Early thoughts on Mass Effect 2

I finished Mass Effect a few days ago and have begun Mass Effect 2. For your reference, I play a female Shepard Infiltrator class.

– It’s a lot more action oriented. The “tell other companions what to do” bit is much more streamlined and less finicky. There are fewer skills to research (a pity) but that’s a minor complaint because the skills that do exist are pretty awesome.

– I’m still not really happy with the limited ammo aspect, but given that most classes seem to have some kind of combat skill, it’s not as bad as you might think. The heavy weapons are a nice touch — a huge upgrade from nigh-useless grenades in ME1.

– The carry-over from importing saves is both more and less substantial than I thought. It’s mostly story based, unlike Dragon Age to DA: Awakening, for example. The bonuses are nice, but not really ground-breaking.

– The loyalty mission aspect would be a lot better if there were truly mutually exclusive characters. I’m told it’s different if you’re male, but the loyalty system seems silly if you can make everybody loyal to you.

– No inventory management is a nice change.

Overall, I like it a lot. I’m glad that the Mako is gone; the resource mining is a little dull, but it’s certainly an interesting way to incite you to explore new planets. Credits seem harder to come by.

SSIS OLE DB Tools Not Deprecated

A while back, when I learned that OLE DB was being deprecated, I was concerned for what would happen with SSIS.  Fortunately, the SSIS components are not being deprecated.

Geeks In Space (And Other Security News)

• I like the idea of sending up satellites to combat censorship.  More information here and here.  Governments should not be the only entities controlling satellites—that is, unless you want to have space remain as relatively stagnant as it has been the last half-century.  My concern would be overtly criminal activity happening through these satellites—child pornography and the like.  But the current equilibrium is that “there can be child pornography” implies that “government must have the ability to do whatever it wants.”  The federal government can shut down sites at will, and they make mistakes (or sometimes “mistakes”).
• UPromise, you’re doing it wrong.  You can also read the FTC settlement.  John Pescatore, on the SANS security newsletter, writes, “The lack of ‘clearly disclosing … data collection practices’ is just as serious an issue as not encrypting the collected data.”  The organization was collecting usernames, passwords, credit card numbers, and the like, and not telling anybody about this.
• Protect intellectual property, except from government officials.
• SEAndroid.  Nice.  Even if I never get a phone with this particular kit, there should be good knock-on effects as a result of publishing the specs.
• Secure your phone and PCs the Scott Hanselman way.  There’s nothing here that isn’t novel, but it is solid advice.

Crazy Idea: Trust Employees

From the Brent Ozar PLF mailing list, I picked up a link on offering employees unlimited vacation days.  There are a few companies which do this, and I think that for a small organization, it’s a great idea.  The rub is that your hiring practices have to be good:  you need to find motivated, hard-working employees you don’t feel the urge to micromanage or monitor constantly.  These are people who want to work, who wake up in the morning ready to go accomplish something.  For those people at those places, this is an outstanding idea, and saves time and money (monitoring has its costs).

In general, my business philosophy is to treat people like adults until they prove otherwise.  If somebody wants to come in at 6 AM one day and leave at 9 PM, and then come in at noon and leave at 2 the next day, let them, especially if you’re in “creative” IT (like software development).  Originally, this is how exempt employees worked:  you worked until you got your stuff done, and then you left, regardless of whether this took three hours or fifteen.  Unfortunately, exempt has turned into “you need to work at least eight hours, and just keep working without extra pay.”  Vacation time turns into “yeah, we offer it to you, but we don’t want you to take it.”  Flexible work schedules become “we need you to come in and work from 8 AM until 6 PM and you can’t come in any earlier or later than that.”

Unfortunately, the standard company philosophy when dealing with trouble employees is, rather than focus on the trouble employee, bring the hammer down on everybody.  That way, it’s “fair” (because punishing people for the actions of unrelated others is fair?).  More honestly, that way, their HR and Legal departments don’t work extra hours and managers don’t need to take responsibility for managing people.  As a result of this shirking, good employees get treated the same way as bad employees, leading to good employees having weaker incentives to remain good employees.

So, going back to my original idea, I’d say that it might be a great idea for some people to start taking some risks.  Give your dev team home access and let them come in whenever they want, work whatever hours they want, and work any days they want, just as long as tasks get accomplished.  If they’re already salaried (which full-time employees in IT typically are), it won’t make a monetary difference.  If you did a good job hiring people (or if you can fire lousy employees easily), I’d be willing to bet that you’d see an improvement in performance as people work when they are revved up and don’t when they aren’t.  You can keep somebody in an office for 9 hours, but it doesn’t mean that you’ll get 9 productive hours.  And when coverage isn’t that important, there’s no reason even to have people stick to certain schedules.  As long as they’re productive, that’s what matters.  And if they aren’t productive, then they lose the extra privileges…or get fired.  I’ll grant that this might only apply to certain subsets of the population (and would make people not in that subset pretty angry), but that doesn’t mean that you shouldn’t give it a try.

