marahmarie: Sheep go to heaven, goats go to hell (Default)

The Lastpass 4.0 Windows installer is convoluted; first you have to download a 10.9MB file for global (cross-browser) installation, then the installer, once running, insists you have to download the Firefox add-on separately (strangely enough, it made no such protestations for IE/Edge, perhaps because it installs an API (?) as opposed to an add-on - also, the API - or whatever it is - installs in Internet Explorer 11 but NOT in Microsoft Edge, which, if you're an Edge user, forces you to use IE11, despite your preference).

And while many, many Firefox add-ons are restartless, Lastpass is not, which never fails to amaze me, as it's one of the few full-fledged programs delivered via add-on that Firefox has. You'd think it'd be a bit more polished by now.

Once you restart Firefox, the GUI is different; it has bright, smooth red backgrounds, bigger fonts, and larger, more clearly defined boxes to type usernames and passwords into, but instead of the boxes appearing dead-center in the middle of the page like they used to, they appear in the upper right corner, which really isn't as easy to get to.

The strangest part, though, is logging into a website when you have to retype your password like I do (because I use the super-paranoid-everyone's-out-to-get-me settings, which require logging into Lastpass with username and password, then retyping my LP password for each website I log into - and yes, it's a huge PITA, but if I drop dead between logins, or a coming earthquake causes me to run down the road screaming in terror and someone breaks in while I'm gone, or else, you know, whatever, no one can finish what I started unless they get my Master password).

What's strange in LP 4.0 about retyping my password is that instead of retyping into the box I'd normally get on-page, a new tab opens up with the address: resource://support-at-lastpass-dot-com/lastpass/data/tabDialog.html?dialog=reprompt with a box with a space to type your password into. It's quite distracting because then you have to go back through your tabs and try to remember what tab you wanted to log into. What's even weirder is the above URL does not show up in Firefox's history (I had to copy it by visiting another website while typing up this post).

Another issue is that when you first open Firefox and visit a web page that you log into, then log into Lastpass, instead of the page you're on refreshing with your LP log-in options, you have to manually refresh it yourself OR log in from the options up in the Lastpass dropdown menu. I'm hoping it's a bug and not a permanent "feature" because it's another distracting waste of time.

Yet another strange feature is the new Emergency Access option. With this feature access is granted to a "loved one" within an amount of time you specify. Your options are Immediately, 3 hours, 6 hours, 12 hours, 24 hours, 48 hours, 3 days, 7 days, 14 days, 21 days, and 30 days. There is no Custom setting, so if you want to grant access 4 days and 15 hours or two full months from now, you're out of luck. I also don't find it useful when I can't predict when I'm going to need it. Let's go back to an earlier paragraph, which has me dying between logins (this sounds like something I'd do) or running away in terror from an earthquake.

Emergency Access, the way Lastpass has it set up now, is not helpful for scenario #1. If I drop dead between logins and need someone to tell my DW buddies, "Hey guys, MM bit the dust, so this a memorial account from now on, peace out", who's going to do that? I can't set up emergency access to say, "Mail access code to after I don't log in to Lastpass for n days". I can't set it up to allow someone access at some far date in the future (in case I die slowly but predictably enough, but don't feel like tooling around with LP settings in the meantime).

I guess the options in place now are better than nothing, but I think they're open to misinterpretation, are confusing, and could easily be expanded to give users more options explained in a much clearer way.

And that was just my first three minutes with 4.0! I bet you'd all hate to see my review after another hour or so.


Dec. 3rd, 2015 11:00 pm
marahmarie: Sheep go to heaven, goats go to hell (Default)

This is a random-stuff-is-random random kind of post. Yes, that sentence is an example of good grammar.

A Faster Web and You

CloudFlare has turned on HTTP/2 for all users. Once all websites do this, I'd expect even our ridiculously slow and overpriced USian web connections will not hurt page loads so much (what hurts more than you'd think: the code underlying them and Flash, the bane of my online existence).

Dreamwidth uses CloudFlare, which is a CDN (Content Delivery Network). CDNs work by caching and serving web pages faster than the website they originated from can. This differs from AOL's CDNs, which improve(d) speeds, but required AOL to do the very thing netizens like to joke about - download the entire Internet, with the cache rebuilt entirely once every few days. The performance lift - which I noticed because I used several dial-up services besides AOL back in the day, but found AOL's superior, speed-wise - was negligible compared to how much a cache for each website - as opposed to an ISP caching the entire web - can make.

