From the Freedom Flotilla, April 27 2024:

On Thursday afternoon, the Freedom Flotilla Coalition was contacted by the Guinea Bissau International Ships Registry (GBISR), requesting an inspection of our lead ship – Akdenez. This was a highly unusual request as our ship had already passed all required inspections; nevertheless, we agreed. The inspector arrived on Thursday evening. On Friday afternoon, before the inspection was completed, the GBISR, in a blatantly political move, informed the Freedom Flotilla Coalition that it had withdrawn the Guinea Bissau flag from two of the Freedom Flotilla’s ships, one of which is our cargo ship, already loaded with over 5000 tons of life-saving aid for the Palestinians of Gaza. In its communication informing us of this cancelation, the GBISR made specific reference to our planned mission to Gaza. It also made several extraordinary requests for information, including confirmation of the ships’ destination, any potential additional port calls, and the discharge port for humanitarian aid and estimated arrival dates and times. It further demanded a formal letter explicitly approving the transportation of humanitarian aid and a complete manifest of the cargo. Again, this is a highly unusual move from a flagging authority. Normally, national flagging authorities concern themselves only with safety and related standards on vessels bearing their flag, and are not concerned with the destination, route, cargo manifests or the nature of a specific voyage. Just like when you register your car, the authorities don’t require you to detail to them every place you are going to go with the car. Sadly, Guinea-Bissau has allowed itself to become complicit in Israel’s deliberate starvation, illegal siege and genocide of Palestinians in Gaza. Israel is showing the world the extent to which it will go to deny Palestinians the aid they need to stay alive, in direct contravention of International Humanitarian Law, UN Security Council resolutions, and two orders of the International Court of Justice. [...] without a flag, we cannot sail. But, this is not the end. Israel cannot and will not crush our resolve to break its illegal siege and reach the people of Gaza. The people of Gaza and all of Palestine remain steadfast under the most horrific, unimaginable conditions. We take strength from their incredible, inexplicable ability to maintain their humanity, dignity and hope when the world has given them no reason to do so. It is our responsibility to keep that hope alive. WE WILL SAIL.

The Freedom Flotilla, which was set to depart from Turkey on the 27th of April with 5000 tons of life-saving aid, has now been delayed because Israel and the United States has pressured Guinea Bissau to withdraw its flag from the Flotilla's lead ship.

Seeing as how their tactics worked on Guinea Bissau, organizers now fear that Israel and the US will exert the same pressure on whichever country the Freedom Flotilla attempt to register their ship under next.

To help the Freedom Flotilla reach Gaza, please keep an eye out for further updates from the organizers. Right now, as of April 27th, they're asking people to help boost their visibility, and to donate to their member campaigns.

For more info, see their webpage.

A man is shot in the back in broad daylight. A man most people had never even heard the name of before his killing, but was the CEO of the most profitable health insurance provider in the entire world.

The media framed this as a tragedy, an unimaginable act, a heinous crime. We should grieve for the family left behind. All lives are precious, and murder is never okay.

The police have publicized their manhunt for the assassin. They update us every hour on how much closer they're getting, which isn't close at all.

Insurance companies are taking down their executive staff webpages and beefing up security. They know that they're no longer safe, and are hiring more protection.

The assassin took out this man like a professional, quickly fixing his gun when it jammed, executing an execution perfectly, then disappearing, leaving behind only a backpack full of Monopoly money, a few smolders on security cams, and bullet casings with the words "Deny", "Defend", and "Depose" written on them, echoing the "Deny, Delay, Defend" tactics taken by health insurance companies to refuse coverage.

Every single social media post I have seen, regardless of platform, has been supportive of the assassin. There has been no sympathy for the CEO, or his wife or children. We are not buying into the narrative the police and the media are trying to peddle. We are the ones who have had to deal with the bullshit health insurance and other corporations have been foisting on us for decades. And we've had enough.

We will not grieve. If anything, we encourage, and wait for the next CEO to be capped. We're not the ones in danger. The rich are the ones who have fought so hard for Americans to have easy access to guns and nothing else. For decades we have pleaded for gun control, to save children from getting mowed down by machine guns in their schools. For decades we have pleaded for a more humane healthcare system where people do not go into medical debt just in order to keep living.

The answer from the rich and powerful has been that life is not and never will be fair, and to be happy with the dogshit served to us.

Our answer now is equally and reflectively callous. We will not mourn a single dead CEO until we have some means of addressing our grievances that doesn't come from the muzzle of a gun.

The rich of today had better read up on the French Revolution and make some changes very quickly, or history will repeat itself.

Birdwatching got really popular in the early days of the Unpleasantness. However, now that the bosses are forcing us all back to the office, the birds don't have anyone to watch them. That's why I built an autonomous bird-observation robot. Its name is SparrowScope 9000, and I recommend not becoming too emotionally attached to it, because it is your competition.

There's a lot of obvious benefits to having a robotic birdwatcher. It can start up early in the morning and go to its charging dock late at night. It never makes a mistake identifying a bird. It won't get tired, cold, hungry, or develop pointless drama with "Uncle" Hudson Carl online over his fucking misdocumentation of Northern Cardinals. You can pop over to its little webpage and see what it spotted that day, and feel pretty good. It's like you're really there, even though you're stuck in an office building wondering if you have enough staples loaded in your stapler to get through the month, or if you should maybe talk to Jan in Requisitioning to get a fresh refill.

However, there are flaws. One of the big things is that the US military doesn't let regular people – civilians – have super-accurate GPS. They fuck with the data a little bit, so that you can't somehow threaten national security by knowing where you are. I didn't know this before I started on the project, and the bird sanctuary has a lot of elevated walkways ever since the flood. SparrowScope 9000 became more of a SoggyScope Wet-Thousand.

