popping boxes at the pwn2own contest

NakedSecurity has a nice article on the current results of the CanSecWest PWN2OWN contest where attackers target popular web browsers and companion products for some public shaming. Between PWN2OWN and PWN4FUN, all 4 major web browsers (IE, Firefox, Chrome, Safari) exhibited security holes, with Safari even giving up privilege escalation into root.

Running IE is still a riskier position than running another browser (tempting attack surface, integration into OS, difficulty implementing user-gated authorization of scripts). But the takeaway from events like PWN2OWN is every browser has issues. Users still need to browse the web with care and turn off globally allowing scripting and other packages, no matter which particular web browser they use.

I always get crap for how web pages look in my browser as I disable so many things that sites want to load, but at least I have a little bit more assurance in the added security of my web browsing.

thoughts on star wars the old republic

I’ve been playing SWTOR since release, and thought I’d share some thoughts on it. In WoW, I really preferred playing a healer or even a tank role, and in SWTOR I do mostly the same thing. I have a 42 smuggler healer, a 20 jedi guardian tank, and a 22 bounty hunter tank. Plus I’ve essentially started a total of 8 toons, but the others are sitting at their Advanced Class choice and are either parked for the future or do some crafting for me.

First, I just want to say I love the Smuggler healer. I’ve played healer types for many years, and really like the mechanic of the smuggler, especially while I level, since I can indefinitely heal my companion against many heroics and random champions/elites in the world; I can solo content most others cannot, even other healers. This is due to the energy regen/balance that a Smuggler has to maintain, rather than your traditional mana pool which will always go down faster than it regens…

Second, tanking is not as easy as WoW (seriously, it’s *easy* since Wrath), and not quite as fun. Lots of blaster-firing ranged mobs force me to play tag quite a lot. In WoW, tanks have it easy with AoE threat, other than Druids who do have to play tag. Most SWTOR tanks feel more like a Druid tank, with the slight exception of the Bounty Hunter who has a few extra AoE tools. Still, if the DPS in the group decides to go after their own targets, they’re going to get a tongue-lashing from the healer because they *will* pull aggro on their own targets. Tanking in SWTOR is not designed for the tank to hit two buttons and all the enemies stick to him like glue. This is both good (skill! fun!) and bad (a bit frustrating). Just like leveling the Druid as an instance tank!


– I care about my freakin’ character’s….character! Yes, I care about his motivations, friendships, choices, backstory, and forward story. In WoW, I didn’t even think about it because I’d never had a game until Skyrim and then SWTOR which gave me a taste of that sweet, sweet nectar. I love that you can make choices in responses, dark/light alignment, advanced classes, and other things that are really either/or choices. Too many games end up allowing you to eventually do everything, but their is some power in forcing a hard, permanent choice for players when done correctly, and I feel SWTOR hits it correctly. I think in part because there’s no optimum answer. Many games with a hidden alignment choice (good/evil) end up agonizing players because they want to know which option is either the best one or ends up being the one they want, but in SWTOR, it really ends up not mattering to the min/max audience. Once you accept that and get into the character, it’s very satisfying.

– All the classes/playstyles. The game touts 8 classes, but really there are many more. Each of the 8 classes makes a choice at level 10 for their Advanced Class. Each Advanced Class then opens up the 3 available talent trees (2 unique, 1 shared between both Advanced Classes). This means that you could make 16 toons, and not have any duplicated talent trees. Honestly, it’s a bit less than that, since some characters will play relatively similarly, but there are more playstyles to experience than just the raw 8 classes. (In WoW, there are 10 classes; and while there are multiple trees in each, you can always respec into them once you get max level. In SWTOR, you can’t respec to the other Advanced Class. In WoW, you’d only ever make one Horde Druid, but in SWTOR, you can make a Scoundrel Smuggler and a Gunslinger Smuggler on the Republic side, and still be entirely different.)

– Story, story, story. It’s freakin’ Star Wars. And it has great storylines! My smuggler has ‘scored’ with 5 ladies so far (one a repeat customer), my imperials have executed and tortured multiple innocents, and I have an ability called “Shoot First.” (Yes, my smuggler has that. Yes, I love Bioware just for that one thing.) The way story stuff is integrated into the world is really neat, and really does change the feel of an entire planet’s experience.

– The Dark Side is really dark. In fact, strikingly dark. I tortured, executed, and murdered at least 4 people before my first Sith was level 10. Many Dark Side choices are actually uncomfortable, and I applaud Bioware for being ballsy in that regard. The original Star Wars movies were not kid’s movies, but they were kid-approachable. The later movies were kid’s movies, and their non-lasting impact is increasingly clear.


– No LFG system. Granted, this is a rather recent WoW addition, but oh my god is it awesome. I honestly put the LFG tool in WoW as one of the top two additions since launch, if not the top addition. For reformed hardcore players like me who just want a casual experience on my own time, the LFG system is an absolute godsend. SWTOR needs one. Badly. (And it is in the works, supposedly patch 1.3, which is probably 3ish months away or more…)

– The UI needs work. I really miss a few things like seeing target’s target and focus windows, especially as a healer/tank role. The UI also needs a lot of help to assist with crafting and playing the auction house (galactic trade network). It’s really a pain in the ass to craft, right now. I do kinda like that macros and addons are not supported, since you kinda eventually become a slave to them, but I do wish some of the more useful changes to the UI were included.

– The level designers made great, beautiful, HUGE maps and planets and buildings. But damn are some of them unnecessarily huge. They’re great to behold early on…until you have to run through them to make sure you didn’t miss a quest-giver in the corner of the second floor of the Senate. Oof!

– I kinda wish the dialogue wheel, where you choose your character’s responses to various cutscenes, could use work in accuracy. I really dislike choosing what I think is a witty response, only to have my guy say it completely unexpectedly and with a sarcastic, mean tone that I totally didn’t anticipate and pisses off my companion.

– I am looking forward to more content. In WoW, you could level up your toon in Kalimdor. Or Eastern Kingdoms. You could do so in the Dwarven area, or the Elwynn area. In other words, you could level 3-4 characters and never see the same content/quests until quite a bit later into the game. For SWTOR, you really will see the same planets and quests with your second toon as you did with the first, though all the storyline stuff will be different. Still, I look forward to more content in the future so that I can level other toons in different areas. (This might be really hard, since the story line stuff that goes up to around level 35ish is pretty set on specific planets…Bioware may have pigeon-holed themselves in that regard, but we’ll see!)

meetup.com suffering through sophisticated ddos attack

So I’m reading over at Naked Security of Meetup.com suffering a DDoS over the past week and a Meetup.com CEO post that said:

The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated.

Amateurs with a sophisticated attack. Wait what? Dropping the S word gives me Sad face.

Anyway, this is a great chance for discussion on how a business would go about preventing DDoS and/or reacting to it at the moment it happens (assuming some or no prevention in the first place). DDoS is not *that* sophisticated of an attack, but prevention and reaction is often sophisticated. Oh, and expensive.

Having not actually worked at a company that suffered a DDoS attack, I’d only be guessing based on research and second-hand info, so I’ll just sit around with some popcorn for the moment.

This is also a great opportunity for Meetup.com to show off what they *did* do for this sort of attack. Though I doubt they have a more technical blog, which is a shame.