yeah i will post more playlist thoughts later but ive just been gradually adding more fiona apple and mitski songs to deltas. points to him. GIRL.

communist daughter also being one of the first songs i added to the playlist same thing like. ugh.

Right, which is why people are all “he broke the 4th wall”. We know full well that the metaphor is exactly that. But the songwriting has always used the Sleep/Vessel story to explore whatever that man is actually feeling / has felt.

So yeah, actually, him acknowledging real life, mentioning fans directly, talking about being on a stage, talking from his point of view, and not the characters is taking a moment away from the lore. Because there’s no way to look at this song as a continuation of story of Sleep and Vessel.

seeing people say that vessel took a moment away from the lore to give us Caramel, or that 'this isn't vessel speaking, we're hearing the man behind the mask', is making me just a tiny bit annoyed, but I know these comments are all in positivity so it's fine. it's just that, this is what it's always been. there is no lore, not really. it's open to interpretation so I love engaging with the lore and the theories but if we're being real, it's always been a thinly veiled metaphor for himself and his struggles. I think it's just a somewhat strange thing to see vessel as a separate persona from the man himself rather than a way to be himself more authentically

How to Generate a Personal Access Token (PAT) in Azure DevOps- OpsNexa!

Learn how to generate a Personal Access Token (PAT) in Azure DevOps to authenticate API requests, access repositories, and perform automated tasks. How to Generate a Personal Access Token (PAT) in Azure DevOps. This step-by-step guide will help you create and manage your PAT securely for various Azure DevOps services.

Using the Same Authentication Token for Multiple Domains in a Mobile App

Using the Same Authentication Token for Multiple Domains in a Mobile App As a mobile app developer, you may come across a scenario where you have two or more domains that use the same authentication mechanism, such as 1.com and 2.com, both utilizing 365 login. In this case, you would want to ensure that the user can seamlessly switch between these domains without having to sign in again. To…

No, because what do you mean Arcane has completely rewritten the rulebook on queer representation in media, and it did it so effortlessly that it puts so many other shows to shame. Like, how are you going to tell me this animated series—ostensibly a spin-off of a video game—has given us some of the most nuanced, unapologetically powerful sapphic characters ever without reducing them to stereotypes, side plots, or, worse, trauma porn?

Vi and Caitlyn? Their dynamic is ELECTRIC. You’ve got Vi, the rough-edged, fiercely loyal, scrappy brawler with a tender side that could wreck anyone emotionally, and Caitlyn, the sharp, principled, deeply empathetic enforcer with a heart of gold. The way their relationship is built on mutual respect and trust while navigating all the insane, tragic chaos around them? Literal chef's kiss. And not once do we get the tired, lazy "coming out" narrative or the "but what about the gays?" rhetoric. Their queerness isn’t the story—it’s just a beautifully natural part of who they are. And THAT is revolutionary.

And let’s not even stop there. This show handles gender like it’s been waiting for everyone else to catch up. Characters like Sevika, who could give you chills with her sheer badassery and gender-nonconforming energy, exist unapologetically without the narrative ever feeling the need to spoon-feed us explanations. It’s just there, woven seamlessly into the fabric of the world.

So many shows claim to want to "normalize" queer relationships or push the envelope, but Arcane has quietly dominated the space by just writing characters who feel authentic. Their struggles are about class, power, loyalty, trauma, not token representation or forced diversity. This show said, “We’re just going to make some of the most layered, compelling characters you’ve ever seen—and oh yeah, some of them are gay. Keep up.”

Like, the bar wasn’t just raised—it was launched into the stratosphere. What do you mean this level of representation isn’t the norm yet? Arcane said, “We’re not asking for permission to exist. We’re just existing.” And that? That is art.

How Wokeism, Tokenism, and Consumerism Impact Our Health and Well-Being

I discuss their impact and implications based on my research and personal experiences to offer a nuanced perspective.  During the recent election campaign in the US, three concepts—wokeism, tokenism, and consumerism—have appeared frequently in discussions and gained attention in social media discussions and academic research, especially in politics, economics, and culture. However, many posts,…

Django REST Framework: Authentication and Permissions

Secure Your Django API: Authentication and Permissions with DRF

Introduction Django REST Framework (DRF) is a powerful toolkit for building Web APIs in Django. One of its key features is the ability to handle authentication and permissions, ensuring that your API endpoints are secure and accessible only to authorized users. This article will guide you through setting up authentication and permissions in DRF, including examples and…

Django Passwordless Authentication: A Comprehensive Guide with Code Examples

Modern security techniques like passwordless authentication improve user experience by doing away with the necessity for conventional passwords. By using this technique, the likelihood of password-related vulnerabilities including reused passwords, brute force assaults, and phishing is decreased. We will go into great length about creating passwordless authentication in Django in this post, along with best practices and comprehensive code samples to guarantee a safe and easy-to-use authentication system...

