Thursday, January 31, 2013

Amazon, as best I can tell, is a charitable organization being run by elements of the investment community for the benefit of consumers.

The shareholders put up the equity, and instead of owning a claim on a steady stream of fat profits, they get a claim on a mighty engine of consumer surplus. Amazon sells things to people at prices that seem impossible because it actually is impossible to make money that way. And the competitive pressure of needing to square off against Amazon cuts profit margins at other companies, thus benefiting people who don't even buy anything from Amazon.

http://www.slate.com/blogs/moneybox/2013/01/29/amazon_q4_profits_fall_45_percent.html

an xkcd i didnt get



 https://xkcd.com/1168/
thing is. i can't recall even 1 vim command when i wanted to edit something last week. but off the top of my head 'tar -xvf your.tar.gz' i believe actually will work? or is 'valid tar command' something else altogether? i don't get.

in other news, http://www.bvckup.com/ is interesting..now i just need to find a use for it...

and https://www.nytimes.com/2013/02/03/magazine/gerard-de-villiers-the-spy-novelist-who-knows-too-much.html?ref=books&_r=3&pagewanted=all& is interesting...the literati unfriendly bits sound good...ahahahahahaha....

and http://www.opendedup.org/ is totally interesting..ddar to a opendedup storage, does it work that way?


elsewhere, in a ycombinator post about gmail, there was something also about gmail takes consistency far more seriously than availability, but http://www.kitchensoap.com/2013/01/03/availability-nuance-as-a-service/ is saying there's more than even that.
its really not about the 99.999% uptime at all, apparently.

It takes two to make an accident.


It was on that same house party that we had a curious conversation about driving a car. It started because she passed so close to some workmen that our fender flicked a button on one man's coat.
"You're a rotten driver," I protested. "Either you ought to be more careful or you oughtn't to drive at all."
"I am careful."
"No, you're not."
"Well, other people are," she said lightly.
"What's that got to do with it?"
"They'll keep out of my way," she insisted. "It takes two to make an accident."
"Suppose you met somebody just as careless as yourself."
"I hope I never will," she answered. "I hate careless people. That's why I like you."

stolen from https://news.ycombinator.com/item?id=5145268

One curl command issues next-day ACH deposit

ahahaahahahhaha...from https://news.ycombinator.com/item?id=5026802

At Balanced Payments YC W2011, we've been working on simplifying ACH deposits and we've managed to boil it down to one curl command.
Tell us what you think! Ultimately, our goal with this is to provide ACH deposits for those who are already using existing processing solutions, but want to pay their users or vendors via ACH instead.
US only - we're cooking up something for international.
Without further ado:
    curl https://api.balancedpayments.com/v1/credits \
        -d amount=10000 \
        -d description="Math lesson" \
        -d bank_account[name]="Johann Bernoulli" \
        -d bank_account[account_number]=9900000001 \
        -d bank_account[routing_number]=121000358 \
        -d bank_account[type]=checking \
        -u 7b7a51ccb10c11e19c0a026ba7e239a9:
Try it out!More about Balanced Payments here: https://balancedpayments.com

Wednesday, January 30, 2013

cheating at exams? anyone?

https://onetimesecret.com/
When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message.

source is here:
https://github.com/onetimesecret/onetimesecret

http://encrypticate.com/
send encrypted messages. enter your message, enter a key, send the link.

https://www.thismessagewillselfdestruct.com/p/about

TMWSD is a secure, auto-deleted messaging service. This means two things:
  1. We encrypt your message before we store it.
  2. The first time the message is retrieved we delete the encrypted content.
We didn't stop there, however. We added the ability to restrict access by password. You don't need to worry about your password either, because in this case we never actually store it. Instead we hash it using a heavy-duty hashing utility (bcrypt). As an added bonus, if you provide a password we salt the encryption key with it for even more security. This means that without the password no one can decrypt your secret message, not even us.
One more thing. Obviously, thismessagewillselfdestruct.com is a long domain name. So, you can use either tmwsd.ws or ⌫.ws too.

and this is my fav domain name among the lot...
https://www.alicetobob.com/

Share sensitive information securely with colleagues and friends.


 source is here:
https://github.com/hellonoam/cryptopad


another system you can run yourself can be found here:
https://github.com/Achiel/SecretSexChange

shouldn't this be the heyday of the NoMachine?

a possible thin client for a mere us$30?
http://www.aliexpress.com/item/Android-G-Box-Dyno-XBMC-Player-in-a-box-Mk802-Web-Wifi-TV-Box-Mini-PC/694396319.html

what are NoMachine and Wyse doing???

maybe its 'cos i no longer see things like the asus eeeeeeepc or msi windpc anymore..
but maybe their equivalent is coming back..in the form of the intel NUC..http://www.tranquilpcshop.co.uk/nuc/

or celeron powered something like http://www.sapphiretech.com/presentation/product/?cid=6&gid=1054&sgid=1218&pid=1778&psn=&lid=1&leg=0 that looks like a nice thin client terminal...

a bit more about the architecture of that Battle of Asakai

So relativity is just the universe's way of saying the local server is currently way too crowded with rest mass?

