#Subdomain management | Explore Tumblr Posts and Blogs

themonsterthing · 4 months

Text

Millenial Art Musing

Gather round, younglings, I’m about to tell a story about ye olde days. *rocker creaks*

My first and most beloved art form, the art that made me who I am, that made me as good as I am at what I do, is dead, is gone, is unreachable.

That might sound dramatic, but I mean that literally. My art form does not, can not, exist anymore. And that's a good thing, because of what it says about accessibility.

I was listening to one of my favourite ever albums when I had this realization today, Johnny Hollow’s 2003 self titled symphonic goth masterpiece. How I found this album was because they had an amazing website. No, really. Amazing. It was a flash masterpiece, where bugs crawled across the screen, different sound clips echoed over different sections, and you unlocked hidden tracks if you answered riddles. It was an artistic triumph. I do believe it won awards.

To modern internet users, that sounds absurd. But I was a web designer back in the days of hard coding, of fixed resolution design, of the surety that everyone was looking at your work from a very similar setup. I got out of web design when it become about scalability, when content management systems were becoming the new norm. Flash hasn’t existed in years, as a design form.

HTML is still the bones of the internet, but it has grown wings and learned to fly. This is good. My art form was not about making things as useable as possible - it was about individual design. Oh what, you have trouble reading 8px Courier in low-contrast color tones? Oh well! It’s art.

The internet should be for everyone, and what I was designing was not that. Yes, it was beautiful, but it was definitely art, not for conveying useful information or accessing tools. Would it be cool if I could make that kind of art again? As pure art? Yes. But there would be no way to make that happen, unless you did something scalable but artistic for the eight million ways people access the internet now. Which is not possible, so maybe if you could control every aspect of the way it was consumed. Which is not possible. Maybe I could do it as an art exhibit, where people came and sat on computers and clicked through incredibly slow pages on 56k to the humming of the computer fan. Ah, the old days.

I am who I am because of my first art. I became a programmer to make Sailor Moon websites, back in the days of Geocities and Angelfire. I learned whole other languages, could speak them fluently, still know common hex codes. (People ask my favorite colour, and I always say French Grey. But really it’s #E6E6E6.)

It is a bizarre and beautiful world to have come from. I miss the camaraderie of the my fellow web designers, those of us trading CSS hacks and joking about the best font style. One person with a credit card who owned a domain and hosted all their buddies, the joy of ridiculous subdomain names.

I am delighted by what the internet has become. But oh, the olden days.

</ramble>

#web design #millenial culture #early days #internet #thoughts and such #blog #personal

36 notes · View notes

fluffy-critter · 2 months

Text

#crosspost #busybee

5 notes · View notes

subdee · 4 months

Text

Tumblr's "get a domain" update (GREAT idea btw) got me to thinking, as I do every five years or so, that I should finally update/patch/replace/whatever my wordpress install on my subdomain (sd.magatsu.net, magatsu.net is my friend Stephanie's domain that she's let me squat on since like 2005).

SO I fired up Filezilla, because I haven't touched this stuff since like 2020probably, and I don't know if there are any newer or better FTP clients. Of course, the password doesn't work. I probably changed it when my wordpress got taken over by malwarebots in the 2010s.

So now I'm off to Dreamhost, the hosting company for this ancient website I share with Stephanie, to see if I can change the FTP password. Also because I think I probably have to use the Dreamhost webhost panel to update the wordpress, maybe? I know you can do that, my memory on how all this works is hazy.

In Dreamhost, my account is still pending, and needs to be approved by a human moderator. NOW I remember why I let everything lapse in the first place! The account has probably been pending for ten years.

So now I am sending in a ticket on this ancient, untouched account, and also emailing Stephanie to see if there's anything she can do on her end...

Anyway all of this is to say that I really probably should go for the tumblr domains thing. I bet the interface would be much easier than everything I've just described above. It'd be cool if a bunch of people moved their blogging off tumblr to "their own" domains, and also if tumblr let you follow RSS feeds (you can, actually, but I mean in a more automatic way) so we could keep following those blogs. Because there hasn't really been an RSS reader I've liked and used regularly since Google axed Google Reader...

Anyway all of this is to say, going into domain management is a great move, hope it helps to keep the lights on at Tumblr.

#the internet #think of all the people like me who will pay $10-$20 a year on a site they don't even touch or update #just to have it there

6 notes · View notes

mariacallous · 3 months

Text

When the Egyptian government shut down the internet in 2011 to give itself cover to crush a popular protest movement, it was Nora Younis who got the word out. Younis, then a journalist with daily newspaper Al-Masry Al-Youm, found a working internet connection at the InterContinental Cairo Semiramis Hotel that overlooked Tahrir Square, the heart of the protests. From the balcony, she filmed as protesters were shot and run down with armored vehicles, posting the footage to the newspaper’s website, where it was picked up by global media.

In 2016, with Egypt having slid back into the authoritarianism that prompted the uprising, Younis launched her own media platform, Al-Manassa, which combined citizen journalism with investigative reporting. The following year, Almanassa.com suddenly disappeared from the Egyptian internet, along with a handful of other independent publications. It was still available overseas, but domestic users couldn’t see it. Younis’ team moved their site to a new domain. That, too, was rapidly blocked, so they moved again and were blocked again. After three years and more than a dozen migrations to new domains and subdomains, they asked for help from the Swedish digital forensics nonprofit Qurium, which figured out how the blocks were being implemented—using a network management tool provided by a Canadian tech company called Sandvine.

