Sky

Alright, so I've taken some time to play around with this, and, I admit, I seriously didn't think the developers could accidentally leave something like this available to clients, which is why I shot it down so quickly. So, here's how it works. The best way to make a general example is to open visual studio, and create a win32 application. Win32 tutorials often start out with their own version of hello world, which has you typically create a box, and a button, which when you press, screams "hello world!" into it. The way it works is each button is assigned a memory address. You've seen memory addresses before if you've ever played with a game genie, and effectively, this trick is effectively like plugging a game genie into diablo 3, or any other game, which is why certain modifications on the genie worked, while others didn't. When you run a memory dump on this little program you've built, you'll see the hex value for the hello world button. As we all know, Diablo 3 uses an mmo standard, but creates separate instances for players, and restricts those instances to small groups of players. It's like joining a raid group in an mmo. You go into that dungeon, and it creates a separate instance for you, but you are still connected to a server, which is relaying information back and forth. Typically, the server forces clients to adhere to certain rules. The server being the centralized location or target locations where clients connect and send information to, as well as receive information in return. The client is each player's system. Typically, you send information to the server, it evaluates it, determines if it's legitimate, and depending on A or B, it sends certain information back to the client. We can sort of see how hastily thrown together the Diablo 3 Auction House is. It suffers from vulnerabilities not present in World of Warcraft, in which we can't hack the auction house in this fashion. Unfortunately, after playing around with hexedit, I'll confirm the above, which is apparently disturbing. See, when you make a change to a memory address, typically, the server has fail safes built in to catch it and say something like "Whoa dude! You hit the bid button, not the buyout button!" but in this case, it takes whatever the client says to the server and let's it go through. This is particularly disturbing, because when a player disconnects prematurely, even if the player doesn't die on his screen, and he does on the server, the server then relays that back to the player. So, in Diablo 3's case, as long as the client is actually connected to the server, the client is the overriding force. Meaning the server checks with the client to determine if the action is valid, and it's generally the client -> server <-> client , but in this case it's client <-> server -> client. My honest conclusion, from being a software developer most of my life is that this had to be left intentionally by the developers. I just can't fathom how else it would be able to validate itself against the server. I can't begin to understand why they'd leave it in, but anyone who knows anything about programming would have prevented this. With further inspection, though, if you take a look, you'll notice there are hidden buttons on the auction house, that aren't visible on your client. I'd test out what they do myself, but I'm not really into getting banned. At the same time, this isn't easily detectable, at least not at this time with the current code. If this was being detected, the server would stop the action before it was successful. With that being said, I highly doubt this is being logged, either. All in all, I'm disturbed. I'd say put your items up for the buyout price without a low bid, like jackie and i do.

i blame the novice programmers activision-blizzard hires. i mean, "let's fire the diablo developers, and then make diablo 3 with a fresh team." I mean, people narc on torchlight as a diablo clone, but those people don't realize that the team developing torchlight is the team that created diablo 1 and 2. And that's why diablo 3 is so different, and so freakin broken. Ugh. just remember, don't believe everything you hear. If this came from a diablo 3 post and you didn't discover it yourself, it's most likely dismissable. A lot of topics started by people are just garbage, like the session id spoofing which is impossible. A while back, I farmed out two storm shields, and bought a third, and when I saw what the third was going for on the AH, i bought it out, and then posted on the diablo 3 forum how funny it was that I bought a storm shield for 1000 gold. And the guy who sold it posted on there accusing me of hacking him. Which is just why you can't believe what people say. But, since the post is buried, I at least thought someone here might get a good kick out of it. It was a low-end stat shield, but, still, the block % is reason enough to own one. But if you really want to follow the rumor mill, just do what jackie and i do, set your B/O to your Bid. Edit: Always search for people who accidentally post stuff below what they thought they posted it for. If it's something worth a lot, chances are they'll post one of those "i got hacked" posts =p

everyone should be swimming in gold. i haven't played in 2 or 3 weeks, but last time i logged out, i had 342 million gold. a lot of people who farm inferno offer something like 250,000gold for 1H weapons around 1000dps. someone might tell you a weapon is worth 25 million, but rarely do items sell for that amount. You really have to understand economics to understand the difference between someone listing an item for 25 million and what an item is worth. Items aren't worth what the seller wants for it, they're only worth what someone is willing to pay, causing a fluctuation in value, whether inflated or deflated, given dependence on who is currently offering. Personally, I've never paid more than 300,000 for any one item; I was fortunate enough to farm two storm shields, though, and sold one for 132 million, but it was also a perfect-stat storm shield.