Not exactly. The servers might have stayed up but the health of the cluster was poor. I was logged in at the time, and was getting live reports from people on grid for the battle. There were a lot of disconnects across the entire eve universe; And this amplified the losses to the individual players. Many petitions were filed for damages due to getting "DC'd" and being unable to reconnect.
The cluster architecture for Eve is actually quite amazing, and the underlying logic exceptionally sophisticated. But the main failure point, which has been mitigated but not eliminated with the time dilation feature, has always been the database. Every action in the game generates dozens of database updates. When you have 3,000 people frobbing the gun buttons and the heal me buttons, things get ugly fast. Time dilation is a way of creating a queuing system so that the actions are accepted to the server, and then serially updated into the master database. The server tries to compress and reduce the amount of updates to this, doing a lot of calculations and updates, but ultimately, this link is of finite size.
The other bottleneck is that because of the caching and buffering mentioned above between each server and the central database, is that a server can't swap its resources to another server. If that server is managing, say, 40 (in game) systems, and one of them goes all nuclear, the other 39 also suffer from lag and such because those other 39 can't be offloaded to another server -- that state information stays on the server because of the buffering and caching issues mentioned earlier. It's a syncronization nightmare -- there's no way to cleanly break the flow of data and redirect it, and if any of those database updates get lost, it can mean real money lost to the players.
And real money was lost in Eve, not just because of player actions, but also cluster architecture. Those big ships don't just disappear when their pilot disconnects: They stay on the field, taking hits. And without a pilot, a lot of defensive actions (like warping away) aren't available anymore. I know at least 1 of those titans was lost because of a disconnected pilot. You can blame the ISP for that, but it was happening across the board, to all Eve players.
This behavior of the eve servers is well-known to regular players. Some alliances (large groups of players) even intentionally try to provoke such server failures, knowing it'll lead to losses like what's described in the article. Far from this being a success story... it's an example only of avoiding a worst-case scenario. The servers saying up means exactly dick if the servers aren't processing the requests in a timely fashion. Ask anyone on Wall St., why there's so many data centers ringed around it; Latency. It costs a fortune to host servers there, but those extra milliseconds matter.
As it turns out, MMOs have similar architectural features to our largest financial institutions. This one, more than most.
by Anubis IV (1279820) on Tuesday January 29, @08:00PM (#42733423)
The other bottleneck is that because of the caching and buffering mentioned above between each server and the central database, is that a server can't swap its resources to another server. If that server is managing, say, 40 (in game) systems, and one of them goes all nuclear, the other 39 also suffer from lag and such because those other 39 can't be offloaded to another server -- that state information stays on the server because of the buffering and caching issues mentioned earlier. It's a syncronization nightmare -- there's no way to cleanly break the flow of data and redirect it, and if any of those database updates get lost, it can mean real money lost to the players.
Doesn't the quote from CCP in the summary directly contradict this paragraph of what you said? As it their quote says, they can move systems physically away in order to move them to different servers. The result is that the players in those 39 other systems get disconnected temporarily, but then they are moved to other servers where they are able to play more easily, thus leaving a bigger chunk of the computational pie on the first server for the one system that's going nuclear.
Granted, I don't play the game and it sounds like you do, but if what you're saying is true, I'd be curious how it's reconciled with the official statement above.
by Charliemopps (1157495) on Tuesday January 29, @08:36PM (#42733667)
The problem is, to move the players, they have to be disconnected first. Once moved they can reconnect. Unfortunately, an easy way to get out of fights would be just to pull your Ethernet cable, so when a disconnect happens they just log YOU out and not your ship. So, if you get disconnected you're still getting hammered by your opponents. BUT... if they drop the entire solar system (i.e. Zone) you are in, then your opponents get dropped at the same time. So the system is basically filled with ghost ships until it comes back up. Problem solved right? No... everyone knows how this works and as soon as the System (zone) drops, those that understand how it works are hammering the re-connect button. Whomever can connect fastest is going to pull into a zone filled with defenseless ships ready to go. The tactic they talk about in the article is when some Corps (guilds) try to intentionally crash a system by getting as many people to zerg and unprepared system as possible. They just pile in more and more junk ships or noobs or whatever into some unsuspecting system and try to crash it. Then they reconnect before anyone knows what's happening and take out their target.
He's right that their architectures are similar to financial institutions, but where they differ is in the quality of their hardware and staff. While I'm sure Eve's people are great, they are nothing compared to the dudes working on wallstreet or the hardware involved in trading. 3000 people on the same server is a joke compared to what they're dealing with.

Tuesday, January 29, 2013

this is quite nice hosting

https://www.nearlyfreespeech.net/services/pricing
of course, i'm with buyvm, edis and chicagovps and not really into web hosting..
but this nearlyfreespeech sounds cool.
and yea, i sometimes use freezoy(random free web host) or appfog to try web based stuff out...

separately i find it slightly amusing that when i search for ODesk , Elance appears in paid listings above the search listings...
anyways,if you're considering outsourcing your own/real job and becoming a project manager..this is ODesk..https://www.odesk.com/info/howitworks/client/ 
a bit like a high class version of mechanical turk...http://www.supremestrategies.com/cheap-guest-blogging-opportunities/

you can use keepassx with some sort of sync, like dropbox, or

http://www.passpack.com/en/home/

https://password.ly/

http://lastpass.com/enterprise_overview.php

or something totally off..ahahaha...
http://www.imprivata.com/products-and-solutions/authentication-management/onesign-secure-walk-away


From the people who made Total Annihilation, Supreme Commander, and Dungeon Siege.

Wildman
http://www.kickstarter.com/projects/gaspoweredgames/wildman-an-evolutionary-action-rpg?ref=category




is the latest game they are trying to make. in summary,

Wildman represents the union of our experience working on pure RPG and RTS games, and we’re pulling some of the best features from our past games into the Wildman experience.
From Dungeon Siege: The core action-RPG experience. Equip weapons and gear, cast spells. Fight monsters. Level-up. Find loot.
From Supreme Commander: The core RTS experience. Create armies. Explore a tech tree that lets you customize your hero and armies. Adjust your strategy on-the-fly.
From Demigod: You don’t fight alone in Wildman. Waves of allies fight alongside you in the War Zones as you push the battle ahead, seize key control points, and destroy the enemy citadels.
Wildman is exciting because it’s something new, but it’s also reminiscent of these games we’ve made and loved. We want to make this game, and we have the right people to do it.



...and i'm not too comfortable its their last roll of the dice, i totally wish that a indie developer with a solid track record wouldn't disappear.. http://www.pcgamesn.com/indie/wildman-bay-inside-chris-taylors-fight-save-gas-powered-games

ah. a singaporean.

http://yongfook.com/enterprise.html
"Every day, hundreds of millions of people go to work and hate the piece of shit software they have to use to perform their jobs.
Every day, thousands of startups are trying to make it easier for people to share 6-second video clips or bookmark photos of cats."

the ycombinator reaction:
https://news.ycombinator.com/item?id=5132474

the pessimist, isit?

 "Essentially, in enterprise:
1., You need sales people. Highly paid sales people that bring in their networks. Your website is worth nothing. 80% of your success in enterprise is sales. Your product is simply not that important.
2., You need to know how to build "product" for your initial target group - the people making purchasing decisions. Which can be diametral to what the end users actually need. You need shiny demo features which do not ruin your product in live use.
3., You need configurability. Nobody, ever, in enterprise uses something out of the box. The beast with many names (Accenture, CapGemini, Deloitte, etc.) needs to be fed with the blood, sweat and tears of hapless victims caught in workshops and UATs. The iPad has disrupted this cycle so profoundly it is amazing to watch. No pure software solution has achieved this so far though.
Dirty little secret: A team of 5-8 top-people can implement and roll out any global system. Reality? Hundreds of various consultants running around creating nothing but confusion. But why does this irrationality exist? Because global companies hire their consultants to be middle managers or even be C-Level IT officers. The business model of the big consultancies is practically HIV - penetrate the customer, infect the host, lower the defenses, repeat. The various alumni orgs of those firms form strong bonds. Look into the LinkedIn history of a IT manager and you know which consultancy is being hired, no matter how bad projects turn out to be.
As stupid as it sounds - enterprise is for grown ups. Garage start ups created by college drop outs have a competitive disadvantage as it is not the product that counts, but the right, expensive sales people. Seniority, experience, personal networks are critical"


the optimist?