Speaking of which, any companies hiring that do offer unlimited vacation time—and don’t guilt you into not taking vacation—you’d be near the top of my list if I start looking on the market…

This Week’s Security Notes

Not too much for this round, though I’ll have a few more links later this week.

• I ignore Google ads in their search results.  Looks like there’s good reason to.
• Yet Another Cross-Site Scripting Vulnerability.
• Social engineering on the rise.  People are the weak link in most organizations, and if you are going to target a specific organization, you’re going to target the people who have access to what you want.  If you’re just out to get control of some machine somewhere, or just looking around for things to do, social engineering doesn’t play as strong a role.  But those typically aren’t the threats we really need to focus on; focus on taking care of the tough cookies and the kiddies will be sorted out automatically.  Any time I read about social engineering, I go back to the site. (Via HNTV)

Abolish The TSA

The TSA list of things they’re protecting us from.  If that list doesn’t prove the TSA’s irrelevancy, I don’t know what does.  Well, maybe that they’re gung-ho about protecting us from cupcakes.

Schneier himself doesn’t want to abolish the TSA, but I’d consider that too much faith in a government institution.  At one point, I was kinda-sorta of the same opinion—that security has strong enough externalities that private institutions likely would not hit the optimal point—but there are incentives in place…or at least would be if the government wasn’t too busy screwing around with peoples’ cupcakes.

Recess Appointments Are Just Dandy Now

Remember when recess appointments were a bad thing?  Maybe the President could justify his decision by saying it’s a recess even though the Senate isn’t actually in recess…oh, wait…

Art And The Database Execution Plan

Brent Ozar has pictures of beautiful execution plans.

And, like most art, these plans (and their originating queries) should be framed, stored in a museum, and never made practical use of…

Mass Effect (PC): A mini-review

Rather than go into a big long post about how awesome Mass Effect is, and it is awesome, I decided to just write a few brief words on it.

It’s a Bioware RPG. It is also the worst Bioware RPG I’ve played. This is no insult to Mass Effect; it is rather an endorsement of a company that’s consistently done very fine work with RPGs.

So why don’t I like it as much as other Bioware games? It’s obviously an RPG for people that don’t play RPGs. I’m not complaining about the setting; it’s not that different from Knights of the Old Republic, for example, and I liked that game better. The characters and story are terrific. As an RPG, in which the idea is to encourage players to completely customize their characters, it’s a little short. There just aren’t enough options.

The part I liked least was the mind numbing scouring of planets by Mako. That got kind of old, and instead of going “Yay! Something new to explore!” I felt “Yay! A slight variation on the same cookie cutter level design!” The non-story missions felt mostly like filler. The game is also a bit unstable, particularly towards the end. I experienced multiple crashes, which were pretty annoying.

It really shines as an action RPG, and the controls were fluid and sensible. The idea of conserving heat, not ammunition, adds a new tactical dimension to the game instead of mere bullet counting. From a gameplay perspective, I would rather the tactics menu be a toggle than a hold, but I understand it from a roleplaying perspective. Grenades seemed nearly useless.

It’s a definite thumbs up for me. It’s very accessible and entertaining; from any other company it would be one of the best games they’ve made. Not from Bioware, and that’s a good thing.

More Of This Week’s Security Notes

• Symantec was breached.  Hackers claim it’s source code, whereas Symantec said it was an API document from April of 1999.  Then, Symantec did say that it was source code, but it was 5 years old, and some other third-party network was breached.  It’s likely that this was an Indian government network which was exploited.
• I’m very intrigued with the idea of free credit monitoring.  I need to investigate what the business angle is before signing up, however.
• In good news, I’m glad to see tethering on Android phones without getting gouged and without rooting your phone.  Cellular providers are getting pushed into the role of carriers rather than full service providers.  They’re going to go kicking and screaming, but the outcome at this point is as close to inevitable as they get.  With the Android platform, there isn’t anything that phone companies can do to add value; all they’re doing right now is crippling functionality to sustain their local monopolies.  Don’t expect that to last for too many more years.
• John Strand brings up a few ways to connect with C-level executives.  Small words, shiny objects—that sort of thing.