Sandvine is well known in digital rights circles, but unlike leading villains of the spyware world such as NSO Group or Candiru, it’s often floated below the eyeline of lawmakers and regulators. The company, owned by the private equity group Francisco Partners, mainly sells above-board technology to internet service providers and telecom companies to help them run their networks. But it has often sold that technology to regimes that have abused it, using it to censor, shut down, and surveil activists, journalists, and political opponents.

On Monday, after years of lobbying from digital rights activists, the US Department of Commerce added Sandvine to its Entity List, effectively blacklisting it from doing business with American partners. The department said that the company’s technology was “used in mass-web monitoring and censorship” in Egypt, “contrary to the national security and foreign policy interests of the United States.” Digital rights activists say it’s a major victory because it shows that companies can’t avoid responsibility when they sell potentially dangerous products to clients who are likely to abuse them.

“Better late than never,” Tord Lundström, Qurium’s technical director, says. “Sandvine is a shameless example of how technology is not neutral when seeking profit at all costs.”

”We are aware of the action announced by the US Commerce Department, and we’re working closely with government officials to understand, address, and resolve their concerns,” says Sandvine spokesperson Susana Schwartz. “Sandvine solutions help provide a reliable and safe internet, and we take allegations of misuse very seriously.”

Sandvine’s flagship product is deep packet inspection, or DPI, a common tool used by ISPs and telecom companies to monitor traffic and prioritize certain types of content. DPI lets network administrators see what’s in a packet of data flowing on the network in real time, so it can intercept or divert it. It can be used, for example, to give priority to traffic from streaming services over static web pages or downloads, so that users don’t see glitches in their streams. It has been used in some countries to filter out child sexual abuse images.

But the technology can also be used to divert traffic away from sites or social media platforms and into dead ends, effectively censoring them. It’s the main technology used by Roskomnadzor, the Russian state censor, to shut off or throttle sites the government has banned.

“On paper, it’s technology that has legitimate aims, but it can be abused on a mass scale if it’s given to the wrong hands,” says Marwa Fatafta, Middle East and North Africa policy and advocacy director at digital rights group Access Now, which has been lobbying the US government to take action against Sandvine. “If you’re selling your technology to repressive governments that you know have a dismal record of human rights, you know that your technology will end up being abused.”

This dual use has made authoritarian governments enthusiastic adopters of DPI. In 2017, according to Bloomberg and Qurium, Sandvine was among the tools used by the government in Azerbaijan to black out livestreaming services and social media sites during anti-corruption protests, and to later block access to a major opposition newspaper.

In 2018, the Canadian cybersecurity research center Citizen Lab found that Sandvine’s tools had been used to deploy “nation-state spyware” onto users’ devices in Syria and Turkey.

In 2020, Sandvine’s DPI tool was used to shut down the internet during anti-government protests in Belarus. The outcry that followed led to the company canceling its contract with the government in Minsk. However, Sandvine apparently continued to seek contracts in places that routinely censor the internet. In 2022, a Bloomberg investigation found that the company had been pursuing business in Russia, where the government has been rolling out a massive system of decentralized censorship, often using DPI. Sandvine has reportedly now largely pulled out of the Russian market after sanctions were imposed on the country following the full-scale invasion of Ukraine.

In Egypt, Sandvine has provided a key tool in the government’s attempt to strangle independent voices, allegedly helping to block hundreds of sites, including Al-Manassa. The impact has been devastating for independent sites, Younis says. The constant disruption has cut them off from audiences and revenue streams, making it hard to sustain themselves financially. Many independent media outlets have shut down.

“This, of course, has definitely had a lot of impact on people’s awareness in access to information and their ability to hold officials accountable,” Younis says. “There are parliamentary elections, presidential elections—many times where maybe things would have been different if there was free access to information.”

The technical censorship is only part of the Egyptian government’s far broader crackdown on independent media and political opponents, which includes physical and legal intimidation. But Younis, like others, thought that the involvement of a Western tech company meant that she might have an avenue to seek redress. Two years ago, she started speaking with rights groups in Canada and the US to try to figure out whether she could sue Sandvine, which has never responded to any of her requests to speak. She was advised against it, on the grounds that she could open herself up to expensive counter-litigation. She lobbied Canadian diplomats, who were sympathetic but said they couldn’t help. “Their heart’s in the right place, but they say that the laws in Canada don’t work like that,” she says.

This speaks to the difficulty in regulating so-called dual-use technologies—tools whose danger depends on the context in which they’re deployed. In the US and European Union, lawmakers have begun to expand older restrictions covering dual-use technologies that could be used as, or to build, weapons to cover surveillance and censorship. But the process has been slow. NSO Group, whose Pegasus spyware has been implicated in the surveillance of hundreds of human rights activists, journalists, and politicians all over the world, was added to the Entity List only in late 2021, years after the scandal broke.

Victims of the censorship tools, including Younis, had little hope that Sandvine would be sanctioned, and Monday’s announcement took them by surprise. (Qurium’s Lundström’s first response via Signal on Tuesday morning was simply: “Oh fucking yeah.”)