"You can't compete with $MEGACORP on fancy dinners, but you can compete on great products, which they generally suck hard at.Look at GitHub, who presumably have giant enterprise accounts by now. But they started by making something great for hackers. While enterprises might seem like cold places devoid of humanity, a lot of people inside the enterprise want to get stuff done as much as anyone else. They will pay out of their own pocket and claim the cost as an expense later. They will fight internally to adopt products, etc. And once an app is used by a team, if it's good, it has the potential to spread virally inside the company.Other examples: Evernote (who just launched Evernote Business), Google Docs (the word processor came from Writely), Yammer, Atlassian's Confluence. I expect Trello is already used all over the enterprise and will be turning profits on that too."

yea, its like, http://www.getblimp.com/ was launched recently. i think its damn nice. but yea, whats the chance that even a 200-man firm will use it company wide? i think the answer is along the lines of..not until millions of individual users use it first...

Monday, January 28, 2013

totally amazing! 10% of acer shipments???

http://venturebeat.com/2013/01/28/acer-windows-8-has-been-a-big-dud-but-chromebooks-rock/
But it’s not all doom-’n'-gloom. For Acer, a big boost came from its Chromebooks, which accounted for roughly 10 percent of Acer’s PC shipments in the U.S. That turnout has been encouraging enough that Acer plans to offer the devices in other markets as well.

i'm find the "thinkpad" version somewhat more interesting...
http://googleenterprise.blogspot.sg/2013/01/for-schools-new-lenovo-thinkpad.html



in other news, http://www.indiegogo.com/GoatseMail/ is...classic....

Sunday, January 27, 2013

i have no idea wtf they going on about

http://www.quirky.com/blog/post/2013/01/quirky-stands-strong-following-oxo%E2%80%99s-response/

one really must read the OXO post, conveniently linked to from the quirky post.
what are these quirky people smoking?

"Therefore, we believe it’s very important for the market to know who brought the concept of a commercially viable grooming dustpan to market."

??????????

are they saying apple invented the mp3 player or mobile phone or something?
they just ignored OXO's point that the self cleaning broom was invented in 1919 and everyone's just making little changed copies of that.
nor did they respond to OXO's point that there're quirky products(yea, more than 1) that look like OXO's too.

in the news

http://www.technologyreview.com/view/510341/googles-private-cell-phone-network/
Filings made with the U.S. Federal Communications Commission reveal that Google wants to start operating its own, very small cell phone network on its Mountain View campus. It’s the latest in a series of hints in recent years that Google is unsatisfied with the way that mobile networks control the mobile Internet.

now we switch to ycombinator news. https://news.ycombinator.com/item?id=5121492
the very first post:

It's really depressing to see 100+ media outlets go along for the ride on this story without doing a shred of independent thinking. This is smack inside LTE band 41, and part of the publicly announced clearwire shift from Wimax to TD-LTE. Sprint has established contracts for access to this space and has announced the lighting of the band this summer with handsets to follow in 3Q13. Clearly google wants to be able to test basebands, and nowhere in the world has the unique combination of band 41 TDD, FDD and CDMA2000 handoff requirements.
The story in the WSJ was just a placement - the analyst works for a firm representing some big clearwire stockholder that is just lobbying for a better price on the NTT/sprint buyout of clearwire.
Google would have to be fucking morons to build some sort of custom basestations and mobile devices smack ontop of license only spectrum thats been designated by the ITU-R.

all the people who use Outlook end up getting weird ideas about email?

its disappeared already, but a bit more than 10 years ago there was this:
http://money.cnn.com/magazines/fortune/fortune_archive/2001/06/25/305429/index.htm
When Mission: Impossible meets the workplace, e-mail self-destructs on cue, leaving nary a trace. Technology from Disappearing Inc. encrypts e-mail into an unreadable state before it's sent and allows the writer to select a detonation time (between 30 minutes and six months after it's dispatched). As soon as the message reaches its destination, the recipient's e-mail program requests a key from the sender's server to decode the message. Once the expiration date hits, that key is voided, making the e-mail permanently unreadable. Currently only Microsoft Outlook users can send exploding e-mail (a Lotus Notes version is in the works), but anyone can receive one. Download it for free at www.disappearing.com. Investment banking's infamous Chung surely wishes he had. 

and now slightly more than 10 years later, someone else has a similiar dream...
https://medium.com/future-tech-future-market/f0837a9ceef0

Email with Time

The next evolution of Email systems need to have the ability to declare time.
Instead of sending an email to someone you can opt to enter - please respond by date/time. This would enhance coordination and productivity. It will give an option of sorting emails by the time response is due.
In the world of always on and connected - having Messaging coupled with Time - would help auto prioritize the things that we have to do.
Informational emails in Corporate America with a date/time will self-delete, invitations of having a pizza party in the conference room will self-delete at 2pm.
I get 200 emails a day and delete 150 emails. These emails are not spam, some of them informational, or offers that I want to see. If they were time bound self-delete emails, it would save me the time specially on days when I really don’t have the time to look at them.
New rules make all email marketeers put a date/time on their email - like a limited time offer and then the email gets automatically get deleted.
There could be an option on emails with self-delete, with one click you can keep them, to read later.

both ideas  fundamentally have to get around the problem of asking my mail client to do something for your mail-> why would it? it would, if this were a rfc and around long enough that its been implemented..

Friday, January 25, 2013

ahahahahahaha! lets get quite a few of them!!!!!



ran across that video because one of my vps providers moved DCs last weekend and this was the problem
http://www.webhostingtalk.com/showthread.php?t=1190853
i generally only knw about ubnt for their <us$100 1w wireless stuff...


so how do Gartner review security products?

http://www.itogether.co.uk/2012/08/gartner-magic-quadrant-for-secure-email-gateways-2012/
barracuda is in the 'challengers' quadrant in august 2012 for secure email gateways

http://www.binat.net.il/images/stories/www-gartner-com.pdf
and barracuda is also in the 'challengers' quadrant for secure web gateways, also may 2012

http://www.silicon.hu/sites/default/files/files/Gartner_FW_2011.pdf
dec 2011, barracuda networks is in the 'niche players' quadrant for Enterprise Network Firewalls

http://www.netsolutionsit.com.au/pdfs/gartner-magic-quadrant-adc.pdf
nov 2010, barracuda is also niche player in "Application Delivery Controllers", whatever those are...

http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0221.html
jan 24, 2013.

excerpts...

vulnerable products: Barracuda Spam and Virus Firewall 
                     Barracuda Web Filter 
                     Barracuda Message Archiver 
                     Barracuda Web Application Firewall 
                     Barracuda Link Balancer 
                     Barracuda Load Balancer 
                     Barracuda SSL VPN 
                     (all including their respective virtual "Vx" versions) 
 vulnerable version: all versions < Security Definition 2.0.5 
      fixed version: Security Definition 2.0.5 
.
.
.

