E-mails have been spotted in circulation that appear to be from aff or shadow -at- affsdiary.com; these e-mails request personal information and promise a prize if that is updated on a profile which looks similar to Shadow’s wordpress.:
I’ve updated the look of my wordpress so all of the profiles were reset! There are now great benefits to having an up to date profile, so if you can please do that it would be great!
Each section of a profile gives points, and you can spend those points for discounts on PayPal purchases! Click directly here!
More info is at the Affsdiary page, which I strongly, strongly urge you to read.
My website does not require the kind of information that the data-mining scam is requiring for the supposed ‘update.’ I will never require that depth of information from anyone. The only thing you need to comment in this site is a username and email, or a WordPress/Gravatar ID, since you can log in to comment using either. We don’t ask for personal information, we don’t want it and don’t give it to us.
Better site security is a good thing, especially if it helps you protect your private information. I know some nutjobs would say ‘oh, if you’re scared about the government, then you have something to hide!’ crap, but really, waving the government around like a huge red flag trying to get the bull to charge ignores the other guy sneaking up behind it – namely: computer crime still exists, and it is a good idea to secure your site against those legitimate concerns. I’m not a security expert, just some person who wants to make her living writing, but HTTPS is a GOOD THING – especially if you’re using your WordPress to manage your online business or professional blog. WordPress getting you that bit of extra security built in for your site, if you use WordPress hosting, is a seriously awesome thing, because if you’re the average blogger (like myself) you’re not likely to know much about the latest in online security or protection or even more than basic HTML tags (the ones that give you italics, bold, images and links are about the extent of my HTML knowledge.)
I repeat my statement about not being an online security expert, so please just use the links and my opinion as a starting point for further research from a mostly consumer’s POV, and as someone thinking about wanting to sell a product online (In my case, books/art). If you think I’m an uneducated idiot, spare us both wasting the time and browse away.
Anyone still here, feel free to go on.
So, why is HTTPS a good thing? Instead of trying to explain it and mangle the explanation, I’ll quote and link some of the people who DO know what they’re talking about.
HTTPS Everywhere protects you only when you are using encrypted portions of supported web sites. On a supported site, it will automatically activate HTTPS encryption for all known supported parts of the site (for some sites, this might be only a portion of the entire site). For example, if your web mail provider does not support HTTPS at all, HTTPS Everywhere can’t make your access to your web mail secure. Similarly, if a site allows HTTPS for text but not images, someone might be able to see which images your browser loads and guess what you’re accessing.
HTTPS Everywhere depends entirely on the security features of the individual web sites that you use; it activates those security features, but it can’t create them if they don’t already exist. If you use a site not supported by HTTPS Everywhere or a site that provides some information in an insecure way, HTTPS Everywhere can’t provide additional protection for your use of that site. Please remember to check that a particular site’s security is working to the level you expect before sending or receiving confidential information, including passwords.
One way to determine what level of protection you’re getting when using a particular site is to use a packet-sniffing tool like Wireshark to record your own communications with the site. The resulting view of your communications is about the same as what an eavesdropper on your wifi network or at your ISP would see. This way, you can determine whether some or all of your communications would be protected; however, it may be quite time-consuming to make sense of the Wireshark output with enough care to get a definitive answer.
You can also turn on the “Block all HTTP requests” feature for added protection. Instead of loading insecure pages or images, HTTPS Everywhere will block them outright.
On supported parts of supported sites, HTTPS Everywhere enables the sites’ HTTPS protection which can protect you against eavesdropping and tampering with the contents of the site or with the information you send to the site. Ideally, this provides some protection against an attacker learning the content of the information flowing in each direction — for instance, the text of e-mail messages you send or receive through a webmail site, the products you browse or purchase on an e-commerce site, or the particular articles you read on a reference site.
However, HTTPS Everywhere does not conceal the identities of the sites you access, the amount of time you spend using them, or the amount of information you upload or download from a particular site. For example, if you access http://www.eff.org/issues/nsa-spying and HTTPS Everywhere rewrites it to https://www.eff.org/issues/nsa-spying, an eavesdropper can still trivially recognize that you are accessing www.eff.org (but might not know which issue you are reading about). In general, the entire hostname part of the URL remains exposed to the eavesdropper because this must be sent repeatedly in unencrypted form while setting up the connection. Another way of saying this is that HTTPS was never designed to conceal the identity of the sites that you visit.
Researchers have also shown that it may be possible for someone to figure out more about what you’re doing on a site merely through careful observation of the amount of data you upload and download, or the timing patterns of your use of the site. A simple example is that if the site only has one page of a certain total size, anyone downloading exactly that much data from the site is probably accessing that page.
If you want to protect yourself against monitoring of the sites you visit, consider using HTTPS Everywhere together with software like Tor.
HTTPS encrypts nearly all information sent between a client and a web service.
