Final Fantasy XVI

年底放假这几天把搁置了几个月的最终幻想16捡起来通关了。打到后来对这个游戏的感觉有些五味杂陈。简单来说这是个优缺点都很明显的游戏,打到后来虽说比上代要好一点,但也还是算不上好玩。昔日JRPG的代表作如今落到这般田地,也是有点唏嘘。

本作的优点是延续了系列画面和音乐的优势。场景和人物都画得很漂亮。虽然场景偏灰暗没有地平线那么好看,但人物实在是美型太多了。西方这些游戏公司真的应该从日本引进一些捏人的技术。。战斗也是有大段大段类似看电影的桥段,保持了最终幻想的味道。召唤兽和水晶魔法这类动画在这个年代还能做到让人不审美疲劳已经很不容易了。音乐可能是本作最大的亮点,场景音乐和战斗音乐都很棒。

可以看出本作是在试图进行一些颠覆的。最大的改变大概就是战斗系统变成了全程操作主角一个人,相比一般日式RPG的三四人小队配合作战,这次更像一个简化版鬼泣。直接带来的结果就是剧情大部分时间都没有“队友”可言而是主角一个人在到处乱跑,其他角色存在感极为稀薄,就连正经在谈恋爱的女主角都没多少戏份。(Btw最终决战是三个男的冲过去女主被落在家里也是醉了。。)本作的剧情可以说不仅是老套,连一般RPG提供的那些定番满足感都没提供到。

在演出方面很明显的一个变化是成人向。不打码的F word和床戏,男女主之间不再是点到为止的暧昧而是真的谈起了恋爱,还有偶尔显得有些暗黑的剧情,比如去救人结果赶到发现都已经挂了这样的支线任务。个人觉得这类改动不过不失吧。

战斗方面除了招式演出效果比较华丽之外,就真的很无聊。每个招来来去去用个几次很快就找到一套自己习惯的无脑打法,然后就重复到学到下个新招。我觉得我前期就平砍了好久。。然后就靠身边转火球和泰坦的反击技打了一阵,然后是巴哈姆特的激光炮,最后是斩铁剑。套路有点过于明显,也没有什么激励机制让你去研究怎么能打得更好。道具金钱这些几乎全是摆设。有种战斗系统动画做好了但是可玩性整个崩掉破罐破摔的感觉。

不知道几时会出FF17。觉得要么复古回去,要么就要再激烈一些的变化才行了。

eBay Account Hacked

Last month right before our trip to Mexico City, I got a text message saying my PayPal account had a $11k charge and asking me if it was my authorization. I immediately replied no and verified that was a legit message from PayPal. We went onto the trip and I didn’t think of this matter in the next few days.

A week later, I noticed our checking account had a $11k withdraw from PayPal! WTF?! I called the bank immediately. They said the only thing they could do was to close my checking account and open a new one, and suggested me to contact PayPal first. Hence my month-long wrestling with PayPal began.

Before I go on to lay out my experiences with PayPal, I’ll list findings from our forensic checks of how the orders were placed without our knowledge. The result was very shocking to me.

  • My checking account was charged because it was linked to my PayPal account.
  • When the 11k charge happened, I got hundreds of spam emails within a few hours. Gmail blocked most of them but still more than 100 showed up in my inbox. Apparently hackers tried to overwhelm my inbox so I miss any alert emails.
  • My PayPal account was linked to Wen’s eBay account before.
  • Wen’s PayPal account was also linked to Wen’s eBay account, and also had 4 unauthorized charges since Aug 2023, total ~8k$. ~$4k was charged to our credit card reward points(!), which was very sneaky as reward point transactions have way less notifications and checks than usual credit card charges. The other ~$4k was charged to someone else’s card that hacker added to Wen’s PayPal.
  • Wen’s eBay account was hacked and all the orders were placed there. The orders were “hided” in eBay (not sure why eBay even has such a function…) so it was harder to notice at first. Wen’s eBay account didn’t have 2FA enabled before this. So it was a weak link. At first I thought this was the “entrance” the hacker found.
  • But a few days later I found Wen’s gmail was also hacked… there was a filter created in gmail to delete all emails with the words “eBay” or “PayPal”. This was why we didn’t notice any of the hack orders. Wen’s gmail apparently didn’t have 2FA enabled until Nov 2022. But she did place some order in Aug 2023 and received the emails. So the filter was created within Aug 2023, after her last legit order and before the first hack order.
  • eBay support said the hacked orders were placed from our home IP.
  • Wen’s Google account sessions don’t have devices or locations we don’t recognize.
  • Hacker’s “entrance” was likely one of Wen’s devices that has her gmail account logged in, and/or eBay logged in.
  • But at the end, I couldn’t confirm which device was hacked or how exactly the hacker took control of Wen’s accounts.

In the past few weeks I files several tickets with PayPal and had numerous calls with their support. The resolutions were really inconsistent and not transparent at all.

  • For the 11k charge on my PayPal account, I filed a ticket and claimed it was an unauthorized charge. I supposed it would be an easy case, as I replied the text message immediately and told PayPal it was unauthorized when the charge happened. But I got turned around several times. The case was denied after a few days. I called support. An agent told me to change it to “item not received”. I waited more days and seller apparently provided shipping confirmations, so the case was denied again. I called the support again to reopen the ticket and I reiterated it was a hack, and the case was denied after another week… I called PayPal support again and filed a new ticket and reiterated the same information again, and it was finally refunded this time…
  • I filed a ticket for the four hacked charges in Wen’s PayPal account as unauthorized access as well. To my surprise, three of them were refunded very quickly. But one smallest charge was left out and not refunded for unexplainable reason… I called PayPal support and one agent said she filed an appeal for me (essentially reopened the ticket). A few days later it came back denied again… I’ll keep argueing with PayPal support.