1) Backdoor accounts
Several undocumented operating system user accounts exist on the appliance.
They can be used to gain access to the appliance via the terminal but also
via SSH. (see 2)
These accounts are undocumented and can _not_ be disabled! 
2) Remote access via SSH
An SSH daemon runs on the appliance, but network filtering (iptables) is used
to only allow access from whitelisted IP ranges (private and public). 
The public ranges include servers run by Barracuda Networks Inc. but also
servers from other, unaffiliated entities - all of whom can access SSH on all
affected Barracuda Networks appliances exposed to the Internet. 
The backdoor accounts from 1) can be used to gain shell access.
This functionality is entirely undocumented and can only be disabled via a
hidden 'expert options' dialog (see Workaround). 

.
.
.

Solution:
---------
Update to Security Definition 2.0.5. 
This will change the sshd config to only allow logins from the following users:
* cluster (login with pubic/private key)
* remote (login with pubic/private key, Barracuda Networks is in possession
  of the corresponding private key)
* root (login with password, password hash (listed above) might be crackable
  depending on password strength) 
According to Barracuda Networks these accounts are essential for customer
support and will not be removed. 
The vulnerability described in 2) is _not_ handled by this patch. 
This still leaves considerable risks to appliances as the password for the
'root' user might be crackable and the relevant private keys for the 'remote'
user might be stolen from Barracuda Networks. 
In secure environments it is highly undesirable to use appliances with
backdoors built into them. Even if only the manufacturer can access them. 
Workaround:
-----------
Place the appliances behind a firewall and block any incoming traffic
(local and Internet) to port 22. 
Barracuda Networks offers an expert option that disables the SSH daemon.
For assistance contact the Barracuda Networks Support. 


so really, Gartner reviews security products by???

the answer apparently is...

from http://www.silicon.hu/sites/default/files/files/Gartner_FW_2011.pdf


Inclusion Criteria
Network firewall companies that meet the market definition and description were considered for this report under the following conditions:

  •  Gartner analysts assess that the company has an ability to effectively compete in the enterprise firewall market.
  •  Gartner clients generate inquiries about the company.
  •  The company regularly appears on shortlists for selection and purchases.
  •  The company demonstrates a competitive presence in enterprises and sales.
  •  Gartner analysts consider that aspects of the company's product execution and vision merit inclusion.
  •  The vendor has achieved enterprise firewall product sales (not including maintenance) in the past calendar year of more than $10 million and within a customer segment that is visible to Gartner.

its basically a list of who is POPULAR?????

Thursday, January 24, 2013

illuminating, from http://www.metafilter.com/93492/But-my-name-really-is-Deathblood-Blackaxe#3171416

I don't play WoW at the moment. I played off and on (mostly on) for the first five years of the game, and I'll play again for a while once the expansion comes out, then probably quit again, etc. Anyway, especially a few years ago when I had the time and inclination to play more, I was fairly active on the forums. My husband still plays, and so do a ton of my friends. So I'm really familiar with how the forums work and what people are like there.

This is a terrible, terrible idea. Especially if the intent is to discourage trolling, there are much more effective solutions available. Some of the reasons why it's terrible have already been brought up, but a bunch of people who are obviously not familiar with the WoW forums have muddied things by making arguments based on incorrect assumptions, so for the sake of having an omnibus "this is why it's bad" post, here we go.


Incorrect Assumption #1: It's already easy to link WoW characters to their real life players.

That's just completely wrong. It's pretty difficult. It's impossible, in fact, unless someone outright tells you their real life name or e-mail address, none of which are available to fellow players. You have to ask someone for those things, and they have to willingly tell you. There are people I played with for years, even had their phone numbers, and I had no idea what their first names were, let alone their last names. For a while we had a guild leader who would delight in not telling us what his real first name was. I've also met nearly a dozen people from WoW in real life. People have different comfort levels about that sort of thing, but the point is it should be their choice.

When you see a character, either in-game or on the forums, you literally do not know anything related to real-life about that character, not even an IP address, unless they willingly supply that information. You don't even know what other characters are on the same account, much less what character belongs to what player. You'd have to work for Blizzard on the forums to see any of that information, and they're not allowed to disclose it. While it's true that an employee could just do it anyway, I think it's reasonable that people have some expectation of privacy in that regard. I'm not sure that I've ever heard of someone having their real life identity discovered without their willingly giving away obvious information, either their name or they're linked to their website and someone did a whois.

Keep in mind that few forums exist that display your full real-life name with your posts. You usually have some kind of username. Metafilter is like this. Maybe you can link that to an e-mail address and someone knows it's you that way -- and lots of forums will even keep that private if you want. But plenty of people -- for good reason -- keep their work and private e-mails separate. A lot of us cringe to think what others could dig up about us just using our e-mail address -- but let's be honest, it's because we either don't care that much or we've been sloppy. Both of those things are under our control.

The change Blizzard is making on the WoW forums isn't like that; it doesn't give you a choice except to stop using the WoW forums, or else lie about your name which isn't a great idea if you ever have a billing conflict or need to verify that you own the account. The latter happens whenever someone gets hacked, and people get hacked a lot, even smart computer-savvy people I'd think would never get hacked; once a few people I knew got hacked because someone inserted malicious code into a banner ad on a popular WoW website. The website fixed the problem, but still, everyone thought it was safe and it even took a while for anyone to figure out what had caused it. Point is: hacking is common and getting more sophisticated, you need your account info to be accurate.

So, right, the privacy-conscious people will stop using the forums. I just think it's ridiculous to force people's hand that way when it's not necessary.


Incorrect Assumption #2: People won't actually harass other people outside the game, come on.

This is just wrong. I don't know how else to put it. It's a lovely thought, but people go to great lengths simply to harass others in-game, and just handing the real name to them without their even having to do any work for it makes it easier to harass them outside the game. If you really, truly think it won't lead to harassment, you are underestimating both teenagers and angry, socially ill-adjusted people -- a ton of whom play WoW, alongside all the normal people. People already go to crazy lengths to e-stalk people and some of it already culminates in real life confrontations. I have trouble believing that anyone who says this has actually ever played an MMO, so if you haven't, please consider that you might not know what you're talking about and people aren't just paranoid and complaining about nothing.

And, more on this in a moment, but one really needs experience in the gaming community to comment on it. Particularly those in doubt of women being SEVERELY harassed in-game and, yes, on the forums. The gaming world is way more hostile to women than you think. I wish it weren't, I really, really do, and I know you mean well, but please do not say you doubt those things when I and other women have been through a lot in that regard. The WoW forums is not Metafilter by ANY stretch of the imagination. I would not mind my real name being on Metafilter and I've posted things here I wouldn't tell my mother, but I would probably cry if my real name was next to my WoW posts. It's not because I make a fool of myself on the WoW forums, either, but-- well, you'll see in a moment.


Incorrect Assumption #3: There's no good reason to keep your identity separate from the gaming community. If you're worried about someone from WoW finding you on Facebook, then why are you even on Facebook?

