data via a public and unrestricted URL? I've read articles reverse engineering their API. It's terrible! This is another company who did not put enough time and effort into securing the application and API, and now users (read: non-technical, real people, some of which paid money, all of which trusted the company) are left exposed.
I really wish there was a way to force companies (ie: legislate) to place far higher importance on this. I've also been in situations where, as a developer, I've had managers scuttle or ignore requests to lock things down, in the interests of deadlines or cost or worse yet, "we'll fix it once it's up and running."
Sounds to me that this could provide some good news if Ubisoft wanted to.
Instead of disallowing all DRM auth requests for the move period, why not have a cheap server that just authorises all requests for those few hours - legitimate or otherwise. Even extend this free period to be 24 or 48 hours, take the pressure off your server crew to get everything up and working against the clock.
You might get people who haven't paid playing the game for free... big deal, after the free period they're disconnected/revoked. If you've planned it well, you could have a big "Buy now" notice appear at the end of the period. Let's see if they can convert freeloaders into paying accounts - surely that's a win/win for Ubi and gamers?
Slashdot Mirror
What's the minimum amount of runtime the script needs before it can return something useful (ie: profitable) ?
If a user comes and goes in 5 minutes, is there any benefit to mining for such insignificant amounts of time?
Or are they hoping some users will leave the browser open and forget about it, allowing the hours of mining.
Putting aside all the victim blaming for a second...
This is meant to be a private (closed-source) application, with a private API interacting to the private server.
Why the hell can anyone (read: unauthenticated users) access private data via a public and unrestricted URL? I've read articles reverse engineering their API. It's terrible! This is another company who did not put enough time and effort into securing the application and API, and now users (read: non-technical, real people, some of which paid money, all of which trusted the company) are left exposed.
I really wish there was a way to force companies (ie: legislate) to place far higher importance on this. I've also been in situations where, as a developer, I've had managers scuttle or ignore requests to lock things down, in the interests of deadlines or cost or worse yet, "we'll fix it once it's up and running."
I think you mean Apple CEO Tim Cook
Sounds to me that this could provide some good news if Ubisoft wanted to. Instead of disallowing all DRM auth requests for the move period, why not have a cheap server that just authorises all requests for those few hours - legitimate or otherwise. Even extend this free period to be 24 or 48 hours, take the pressure off your server crew to get everything up and working against the clock. You might get people who haven't paid playing the game for free... big deal, after the free period they're disconnected/revoked. If you've planned it well, you could have a big "Buy now" notice appear at the end of the period. Let's see if they can convert freeloaders into paying accounts - surely that's a win/win for Ubi and gamers?
So when are the feds releasing their tool as open-source?