I have this in my plugin (btw, it doesn't cause server crashes) but, when you'd think it's overpowered, consider this: Great! Biggs just dropped 20 jimmy gibbs on my head. *pulls out fireaxe* *Swings fireaxe once* Now all the jimmy's are dead. Crap! Biggs just dropped 20 riot cops on my head. *pulls out molotov* *Throws molotov at feet* Now all the riot cops are dead. *Takes a little bit of fire damage stepping out of the fire* Those are really the only two uncommons that have a chance at hurting players, and if players know how to take them down like that, they just become another method that infected can use to try to put them down. But, they're really overpowered when you encounter players who don't know how to take them down, or if you're playing with survivor bots, and aren't using a plugin that forces survivor bots to use melee weapons at close range. The only deal with CEDA uncommons is you can't light them, so you just melee or shoot them. *Wipes hands* The real time an uncommon spawn can be difficult is if you have an uncommon panic event, where it randomly selects what uncommons to send at players. Jimmy's and cops mixed with each other, and of course other uncommons can become a problem for survivors because they aren't all grouped up in one place. But as far as dropping a group in a precise location, those shouldn't be an issue for survivors. If anything, they're just another easy way to earn points.

The source engine supports up to 32, but stability is random beyond 18, and the game was fine tuned on its version of the source engine for 8 players.

my barb is currently 130,000dps. naturally, mobs in act 3 die in 2 or 3 hits in solo mode!

Boiler, sad but true. You could go into an office, sit down at someone's locked terminal, and based on their login name, you'd have a 90% chance to successfully log in using the top 10 most commonly used passwords. And if they didn't work, try the login name. And, yes "password" is a password on the top 10 list. Another common password is the longest word that can be spelled using only the right hand side of the keyboard.

