marahmarie: my initials (MM) (Default)

So, the LastPass blank dropdown menu and blank search results panel is very annoying. The dev hasn't updated the add-on since June and is responding to exactly zero complaints about this and other issues on his Firefox review page, though there might easily be dozens.

Which came to bite me, too, when Firefox finally let me have their latest multiprocess (e10s), 64-bit compatible version earlier this week (e10s is still automatically disabled if you install any add-on that isn't yet e10s capable); ever since I've had both LastPass problems, and saw others are having them, too [Example 1, Example 2, Example 3].

To fix these issues, just switch back to Firefox 32-bit. It's not even necessary to remove Fx 64-bit. It's actually better if you don't, so Firefox can just poke around in your profile folder and recreate the Firefox you've got in the 32-bit version you're about to get (just be sure to create a shortcut or a target that you can easily tell apart from the 64-bit icon).

32-bit Firefox runs LastPass perfectly, fixes the blank dropdown list of log-ins for each site and fixes search result panels showing up blank.

For everyone leaving bitter reviews [Example 1, Example 2, Example 3] and sharing the version number that allegedly works better [Version 4.1.62a]: I tried it in 64-bit Firefox, but it gave me all the same blank dropdowns as before.

My guess is the problems are not confined to any particular version. After I installed the May 31st version and saw the same issues it became clear the latest version is not at fault - it's 64-bit Firefox - and I'll gander that's no matter which version of LastPass going back to the earliest 56*-capable version you pick.

So if you've got 64-bit Firefox, try going back to 32-bit (here are the 32-bit installers. If you have automatic updates turned off, keep checking the directory for the latest). Run Firefox 32-bit with whatever version of LastPass you have and see if that fixes the problems.

marahmarie: my initials (MM) (Default)

I wanted to post this over a week ago (7-24, according to my computer when I screencapped the relevant messages) but life's got a way of getting in the way. I'll assume (though perhaps in error) that it's untriaged/unfixed/unpatched after doing a quick search on Google, but I'm not going to trawl the results any deeper tonight; if this is a dupe report or has already been fixed I might find out and update this post at some later point.

Anyway, it starts out like this: you switch your IP address to a new one (in our case that's because our Comcast modem, the one I need both arms to carry around, took a crap on us last week, so now we're working on the third iteration of this modem in the past year, with a different IP) and LastPass suddenly doesn't recognize the device you're on or the location you're at (it's not sure which), though it's the same device as always (my HP laptop, which has somehow lived another year without the graphics card destroying itself like the last one did, though pixels are beginning to blow out left and right).

When the LastPass add-on (in Firefox latest on Win 10 Pro - not an Insider build) sees your new IP address as a "new device" or "new location" (though that sounds like a bug in itself, it's not the bug I'll be talking about) it looks like this:

When I switched my IP address recently, LastPass displayed an infobar in Firefox that says: LastPass does not recognize this device or you are at a new location. Please check your email to grant access

The text in the info bar my screen got splashed with says (emphasis mine): "LastPass doesn't recognize this device or you are at a new location. Please check you email to grant access to your new device or location."

See the part where LastPass asks me to check my email? Which means I should literally be unable to use LastPass to log into websites until that one little detail is taken care of? Heh, about that...I just ignored or dismissed the infobar (I forget which), opened the LastPass add-on dropdown menu and finished logging into my Live account like nothing had happened. No checking my email. No granting access. I just went on and used LastPass normally. Which I should not have been able to do!

After logging in, I checked for the email from LastPass just to see what it said, because them even sending it was like, totally useless. It looks like this:

LastPass sent an email intended to grant access to my account which I never needed to read because I got around it, which said: Someone, hopefully you, recently tried to login to your LastPass account from a device or location that we did not recognize. We prevented access until you have reviewed the details of the login attempt

This is where things get funny - if your idea of a good time is when your device gets stolen and your online security is compromised by, of all things, not the thief, but a buggy password manager. What a laugh! The email reads (emphasis mine): "Someone, hopefully you, recently tried to login to your LastPass account from a device or location that we did not recognize. We prevented access until you have reviewed the details of the login attempt."

