Recent Comments

They're far more than minor details of project management. Compare and contrast "Waterfall" with "Agile". The first says you develop an exhaustive specification of what you want, then pass it through channels, and only at the end do you work on coding the whole project to spec. The later says you start developing, and it's a back-and-forth process defining the end project spec along the way, based on what is found to be practical in writing the code.

In fact, just visit the "Criticisms" section on each method for a quick breakdown.

Read the article and find out, AC!

They said both yes AND no to .hotel?

As a non-coder, this is all fascinating to me. I read all the wikipedia pages (thankx Bryan). As a project manager though, it seems to me like different versions of really elementary stuff:
1. Let's talk to the client to make sure we know what we want,
2. making sure the client also knows what that will entail in terms of hours, money, effort.
3. then let's stay in touch as we go in case the goals or demands shift.

After that it's just a matter of: Do you go section by section? Do you start with a prototype and then work outward? Do you finish the first section/module/unit/whatever before starting the next one?

Basic project management, I think. Is there more to it than that?

I don't engage much in games where you can grind an advantage. You'd have half of people be below average too if the most important determinant of success was skill, not time spent playing. Guild Wars 1 got you to perfect stats end game gear very quickly. After that it was your skill, build choices and teamwork that got you further.

"Hewlett-Packard has alerted some customers that it will be revoking a digital certificate used to sign a huge swath of software"

Nice try, NS4.

Whether their CA has been breached or not is irrelevant, they clearly did not have procedures in place to protect the integrity of the signature. If a PC is used by someone responsible for signing code surely there should be procedures in place to make sure that that PC is not subverted?

Wikipedia cheatsheet:

• Agile
• Cowboy
• Design for test
• Feature driven development
• JAD
• RAD
• RUP
• Scrum
• Spiral
• Waterfall
• Wheel and spoke
• XP
• Bugger off I code alone (cowboys deserve two options)

I've heard that it is something like a MUD with pictures... right?

Yes, I played that a fair bit at Uni, not for a little while though.

Honestly it was better at level 60...Even good at level 60. The next expansion brought the 'no child left behind' act to wow where everyone is covered in epics..even Terrible people. Even people that can only play 1 hour/week. The entire concept that everyone can be awesome(or even average) is flawed by definition... Half of people are below average, on average..

Truly we can see that here at Pipedot, we are all great MMO fans. :p

I don't even consider MMOs to be video games, to be honest. Where's the game part? Collecting 40 wolf pelts? "But, the end game is great! Raiding is so fun!", they say. Wel if the end game is so much greater than the beginning, why didn't the make the whole thing the end game and removed the mindnumbingly boring grinding part? Cause they need subscriptions is the obvious answer, but that doesn't make the experience more fun for the player.

The only mmo-ish game I enjoyed was Guild Wars 1. Every single story mission was basically an instanced raid. They followed my advice and it really paid off. Too bad the sequel regressed so much...

Genetics: Why you look like your father, or if you don't, why you should.

I do so grinding out 20 more levels, and having all my hard-earned epics turned into trash and replaced by greens so I can do it all over again. Oh can we have new reputations so i can grind those out too? Maybe only by quests so I have absolutely no freedom in playstyle and it's all exactly pre-scripted for me so you know it will take exactly 32.4 hours. Thanks, here's my 50$..

Yes, I was answering myself after I found 802.11w. Still me. :)

Other than the firmware mods (which I gather aren't actually available unless one writes them) your other suggestions are of course untenable.

Starting to seem as if the better approach would simply be a 3G card or dongle directly on each device, removing 802.11 from the picture. This works with most family plans. Pity though, having to spend extra money to dodge the bastards. Of course on their premises they could conceivably jam GSM and CDMA too.

how far one would have to go to fly under the radar of most of these WiFi attacks and countermeasures and just use your own damn equipment and services without interference.

I'd use the FCC's contact page... It's super effective!

Turning-off SSID broadcasting won't do the tiniest thing.

The AC mentioned 802.11w before me. But there are other potential options in the interim...

* WiFi firmware (on ALL your clients) could be modified to ignore deauth packets if sent too frequently, and pay attention to data connectivity, instead.

* You could put your AP and all your clients in a metal (Farady) cage, but you need your cellular antenna to be outside the cage to get a signal.

* You could use network monitoring tools to look for deauth packets, then walk around checking signal strength to find the physical location of the AP interfering with you. From there, a crowbar will solve the problem quite nicely... Alternatively, unplugging or putting a metal cage around the interfering device will work, if you're opposed to vandalism for some strange reason.

