Skip to Content

WoW Insider has the latest on the Mists of Pandaria!
  • Scott Clark
  • Member Since Jul 31st, 2009

Are you Scott Clark? If So, Login Here.

BlogComments
WoW84 Comments

Recent Comments:

Drama Mamas: Much ado about funsuckers {WoW}

May 13th 2011 5:24PM @Xayide

Of course it's your responsibility. You chose to make it your responsibility when you joined the queue.

The random dungeon finder is random. If you queue up alone, you are going to get a random group. Maybe you'll get four members of a raiding guild who need a random fifth - you - to breeze through the place. Maybe you'll get four people who've never been there before. Random group is random.

You can put together a group of guildies. No guildies online? You can hit /2 and only take people whose reputation you know or who can link the achievement. Too much work for you? Hit the queue. Now you've got a tradeoff: you're offloading the work of assembling the group but you're accepting the risks that come with a random group. This is the choice you have made.

So you've entered the instance with your random group and, at this point, you have another decision to make. Does this group look capable of completing the instance? Maybe you've got limited CC; do you think you can still be successful? Maybe the tank or healer have mediocre gear; are you willing to risk having to work a little harder or be a little more patient? Ask if there's anybody who isn't familiar with the instance. New players have just as much right to be there as you do - random! - but if you're not prepared to work with them then this is the time to bow out. If you decide to stay, however, you have entered into a social contract: you're each going to do your best to contribute to dungeon completion and not waste one another's time.

If things start going poorly, you may decide the group isn't worth investing further time into. Go ahead and drop group! If someone turns out to be abusive, or incompetent, or incapable of learning, or unwilling to follow agreed-upon strategies, or taking frequent AFKs, then start using the Vote Kick feature. If someone joins the group who is clearly unprepared for the instance - such as the tank I got last night for ZG who had never been in the instance before and was wearing ICC tanking gear - then the group should ask him to leave.

The player that struggles because he has never seen the fight, however? He is your responsibility and you agreed to it when you decided to stick with this random group. If you want to abdicate that responsibility by dropping group, then that's fine. Unless that party member is playing unreasonably poorly, he shouldn't be punished for your choice to accept the reasonable risks associated with a random group.

Reader UI of the Week: Ozmorgius' UI and simplicity for tanks {WoW}

Apr 27th 2011 3:03PM *see the clock tick over to 12:00am, realize that it is bedtime, and walk away
*whether to drop group before the next boss
*mid-pull

Welcome to the internet, Scott, where typing is a valuable skill.

Reader UI of the Week: Ozmorgius' UI and simplicity for tanks {WoW}

Apr 27th 2011 2:58PM We get a lot of good advice in this column about putting information you need, where you need it, when you need it. Hide information you don't need or put it off to the side.

There should never be a case where the current time determines your actions in combat.

There are timers for boss abilities - this player is using DBM for that. There are timers for cooldowns - this player is using OmniCC for that. There are castbar timers - this player is using Quartz for that.

This player is using the clock to determine when he or she should stop playing the game; the answer should never be, "mid-fight". Will this player, as a tank, check the clock, see 11:59pm and pull the boss for a ten-minute fight? Then, see the tick over to 12:00am, clock, realize that it is bedtime, and walk away from the computer?

Keeping a clock visible so that you can make informed decisions on whether to start a dungeon, or whether to drop group, before the next boss is excellent advice. Suggesting that we keep a clock central to our in-combat UI so that we can make time-management decisions mid-pul is not.

Unless you're a boomkin on a RP server who doesn't think you should be able to proc Solar Eclipse after sundown, current time shouldn't be affecting gameplay decisions in combat. Front-and-centre should be reserved for the most important thing you're tracking. If the time is so important to you that you would consider setting that as your primary attention focus during combat, you should also assume that time is important to the rest of the group. Don't waste their time by allowing irrelevant information to interfere with your ability to contribute.

The Queue: Enjoy some Diablo lore {WoW}

Apr 21st 2011 2:11PM My wife was sent to Singapore on business last month and I suggested that she contact Blizzard just in case she wanted to log in, since I didn't know whether they would flag her account based on location. She called the customer service number and they told her that yes, they would have frozen her account had she not contacted them first. They asked her to provide the CD-key on her Cataclysm install disk (ostensibly, that would satisfy Something Only You Have for MFA purposes but I would argue that providing the CD-key over the phone is not necessarily effective proof that she had the physical CD) and then flagged her account to be unresponsive to location-based checks for the duration of her trip.

She then asked about her authenticator: we had ordered a replacement (losing the first one was my fault) and she wanted to know if she should attach the new one or if there was any reason to wait. They told her to make sure the attached the authenticator before her trip as she would be without the location-based protection while she was away.