Adobe says to stop using Flash. Actually, the title's extremely misleading - Adobe is telling developers to stop using Flash, not telling us to stop using it. The "something else" we all could - and should - be using by now is HTML5, but monopolistic chokeholds rule the day, don't they *cough* Adobo Photochop *cough* Googly *cough* Facebrook (a steady stream of faces, omg). Flash chokes computer memory, ties up CPU and essentially freezes web pages (and sometimes your entire browser) so you can't do simple things like ever finish loading a web page or scrolling down without molasses responses ensuing. I hate Flash soooooo much, have I said that already?

Can I say it again?

Protecting yourself on a compromised computer, exclusively for Lastpassians. I am one, but haven't had a chance to take all the steps mentioned in the post (and my God, I thought I wrote long how-tos for Anti-AOL!) so I'm including this page as much to remind myself to Do Something as to spread the unbridled joy of insecure HTTP. Happy holidays! Fwiw, I doubt anyone will _ever_ crack my master pass; it's at the far upper end of the character limit, is not stored anywhere in physical or digital form (outside of whatever salts and hashes LP stores on my computer to checksum it, I guess?), it uses a mixture of character sets, and somehow, yes, I can remember this motherfucker. Don't ask me how.

Don't cook Van Halen in Christian vegetable oil, Fascist

This last mishmash of links gets deposited where - if I can ever remember to - I will get to enjoy them again and again.

Growing up, my boyfriend had just one rival; his name was Eddie Van Halen, and the most perfect picture of him hung in poster form above my bed for many years (the only poster to displace my treasured Gotta Get A Gund teddy bear posters, which I actually went back to displaying after my EVH fixation died down). I never got over my crush (and except for the grey beard he still looks 20something, which doesn't help) so I was delighted to read a full page of EVH trashtalking. Fun, if you can put aside that he thinks a lot of himself. Considering the depth of his talent, I suppose he can if he wants to. David Lee Roth - good-looking, funny, and the absolute star of every Van Halen video ever made, has always - and rather conversely, given I don't really dislike him - gotten on my nerves.

Next, stop using this. Like, seriously. I bought a gallon of it right before reading this and I'm going to use it (or let others do that for me; whichever) but I think that's it. I fried clams in extra virgin coconut oil the other night because Veg Oil Bad (which I always kind of suspected simply because the stuff stinks up the house so much) and they were perfect - crispy-golden and completely non-greasy, with not one drop of oil on them once drained - yet tender on the inside. EVCO is USD $11 a quart at Walmart but that's still cheaper than any hospital bill. I just wish someone had told us not to use it at least 30 years ago, back when stopping would've benefited the elderly - such as myself - a lot more.

Which reminds me, bacon is bad, too. Sausages, salami, bologna, basically anything with a nitrate/nitrite in it. I don't care and plan on not not ever eating any of that again, because I like the taste of all those things, and life's too short to live on quinoa and five mile runs and call my time on Earth well-spent. Bacon is especially heartbreaking to think of not eating or cutting back on, though, because I eat it all the time, broiled crisp and served next to over-easy or scrambled eggs, crumbled into salads and homemade sauces, nestled within cheese sandwiches, and I use the leftover grease to fry other foods and season cast iron pans. I just love the stuff. (I could even amend my old saying to: "With duct tape, WD40 and bacon there's nothing on Earth you can't fix".)

Hot dogs and bologna, though, piss me off because I told my mom for the last 10 years she was alive to stop eating the stuff, for fear it'd kill her. I thought both foods were garbage - they don't even count as "food", as far as nutritional value goes - so every time she made a hot dog or bologna sandwich and asked if I wanted one, which was quite often (I often felt like my mom could just live on a steady diet of both) I flinched. And look where we are now (no more mom). I'm not suggesting bologna and hot dogs killed her. I still eat both myself, but I'll indulge maybe 4-5 times a year; she'd indulge that many times a week. I actually think our shared cigarette smoking habit was safer.

Your religious upbringing makes you less generous. Most Republicans are Christian-leaning, yet conversely believe the poor should die in gutters rather than get any financial or medical help, so that ties up loose ends rather neatly as to how so many Christ-espousing people can be such selfish, greedy bastards. They're hollow inside because they take it for granted that simply espousing a faith means they've done all they need to do for anyone else.

I wasn't raised in any religion, unless you count my mom occasionally rolling her eyes, shaking her fist at the ceiling and saying how much she hated that sonofabitch as being raised within the fold (I mean obviously she believed in something, and if religion is a passion, boy, was she passionate about it). That's genetic, btw; I do it, too. At least God can't say we don't acknowledge him somehow. I'm no big fan of his - at all - and have no use for any of the God is Good fairy tales that the more starry-eyed brainwashed types like to tell because they whitewash too many facts. I really like Christ, though. Much kinder, more interesting.