For example, an unencrypted HTTP request reveals not just the body of the request, but the full URL, query string, and various HTTP headers about the client and request
There’s some images there as an example but I would advise clicking on the links and reading further.
For me, as the Ordinary Web User sort of person, I rather like anything that will make sure that my credit card details won’t get stolen as I enter the number…or even before that, my password stolen when I log in. I like knowing that the site I’m visiting is actually the site I want to be seeing, and in the case of business sites like online stores, this is important because we’re dealing with hard earned money here AND my personal details, like home address, name, phone number, etc. For WordPress to offer that built into the WordPress sites they host, that’s awesome, and from a business perspective, a good move.
All that has fuck-all to do with government spying. Which is why, especially in the US, you should pay attention to shit like this. Buying stuff online – whether it’s a book, video game, or placing an order on your grocery store’s online ordering system- it is very much in your best interest to have the strongest encryption and best cyber-security available – not just HTTPS. Similarly, it is in the best interest of businesses – not just in the US – to provide customer security when they go to order stuff online. THEY are the ones responsible, for the most part, for keeping your private data secure and safe; and its’ additional help to prevent your passwords, credit card info, etc, from falling into the wrong hands when you’re just signing up. HTTPS helps with that. It is but one aspect of website and browsing security, but for very basic end users like myself, it’s pretty important. I am not saying that it’s the cure-all, but it does help patch some of the holes (and the other holes are outside the scope of this post anyway.)
Bear in mind as well that we no longer just access the Internet on computers, but on our smartphones as well. So having good encryption on your phone and the apps you use has completely valid reasons to be there – just imagine how bad it’d be if your smart phone were stolen or even just dropped out of your purse, pocket or jacket while going about your everyday errands. What if you used it to go shopping on Ebay, or Amazon, used it for online banking, Facebook, Twitter, Paypal, reloading your bus/train card (you should see how they use the Octopus card in Hong Kong! It’s really LIKE a replacement wallet!) etc. Also say, if you used it to verify security for things like Battlenet, Steam, the abovementioned shopping sites, and so on. There are even some phones and banks now that support the smartphone being a replacement paywave card.
So, that’s kinda like losing your wallet, except in this case your wallet contains the keys to your virtual house, your bank, your TV… and you can’t call the bank to get your credit cards cancelled because your phone is gone. So how many smartphones these days support you attaching it to a lanyard so you can wear it around your neck or attach it by chain to you physically? (I rather miss the old text only phones I had for that reason.)
So, do I, as an ordinary, everyday user, who has no criminal record and has nothing to hide from the government, have legitimate reasons to want the best technological security available? Hell yes. This is simply a logical frame of mind given the incredibly connected digital age we live in.
Wanting better digital security and privacy in this age is normal, and comparing anyone who wants that as a potential criminal is like bitching at someone who puts locks on their doors to keep thieves out as making it harder for the cops to kick down the door when the easily pissed off, and perpetually offended SJWs pull a SWATting on you for your thought-crimes with DARVO tactics, an increasingly and shockingly expanding form of petty retaliation for mere disagreement. Or, when police use a shit and unprovable reason for a search, like here; and more terrifyingly, this, which reminds me a LOT of what used to go on behind the Iron Curtain, or Nazi Germany.
I don’t think we want to live in a world where America decides it’s perfectly okay to act in the way that Communists and Nazis were decried for, and in the manner that the corrupt hold to power in many places of the world.
We should do well to remember Ben Franklin’s admonition about trading essential liberty for temporary safety: Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
Despite everything I’ve said above, I can completely understand the concerns, especially with regards terrorism, human trafficking, and paedophiles. I do not have a problem with reasonable, rational law-enforcement agency cooperation with companies, and international investigation. I believe that we have reached the current levels of problems with regards the questions of personal privacy and security versus criminals and terrorists, because of the over-reaches on both sides. Trying to make encryption as a whole illegal is wrong (without it, say goodbye to your personal monetary and personal data security) but treating companies that wish to protect those things for their customers and their business’ sake as if they were evil, and dragging them through the mud in the media ensures that everyone loses in the long run.
Other Links of interest that I ran across while reading; tangentially related to above post, because rabbit-hole tab explosion:
So here I am at o-dark-fuck you am, awake because some fucking dipshit just tried – and is still trying – to hack my WordPress accounts – both the one I use to comment and the one I use to write on my blog, as well as Aff’s account. To the tune of several million password attempts per second. Whoever it is is routing it through China, because that’s what the IP logs on my admin side says, but I highly doubt that I’ve pissed anyone off in China.
So I would advise everyone to use two-step authentication linked to your cellphone on your account, because that’s what 2016 security is going to require, it seems. And believe me, I hate that because nowadays smartphones do not have that oh-so-convenient cellphone strap attachment that used to let me put a lanyard on my phone and hang it around my neck.
I would advise using either the Verify Using SMS or the App.