Any password can be brute-forced. How long it takes simply depends on the simplicity of the password. Personally, I've a long list of accomplishments that I can't list here, other than to say, I worked for one of the CCTF's in Ohio while in University. I've written my own malicious code that's designed to create a new angle on the field, and doesn't follow the same formulae of existing viruses, malware, spyware, etc. With explaining something a simple way to people, it's best explained similarly to how I have to explain to the other people at my company who don't know anything about programming. Often, any explanation goes over their head. The only explanation they generally understand is how you'd explain it if you were explaining it to a child. The general rule is anything can be cracked. It's similar to Geology in that all it takes, really, is time and pressure. Companies have claimed to have perfect systems, but the truth is there's no such thing as a perfect system. What are the odds of being caught when one person takes on an entire infrastructure? Pretty damn good. Especially for the crackers who get full of themselves - because they go back for a second round, and often tell themselves "It worked last time, I'll outsmart them again," but the problem is, they're waiting for them, and they get caught. Yes, you may be able to crack the mega security, but yes, most likely, you're going to get caught. Myself, I chuckle out loud when I hear about a sixteen year old posting somewhere that he has 20 firewalls running on his system, and that no one can hack him! Realistically, the idea behind risking it all to get into a sophisticated system is weighed against the possible benefits of doing so. If someone wants Joe Smith's personal information, they'll shoot out a phishing email, which is more likely than attempting to straight up hack into your computer network. I've done my deeds and developed my own cutting edge software, my own Malicious code protection tools and my own firewall. And, while, more likely than not, I don't have anything that anyone would want, the source code is sitting out in the open in the case that a.) anyone tries to get in, and b.) anyone is successful. My favourite hobby as a programmer, though, is finding novice programmers who are starting to find an interest in sql, and it's various variants, and purposely performing injection attacks. I even posted a database which was open to injection attacks as part as a plugin in l4d2, and not to my surprise, other plugin developers didn't even notice. People learn the basics, but forget to establish a solid footing in them, and then don't bother to learn any of the advanced techniques. The problem associated with this is comparable to what our currently education system is like. The software engineers graduating, and I confidently say that it doesn't matter if they graduated from Yale or a community college, don't know anything. In fact, when I switched my major to software engineering, my first class was a 600 level course, and students were the type of programmers that we call "Copy Pasters" They take existing code, copy and paste it, and change a few lines. They can't write anything from scratch, and when you tell them to, they freeze up, and have no clue what to do. Now consider what would happen if these programmers went out into society and "developed" our latest cutting edge software. Oh, wait, that's exactly what is happening. Consider, then, when you look at version 1 of something, and then compare it to version 10, that a.) it looks the same, and b.) when you RE it, the code looks relatively similar. I still stand that the only safe place to store your passwords is the computer in your brain. Sure, it can be hacked by using a mixture of certain pharmaceuticals, but, hey, the likelihood of that happening is "in your dreams only." The other thing I often find humorous is reading the "ZOMG I WAS HACKED BLIZZARD" posts in diablo 3, by people who don't understand what a database is, or that blizzard logs everything. Everything. About me, though, I've worked as a consultant for several large firms - and I can't honestly tell you more about it. There is, of course, a sharp contrasting difference between people who have seen the hackers movie, and think they're a hacker, people who can't tell you the difference between a hacker and cracker (but can copy and paste the wikipedia definition) and of course the difference between amateurs, professionals, script kiddies, and... wait for it... script kiddies. Yes, we all admit, Netbus was pretty cool, but so was telnet. Actually, telnet was everyone's dream come true, and the fact that IRC is still up in full force, and not nearly as secure as people think it is, is still a pretty amazing item. Don't get me wrong, it's awesome to see someone open up WinNuke, or use code that was written by one of many of us to perform their dirty deeds, or the humorous events going on with facebook and mark zuckerburg's profile page. But, personally, the thing that I fell out of my seat laughing at the most was the "Zomg they're stealing my session ID" crap that some dumb kids posted about. The scariest part in a developers thought pattern is when someone posts that they were hacked and how they were supposedly "hacked" and a bunch of dumb people who don't know their left from their right rally together and go "Oh, yeah, that happened to me, too!" I mean, geeze. I just don't know what to say about it anymore. I mean, I'm waiting for the day when passwords are required to be at least 16 characters long. We all know that's quickly approaching. Unfortunately, that won't stop people from using passwords like abc123abc123abcd Edit: I realize I went really off track with this response. I wanted to actually say that there's a sharp difference between being hacked and what's really going on with diablo 3 accounts that become compromised, or anything else for that matter. Television, the media, and stupid people lacking general knowledge on the subject have been tossing the word and similar phrases around too loosely. It's comparable by example to that fellow who was streaming a live playing of Diablo 3. He had 5,000 viewers, got disconnected, typed his password into the email box next to his email. It's the same password he used for EVERYTHING and several viewers used it to log into his wow account, empty everything as well as his diablo 3 account, and he told everyone he was hacked. So, it's being hacked for me to accidentally post my login information and gary to turn around and log into my account with it? Please. I want to see people change their posts to "Sorry, I didn't get hacked, I'm just stupid."

There's no need to use a program to help you with your passwords, and, honestly, I wouldn't recommend it. With there being a ridiculous amount of ways to avoid detection by av or mw software, you never know what the software is doing with your passwords. For example, you can bury a key logger inside of an embedded class function, and two major av tools like mcafee and norton won't detect it, since that's not one of the methods they look for - in great part to the fact that it's not optimal. What the software designers don't remember to realize is that any method which hides an effect that the end-user isn't aware of or doesn't want is optimal. There's a sharp contrast in difference between the programmers designing the av or mw software and the ones who actually write the viruses/malware (which to say is really just a subset). I, for one, did in fact release a virus that I wrote back in 2008 to my campus during a class project to demonstrate the weaknesses in av/mw software, as well as to expose the password safety crisis. Even with the campus aware of the virus, and ITT security technicians watching for it, it managed to slip into the systems undetected. This is to say that because two programmers never think alike, there's no way to guard against every virus; every method used to develop a virus. The goal if writing malicious code is either educational or harmful, and often both are intertwined, as I would write code sets that would be rather harmful, but still release it to my campus in order to study it further. Unfortunately, one major problem with AV/MW software is they often attempt to convey each other as viruses themselves as they employ methods of malicious-type to detect malicious code in files, but also because companies want the end-user to think that one piece of software is a virus, in order to cut out competition. You also see this with software like mcafee and norton. With that being said, they can't update their definitions as fast as new malicious code is developed. My second statement also was "true" and not "mostly true." I don't expect you to understand the field because it's a field that requires years of investment to scratch the surface of, but the jist is that they required users to download a virus in order to retrieve the information they required. In other words, it helps to reflect that "end-user stupidity (or stupid curiosity)" is often the leading cause to why a major network system is compromised. What I'm saying is this: As long as you don't download a virus, it doesn't matter if the blizzard database is cracked, and the first id string is taken - without access to the second string (on your phone, most likely) , they won't be able to access your data. A lot of the reason I use my own line-breaks is, as a programmer, I often employ my own methods of code writing, as part of my signature, but also because I don't often employ the use of white space because, when writing private software, I don't intend on it to be easily readable to other people, and compilers ignore white space. The only network that you can be completely sure that your password is safe on is the one in your brain. Everyone should know that using software like 1password is a child asking to have his network compromised. I can say without performing research on the software that someone has cracked that software already. Programs like that are crackers dreams come true, with shiny, flashing arrows, and sirens pointing at it. So the answer for you, clueless, is they can't trust a program like that. And you shouldn't. There's no reason to ever make it clear to anyone where your password is stored, or that a certain string is a password to begin with. There's really no reason to even trust attachments you find online, either. You never know if the packets were intercepted before they arrived, which is relatively easy to do, especially on googles network. Consider that the next time you open an email attachment in gmail