If a real technology company had assembled it, that would probably have been the end of the story. They'd have put in some total garbage like a modern microcontroller, maybe some parts made in this century. Not me. This thing is half old pinball machine parts and the other half Aibos. It kept trucking right down the river, and I never saw it again. I do get updates from it periodically as it spots a new bird, but my work schedule forbids me from taking a few days off to drive to the next county over and see if I can figure out which swamp it's floated into this time.

Even with this small disaster, I'm pretty proud of what I accomplished. Our avian friends get looked at by a creepy robot covered in seaweed, and we can all experience what it was like for one brief, shining moment in which we still had hobbies.

I currently have my latest blogpost for my website displayed on my front page. If you click on the title, it will take you to the post. I essentially grab the Title, which is a class of h1, and the article, using javascript, and then replace it. However, right now, this is done by manually replacing the href of the javascript. This works; I just create a post, copy the link, and paste it into the script in my home page.

Problem; I am already maintaining my rss feed manually. Why should I do *this* manually? I kind of want to not do either manually.

Solution: Javascript can be used to parse a xml doc. This includes rss feeds. I can simply make a script that, when you load up the webpage, it will request the most recent version of the .xml file associated with my file, then find the one with the most recent pubDate, it will then grab the link from that, and use my existing script to display it on my homepage.

As for updating my rss feed? I may need to create a php script for that. I just need two forms, and a submit button. One will take a link, and the other would be the password. So, I create a new blogpost, upload it, and then copy the link into the form. The password field will be used to create a cryptographic hash, and if it matches the provided one, then it will create a timestamp, and add the item, complete with links, to the html file. I could add in a hidden description to the blogpost, and the script can rip the description from there. Its pretty simple, and I wouldn't trust this authentication process... except that it is extremely limited in scope. All it does is accept a link already part of my blog, and updates an xml document - one I regularly back-up.

I also want to make a script that would get the previous and next posts on the blog, based on the info already in the xml document, rather than manually updating the existing blogposts. It doesn't take long, but it would be one less thing I have to worry about. I just have to match the current link to one in the xml file, get the timestamp, and find the item with the previous and next timestamp, then inject the links into the previous/next buttons. I can use a span element that will be updated to show up once a new document is found by the script.

If I was making one that actually allowed you to write a blogpost - complete with html - then I would want better security - like some form of 2 factor authentication. My authentication script would work. I would also want it limited to posting based on the time (like 1 post per x minutes). I may actually do that later. It would be nice to just go to my site, use my passkey+password authenticator, and then just post to my blog. It would have a form for the title, short description, and the main post. Then, it takes that info, and essentially pastes it into a provided template.

I could also make a similar system for the site-updates and little blurb on the top. Currently, I just edit the html for that. But I could also make an xml document, and just have the posts contained in items like an rss feed, then have the javascript read from there. Use a php script to add new entries to it. They could even be in the same file, just have to use two different elements.

Finally, on the main page, you can click on the title of the blog post to link there. This is done via script, so there is no mouseover indication that you can do this. I want to make the title element change a bit when you mouseover it - perhaps make it a little paler on mouseover?

HATEHATEHATE microsoft edge and how it and google are just getting in the way of anything web legacy

So there is this device at work. its called an EPD. the name is not important. all you need to know is that it has an IP address 192.168.X.XXX that you need to connect to it in order to get data.

for whatever reason the company that makes it just hasnt updated the UI or interface since 2005 because this thing does NOT work on modern browsers.

well.... it works mostly that is. except for the chart. it can display a realtime graph of Important Data that i need to look at in order to calibrate it. the chart does not work in edge. it does not work in chrome

it needs java

AND NOT ONLY THAT

it needs ActiveX Controls

BUT NOT ANY NORMAL ONES.

Noooooo it has to pretend to be a website to download you an unsigned ActiveX Control driver? extension? IDK what it is but you need to install it.

but we are getting ahead of ourselves here. suffice it to say, the computer that would NORMALLY display this chart got reformatted and now it cant. so i used my laptop

so i opened Interet Explorer because that is the program that works

Edge opens the MSN homepage instead.

thats not what i want. i tried Edge. it cant display the graph. I open Internet Explorer again

edge opens another MSN homepage window

i install google chrome. it also doesnt work. they are both chromium after all. i try to install firefox. its blocked on the network. i need to prevent edge from closing IE

with a little google-fu i rename my BMO or whatever folder in my edge folder to prevent it from openening Edge when i want IE

it doesnt work

i do some more google-fu and disable my extension settings to prevent the BMO thing

another MSN homepage opens

I start digging into the forums on HVAC websites because these guys are having the same problem only with AC units. I find it. I have to create a VSB file that force opens the website with edge. cool.

whats a VSB file?

after an hour of fucking around just TRYING to OPEN IE so i can use the browser that can display the chart i have created a VSB file that OPENS IE ON THE IP ADDRESS OF THE EPD UNIT

the graph doesnt work. i need java

the java webpage doesnt load on ie

i download it with chrome

still doent work. i have to enable it in my extensions from IE

THE GRAPH DOES SOMETHING!

it asks me to download something. i say yes

edge tells me it blocked an unsighed ActiveX Controls program from running.

what the fuck is ActiveX Controls? can i download it somewhere else?

NOPE! its backed into IE. you gotta go into your internet settings and basically turn off all your security or add the website to your list of trusted websites

my trusted website list is controlled by IT. i cant change it. the weakest settings i can enable still result in the program being halted.

i have apparently generated several dozen automatic support alerts as every time i try and run it it sends a warning to IT that i am accessing a potentially dangerous site

its taken me 2 hours and i have not even started calibration.

i am forced to do the backup method of just blindly assuming everything is working and downloading the CSV file later. this too ends up not working but for reasons i will have to figure out tomorrow. the data is there but the math is wrong.

fucking hate edge and its backwards incompatiblity

The origin of Bluenos Album Art

TLDR: I have no clue where the album art came from after this post, i either find a lyric page scan or buy a Blueno CD (with zero garuntee of finding my answer)

(yeah we staying on topic after my last post)

I have no clue why this shower thought came to me a few days ago but damn it couldn't leave

so now Im looking into it lmao

My first instinct is to look for the origin on Tineye, maybe when it released or around that time there was some old ass dude on Limewire or Something Awful talking about it. Having a starting point close to release could've been really useful.