Being added to the Entity List means that any American company that wants to work with Sandvine will need to seek a special license. “It is essentially a ban,” says Natalia Krapiva, tech legal counsel at Access Now. “There is a presumption that [licenses] will not be approved.”

That means Sandvine could struggle to access US technology services and infrastructure.

“It’s a big deal for companies to be going and asking for a license to do business with a company that the US government says represents a risk to our national security interests and foreign policy,” Krapiva says.

The Department of Commerce’s decision is, she adds, “hugely significant. It is a huge victory for all of us: civil society, victims of this technology, and the regimes that they were supplying into. … [Sandvine] could have stuck with sort of normal, civilian purposes. Instead, they chose to sell to dictators and facilitate censorship and repression. And so finally, they paid some price.”

2 notes · View notes

sunny-satellites · 4 months

Text

I'm gonna be honest, professionalism is a disease. Sometimes you just need the words to bring reality to someone who won't listen and they can't start with per my last e-mail.

There's a specific site at my job that drives me nuts because they just don't listen to instructions carefully and this problem is endemic across their entire management pool. They'll also constantly cross lines and do shit like call me on teams without warning because they *know* I'm good at my job and I'll fix the damn problem if I can, but sometimes I'm in the middle of doing other shit and I can't be pissed to fuck around for fifteen minutes to reset johnny dipshit's RSA because he chronically can't remember a 4 digit number.

So this week was a gigantic headache because small minded upper management made an absolutely awful decision and has set a 90 day ticking time bomb on our password policy due to a delayed overreaction from a security breach that happened in October, they forcibly reset every call centers password and unfortunately because of more dumb shortsightedness they specifically decided to flag it for VMware logins. VMware is not directly attached to our primary IDP so it caused a ton of IDP flowback issues usually locking people out of random applications on other subdomains and often locking people out of active directory login entirely.

I've had to basically route a large portion of this intake for this specific issue and it's been mostly resolved as everyone who got flagged in these domains has reset their shit and had a temporary password issued and their accounts synced for proper primary IDP flow down.

I got a guy today however who managed to dodge this issue and I told him I'd have to route his issue to another team because someone already picked up this ticket, but genius middle management refuses to let people be unproductive for a bit and he's in my dms telling me to reset chuckledick's password again.

I can't tell him he's a technological hazard and that his mother should pound sand on the beach that makes you old and block him because that's ~unprofessional~ so instead I tell him this is a bad idea because the department under me already reset his shit and synced it from the jump server and this will reset it back to square one and probably break any other access that was working along the way. I know what the issue is and that it's elsewhere but I'm a network engineer so I *shouldn't* modify this person's OUs if it's already someone else's ticket. However he's not taking my polite "No" for an answer so I reset the person's acct and issue a temporary password, he tells me he'll be back in 5 minutes. It takes him 25, meanwhile I'm regularly refreshing the domain that has NT logins registered on it and see that the password update flag doesnt reset, meaning chuckledick cant log in.

I fuckin set myself to busy so these people will stop bothering me and leave him a message before he can even return: "I see user was unable to log in meaning this issue is IDP domain flow down related like I had initially diagnosed, in the future please refrain from wasting (network dept name)'s time and arguing with us over tickets already assigned to the correct department. I hope you take this lesson to heart." Which is about the politest way I can tell this person he is a fucking fool and I hate working with him.

#sysadmin bitching

2 notes · View notes

dontmeantobepoliticalbut · 2 years

Text

Donald Trump's White House blocked dozens of federal agencies from creating new government websites aimed at aiding homeless people, fighting human trafficking, and helping people vote, according to records obtained by Insider through a Freedom of Information Act request.

The requests for new websites came from agencies small and large at a time when Trump had grown openly hostile toward his own administration, often deriding the federal government's executive branch as an out-of-control "deep state" conspiring to undermine him.

The Department of Defense, Department of Labor, Centers for Disease Control and Prevention, Central Intelligence Agency, and Environmental Protection Agency are among the more than two-dozen agencies that Trump's Office of Management and Budget rebuffed.

Proposed websites that Trump's Office of Management and Budget rejected include HumanTrafficking.gov (Department of State); ReportFraud.gov (Federal Trade Commission); Telehealth.gov (Department of Health and Human Services), FindShelters.gov (Department of Housing and Urban Development), and FiscalData.gov (Department of the Treasury), according to federal records.

Such custom ".gov" website domains enhance government agencies' ability to effectively provide and market services to an American public that's all but universally connected to the internet.

Without them, agencies can still create new sections on their primary websites, but with long and unmemorable subdomain names replete with slashes and hyphens — not exactly prime fodder for a billboard or public service announcement.

The documents obtained by Insider listed no reasons for why the Office of Management and Budget rejected or accepted an agency's ".gov" website domain request.

Neither did the Office of Management and Budget, whose spokesperson, Isabel Aldunate, declined to answer Insider's questions.

Representatives for Trump, who this week officially launched his 2024 presidential campaign, did not reply to several messages.

MAJOR DIFFERENCE BETWEEN TRUMP AND BIDEN

The Trump White House's practice of regularly blocking and slow-walking federal agencies' website requests stands in stark contrast to that of President Joe Biden's White House, which has approved almost every request it's received, federal records indicate.