Without knowing the specifics of the system, this may be nothing more than a feel-good measure, like the bank "security" questions. I think Blizzard have demonstrated their commitment to doing these things right (the authenticators, for example, are definitely implemented correctly) so I'm prepared to trust what they're doing based on location.

The Queue: Enjoy some Diablo lore {WoW}

Apr 21st 2011 1:04PM The reason is that this is a horrible security practice and even though it has become popular for banks to offer it, they should not.

This is an attempt at setting up Multi-Factor Authentication. The idea is that, personal information can be divided up into various classes: 1) Things only you know (ex: a password) 2) Things only you have (ex: your authenticator) 3) Things only you are (ex: your face or your fingerprints)

To implement a MFA system, you need your client to provide one thing from each of multiple categories. If you have an authenticator, that is something that only you have and is paired with the password that only you know: two-factor authentication. The benefit is that even if your password escapes, your authenticator is protecting you; if your authenticator is stolen, your password still protects your account. To be compromised, someone would have to attack you on both fronts; what would it take for someone to steal your password and your authenticator?

To clarify, true MFA requires that each authentication method be from a different class. What if I asked you for a password, and then a second password? Those are both "something only you know" but, if an attacker has access to things that only you know, you have to assume that they have equal access to all things that only you know. For example, a keystroke logger that could steal your first password could easily steal your second. Once an authentication class is compromised, the entire class is compromised; you cannot rely on any security based on related authentication.

Let's look at the bank example, then, and remember your comment: "If the hackers managed to steal your primary password, its unlikely they'll manage to steal this rarely used security answer as well." It is certainly POSSIBLE that the hacker was only able to steal your password. Maybe you set up the security question on Monday, downloaded a keylogger on Tuesday and entered your bank password on Wednesday. Is this a security model you can rely on? Of course not - you don't know the details of the attack; you know that some things that only you were supposed to known are now public and you have to assume that everything that "only you know" is potentially compromised. The only recovery is to generate new things that only you know: that means new passwords.

Finally, let's look at the worst part of the bank's implementation: the information in the security question is simple and associated with you. When is the last time someone asked you to make sure your password was both simple and contained personally-guessable information? Many of the answers to potential security questions can be answered by looking at your Facebook page. How difficult is it to find out your mother's maiden name or your favourite colour? The only way to get any semblance of security is to lie about the answers; now this really is nothing but a second password, and we already know that our passwords are compromised.

Darkseid, I really hope it doesn't sound like I'm insulting you for looking for more security on your account. Big ups to you, BIG ups, for being concerned about your security and for asking questions about it. Security is a complex topic and you don't want to settle for the easy implementation your bank is using to try to make you feel better. If you're interested in a more thorough discussion of these topics, perhaps from a more trustable source than myself, I suggest Steve Gibson and Leo LaPorte's excellent Security Now! podcast. Here's a link to their discussion of multi-factor authentication: http://twit.tv/sn90

Sorry for the wall of text. My guildies know better than to ask me about security but you didn't get the warning.

TL;DR: Security questions are not secure; they are easily guessable and, if someone already has your private password, you have to assume that they have access to public information like your mother's maiden name. For a proper discussion on multi-factor authentication (like your Blizzard authenticator!) check out http://twit.tv/sn90

The Queue: Enjoy some Diablo lore {WoW}

Apr 21st 2011 12:33PM Not so. Just last night, one of my guildies deleted a character to make room for a new one. We got the in-game message, "Reith has left the guild." The guild log immediately showed, "Unknown left the guild."

The Unknown entry in the guild log is entirely due to a character being removed from the server, either to transfer or deletion.

Spiritual Guidance: Gaming shadow priest mastery trinkets {WoW}

Apr 13th 2011 5:14PM Why the need to develop the greater/lesser terminology? The game already has names for these things - Mastery and Mastery Rating - that can be found on your character sheet and matches the terminology every other stat with a Rating component already uses.

Spiritual Guidance: Gaming shadow priest mastery trinkets {WoW}

Apr 13th 2011 5:11PM Dummy testing, using Dark Archangel on CD, Dispersion on CD and stopping when I had no mana and no regen options left except for stopping and waiting.

Without SW:D - 11 to 12 minutes. With SW:D I got to 48 minutes before needing to cast a heal to keep the cycle going. Because hitting Dispersion while using a target dummy causes Recount to flip out I don't have definitive DPS-loss numbers to cite but my numbers didn't seem to drop significantly.

Note that I wasn't using SW:D on cooldown but, instead, as a filler spell when I had nothing more pressing to cast.