Full SSL requests still terminate at CloudFlare, and would still be vulnerable. It's just that CloudFlare's connection to your origin is also encrypted.
Flowdock was great until CA bought it. Now it's pretty much on life support. No support (it's all 'community' now, whatever that means), buggy as heck, no updates in years, the Twitter account is dead.
CA makes me wonder if they have a strategy in mind for acquisitions or if the plan is to put them on life support collecting fees from customers too invested to switch.
Full access is bad enough, but the really dodgy thing going on is that you never get asked to approve or deny that access for Pokemon Go when doing the OAuth flow. You just log in, proceed through 2fa, and you're magically logged into the app. Pokemon Go Release then shows up as an authorised app... except I never authorised it.
My theory is that they're injecting JavaScript into the web view to automatically press the 'Approve' button and hiding that from the user. If true, that's very worrying. They'd be effectively circumventing the whole OAuth framework by forging the user's approval of the app. Every user should have been asked up-front whether or not they wanted to approve or deny Pokemon Go's full access.
Checked my install of 2.9.0 from auto-update, it's clean (none of the suspect files are in Contents/Resources). According to a post on the Transmission forums, when a person was (probably) delivered an infected binary, there was a checksum failure as you'd expect. So it seems as though you won't be infected if you used the auto-updater.
So much this. If you include regular exercise you're way more motivated not to over-eat, you simply don't want to spoil the hard work you did since it's so easy to consume 500 cal but so much harder (relatively) to burn 500 cal. Combining both has certainly been effective for me.
