enthalpy

@AiurFlux said:

August 4th this happened, we hear about this on the 9th, and even then it still isn't listed on Blizzards main site page. Fucking disgusting. I know I should blame the hackers but when a company charges for a goddamn authenticator AND doesn't notify it's customers that an intrusion took place until 5 days later I really really have a problem with that company. I don't fucking care if they didn't know what was compromised the simple fact is that an intrusion took place and they should HAVE to notify their customers on the day that it takes place.

I'm getting sick of this shit. Now I have to monitor my finances, website accounts, and my email account all because they're fucking morons more interested in saving face rather than looking after their customer.

I'm going to say it now, there needs to be legislation in the United States, Canada, the EU, the UK, and everywhere else that states when a company experiences any digital intrusion of any kind they must inform their customers at once. Period. If they don't they should face harsh fines upwards of 100,000 dollars. No more of this waiting for 5 days bullshit. It isn't fucking right, and they're only doing it because they want to preserve their value on the NYSE.

I wish someone in this thread would put the facts together instead of going off like a crazy person here. Blizzard responded in an extremely measured way here. They first went into lockdown, which is what you do. It sounds like they saw this in near real-time, which means that they have reasonable protections and effective monitoring in place. They then, after completing what was likely an insanely complicated assessment of the situation, explained this to their customers.

It is counterproductive to require any firm to immediately inform on a breach because that can indicate a current vulnerability. This is why software firms avoid announcing compromises for their software until they patch them.

Here is what happens in a typical security incident protocol:

• The system is locked off from the outside, accounts and sessions are killed, etc...
• An assessment of the means of entry is done and any security holes closed, while
• a copy of the compromised systems is made immediately to preserve the system in its current state. This includes write-blocked drive imaging, any external system log aggregation, etc...
• Forensics begin on a write-blocked copy of any images that were taken of servers and logs are reviewed
• An early assessment is made of the data that was available on the compromised machine(s) and combined with a network traffic assessment to assess what may have leaked
• Appropriate law enforcement is contacted, based on the initial compromise assessment
• If any regulated data is found, the appropriate regulatory agencies are contacted
• After continued assessment of the state of the entire environment, a more in depth assessment of the compromise is done and a communication plan is prepared
• Communication to affected parties happens

What's important here is that it sounds like the way in which the passwords were stored is extremely secure and is probably close to computationally infeasable to crack. Here is what can happen now:

Someone can, knowing your email address and secret question, request a password reset that will be sent to your email. That is all. From the information that Blizzard released, there is no way that people can log into your account with the information they have gained from this compromise without accessing your email account, which is another item that would have delayed the announcement.

Also, this was an impressively fast response from such a huge company.

Here's a tip for everyone who is concerned about potentially being the victim of an account compromise. Find a secure computer that you trust--this includes non-jailbroken mobile devices that contain a browser--and change the password on the account that you think is compromised, ensuring that you get the confirmation email. If your password for battle.net is the same as any other password, change it to be unique and long.

Until any forensics are completed that substantiate the sessionid spoofing rumor or some other compromise of the service as opposed to a meat and potatoes compromise of an individual's credentials, it's really hard to believe that people aren't just having run-of-the-mill credential compromises, and the Internet echo chamber isn't helping.

If I were in possession of a large number of compromised battle.net ids and passwords, this is exactly what I would have done awaiting the launch of D3--sit on the accounts until this point in time to furiously gather items to prepare for the immediately impending launch of the RMAH. I would then cash out fast in the initial crazy market rush.

I don't think that Blizzard needs to control anything this much to see huge gains off of the RMAH. Remember the insane black market for D2 items? In legitimizing real cash transactions, Blizzard has pulled the entire infrastructure in house to what will be not only their huge monetary benefit, but also to the protection of their consumers.

What you're suggesting would require an extremely large amount of specific effort for what would be, in the end, almost zero gain relative to just leaving the drop system intact and relatively transparent by experimentation. The consumers who will be running the high end of the AH know pretty well what they're doing, and there have always been enough people doing insane stat runs of this game to make any tweaking on the part of the developers potentially noticeable.

@Kazona said:

For once I am on the side of those users. It is inexcusable for any game but an MMO to have such major launch issues.

This launched in a broken state, plain and simple. The game requires a connection to Blizzard's servers to work, making it integral to the experience. And as such, with that not in proper working order, there can only be the conclusion that the game is broken and therefore does not deserve its high metacritic average.

But no, that's clearly not how people look at this. For some reason, because it's a server issue, people are under the (wrongful) impression that this does not reflect badly on the game itself. Somehow, through some twisted sense of logic, (some) people think these server problems are a wholly seperate matter, having nothing to do with the quality of the game itself.

If the product that you purchased does not work, you should be pissed and you should make yourself heard. That is the right of a consumer, to complain and be heard when something that's been paid for doesn't work, regardless of the reasons (barring, of course, that it's not your own fault).

For the record, this is not directed at you, Kazona, I just want to give advice to the same "you" that you referred to in your post to whom you recommended being pissed.

