Lumberyard is a forked version of CryEngine, which Star Citzen was already using (fairly heavily modified for 64 bit precision) so the move to Lumberyard wasn't as big as it seems. They do however refactor other systems like items and inventory quite often which seems to be slowing down development although the new versions do seem like improvements.
Scope creep also knows nothing of Chris Roberts at the helm a crowd funding runaway train. At this point it's now suffering from Hubble's law of the expanding universe, rather than scope creep.
I think they are at last at a scope now that makes sense for a full release. They had to build a hundreds strong, multi-location production team before even getting up to full steam. Games with significantly less scope have taken much longer, without hurdles like that.
It's a double edged sword, because open development has been what drove the crowd funding to such incredible heights (they made 2 million in 48 hours this week, for a total funding so far of 167 million). But it is also the reason for so many people being negative about it's development. People get fatigued of it.
Password managers are good but long passwords and password managers are better. If we are assuming MD5 then yes an 8 character password is not secure if someone is targeting you as it would take 10 hours to crack. If someone has a entire database of users let's say 50,000 users all with 8 character passwords then that would take 57 years to crack every password, so you may or may not be in the unlucky few that are at the top of the list. Also as GPUs get more powerful that time is going to come further down and you will be more at risk. Personally I use longer than 12 character passwords with a password manager, the inconvenience of having to type it in manually once or twice is not really that much greater than an 8 or 12 character long password.
That 57 years is assuming they're storing their passwords MD5 hashed, with a salt (hah, i'm sure they thought of that if they're using MD5), and using the least efficient method possible to crack the passwords.
It also assumes only a single system... not a cluster of several hundred or thousands. It also assumes no weaknesses in the algorithm itself that may be mitigated.
"Ubuntu on Windows" as they're calling it now is free, enabled via the control panel, and provides a near perfect bash experience. I use it on the desktop I built for VR to SSH into my digital ocean droplets all the time. Super easy to use, just open powershell, run `bash`, then you can run `ssh` like normal. You have access to your windows files with /mnt/c and etc. for additional drives. The only issue is that Powershell doesn't support the full gamut of colors that Bash does, but that support is coming in the fall creators update and frankly it works fine with every Vim and zsh color scheme I've tested.
10/10 developing for the web on windows is finally tolerable
I don't know enough about ssh for Chrome and bash for Windows to get your point. Isn't bash for Windows (as part of WSL?) free? What is it that costs more than $5 using bash for windows but is free with ssh for Chrome? Genuinely interested, I'm on OSX mostly but I'm WSL curious.
I interpreted that as them not having access to a Windows machine and wanting to try out the experience for themselves before attempting to teach someone else.