Of the 105 ".gov" websites requests Trump's Office of Management and Budget considered between July 2018 and the day Trump left office on January 20, 2021, it accepted 60, denied 44, and left one pending — a 41.9% rejection rate, according to the records obtained by Insider.

Of the 95 ".gov" website requests Biden's Office of Management and Budget considered between January 21, 2021, and September 9, 2022, it accepted 85, denied four, and recorded six requests voluntarily withdrawn — a 4.2% rejection rate.

Insider asked more than a dozen federal agencies that had their custom .gov website domain requests rejected by the Trump White House to explain what happened.

Some declined to comment, including officials at the Federal Trade Commission and Department of Labor. Others did not respond to inquiries, including the Department of Agriculture and Centers for Disease Control and Prevention.

For those who did comment, they offered limited insight into why they sought new .gov websites or why the Trump White House denied their requests.

Housing and Urban Development, for one, told Insider in a statement that it asked to establish FindShelters.gov in late 2019 "for the creation of a new tool that would provide information about housing, shelter, healthcare and clothing resources in communities across the country."

After two months in limbo, the Trump White House denied the agency's request. It now provides such information on its main agency website, with resources concentrated at a URL of https://www.hud.gov/homelessness_resources.

HUD's understanding of why its request was denied: "There has been a federal-wide ongoing effort to limit and reduce the number of federal public-facing websites. The effort was started to reduce cost and redundancy."

On December 23, 2019, the CIA asked Trump's White House to approve the website domain DataTransport.gov. A week later, the Office of Management and Budget rejected the request.

"The domain was registered to support the IC's data services program," a source familiar with the matter said of the CIA's request, with "IC" standing for "intelligence community." The source offered no additional details.

In March 2019, the generally apolitical Peace Corps asked Trump's Office of Management and Budget to green-light PeaceCorpsCN.gov — a website referencing its operation in China. Office of Management and Budget officials rejected the request on an unspecified date.

"Per compliance with Binding Operational Directive (BOD) 18-01, the domain was requested at the time to enhance email and web security," Peace Corps spokesman Troy Blackwell wrote in an email.

By early 2020, the Peace Corps had begun the process of leaving China — one of Trump's favorite targets and topics. The Peace Corps has not re-upped its PeaceCorpsCN.gov website request since.

"After Peace Corps closed the China post, we no longer needed the domain," Blackwell said.

BLOCK AND DELAY

In at least one case, Trump's White House denied a website request — the United States Agency for International Development-sponsored ProsperAfrica.gov — that Biden's White House later approved.

The ProsperAfrica.gov website now details efforts by the United States Agency for International Development to mobilize "services and resources from across the US government to empower businesses and investors with market insights, deal support, and financing opportunities" on the African continent.

And of the custom website domains Trump's Office of Management and Budget did OK, approval often took weeks or months instead of the days or hours typical for Biden's Office of Management and Budget.

One particularly testy delay came during the summer of 2020, when the Election Assistance Commission sought approval to create HelpAmericaVote.gov and use it to recruit and coordinate an army of new poll workers amid the COVID-19 pandemic, which by then had sidelined tens of thousands of older election volunteers unable or unwilling to staff in-person voting sites.

An unexpectedly long delay ensued. Finally, the Office of Management and Budget sunk the Election Assistance Commission's HelpAmericaVote.gov website, arguing in an email obtained by Insider that the election agency's request "did not justify the creation of a stand-alone site." The decision arrived as Trump's assertions that US elections were "rigged" and fraudulent had grown louder and evermore detached from reality.

Then-Election Assistance Commission Executive Director Mona Harrington frantically appealed for reconsideration.

"This is really negatively impacting our progress at this point," she wrote Justin Grimes, then an official in the Office of Management and Budget's Office of the Federal Chief Information Officer. "Please advise, we desperately need the domain."

Several days later, the Office of Management and Budget reversed its decision, and HelpAmericaVote.gov would go live in mid-August 2020, just in time for National Poll Worker Recruitment Day on September 1. About 100,000 people visited the site that day, the Election Assistance Commission said.

In a statement to Insider at the time, Trump's Office of Management and Budget said it rejected the Election Assistance Commission's request for HelpAmericaVote.gov "because the information provided did not justify the creation of a stand-alone site based on existing requirements. OMB worked with EAC given the importance of the topic to improve the justification which led to approval."

Trump's Office of Management and Budget did approve a few custom web domains quickly.

Among those granted the swiftest approval: TrumpLibrary.gov, TrumpWhiteHouse.gov, and FlyHealthy.gov.

Curiously, the General Services Administration on October 8, 2020, proposed creating BuildBackBetter.gov, which Trump's Office of Management and Budget approved the same day, according to federal records.

At that juncture, Biden has already made "build back better" a cornerstone plank of his 2020 presidential campaign platform. Trump's administration did not appear to use the BuildBackBetter.gov domain for any material purpose. But in mid-November 2020, then President-elect Biden began using it as part of his official presidential transition web presence, according to the Internet Archive's Wayback Machine.

AN OPAQUE APPROVAL PROCESS

Trump in 2018 tapped the White House's Office of Management and Budget to serve as the national gatekeeper for new federal government websites — a role previously filled by the General Services Administration.

In a statement to Insider last year, the General Services Administration said the Office of Management and Budget decided in February 2018 to "perform the adjudication of all new federal executive branch .gov domain requests to limit the proliferation of executive branch stand-alone .gov websites/domains and infrastructure."