And lastly, they say to watch out if Donald Trump gets elected because he's Fascist, so to understand why they're so afraid of this I've read The Rise of Hitler and am now reading the next book, a synopsis of Hitler's role in WWII, and it is enlightening (I'm only up to the part where Hitler is about to round up all the Jews, not just the smattering his troops have been going after pretty much at random for years). The final book, of course, is The Defeat of Hitler.

If, by calling Trump a Fascist, people are saying that once he's elected he's going to be Hitler all over again, then - unless you're into that sort of thing - we're all screwed. I never knew how harmful Fascism is to the very fabric of society and how it tears apart even the family itself until I began reading all this, nor did I grasp to exactly what destructive extent Fascism can completely control people's lives.

But Trump does remind me of Hitler too much for comfort. And I like Trump, as a person, though I don't care for his racism at all. But a lot of people liked Hitler before he screwed everyone over with his endless series of lies, deceptions and empty promises and went off the deep end to do what he wanted (which, to give you the Cliff Notes version, was to have all races fight each other until one master race emerged which didn't have to be German but did have to be the strongest, toughest, and most physically superior) so there's a lot to be said for history giving us fair warning that simple charm and smoothness does not equal being a good or honest person at heart.

marahmarie: Sheep go to heaven, goats go to hell (Default)

I mean, this is not even the issue I was searching for but Google being Google of course brought me to a LastPass forum about trouble logging into Google with LP when I searched for 'problems logging into Lastpass' (the program, not the sites it lets you log into). I'm skimming the posts there because I didn't know anyone was having trouble logging into Google (I'm not, if that helps anyone, which I'm sure it DOESN'T) when I got to this person, who was saying:

It's still working for me. I can sign in just fine using the new login page.

Well, good for you! It's obviously NOT working for others out there - or there wouldn't be a forum thread on the issue with more than one contributor, you know, contributing to it.

Then this person decides to be helpful, which in this case pushes the definition of the word "helpful" into another dimension:

This is what my entry looks like if that helps.

Actually, it doesn't.

Then he goes on to sort of helpfully add:

Try resaving the entry using Save All Entered Data if you're still having trouble.

Wait, slow down there buddy! Doing so is actually a non-intuitive PITA; you have to find - and use - the tool from within the icon dropdown, assuming you have the LP icon displayed in a browser toolbar. Does he say that? Of course not.

Does he link to anything helpful on the topic? It's hard to say. The one link he includes goes to a Login Problems page which may or may not have the info this user will need.

Last but not least, have this nice shiny little screencap of how shit's working just fine on his rig, yo, so why isn't it on yours:


OK, let me, and I apologize in advance if you happened to like me before I wrote this (which is highly unlikely), but...

I have nothing against someone saying something's not happening for them that is happening for others if saying so is needed; for instance, when I was maintaining a userscript that people sometimes encountered errors with, it was often useful to point out that since I wasn't experiencing those errors I would need more info/screen caps/better descriptions to look into the problem more deeply at all.

On the other hand, if userhandle jackass2 showed up to my script discussion to tell stymiedbutsincereuser1, 'Hey, I'm not having your issue, and here's a screen shot of how great everything looks and works on my end to prove it', tell me how that helps anyone get to the bottom of it (because you can't; it doesn't). All it tells me at best is that perhaps the issue's intermittent and/or user-dependent, which does zero to help anyone - it just wastes everyone's time reading useless info and/or looking at screen caps that don't help anyone figure out what's wrong.

marahmarie: Sheep go to heaven, goats go to hell (Default)

I was editing a post on Dreamwidth today logged in as [personal profile] marahmarie when apparently my connection timed out. Not knowing I was logged out, I hit the Preview button - but even as DW loaded my preview, LastPass logged me back in - as [personal profile] style_test, my layout-testing account (LastPass detected I was logged out, and since I store multiple DW passwords in LastPass, it used the first DW name it found to log me back in).

Then DW showed me my post preview - under the username [personal profile] style_test. The page even said, "[personal profile] style_test wrote:" followed by my entry, as shown in the screen cap below.

Previewing mm-writes's posts while logged in as style_test - click for full-size

LastPass's ability to log me back into Dreamwidth from the preview page is concerning for several reasons - one being that I didn't know we could log in (or use a password manager to log in) from the Preview Page, and two that LastPass's choice of logins for that page - [personal profile] style_test instead of [personal profile] marahmarie - resulted in me being able to preview an entry I wrote under the username [personal profile] marahmarie while I was logged in as [personal profile] style_test.