Learn more here:

https://www.nilebits.com/blog/2024/07/django-passwordless-authentication-a-comprehensive-guide-with-code-examples/

Honestly, and this is a very unpopular opinion, even though I'm a woman and I'm sympathetic to feminism (I'm not going to say feminist because I'm not an active activist, I'm not politically active or anything like that), I think it's silly to want EVERY FEMALE character to be involved with the main cast HAS TO GAIN RELEVANCE AND BE SIGNIFICANT, it NEEDS to be EXPLORED AND DEVELOPED.

Because feminism, female empowerment and so on, being less macho and sexist etc, because everything is always aimed at men, only they get the best etc….

But honestly, I PREFER (this is a personal preference) to look for a work where the author REALLY was inspired to create a character who feels like this, who corresponds to this model, where he REALLY WANTED to create a character from this perspective than to expect that an author unwilling and WITHOUT WILL AND INSPIRATION does so.

And I speak because of entertainment, and only because of that. (And because I am not obliged to consume something with taste of political and social activism, because yes, there is a difference, and it is terribly noticeable)

Ah!, but male characters are not exempt from this and so on and so on, they are also constructed by cultural models and values ​​etc. and so on… (and all these arguments that EVERYONE KNOWS)

I know this very well, but what's the problem with me wanting an empowered female character who doesn't have TASTE of political and social activism? just like the male characters (macho and sexist, very stereotyped) are? What's wrong with me wanting a character who at least feels more natural and relatable? more authentic? Instead of her looking like a walking feminist primer?

I watch entertainment to embark on a fantasy world! It's to escape the real world! Not to remind me that the world is a mess and that is a product! I know that this is a product at the end of the day. But I don't want to consume entertainment whose product tastes like a product, I don't watch entertainment because of the design of its plastic packaging, I'm there for the content!

I don't want an empowered female character perfectly aligned with the ideals of empowerment and so "aligned and perfect" that it becomes caricatured and ridiculously artificial and inhuman (it's better to create a robot character right away that looks like it came with a program feminist training built into your system).

At worst, this is the most atrocious way to dehumanize feminism in entertainment and ridicule it.

Here is totally my personal opinion! I think that female empowerment loses a lot when an author, WHO HAS NO WILL, is forced to create a female character along these lines just to meet a demand, because unfortunately, this character will end up sounding, having that tone, CREATED ON DEMAND .

And there is nothing more discouraging than consuming media with a bland, poorly made, uninspired, dull "empowered female character", because it is terribly explicit that he is only there to meet a demand.

Between that and looking for authors who really write good and truly inspired female characters, I prefer the second, rather than wanting and hoping that work X, Y or Z fits my demand, because if the author doesn't have that profile, it will be a poor adaptation.

And this is to expect that authors of works, already consecrated and established, that we can adore but do not cover these aspects, that adapt (sometimes clearly against their will, as the poor and lazy result makes it obvious), would do this, that and that other to adapt, I think (and this is just my opinion) that this takes away the opportunity for other authors to stand out and shine, as it makes the range of options restricted and without space for new authors, new styles, forms of concepts etc., because the only ones, in one way or another, who continue to be "allowed" to shine, are those who have already established themselves and remove potential spaces, and at the same time I think it leaves them in a very comfortable position to deliver adaptations bad and poorly made of these demands.

And that to me is the same as holding on to the plastic packaging, the "brand", the label, and forgetting about the contents.

It's literally judging a book by its cover.

Because it won't matter how bad the result is, because nobody wants to know about authors other than them, nobody wants to look elsewhere, for others who can do it better and more interesting with quality entertainment, in a more authentic way, and they, " "They are allowed" to do bad things, because some fans never get tired of begging for crumbs.

And there is no reason to serve a banquet, for those looking for crumbs.

That's why I'd rather look for my banquet than beg for crumbs.

This is my personal opinion only.

