Iirc the way that blind works is by verifying you work at a specific company but then that email address cannot be used again.

It’s not associated with your specific account.

Someone who worked at blind explained that but there’s no way to know this for sure.

These states:

• Florida, Nevada, New Hampshire, South Dakota, Tennessee, Texas, and Wyoming
• Arizona
• California
• Massachusetts
• New York
• Washington

At least Amazon is thinking of the shareholders.

The hardest thing about Linux Mint is installing all of your software. It’s daunting even for very established users.

I moved from Ubuntu to LM a few months ago and I’ve enjoyed it.

The biggest reason I use jellyfin: you don’t need to pay for plex premium to stream to your phone.

I get plex needs to make money. But talk about a basic feature that people need…

I’ve requested confirmation and have only gotten it once or twice.

What I’ve started doing is actually just sending them their same exact terms via their corporate registered address (regardless of their instructions) with the arbitration clause and jury trial waiver and just about anything I don’t agree to removed. I tell them so long as they continue to provide the services to me, that they implicitly agree to the terms I’m sending them, with any further updates requiring them to send a registered (not certified) letter.

I intentionally do not provide any way for them to identify my account except for the return address.

I figured if I ever had to go to court, one of these things would happen:

• judge finds that the original terms are enforceable, which means I’m no worse off
• judge finds that my amended terms are enforceable, which means it worked
• judge finds both terms unenforceable and I can continue to sue them

So far, no company has ever written me back or turned off my access to the site.

I suggest everyone do this because these forced arbitration clauses are very anti-consumer and we need to start clawing back our rights.

Car companies have definitely imagined this. And if they could, they 100% would.

I think I used to do something similar with email spam traps. Not sure if it’s still around but basically you could help build NaCL lists by posting an email address on your website somewhere that was visible in the source code but not visible to normal users, like in a div that was way on the left side of the screen.

Anyway, spammers that do regular expression searches for email addresses would email it and get their IPs added to naughty lists.

I’d love to see something similar with robots.

No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.

There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.

It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.

Think about this for a second.

And realize that this twat is writing laws.

It’s sad that so many plugins like this exist.

Remember ExpertsExchange? They charged people for the correct answer but was in the top 10 results. They got blocked very quickly when Google, yes Google, allowed you to block any site from your search. That feature is now gone and you have to specify that in your search terms.

For those who are unfamiliar with both Bandcamp and Bandcamp Friday, can you ELI5?

Back then, Amazon was the shit. My GF at the time and I cancelled our Costco membership because shipping was good and selection was better.

Now, Amazon is shit. And now back to buying in-store whenever possible. And got a Costco membership again.

I have a running cart in my Amazon and about once every two weeks I’ll hit the purchase button.

Just not worth it anymore.

If the attack was carried out over one IP address, they should have been able to detect it.

There is no real reason why 7 million different accounts access the site from one location.

I don’t know how sophisticated the attack was but the future threat is instead of DDOS attacks would be distributed ACCESS attacks where millions of controlled devices attack a site with known credentials to download small bits of information over time. Even better if you can work out ahead of time the account’s general location and then assign devices in the area to access that account.

I use yubikey everywhere it’s available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

But today, it’s usually as simple, or simpler, than TOTP.

So it might be worth trying again. I’d use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you’re into that.

I just wish YubiKey could store more than like 30 TOTP tokens.

Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.

• never use the same username and password in two or more places
• always use MFA, a hard token if you can like a yubikey

Time to buy shorts. Or puts. Or kangaroos. Whatever.

I don’t know a fucking thing about stonks.

The Jack Welsh way…

That guy is literally, not figuratively, responsible for most of the shitty things that companies do now.

“Conservatives don’t care about free speech. Conservatives cares about power. Faithfulness, old-time values, homemade bread, that’s the just means to the end. It’s a distraction. I thought you would have figured that out by now.”

• slightly altered quote from Handmaid’s Tale

Which is damn near cheap compared to other companies. I personally use dashlane (I know I know I should self host but I don’t trust myself for something as important as passwords) and that’s $60 for their premium package.