So we were out to a nice restaurant with my dad yesterday for traditional goose eating on St Martin’s Day.
After the main course he picks up his phone and says “I need to get my coins!”
I stared at him: “Coins? What are you…”
He explains: “I’ve been playing Rummy on this app on my phone and they are terrible liars because they say it is free but you need coins to play and you can buy coins which I don’t but you can pick up coins every 4 hours and continue to play.”
I nearly fell of my chair laughing… my dad playing games that force him to pick up coins every 4 hours (I checked: BGA has Rummy and he is already playing randos on the app).
We proceeded to explain Freemium business models to him. He kept complaining those were all lies, either it is free or it is not. “They can’t have it both ways.” (Yes, they can.)
Then he claimed that there was something fishy about the “algorithm” because he was playing against supposedly human opponents who had fewer games but better winning quotes than him and how could that be with a luck-based game? So we had a lengthy discussion about German gambling laws and whether or not Rummy, Poker and Skat qualify as gambling in general. He said Rummy and Poker were luck-based while Skat was not. The argument being that with Skat all the cards are distributed between the players at the start of each round.
I tried talking about Knizia and my partner about the math master poker players use to manipulate the long-tail of the game… there was no convincing him.
PS my partner says MLEM is the most thematic Knizia he has played It’s erratic like cats…
Apparently it’s Scam Awareness Season in the UK. Of course nothing useful, like trying to reduce people’s levels of stress and desperation so that they don’t fall for them; it’s all about blaming the victim. But lots of people are pushing SMS verification… even though this was being discouraged by the people who know what they’re doing even before the pandemic began, because it’s even easier for a vaguely competent attacker to intercept SMS than ditto email.
What two factor authentication backed by a lousy second factor gets is substantial protection against bad password management. This is the big cause of lots of compromises, and so is very much better than nothing. I have seen many people who get an account compromised, which then gets leveraged into all the accounts. But the initial attack is not targeted, it’s because someone got hacked, and stored passwords in cleartext (or whatever), and their credentials are reused. SMS stops that pretty effectively. (I have seen some highly not-public data about this, and for the particular cases involved, sms-only was very nearly as good as a totp token. ).
A targeted attack might go after your sms messages, and then it is not useful, but, again, most people are not victims of targeted attack. Those who are likely to be (which includes me, for more than one reason) shouldn’t use sms, and should insist on something better.
Totp is never worse than sms, and usually better. Works for anyone with a computer, doesn’t expose your phone number. (If I get a phobe calk “from my bank” I know it’s fake because my bank doesn’t have my number.)
SMS sucks (for everything, not just 2fa), but it has at least the advantage of being ubiquitous and easy to use. And sometimes, something is better than nothing, which is the position much of the public is in. (I do not use it, except for a couple places where it is required, or the alternative is worse.).
[tangental: one of the security people I deal with is prone to going on rants that totp isn’t really a second factor, because if you know the seed, you know all the codes. I try to avoid mentioning it around them, and stick to safe topics, like the war.]
(Yeah, but you store the seed in a different place and don’t have to expise it.)
Amazon uk are onky offerung sms, and you can’t do it without agreeing to them spamming you.
Amazon USA lets you use your email address for it, which is even stupider than sms. Spam acceptance is not required.
I have a financial institution that I have to deal with that doesn’t offer anything but sms. (Or a robocall to the number on file, which is much of a muchness.). They used to offer a hardware token, but no more. The last human I spoke to expessef some surprise when I transferred my holdings elsewhere, because of this.
I have a couple other places where the choice is sms or a proprietary app. And I have another account where they insist on sending me a code by text, even though I use a yubikey there. (and the code couldn’t work, it is too short. ) I might think they left in in as a simple “hey someone is logging in “ alert, except the message comes from a short code, and doesn’t say who is sending it.
Our old sofa bed was getting long in the tooth, so we ordered a new one from an online store, and it arrived a month later. I took apart the old Ikea sofa and lugged it downstairs in pieces. I just about got the three huge packages up the stairs and set about assembling the thing, only to find that one of the metal bars is welded at 90 degrees from the angle it’s supposed to be at, so a key screw has no screw hole. The whole thing feels really slapdash, lacks complete instructions on how to put it together, and has components that simply don’t fit properly. Honestly, quite a shock. I’m beginning to have a smidgen more respect for Ikea. Meanwhile, we have no usable sofa.
Today I found out my vision has gone from -6 to -7.5. The first change in about 15 years, and suddenly my eyesight is much worse. Weird.
Oh, and the bed bits are getting replaced, with a person tasked to do the disassembly and reassembly and disposal of borked bits, and we got about 20% off the price for the inconvenience, so it’s not all bad.
These are the ones that my kids wear. They have peripheral mini lenses on them to create off axis blur, which in turn prevents eye growth, which redcues myopic progression, which most commonly happens in 8-20 year olds. The research evidence is very strong, and anecdotally in my clinic they’re outperforming the research.
If eye growth is the cause, how is screen (over)use related? Any ideas on what could cause such a sudden change? I literally had new lenses and a eye test earlier this year where we wavered between -6.5 and -6, and settled on my old prescription, so to suddenly jump to -7.5 is very disconcerting.
My sight varies with my migraines. I don’t get what people call auras but I have days where I see really bad usually along with a migraine that can be caused by a variety of factors. Once migraine subsides my eye-sight goes back to what my glasses correct. (something -2 or so). This is especially bad when staring at screens or trying to read.
One factor for me is my back/neck causing tension headaches (from bad posture while staring at screens mostly) that turn into migraines.
So for my there are fluctuations in how well I can see.
This is a permanent worsening of my sight though, which I definitely noticed this year, though I can’t pin down exactly when or why the change happened.
I wouldn’t mind so much that I had to change glasses, but with the new -7.5 lenses I can no longer comfortably focus on text that’s too close! As of today, I’ve decided to use the old, more comfortable, -6 glasses for indoor use, and switch to -7.5 when I go outside. That in itself is an uncomfortable adjustment each time, but it’s better than struggling to focus on my text indoors, and feeling unsafe on the bicycle outdoors.
Since having an unfortunate incident with a concrete pillar in September. We’ve been waiting for a new bumper for our motorhome (RV). When contacted last week, the supplier still had no idea when it would be available, so we got fed up and fixed it ourselves with many screws and strong adhesives:
It’s erratic like cats…