My closest hit was 2014, pretty lame

I still wanted to check these out though, cause you might never know

I first went to tok2.com (the top one), i did this somewhat cause of it being the oldest hit, and also being the only hit being a GIF.

I tried simply googling tok2.com, and i got a security alert (great)

I then went to the website via Wayback machine instead, which had 2 snapshots from May 3rd 2005 and June 7 2023 (wtf)

My Japanese is incredibly bad (so i used google translate)

please please please correct me if i get anything wrong

i tried my best comprehending a language Im only at unit 11 of Duolingo with and it seems this is rather a website for hosting music or selling music

Scrolling down i eventually find what were looking for and a list of contributors to the album too! (when looking for a contributors list before i could only find Fusako and Daisuke, but it seems i didn't look hard enough lol)

now seeing the GIF i save it in hopes Tineye finds something else

its 10 seconds of a still image and Tineye doesn't give me any new results (Lame af)

despite this i still have the contributors (No evidence to confirm this right now) list that's part of the webpage so i start looking into the people on there

i first start with Yoshie Tsunoken

to which im then taken to longer contributor lists on websites like rate your music and last.fm, but assuming these are reliable (like i said, no evidence to prove as of now) these don't even list who made the art, just instruments

oh well

i go back to my 3 other hits on Tineye

Discogs doesn't have a contributors list as of now

my next two (and last) are websites for Chinese Football(whether its the band or actual football, i don't know) , they have different domain names, both lead to the same website, and both images of Blueno Tineye hit have the same file name, they also have the same resolution and file size.

despite this I go back to the archive to look for snapshots of the websites.

all links have no archived Urls (and opening either website without archive gives an error)

there were also two websites with unavailable webpages, but just like these two the images are the exact same and redirect to the exact same website, just different domain

as for what avid Chinese Football fan was listening to Blueno, idk.

I then went to their Youtube topic channel and Youtube music (i forgot about these) and also found nothing

I still had one last idea though.

I decided to check my Frenesi CD's for if they listed who made the art, maybe if Frenesi did such Blueno could have too.

(these are my CDs, and i eventually plan to scan the lyrics page and the photograph on the back)

Considering all of these list who made the art for Frenesis albums there could be a possibility Bluenos CD does too

so now i either:

1: pray to the lord i find a scan/image of Bluenos CD lyric page in hope of a contributors list

2: buy one and do it myself

I have zero evidence to prove that either one of these will work :\

I will probably update on this soon (CD page scans or the actual art we looking for)

Symfony Clickjacking Prevention Guide

Clickjacking is a deceptive technique where attackers trick users into clicking on hidden elements, potentially leading to unauthorized actions. As a Symfony developer, it's crucial to implement measures to prevent such vulnerabilities.

🔍 Understanding Clickjacking

Clickjacking involves embedding a transparent iframe over a legitimate webpage, deceiving users into interacting with hidden content. This can lead to unauthorized actions, such as changing account settings or initiating transactions.

🛠️ Implementing X-Frame-Options in Symfony

The X-Frame-Options HTTP header is a primary defense against clickjacking. It controls whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object> tag.

Method 1: Using an Event Subscriber

Create an event subscriber to add the X-Frame-Options header to all responses:

// src/EventSubscriber/ClickjackingProtectionSubscriber.php namespace App\EventSubscriber; use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\HttpKernel\Event\ResponseEvent; use Symfony\Component\HttpKernel\KernelEvents; class ClickjackingProtectionSubscriber implements EventSubscriberInterface { public static function getSubscribedEvents() { return [ KernelEvents::RESPONSE => 'onKernelResponse', ]; } public function onKernelResponse(ResponseEvent $event) { $response = $event->getResponse(); $response->headers->set('X-Frame-Options', 'DENY'); } }

This approach ensures that all responses include the X-Frame-Options header, preventing the page from being embedded in frames or iframes.

Method 2: Using NelmioSecurityBundle

The NelmioSecurityBundle provides additional security features for Symfony applications, including clickjacking protection.

Install the bundle:

composer require nelmio/security-bundle

Configure the bundle in config/packages/nelmio_security.yaml:

nelmio_security: clickjacking: paths: '^/.*': DENY

This configuration adds the X-Frame-Options: DENY header to all responses, preventing the site from being embedded in frames or iframes.

🧪 Testing Your Application

To ensure your application is protected against clickjacking, use our Website Vulnerability Scanner. This tool scans your website for common vulnerabilities, including missing or misconfigured X-Frame-Options headers.

Screenshot of the free tools webpage where you can access security assessment tools.

After scanning for a Website Security check, you'll receive a detailed report highlighting any security issues:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

🔒 Enhancing Security with Content Security Policy (CSP)

While X-Frame-Options is effective, modern browsers support the more flexible Content-Security-Policy (CSP) header, which provides granular control over framing.

Add the following header to your responses:

$response->headers->set('Content-Security-Policy', "frame-ancestors 'none';");

This directive prevents any domain from embedding your content, offering robust protection against clickjacking.

🧰 Additional Security Measures

CSRF Protection: Ensure that all forms include CSRF tokens to prevent cross-site request forgery attacks.

Regular Updates: Keep Symfony and all dependencies up to date to patch known vulnerabilities.

Security Audits: Conduct regular security audits to identify and address potential vulnerabilities.

📢 Explore More on Our Blog

For more insights into securing your Symfony applications, visit our Pentest Testing Blog. We cover a range of topics, including:

Preventing clickjacking in Laravel

Securing API endpoints

Mitigating SQL injection attacks

🛡️ Our Web Application Penetration Testing Services

Looking for a comprehensive security assessment? Our Web Application Penetration Testing Services offer:

Manual Testing: In-depth analysis by security experts.

