Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

User information for Mashiki Amiketo

Real Name Mashiki Amiketo   
Search for:
 
Sort results:   Ascending Descending
Limit results:
 
 
 
Nickname Mashiki Amiketo
Email Concealed by request - Send Mail
ICQ None given.
Description --
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Homepage None given.
Signed On Feb 8, 2000, 21:30
Total Comments 3205 (Veteran)
User ID 2669
 
User comment history
< Newer [ 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 ] Older >


News Comments > etc.
44. Re: etc. Oct 20, 2012, 01:56 Mashiki Amiketo
 
Cutter wrote on Oct 19, 2012, 21:01:
Yeah, but in that case we're talking about what's relative. I have buddies who work in the Yukon, the Oil Sands, etc. and make what most people consider huge bank but their cost of living is also absurdly high. It's not like it's cheap bringing in all those supplies. Take Toronto for example, poverty wage when adjusted for cost of living is $16 an hour. Way off from minimum wage. However, 2-3k per month ain't bad for anyone. You may not be getting ahead, but it's hardly poverty level even in any major city. You may not be living downtown in some sweet pad, but you're doing alright commuting from the burbs. The trick is - as always - finding the best value for your money. Hell, I'd love to live in the country but damn if I know how I could make a living out there.
Yeah, relative is a good point which is what I was trying for in my slightly drug induced state. Ah pain killers for the pain. But Fort Mac really isn't in the middle of nowhere perse, even Grand Cache and Grand Prairie aren't. My sister lives in GC, but milk is $8/4L there, and bread is $6/loaf. So she drives to GP for groceries every month and freezes everything perishable. What drives the cost is the fact that it's a coal mining town and the wages are high, so even if it costs low to bring it in. It's the cost that can be born. And I'm not even sure you can live on $16/hr in Toronto these days. 5ish maybe 6ish years ago when the ex and I were living off of Danforth and Broadview(about a 3min walk from the subway station) we were paying $1300/mo for a basement apt. Though I will say some of the fsking roach traps in that area...ugh. At least the house was nice.

I don't live in the country, but I live in a smallish enough community that it's just close enough to it. Small enough that people know you by face, and reputation but large enough that you've got all the amenities, or they're close by.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > etc.
40. Re: etc. Oct 19, 2012, 19:56 Mashiki Amiketo
 
jacobvandy wrote on Oct 19, 2012, 17:53:
What the hell kind of diamond-encrusted palace are you living in if you consider 2-3k a month impoverished? I'm living in a very decent 2-bedroom apartment for $755/mo! If I had an extra 1-2 grand, I could eat whatever I want, finance a brand new car, and have a premium cable package with like 2000 channels! Sheeeit...
I can think of one for sure and that'd be oil patch money. At 2-3k a month unless you're living away from the patch, like in Grande Prairie and commuting in by plane to Fort Mac(fort mcmurray) and living on-site, you'll be living impoverished(there's a few other places away from the patch too). An example of how wacky prices are, the tim-tarts(girls and guys serving at tim hortons) make just under $18/hr which is enough to make ends meet.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
40. Re: You are wrong again. Oct 17, 2012, 20:30 Mashiki Amiketo
 
hb3d wrote on Oct 17, 2012, 20:26:
They can be. A website can script the URL's to execute in the browser without clicking on anything.

...
I have followed Luigi's work in game hacking for over ten years. When he says something about games and exploits, it is the real deal.
That's two completely different things than what you've said in the last 4 posts. A page running something is not the URL itself being a script. That's remote page execution. So again, disabling the steam:// handler effectively limits this vulnerability. And yes you're fearmongering, when there is a solution right there.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
38. Re: That is NOT enough. Oct 17, 2012, 20:19 Mashiki Amiketo
 
hb3d wrote on Oct 17, 2012, 19:41:
... Once you can remotely execute code as you can here, the sky is really the limit.
*facepalm* That's what remote code execution is. Glad to see you're good on the fear mongering 101 though.