JWT Explained in Depth | CyberSecurityTv

JSON Web Tokens (JWTs) are pivotal in modern web security, functioning as compact, self-contained data structures facilitating secure information exchange between parties. Join us on CyberSecurityTv as we embark on a comprehensive journey to demystify JWTs. From understanding their structure and working principles to exploring their role in authentication and authorization, we delve deep into the intricacies of JWTs. Gain invaluable insights into best practices, potential vulnerabilities, and advanced use cases, equipping yourself with essential knowledge to navigate the realm of web security with confidence.

ive been trying to make ssh work with a kerberos token on windows, and now ive learned that openssh for windows just straight up doesnt support this.

A sexy, skinny defeat device for your HP ink cartridge

Animals keep evolving into crabs; it's a process called "carcinisation" and it's pretty weird. Crabs just turn out to be extremely evolutionarily fit for our current environment:

https://www.scientificamerican.com/article/why-do-animals-keep-evolving-into-crabs/

By the same token, all kinds of business keep evolving into something like a printer company. It turns out that in this enshittified, poorly regulated, rentier-friendly world, the parasitic, inkjet business model is extremely adaptive. Printerinisation is everywhere.

All that stuff you hate about your car? Trapping you into using their mechanics, spying on you, planned obsolescence? All lifted from the inkjet printer business model:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

That GE fridge that won't make ice or dispense water unless you spend $50 for a proprietary charcoal filter instead of using a $10 generic? Pure printerism:

https://pluralistic.net/2020/06/12/digital-feudalism/#filtergate

The software update to your Sonos speakers that makes them half as useful and takes away your right to play your stored music, forcing you to buy streaming music subscriptions? Straight out of the HP playbook:

https://www.wired.com/story/sonos-admits-its-recent-app-update-was-a-colossal-mistake/

But as printerinized as all these gadgets are, none can quite attain the level of high enshittification that the OG inkjet bastards attain on a daily basis. In the world championships of effortlessly authentic fuckery, no one can lay a glove on the sociopathic monsters of HP.

For example: when HP wanted to soften us all up for a new world of "subscription ink" (where you have to pre-pay every month for a certain number of pages' worth of printing, which your printer enforces by spying on you and ratting you out to HP over the internet), they offered a "lifetime subscription" plan. With this "lifetime" plan, you paid just once and your HP printer would print out 15 pages a month for so long as you owned your printer, with HP shipping you new ink every time you ran low.

Well, eventually, HP got bored of not making you pay rent on your own fucking printer, so they just turned that plan off. Yeah, it was a lifetime plan, but the "lifetime" in question was the lifetime of HP's patience for not fucking you over, and that patience has the longevity of a mayfly:

https://pluralistic.net/2020/11/06/horrible-products/#inkwars

It would take many pages to list all of HP's sins here. This is a company that ships printers with half-full ink cartridges and charges more than the printer cost to buy a replacement set. The company that won't let you print a black-and-white page if you're out of yellow ink. The company that won't let you scan or send a fax if you're out of any of your ink.

They make you "recalibrate" your printer or "clean your heads" by forcing you to print sheets of ink-dense paper. They also refuse to let you use your ink cartridges after they "expire."

HP raised the price of ink to over $10,000 per gallon, then went to war against third-party ink cartridge makers, cartridge remanufacturers, and cartridge refillers. They added "security chips" to their cartridges whose job was to watch the ink levels in your cartridge and, when they dip below a certain level (long before the cartridge is actually empty), declare the cartridge to be dry and permanently out of use.

Even if you refill that cartridge, it will still declare itself to be empty to your printer, which will therefore refuse to print.

Third party ink companies have options here. One thing they could do is reverse-engineer the security chip, and make compatible ones that say, "Actually, I'm full." The problem with this is that laws like Section 1201 of the Digital Millennium Copyright Act (DMCA) potentially makes this into a felony punishable by a five-year prison sentence and a $500k fine, for a first offense.

DMCA 1201 bans bypassing "an effective means of access control" to a copyrighted work. So if HP writes a copyrighted "I'm empty" program for its security chip and then adds some kind of access restriction to prevent you from dumping and reverse-engineering that program, you can end up a felon, thanks to the DMCA.

Another countermove is to harvest security chips out of dead cartridges that have been sent overseas as e-waste (one consequence of HP's $10,000/gallon ink racket is that it generates mountains of immortal, toxic e-waste that mostly ends up poisoning poor countries in the global south). These can be integrated into new cartridges, or remanufactured ones.