So in summary:

  • I got ~19k back among the ~20k stolen money (including ~4k on someone else’s stolen card), not too bad…
  • The hacker went away with the goods they bought. The refund I got probably came from either the seller or insurance.
  • I still don’t know exactly how the accounts were hacked…

—–

Months later.. the hacker stroke again! A morning in April 2024, I woke up with several email notifications of Wen changed her PayPal password! I set up an email forwarding rule from Wen’s email to mine for any email with keyword PayPal or eBay, in a similar way as the hacker. And they stepped right in..

By examining Google account browsing history, I found the culprit was a mini gaming PC we bought from China last year, brand is MinisForum and model is HX99G. The hacker apparently controlled the PC’s browser which has Wen’s email logged in. They remotely controlled the browser to reset PayPal and eBay passwords, but I had removed all linked cards/accounts from PayPal, so they couldn’t do much.

I installed a bunch of anti-virus software to the computer. Norton found a Trojan malware camouflaged as a .NET runtime, and blocked a bunch of malicious traffic from east Europe. By examining the malware file creation time, I’m relatively sure they were installed before I bought the PC…

I wiped and reinstalled the system. A windows installation USB drive needs 8GB these days! It has been years since I installed a Windows and dealt with drivers. I learned Windows 11 didn’t let you install without Internet, but the WiFi card of this PC doesn’t have driver built in Windows, so I was stuck there for a while… and it took another hour or so for me to figure out how to install Bluetooth driver without a mouse. Fun times.

Published
Categorized as blog

前司裁员

上周二(Nov 14)在办公室正开着会,手机接二连三的收到短信。一看之下吃了一惊,我刚离开不久的B司大裁员了。说是要裁1/4的员工。最让我震惊的是Flux的人全都被裁了。Flux的产品虽然近半年来确实没几个客户在用,但是有一个大客户在做集成。一下子把人全都裁掉看起来是要砍掉这个产品的势头,不知道如何跟那个客户公司交代。但我又听说这事并没有通知到那个客户那里,唯一一个和客户直接对接的人没有被裁,难道要上演一番空城计?无论怎样,不再是我的问题了,哈哈。

一年前业界开始纷纷裁员的时候,我的想法是比较中立的。从员工角度来说,毫无准备就被裁掉往往会直接开始谴责公司。但从公司角度来说,生存和盈利能力毕竟是根本。顺风顺水的时候可以说善待员工自然就会带来收入,但到了困难的时候裁员收缩规模可能确实是必要的生存手段。队伍一团和气最后做不下去的公司多了去了,往往到了没钱的时候和气也维持不下去。

但这次听说B司的裁员的时候我的心态还是自然自动的站到了雇员这一边。首先年底节前裁员实在是很不地道,美国很多IT公司都是感恩节圣诞节放两周假,加上headcount到年底常常用得差不多了,这段时间找工作难上加难。再者B司给的severance居然只有两三周,少到发指。作为一个总部在欧洲的公司,欧洲那边裁员是要提前几个月通知,于是最后遣散费给少点也就罢了,毕竟要养员工几个月;美国这边裁员速度是按美国风格当天遣散,遣散费却是按欧洲风格只给这么一点。我真的是觉得这公司如果不挂掉的话是可以被放上黑名单了。被收购之后我还给他们招了十来个人,实在有点对不起这些被招进来的同事。

周四本来B司纽约办公室的几个人还约了一个happy hour,于是临时变成了after-shock rant session。大家一番推测到底这事发生之前谁知道谁不知道,感觉知道的人还是比较少的,一两周之前还在各种开会讨论计划什么的。干活的人基本上都不知道。但某高层,aka.我前老板,很明显是知道的,还来纽约组织会议,就有些过假了。比较让我惊讶的一点是他在跟Flux的eng lead裁员talk的时候说裁整个Flux是他自己的决定,我有种不知道他这是要背锅还是要忏悔的感觉。

我现司虽然在招人,但对大部分岗位只限在纽约招,于是也捞不了什么前司的人,有点遗憾。

对这次被裁的人来说,我觉得脱离B司这个环境也不失为一件好事。希望他们都找到更适合的事情做吧。

我想了一阵这个裁员和Flux最近纷纷走人的因果关系。从八月到十月Flux的几个骨干依次离职,Product VP,Customer Service VP,我,Yue。我的猜测是B司裁员这个事情在我走之前就决定了,今年的数字一直不太好看,裁员这种事从计划到施行也差不多需要至少两个月。但我有点怀疑这一番走人导致了具体裁的人倾向了Flux这边。Anyway,焉知非福。

Published
Categorized as blog

Guadalupe Mountains

新公司正式开张之前自然是要去玩一下的,毕竟接下来几个月可能会很忙。这次的主要目的地是德州最西边的Guadalupe Mountains国家公园,一方面是想找个温暖干燥的地方睡睡帐篷走走空无一人的山路,重温一下和EBC完全相反的爬山体验;另一方面也是为了在我的国家公园访问列表上喜加一。

Published
Categorized as blog

Reflections on the Tech Stack of Flux

In the early days of Flux, I often sent a link to our tech stack to candidates. In my mind, a big draw of working at a startup is the freedom to assemble a tech stack from the beginning, experiment with it, and learn from the experiences. Now is my time to say goodbye to the stack and write some thoughts.

Background: Flux is an HR Tech startup with six engineers for the first three years, acquired by Beamery in 2021, and grew to 16 engineers in 2022. The product consists of a web application and a recommender system (matching engine).

Published
Categorized as blog