Scientist also like to be able to continue doing their research, so they make at least some money. Do you expect these scientists work for free. How do you expect them to pay for equipment and other resources needed to do their work.
In the above HN comment, basically it explains the linode hack, saying they got access to linodes registrar and were going to use it to steal passwords from linode customers. But they ended up finding the Coldfusion hole made it possible to break directly into linode, so they used that instead.
Some details that people have been able to find so far.
1) The guy claimed to have hacked ColdFusion using some 0-day exploit. He could have just been going off this recent Adobe bulletin. But this bulletin was before the Linode announcement, so who knows. http://www.adobe.com/support/security/bulletins/apsb13-10.html
This hotfix resolves a vulnerability that could be exploited to impersonate an authenticated user (CVE-2013-1387).
This hotfix resolves a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console (CVE-2013-1388).
2) One of the files in the directory list that has a unique name is actually accessible on linode.com: http://www.linode.com/y_key_57284cb2de704e02.html
3) Looks like seclists (nmap people) were targeted by this hack: http://seclists.org/nmap-dev/2013/q2/3
4) It is not clear if credit cards were compromised or not. While this "ryan" guy claims they were, we won't know unless the list is published or Linode admits to it.
It is good to point out the Austin has Grande Communications, which actually has pretty good service for the price. The problem is they have limited coverage.
Sure it's fun to knock Google for shutting down services, but I believe most (if not all) of their shutdowns have always been free services they provide to consumers. I'm not aware of any paid Google service that has been shutdown. Though, Google has been known to drastically increase the cost of their services where it drives people away (mapping and AppEngine are 2 more recent examples, though they lowered the price of maps after a lot of people left).
Google is trying to find services to hook people with, so they fund a lot of startup type projects to see what will hook people. When those projects don't produce the results they want, they just shut them down. But from what I've seen, those have mainly been free services.
Now, taking away open standard support, like CalDAV from calendar, is a much more troublesome issue.
Google Reader was free for 8 years. It has definitely by my favorite RSS software out there. We have 4 months to get our data out of reader (they give it to us in an easy to process JSON file).
A lot of people saw the writing on the wall about Reader. No blog posts from them in 1.5 years. Removing functionality so it didn't compete with Google+. Increased aggressiveness in Google Spring Cleaning. This day was coming, it was just a matter of when.
While it sucks that I now have to find a Google Reader replacement, giving me 4 months to find that alternative is nice. It's like iGoogle, but they gave people 16 months to find an alternative there.
It'll require some client hacking as well. All server communication is via HTTPS. MITM (man-in-the-middle) does not work against it as the simcity client may have checks to look for certain certificates built into the client itself. So you'd probably need to hack the client to allow for other certificates to be accepted during the SSL negotiation.
(I've been digging into this some, but sadly I have a day-job that I actually have to do)
I decided to pre-order SimCity and I have definitely been annoyed by their server issues, but I decided to track down for myself as much info as I could about what's going on.
1) All of the servers seem to be running on Amazon EC2 (or other AWS type services). This is what gives them their different zones. Fun enough, most of the communication seems to just be a HTTP API, and they aren't doing any type of UDP streaming of data. Sadly I haven't been able to MITM the encrypted stuff yet to see what's going on with transferring of game state data.
2) While EA/Maxis's official PR lines have been pretty quiet, a few of the Maxis dev staff have been posting what they can. Here are a few links around information they have been sharing:
One of their server guys: https://twitter.com/derricks
Maxis Employees on Reddit: http://www.reddit.com/user/ryani and http://www.reddit.com/user/MaxisMC (they have been posting at least a little).
3) They are trying to gather as much feedback as possible to find out where people are having the most problems to get those issues fixed.
With this game being so reliant on their servers, they should have done a few stress test weekends, but sadly, they decided not to do that and EA's customers are now stress testing on a live setup. I'm sure engineering didn't want to do it this way, but that's how it ended up happening.
Exactly. CNN did not truly replicate the test that the NYTimes did, they just did their own test that was somewhat similar. There are a lot more variables at play here than distance driven. No overnight stop without it plugged in. The temperature while driving was significantly higher for the CNN test.
This is just CNN trying to take a shot at the NYTimes.
Banks must have your permission to run your credit report. If a bank or any organization runs your credit without your permission they can get in pretty big trouble.
It's important to remember that there are 2 ways of buying Office 2013 (at least for home use): Office 2013 and Office 365. MS has a nice simple comparison here. The $99/year gets you 5 computers while the other SKUs only let you install on 1 computer.
One important change for the stand-alone SKUs is the # of computers you can install on. In Office 2010, there were SKUs that let you install on 3 PCs for "Home & Student" edition or 2 PCs for "Home and Business" edition. While Office 2013 is 1PC for all editions of the stand-alone. I'm guessing this is MS trying to push Office 365 (the subscription).
If I was installing on 5 PCs, the subscription may be worth it, but I'm not sure I like the idea of my software license expiring and possibly losing data.
As a reader of Hacker News I'm getting a bit sick of this coverage myself. Last night, 9 of the 10 top stories were in relation to Aaron and the whole situation. The guy did some great work, but he never even got into a courtroom to see how things would play out. The other thing to note is that it was known even publicly that he suffered from depression. A high-stress situation plus depression is the recipe for this type of situation.
I'm not say either side (the people making him into a martyr or prosecutor for going after him) is right or wrong with what they are doing. But to me, the reaction I've been seeing so far from those on sites like Hacker News seems to be a little far out there.
Exactly, I wish I had mod points to give you. It sounds like she came to the idea of not taking vaccines on her own and is using her faith as the reason for the decision.
I would imagine they are watching the handshaking and looking for certain patterns at the start of TCP sessions. If the streams match a certain pattern (VPN connection handshake), then the connection will be added to the global blacklist at the next update. For VPNs that do their negotiation fully over UDP, the firewall probably just has to look for a specific set of packets between 2 systems over a short period of time.
Protocol/Application detection isn't all that hard with the right tools.