Authenticators are just an added level of security. Crackers (not hackers, there's a difference) prefer to go after the easier targets. Most people don't understand that everyone who's account was brute-forced was using a relatively rudimentary or common password. The problem with attempting to collect data publicly is that anyone who was cracked would never admit to it. I mean, who would admit their password was "abc123" when it's in the top 10 most commonly used passwords. (That's an example) An authenticator grants you extra security in the case that something extreme such as the database comes under attack, where the authenticator has two unique, generated id strings. One is stored in the database, and the other is on your device that holds the authenticator software. the two id strings combine to form the hex of the 10^8 auth key that you see on your screen. It's highly unlikely that a cracker could decipher the other id string based on the first id string, meaning that even with your login information the cracker would be unable to have a hacker log in, because they wouldn't have the auth key. As long as your email account attached to the account doesn't share the same password, they wouldn't be able to password recovery, and thus, wouldn't be able to get in at all keeping your account safe. Unfortunately, the other major statistic is that most people use the same password for everything and in the case where they don't, they generally use the same password when it relates to the same email address, etc, which is just a cracker-hacker groups dream. Of course, you can throw alt-keycode characters into the mix to further increase password security, since a lot of cracking utilities don't attempt to brute force any of the alt-keycodes, since a lot of password systems don't store them. In the case that one does, it wouldn't be a bad idea to implement its usage.

The only players who have been hacked are players who were not using an authenticator. http://www.howstrongismypassword.com/ Enter your password, find out its strength. Most users who have had their passwords cracked are participants on third party sites. Using a password with upper and lowercase letters, as well as numbers, and 8 characters or longer are passwords that would theoretically take so much time to crack it wouldn't be worth it. If you want to consider how much more secure your account is with an authenticator, consider that the amount of possible authenticator passwords are 10^8 where that is 100,000,000 possible combinations. While it's possible for an authenticator to be brute-forced, since it's numerical values only and a GPU can brute force 15 * (10^8) possible combinations in the 30 seconds that blizzard claims their authenticator is active for, it's less likely. The downside to the blizzard authenticator system in relation to newer authenticator systems, such as the bioware system, is with the blizzard system, you can reuse the same authenticator key repeatedly for the 30 second period. In SWTOR, once you've used an authenticator key, it becomes invalid, to counter key loggers. Since the blizzard authentication system doesn't work the same way, users who are the victim of key loggers could be susceptible to brute force attacks, although it isn't theoretically brute forcing if you've key logged their password. This means if your password is logged, your authenticator will be logged as well, giving the crackers access to log in to your account during that window, regardless of how strong your initial password is. There are a few things you can do to protect yourself against them: Use an authenticator. Use an password with upper case, lower case, as well as numerical characters, and make sure it's at least 8 characters long. Scan your system regularly, because while you may think you're too smart to download a virus that isn't being detected by your AV (which is relatively easy to program once you understand how AV software works) , the crackers are hoping you'll feel that way, and not run a scan. The best idea is to run different AV softwares to scan your system, since different AV software scans and search for different forms. On the bright side, crackers won't bother going after people with authenticators due to the increased difficulty, unless that account has something that is extremely valuable. The blizzard CSR reps and forum moderators won't go into detail on this because they're posting what they're told to post, they aren't engineers, and don't really understand the field.