The answer to this is so long you'll just have to read my list of reasons why this is bad. The short version is: because the gaming community has a different culture than society in general, and it actually does make a big difference whether they know things that you don't try to keep hidden in real life. It's absolutely rational and sane to have 500 Facebook friends and not want anyone from WoW to know anything about you.


Reasons Why This Is Bad, Even If You're Not a Troll:
1. Girls are going to get harassed more than they already do. Just like in real life, while plenty of gamer guys are decent people -- gamer guys are the majority of my closest friends -- there are a ton of asshole gamer guys who make life hell for players who are openly female. Really, the gamer community is a much more hostile place for women than society in general. I never tried to hide my gender, so I have a ton of anecdotes I could tell you.

Here's the shit a female gamer has to deal with:
* People assume that you're not actually a girl, and you're just playing a girl character so you get "free stuff" from guys. This is actually the least bothersome thing. (For the record, I never got "free stuff." I think to get free stuff you actually have to cyber someone, or at least make them think you might, and I had no interest in any of those things.)

* constant requests -- some anonymous and some not, some crass and some just creepy -- asking for pictures, and these will not let up, EVER. In my case, the requests did not let up after five years.

* If you do post a picture (I never did) people either go nuts over how hot you are and won't leave you alone -- and the guys that perv on you treat you in a condescending way because hot=stupid; having to hear that shit addressed to other girls on Vent was really infuriating and uncomfortable -- OR they make a point of constantly telling you how ugly you are and won't leave you alone. There is no middle ground. They either want to fuck you or deride you. And it actually doesn't matter how hot or how ugly you are, either; the hottest girls will get called ugly (and FAT, ALWAYS FAT), and the ugliest girls still have to deal with lonely guys who aren't superficial. Any time the girl posts something thereafter, people will comment on her appearance, even though it has nothing to do with whatever is being discussed.

* if you don't post a picture they all sit around and speculate, and some people inevitably decide that you're not posting a picture because you're ugly, and therefore they don't like you. It does not occur to a great many people that a girl might not want guys bothering them for any reason. If you try to defend yourself, you're an attention whore.

Similar to pseudonymph, whenever someone asked me what I looked like I'd say something like, "I'm 350 pounds, all woman." Which always irritated me a bit: I said it because it was effective -- it made them less interested in asking, plus they usually thought it was funny and I didn't come across as prissy so it defused two concerns they'd have about female gamers -- but I didn't like perpetrating the idea that fat people are disgusting or something to be laughed at. I just never came up with another response that worked as well. :-/

* I got daily messages from people I didn't know because they liked my forum posts. This was bothersome for a few reasons. Some of whom were just normal people being nice and it was only bothersome as a distraction, but a fraction of them were lonely guys excited to be talking to a girl. The latter would bother me constantly. Other women I played with also dealt with these kinds of guys.

* If you ask someone to leave you alone, you're a stuck up bitch. That means you always have to be nice to everyone. This was both unfair and character-building, because now I'm really good at talking to and disengaging from socially ill-adjusted people without hurting their feelings.

* You are automatically a therapist and guys come to you for advice. This isn't so bad when friends do it, but you also have to patiently listen to a lot of emotionally-fragile guys you don't know very well. If this were infrequent it wouldn't be so bad. When it's constant and it's using up leisure time that you wanted to spend actually playing the game, it's really draining.

* People assume that you're bad at the game; they assume that any gear you got was given to you because you're a girl, and that your entire guild just started carrying you through raid instances because they were driven senseless by your siren song. It doesn't matter if you're in one of the top guilds in the US and doing content where you really can't carry bad players through. They can believe you're a good healer, sometimes. If you're a damage-dealing class they can't believe you could possibly be as good as a guy until they see raid reports. They will never believe you can tank.

* Some people think anything you do or say is attention-whoring, even if you never wanted the attention. If a guy makes a joke in a forum post, he's a funny guy. If a girl makes a joke in a forum post, she's an attention whore. If a guy makes a good argument in a forum post, he's a smart guy. If a girl makes a good argument in a forum post, she's doing it for attention. She's ESPECIALLY an attention whore if people like her or agree with her.

* Similarly, people assume that the only reason anyone likes you is because they're one of your fanboys. So people don't genuinely think women or funny or make good arguments, they're just fanboys. If other girls like you, then it's because women form cliques -- even if in the previous breath they were saying that women are all catty and hate each other.

* Even if people tend to assume you're male from your writing style, once they know your gender, some people tend to read everything in the shrillest way possible. You could literally copy and paste a guy's post and get an entirely different reaction.

* All of this applies to underage girls. I've played alongside 14, 15, 16 year old girls who would deal with all this horrible stuff every day. Often worse stuff really, since they didn't yet have the best handle on how to deal with it.

Want to hear some scary shit? One 14 year old girl whose father also played had to change her character's name and transfer her to another server because some guy was e-stalking her. If her real life name (or her father's name) were next to her character's name in forum posts she wouldn't be very safe right now, would she?

* For all of the above, it doesn't really matter much if you're married or in a long-term relationship. It doesn't stop anyone. The only real difference is that if you're married, people assume you're old and unattractive and probably controlling. (I stopped playing WoW when I was 24, and I'm about to turn 26.) Within my guild there was pretty much no fear that I was going to try to woo my way to anything at least, but outside the guild people keep thinking whatever they want.

I was really lucky to be in a guild with guys that AREN'T assholes, so I had a reason to keep playing even if random forum people would be assholes sometimes. For whatever reason, our guild was full of mostly rational, unprejudiced people; we would reject applicants that weren't those things. We were in a position where we could be that picky, but most guilds don't do well enough to get enough apps that they can afford to reject people for character flaws. Once our GM actually got on an app's case for creeping out the girls in the guild -- just basically warning him that he was not making us feel flattered -- and then he kicked him out of the guild a few days later when nothing changed; that GM had a pretty good understanding of what was skeezy and why we shouldn't have to put up with it. We were lucky for that, because the guy in question wasn't being crass or lewd, he was just kind of a stereotypical dorky guy who thought women liked to be treated like Renaissance maidens instead of people; he couldn't seem to understand we didn't want him to flirt with us even in a "harmless" complimentary way, that we just wanted to be left the fuck alone. One of the women in question wasn't even afraid to be really mean and condescending to him about it, and he STILL kept it up because he was too awkward to know how to do anything else. This is the sort of stuff we had to deal with.

Ours was an extraordinary guild, though; we've gone to great lengths to see each other IRL even since most of us quit WoW, and most guilds don't have that kind of protection and camaraderie. In most guilds no one would think there was anything wrong with that guy's behavior and we'd be too "sensitive" if we complained about it. For many girls, the solution is either to grit their teeth through it and say very little -- which isn't feasible if you want to raid, because any decent raiding guild requires you use a voice client. But if you don't want to raid, you can have male characters and just never disclose your gender. My primary character was female, but after seeing how that went, I made all my alts male just to get a goddamn break when I needed it. Several times when I quit the game it was because it had become too draining to deal with anymore; guys can just log in and have fun and log off, but girls have to log in and deal with everyone who wants to talk to them. After a while logging in meant I would spend all night typing while flying aimlessly around Shattrath instead of actually doing anything fun. I'm an introvert so I was especially worn down. You can't just not respond to people because they keep trying, or they think you're stuck-up, or they're seriously emotionally fragile and you really don't want to hurt their feelings, and they can always ask someone else in your guild to make sure you're not AFK. It sucks. I mean, you can do all that anyway, if you want to get harassed.

