enthalpy's forum posts

  • 29 results
  • 1
  • 2
  • 3
#1 Edited by enthalpy (37 posts) -

I don't understand why people are dicks. Regardless of the situation (and the past), Phil Fish had the opportunity to disagree in a respectful way. Instead, he told Beer to kill himself after being "masturbatory" in the whole "compare your life to mine" comment after railing against the exact same thing. That's 100% unacceptable. When you choose to be a public figure and choose to have a public persona, you have a responsibility to present yourself in a fashion that you know will be judged publicly in return. Regardless of whatever or whoever irks you, your reaction is how you're going to be judged, and Fish blew it. Good riddance.

@patrickklepek, your point was made with your bag comment alone. you're not phil fish and you're not beer. You can rest easy in that.

#2 Posted by enthalpy (37 posts) -

@wilyboy said:

So like many people I started a new game immediately after finishing the first run. I'm still pretty early on but I'm already amazed by the new meaning a lot of events and dialogue take on in the context of the ending. For instance, when the Luteces are rowing the boat in the very beginning, male Lutece insists "No, he DOESN'T row." The first time I took this to mean that I Booker was a VIP and they were not to let him row. I realized instead that they must already know how every permutation of this scene will play out, and they know that Booker does not row in any of them.

Of course, the baptism scene in the beginning takes on a new meaning as well. Comstock has a few Voxophone recording in which he muses about the fate of the sinner when the baptized man emerges from the water. I initially dismissed this as a mildly interesting, if confusing, theological thought experiment. He's actually tying his knowledge of other dimensions into his preaching.

Has anyone else noticed any fun new perspectives on events in their second playthrough?

Still need to run through this a second time if I get the time, but I thought that the wounded knee/boxer rebellion museum bits are pretty brilliant with knowledge of the ending.

#3 Posted by enthalpy (37 posts) -

@Nailbunny: @Nailbunny said:

The video game industry is not absolved of accepting responsibility. While the medium has diversified, you can't ignore the popularity of Cal of Duty and various other shooter games. The games industry shares equal responsibility in our culture of glorified guns and violence. We should not be afraid of some introspection as long its equally divided across our cultural influences.

I agree. The industry has made the decision, which I agree with, to sit at the table for this. Participating in these discussions and helping the issues be cast at the highest levels in a responsible, reasoned fashion is a way to legitimize the medium. Choosing not to act like the NRA is great, and if it turns out that the research to this date is borne out in the research done next, gaming will be quietly vindicated and continue to march into the mainstream. We have the supreme court ruling guaranteeing protection already. This is the next step.

#4 Posted by enthalpy (37 posts) -

@Tidel said:

@Stymie said:

I totally agree this statue was lame (but I wouldn't use the word "offensive"; you kind of have to be above things like this). However, I really, truly wish we could have these conversations without the constant tones of "the industry obviously only treats women like this."

How many men do any GB readers know with the super muscular, broad shoulder, 0% body fat, perfect-chizzled-chin look that virtually every male video game character has? Video games are suffering no shortage of manwhores.

The difference is, while the male form is often idealized, it is rarely objectified. It's an important distinction. When male characters are presented as solely a function of desire instead of active participants with agency, then you'd have a similar scenario. But that doesn't happen; and even if it did, it doesn't justify anything. The idea that 'men have it just as bad' doesn't excuse the fact that sexual objectification -- of anyone -- is problematic.

This statue represents the most base scenario of the objectification of women -- it's just a pair of clean, pert tits framed by the gory removal of all possible agency. It doesn't represent the entirety of women in games or gaming, but it exemplifies the persistent inequality in how gender and sex is represented, and to who, and why.

Just because you (or I) are not the 'idealized' man, that doesn't mean the idealized man is reductive of us or reflective of us; it represents a power fantasy. This statue also represents a power fantasy. That's the whole problem.

I think it's worth talking about. I think it's sad and telling that so many duders come out of the woodwork to 'be offended at your offense' and feel embattled.

No one should feel threatened by this discussion. Criticizing a tits-out statue is not defaming men, manliness or threatening any man's right to like tits. It's problematizing the persistent idea that women are frequently reduced to functions of the sexual gratification of men.

This is an excellent comment, and I'd like to add a couple of things that I think somewhat illustrate this point. First, as a man who has spent a lot of time in tropical locales in the last few years, I can state with some authority that this statue is not close to a representation of reality in terms of boobs in bikinis. This clear enhancement on the statue uncovers the odd fact that there is no reasonable male analogue that could be considered in comparison.

