Which, I should point out, isn’t an entirely new phenomenon. There’s literally a Metsploit module designed to take advantage of a vulnerability in an anti-cheat driver Capcom used for the Street Fighter V on PC. All this has happened before, all this will happen again. (Hopefully with a better ending, though.)
I’m going to try and bring this blog back to life because the things I’ve been Going Through over the last year are finally starting to let up. And let’s start with a trip back to the forgotten year of 2019. Russia’s invasion of Ukraine was still limited to Crimea, Donald Trump was still tweeting whatever weird bullshit came to mind, and nobody could imagine the CDC fucking up its response to a disease that affected cishet white dudes.
More relevant to this post, though, 2019 was the year that Gearbox Software’s Borderlands 3 came out. This addition to the long-running series of “looter shooter” video games, despite generally good critical reviews, met with significant backlash from potential customers for two reasons: it used the controversial Denuvo DRM (which has since been removed), and it was being released on PC as an Epic Games Store exclusive.
UPDATE: Someone on Reddit pointed out that I had gotten the rules to Bitcoin Numberwang wrong in this rant. That has now been corrected. I apologize for overestimating the incompetence of the Bitcoin community. (Which is not a sentence I ever expected to have cause to type, but here we are.)
Some of you who’ve been exposed to social media in the last week or so may have noticed a new trend where the usual cryptocurrency assholes are trying to recruit artists into their bullshit. And, tragically, a lot are falling for it…including some who should really know better.
Of course, if you have no idea what an NFT is, you might not understand why this is such a unique waste of everything. So let’s dive in and piece together what the fuck happening this time in the world of coinasses. (There’s a tl;dr at the end of the post, don’t worry.)
The thing about password managers is that a security issue there tends to be significantly more severe than with most another applications on a device. Even if you all you get is data exfiltration…well, you’re still exfiltrating some pretty fucking important data.
Which is why this story about trackers in LastPass for Android…is less than encouraging.
There’s an infamous notification box from the dark days of Internet Explorer 6 that “warns” the user that they are “about to view pages over a secure connection” — in other words, they get a big security alert when they were about to do something secure.
The problem with this sort of thing should be obvious: it’s training people to either ignore alerts and notifications entirely, or overreact to each one they see. And while that’s more of a UI/UX problem, it’s one with some pretty major implications…both security and otherwise.
Wrote this while bored, figured I’d toss it out there for anyone who cares. Gives you a different Pokemon, and its Pokedex entry, each day. The specific Pokemon is randomly chosen, with the current date as the seed value.
There are probably ways to make it better, but I’m heavily constrained by the JSON that I’m retrieving from pokeapi.co on this one and I don’t feel like putting in the effort.
Apparently the free tier for the LastPass password manager is taking away the ability to use both the desktop and mobile apps. If you want your passwords to be available on both your phone and your computer, you’ll have to start paying. Which I don’t think is a good thing overall. So, I’m going to use this opportunity to scream into the void at LastPass* and pretend they’ll notice, let alone care.
Look, LastPass, I get it. Until we finally usher in the glory that is Fully Automated Luxury Gay Space Communism, you’ll still need to pay your employees so that they can keep themselves in craft beer and fancy pizza. But yanking away features like that unless people pay you isn’t good for anyone long-term. Not if you’re removing those features from a password manager.