The office immediately took a hard line on agencies' website requests, denying as many as it accepted during the second half of 2018, according to federal records.

But the decisions were made out of public view.

In January 2021, Insider filed a Freedom of Information Act request asking the Office of Management and Budget for records related to .gov website domains that federal government agencies had petitioned to create. Insider also asked for records indicating whether the Office of Management and Budget approved or denied the agencies' requests to create .gov websites.

In March 2021, Office Management and Budget officials denied Insider's FOIA request, stating that "no responsive records were located."

Insider formally appealed that decision. In late October, about 19 months later, Office of Management and Budget officials acknowledged that records Insider requested did indeed exist.

Officials then agreed to release a summary of .gov website requests the Office of Management and Budget had approved and rejected, although it did not immediately provide other requested records, such as documents explaining why officials approved or denied a particular website.

The data include eight recently requested websites that are listed as "pending." Seven come from the Department of Education and appear to pertain to student debt relief, a top Biden administration priority, and feature URLs such as StudentDebtRelief.gov and GetStudentLoanRelief.gov.

The websites were not yet functional as of mid-November.

24 notes · View notes

dailycharacteroption · 9 months

Text

Deity Drop 5: Alichino

Well, we’ve come to the end of this week’s special, and for now we’re over the hump of lesser lawful evil powers (though not quite done with evil powers, though that’s a question for next time we do this).

This time we’re looking at the least of the divine powers associated with Hell, the Malebranche!

The word “Malebranche” comes from Dante’s Inferno, and refers to various devils that torment condemned souls, particularly those of politicians. In fact most if not all of the Malebranche in Pathfinder are references to individual named fiends in the book!

The Malebranche in Pathfinder are a wee bit different however, in that they are universally elevated horned devils of great power, most of which have been assigned to manage Hell’s efforts to conquer a Material Plane world, which is a tall order to be sure, but immortal devils can afford to play the long game, though naturally as unique beings they have differing styles and aesthetics of how they do so.

Our first Malebranche is special too, for Alichino is none other than the fiend assigned Golarion itself!

Also known as the Jester Prince of the Cage, Alichino is a trickster and deceiver that has manipulated mighty heroes and leaders for generations. In fact, one story speaks of the time he convinced the legendary hero Strata to conquer a seemingly invincible city, which he did by sowing the teeth of an equally legendary dragon to summon forth armies of skeletal warriors.

Beyond that, little has been written about Alichino, but his association with royalty, deception, and madness suggests he is a manic figure that can control his twisted behavior in order to worm his way into the confidence of powerful figures to manipulate and twist them, but he likely reverts to manic, sadistic behavior when out of disguise, like horned Punchinello he revels in violence and sadism against his foes.

The Jester Prince of the Cage epithet is quite literal, for Alichino takes the form of a cornugon devil dressed in a torn jester’s motley, complete with belled hat and an exaggerated grinning mask.

Alichino has no listed realm of his own aside from Hell, but he likely spends a lot of time in Malebolge plotting and planning on the next scheme to weaken Golarion, and of course maintain his armies for the time if and when the planet becomes ripe for a direct conquest. Incidentally, “The Cage” mentioned in his title actually refers to Golarion itself, for other worlds know the world by that title on account of Rovagug’s prison being located inside the core of the planet.

The Jester Prince attracts worshippers from among the upper echelons of society. Specifically he is favored by nobles and the like that secretly desire debaucheries and excesses beyond reason. Many of his cults, like the Harlequin Society in Ustelav, masquerade as exclusive secret societies.

If Alichino has any specific relationships with other divinities, they are not currently realized in print, though it can be assumed that he is subservient to Asmodeus, respectful to the Archdevils, Infernal Dukes, and Queens of Night (if perhaps ambitious to one day join their level or replace them) and at least cordial with the rest of the Malebranche, though they are perhaps more likely to be subject to his pranks and schemes. Naturally, he is an enemy to every goodly divinity, as well as others that have a vested interest in protecting Golarion or conquering it for themselves.

Naturally, he also commands millions of lesser devils under his direct command as well as being able to pull rank to command others when necessary.

Alichino commands power over the domains of Evil, Law, Madness, and Trickery, as well as the subdomains of Deception, Devil (by way of Evil or Law), Insanity, and Thievery, reflecting his manipulative but unstable nature.

He has not, however, been focused on in 2e yet, leaving his Second Edition interpretation of domains a mystery for now.

As a lesser power, his Obedience only grants minor rewards, but in exchange for telling a sadistic joke and laughing about it far longer than one should, he grants the supplicant protection against effects that target the mind. Beyond that, he offers spells to transform into humanoid disguises, inflict irrational behavior, and instill suggestions into large groups.

Alichino has not yet been mentioned in Starfinder, but given the target of his given task, the planet Golarion has vanished during the Gap, it is anyone’s guess what he is doing now. Was he destroyed permanently long before the far future of Starfinder? Did Golarion’s disappearance leave him out of job? Did he kick off the events of the Gap by succeeding too well causing someone or something to undo his victory by vanishing the planet? There are too many possibilities to cover here, so feel free to use him as you see fit.

That does it for this week, but we’ve still only scratched the surface of deities! Look forward to the return of this special sometime in the future, and more archetypes and options next week!