See the part where LastPass tells me they prevented access until I could review details of the login attempt? Lies, tall tales, and made-up stories because they prevented nothing. I could use LastPass just by continuing to use it. I saw a few more infobars saying the same thing, but I just kept ignoring or dismissing them and like, logging into things. Which, again, I should not have been able to do!

I'm posting this mostly to remind myself to check the LastPass forums and search results more deeply one day for any other news of this issue, and to warn anyone else who comes across this post who might also be using LastPass.

marahmarie: my initials (MM) (Default)

These days, it...

  • Let's you use it on all devices for free (which used to be a paid feature; I think you could use it on up to two different devices for free but beyond that, you had to pay)
  • Has apps for everything (authentication, Windows phone and all other common devices, though I'm not sure about Mac/iOS)
  • Can be used with many forms of authentication for two-factor
  • Has its own security challenge tool that...
  • Checks if email addresses are involved in known website hackings
  • Checks length and overall security of passwords, and for password duplicates
  • Automatically changes duplicate passwords and passwords on known compromised sites by running what appears to be a macro (which is pretty neat to watch, but sort of hammers Firefox to a crawl)
  • Only costs $1 a month to upgrade to Premium, I mean...*smh* that is cheap (if Dreamwidth were that cheap I'd be like, "Fine, treat me like crap, here's more paid time")

It also does minor things which fill me with joy: if you manually copy a website password from the add-on dropdown or from within the vault (and I do this a lot for cross-browser website testing) it only lets you paste it once before destroying it (of course, if the paster pastes it into Notepad or similar then all bets are off, but if they don't - and I'd imagine the majority of home hackers stealing your password won't even think to - it's yet another way to minimize disaster).

And it destroys your add-on dropdown searches as soon as you complete them. And it keeps a list (if you want; this is opt-out) of recent sites you've logged into in the add-on so you don't have to visit them directly to log back in. And I could go on but there's other things I want to do tonight.

People will always find vulnerabilities in password managers (which I say because all code has holes in it). In fact, I'm surprised most of the vulnerabilities in password managers popping up these days weren't exploited years ago*. The only things I can think to thank for the discrepancy between potential for exploitation and zero-hour are increasing code knowledge and increases in processing power, which was not great enough until recently to get such holes out into the open.

*In the Lastpass forums anywhere between 2007-2010 people who claimed to be home users and/or pro hackers would say: "Look, there's got to be holes in this code somewhere" and the Lastpass owner himself would jump in to deny it and I would spend days wondering how anyone who codes could do so. It's like denying shoelaces need to be tied lest you trip on them: you can deny there are holes but keep that up long enough and you'll just fall in.

marahmarie: my initials (MM) (Default)

The Lastpass 4.0 Windows installer is convoluted; first you have to download a 10.9MB file for global (cross-browser) installation, then the installer, once running, insists you have to download the Firefox add-on separately (strangely enough, it made no such protestations for IE/Edge, perhaps because it installs an API (?) as opposed to an add-on - also, the API - or whatever it is - installs in Internet Explorer 11 but NOT in Microsoft Edge, which, if you're an Edge user, forces you to use IE11, despite your preference).

And while many, many Firefox add-ons are restartless, Lastpass is not, which never fails to amaze me, as it's one of the few full-fledged programs delivered via add-on that Firefox has. You'd think it'd be a bit more polished by now.

Once you restart Firefox, the GUI is different; it has bright, smooth red backgrounds, bigger fonts, and larger, more clearly defined boxes to type usernames and passwords into, but instead of the boxes appearing dead-center in the middle of the page like they used to, they appear in the upper right corner, which really isn't as easy to get to.