I would say that it is generally not reasonable to expect that there would be a version of this statue with a slightly covered penis with a portion of it showing. Or mostly-covered balls peeking out of the bottom of a speedo--in fact, that image seems patently ridiculous and I can't really think that it would ever be made or even considered. No real analogue of partially-covered man bits exists in regular form in art. Breasts uniquely skirt the line between completely uncovered, which in many places in the world is assessed to be too much for public display, and somewhat covered, which is this odd middle ground.

There are a lot of ways to try and escape talking about this, which aren't really valid. You can say things like "if it was a man, I wouldn't be offended" and "I don't know why this is a big deal" or "many women like looking at boobs as much as the next person" but all of those are missing the point in that they don't address the central issue that is felt by what looks like a fairly reasonable chunk of the population. Things like ethics and respect are not necessarily based on majority opinions. They're based on the understanding that respect and cooperation have intrinsic good.

Maybe this is because I've been watching a lot of Extra Credits lately, but a further concerning edge for me is the idea of what this does to the future of gaming escaping its current boundaries and becoming increasingly valid as a form of mass media/entertainment/possibly eventually art. As long as the community of gamers doesn't end up accepting a line of societal norms that approaches what exists in the real world, this won't happen. And things like this are steps that degrade the public perception of gaming in general, to everyone's detriment. As someone who loves games and wants everyone to understand and experience that joy, I think that this type of marketing that pigeonholes gamers to outside folks is seriously unfortunate.

#5 Posted by enthalpy (37 posts) -

@AiurFlux said:

@enthalpy said:

@AiurFlux said:

August 4th this happened, we hear about this on the 9th, and even then it still isn't listed on Blizzards main site page. Fucking disgusting. I know I should blame the hackers but when a company charges for a goddamn authenticator AND doesn't notify it's customers that an intrusion took place until 5 days later I really really have a problem with that company. I don't fucking care if they didn't know what was compromised the simple fact is that an intrusion took place and they should HAVE to notify their customers on the day that it takes place.

I'm getting sick of this shit. Now I have to monitor my finances, website accounts, and my email account all because they're fucking morons more interested in saving face rather than looking after their customer.

I'm going to say it now, there needs to be legislation in the United States, Canada, the EU, the UK, and everywhere else that states when a company experiences any digital intrusion of any kind they must inform their customers at once. Period. If they don't they should face harsh fines upwards of 100,000 dollars. No more of this waiting for 5 days bullshit. It isn't fucking right, and they're only doing it because they want to preserve their value on the NYSE.

I wish someone in this thread would put the facts together instead of going off like a crazy person here. Blizzard responded in an extremely measured way here. They first went into lockdown, which is what you do. It sounds like they saw this in near real-time, which means that they have reasonable protections and effective monitoring in place. They then, after completing what was likely an insanely complicated assessment of the situation, explained this to their customers.

It is counterproductive to require any firm to immediately inform on a breach because that can indicate a current vulnerability. This is why software firms avoid announcing compromises for their software until they patch them.

Here is what happens in a typical security incident protocol:

  • The system is locked off from the outside, accounts and sessions are killed, etc...
  • An assessment of the means of entry is done and any security holes closed, while
  • a copy of the compromised systems is made immediately to preserve the system in its current state. This includes write-blocked drive imaging, any external system log aggregation, etc...
  • Forensics begin on a write-blocked copy of any images that were taken of servers and logs are reviewed
  • An early assessment is made of the data that was available on the compromised machine(s) and combined with a network traffic assessment to assess what may have leaked
  • Appropriate law enforcement is contacted, based on the initial compromise assessment
  • If any regulated data is found, the appropriate regulatory agencies are contacted
  • After continued assessment of the state of the entire environment, a more in depth assessment of the compromise is done and a communication plan is prepared
  • Communication to affected parties happens

What's important here is that it sounds like the way in which the passwords were stored is extremely secure and is probably close to computationally infeasable to crack. Here is what can happen now:

Someone can, knowing your email address and secret question, request a password reset that will be sent to your email. That is all. From the information that Blizzard released, there is no way that people can log into your account with the information they have gained from this compromise without accessing your email account, which is another item that would have delayed the announcement.

Also, this was an impressively fast response from such a huge company.

Bullshit. It occurred 5 days ago. That's 5 days of having information at risk, including financial information given the real money auction house in Diablo 3. That's 5 days that some asshole could have free reign. That's 5 days to many. When my information is at risk, when my finances are at risk, I should be informed of it right then and there. Not a work week after the fact.