#pathfinder #deity #alichino #malebranche #Book of the Damned

4 notes · View notes

ryjelsum · 11 months

Text

im still fucking chapped that tumblr removed the 'legacy' way of getting a custom domain in favor of managing them yourselves because now there's absolutely no way to get a custom subdomain working as a url now like i have. i was going to do that for my sister, i was gonna make my sister a tumblr as an easy way to make a gallery website but now there's no way in hell

2 notes · View notes

rajubhadra · 2 years

Text

Courserious 2.0 Review - Does IT Worth Value?

Introduction

Welcome to my Courserious 2.0 Honest Review and Live Demo. Eric Holmlund is the author of this new breakthrough platform.

You can Upload & Sell high-quality done-for-you online video courses and eBooks. Make $27 – $47 over and over every time. You can earn your 100% profit on this 10X advanced eLearning platform.

Breakthrough Opportunity To Grab 10x Advanced & Upgraded Courserious 2.0!

Now, keep reading Courserious 2.0 Review to learn more about Courserious 2.0. You have to know if this platform is good or bad. Then it’s helpful to make money or not.

What is Courserious 2.0?

Courserious is a platform that provides users an exceptional opportunity to build their own online business & brand by selling courses in just minutes.

It allows users to create, upload, and sell courses online – with just a few clicks. With 190+ DFY courses (ebooks + videos) and advanced features like an easy-to-use course manager, student panel, video player, quiz creator, message/support system, payment mode integration, etc.

This is literally the only business platform you’ll ever need to start profiting online right away.

Courserious 1.0 was an award-winning top seller, and Courserious 2.0 is even BETTER!

Top Features of Courserious 2.0

– New feature: Admin Can preview Courses

– New feature: 1 Click Niche-based Academy Setup (Health niche, IM niche, Cooking Niche Etc.)

– Advanced course manager to add/manage courses

– Easy to use lesson manager to add sections or quizzes between lessons

– Payment gateway integration with PayPal and Stripe & multiple currency support to receive payments directly

– Add/Upload rich media files (YouTube URL, Vimeo URL, MP4 URL, Document files, Image Files &iframe Embed, etc.)

– 100% SEO-optimized courses and sites

– Branded student panel to add/manage/enroll students from the backend

– Detailed reporting system to get complete sales and revenue analytics

– Built-in support/ticket system to provide support to students

– Create beautifully, SEO optimized, and mobile responsive eLearning sites within minutes

– No domain or hosting required, get your own SSL-secured subdomains for each academy

Keep Reading Courserious 2.0 Review

– Free Hosting For Images & Documents

– Social Media Sharing For 100% FREE Viral Traffic

– Setup your own SMTP for mailing your students

– Advance and customized video lesson player

– Advanced sorting options for students to sort courses by ratings, category, level, language, price, etc.

– Your own marketplace to list and sell courses and keep 100% of the profits in your pockets – No profits sharing

– Branded members area for students to learn, track course progress, get purchase reports/PDF invoices, and rate the courses after purchasing

– Top-notch shopping cart and Wishlist options for students to enable smooth purchasing

– Strong Data Privacy

– Include Legal Pages like About us, Terms, Privacy Policy, Cookie Policy, etc.

– Automated Email Notifications

– 100% GDPR And CAN-SPAM Compliant

– Completely Cloud-Based System – No Downloads or Complicated Installation

– Everything you need and more under ONE roof.

Keep Reading Courserious 2.0 Review

#Courserious 2.0 #Courserious 2.0 Review #Courserious 2.0 Software #Courserious 2.0 Scam #Courserious 2.0 Demo

2 notes · View notes

hackgit · 2 years

Text

GooFuzz The Power of Google Dorks. GooFuzz is a tool to perform fuzzing with an OSINT...

GooFuzz The Power of Google Dorks. GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking). https://github.com/m3n0sd0n4ld/GooFuzz

#cybersecurity #infosec #infosecurity #pentesting #bugbounty #hacking #hackers

3 notes · View notes

stickytyphoonbouquet · 2 years

Text

Amass — Mapping Attack Surface Automatically

CyberSecurity Updates

Kali Linux

/ By

CyberArk

December 14, 2021

In our this guide we are going to cover an awesome information gathering tool called Amass originally created by Jeff Foley, later it adopted by OWASP and Jeff is Amass project leader now.

Amass is a command line open-source tool that helps information security professionals to perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.

In order to do this, Amass heavily focuses on DNS, HTTP and SSL/TLS data discovering and collecting. Amass uses its own internal mechanism and it also integrates perfectly with some external services (SecurityTrails, AlienVault, Shodan etc) to increase the efficiency and power of it’s results.

In our detailed guide we are going to learn how to install & use Amass on Kali Linux. So without wasting any more time lets get started.

How to Install Amass on Kali Linux

If we are using an updated version of Kali Linux large, then we don’t need to install Amass on our system, it comes pre-installed. But if Amass doesn’t present on our Kali Linux system then we can easily install it by simply using following command:

sudo apt install amass-common

How to use Amass on Kali Linux

Before starting using any tool we should check it’s help options. We are also doing the same for Amass also. To check it’s help we run following command on our terminal window:

amass -h

In the following screenshot we can see the output of our applied command:

In the above help menu we can see that Amass have some options. Let’s have a look on to them:

intel: Collect intelligence on the target in order to determine our starting point.

evum: Perform enumeration & mapping of our target to determine possible attacks.

viz: Show the results on a visual formats with analysis and future research.

track: Compare results across enumerations to see changes in their attack surface.

db: Manage the graph databases storing the enumeration results.

dns: Resolve DNS names at high performance.