* You could PLUG-IN to your AP instead of using WiFi. Of course if you're tethering to your cell phone (as opposed to a "MiFi" device that has an RJ45 port) then the deauth attack could make internet access unavailable indirectly.

Huh, it looks like at least part of the answer is 802.11w.

http://security.stackexchange.com/questions/20219/preventing-deauthentication-attacks

My question is whether we as consumers/paying guests/etc. can configure an AP so that it provides us service and yet flies under the radar enough to be immune to these lowly tactics on the part of scummy businesses like Marriott.

Obviously one can turn off SSID broadcast, which helps a teeny tiny bit, but I wonder just how far one would have to go to fly under the radar of most of these WiFi attacks and countermeasures and just use your own damn equipment and services without interference.

Naturally if you're transmitting at any frequency at all, SOMETHING can find you, but if you obscure your protocols and frequency enough it should be doable. The only question is how much is enough and how hard is it to do...

There is a history of edits. And a system to easily spot the differences between the edits using highlighted red/green "diff" text.

if there is a law that makes it illegal to purposefully jam a WiFi signal, shouldn't a denial of service attack that takes out the WiFi be similarly illegal?

My thoughts exactly. The technical mechanism they used is only of interest to us readers as a technical curiosity. I don't know that 'jam' and 'DoS' are really exclusive, anyway: it seems reasonable to say that they used DoS as a means of achieving a jam.

I had added a link to the statcounter page, but it got removed. Let's see if it works when pasted as text:

#browser-DE-monthly-200807-201410" rel="nofollow">http://gs.statcounter.com/#browser-DE-monthly-200807-201410

Actually according to StatCounter, in Germany Firefox is still the most-used browser, although it markedly went down from its peak of 62.25% in November 2010 to "just" 41.95% in October 2014.

Unfortunately data before Juli 2008 is not available; but since then, Firefox has consistently been the #1 browser; only the #2 has switched from IE to Chrome.

So if Firefox is dying, it still has a long way to go.

#browser-DE-monthly-200807-201410" rel="nofollow">

I do use Github, but if they can just disable my repos without any kind of process or warning. I think I'm better served to move to one of a half dozen other choices.

Each of which can do the very same.

Tried Munchkin?

So what? Are you invested in github? If not, why do you bother?

If a disappearing git repository does have anything but a minor effect on you, they you're doing something wrong.

Except that in humans, the place where immature eggs are stored is not identical to the place where mature eggs are fertilised.

MUD was given up left and right around me... Not too much fun to play mud, if your are alone.

Haha... should I EVER play with an Atari again... it certainly won't be E.T.
I think I had this game, it was crap. But one thing the C64 could not do...
Play M.U.L.E with four joysticks.

You have a point... The Atari 400/800 version was far less horrific than the 2600 version.

And apparently, you can play it with Java online:

http://www.xlatari.com/game.php?id=1361

That's a different Atari. ;-)

My very first computer:
http://en.wikipedia.org/wiki/File:Atari-400-Comp.jpg

Any chance of keeping a history of edits?

14 years now since I gave MUD up

You forgot RTSand MOBAs. :p

is it possible for Marriott hotels to forbid the use of personal hotspots? Part of the ToS guests have to sign?

You'd have to check through ALL FCC rules. They can preempt and nullify any such agreements or rules that affect wireless device use. They've really put their foot down for OTA TV, DBS (satellite), and WPS (formerly: wireless cable TV), and could do so for WiFi:

http://www.fcc.gov/guides/over-air-reception-devices-rule

You'd need a lawyer specializing in this stuff to determine if they've made any rules that might apply to restrictions on the use of WiFi.

Ok, being able to send "de-authorization" packets does not mean to be able to identify or localize the hotspot.

It's extremely easy to locate a WiFi hotspot. Android devices have WiFi Analyzer which will beep like a signal meter as you approach a given AP. Then just walking around the location, you'll be able to use that info to narrow it down to a 20ft area, or so. You can do the same with any WiFi device that displays the signal strength of individual APs, just needing to watch the numbers, or otherwise write your own program to beep and show a relative gauge.

It would be much faster, easier and more accurate still, if coupled with a directional WiFi antenna connected to your device, to narrow it down to exactly which person at a table has the AP in their pocket.

I'm an ergonomic nut. Somewhere around 10 years ago I bought a Herman Miller Aeron chair [1] and a Grahl Duo-Back chair [2] to have a "chair-off" to see which I liked better. The Aeron is a good chair for writing at a desk or thinking. It is terrible for working on a computer. The Grahl is as good as an Aeron for writing at a desk or thinking and is much better for using a computer. The chair I would buy now (models have changed since I bought) is a
Rohde & Grahl duo back 11 [3].