You're right in saying that divulging that information could inform other people of a vulnerability, but the simple act of hacking it has exposed that vulnerability. If you don't think that these people communicate with one another you're out of your mind. Typically it's not just one person doing it anymore but rather a group of people that each delegate part of the operation. Furthermore if they're REALLY concerned with security then maybe they should make a public notice and shut down their shit system for those 5 days until they sort it out instead of leaving it online and forcing people to find out about this through a media site like Giant-fucking-Bomb.

It's irresponsible. It's lazy. It's ignorant. And it needs to fucking change. These companies need to be held accountable and MAYBE just maybe the traditional way of doing things isn't enough anymore. How many hacks have occurred within the past year? It's unacceptable, especially in the game industry where everything is going digital and everything has extra costs tacked on.

And the response wasn't fast at all. Sony had a similar response and they got bashed for it, but because it's Blizzard people hold them up like Christ on the Cross and say "THEY'RE TEH BEST EVAR!". You sound like a PR guy when you say shit like that. The investigation might have been started fast but the whole informing the public thing, the people that give them money and put their trust in them, wasn't good.

I'm not trying to defend Blizzard per se--I'm trying to assess the breach in terms of its security implications for its users and also wanted to provide some information about how a typical incident response procedure works. I may have been too flippant with my first sentence or so, for which I apologize, and I've certainly changed my battle.net password to be on the safe side. But treating all compromises the same is not helpful to the gaming community who needs good information to assess their risk posture, nor is it particularly fair to the firms involved.

Given the timeline and types of data that they handle, I think that Blizzard informed pretty quickly. I also think that there is not a ton here that causes huge additional risk to users because, unlike many other large compromises, this compromise did not include any directly actionable data (CCNs, passwords, etc...).

Is this bad? Yes. The ability of people phish off of the email addresses is a concern, and the decision to handle secret questions in the way that they are just looks dumb. But unlike a number of the firms who have been recently compromised, the data was stored in a sensible way, i.e. hashed (hopefully salted) phone numbers and with a complex protection mechanism on the passwords.

I also think that it's best for this information to go through public sites. How do you want Blizzard to notify the community, assuming that their communication path (email) is the same as the one that the hackers now have access to? Because if this was an extremely well-planned hack, the attackers could have phished the "your account has been compromised" emails to land at the same time that Blizzard's did. And if they were even close to competent phish writers, a huge number of people would have lost their passwords to this phish.

I'm really not looking for this to be a contentious conversation--I understand your concern and anger regarding compromises, because a lot of companies are not doing what they need to do in order to keep their customers safe, and they do need to be held accountable. Like you, I hope that more facts come out of this breach and that there are clear steps taken to further tighten security around Blizzard.

Hope everyone has a pleasant weekend.

#6 Posted by enthalpy (37 posts) -

@AiurFlux said:

August 4th this happened, we hear about this on the 9th, and even then it still isn't listed on Blizzards main site page. Fucking disgusting. I know I should blame the hackers but when a company charges for a goddamn authenticator AND doesn't notify it's customers that an intrusion took place until 5 days later I really really have a problem with that company. I don't fucking care if they didn't know what was compromised the simple fact is that an intrusion took place and they should HAVE to notify their customers on the day that it takes place.

I'm getting sick of this shit. Now I have to monitor my finances, website accounts, and my email account all because they're fucking morons more interested in saving face rather than looking after their customer.

I'm going to say it now, there needs to be legislation in the United States, Canada, the EU, the UK, and everywhere else that states when a company experiences any digital intrusion of any kind they must inform their customers at once. Period. If they don't they should face harsh fines upwards of 100,000 dollars. No more of this waiting for 5 days bullshit. It isn't fucking right, and they're only doing it because they want to preserve their value on the NYSE.

I wish someone in this thread would put the facts together instead of going off like a crazy person here. Blizzard responded in an extremely measured way here. They first went into lockdown, which is what you do. It sounds like they saw this in near real-time, which means that they have reasonable protections and effective monitoring in place. They then, after completing what was likely an insanely complicated assessment of the situation, explained this to their customers.

It is counterproductive to require any firm to immediately inform on a breach because that can indicate a current vulnerability. This is why software firms avoid announcing compromises for their software until they patch them.