It’s an extra pain in the neck, but honestly, in this VS the SocJusBullies war, it was probably inevitable since the loss of your online IDs and methods of communication is one of the many ways to silence opinions not approved by the New Totalitarian Howler Monkeys.
edited as of before lunchtime: Two Factor Authentication has been activated on my site; I am unsure how this affects users other than myself. I apologise for the inconvenience, but it is an unfortunate side effect of necessary security upgrades.
But sheesh, there’s nothing to gain from hacking my little blog. Whoever did this has no life, and frankly, has a pitifully empty existence that revolves around this blog and site.
less important edit: Related to my vast annoyance of not being able to attach wrist/neck lanyards / decorative things to my goddamn phone, it looks like I’m not the only one, but it’s an iPhone so that’s a bit easier. Still, most of the folks seeing this probably have an iPhone so I included it here for you crafty awesome folks out there. Yeah, I’m aware there are wrist straps for the ones that make you look like you’re holding a dainty little purse, but those annoy me because you have a book-like cover that flops over the camera most of the time. You’d THINK though they’d put in a strap hole, considering that there’s so much free space at the corners for cases and phones – which is where they USED TO PUT THE STRAP HOLES.
First off, you pretentious fucking douchebag SJWs, code, of ANY type will not give two shits of a rat’s ass about your hurt feelings, who you fuck, what you chop off or stick onto you, or what political opinions you hold. You fuck up your code no amount of crying and whining and throwing ickle tanties will make it forgive you and work. I’m no programmer, but just fuck up basic HTML tags and well, we’ve all been there. Type in the wrong command – oh wait maybe most of them don’t even know that. Never mind!
But seriously now, there’s nothing more coldly uncaring of gender, race, social or economic class or any of those silly irrelevant things as programming. Either your code works, or it doesn’t. Either your program works, or it fails miserably and needs debugging – in which case fuck you, find it, fix it. All it cares about is whether or not you have the skill to make it work. It does not care whether the fingers that typed across the keys belong to a white or black or green skinned person, nor does it care whether you have a penis or a vagina, or neither, or both, or like to suck cock or lick twat or dress up in a fursuit. It does not care if you are in a wheelchair or have massive tits and swing both ways.
None of that matters. What DOES matter is the pure, unadulterated unforgiving meritocracy of being able to make the hardware and software interact in the way it needs to, to bring about a result.
Really, it boils down to the simple reality that unmasks SJWs and the left with the cold hard truth: When it comes to true, brutally blind equality, they can’t handle it. They don’t want to deal with meritocracy, or skill, or truly even ground, they want everything handed to them on demand, or tantrums, life destroying and slander shall ensue!
Boo de Q_Q harder.
Linus Torvalds does not care about your fucking little fee fees. All he cares about “is quality and merit comes first and everything else comes second, and he doesn’t care if he offends people in this regard” – and frankly, that’s pretty fucking fair of him. None of this diversity in programming bullshit – I don’t give a crap if the person doing the code or writing the program is a girl or a guy, or likes to fuck a guy or not, or what their political opinion is. I really don’t. All I care about is ‘can this person do the job? Does that shit work? Is that program legit or does it have hidden malware?’
Don’t like that? Then make your own fork or program.. oh wait, no you can’t unless you have the skills, and since there’s more Q_Qing than actual skills to make stuff happen… we’re left with people just throwing massive tanties again.
This is triply true in engineering/development. It’s not like marketing or HR where everyone is special and an all-day meeting constitutes productive work, technical work is very well-defined with quantifiable, testable results where there’s not much room for second place. The winners in this space are those who Get Shit Done, not those who have the most friends or the most politically-correct agenda. And you will not Get Shit Done if you prioritize your team’s DNA over their skillset. Seriously, social skills do not mean a damn thing here–either your robot is the biggest, baddest mofo in the room and it crushes everyone else’s souls with its godlike power, or it’s not and its your souls getting crushed by someone else’s godbot. There’s something to be said for being able to deal with other humans when necessary but it’s a secondary skill, and one not generally used as companies tend to keep engineers as far away from the customers as possible.
Linus is the ultimate non-discriminating manager. He does not care who you are or what you look like as long as you’re good at what you do, and he won’t tolerate excuses. Which is exactly why diversity fanboys hate him so much–they don’t actually want an identity-blind society, they want an identify-focused society which simply flips the discrimination in favor of gender-studies weasels. They have to tear him down because, like Trotsky to Stalin, he vividly shows that what they claim to want is vastly different from what they’re actually implementing.
Please be advised: at this point in time my gmail is only a forwarding address and I do not reply using that, nor do I send any emails through this any longer. I use it as an initial contact point because it was my email address for years and years but it seems someone out there is spoofing it and sending malicious emails / spam / possibly infected emails.
I will tell people to contact me initially through that email address ([email protected]) but I will not reply using that same email.
If this seems abrupt and cranky it’s because I’ve been dealing with this all night long and haven’t slept yet.
I have asked friends to also pass this on, so if you got a link to here that’s why. Thank you for your patience.