Affordable Pricing: Services starting at $25/hr.

Detailed Reports: Actionable insights with remediation steps.

Contact us today for a free consultation and enhance your application's security posture.

There have been many scandals associated with covid in the last nearly 4 years.

I want to tell you about another one that has got zero media coverage.

The top-line is this: the UK government gave more than 2.3 million vulnerable and older people a covid vaccine that isn’t matched to the currently dominant covid strains. And they did it to save money.

The dominant covid strains right now are known as the XBBs. They have been dominant since late summer in most places, when they took over from the BA strains of omicron.

But rather than give people the new more effective XBB vaccine, the British government decided to use up their stockpile of the older BA vaccines first.

The worst thing is, those who got the outdated vaccine were those first in line for vaccines, such as older people and people with health conditions.

But they won’t know this.

So 2.3 million vulnerable people in the UK are walking around thinking they are well-protected this winter against covid when they’re not.

The British government didn’t hide why it did this. On the official government webpage it spells it out. In bold are the clues hiding in plain sight.

“The choice of vaccine products for autumn 2023 has been determined based on available data on vaccine safety, effectiveness and immunogenicity, logistical factors, programmatic deliverability and a bespoke cost effective assessment. Other vaccines which may offer similar protection, but which would incur additional costs, are expected to be less cost effective within the bespoke cost-effectiveness assessment compared to pre-procured Omicron-variant mRNA COVID-19 vaccines.”

What they are saying, under the cover of the gross language of ‘bespoke cost effectiveness assessment,’ is that they’d already bought the older vaccines and it was cheaper to use them than buy extra new ones.

They used people’s bodies as asset dumps for old medical stock.

In the UK the booster roll-out began on September 11th. We know that in Scotland they switched over to XBB on September 25th and in England and Wales they switched to the new ones on October 2nd, as confirmed that day by Meaghan Kall, an epidemiologist at the UK’s health security agency responsible for covid.

But by September 29th the British government reported 2.35 million people had been covid boosted. So we know this was largely with the old vaccine (save 4 days in Scotland). In response to my thread on Twitter, many reported receiving the old vaccine. Even now, people are saying they’re still only being offered the old vaccine.

Boosting people with a vaccine not matched to the dominant strains will certainly lead to worse outcomes as an average than if these people had received the updated vaccine. People will die for this penny pinching.

But then the British government has for some time now been relaxed about killing people for austerity.

The Brits are also tightly restricting access to covid vaccines, in contrast to almost every other country. And in a final twist, the Brits are now stockpiling the new XBB vaccines and are almost certainly going to take the same approach to deploying an outdated vaccine next time round.

When I tweeted about this, the Guardian journalist George Monbiot responded and we subsequently exchanged emails. Monbiot did then write a very good column about the ongoing burden of covid in the UK and the various public health failures.

But the article omitted any mention of the millions who were given the older vaccine.

I can’t criticise Monbiot. I wouldn’t be surprised if he included this and it was cut by his editors. And his article stands head and shoulders above almost any other reporting of covid in the mass media, a mass media that has played a key part in normalising the transmission of a virus that has become the leading cause of infectious disease death in the world today.

These lies and misinformation about covid in the mass media continue. Last week was no exception.

The BBC’s health editor Nick Triggle wrote a truly noxious covid story full of half-truths, lies by omission and propaganda. He said covid was less deadly than the flu, that it is becoming a seasonal ‘bug’, that people who were concerned about rising hospitalisations were just anxious. (Nick Triggle’s sister-in-law is a Tory member of parliament, which might explain some things).

In the US, the New York Times interviewed the epidemiologist and long-time covid downplayer Michael Mina who said rates of long covid are drastically falling - without citing a shred of evidence - and said repeated exposure to covid for most people will not be harmful and will build immunity. In the comments below the piece, one person said the “excellent story begs the question as to whether healthy people should take any precautions against covid.” Job done.

Then there was the ‘long cold’ research paper which was amplified across global media.

If you missed it, the thrust was that long colds might be as common as long covid. So far, so fine.

But the findings were stripped of critical context in relation to covid.

It failed to acknowledge that even if long colds do exist, and almost certainly they do, Sars-Cov-2 is a different beast, behaving in a completely different way to other common cold-causing coronaviruses.

And rather than the conclusion here being ‘ok, so if long colds are this common, long covid might be very common too and maybe we should do something about it,’ the stories led us towards the conclusion that long covid itself is nothing to worry about because post-viral illness is nothing new.

All of this would have been bad enough without mentioning the methodology.

The study was conducted in 2020-2021 and relied on people self reporting a respiratory illness that they said wasn’t covid. We know for a fact that far fewer people got a respiratory illness that wasn’t covid in these years, so I expect a good number of these ‘not covids’ leading to ‘long colds’ were, in fact, covids leading to long covid. But again, the media stories failed to provide any of this context. Nick Triggle was one of those who wrote a story.

Triggled twice in two weeks.

Over and over, it seems that those who are concerned about covid come armed with data, and those who aren’t come armed with gut feeling in order to keep business-as-usual ticking over.

It’s 2019 again! Stop worrying!

Normalisation is the most powerful sociological force in the world today. Through a captured media, the ruling class can make us absorb a pandemic, accept climate collapse and shrug at apartheid. Change is unnecessary because nothing is wrong. It is just the natural order, flowing.

We also found out this week that just 2% of Americans have stepped up for the new covid jab, a rate of uptake that can be traced back to the early over-hyping of vaccines and the manufacturing of a narrative that says covid is mild and we’ve all achieved immunity now anyway.

I didn’t know where we’d be nearly four years on from the start of the pandemic, but I didn’t think we’d be here. New waves, millions being infected, thousands dying every week. And a media and public knowledge blackout of Novavax, the most effective vaccine. A vaccine we’ve known is the most effective for over two years.