The strangest part, though, is logging into a website when you have to retype your password like I do (because I use the super-paranoid-everyone's-out-to-get-me settings, which require logging into Lastpass with username and password, then retyping my LP password for each website I log into - and yes, it's a huge PITA, but if I drop dead between logins, or a coming earthquake causes me to run down the road screaming in terror and someone breaks in while I'm gone, or else, you know, whatever, no one can finish what I started unless they get my Master password).

What's strange in LP 4.0 about retyping my password is that instead of retyping into the box I'd normally get on-page, a new tab opens up with the address: resource://support-at-lastpass-dot-com/lastpass/data/tabDialog.html?dialog=reprompt with a box with a space to type your password into. It's quite distracting because then you have to go back through your tabs and try to remember what tab you wanted to log into. What's even weirder is the above URL does not show up in Firefox's history (I had to copy it by visiting another website while typing up this post).

Another issue is that when you first open Firefox and visit a web page that you log into, then log into Lastpass, instead of the page you're on refreshing with your LP log-in options, you have to manually refresh it yourself OR log in from the options up in the Lastpass dropdown menu. I'm hoping it's a bug and not a permanent "feature" because it's another distracting waste of time.

Yet another strange feature is the new Emergency Access option. With this feature access is granted to a "loved one" within an amount of time you specify. Your options are Immediately, 3 hours, 6 hours, 12 hours, 24 hours, 48 hours, 3 days, 7 days, 14 days, 21 days, and 30 days. There is no Custom setting, so if you want to grant access 4 days and 15 hours or two full months from now, you're out of luck. I also don't find it useful when I can't predict when I'm going to need it. Let's go back to an earlier paragraph, which has me dying between logins (this sounds like something I'd do) or running away in terror from an earthquake.

Emergency Access, the way Lastpass has it set up now, is not helpful for scenario #1. If I drop dead between logins and need someone to tell my DW buddies, "Hey guys, MM bit the dust, so this a memorial account from now on, peace out", who's going to do that? I can't set up emergency access to say, "Mail access code to someone@example.com after I don't log in to Lastpass for n days". I can't set it up to allow someone access at some far date in the future (in case I die slowly but predictably enough, but don't feel like tooling around with LP settings in the meantime).

I guess the options in place now are better than nothing, but I think they're open to misinterpretation, are confusing, and could easily be expanded to give users more options explained in a much clearer way.

And that was just my first three minutes with 4.0! I bet you'd all hate to see my review after another hour or so.

Linkies

Dec. 3rd, 2015 11:00 pm
marahmarie: my initials (MM) (Default)

This is a random-stuff-is-random random kind of post. Yes, that sentence is an example of good grammar.

A Faster Web and You

CloudFlare has turned on HTTP/2 for all users. Once all websites do this, I'd expect even our ridiculously slow and overpriced USian web connections will not hurt page loads so much (what hurts more than you'd think: the code underlying them and Flash, the bane of my online existence).

Dreamwidth uses CloudFlare, which is a CDN (Content Delivery Network). CDNs work by caching and serving web pages faster than the website they originated from can. This differs from AOL's CDNs, which improve(d) speeds, but required AOL to do the very thing netizens like to joke about - download the entire Internet, with the cache rebuilt entirely once every few days. The performance lift - which I noticed because I used several dial-up services besides AOL back in the day, but found AOL's superior, speed-wise - was negligible compared to how much a cache for each website - as opposed to an ISP caching the entire web - can make.

Adobe says to stop using Flash. Actually, the title's extremely misleading - Adobe is telling developers to stop using Flash, not telling us to stop using it. The "something else" we all could - and should - be using by now is HTML5, but monopolistic chokeholds rule the day, don't they *cough* Adobo Photochop *cough* Googly *cough* Facebrook (a steady stream of faces, omg). Flash chokes computer memory, ties up CPU and essentially freezes web pages (and sometimes your entire browser) so you can't do simple things like ever finish loading a web page or scrolling down without molasses responses ensuing. I hate Flash soooooo much, have I said that already?