No, that won't do it because if the Steam url's are scripted, you don't have to click on a thing. And, if your browser doesn't prompt on the URL's as Safari doesn't at all and others won't if set that way, you won't even know if your browser executed these URL's.
Steam url's aren't scripted. Though they can be used to execute commands, like any other API installer. Damn man, have you read the steam api deployment document before? The URL's are handlers for a command, if you don't execute the URL you don't execute the commands. They don't spontaneously start running all on their own.

Even someone from h-online figured that one out. "disabling the steam:// handler will disable or severely limit this vulnerability."
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
30. Re: Firm Says Steam URLs Exploitable Oct 17, 2012, 18:49 Mashiki Amiketo
 
Prez wrote on Oct 17, 2012, 18:30:
Some more non-techie explanation needed if you don't mind. What's the worst case scenario here? Am I looking at someone deleting my saved games or someone hacking the Depart of Defense and making it look like I did it?
Worst case? Remote code execution with them being able to transverse directories.

Meaning that they can basicially get "into" your machine and hop around doing whatever they want, to whatever directory(providing it's not locked by the OS). And depending, using engines such as unreal which have unpatched integer bugs(probably the worst offender out there right now), do code execution. Overall, it's not any worse or better than the Uplay bug.

Just don't click on any random steam url's and you'll be fine.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
27. Re: This goes way beyond being a browser exploit. Oct 17, 2012, 18:27 Mashiki Amiketo
 
No, you don't because Windows environment variables will tell you that. Plus most users use default installation locations for Windows and Steam.

Well as stated in the article the Source engine will do that for the attacker if a Source engine game is installed. But, hardly anyone plays Source engine games, right?

In order to make this exploit work, you need to be able to cause something to create the file, in order to be able to execute it. The environment variable table will not give you a list of games installed to exploit. The link itself is only an arbitrary step in this process. If you don't know what's installed, you have no attack vector. No attack vector, no exploit. It's even in the paper itself. A link isn't enough, but it is the attack point. Now I suppose you could write something to hit the top 100 games.

Even their unreal engine exploit requires a upk file to exist already, in order to cause it to crash(integer overflow). But unless it's there already you can't do squat, and unless you've already written it, or planted it again you can't do squat.

If you run a formed steam URL without something to execute it, nothing happens. If you run something with the steam engine with specific commands, with a force dump you can make it dance. But in the latter case, you need to know "what" you're running into to make it do something.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
24. Re: This goes way beyond being a browser exploit. Oct 17, 2012, 17:55 Mashiki Amiketo
 
hb3d wrote on Oct 17, 2012, 17:07:
That is really, really bad. As bad or worse than that Uplay exploit everyone bashed Ubisoft over (but not the researcher who found the exploit, hypocrites), but was fixed in a day or less. At least that exploit only affected IE users. This attack affects all browsers and Steam client users and since it can be scripted with Javascript, it is relatively easy to implement and get past the user especially on some browsers and settings.
I ah...read the "research paper" and I use that term loosely. That Uplay exploit effected everyone too, and everyone that had the game plugin installed, not just IE.

You still need to be able to have knowledge of what's where, to be able to execute this exploit. And before that you need to be able to have access to something to be able to create the batch file, in order to create the exploit in order to be able to create the vulnerability.

The computerworld article is rather meh as it stands anyway. I liked the TF2 exploit, that was rather funny. Because what they did was tell the game to create a specific file with a specific filename, thus creating the batch file from the console. But you see the problem here?
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Project Eternity Kickstarter Concludes
14. Re: Project Eternity Kickstarter Concludes Oct 17, 2012, 14:48 Mashiki Amiketo
 
nin wrote on Oct 17, 2012, 13:42:
I'm going into withdrawal w/o a recent update here...

It's the hangovers man...you saw the party, they were sloshing it out in the office then I think it was Tim was taking everyone out with the booze on him.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
15. Re: Firm Says Steam URLs Exploitable Oct 17, 2012, 13:24 Mashiki Amiketo
 
Looking at this a bit more, it appears that unless you've been able to compromise the machine before hand and lay a batch file(and know what games are installed). This is pretty much useless, so if someone has already compromised the machine that far. You've got other things to worry about than steam urls.