It is tiring to keep up, to keep bearing witness to these fuck-ups, to this cruelty.

But we have to.

Because to believe in change means documenting the incompetence, the failure, the lies and the indifference that eventually compels that change to come.

Mr.Write 📝 Right: Teaser Prequel

* ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚*

* ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚*

☑️🤍Summary: At 25, y/n remains a virgin and the only action she’d ever gotten is reading fictional romantic sexual content in novels and webpages since age 19. Y/n not ashasmed at all, visits the library weekly and checks out with a stack of books inscribed with pure filth. One day on one of her visits, she spots an attractive journalist and secretly uses him as a muse for all her fantasies.

☑️🤍A/N: This will a a mini series featured on a masterlist with updates. This content contains adult content there MINORS DNI 🔞. Remember the behavior of Kim Hongjoong in this story is purely fictional and does not represent him as an individual in real life ❗️

☑️🤍Pairing: JournalistHongJoong! x ComputerTechReader!

☑️🤍Word Count: 75.5k

☑️🤍Genre: Slow burn, Romance, Fantasy, Comedy, Drama.

☑️🤍Warnings/Kinks: Explicit smut! , Masturbation, Sexual Assault! Sexist/misogynist boss! Reader is a little bit stalker-ish? Language!, Reader is also a little bit of a Perv lmao. Invasion of Privacy!, Angst!, First Time!, Eating Disorder, Classism.( more will be added as I finish the next few chapters)

* ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚*

Your husband kicks the door open to your shared penthouse while he has you hoisted upon his hips, and your legs around his waist. “I’m gonna fuck you so dumb kitten, you think you can touch other men right in front of me and not get punished?” He growls into your ear.

Your arms were held tightly around his neck while your head was placed under his jaw, and above his collarbone. Both of you had just came back from a celebration contributed to his business. A successful, international enterprise had just bought a huge amount of stock shares. Elevating his chances of success for business in the future.

…You’d think he’d be estactic right now, but he’s the complete opposite.

“Baby~, I was just making conversation with the CEO’s. I was only just trying to be friendly, I swear.” You beg and plead with him as your crotch bounces hard on his bulge when he carries you hurriedly toward the master bedroom.

Kicking opening the bedroom door too, he throws you down on the bed, emitting a creak sound from the bed spring, and the elevation of your body in mid-air as it bounces of the mattress.

“Right that’s why you were whispering in his ear with your hand on his shoulder, and he had his arm around your slutty waist.”

Truth is the billion dollar CEO’s you were talking to came onto you. Whispering into their ear while pulling them close was because you couldn’t hear over the classical music from the orchestra, or the uppity people chattering, and the plates and drinks clinking all around you.

But your husband didn’t care, he’s going based off what he saw with his own eyes and not what’s coming out of your mouth right now.

“Baby, I didn’t mean anything by it, it was so loud-” He yanked your legs forward and you yelp out in surprise.

He pulls up your silk red dress and rips off your panties, letting them pool down your ankles, onto the marble floor. “It’s Sir, not baby, kitten~”.

He takes off his belt in a swift motion tying it around your wrists, securing you from stopping him (not that you would even dare). He begins unzipping his pants, pulling them down and his underwear with them revealing his monstrous cock. Angry and lined with veins on all sides.

“Now scream!”

* ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚* ੈ✩‧₊˚* ੈ✩‧₊˚ * ੈ✩‧₊˚*

PLEASE DO NOT COPY MY ORIGINAL WORKS, reblogs are appreciated and accepted. Stealing and modifying my work or publishing out on other platforms is not. 🖌️

Be ready for Chapter 1 next Friday!

Does my computer have a virus?

Something odd keeps happening. Twice today while I've been scrolling Tumblr, a download prompt has popped up without any keys being typed or mouse button being pressed except the scroll button.

It doesn't look like a typical webpage download, though. The file name is all random numbers and letters, rather than the title of the current tab that requesting Firefox to download the current webpage would give. For example, if I press ctrl+S while on this page, it titles the file "(4) Tumblr".

This was the title the last time it tried to save. Note that it's a ".html" item. Very strange looking, and not the format of a specific picture or page element I might have bumped.

Full disclosure: I've had this laptop since 2016, it's a Lenovo Windows 10 64-bit. I'm running Firefox and I don't keep the OS updated because I despise how much memory and time and bloatware are involved in those, so I might be missing some security patches. I have let it run an update within the past year or so. I do always keep Windows' onboard security running. Firewall, netowrk protecton, and virus protection are all showing that they're turned on in the Security Center.

Also worth noting: I've had to lock a couple of keyboard keys with 3rd party software because the laptop itself kept thinking they're being pressed. Is this behavior potentially caused by another random key being "pressed"?

AIBacklinks-Review

AIBacklinks Review: What is AIBacklinks

Welcome to AIBacklinks review. AIBacklinks is the cutting-edge cloud-based AI-powered application that has taken the digital world by storm. This award-winning app revolutionizes the way websites gain recognition and authority by effortlessly generating unlimited, high-quality Web 3.0 site backlinks. Through its intuitive interface, users can harness the power of AI to secure these invaluable backlinks along with a steady stream of free buyer traffic with just a single click. AIBacklinks stands as a game-changer in the world of digital marketing, offering a seamless and efficient solution to boosting website rankings and visibility.

AIBacklinks Review: What Can You Do With It

AIBacklinks offers a range of powerful capabilities that are designed to enhance your digital marketing efforts, website rankings, and online visibility. Here's what you can do with AIBacklinks:

Generate High-Quality Backlinks: AIBacklinks leverages AI technology to identify and create high-quality backlinks from authoritative Web 3.0 sites. These backlinks play a crucial role in boosting your website's authority, which can lead to improved search engine rankings and increased organic traffic.

Increase Website Visibility: With the help of AIBacklinks, you can improve your website's visibility on major search engines like Google, Yahoo, Bing, and others. The generated backlinks contribute to higher search engine rankings, making your content more accessible to potential visitors.