Here is what happens in a typical security incident protocol:

  • The system is locked off from the outside, accounts and sessions are killed, etc...
  • An assessment of the means of entry is done and any security holes closed, while
  • a copy of the compromised systems is made immediately to preserve the system in its current state. This includes write-blocked drive imaging, any external system log aggregation, etc...
  • Forensics begin on a write-blocked copy of any images that were taken of servers and logs are reviewed
  • An early assessment is made of the data that was available on the compromised machine(s) and combined with a network traffic assessment to assess what may have leaked
  • Appropriate law enforcement is contacted, based on the initial compromise assessment
  • If any regulated data is found, the appropriate regulatory agencies are contacted
  • After continued assessment of the state of the entire environment, a more in depth assessment of the compromise is done and a communication plan is prepared
  • Communication to affected parties happens

What's important here is that it sounds like the way in which the passwords were stored is extremely secure and is probably close to computationally infeasable to crack. Here is what can happen now:

Someone can, knowing your email address and secret question, request a password reset that will be sent to your email. That is all. From the information that Blizzard released, there is no way that people can log into your account with the information they have gained from this compromise without accessing your email account, which is another item that would have delayed the announcement.

Also, this was an impressively fast response from such a huge company.

#7 Posted by enthalpy (37 posts) -

Here's a tip for everyone who is concerned about potentially being the victim of an account compromise. Find a secure computer that you trust--this includes non-jailbroken mobile devices that contain a browser--and change the password on the account that you think is compromised, ensuring that you get the confirmation email. If your password for battle.net is the same as any other password, change it to be unique and long.

Until any forensics are completed that substantiate the sessionid spoofing rumor or some other compromise of the service as opposed to a meat and potatoes compromise of an individual's credentials, it's really hard to believe that people aren't just having run-of-the-mill credential compromises, and the Internet echo chamber isn't helping.

If I were in possession of a large number of compromised battle.net ids and passwords, this is exactly what I would have done awaiting the launch of D3--sit on the accounts until this point in time to furiously gather items to prepare for the immediately impending launch of the RMAH. I would then cash out fast in the initial crazy market rush.

#8 Posted by enthalpy (37 posts) -

I don't think that Blizzard needs to control anything this much to see huge gains off of the RMAH. Remember the insane black market for D2 items? In legitimizing real cash transactions, Blizzard has pulled the entire infrastructure in house to what will be not only their huge monetary benefit, but also to the protection of their consumers.

What you're suggesting would require an extremely large amount of specific effort for what would be, in the end, almost zero gain relative to just leaving the drop system intact and relatively transparent by experimentation. The consumers who will be running the high end of the AH know pretty well what they're doing, and there have always been enough people doing insane stat runs of this game to make any tweaking on the part of the developers potentially noticeable.

#9 Posted by enthalpy (37 posts) -

@Kazona said:

For once I am on the side of those users. It is inexcusable for any game but an MMO to have such major launch issues.

This launched in a broken state, plain and simple. The game requires a connection to Blizzard's servers to work, making it integral to the experience. And as such, with that not in proper working order, there can only be the conclusion that the game is broken and therefore does not deserve its high metacritic average.

But no, that's clearly not how people look at this. For some reason, because it's a server issue, people are under the (wrongful) impression that this does not reflect badly on the game itself. Somehow, through some twisted sense of logic, (some) people think these server problems are a wholly seperate matter, having nothing to do with the quality of the game itself.

If the product that you purchased does not work, you should be pissed and you should make yourself heard. That is the right of a consumer, to complain and be heard when something that's been paid for doesn't work, regardless of the reasons (barring, of course, that it's not your own fault).

For the record, this is not directed at you, Kazona, I just want to give advice to the same "you" that you referred to in your post to whom you recommended being pissed.

Dear Person,

You should probably not be pissed simply if a run-of-the-mill product you purchased didn't work in exactly the way you expected, because basing your emotional health on the function of a commodity is probably not appropriate. If your car broke down on the way to a job interview, then it seems more reasonable to be pissed. You should not necessarily make yourself heard with every minor gripe and complaint that you have. It is indeed your right to have whatever legal reaction you want to a given situation. But that does not mean that you should. You should instead choose a measured, appropriate response. In general, you should be an adult and handle yourself with grace and aplomb, because it engenders respect, civil discourse, and more positive future outcomes for everyone involved.

In this particular case, did Blizzard do something that caused this launch to be somewhat botched? Yes. Is that worth investing serious emotional energy, enraging yourself into a flurry of completely impotent Internet dickwaddery? No. Is it worth calmly describing your disappointment? Absolutely! For example, I'd love to have the one-time blacksmith achievement that is currently impossible for me to get unless Blizzard works some wacky juju server-side to fix. I'm disappointed that there is currently no fix to this and that I had some considerably interrupted play with the first day of a seriously fun game. But, for my part, I'm an adult, and I'll invest my emotional time and energy into things that really deserve it. And I'll play some more Diablo 3 and probably enjoy it.

#10 Posted by enthalpy (37 posts) -

Firing it up now, please add me!

gamertag: stemplaza

  • 29 results
  • 1
  • 2
  • 3