Can I say it again?

Protecting yourself on a compromised computer, exclusively for Lastpassians. I am one, but haven't had a chance to take all the steps mentioned in the post (and my God, I thought I wrote long how-tos for Anti-AOL!) so I'm including this page as much to remind myself to Do Something as to spread the unbridled joy of insecure HTTP. Happy holidays! Fwiw, I doubt anyone will _ever_ crack my master pass; it's at the far upper end of the character limit, is not stored anywhere in physical or digital form (outside of whatever salts and hashes LP stores on my computer to checksum it, I guess?), it uses a mixture of character sets, and somehow, yes, I can remember this motherfucker. Don't ask me how.

Don't cook Van Halen in Christian vegetable oil, Fascist

This last mishmash of links gets deposited where - if I can ever remember to - I will get to enjoy them again and again.

Growing up, my boyfriend had just one rival; his name was Eddie Van Halen, and the most perfect picture of him hung in poster form above my bed for many years (the only poster to displace my treasured Gotta Get A Gund teddy bear posters, which I actually went back to displaying after my EVH fixation died down). I never got over my crush (and except for the grey beard he still looks 20something, which doesn't help) so I was delighted to read a full page of EVH trashtalking. Fun, if you can put aside that he thinks a lot of himself. Considering the depth of his talent, I suppose he can if he wants to. David Lee Roth - good-looking, funny, and the absolute star of every Van Halen video ever made, has always - and rather conversely, given I don't really dislike him - gotten on my nerves.

Next, stop using this. Like, seriously. I bought a gallon of it right before reading this and I'm going to use it (or let others do that for me; whichever) but I think that's it. I fried clams in extra virgin coconut oil the other night because Veg Oil Bad (which I always kind of suspected simply because the stuff stinks up the house so much) and they were perfect - crispy-golden and completely non-greasy, with not one drop of oil on them once drained - yet tender on the inside. EVCO is USD $11 a quart at Walmart but that's still cheaper than any hospital bill. I just wish someone had told us not to use it at least 30 years ago, back when stopping would've benefited the elderly - such as myself - a lot more.

Which reminds me, bacon is bad, too. Sausages, salami, bologna, basically anything with a nitrate/nitrite in it. I don't care and plan on not not ever eating any of that again, because I like the taste of all those things, and life's too short to live on quinoa and five mile runs and call my time on Earth well-spent. Bacon is especially heartbreaking to think of not eating or cutting back on, though, because I eat it all the time, broiled crisp and served next to over-easy or scrambled eggs, crumbled into salads and homemade sauces, nestled within cheese sandwiches, and I use the leftover grease to fry other foods and season cast iron pans. I just love the stuff. (I could even amend my old saying to: "With duct tape, WD40 and bacon there's nothing on Earth you can't fix".)

Hot dogs and bologna, though, piss me off because I told my mom for the last 10 years she was alive to stop eating the stuff, for fear it'd kill her. I thought both foods were garbage - they don't even count as "food", as far as nutritional value goes - so every time she made a hot dog or bologna sandwich and asked if I wanted one, which was quite often (I often felt like my mom could just live on a steady diet of both) I flinched. And look where we are now (no more mom). I'm not suggesting bologna and hot dogs killed her. I still eat both myself, but I'll indulge maybe 4-5 times a year; she'd indulge that many times a week. I actually think our shared cigarette smoking habit was safer.

Your religious upbringing makes you less generous. Most Republicans are Christian-leaning, yet conversely believe the poor should die in gutters rather than get any financial or medical help, so that ties up loose ends rather neatly as to how so many Christ-espousing people can be such selfish, greedy bastards. They're hollow inside because they take it for granted that simply espousing a faith means they've done all they need to do for anyone else.