Attract Organic Traffic: The backlinks created by AIBacklinks not only enhance your website's authority but also attract organic traffic from the Web 3.0 sites where the backlinks are placed. This means you can expect a steady stream of targeted visitors who are interested in your niche.

Save Time and Effort: Traditional backlink building can be time-consuming and labor-intensive. AIBacklinks automates the process, allowing you to generate backlinks with just a single click. This saves you valuable time and effort that can be directed towards other aspects of your digital marketing strategy.

Optimize Content for Search Engines: The AI-powered insights provided by AIBacklinks can guide you in optimizing your content for better search engine performance. These insights can help you understand how to structure your content, use keywords effectively, and improve overall content quality.

Improve Video Rankings: In addition to websites, AIBacklinks can also help improve the rankings of your videos on platforms like YouTube. This can lead to increased visibility for your videos and a larger audience reach.

Access User-Friendly Interface: AIBacklinks offers an intuitive user interface that doesn't require technical expertise. Whether you're a seasoned marketer or a beginner, you can easily navigate the app and utilize its features to your advantage.

Benefit from AI Technology: AIBacklinks harnesses the power of AI algorithms to make informed decisions about backlink placement and optimization. This ensures that you're using data-driven strategies to enhance your online presence.

AIBacklinks Review: Unlimited Opportunities You Will Get

Fully Cloud-Based & AI Powered World’s Most Powerful Backlink Creator Platform. Create Unlimited HQ Backlinks For Your Blogs, Website Etc On Autopilot. Rank Higher On Google, Bing & Yahoo With No Extra Efforts. Get Unlimited Real & Related Buyer Traffic & Sales. Rank Higher On Google, Bing & Yahoo With No Extra Efforts. Fully Autopilot… No Manual Work. Get Faster Indexing For Your All Webpages. Automatic Updates With No Extra Installation Hassles. UNLIMITED COMMERCIAL LICENSE Included. No Limitations - Completely Free. Sell Unlimited Backlinks & Rest Services to Earn Like The Big Boys. No Special Skills or Experience Required. Step By Step Training & Videos.

AIBacklinks Review: Check Out These Bonuses You’ll Get for Free

Bonus 1: SEO Secrets Unraveled Trying to get the site optimally listed on Google or other engines should be the priority exercise at every juncture. This should be part of the growth strategy of any online endeavor that is seeking ultimate success. Value - $227 Bonus 2: Backlink Basics Backlink Building Strategies To Help Boost Search Ranking And Traffic To Your Website! Value - $667 Trending Keyword & PBN Finder Find The Most Popular Keywords & PBN's That People Are Actually Searching For From ALL SIX Of the World's BIGGEST Search Engines! Search engines such as google LOVE content, especially new, updated, and trending content. Value - $567 81% Discount on ALL Upgrades Get 80% instant discount on purchase of All Upgrades. This is very exclusive bonus which will be taken down soon. Value - $297 UNLIMITED Commercial License You have full rights to use this software. You can use it for anyone whether for individuals or for companies. Generate massive free traffic, Sales & Leads to yourself and for others as well. Value - $997

Grab Your Copy Now Before It Expire>>

To your success,

Dulal

FYI, if you're on Mac, these instructions do not work. CoPilot cannot be disabled-- probably because if you're not on Windows, Microsoft can't use means outside of Office to get your data.

However, you can disable automatic updates and then install a version of Microsoft Office that does not have Copilot. Here's how:

Disable automatic updates (method 1):

Open any Microsoft Office software application.

Click on "Help" on the Mac menu bar.

This should open a drop-down menu which has an option labeled "Check for updates." Click it.

This should launch Microsoft AutoUpdater. On the window the pops up, uncheck the option to automatically check for and install updates.

Note that the AutoUpdater will still check for updates even after you've unchecked the option. However, it will not install any updates without you giving it the go-ahead. It is still super annoying to have a software nag you about updates you don't intend to install. If you don't want to deal with that, use method 2.

Disable automatic updates (method 2):

Open Finder.

Click on "Go" on the Mac menu bar.

This should open a drop-down menu which has an option labeled "Go to folder..." Click it.

In the dialogue box that pops up, paste "/Library/Application Support/Microsoft/" and press enter.

This should take you to the place where Microsoft stores its AutoUpdater application. There should be a folder labeled "MAU", "MAU2.0", or something else along those lines there. Open it.

When you open the folder, you should see an application named Microsoft AutoUpdater. Drag it into the Trash.

Right-click on the Trash icon. This should open a drop-down menu with an option labeled "Empty Trash." Click it and press "OK" when the computer prompts you to confirm the deletion. Microsoft AutoUpdater is gone!

A note: I don't know if another Microsoft software will attempt to reinstall AutoUpdater if it detects that the "MAU" or "MAU2.0" folder is missing. Thus, it's safer to leave that folder where it is and only delete the application within it. I also would not recommend pressing "Check for updates" after this on any Microsoft software.

Installing Microsoft Office pre-Copilot:

First, you'll need to see if this is necessary. Open the Microsoft Office software that you wish to disable Copilot on. On the Mac menu bar, there should be an option with the name of the software on it-- e.g. "Word," "Excel," or "Powerpoint." Click on this option.

This should open a drop-down menu which has an option labeled "About [name of software]". Click it.

This should open a window containing information about the version of the software. The last version of Microsoft Office that does not contain Copilot is 16.88 (from August 13, 2024). If you have 16.88 or earlier, you are all set and simply need to not update anything you don't want Copilot on.

If you have a later version, go to the Applications folder in Finder. Find all the Microsoft Office software that you do not want to use Copilot on, and drag them into the Trash. As of January 24, 2025, the software that use Copilot are Word, Excel, and Powerpoint.

Right-click on the Trash icon. This should open a drop-down menu with an option labeled "Empty Trash." Click it and press "OK" when the computer prompts you to confirm the deletion.