The only way to play it if you're not going to lay low is to have a pristine rep, and it's constant work. I accepted that as a sacrifice for not hiding my gender and wanting to actually be able to talk to my friends on the forums like guys get to do. I never thought it was fair but I was able to weigh the consequences and make a choice. But if you attach real life names to characters, a woman pretty much can't post on the forums anymore unless they're willing to deal with all of the above -- plus more, since everyone can look up her name on Facebook and pick apart her appearance! All the women that lie low for their own sanity aren't going to have that choice anymore, even if all they want to do is help someone out on the forums, or make a post looking for or selling something, or what-have-you.


2. Minorities will get harassed.

A sizable portion of gamers are racist. (Sexism, racism, and homophobia are what make me most uncomfortable about the gaming community; in a serious way I feel more connection to gamers than any other group, so this pains me. Plenty of gamers are none of these things and I love them to death, but I think those same gamers realize what a huge problem it is in the community in general.) An even bigger portion of gamers are just not very racially sensitive -- they'll use "nigger" or "Jew" a lot, for example, even if they don't think they actively feel anything against those groups, because they think it's funny. In the same way that saying stuff is "gay" is especially pronounced in the gamer community, even the people that say slurs ironically or by force of habit inadvertently make actual bigots in the gaming community feel empowered because they don't realize other people don't mean those things like they do. It is much more common and acceptable to express racist opinions in the gaming community than society at large.

Plus -- I hate to say this -- I've found that a lot of people in that latter category who don't feel like they're actively prejudiced against minorities actually do think black and Mexican people in particular are stupid. I've realized that about some gamers I'm friends with and it's not a great feeling; you have to hang around them a while before something comes up that makes you notice it, like how they interpret a comment they overheard from a black person, that sort of thing. It's usually people that grew up around only other white people; gamers that grew up around minorities tend to use the slurs because they're using to trading friendly jabs with minority friends, and they aren't actually racist and know when not to use the slurs. Unfortunately, the obliviously racist gamers especially tend not to understand why you wouldn't want to say those things even jokingly to a minority you don't know; they don't think they're racist, so their reasoning is that people shouldn't take offense. But it can get really uncomfortable when it's clear to everyone else that they actually are a little racist and don't realize it, and it's just as hurtful as a real racist remark when they're trying to be funny and the assumption shines through anyway.

Putting people's real life name on their posts just encourages people to drag their race into the discussion, whether they're being hateful or just think they're being funny. I've seen Black and Hispanic gamers in particular get a whole lot of crap already and they're often not forthcoming about their ethnicity. It doesn't even necessarily come through on voice clients so it's easier than hiding gender. Just like I don't blame women who chose to lay low so they can have fun playing the game instead of being drained by dealing with people, I don't blame minorities who do the same thing. They shouldn't have to deal with people's bullshit because their last name is Rodriguez or Goldstein.

And if anyone wants to say, "Well real life is like that," fantastic. WoW is a game. It's not supposed to be serious business. People play games as long as they're fun, and being harassed isn't fun. It's no one's moral obligation to be the banner-carrier for justice 24/7. If someone wants to make their gender or race (or sexual orientation) known in WoW so they can chip away at the problems in the gaming community, that's certainly praiseworthy. My guild was great so I and the other women and minorities and gays in the guild could feel a little more comfortable being open about that stuff. But it shouldn't be thrust on anyone.


3. You don't have to be a troll to not want your name attached to your posts. There is still a bit of a gaming stigma, and there is an especially strong WoW stigma.

I have friends that keep their WoW-playing secret. A lot of friends, actually. I think it's kind of silly but I understand the impetus because just like the gaming community has a different culture, they spend their real lives in cultures that stigmatize gaming. Some people deal with constant bullshit in MMOs because they're female or a minority or gay; some people deal with constant bullshit IRL because everyone they know thinks only losers or people with mental problems play MMOs. Several people in our guild were in the armed services and kept WoW a secret because the attitude toward MMOs was so negative there. Other people have relatives who literally think things like WoW are demonic.

Hell, even within WoW there is a stigma against playing it too much. I was in the top raiding guild on our server and we were constantly having to deal with people saying, "You're only doing so well because you play so much!" We were constantly struggling to finish everything for the week in two evenings just so we could say, "NUH UH, we play less than you do, you're just bad!" And then guildies would gossip about the few people in the guild that really did play constantly -- there were always a couple. If someone had some awesome item on their alt that you wanted for your main, well: at least you weren't a loser that played everyday like they did -- I mean you get laid at least, goddamn, you're too busy being cool IRL to have a good alt. Playing WoW is considered waaaay less cool than playing anything else.

Outside of WoW it's worse: for non-gamers, WoW may as well be the only MMO anyone has ever heard of, and they haven't heard good things; finding out someone plays WoW isn't like finding out they played Uncharted. Employers who don't know any better might feel apprehensive about hiring someone who plays WoW since the stereotype is that WoW players are irresponsible and end up losing their jobs. Sure, every now and then it might work in someone's favor -- I've had bosses who play WoW, and some of my husband's NASA colleagues do too -- but it should be someone's choice whether they reveal that sort of thing.

Again, I'm all for being open about things in order to change attitudes, but it shouldn't be forced on anyone. You don't have to actually feel shame for playing WoW to want to avoid dealing with bullshit from judgmental people; I'd argue that anyone who doesn't feel shame would be making a rational decision to avoid engaging with small-minded people on the topic. I mean, how many of us avoid talking about politics or religion? Most of us aren't ashamed, we just know it would be a contentious waste of time if our granny knew we we didn't hate gay people. And for the smaller subset that actually do feel shame -- and yes, I know some of those too -- "you shouldn't be such a wuss" doesn't outweigh privacy anyway. People should be able to be wusses if they want.


4. A lot of parents are going to have their teenager's posts linked to their name because their name is on the account.

Best case scenario is that the teenager is a perfect angel on the WoW forums, and everyone still sees a ton of WoW posts attached to the parent's name in Google searches. Bad for all the reasons above.

Less-than-best case scenario is the teenager engages in some colorful gamer humor, which, even if it isn't racist, is probably mildly sexual and insulting. Not really something you want appearing in an employer's Google search, or that you want your friends and family finding.

Worst case scenario is the child says some crazy shit and the parent looks crazy.