Though I might have missed something.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
9. Re: Firm Says Steam URLs Exploitable Oct 17, 2012, 12:10 Mashiki Amiketo
 
Jivaro wrote on Oct 17, 2012, 11:50:
Am I the only one that thinks it is bad form to go public with this before telling Valve? Seems odd to me. I am not talking about the website, I am talking about the folks that discovered the vulnerability.
Not these days. Security is through obscurity in 99% of all cases, which means the only way to get a company to patch a vulnerability is to go public and scream loudly. This isn't really the industry of 10 years ago, where you could even get a hold of someone in production and say "hey, I found this bug and it causes x,y,z to happen and when I do that I've got root." They just kinda shuffle you around until you give up.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
113. Re: Final Project Eternity Stretch Goal Oct 17, 2012, 08:31 Mashiki Amiketo
 
Lorcin wrote on Oct 16, 2012, 22:05:
Really polite and not drunk 21 units of alcohol version of saying it. Kickstarter needs to massively improve it's international appeal - there has been a LOT of games I would have supported aside from the fact I couldn't work out couldn't be bothered to find out what they wanted in my monetary terms.
Beh. Just do the conversion yourself, and stop complaining. Welcome to Canada or something, you know we're right next door to the US and have been doing it for decades. Where the currency can flux as much as a nickle or more in a day. Since there are sites like xe.com, it's not exactly difficult, you can plug in the entire amount and it'll tell you the market value--not the bank value of the transaction. Usually that's another 3-8%.

And up until the last 5 years or so, the difference between our two currencies has been at least 30-40c/dollar or more.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
72. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 20:55 Mashiki Amiketo
 
Someone just dropped $10k  
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
57. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 20:01 Mashiki Amiketo
 
ASeven wrote on Oct 16, 2012, 19:56:

Yeah, just counting the KS funds only.

Which are at $3.9M as of now.
Gotcha. They said they'd have to double check but it was 4.3 or 4.35m in total, it was kinda noisy when they said it.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
53. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 19:43 Mashiki Amiketo
 
ASeven wrote on Oct 16, 2012, 19:29:
$3.87M. 90m to go.
It's apparently past $4m now according to the livestream on twitch.

Q was asked: Will they consider doing more kickstarters after this?
Obsidian: Yes.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
29. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 17:46 Mashiki Amiketo
 
John wrote on Oct 16, 2012, 17:29:
No, it's 12 levels at least! Where you see only 8?
About half way down the page. They've got both still up, 8 and 12. Though I'd say 12 sounds aoout right.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
21. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 17:22 Mashiki Amiketo
 
eRe4s3r wrote on Oct 16, 2012, 17:18:
That's really pretty damn awesome. The sad thing is I am hyped for a game that doesn't come out for 2 years, at least.
You're not the only one. I think a *squeee* is worth it no matter what.

The dungeon is 8 levels now...that's just full of awesome.

bah stupid phone
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Morning Consolidation
4. Re: Morning Consolidation Oct 16, 2012, 15:49 Mashiki Amiketo
 
Wookiestick wrote on Oct 16, 2012, 13:50:
Oh "it's not 'metro' [anymore], it's the 'Windows 8' interface."
--Microsoft

Ah that's only because they didn't think of using Fabulous first.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Out of the Blue
6. Re: Out of the Blue Oct 16, 2012, 14:43 Mashiki Amiketo
 
NegaDeath wrote on Oct 16, 2012, 14:16:
That's the Elite Soldier preorder bonus, I had that at launch. They might be making it available to everyone.
I had it at launch too, but it didn't show up under the DLC thing until today though the elite soldiers were in the game.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Out of the Blue
4. Re: Out of the Blue Oct 16, 2012, 13:50 Mashiki Amiketo
 
Looks like X-Com has some DLC coming down the pipe "soon"
http://i47.tinypic.com/2gx1yk0.png

This wasn't showing up on release day at least for me, maybe someone can try digging and seeing if there's something else coming down the pipe.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Project Eternity Q&A; $3M Goal Reached
26. Re: Project Eternity Q&A; $3M Goal Reached Oct 14, 2012, 23:01 Mashiki Amiketo
 
"There's no demand for classic isometric RPG's"

Bwhwhaha...
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
3205 Comments. 161 pages. Viewing page 56.
< Newer [ 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 ] Older >


footer

Blue's News logo