It would be more work than it is really worth it for the storms, but, someone has done this on alliedmods, I believe, silvers or mi12345 actually.

Yes, the code above would simply be needed to effectively be dropped straight into the code. It's as easy as, effectively, flipping a switch (as there are only two cases, case 0 (off) - witch standard, and case 1 (on) - witch bride). It's more a matter of knowing the code or not (similarly to, it's easy to speak a language you know, but it's not easy to speak a language you don't know - even if it's easy for someone else.) But, now he knows the code. It really just comes down to a matter of whether he (or anyone else) really wants to add witch brides, and whether it'll simply confuse new or old players. I do agree completely against the storms idea, though. Where witches can be randomized automatically, removing the requirement for players to do one more thing, storms would be another purchase that has to be managed by players, and may over-complicate things, and there would be a great many more variables to consider, but, again, just overly complicated on a server which promises players a simple, straight forward atmosphere.

This code makes sure both model types are precached, so the models don't crash the server on maps that they aren't precached by default. public OnMapStart() { // Some maps only precache the bride witch, while others only precache the standard witch. // Attempting to spawn a model which isn't precached would crash a server, so we precache if not precached. if (!IsModelPrecached("models/infected/witch_bride.mdl")) PrecacheModel("models/infected/witch_bride.mdl", true); if (!IsModelPrecached("models/infected/witch.mdl")) PrecacheModel("models/infected/witch.mdl", true); } And where you run your purchase witch function: SpawnWitch(client) { // We want to randomize which of the two witches are spawned. new random = GetRandomInt(1, 2); // 50/50 if (random == 1) { // "witch auto" lets the director place the witch // "witch" places it where the spawning players crosshair is looking ExecCheatCommand(client, "z_spawn", "witch"); } else { ExecCheatCommand(client, "z_spawn", "witch_bride"); } } And the ExecCheatCommand code: /* * * * Allows a client to execute a cheat command, such as give, z_spawn, and so on. * * */ ExecCheatCommand(client = 0,const String:command[],const String:parameters[] = "") { new iFlags = GetCommandFlags(command); SetCommandFlags(command,iFlags & ~FCVAR_CHEAT); if(IsClientIndexOutOfRange(client) || !IsClientInGame(client)) { ServerCommand("%s %s",command,parameters); } else { FakeClientCommand(client,"%s %s",command,parameters); } SetCommandFlags(command,iFlags); SetCommandFlags(command,iFlags|FCVAR_CHEAT); }

There are two ways to lower chances of crashing. Play with the networking variables and find a point where it's highly stable (like we did) but it will still crash - just a lot less often, and probably not once per day, but, again, you still want to reboot, probably, every morning. Or, drop the players to 18 maximum, so the code never IOB's, and then crashing should stop altogether. If it doesn't, it could possibly be something in a poorly written plugin. With that being said, I've wondered when you'll set up another server, since there seems to be a lot of players always trying to connect. Go go server 2!

Where a player finds an item is really of no consequence, as all mobs in the game have an equal chance to drop rare items. The drop rates are just extremely low. The ilevel if the item, when it does drop, is directly related to the level of the mob versus your magic find, though. The higher the magic find, the greater the chance that the item will have the higher-end stats on each statistic that is generated.

Legendary = 8 Set piece = 5 I have 16% MF without any NV

Monk is, by far, the hardest class in the game to be geared for solo or group play in Inferno, due to the melee nature, and the fact that monks are expected to roll as tanks since they can't get to the dps range that the ranged dps get to. That is not to say that a monk cannot dps, because they can. However, I've noticed all of the monks I have come in contact with are one or two shot on Inferno, and that means they're undergeared. Currently, on Inferno, magicks like arcane sentry deal 20% of my health if i stand in it for 2 sec(s) and I have noticed people are just dying instantly to it. The instant deaths are the indication that players are under-geared, and, fortunately, the ghom encounter now properly shows who is and who isn't geared for the encounter, as it's no longer a push-over. I've seen witch doctors who are incredibly proficient. Assuming you spec properly for inferno group play, which requires that you use all three of your crowd control abilities, you can do an amazing amount of dps along with that, which gives witch doctors some of the highest survivability in the game, when properly played.

