tabacco

What's the url you're using? What client?

I made a prototype of that as a personal Unity teaching experiment. Then I failed to make any art, so it's an abstract take on the Jurassic Park aesthetic.

Ah, see, I've always found that to be the most offputting aspect of games like Magic.

The manual that comes with the game is pretty good as far as rules, but it seems like the harder part is learning to be any good at it.

I actually have a copy I got from a Reddit exchange that I need to learn how to play.

What mobile browser?

The CA has been less than helpful. Please keep me posted if you continue to see OCSP issues. I may look into getting a new cert through a different CA tonight.

I'll follow up with the CA when I get home Edit: done. I suspect they maybe have one web server that's not syncing certs properly, so requests intermittently fail, then the failures are cached by those who get them.

It seems to be a Firefox issue with newly-issued SSL certificates where they in appropriately cache an 'unknown cert' response from the certificate authority's ocsp server for a really long time. If anyone is still having problems, it should start working on its own shortly, or you should be able to use another browser for a bit. Or, you can turn off ocsp checks in Firefox, but remember to turn it back on later because it's actually a good thing

Yeah existing post content needs to be rebuilt, since urls for emoticons are cached. I'm just about to kick that off. Edit: Okay, emoticons and youtube videos should be less complainey now.

Hey guys, I enabled SSL and SPDY on the forums today. Let me know if anything's not working. It's also available on the rest of the site, but it's on by default (yet). Feel free to poke around if you'd like. One known issue on the main site is that our CDN for episode audio doesn't support SSL, so there'll be a warning about insecure content on any page with an audio player (though the players should still work okay). Nothing I can do about that one, unfortunately. Also: The forum homepage won't redirect you to https if you request it via http, but all the links should point to https correctly. The redirect will come soon, once I decide how I want to make that happen in nginx

No, it was Saturday afternoon in the queue room. I didn't make it out to the park.

Sorry I forgot about the meetup Out of curiosity, who was the person in the Thumbs 'Top Gun' shirt I saw at the JS Joust tournament? I'm assuming it's someone from the forums from way back

Did you try putting some SEO content there?

Hard plastic. Here are some photos of four I opened up at random;

I bought the set today. They look pretty nice.

Interesting... AT&T Park here in SF is a giant AT&T Hotspot (surprise!). I wonder if it's also a streetpass relay point. Time to bring my 3DS to the Giants game today and see what happens.

Prepare to be annoyed by the limited streetpass buffer at PAX. You can only collect 10 at a time before you have to go clear them out. It's entirely possible there to collect 10 more in the time it takes to clear out the first 10.

I'll be around all weekend. Probably mostly in the tabletop area.

Again, how does it show that they don't care about security in any meaningful way? You keep saying that, even though your only example is a relatively minor vulnerability in a non-critical system that contains no personal data. And, given that short of developing their own wireless standard and shipping the hardware with two wireless radios, one for wifi and one for streetpass, there's not much more they can do to "secure" the system, I'm not sure what you think they could have done better, apart from hand-wavingly saying "they should have done something". And again, it's a system that's basically a toy and contains no private information. So who cares in the first place?

What do you consider your personal information here? And how do you think it's being compromised? As I understand it, the 3DS sees a known SSID, conencts to it, and relays that APs MAC address to a Nintendo server via the internet connection it provides, along with your Mii information. The Nintendo server comes back and says "yep, I know that MAC address, here's another Mii that you've now streetpassed". The absolute worst case in this scenario is that someone pulls a Man In the Middle attack with a malicious access point and, what, steals your Mii? It's not exactly the most profitable identity theft. And, assuming they're using SSL (or some similar scheme for whatever the actual protocol is) the data would be encrypted for that MITM anyway, as long as Nintendo's private key stays private. Also, there is a whitelist. It's a whitelist of MAC addresses. The problem is that you don't get that much info from an access point you're connected to. MAC addresses are clonable, but MAC authentication is pretty much the best you can do. Whitelisting source IP addresses isn't maintainable at scale, given the wide variety of internet connections some public hotspots use (trust me, this is a thing I know )

Why does it mean they don't understand the internet? There's only so much you can do within the confines of the IEEE 802.11 standard, and I think Streetpass is pretty amazing hack on top of those standards. http://3dbrew.org/wiki/StreetPass

Mii Squad is rough if you only get 1-2 streetpasses per day.

That Spinal Tap showing goes 'til 11:00

Heh, I was actually at the Exploratorium for part of the afternoon. The sushi at their cafe? Pretty great (if pricy).