Dominion Strategy Forum
Dominion => Dominion Online at Shuffle iT => Dominion General Discussion => Goko Dominion Online => Topic started by: qmech on February 08, 2015, 07:07:12 am
-
EDIT: There is some particularly nasty adware on recent Lenovo PCs. See later for more.
I'm having a curious problem with Dominion and at least one other game (Prismata) that I'm hoping one of you lovely people will have some idea about.
On a new Windows 8.1 machine I've tried to play Dominion in Chrome, Firefox, Opera and even IE. The usual behaviour is that I get a completely black screen. Occasionally I'll get as far as the login page, but there's no response after I enter email address and password. Similarly, Prismata will load but not let me login.
The curious part is that I have workarounds for both of these problems. Prismata is written in Flash, and will work if I load it in Adobe's stand-alone Flash player. And I'm able to play Dominion in a virtual machine running Ubuntu, although it's so slow that I've never finished a game.
The Prismata team have a troubleshooting guide (https://docs.google.com/document/d/1Wmyz8gc1H_HKd0G9kOXRsJmrRaPLSEImFxz9SUVX9_s/edit?usp=sharing&pli=1) in which they state that in all known cases this problem has been caused by a firewall. I've tried disabling the Windows firewall, with no observable effect. So it looks rather like there's something in the Windows 8.1 software stack that's blocking very specific types of connections, just those from web browsers to authentication servers, and that isn't a part of the main Windows firewall. Has anybody got any idea what might be going on?
-
I have a similar problem with dominion online on my laptop. When I have entered my username and password it just "loads" forever. I haven't found any fix other than to play on a different device.
-
My Windows 8.1 laptop logs in to Goko and Prismata just fine.
-
Both work in Waterfox (https://www.waterfoxproject.org/), which is just Firefox compiled using the Intel 64-bit compiler. I don't know what helpful service is causing the problems.
-
Solved it. Lenovo has been shipping particularly nasty adware on their recent laptops that installs a fake SSL root certificate to allow adverts to be injected into encrypted pages. The culprit is a program called Superfish VisualDiscovery, and you need to both uninstall that and then tell Windows and the Mozilla programs not to trust any certificates issued by Superfish, Inc. There's an alert from the US Department of Homeland security here (https://www.us-cert.gov/ncas/alerts/TA15-051A).
Now I have to work out how I feel about the fact that the only websites to pick up on the problem were designed by a team of MIT graduate students and Goko.
-
For anyone else who happens to have a Lenovo PC, here is an Ars Technica article (http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/) that goes into some detail about this critical security issue. TLDR: If you bought a recent Lenovo machine, trouble logging into Goko is by far the least of your problems.
-
They have released a tool to remove it now.
How do companies think these things are good idea.... And how do they think they won't get found out?!
-
They have released a tool to remove it now.
How do companies think these things are good idea.... And how do they think they won't get found out?!
As to question one, they don't think, they just accept the small payment they receive for putting the software on.
As to question two, they don't worry about getting found out, as the consequences are so, well, inconsequential. What is the worst that can happen? A few disgruntled purchasers take the unit back to the big box store where they bought it, saying "I can't log on to my favorite gaming site"? Those few people tell their friends "Don't buy a Lenovo"? Sales lost = a few tens of units. No biggie.
Americans are really lazy about doing anything about stuff like this. Until that changes (and it won't) there really isn't any incentive for a company the size of Lenovo to change anything. This is not to say that the rest of the world is incapable of leading a movement that changes things, but it won't happen here. Takes too much effort. People would have to get off the couch, or pick up a phone.
-
What is the worst that can happen?
Well, I was thinking that the ThinkPad brand could be hurt, and that brand is really strong (or at least used to be, dunno how it is these days), so losing its reputation for quality would be a big deal. But seems that ThinkPads aren't affected.
-
(http://o.onionstatic.com/images/5/5564/original/700.jpg?2542)
-
Well, more realistically the worst case scenario is that someone spoofs a bank website and you get issues with identity theft...
I'm more worried about the company that made Superfish in the first place (Komodia). For one, they put their company name as the decryption password, and have presumably done so on the rest of their software.
Of course, some of the blame is on Lenovo for not checking what software they allowed on, but much more blame should be place on the company who thought this was a good idea in the first place.
-
They have released a tool to remove it now.
How do companies think these things are good idea.... And how do they think they won't get found out?!
As to question one, they don't think, they just accept the small payment they receive for putting the software on.
As to question two, they don't worry about getting found out, as the consequences are so, well, inconsequential. What is the worst that can happen? A few disgruntled purchasers take the unit back to the big box store where they bought it, saying "I can't log on to my favorite gaming site"? Those few people tell their friends "Don't buy a Lenovo"? Sales lost = a few tens of units. No biggie.
Americans are really lazy about doing anything about stuff like this. Until that changes (and it won't) there really isn't any incentive for a company the size of Lenovo to change anything. This is not to say that the rest of the world is incapable of leading a movement that changes things, but it won't happen here. Takes too much effort. People would have to get off the couch, or pick up a phone.
I disagree, I think this will hit their reputation hard. And while none of the current owners will take thier PC back...I think people will think twice about buying one in the future.
-
Of course, some of the blame is on Lenovo for not checking what software they allowed on, but much more blame should be place on the company who thought this was a good idea in the first place.
The entire purpose of the software was to monitor your web usage and inject ads. The DHS actually refers to it as "Superfish VisualDiscovery spyware" (https://www.us-cert.gov/ncas/alerts/TA15-051A). It's gross that Lenovo pre-installed this on people's computers, and they deserve every bit of blame that they get for it, even though they presumably didn't know of the security hole.