Most of these are random

1.5M ratings
277k ratings

See, that’s what the app is perfect for.

Sounds perfect Wahhhh, I don’t wanna

Hi, holy shit, I forgot I even had this, but uh, anyways, putting all my spam here instead <3

Main is @agriocnemis I renamed this blog to match tbh

If you see a reblog from me, hi, no I’m just using this to let my main blog actually breathe.

I use xkit when I use the actual site instead of the app, so if you see your tags, sorry not sorry, it’s doing that because it’s easier,,,

Pinned Post
crankyteapot
elfgrove

New Things to Beware on the Internet

On May 3rd, Google released 8 new top-level domains (TLDs) -- these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.

Usually, this should be a cool info, move on with your life and largely ignore it moment.

Except a couple of these new domain names are common file type extensions: ".zip" and ".mov".

May is also the month of Google I/O, our annual developer conference. Whether you’re learning to code, deploying a helpful tool, building your portfolio, or starting a new community, .foo, .zip, .mov and .nexus have you covered.   Here are some examples from our developer community:  gamers . nexus: Use gamers . nexus to review computer hardware and plan your next gaming PC.  helloworld . foo: Learn how to code “hello world” in each programming language.  url . zip: Create short, powerful and trackable links with url . zip  david . mov: Watch videos by David Imel in this liminal space.  Starting today, you can register all of these new extensions as part of our Early Access Program for an additional one-time fee. This fee decreases according to a daily schedule through the end of May 10. On May 10 at 16:00 UTC, all of these domains will be publicly available at a base annual price through your registrar of choice. To make it super easy for anyone to get their website live, we’ve worked with Google Sites to launch new templates for graduates, professors and parents.ALT

This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it's in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.

What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.

Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.

Screenshot of a tweet showing several newly registered .zip domains including: chrome-installer documents-backup googledrivesetup microsoftupdates microsoftwindows totallynotavirus photshop-cracked https://twitter.com/1ZRR4H/status/1657747300339384320ALT
Screenshot of a tweet showing several newly registered .zip domains including: microsoftedgesetup office365installer defender-update-kit https://twitter.com/1ZRR4H/status/1657982434795716611ALT
Screenshot of a tweet showing the newly registered latestupdate DOT zip. The new .zip website is  gradient purple background with large white text reading, "GOD DID NOT INTEND .ZIP TLDS" https://twitter.com/1ZRR4H/status/1657809133704192001ALT
Screenshot of a tweet reading ".zip top level domains were a colossal mistake." The tweet's image shows the checkout cart price to register downloaded-file DOT zip at $16.99. https://twitter.com/olafurw/status/1657116583238553617ALT
Screenshot of a tweet showing the newly register microsoft-office DOT zip. The new .zip website has a spoof of a Microsoift login page page asking for your usermname and password. https://twitter.com/1ZRR4H/status/1657807143393689601ALT

This is what we're seeing only 12 days into the domains being available. Only 5 days being publicly available.

What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you're on, don't enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.

I'm seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company's internet, and that's probably wise.

Be cautious out there.

elfgrove

I really want to reiterate how this can go wrong frequently and fast, folks.

A malicious actor sets up a page with an auto-downloader squatting on a domain name that matches a common zip file name like photos DOT zip. This website is set up to start an auto downloader upon being visited, downloading a zip file with the same name as the URL which contains malicious software (virus, worm, keylogger, etc).

Scenario.

Someone you know well sends you an email or text with promised photos attached. The email even reads something like this.

image

Because .zip is now a TLD, that plain text is automatically formatted into a link to malicious actor's website without them having to send you anything.

Folk with family with iPhones or iPads that are sent multiple photos in one go might be familiar with iCloud's tendency to automatically compile them into zip file for the sender and less savvy tech users have trouble NOT doing that.

These same less savvy users, or even just someone just not thinking in the moment, will click that .zip link, not realizing it isn't the the same as clicking on the promised attachment.

They download a file that matches the name they expected. They open it because they were expecting that file and it's from a trusted source. Except the file they downloaded isn't the one that was sent by their trusted source and now they have malware.

Another Scenario.

An IT person tries to send you an email with instructions on how to resolve a problem with a commonly used filename like install-repair DOT zip or to install new software like microsoft-office DOT zip.

The email may start with instructions of where to go get the legitimate file to do the install or repair, but now a line later in the instructions is also has a link to a .zip URL. A user, already frazzled by IT problems, may click it to ensure they have the right file. Again, they download malicious code from a squatting website or it prompts them with a fake login and now the squatting website has stolen their login credentials for a legitimate site. All due to an expected email from a trusted source.

image

Above you can see microsoft-office DOT zip is already out there with a fake Microsoft login screen waiting to steal your credentials.