Wanting to see how this would play out, I continued editing and previewing for a few minutes while logged in as [personal profile] style_test, which went normally (but probably shouldn't have "gone normally", considering the last login), then I hit the Post to: button, only to get a message from DW saying that it "could not find selected journal entry".

DW lets me preview but not update other account's posts

I wasn't able to update posts created by [personal profile] marahmarie once Dreamwidth detected I was logged in as [personal profile] style_test, so I hit the back button to see if I could edit the entry again; the entry was still in the post editor but greyed out, as though it was in view-only mode. What was even weirder was the greyed-out page claimed I was editing and posting to "community [personal profile] marahmarie" (this is a personal journal, not a community).

DW tells me I'm posting to community mm-writes while I'm logged in as style_test

So I wasn't able to edit or update entries by [personal profile] marahmarie once Dreamwidth fully detected I was logged in as [personal profile] style_test. But I was able to edit and preview those entries until I hit the Post to: button, despite already being logged in with my other username.

I think this is strange behavior on Dreamwidth's part - when your connection to Dreamwidth times out, it's not Dreamwidth's fault if your password manager logs you back in with a username you weren't using at the moment, but I think Dreamwidth could stop the site from letting you edit and preview posts belonging to that username when you can't update them without logging out, then logging back into the right account.

I also think it's fairly reminiscent of a LiveJournal bug that works the same way. I would use the bug on purpose to test new layouts and certain layout changes with existing posts on journals I owned (which saved me from having to copy posts with HTML that didn't display right into a test journal). As far as I know, LJ has never fixed the bug.

Either way, I thought it might be helpful to report what I saw today to Dreamwidthians at large to see if anyone thinks I should let DW Support know about it.

marahmarie: Sheep go to heaven, goats go to hell (Default)

*curses/grumbles/moans/can't write for wanting to break something*

I've had it up to here with LastPass. I wasn't going to write about what already had me going but now I am, and they can just deal with me and everyone else bitching because it's too much for me to hold in anymore.

LastPass didn't 'force' everyone to change passwords. That's a lie.

First of all, they screen comments on their dinky little Blogspot so weeks ago, after the last security breach, when I went all MM, Girl reporter on them by asking a series of questions via comment to clarify some of the things they'd said, they not only didn't unscreen it, but they added an update to the article later on saying if people's comments weren't unscreened it was because they were being kicked to the Spam folder so write to them at such and such an address and they'd find the comment and publish it.

LastPass didn't 'force' everyone to change passwords. That's a lie.

So I did. I'm nothing if not cooperative. Unless you cross me.

LastPass didn't 'force' everyone to change passwords. That's a lie.

Some woman wrote me back later saying she couldn't find the comment in the Spam folder - which is bullshit. I signed in to make the comment with Dreamwidth OpenID and that comment was "lost" like I just lost my left foot writing this. Come on.

LastPass didn't 'force' everyone to change their passwords. That's a lie.

That was the first thing. They're only as transparent as they feel like being after a security breach. I want them to be transparent, period, but they're not being completely upfront. If they were, for one thing, they would have published and responded to my questions.

LastPass didn't 'force' everyone to change passwords. That's a lie.

We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

Here we go again. I can't leave a comment to say my account never got forced to change its master password because they're going to eat that comment alive. If they don't want to answer a few questions, you can bet they don't want anyone to know of this little flaw in their forced-password-change system, either: IT'S NOT WORKING. AT LEAST IT'S NOT WORKING FOR ME. And god knows how many other people haven't been forced to change their master passwords, either. That's a pretty big fucking flaw in their system, if you ask me.

LastPass didn't 'force' everyone to change passwords. That's a lie.

Everyone getting the message? When you run a big-deal online business it doesn't pay to piss people off. Guess I'll go change my master password now - but there's nothing going on in LastPass's system to force me to - that's for sure.

marahmarie: Sheep go to heaven, goats go to hell (Default)

I'm happy to announce something that would normally make me miserable to even think about: my LastPass add-on was at fault in the case of the Yahoo account that I thought was compromised - not a hacker. I had an auto-fill and an auto-login set up for it but both stopped working 4 days ago. I still have no idea why.

So tonight I went into my Lastpass vault (I try not to go in there too often - I call it The Crypt for what an indecipherable mess it is) about 5 minutes ago to look things over and found no auto-login and no autofill present, but I did find a log-in that worked listed among my email passwords - exactly where it's always been.

So that's sorted out. I almost feel like blurting out something stupid, like "Merry Christmas" - four days of unbearable tension and anxiety just went *poof*. I can't even explain how much better I feel.