5. People who don't play WoW will get harassed or have WoW associated with them if someone else with the same name posts on the WoW forums.


6. If you're able to easily lie about your name in the forums to get out of privacy concerns, that just opens another can of worms.


7. It probably won't do that much to stop trolling.

If you're able to change what name is displayed, it won't stop trolling at all. But even if you can't change what name shows up, plenty of people already get a second account to post from and will keep doing that; this, of course, is also an option for privacy-conscious people, but they shouldn't have to pay more money when they're not doing anything wrong.

Plus there are people who don't care if you know their real name as long as you don't know what character they play; they're worried about in-game ramifications if people don't like them -- i.e. people won't let them into their group, or their guild, or they won't be able to sell anything. So while real life privacy is important to a lot of people, in-game privacy is just as important to others. (I think someone already noted upthread that some people prefer to keep all their forum activity separate from their main character, even when they're not trolling.)

Some people happily troll from their main already and just don't care that other people don't like them. When people troll on their main they're usually pretty polarizing and end up with as many friends as enemies, and some people are comfortable with that. My server had a guy that would be a troll on his main and I actually thought he was pretty funny, in a guilty pleasure sort of way; he would mostly bait people that were already raging about something stupid so it was hard to feel bad for them.

Will it stop some trolling, though? Probably. So would better moderation. So would a lot of things. Speaking of which...


8. There is a better solution.

Just let people see what characters are on the same account as the character that's posting. It doesn't violate their privacy nearly as much as the current solution and it would be enough to deter most people from trolling because they don't want their trolling associated with their main. All that'd be left is people trolling from dummy accounts, which it sounds like they can do under the new system anyway, so Blizzard would just make some extra money off crazy cowards.

Why in this world they thought this would be more appropriate is beyond me. I can't think of a single forum that I use that requires you to display you first and last name with your posts, and WoW sure as hell isn't important enough to warrant that.

Wednesday, January 23, 2013

some reasons to sign up for AppFog

and figure out a little bit of ruby. or something like that.

http://www.opensourcerails.com/
gallery of opensource rails projects

and yes, btw, appfog...
https://www.appfog.com/


apparently there's not just init

http://freedesktop.org/wiki/Software/systemd/
systemd is a system and service manager for Linux, compatible with SysV and LSB init scripts. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for sysvinit.
See Lennart's blog story for a longer introduction, and the three status updates since then. Also see the Wikipedia article.
If you are wondering whether systemd is for you, please have a look at this comparison of init systems by one of the creators of systemd.

 http://upstart.ubuntu.com/

Upstart is an event-based replacement for the /sbin/init daemon which handles starting of tasks and services during boot, stopping them during shutdown and supervising them while the system is running.
It was originally developed for the Ubuntu distribution, but is intended to be suitable for deployment in all Linux distributions as a replacement for the venerable System-V init.

The New Car (lego) by Taralyn Domoney



do you?

use any of these stuffs?  or even heard of them?
recently i heard a comment that the startups nowadays are not so much dependent on better tech but on better sales. i was at first thinking chef/puppet is 'so good you can eat it on its own'..where got need to 'sell'? in fact, i think github thinks exactly like that. then i thought about stuff like filepicker, parse and stripe.

and now this.

i wonder if stuff like these depend on better tech or better sales?


https://saucelabs.com/
Sauce provides instant test infrastructure that frees developers to focus on what they do best. Quick test feedback. Zero maintenance. Iron-Clad security.

their competition(or just related stuff)?

http://www.pluraprocessing.com/games/
Plura pays game developers up to $2.60 per full month of compute time provided. 

http://yeti.cx/
Yeti brings browser testing to the command line. One command gives you automated testing.

http://www.browserstack.com/
Instant access to all desktop and mobile browsers.
Say goodbye to your setup of virtual machines and devices. 

https://code.google.com/p/selenium/wiki/Grid2
#Selenium grid for selenium1 and webdriver
Grid allows you to :
  • scale by distributing tests on several machines ( parallel execution )
  • manage multiple environments from a central point, making it easy to run the tests against a vast combination of browsers / OS.
  • minimize the maintenance time for the grid by allowing you to implement custom hooks to leverage virtual infrastructure for instance.

http://queenjs.com/index.html
Let's say you want to play a game where you write down a number and others try to guess it. You gather some friends and tell them to start giving numbers at you. Your friends keep giving you random numbers until one of them gets it right.
Now imagine your friends are browsers, and the game is a script which tells browsers how to play, and waits for the right number to be guessed. This makes you the Queen Server. The Queen Servers allows you to perform distributed tasks on many browsers -- a platform for running scripts on many browsers.

 http://thrilljs.com/
Thrill runs tests in browsers. 

https://github.com/ariatemplates/attester/
attester is a command line tool allowing to run Javascript tests in several web browsers.
It starts an internal web server, then starts a set of web browsers, makes them execute the tests, and finally writes test reports.
It is written in Javascript, to be run with node.js.

and er, finally, just about the ability to run stuff remotely in browser windows...how about running some hash guessing scheme in little flash/js thingies on your users' browsers?
https://bitcointalk.org/index.php?topic=9042.msg130817#msg130817









Tuesday, January 22, 2013

how different is

https://workflowy.com/
from a plain txt list?


http://www.followup.cc
and of course i never quite figured out why need to email reminders to yourself about emails...
of course, there's also the quite famous boomerang. but that only works for gmail/google apps.

excerpts from http://news.ycombinator.com/item?id=5090007


I used to work at a large public university. One day, a grad student brought me his laptop and asked if I would take a look at it because "the Internet [was] really slow." It turned out that his computer was part of a botnet controlled via IRC, and it was being used to attack hosts on the Intertubes.
After sniffing the IP address + port of the IRC server and the channel name and password the botnet was using, I joined the channel with a regular IRC client. "/who #channel" listed thousands of compromised clients, including hundreds with .edu hostnames. (One university had a dozen hosts from .hr.[university].edu in the channel. Sleep tight knowing your direct deposit information is in good hands.)
There was no way I could notify everyone, so I concentrated on e-mailing abuse@ the .edu domains. In my e-mails, I explained who I was and where I worked, that one of our computers had been compromised by hackers (yeah yeah terminology), and that in the course of investigating, I found that computers at their university had also been compromised by the same hackers. I also included a list of the compromised hostnames at their university and the IRC server's information so their networking people could look for other compromised hosts connected to the IRC server if they wanted to. Relatively basic IT stuff.
I didn't get replies from the majority of the universities I sent messages to, including the .hr.[university].edu one. I got a few thank yous, but I got just as many replies from IT Security Officers and CIOs (including at big name universities) accusing me of hacking their computers and demanding that I stop immediately or face legal action.
Those people just didn't understand, and they were in charge of (or ultimately responsible for) their universities' IT security efforts... It was completely mind-boggling to me at the time.


