1. The game was fairly fetch quest-y but I think even the fetch quest format could be interesting with more storytelling around the instruments/people involved.
2. The rhythm game part was fine and straightforward but would get repetitive fast. I have like a million hours on Crypt of the Necrodancer though, which has lots of novelty in it.
3. It could also be interesting to do something like Terry Rileys's "In C" (or perhaps more interactively "In Bb" https://www.inbflat.net/ ), have you considered it? Though I did like hearing some of the parts line up together too.
Yes this whole thing is tricky because I kind of do want to make the unapologetically difficult version but then I am worried it will be too hard for most people to play, but then the people who do stick with it and make it through might find it even more satisfying. So it's a tricky one!
I hadn't heard of Terry Riley until just then but yes, that is very much in line with what I was going for! There's something just fascinating in itself about hearing individual lines of music come together, it's a reward in itself, and it does feel like someone should be able to make a game around it.
As opposed to username/password, where... An attacker that controls the email address can log right in.
Unless you mean to say I should set up 2FA for my CSS theme variable helper website?
Passkeys and OAuth/social login are great, but everyone has an email. And I don't think any mainstream site supports only passkey as an auth method (and no other way).
"Passkeys and OAuth/social login are great, but everyone has an email"
big tech is only allowing Social login from another big tech anyway, they use whitelist and banning everyone that dont use that because they cant guarantee untrusted "third party"
>The card information will be known to the viewers by using RFID (radio-frequency identification) technology for the very first time at the WSOP. Each card has a microchip embedded in it that has no impact on the cards or play, but with a specially-outfitted poker table, can send an encrypted signal to decipher the card’s rank and suit. The WSOP has used this technology during the 2012-13 WSOP Circuit season with success, and it is found throughout European poker events as well.
There are a lot of dedicated anti-detect browsers, you can search for that term or fingerprint switcher, multi-accounting browsers, etc. Many of them are based on Chromium.
In my experience they're generally detectable by mismatches in various attributes compared to the "real" browser whose user agent they are spoofing (though of course, the ground truth of adversarial detection is always hard to know for sure).
The author, Dan, is at FusionAuth, so that might be a good place to start.
I work for Stytch (another CIAM provider) on the fraud and security side and we do these too. I'd say you see credential stuffing defenses integrated into the auth provider rather than standalone rate limiting because so much of the relevant context is tied up in the auth side.
And, all the error messages end up being bad, as is the case for many security things. For our own features like Intelligent Rate Limiting https://stytch.com/docs/fraud/guides/device-fingerprinting/d... it's usually a bad idea to tell a user "You hit the limit, come back in an hour or contact support" because it gives an attacker information on how to improve. And we regularly see probing behavior where an attacker is trying to find the edges of a defense before starting a full-scale attack.
On the side topic of error messages - if you've ever seen "If your account exists, the password has been reset" that's another useless error message because "No account exists with that email" enables account enumeration.
It's a problem even on the company side. If the people responsible for marketing are judged on vanity metrics, they'll assume a conversion problem is later in the funnel. And even for venture-backed startups, I feel there is an incentive to turn a blind eye to bot signups since it juices numbers for investors who aren't paying attention.
That's interesting - I had seen some news articles reporting that some Chinese pig butchering scammers were encouraging others to target foreigners only, and exclude the mainland Chinese. Like this one: https://globalinitiative.net/analysis/chinas-acquiescence-to...
It's reminiscent of stories about Russian malware doing nothing on machines with Cyrillic keyboard layouts.
Yep, but notice how that article is about Kokang in Myanmar as well.
Cambodia continues to have scam centers targeting Putonghua speakers (including PRC nationals), but there hasn't been a similar crackdown on such activities due to Chinese pressure.
The crackdown in Kokang happened after China flipped to supporting the Tatmadaw against the Northern Alliance [0] and India began peeling historically India-aligned members of the alliance like the KIA and the Arakan Army back into Indian orbit [1].
P.S. Circa 2 years ago, a large portion of Chinese in SF Chinatown became Kokang and Cambodian Chinese. Bamar, Kuki-Zo, and Kachin Myanmarese primarily reside in Daly City, Ingleside/Outer Mission, and Oakland/East Bay.
SF has a lot of Asian and Latiné subcultures and communities - it's kind of insane how underdocumented it is under the guise of "Asian" and "Latino"
This dance of insincerity infuriates me as a concept. Imagine how utterly exhausting it would be if every social interaction was characterized by so much wasted time pretending.
1. The game was fairly fetch quest-y but I think even the fetch quest format could be interesting with more storytelling around the instruments/people involved.
2. The rhythm game part was fine and straightforward but would get repetitive fast. I have like a million hours on Crypt of the Necrodancer though, which has lots of novelty in it.
3. It could also be interesting to do something like Terry Rileys's "In C" (or perhaps more interactively "In Bb" https://www.inbflat.net/ ), have you considered it? Though I did like hearing some of the parts line up together too.
reply