Dear Person,

You should probably not be pissed simply if a run-of-the-mill product you purchased didn't work in exactly the way you expected, because basing your emotional health on the function of a commodity is probably not appropriate. If your car broke down on the way to a job interview, then it seems more reasonable to be pissed. You should not necessarily make yourself heard with every minor gripe and complaint that you have. It is indeed your right to have whatever legal reaction you want to a given situation. But that does not mean that you should. You should instead choose a measured, appropriate response. In general, you should be an adult and handle yourself with grace and aplomb, because it engenders respect, civil discourse, and more positive future outcomes for everyone involved.

In this particular case, did Blizzard do something that caused this launch to be somewhat botched? Yes. Is that worth investing serious emotional energy, enraging yourself into a flurry of completely impotent Internet dickwaddery? No. Is it worth calmly describing your disappointment? Absolutely! For example, I'd love to have the one-time blacksmith achievement that is currently impossible for me to get unless Blizzard works some wacky juju server-side to fix. I'm disappointed that there is currently no fix to this and that I had some considerably interrupted play with the first day of a seriously fun game. But, for my part, I'm an adult, and I'll invest my emotional time and energy into things that really deserve it. And I'll play some more Diablo 3 and probably enjoy it.

Firing it up now, please add me!

gamertag: stemplaza

I had the exact same issue with that exact fight, and the advice here to use your bow early on is a good one. I think that for me, it was having a super early set of weapons and basically working straight to that quest--the daggers didn't cause enough stagger to keep a decent chain going. Upgraded weapons, relied more on bows to begin fights and it became way, way easier.

@Cabbage_TheMan said:

@enthalpy: In regards to the Middle East, where were you located? How long were you there? Like I mentioned earlier, were you worried about doing something unacceptable like hugging a girl friend?

In regards to SE Asia, I'm deathly afraid of spiders, so I am sort of limited to Northern areas lol

I'm in Qatar--have been for 2.5 years, will be for a bit longer. I don't teach, but know a bunch of folks who do. :) I definitely don't do some stuff that I would in the states, like even holding hands with my girlfriend in public spots, but it's part and parcel of the whole deal. It feels onerous sometimes, but the institution that I work for is doing good things for the region and for the local society with the students that we have, so I'm willing to make the change. If I were to do hug her in public or something, it wouldn't really be an issue in most places, but I also would like to be a good representative for the US while I'm here and act in such a respectful way that improves how people look at the US in general. I feel that doing what's right for the local culture is part of working as an expat. That having been said, I vehemently oppose some things about the way that the local culture works. Hopefully, by being a good example, I (along with the other expats here), can help people see different ways to do some things.

Heh. Thailand alone is worth the spiders. ;)

I believe that this is a feature. 24FPS, if I remember correctly, is film speed. A true 24Hz output of the yamaha means that the receiver isn't interpolating frames--if it were outputting at 30 Hz or a multiplier thereof, it'd have to guess about some frames and not deliver them with perfect pace because 24 isn't a multiplier of 30. It's good that you have a 120Hz TV because with a 24Hz source, it just leaves a frame up for 5 refreshes and doesn't have to do a 3-2 pulldown or something like that like you have to do with a 60Hz TV to approximate the film speed.

As a Mac note, you should also be able to use the command "ditto <path/to/filename>" from a bash shell (open the Terminal Application) to unpack this. You can do "man ditto" to get the insane manual page.

If this filename was foo and you dropped it into Downloads, you'd do the following:

ditto ~/Downloads/foo

and it would decompress.

@MB said:

@Cabbage_TheMan: I was on a military base so the only women I "interacted" with were other Americans. I'd rather not say which country it was in though, it was a shithole with a terrible culture and awful people and I hope I don't ever have to go back there.

YIkes. As someone living fairly happily as an American expat in an Arabic-speaking country with a US presence, I hope you didn't have such a bad experience here! Sorry to hear about your time--I've heard some pretty bad stories from folks who live nearby. :/

As for the OP, I think that you need to do an extremely thorough job of checking out the company/group you're working for and making sure it matches both with your professional development goals and also with your philosophy on education--there are lots of groups in MENA/South East Asia who may be affiliated with very particular interests and you need to assess whether or not you are a good fit for one another. You should also make your decision in part based on the expat benefits provided and the willingness of your company/organization to assist you in relocation to and from the country and residency details.

I'm an expat who works at an educational institution in the Middle East, and I would have been sunk if not for the assistance of the HR group here. South Korea is in a far different place of cultural development compared to here, though, and I imagine that there is quite a considerable expat group as well. I've heard it said that being an expat isn't just a resume line, it's a frame of mind--you have to be flexible with some of the frustrating things you are going to have to deal with on a regular benefit or you will hate it. As long as you can roll with the punches and handle not being in physical proximity to family, friends, or what have you, you'll do great. SE Asia is going gangbusters right now and is seriously fun to travel around in if you get the chance. :)

If you have any specific questions about life as an expat, feel free to reply in this thread or PM me.