In practice, ink companies do all of this and more, and total normie HP printer owners go to extremely improbable lengths to find third party ink cartridges and figure out how to use them. It turns out that even people who find technology tinkering intimidating or confusing or dull can be motivated to learn and practice a lot of esoteric tech stuff as an alternative to paying $10,000/gallon for colored water.

HP has lots of countermoves for this. One truly unhinged piece of fuckery is to ask Customs and Border Patrol to block third-party ink cartridges with genuine HP security chips that have been pried loose from e-waste shipments. HP claims that these are "counterfeits" (because they were removed and re-used without permission), even though they came out of real HP cartridges, and CBP takes them at their word, seizing shipments.

Even sleazier: HP pushes out fake security updates to its printers. You get a message telling you there's an urgent security update, you click OK, and your printer shows you a downloading/installing progress bar and reboots itself. As far as you can tell, nothing has changed. But these aren't "security" updates, they're updates that block third-party ink, and HP has designed them not to kick in for several months. That way, HP owners who get tricked into installing this downgrade don't raise hell online and warn everyone else until they've installed it too, and it's too late:

https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer

This is the infectious pathogen business model: one reason covid spread so quickly was that people were infectious before they developed symptoms. That meant that the virus could spread before the spreader knew they had it. By adding a long fuse to its logic bomb, HP greatly increases the spread of its malware.

But life finds a way. $10,000/gallon ink is an irresistible target for tinkerers, security researchers and competitors. Necessity may be the mother of invention, but the true parent of jaw-dropping ingenuity is callous, sadistic greed. That's why America's army of prisoners are the source of so many of the most beautiful and exciting forms of innovation seen today:

https://pluralistic.net/2021/06/09/king-rat/#mother-of-invention

Despite harsh legal penalties and the vast resources of HP, third-party ink continues to thrive, and every time HP figures out how to block one technique, three even cooler ones pop up.

Last week, Jay Summet published a video tearing down a third-party ink cartridge compatible with an HP 61XL:

https://www.youtube.com/watch?v=h0ya184uaTE

The third-party cartridge has what appears to be a genuine HP security chip, but it is overlaid with a paper-thin, flexible, adhesive-backed circuit board that is skinny enough that the cartridge still fits in an HP printer.

This flexible circuit board has its own little microchip. Summet theorizes that it is designed to pass the "are you a real HP cartridge" challenge pass to the security chip, but to block the followup "are you empty or full?" message. When the printer issues that challenge, the "man in the middle" chip answers, "Oh, I'm definitely full."

In their writeup, Hackaday identifies the chip as "a single IC in a QFN package." This is just so clever and delightful:

https://hackaday.com/2024/09/28/man-in-the-middle-pcb-unlocks-hp-ink-cartridges/

Hackaday also notes that HP CEO Enrique J Lores recently threatened to brick any printer discovered to be using third-party ink:

https://arstechnica.com/gadgets/2024/01/hp-ceo-blocking-third-party-ink-from-printers-fights-viruses/

As William Gibson famously quipped, "the future is here, it's just not evenly distributed." As our enshittification-rich environment drives more and more companies to evolve into rent-seeking enterprises through printerinisation, HP offers us a glimpse of the horrors of the late enshittocene.

It's just as Orwell prophesied: "If you want a picture of the future, imagine a HP installing malware on your printer to force you to spend $10,000/gallon on ink – forever."

Tor Books as just published two new, free LITTLE BROTHER stories: VIGILANT, about creepy surveillance in distance education; and SPILL, about oil pipelines and indigenous landback.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/09/30/life-finds-a-way/#ink-stained-wretches

Image: Jay Summet https://www.youtube.com/watch?v=h0ya184uaTE

Hi I’m sending you an ask about your prev tags at me about you being top 0.1% for mcr and noticed you listened to cubicles a lot and oh my god. Cubicles is so fucking good. That album is my fave in general and godddddd the songs are all so good

PLEASE PLEASE BULLETS IS THE BEST MCR ALBUM PERIOD AND CUBICLES IS THE BEST SONG IDC IDC. I LOVE IT MORE THAN ANYTHING . i get so so so so soooo mad when i see mcr fans shitting on bullets you know Nothing of this world you are a worm under my boot etc

JWT Explained in Depth | CyberSecurityTv

In this comprehensive video on CyberSecurityTv, They dive deep into the world of JWT (JSON Web Tokens), unraveling its intricacies and shedding light on its significance in the realm of cybersecurity. Join and explore the inner workings, use cases, and security considerations of JWTs. Whether you're a cybersecurity enthusiast or a developer, this video will equip you with a thorough understanding of JWTs.