Getting Subdomains using Amass Enum

Enough talking about Amass. Let’s use it. The most basic use of it is “subdomain enumeration”. We can do it by applying following command:

amass enum -d oswap.org

Here we have used -d flag to specify our target domain. In the following screenshot we can see the output of our applied command:

That is the basic subdomain discovery. We can get better results using following command:

amass enum -d example.com -active -cidr 1.2.3.4/24,4.3.2.1/24 -asn 12345

Getting Information using Intel

We can do a lot of tings with Amass. For an example we are looking for an organization using “google” in their name. We can use following command to do this:

amass intel -org "google"

After applying the above command we need to give couple of minutes to find it. We can see it on the following screenshot:

We can also reverse whois data. By this way we can grab the details from the specified domain’s whois records, and then tries to find other domains with the similar whois records. That way we can know about a website owner have other websites. We can use following command to do this:

amass intel -d oswap.org -whois

The output shows in the following screenshot:

These all domains have similar whois information as Google.com, so there is high chance that Google owns them.

SSL Certificate Grabbing

If we know IP addresses and feed it to Amass using -active flag, Amass will pull the SSL certificate from every IP address within the IP range and then spits back the domain that the SSL cert is associated with. For an example we use the following command:

amass intel -active -cidr 173.0.84.0/24

In the following screenshot we can see that it is running on a well known Paypal-owned CIDR range.

Tracking using Amass

Our every scan done with amass is automatically stored on our system that we ran it on. Then, if we run the same scan again, amass will track any changes that have taken place since your last scan. The most perfect way to use this feature is to discover which new subdomains have appeared since our last scan. For example, We had scanned oswap.org on the morning, so I ran the following command to track that.

amass track -d oswap.org

In the following screenshot we can see there are no changes. If we got some new subdomains that means that might be vulnerable.

Visualization on Amass

Frankly speaking we are not fan of this. During the information gathering we love to see the results on a text based format, but visualization on Amass looks really cool. We need to use viz for that, as we did in the following screenshot:

This viz subcommand on Amass allow us to visualize all the gathered information of target (stored in the Amass graph database) for a target in a number of ways. Results can also be imported into Maltego for more OSINT analysis.

Amass Database

Amass Database (db) is a Amass subcommand that is useful to view the recon data for every scan that we had ever done. To list all of the details of all of our previous scans, we need to simply run command like amass db show, If we want to see details of a specific domain, then we just need to add the -d flag like following,

amass db -show -d oswap.org

If we prefer a nice clean, plain output, we can output the discovered domains or subdomains using the -names flag instead of -show. The outputs are shown in the following screenshot:

In the above screenshot we just have the subdomains, because we did not gather more information on oswap.org, but if we have it will show us.

Amass Scripting Engine

Like Nmap scripting engine Amass also have scripting engine which can be used to add our own data sources on Amass. Like we have an updated API which Amass doesn’t integrated yet, so we don’t need to wait for Amass adds it. We can add it on Amass and use it. For more details we can check this manual.

For more detailed guide we can suggest some awesome sources to learn more about Amass:

Official Amass Tutorial

Amass Extensive Tutorial

Amass is really a great tool for information gathering and recon works. In this article we saw that how we can use Amass on our Kali Linux system.

#amass #kali linux #scripting #engine

6 notes · View notes

mentalisttraceur-software · 2 years

Text

Java and Go both have very wise ideas about how packages are namespaced and imported.

Java's only mistake was not forcing everyone to have version integer for backwards incompatible changes into the package path, the way Go eventually did with modules. Well, the other out-of-language mistake was not waiting for or providing something like GitHub and GitHub Pages with per-package subdomains.

The "but why should I have a domain name for my packages?" isn't a Java problem, that's a society problem. There's no reason why we can't have a world where every human can easily and for free get new domains for stuff. They don't need to be vanity domains, in fact you often wouldn't want them to be - I like getting my packages from a known public repository domain which is secured and managed by at least one really dedicated and really careful widely trusted party. So there's really no good reason besides lack of societal vision for there not to be at least one repository located at a domain like example.com, where each package gets a subdomain like package.user.example.com - then of course imports paths in Java would look like com.example.user.package.

Notably, this is semantically what you get in Go source, with all of its GitHub URL imports - you start with the domain of a big public code hosting service, then you have a user name, and then you have a repository name. Except in Go the price of this wisdom is steeper: less regular syntax, because you're coupling to two different paradigms of hierarchical names instead of just one - not just DNS-like but also HTTP-like.

Which, on a side-note, is all a great example of what happens when you implement part of the vision without implementing every other part of the vision - most of the time, no one will implement the rest of the vision, because most people will not see the vision or how it will improve their lives until after they are using it. And your explanations will be lost, largely unshared and unrepeated. If Java's makers could've also made a good VCS and GitHub equivalent around the same time, people would've loved Java's style of package namespacing the same way people loved Go being able to import GitHub repo URLs.

