Primus

No monster will escape my witching ways.

Will I be able to install GoogleTV on my own device, say a HTPC running Chromium or Windows, or will I be forced to buy the physical box?

Gimme gimme gimme gimme now.

This isn't a big surprise, the original Jumpgate MMO also had a player-driven economy. It was also the reason why I stopped playing. The game's population was never all that great, and the biggest clans would empty the resources from stations in order to maximize their gains. If you weren't a member of a big clan, you were pretty much screwed.

gimme the casssssssshhhhhh

The token fob is powered by a small internal battery. Should run for 2-3 years or so if not longer. If it breaks though, for whatever reason, yes, you're going to have to go back to Blizzard to get issued a new one. They have to issue it because they'll have to change the settings in the master auth server to reflect the new token they're sending you, effectively revoking the previous one.

The administration side of things is going to be a headache on both Blizzard's and the customers' sides for a while. No way around that. Once their CSRs get used to dealing with the ins and outs of managing SecurID, things will get a lot smoother. My only major concern is that they don't talk about any price for replacing a lost/stolen/broken fob. I'd like to see that clarified.

The SecurID algorithm was emulated many years ago. There's open source implementations around, PAM plugins, what have you. The algorithm is only half the equation, though, you need the seed code from the token to complete it. In this situation, the hardware version of SecurID is actually superior to the software one, as it's extremely hard to recover the seed from the hardware token due to tamper-resistant failsafes. In a software token implementation, the seed is usually just a plain .asc file, and once you have both the seed and a current generated auth code, you win.

As I said above, it's not 100%. Nothing is. But it's a damn sight better than standard username/password authentication, and I'm happy to see Blizzard stepping up to the administration hassles of dealing with a far-flung userbase and token issuing/revoking.

Actually, brute-forcing SecurID is very hard. (I am assuming, for argument's sake, that Blizzard is in fact using RSA SecurID tokens for the system.) Auth codes are only valid for a short duration of time, either 30 or 60 seconds. There is some float designed into the system, to offset the possibility of the token getting out-of-sync with the main authentication server, but even with a brute-force algorithm working the WoW login screen, you can only try so many times in that short window.

The real trick to breaking a SecurID token is to get its seed, usually a 128-bit string. Trouble is, SecurID tokens are tamper-resistant, and will destroy themselves if you try to crack them open.

I'm not saying it's impossible. There are really intelligent and determined folks out there, government, criminal or otherwise, and I'm sure some of them have ways of breaking a SecurID login. But this will put a hurting on the vast majority of keyloggers/trojans/et al.

abhorrent's right on the money. We got the dog-and-pony show for these cards about a month and a half ago (we're reluctant resellers), and the cards were available the next day. It took some prying out of the sales reps, and they never did come out and admit it, but these are a stopgap until WiMax is ready.

There are also two big caveats: no ExpressCard, no OS X. They were hazy on possible future OS X support, but flat out said that ExpressCard development costs weren't worth it on a technology that's going to be thrown away in a year's time.

Just tried it on Alexstraza...

Didn't get an empty stein after the initial gift, thus I'm unable to use the kegs.

No wolpertingers.

The ram reins only seemed to work about half the time, thus making it near impossible to keep the ram in a gallop.

Logged off to do other things.