[1] http://www.hermanmiller.com/products/seating/performance-work-chairs/aeron-chairs.html
[2] http://oddity.quirkdesign.co.uk/2011/03/10/sitting-pretty
[3] http://www.rohde-grahl.com/index.php?duo_back_en

Yeah, those "rouge" access points sure are a problem. Is that jeweller's rouge, or morticians rouge? Just ladies' make-up rouge?

Pfffff.... C64. You poor sods. Everybody knows that back then only Atari was a viable selection. ;-D

On one hand, it might protect some of their customers who would otherwise foolishly connect to unsecured rouge access points run by some scammers. I could see a little bit of validity to the security argument.

On the other hand, if there is a law that makes it illegal to purposefully jam a WiFi signal, shouldn't a denial of service attack that takes out the WiFi be similarly illegal?

Once again I find myself thinking "are you me?". I played Elite so much that now when I hear that song "dah dah dah dah dah... dah dah... dah dah" I automatically see myself lining up my rotation for docking. And I also played Karateka on my C64. Aaaand while I played a little tetris while working at IBM I really did not get what all the fuss was about. Seriously, are you me?

are they right about improving security?

More secure than ones own hotspot? Hardly.

More interesting than the legal ramifications: are they right about improving security? If you were a customer of theirs during the blocking you would have two options: go outside or buy wifi. Presuming they had decent security, would this not have stopped all those "suspicious_hotspot is nearby with 4 bars, do you want to use it" situations? Was the security reasoning behind this legitimate? (Obviously it's a money-grab, they could've given the wifi out for free in dozens of safe ways, but maybe their logic isn't entirely unsound.)

Then again, hotel wifi is about the most holey, vermin-infested place you can connect to the 'net. I'd be shocked if they actually had good security. Anyone ever stayed there while this was going on?

Wow... even more complicated than I thought. Thanks. I know... YANAL.... but sounds plausible.

Theoretically, when you have a business relationship with someone, you and the business can sign a contract together containing anything that is not against criminal law. "You agree not to use your personal hotspot while you are in our hotel" is not against criminal law. The enforcement of that contract would get bad, though - they obviously can't block other service, they just got fined for that. They would have to proactively search for wifi other than their own within the building, address the person serving it, and request that they either stop or leave the building. (Technically speaking, that's quite easy. Just look for the radio waves.)

If that person had signed the agreement, they would then be liable under the agreement and could be penalized or sued or some other appropriate punishment. If the person had not signed the agreement (and keep in mind, they might not be the ones who made the travel arrangements and things would get trickier there - just because you authorize your travel agent to reserve a room for you does not mean you authorize them to sign legal agreements on your behalf), the Marriott could only evict them, and request police assistance if they refused to leave.

If the case went to court, the victim's contract lawyer would have a field day confirming whether or not the contract was actually valid - any number of factors could get it ruled invalid. If the victim was not the one who made the arrangements and did not authorize the signing; if the victim was in any way incapacitated; if the victim was presented with "oh, it's just a standard form, you have to sign it" talk by the clerk; if the Marriott failed to uphold its end of the contract in any way, including not providing the mandatory complimentary breakfast with hot oatmeal as specified in the contract; if the Marriott selectively enforced the rule (HE got away with it, why are you picking on ME?)... the list probably goes on quite a while, but IANAL.

The victim could then hit the hotel up for attorney's fees and infliction of emotional distress, and might do so anyway, regardless of whether they won or lost the suit, arguing that the agreement was egregious compared to the agreements other hotels force you to sign, and was deceptively pitched - and they very well might win. (It'd probably end up as a class action suit for all guests who had to sign the thing.) The lawyers would probably have a field day and everyone else would get shafted, as is usual for these things.

But, yeah, that would get rid of those "customer" critters Marriott would rather like to keep getting paid by, so you're right, it's only theoretical. Theory is fun!

I am wondering, is it possible for Marriott hotels to forbid the use of personal hotspots? Part of the ToS guests have to sign? Could they then use their Wi-Fi monitoring system not to disrupt the customers hotspots, but to identify them and then fine the customer?

Ok, being able to send "de-authorization" packets does not mean to be able to identify or localize the hotspot. And doing this in the open is surely not a way to get more guests. So this is more a theoretical question.

Lost my love ~25 years ago. :-D

No love for MUD? Any Discworld mudders in the house?

I am officially addicted. Swordigo did in a 7" tablet. HumbleBundle has had a few good ones. Great way to pass the time.

Seconded. I use GitHub for a project, I have other projects I intend to host publicly in the future, I will take GitHub's actions into account when deciding where to host them.