Now, go to this webpage: https://learn.microsoft.com/en-us/officeupdates/update-history-office-for-mac

This page is official from Microsoft and contains a log of prior versions of Microsoft Office. Scroll until you see August 13, 2024 and download the software corresponding to that date. Any installation from before August 13, 2024 will work too, but I figure you probably want the latest version possible for security reasons.

Follow the install instructions for the software. You should be all set, although you can check the version listed under the "About [name of software]" thing if you're not sure.

Now, all you need to do is not update it! You have fired Copilot!

As a final note, Microsoft has done something rather scummy with its data management policies. Everybody who installs Microsoft Office is automatically opted into something called "connected experiences." Although it's not said outright in the descriptions, opting into connected experiences also opts you into sharing your data with Microsoft-- meaning that your data will still feed Copilot even if you don't use it. Even more scummily, a few useful features, such as autosaving to OneDrive, have been lumped in with connected experiences. However, I think users can still forgo them and have a good time. So here's how you opt out:

Do not grind my bones to make your bread:

Open one of the software in Microsoft Office. Any one will do.

Click on the name of the software in the Mac menu bar.

This should open a drop-down menu with an option labeled "Preferences...". Click on it.

This will open a window containing various configurations for the software. One of the options is labeled "Privacy." Click it.

You should see a paragraph about "connected experiences." Microsoft really tries to sell it to you here by tying it to cloud services and reminding you of a few useful things that got lumped under it. Underneath the sales pitch, there is a checkbox that reads "Turn on optional connected experiences." Uncheck that box.

You should be all set! You have opted out of being fed to Microsoft's bone-grinding machine!

Hey writers!

As of January 16, 2025, Microsoft has decided to automatically enable their AI service, CoPilot, on Word - even if you've previously turned off the service. They've also changed the process to disable it.

If you want to disable it again, go to:

Options -> CoPilot -> Uncheck "Enable CoPilot"

Hope this helps!

How the Best Website Design Company in Rewari Can Help You Grow in 2025

Being powerful online is not only a benefit but also a necessity in today's world of rapid change. Your website is your online store, regardless of how big or little your business is. Additionally, working with the best Website Design Company in Rewari can be your secret weapon in 2025, when the competition is more intense and client demands are higher than ever.

Here's how hiring the right design firm can help your company flourish in 2025:

1. First Impressions Count More Than Ever

Your website is usually the initial point of contact between you and your prospective customers. Within a few seconds, visitors make up their mind if they find you trustworthy — or not. A professionally crafted website:

Makes a positive first impression

Establishes credibility and trust

Communicates your brand identity and values

In Rewari, a premium website design firm has an understanding of local business requirements and the ability to tailor your website to be attractive both to local and international visitors.

2. Mobile-First Design is No Longer an Option

A mobile-responsive website is essential as mobile devices now account for the majority of web traffic. Google's mobile-first indexing still gives preference to mobile-friendly websites in search results as of 2025.

A reliable design firm in Rewari will:

Make webpages that adjust to all screen sizes

Make sure mobile devices load quickly

Improve search engine optimization and user experience

3. SEO-Friendly Design for Increased Visibility

Even if your website is beautiful, it won't help your business if no one can find it. SEO-friendly design can help with that.

The leading Rewari web design firms will:

Use optimized images and tidy code

4. Custom Web Design to Differ in a Saturated Market

Templates are quick, but they will not make you stand out. Your company has distinct objectives, branding, and clients — your site should too.

A professional design firm offers:

Custom design solutions that align with your business objectives

Carefully crafted layouts that direct visitors to action

Integration of the colors, fonts, tone, and style of your brand

This means your site not only looks great — it also performs well.

5. Enhanced User Experience (UX) = More Conversions

A well-designed website ensures a smooth user journey, from the landing page to checkout or lead form. Confusing layouts and broken links push users away.

A local expert in Rewari will focus on:

Intuitive navigation

Clear calls-to-action (CTAs)

Engaging visual hierarchy

Accessibility and ADA compliance

These UX elements reduce bounce rates and increase conversions.

6. Fast Loading Speed is a Ranking Factor

In 2025, speed is currency. Users expect a site to load in 2–3 seconds — anything longer and you risk losing them. Google also uses speed as a ranking factor.

The top design companies will:

Use optimized code and image compression

Minimize unnecessary plugins and scripts

Host your site on reliable and secure servers

This not only boosts performance but also improves customer satisfaction and SEO.

7. Ongoing Maintenance & Support

Web design isn’t a one-time task. Websites require regular updates, backups, bug fixes, and security checks. A reputable company in Rewari won’t just build your site — they’ll support it.

They’ll offer:

Regular maintenance plans

24/7 technical support

Updates to design and content based on your evolving needs

This ensures your website stays relevant, functional, and safe.

8. Conversion Rate Optimization (CRO)

Having traffic is great — but are visitors taking action?

Website design companies today focus on data-driven design, using heatmaps, A/B testing, and analytics to fine-tune your site for maximum conversions.

From optimized forms to user-friendly checkout processes, CRO-focused design can:

Increase leads and sales

Improve customer retention

Deliver measurable ROI

9. Local Expertise with Global Standards

Choosing a website design company in Rewari gives you the advantage of local market understanding combined with international quality standards.

They know:

Local consumer behavior and trends

Regional SEO and language preferences

The best way to connect with your local and national audience

This combination allows your business to grow organically while competing globally.

10. Integrated Digital Marketing Solutions

The best web design companies don’t stop at building websites. They offer complete digital marketing services, including:

SEO and PPC

Social media marketing

Content marketing

Email campaigns

Branding and logo design

So, instead of managing multiple vendors, you can streamline your online growth strategy with a single expert team.

Final Thoughts

In 2025, success in business depends on your ability to adapt, evolve, and go digital. Your website is no longer just an online brochure — it’s your most powerful marketing tool.