Anyway, it's extremely good for packages in code to be unambiguously namespaced in a hierarchical namespace that is also unambiguously locating outside the code.

#software #software design #language design #software dependencies #software development

2 notes · View notes

rwahowa · 13 hours

Text

How to use DigitalOcean DNS [Video]

The video above demonstrates how to set up and manage DNS records using DigitalOcean. I begin by adding my domain to Digitalocean domains and then updating name server records on the registars platform. The video guides you through adding DNS records, such as A records and CNAME records, for the main domain and subdomains. Additionally, it covers adding TXT records such as DKIM, DMARC, and SPF,…

View On WordPress

0 notes

whatshappeningintheworlds-blog · 2 days

Text

How do I Redirect My Domain Name to Another Website on Namecheap?

Introduction

In the digital age, domain redirection is a pivotal task for website owners. Whether rebranding, restructuring, or simply directing traffic, understanding how to efficiently redirect your domain is crucial. Namecheap, a leading domain registrar, offers robust tools for domain management, including domain redirection. This article explores the intricacies of redirecting your domain using Namecheap’s platform.

Understanding Domain Redirection

Domain redirection, also known as URL forwarding, is the process of pointing one domain name to another. There are two primary types of redirection: 301 and 302 redirects. A 301 redirect is permanent, signaling search engines to update their index, while a 302 redirect is temporary, preserving the original URL in search engines. Common use cases include transitioning to a new domain, merging websites, or redirecting traffic for marketing campaigns.

Prerequisites for Domain Redirection

Before initiating domain redirection, ensure you have an active Namecheap account and own the domain you wish to redirect. Verify domain ownership and prepare the destination URL. This preparatory step is essential to avoid misconfigurations and ensure a seamless redirection process.

Logging into Your Namecheap Account

Begin by accessing the Namecheap login page. Enter your credentials to log in and navigate to your account dashboard. This dashboard serves as the control center for all your domain management activities.

Accessing the Domain List

Within the dashboard, locate the Domain List section. Select the domain you intend to redirect. Familiarize yourself with the domain management interface, which provides various options for domain settings and configurations.

Initiating the Redirection Process

Navigate to the Domain Settings for the selected domain. Here, you’ll find the option to redirect your domain. Select this option to proceed with the redirection setup. Understanding the various redirection settings available will help you choose the right type of redirect for your needs.

Configuring a 301 Redirect

A 301 redirect permanently moves traffic from one URL to another. To set up a 301 redirect on Namecheap, go to the Redirect Domain section, enter the destination URL, and select the 301 redirect option. This type of redirect is beneficial for SEO as it transfers the ranking power to the new URL.

Configuring a 302 Redirect

A 302 redirect is a temporary measure, often used during website maintenance or for short-term promotions. Set up a 302 redirect by selecting the appropriate option in the Redirect Domain settings and entering the destination URL. Use this when you plan to revert to the original URL eventually.

Advanced Redirection Settings

For more complex redirection needs, explore advanced settings. Wildcard redirects can forward all pages under one domain to corresponding pages under another domain. You can also redirect specific subdomains or handle URLs with parameters, ensuring granular control over traffic flow.

Testing Your Redirection

Once configured, test your redirection to ensure it functions correctly. Utilize tools like Redirect Checker or browser-based tests to verify. If issues arise, troubleshoot common problems such as incorrect URLs or DNS propagation delays.

Managing DNS Settings

Understanding DNS records is crucial for redirection. Modify A Records and CNAME Records if necessary. DNS changes can impact how quickly your redirection takes effect, so manage these settings carefully to avoid disruptions.

Redirection Best Practices

To maintain SEO value, use 301 redirects for permanent moves. Avoid redirect loops, which can confuse both users and search engines. Regularly monitor your redirects to ensure they perform as expected and adjust as needed.

Handling Common Problems

Common issues include incorrect redirects, propagation delays, and SSL certificate problems. Fix these by double-checking your settings, allowing time for DNS changes to take effect, and ensuring your SSL certificates are properly configured.

Updating Redirection Settings

Over time, you may need to update your redirection settings. Modify existing redirects through the Domain Settings, delete any no longer needed, and keep your information current to reflect any changes in your domain strategy.

Integrating with Website Builders

If redirecting to platforms like Wix, Squarespace, or WordPress, follow platform-specific instructions. Integration can simplify the process and provide additional tools for managing your domain.

Utilizing Namecheap Support

Namecheap offers extensive support through its knowledge base, customer support, and live chat. Utilize these resources if you encounter issues or need guidance on advanced redirection techniques.

Legal and Ethical Considerations

Respect intellectual property when redirecting domains. Ensure compliance with internet laws and consider the ethical implications of your redirection choices, particularly in competitive industries.

Case Studies and Examples

Examine successful redirection scenarios to learn from real-world examples. These case studies provide insights and practical tips from experienced users, helping you avoid common pitfalls.

Future-Proofing Your Redirection

Plan for future domain changes by staying informed about new technologies and best practices. Adapt your strategies to accommodate growth and technological advancements, ensuring your redirection remains effective over time.

Conclusion

Redirecting your domain on Namecheap is a straightforward process that offers significant benefits. By following the steps outlined, you can ensure a seamless transition for your website traffic. Implementing domain redirection effectively helps maintain SEO value, improve user experience, and support your online strategy.

0 notes