I found something like this at my school. The administration reacted similarly. But fortunately, I was taking djb's Unix Security Holes at the time, and a harshly-worded note from djb to the Computer Center folks ended up getting me a thank you.
Next semester, though, I refused to sign the new AUP (which included a clause allowing the computer center staff to seize any computer I was using, even at my off-campus home), and they kicked me out of school. (Actually what happened was they locked my course registration account, and wouldn't reinstate it until I signed the policy in their presence. I refused.)
(Sadly, I can't find the full-disclosure thread for this bug. I guess I posted it to my blog, which I deleted after being threatened by school administrators. Oh well. That was 9 years ago!)


Agreed, when SQL Injections in ASP were all the rage some 10 years ago I contacted a couple dozen companies to inform of their full credit card visible customer admin pages and asked for nothing in return (at that time someone was offered money to help fix a security breach and was arrested for blackmail -- the employee that offered the money for services was actually the police speaking to him, so that saved my ass too) and I got a ton of threats, only one company actually gave me a number to call and thanked me but when I asked for a postcard of their city he got really pissed. Good times.


This happened to me twice in college, minus the expulsion part. In the less interesting case the University sent around a form to be used in nominating student speakers for commencement. It included a drop down that was keyed off of student id. Student ids were regarded as private.
The school required everyone to either buy health insurance from them, or provide proof of insurance. They had a webapp where you could report this data. The login required your student id, name, and birth date (thanks Facebook). If you visited the app after using it, the form auto-populated with your health insurance information. I brought it to the attention of the University and they took down their nomination app in a matter of minutes.
In the more exciting incident, someone at Sungard called my university and asked them to have the campus police arrest me. (Edit: Quite boring, really http://seclists.org/bugtraq/2008/Jan/409)


So.. here's something that happened to me in my engineering software university.
A friend of me just had a summer internship in a security firm and learned a trick or two. And, looking at the html/javascript code of a page, there was an obvious entry point that gave access to anyonela else account provided you had their student number (i.e. skip the password step).
So my friend showed it to me and I suggested he tell the IT department. Obviously, the next thing we know, he's accused of "Hacking" and get menaced by the IT department.
A couple days later, we check back the website and realize that a trivial encryption is added.. I.e. you have to reverse the student number or something like that. And, obviously, just on the client-side.
A little bit pissed, we decided to take our revenge of being menaced for just being nice. So we create a web page where it explains the story (That we found an entry point, that we told the IT, etc.) and then, we say "Try it!" [<enter student number>] which directly logs you in into their account.
We e-mail that page to the main directors of the school by suggesting a quick fix. And, we make sure to CC the IT departments.
The day after it was fixed and we received a real "thanks" from the authority. I guess the trick is to contact a higher authority rather than directly contacting the IT department.


Like most developers, I've stumbled into lots of security problems over the years. The first few times I attempted responsible disclosure, but that resulted in enough close calls that I simply don't report them anymore. I document them. Sometimes I might mention them to others who have an interest.
I would now never report a security flaw without a iron clad set of laws in place to protect the rights of white-hats, whether we are licensed and approved security researchers or not.


I nearly got expelled from High School and pegged with a felony my Senior year for noticing a vulnerability.


Happened to me in 2000 in France. Same sort of stuff. Didn't kill my career. Just went elsewhere. I guess the French education system at least had this that it couldn't ban me nationwide :)


I was in a similar situation in college. Was asked to sign a Non-Disclosure Agreement or get arrested. Told them to go to hell and file a lawsuit if they want too. Nothing happened eventually. Thank God for the excruciatingly painful justice system of India :P


I've only reported a security issue once and wouldn't do it again. In this case a vendor and IT has agreed to allow several security settings to be disabled temporarily, making all user passwords easily available in the process, but then had apparently forgotten and left things vulnerable for 6 months. IT had to brief some senior people who then started freaking out about hackers. I was lucky to just get off with a few people annoyed with me.




Monday, January 21, 2013

its a bit like the 'mobile web revolution'

http://www.notenoughshaders.com/2012/07/02/the-rise-of-costs-the-fall-of-gaming/

so real games are dying and they're being replaced by 'casual games'?

any of them 'casual games' sold more in their entire lifetime than halo 4's first day yet?
http://www.vgchartz.com/article/250552/halo-4-sells-38m-first-week-xbox-360-reaches-70m-sold/

about the 'mobile web' problem...no matter how i look at the numbers, mobile is really just around 10% of 
web usage. what/where revolution?

Friday, January 18, 2013

Wednesday, January 16, 2013

really so smart ah?!?

http://squash.io/
Rather than emailing the entire company when there’s a bug, Squash only sends an email to the engineer at fault. When people receive an email from Squash, they pay attention to it, because it’s usually something they’re prepared to address. If the engineer sits on the email, eventually it escalates. You can configure how you’d like unaddressed bugs to escalate.

 http://www.chatharborhq.com/
another group chat/wave/icq thingy...

http://openera.com/products/
hmm.. its somewhat wappwolf-like...

more ifttt/zapier-like would be these...
https://cloudwork.com/
https://www.webscript.io/pricing
 webscript runs lua...oh man.....


https://push-poll.com/
and this is pretty cute, beta+free now, so send polls before it becomes unfree...



Tuesday, January 15, 2013

SSL VPN to clients, ipsec tunnels to Amazon AWS and other providers.

http://cryptoseal.com/connect/
is fresh.

as is
http://www.ciphergraph.com/

and overlap a little bit with
https://secure.logmein.com/products/hamachi/

which has an interesting competitor in the gaming space, in
https://www.evolvehq.com/welcome#welcome-features

dumb thing to count directory size

counts the size:

pushd C:\somewhere
setLocal EnableDelayedExpansion

echo off
for /f %%A in ('dir /s ^| find "File(s)"') do (set B=%%A)
echo %B%

for /f %%A in ('dir /s /b /a-d ^| find /c "zip"') do (set /a filecount=%%A)
echo %filecount%

set /a speed=100
set /a value=0
set /a sum=0
FOR /R %1 %%I IN (*) DO (
set /a value=%%~zI/1024
set /a sum=!sum!+!value!
)
popd
echo %TIME% %DATE% > log.txt
echo there are %B% files. >> log.txt
echo counted %count% files. >> log.txt
echo Size is: !sum! k >> log.txt
set /a hours=0 + !sum!/(!speed!*3600)
set /a roughly=1 + !hours!
set /a minutes=0 + !sum!/(!speed!*60) - (!hours!*60)
set /a seconds=0 + !sum!/(!speed!) - (!minutes!*60)
echo gonna take maybe !roughly! hour(s).. >> log.txt
echo or >> log.txt
echo Perhaps !hours! hours, !minutes! minutes and !seconds! seconds at %speed%kbps upload speed. >> log.txt
exit

its dumber friend counts number of files i think:

for /f %%a in ('dir /b /a-d' | find /v /c ""') do set count=%%a
echo %count% > count.log