These risks are already out there now because the TLD has been activated.

Plain text on old post are already being resolved into links to the new websites.

Here you can see a tweet from 2021, long before .zip was a domain name, now resolves that plan text into a clickable link. You'll start seeing this everywhere, and malicious actors do not have to lift a finger to send it to you.

image

Yes, a lot of users aren't going to click that, but a lot of folk will. Whomever is squatting on photos DOT zip domain name has made a one time payment to have access to anyone that ever sees that file name typed out.

In an example of an existing squatter site, clientdocs DOT zip is exactly one such pre-setup .zip domain name that initiates an automatic download. This one may be harmless, but the set ups are already out there and waiting to catch folk.

image

It's an unnecessary and risky can of worms that's been opened up.

Holy Unforced Errors, Batman.

who the fuck had that idea????? DUDE THAT'S JUST FUCKING MEAN... WE ALREADY HAVE SCAMS WE DON'T NEED MORE
mothbeasts
skimbly-shanks

Yall do NOT hop on a cosmetic surgery hate train during an ongoing campaign against trans Healthcare I am fucking begging

sweaterkittensahoy

My tits didn't smaller themselves, fuckos. Either you believe in bodily autonomy or you fucking don't.

14th-st-soapbox

The sacred bond between trans people who've had plastics and cis people who have had plastics is fucking sacred and I will not tolerate anybody in the queer community trash-talking plastics no matter what it is and who is getting them and for what reason!!!

I want there to not be a line between 'costmetic' and 'necessary'. If there's a line, then insurance companies and whoever-the-fuck-else will decide everything is 'cosmetic'. That happened to me with getting my jaw rebuilt when I was A CHILD. 'oh it's cosmetic' My insurance wrangler lady and the surgeon had to write SEVERAL LETTERS to the damn insurance company detailing out just how graphically I would DIE if I did not get my face rebuilt before I was 18! If 'we won't pay for cosmetic plastics only necessary ones' wasn't a thing, that wouldn't have had to fucking happen!

So you know what? I don't want to hear the word 'cosmetic' out of anyone's mouth. it's ALL just plastics. And all plastics are still 100% the person's choice to get, I don't care what the reason is, all reasons are your business and should be honoured and that's as it should be. As Sweaterkittens said, you either believe in bodily autonomy or you fucking don't.

Signed,

A Transman who has had exclusively plastics for all FOUR major surgeries throughout his life.

cryptotheism
cryptotheism

Your reaction to chatGPT instantly lets me know how easy it would be to trick you into thinking that you are haunted

cryptotheism

"omg it's literally alive!" Two beers, 45 minutes, deck of tarot cards, and I'm charging you 350$ for an exorcism.

cryptotheism

"I read an article that it's showing simple self-awareness" two days, mild preparation, hot and cold reading, I can get 60$ for joints laced with sacred sage

cryptotheism

"It's a multi-stage neural network we really shouldn't be calling an expert system an AI just yet" Ninety minutes, two glasses of wine, I can convince you to pay for dinner.

technologicallyme-reblogs
cryptotheism

Your reaction to chatGPT instantly lets me know how easy it would be to trick you into thinking that you are haunted

cryptotheism

"omg it's literally alive!" Two beers, 45 minutes, deck of tarot cards, and I'm charging you 350$ for an exorcism.

cryptotheism

"I read an article that it's showing simple self-awareness" two days, mild preparation, hot and cold reading, I can get 60$ for joints laced with sacred sage

technologicallyme-reblogs
mostly-funnytwittertweets

image
vergess

This is Extremely Funny, and also, an excellent point about the alternatives to centralized production that exist now, which weren't as readily available or widely popular last time.

Video games, subscribing directly to creators, etc are all way easier now than in 2008.

The studios seem to think they have enough leverage to outlast this strike,but that's absurd in a world where we've been watching them cancel popular, well written shows for only making a huge profit and being wildly popular, instead of making All The Profit Ever and hypnotizing an entire population into slavering obsession.

But they have poor reputations, about to get poorer thanks to social media, and alternative entertainments are more widespread than ever.

I hope WGA gets everything they ask for and more.

katy-l-wood

Adding this to the "coming back later after I finish my current book" pile. Because I have thoughts.

mistressmiyu

If animal crossing can carry so many people through the hardest part of quarantine, TOTK doesn’t even have to be good to keep me more entertained than whatever sack of shit they’re gonna pump out without unioned writers.

snugglebunchesofeyes

acting like folks won’t pick up pokemon Go or Jurassic Park Alive again now that the weather is nice.