Yeah. Realize, though, that there's a "hardcap" player limit of 18. You can push over that count, but you run a risk of it hitting a segment of code where it IOB's when over 18, causing a crash instantly. The chance of this code being activated can be mitigated by playing with the settings linked above, but there's always a chance it'll hit, and if there are over 18 when it does, it'll crash. That'll be the crash you see that doesn't produce any information. I'm extremely confident that you can avoid that code from being read by playing with variables. Granted, keep it in mind, though, I also write a lot of my code in C++, so I'm running custom metamod plugins as well, including my own version of a player unlocker so I don't have to use that piece of crap l4dtoolz. The 18 array hardcap is the reason l4downtown2 only caps at 18 players, since it's more of a hack to allow over 18.

Unfortunately, you can't write a plugin to do that, or someone would have, already. The problem with this is that Valve decided to trigger microphone activation local only. The server never sees it. As such, we can't track it. The events you may have seen pertaining to it are actually pertaining to when one of the survivor characters says one of their lines in the game.

Ah, I stopped running a community months a go, and moved to swtor and diablo 3. Gave me a chance to try to help the other server communities that were having issues with stability, or plugins, etc. I actually posted a lot of plugins on alliedmods.net and even custom wrote one for another community. Plugins that some people would charge a lot of money for. The result is, of course, more playability for, well, players out there. And less headaches for everyone!

except everything will one-shot you, and that isn't viable in inferno since many groups can't be forcefully-tanked. When I say that, several groups will submerge or teleport, and when they do, it's a threat drop, so they'll instantly kill any glass cannon they port to. Meaning you'll be running out of gold, and fast.

lol, ill log on here, shortly. Idealy, I like having a barbarian in my group, with two dps who are above 30-40k each, otherwise act 3+ isn't doable due to enrages, but if your dps is below 30-40k, we can do act 2 farming. Of course, if you still need gear from act 1, we can farm that as well.

Don't worry about using the "All With One" passive. That ability is the one that makes all resists equal to your highest resist. I'm saying this because if you don't meet 1,000 resist or better in Act 3, you're going to get rick-rolled trying to Tank. If that's the case and you're going to go to the auction house to get the gear to make up for it, you might as well search for All Resist gear, since it's actually cheaper than buying gear that is specific to one resist type. If you find a piece that is all resist and another type of resist, that's golden, too. Of course, if you are going to use this passive, then you should be stacking Physical Resist because mobs, outside of doing insane magical damage in Act 3 and 4 also do insane physical damage. In my pure tank build, I sit, I poop you not, at 14,993 health. I have 2,053 resist when buffed with Time of Need and War Cry. Mobs in Act 3 and 4 still hurt, but not as much. However, physical damage can still take a toll, but it depends entirely on the mob. Some mobs, as I have found, don't follow the resistance rule and only decrease their damage based on the raw armour value. They even ignore the physical resist that a player has, such as the axe splitter mobs. These are the mobs carrying the gigantic axes. They're also a bit glitchy, as I've found when pulling them in with cyclone, they'll actually instant swipe without an animation, and deal critical damage every time, as a result. So, that's something you don't want to do. On the downside, Ghom has been ridiculously over-tuned in the 1.0.3 patch. Clouds were supposed to be smaller, but have been doubled in size, last twice as long, and spawn two at a time. They also deal 10,000 damage per second that you stand in them, and remember, there are two clouds layered on top of each other. Also, resistances don't count towards the cloud damage, so keep that in mind as well. Because of this, I keep several sets on me for different occasions. However, in my pure-tank set, with those high resistances come the cost of low damage. As a result, all of the people on my friends list, are, for the most part, high damage dealing wizards and demon hunters. Several of the players on my list do well over 100 to 150,000 dps. In my pure tank set, I poop you not, I do < 4600 dps, or so. As another player stated in a game to me last night; "Well, look on the bright side... Nothing can kill you." "Yeah, but I can't kill anything, either." So, what we're saying here... There's no one viable build. In fact, there's no build that's really better than another for Monks (within reason), and the build you decide to go with will differ depending on how you want to play. I don't believe my play style has ever actually been posted on the diablo 3 forum. And, honestly, the monks posting there haven't been able to clear inferno, so I ignore their banter anyway. Play around with the different skills and find a few that work for how you want to play. Also, I use sweeping wind, as it increases my dps to about 10k, but if you don't have high enough resistances and you use it, you'll find that mobs with reflect or lightning will drop you in an instant.

1500 resist won't keep you alive. Barb shot me over 2,000, and things were still killing me, albeit slowly =p