I'm not the most security savvy but two-factor authentication makes me deeply suspicious. Is it actually more secure or is it just annoying? Especially the ones that send a code to your phone that pops up in your notifications.

It is genuinely, massively, TREMENDOUSLY more secure to use 2FA/MFA than to not use it.

One of our clients is currently under attack by a group that appears to be using credential stuffing; they are making educated guesses about the accounts they're trying to lot into based on common factors showing up in the credentials in years of pastes and breaches and leaks. Like, let's say it's a professional arborist's guild and their domain is arborist.tree and they've had three hundred members who have had their credentials compromised in the last ten years and the people looking at all the passwords associated with arborist.tree noticed that the words "arboreal" and "conifer" and "leaf" and "branch" show up over and over and over again in the passwords for the members of the professional arborist's guild.

So they can make an educated guess for how to log in to accounts belonging to the tree-loving tree lover's club, combine that with the list of legitimate emails, and go to town.

And they are in fact going to town. We're getting between 1000 and 4000 login attempts per hour. It's been happening for a couple weeks.

And every single one of those attempts is failing - in spite of some pretty poor password practices that believe me, I have been doing some talking about - as a result of having MFA enforced for the entire group. They all use an app that is synced to their individual accounts with a mobile device, except that sometimes you have trouble getting a code when you're up in a tree so some of them have physical MFA tokens.

People try to sign into my tumblr sometimes. To those people I say: lol, good luck, I couldn't guess my own password with a gun to my head. But if I *did* have some password that was, like "tiny-bastard-is#1" they would also need access to my email address because I've got MFA set up on tumblr. And to THAT I say: lol, good luck, it's complex passwords and MFA all the way down.

Of the types of MFA that most people will run across, the most secure to least secure hierarchy goes physical token>app based one-time-passwords>tie between email and SMS. Email and SMS are less preferred because email is relatively easy to capture and open in transit and cellphone SIMs can be cloned to capture your text messages. But if you are using email or SMS for your authentication you are still miles and miles and miles ahead of people who are not using any kind of authentication.

MFA is, in fact, so effective that I only advise people to turn it on if they are 100% sure that they will be able to access the account if they lose access to the device that had the authenticator on it. You usually can do this by saving a collection of recovery codes someplace safe (I recommend doing this in the secure notes section of your password manager on the entry for the site in question - if this is not a feature that your password manager has, I recommend that you get a better password manager, and the password manager I recommend is bitwarden).

A couple weeks ago I needed to get into a work account that I had created in 2019. In 2022, my boss had completely taken me off of managing that service and had his own account, so I deleted it from my authenticator. Then in 2024 my boss sold the business but didn't provide MFA for a ton of the accounts we've got. I was able to get back into my account because five years earlier I had taken a photo of the ten security codes from the company and saved them in a folder on my desktop called "work recovery codes." If you are going to use MFA, it is VITALLY IMPORTANT that you save recovery codes for the accounts you're authenticating someplace that you'll be able to find them, because MFA is so secure that the biggest problem with it is locking people out of their accounts.

In any kind of business context, I think MFA should be mandatory. No question.

For personal accounts, I think you should be pointed and cautious where you apply it, and always leave yourself another way in. There are SO MANY stories about people having their phones wiped or stolen or destroyed and losing MFA with the device because they didn't have a backup of the app or hadn't properly transferred it to a new device.

But it's also important to note that MFA is not a "fix all security forever" thing - I've talked about session hijacking here and the way you most often see MFA defeated is by tricking someone into logging in to a portal that gives them access to your cookies. This is usually done by phishing and sending someone a link to a fake portal.

That is YET ANOTHER reason that you should be using a good password manager that allows you to set the base domain for the password you're using so that you can be sure you're not logging in to a faked portal. If your password manager doesn't have that feature (setting the domain where you can log in to the base domain) then I recommend that you get a better password manager (get bitwarden.)

In 2020 my terrible boss wanted me to write him a book about tech that he could have run off at a vanity press and could give to prospect customers as a business card. That was a terrible idea, but I worked on the book anyway and started writing it as a book about security for nontechnical people. I started out with a very simple statement:

If every one of our customers did what we recommend in the first four chapters of this book (make good backups, use a password manager and complex unique passwords, enable MFA, and learn how to avoid phishing), we would go out of business, because supporting problems that come from those four things is about 90-95% of our work.

So yes, absolutely, please use MFA. BUT! Save your recovery codes.