I wasn't raised in any religion, unless you count my mom occasionally rolling her eyes, shaking her fist at the ceiling and saying how much she hated that sonofabitch as being raised within the fold (I mean obviously she believed in something, and if religion is a passion, boy, was she passionate about it). That's genetic, btw; I do it, too. At least God can't say we don't acknowledge him somehow. I'm no big fan of his - at all - and have no use for any of the God is Good fairy tales that the more starry-eyed brainwashed types like to tell because they whitewash too many facts. I really like Christ, though. Much kinder, more interesting.

And lastly, they say to watch out if Donald Trump gets elected because he's Fascist, so to understand why they're so afraid of this I've read The Rise of Hitler and am now reading the next book, a synopsis of Hitler's role in WWII, and it is enlightening (I'm only up to the part where Hitler is about to round up all the Jews, not just the smattering his troops have been going after pretty much at random for years). The final book, of course, is The Defeat of Hitler.

If, by calling Trump a Fascist, people are saying that once he's elected he's going to be Hitler all over again, then - unless you're into that sort of thing - we're all screwed. I never knew how harmful Fascism is to the very fabric of society and how it tears apart even the family itself until I began reading all this, nor did I grasp to exactly what destructive extent Fascism can completely control people's lives.

But Trump does remind me of Hitler too much for comfort. And I like Trump, as a person, though I don't care for his racism at all. But a lot of people liked Hitler before he screwed everyone over with his endless series of lies, deceptions and empty promises and went off the deep end to do what he wanted (which, to give you the Cliff Notes version, was to have all races fight each other until one master race emerged which didn't have to be German but did have to be the strongest, toughest, and most physically superior) so there's a lot to be said for history giving us fair warning that simple charm and smoothness does not equal being a good or honest person at heart.

marahmarie: my initials (MM) (Default)

I mean, this is not even the issue I was searching for but Google being Google of course brought me to a LastPass forum about trouble logging into Google with LP when I searched for 'problems logging into Lastpass' (the program, not the sites it lets you log into). I'm skimming the posts there because I didn't know anyone was having trouble logging into Google (I'm not, if that helps anyone, which I'm sure it DOESN'T) when I got to this person, who was saying:

It's still working for me. I can sign in just fine using the new login page.

Well, good for you! It's obviously NOT working for others out there - or there wouldn't be a forum thread on the issue with more than one contributor, you know, contributing to it.

Then this person decides to be helpful, which in this case pushes the definition of the word "helpful" into another dimension:

This is what my entry looks like if that helps.

Actually, it doesn't.

Then he goes on to sort of helpfully add:

Try resaving the entry using Save All Entered Data if you're still having trouble.

Wait, slow down there buddy! Doing so is actually a non-intuitive PITA; you have to find - and use - the tool from within the icon dropdown, assuming you have the LP icon displayed in a browser toolbar. Does he say that? Of course not.

Does he link to anything helpful on the topic? It's hard to say. The one link he includes goes to a Login Problems page which may or may not have the info this user will need.

Last but not least, have this nice shiny little screencap of how shit's working just fine on his rig, yo, so why isn't it on yours:

Image

OK, let me breathe...one...two...three...oh, and I apologize in advance if you happened to like me before I wrote this (which is highly unlikely), but...

I have nothing against someone saying something's not happening for them that is happening for others if saying so is needed; for instance, when I was maintaining a userscript that people sometimes encountered errors with, it was often useful to point out that since I wasn't experiencing those errors I would need more info/screen caps/better descriptions to look into the problem more deeply at all.

On the other hand, if userhandle jackass2 showed up to my script discussion to tell stymiedbutsincereuser1, 'Hey, I'm not having your issue, and here's a screen shot of how great everything looks and works on my end to prove it', tell me how that helps anyone get to the bottom of it (because you can't; it doesn't). All it tells me at best is that perhaps the issue's intermittent and/or user-dependent, which does zero to help anyone - it just wastes everyone's time reading useless info and/or looking at screen caps that don't help anyone figure out what's wrong.