Remember when recess appointments were a bad thing? Maybe the President could justify his decision by saying it’s a recess even though the Senate isn’t actually in recess…oh, wait…
January 22, 2012
January 21, 2012
And, like most art, these plans (and their originating queries) should be framed, stored in a museum, and never made practical use of…
Rather than go into a big long post about how awesome Mass Effect is, and it is awesome, I decided to just write a few brief words on it.
It’s a Bioware RPG. It is also the worst Bioware RPG I’ve played. This is no insult to Mass Effect; it is rather an endorsement of a company that’s consistently done very fine work with RPGs.
So why don’t I like it as much as other Bioware games? It’s obviously an RPG for people that don’t play RPGs. I’m not complaining about the setting; it’s not that different from Knights of the Old Republic, for example, and I liked that game better. The characters and story are terrific. As an RPG, in which the idea is to encourage players to completely customize their characters, it’s a little short. There just aren’t enough options.
The part I liked least was the mind numbing scouring of planets by Mako. That got kind of old, and instead of going “Yay! Something new to explore!” I felt “Yay! A slight variation on the same cookie cutter level design!” The non-story missions felt mostly like filler. The game is also a bit unstable, particularly towards the end. I experienced multiple crashes, which were pretty annoying.
It really shines as an action RPG, and the controls were fluid and sensible. The idea of conserving heat, not ammunition, adds a new tactical dimension to the game instead of mere bullet counting. From a gameplay perspective, I would rather the tactics menu be a toggle than a hold, but I understand it from a roleplaying perspective. Grenades seemed nearly useless.
It’s a definite thumbs up for me. It’s very accessible and entertaining; from any other company it would be one of the best games they’ve made. Not from Bioware, and that’s a good thing.
January 20, 2012
- Symantec was breached. Hackers claim it’s source code, whereas Symantec said it was an API document from April of 1999. Then, Symantec did say that it was source code, but it was 5 years old, and some other third-party network was breached. It’s likely that this was an Indian government network which was exploited.
- I’m very intrigued with the idea of free credit monitoring. I need to investigate what the business angle is before signing up, however.
- In good news, I’m glad to see tethering on Android phones without getting gouged and without rooting your phone. Cellular providers are getting pushed into the role of carriers rather than full service providers. They’re going to go kicking and screaming, but the outcome at this point is as close to inevitable as they get. With the Android platform, there isn’t anything that phone companies can do to add value; all they’re doing right now is crippling functionality to sustain their local monopolies. Don’t expect that to last for too many more years.
- John Strand brings up a few ways to connect with C-level executives. Small words, shiny objects—that sort of thing.
Here’s the article.
If I were going to subscribe to a magazine, this would be on the short list, in general. However, this succinctly points out two things this blog has been saying for a while now.
1) Raising taxes won’t do any good without closing loopholes (yay me!)
2) You have to cut entitlements to make any real progress (good for Kevin, I guess.)
This sentence says it all: “[Raising the tax rate on the rich] would raise revenues of about 0.3% of GDP and do nothing to make America’s grotesquely complicated tax system more efficient.”
January 19, 2012
This is more than a decade old, but we’d better get prepared: solving the Y10K problem. It’s an elegant solution to a problem poised to strike any millennium now…
It’s Oracle vulnerability Christmas today!
The NIST National Vulnerability Database RSS feed updated today with dozens of Oracle-based product vulnerabilities, including lots for MySQL (example), Oracle Fusion Middleware (example), GlassFish (example), Communications Unified (example), Oracle VDI (example), Oracle Database Server (example), E-Business Suite (example), Peoplesoft (example), OpenSSO (example), and Solaris (example).
More information here on the 78 vulnerabilities patched.
January 18, 2012
- A virus (created by Fjuitsu) which can infect computers participating in DDOS attacks is intresting. It wouldn’t help in ultimate attribution problems, and also you would need to think of situations in which an attacker is going through a series of proxies. It seems like they would need to solve the attribution problem before this would become really useful.
- American consumers are suckers for free things, so much so that they are easy to scam. I’d say to update your priors, but all of those target groups seem pretty normal. I’d imagine that the 65+ crowd is #2 on the list, after 18-25: the youngsters first because they don’t know any better, and the older folks next because they’re historically the typical candidates for scams, being lonely, possibly senile, perhaps a little desperate, and without the social networks to warn them away from really bad ideas.
- Don’t use AIM. The article says not to use the newest version, but my version of it is probably more suitable…
- A new WordPress update is out.
January 17, 2012
This is the final chapter of Extraordinary Popular Delusions and the Madness of Crowds. The topic here is relics, otherwise known as “How is it that great saints always seem to have thousands of finger bones?”
Modern relics tend not to be actual body parts, but rather “This is the chair that Thomas Edison sat in as he did his thinking.” In other words, we attach sentiment to objects and devices which were used in some way by someone we respect or admire. Mackay argues that our modern “reliquism” dates back to just before the Crusades, with Christian pilgrims bringing back “thousands of apocryphal relics, in the purchase of which they had expended all their store” (696). These relics ranged from pieces of the “true cross” to tears, blood, hair, and toenails.
Mackay then notes throughout the centuries that this lust for relics has not abated. It has changed in focus and in form (in other words, people tend not to collect toenails of the rich and famous anymore), and relatively few people think that these things cure diseases. We use them as a concrete link to the past, and they are wonderful to that extent; just make sure before you pay big money that this really was Elvis’s belt you’re buying…
January 15, 2012
I rant because it hurts me on a professional level that there are so many pieces of software vulnerable. Just checking out Exploit-DB on two days (January 3rd & 4th, 2012), I saw 19 exploits. Of these 19, 11 were SQL injection (well, 1 was XSS+SQL). Here they are:
- MyStore Tienda Virtual SQL Injection Vulnerability
- WordPress Comment Rating plugin
- MyStore Teinda Virtual SQL Injection Vulnerability (a second one)
- ellistonSPORT Remote SQL Injection Vulnerability
- EasyWebRealEstate Blind SQL Injection Vulnerability
- SyriaNobles SQL Injection Vulnerability
- Posse Softball Director CMS SQL Injection Vulnerability
- Mediashaker Blind SQL Injection Vulnerability
- Biz Technologies SQL Injection Vulnerability
- Cornerstone CMS SQL Injection Vulnerability
- Posse Softball Director CMS (team.php) Blind SQL Injection Vulnerability
What’s sad is that this is just a typical outcome: on most days, it seems that roughly half of the vulnerabilities found are SQL Injection attacks. What’s even more said is that protecting against SQL Injection is not a difficult task. It just requires sanitizing inputs, parameterizing queries, and limiting dynamic SQL statements. I know that my focus is on the Microsoft stack, but other languages have their own versions of these concepts, and putting them into place requires just about the same level of skill—that is, very little.