Partnering with the best Web Design Company in Rewari means:

A website that builds trust

A design that converts visitors into customers

A digital presence that fuels growth

So, whether you're launching a new venture or upgrading an existing one, now is the time to invest in professional website design.

Let your website be the reason customers remember — and choose — you.

There's a bunch of confusion in the notes so let me clarify here:

This is something Chrome started planning at the end of 2021 and were going to roll out in 2023, but because of backlash, they delayed it a year. So yes, you may have already seen this warning in the past.

And yes, they've made changes from last year -- under the current plan for Manifest V3, blocking some ads *is* technically still possible. But here's the thing: good adblockers (like Ublock Origin, which can't function under Mv3) don't just hide ads. They make sure your computer never even downloads ads, ensure advertisers (and malware acting like advertisers) get none of your info, and update all the time to block new types of ads and trackers.

Once Mv3 goes through, your adblocker may not be able to block new ads fast or thoroughly enough. You won't have much defense against anti-adblockers like the ones Youtube is using right now. Your adblocker will have no way to protect you from links with trackers attached. Some ads may get hidden rather than fully blocked, meaning that even though you don't see the ad, advertisers can still get info like where you live, what device you're using, your internet provider, and what webpage you were on.

Google claims they are putting this in place for security purposes. But in my opinion, this is Google making sure you can't lock your doors properly, so they can continue recording you and selling that information to advertisers. I am not surprised that they're announcing this in the midst of their Youtube anti-adblock campaign. Use Firefox.

You Have until June To Dump Chrome

Google has announced that starting in June 2024, ad blockers such as uBlock Origin will be disabled in Chrome 127 and later with the rollout of Manifest V3 (#Mv3).

Firefox is RIGHT there

Protect Your Laravel APIs: Common Vulnerabilities and Fixes

API Vulnerabilities in Laravel: What You Need to Know

As web applications evolve, securing APIs becomes a critical aspect of overall cybersecurity. Laravel, being one of the most popular PHP frameworks, provides many features to help developers create robust APIs. However, like any software, APIs in Laravel are susceptible to certain vulnerabilities that can leave your system open to attack.

In this blog post, we’ll explore common API vulnerabilities in Laravel and how you can address them, using practical coding examples. Additionally, we’ll introduce our free Website Security Scanner tool, which can help you assess and protect your web applications.

Common API Vulnerabilities in Laravel

Laravel APIs, like any other API, can suffer from common security vulnerabilities if not properly secured. Some of these vulnerabilities include:

>> SQL Injection SQL injection attacks occur when an attacker is able to manipulate an SQL query to execute arbitrary code. If a Laravel API fails to properly sanitize user inputs, this type of vulnerability can be exploited.

Example Vulnerability:

$user = DB::select("SELECT * FROM users WHERE username = '" . $request->input('username') . "'");

Solution: Laravel’s query builder automatically escapes parameters, preventing SQL injection. Use the query builder or Eloquent ORM like this:

$user = DB::table('users')->where('username', $request->input('username'))->first();

>> Cross-Site Scripting (XSS) XSS attacks happen when an attacker injects malicious scripts into web pages, which can then be executed in the browser of a user who views the page.

Example Vulnerability:

return response()->json(['message' => $request->input('message')]);

Solution: Always sanitize user input and escape any dynamic content. Laravel provides built-in XSS protection by escaping data before rendering it in views:

return response()->json(['message' => e($request->input('message'))]);

>> Improper Authentication and Authorization Without proper authentication, unauthorized users may gain access to sensitive data. Similarly, improper authorization can allow unauthorized users to perform actions they shouldn't be able to.

Example Vulnerability:

Route::post('update-profile', 'UserController@updateProfile');

Solution: Always use Laravel’s built-in authentication middleware to protect sensitive routes:

Route::middleware('auth:api')->post('update-profile', 'UserController@updateProfile');

>> Insecure API Endpoints Exposing too many endpoints or sensitive data can create a security risk. It’s important to limit access to API routes and use proper HTTP methods for each action.

Example Vulnerability:

Route::get('user-details', 'UserController@getUserDetails');

Solution: Restrict sensitive routes to authenticated users and use proper HTTP methods like GET, POST, PUT, and DELETE:

Route::middleware('auth:api')->get('user-details', 'UserController@getUserDetails');

How to Use Our Free Website Security Checker Tool

If you're unsure about the security posture of your Laravel API or any other web application, we offer a free Website Security Checker tool. This tool allows you to perform an automatic security scan on your website to detect vulnerabilities, including API security flaws.

Step 1: Visit our free Website Security Checker at https://free.pentesttesting.com. Step 2: Enter your website URL and click "Start Test". Step 3: Review the comprehensive vulnerability assessment report to identify areas that need attention.

Screenshot of the free tools webpage where you can access security assessment tools.

Example Report: Vulnerability Assessment

Once the scan is completed, you'll receive a detailed report that highlights any vulnerabilities, such as SQL injection risks, XSS vulnerabilities, and issues with authentication. This will help you take immediate action to secure your API endpoints.

An example of a vulnerability assessment report generated with our free tool provides insights into possible vulnerabilities.

Conclusion: Strengthen Your API Security Today

API vulnerabilities in Laravel are common, but with the right precautions and coding practices, you can protect your web application. Make sure to always sanitize user input, implement strong authentication mechanisms, and use proper route protection. Additionally, take advantage of our tool to check Website vulnerability to ensure your Laravel APIs remain secure.

For more information on securing your Laravel applications try our Website Security Checker.

Indian Railway Jobs

This webpage provides detailed information about the Signal and Telecom Walk-in Interview at Konkan Railway. Aspiring candidates looking for opportunities in the railway sector can find essential details such as eligibility criteria, interview dates, application process, and required qualifications. The page serves as a valuable resource for job seekers aiming to build a career in railway signal and telecom departments. Stay updated with the latest recruitment notifications, selection procedures, and guidelines to enhance your chances of securing a position in Konkan Railway's esteemed workforce. Indian Railway Jobs