"Name's Yinlin as for what I do. . .shh we don't talk about that in public"

Loading Data > > >

.

.

.

✦YINLIN✦

Previously known as an outstanding Jinzhou Patroller, Yinlin is steady and reliable, yet harbors hidden depths of secrets.

She excels at exploiting resources at her disposal to uncover lurking crimes.

Beneath her aloof and flamboyant exterior, Yinlin possesses a heart of gold, reserved only for those she deems trustworthy.

note: this blog has no affliation with Kuro Game whatsoever

Name: Yinlin Birthday: September 17th Rarity: SSR Attribute: Electro Weapon: Rectifier Pronouns: She/her, They/them Birthplace/Nation: Huanglong Affliation: Jianzhou

Guidelines

Asks should be SFW as mod can get uncomfortable with NSFW asks! but suggestive is alright

You may send links, but tell me what they are for

please don't be rude, if you have nothing nice to say please don't say it at all

No racism, sexism, homophobia, ableism, ageism, and transphobia please, if any of this is given in a comment above, you will be blocked

Avoid DMing me unless you are a fellow mod

Anons are most welcome and appreciated!

Tags

within the strings of a puppet ⚡- General Posts

magistrate of jinzhou 🌟 - Mentions/Interactions with Jinshi

researcher of remnant energy ❄️ - Mentions/Interactions with Baizhi

esteemed general of jinzhou 🐉 - Mentions/Interactions with Jiyan

traveler beyond solaris 💫- Mentions/Interactions with Rover

Notes from the Moderator

things may be ooc, mod is currently updated with yinlin's lore and casually plays wuwa from time to time

this blog uses the same format as @emanator-of-nihility this is my own format and not plagarized!, this is a sideblog [main blog is dead]

Thank you for Reading!

i guess my favourite thing about qijiu is that they're child abusers. yue qingyuan knows shen qingqiu's been abusing luo binghe; one of his first lines literally is, "Whenever you finish stringing him up and beating him, haven’t you always shut [Luo Binghe] in the woodshed?”

shen jiu basically personifies the cycle of abuse and ugly trauma in the world of svsss, but yue qi has his own share of awful coping mechanisms too. every decision he made in the past turned out horribly wrong, so he's stuck in decision paralysis, maintaining the status quo and enabling shen jiu as atonement.

add that yue qi was abused by his own teacher, and shen jiu was abused by every authority figure in his life. even in the 79 extras it's hard to grasp what exactly sj's deal is when it comes to lbh. there's jealousy tied up in there of course, but also: sj's experiences have let him conclude that it's natural for the weak to be stepped on by the strong. lbh is an orphan with no backing, shen jiu is his peak lord, teacher, basically owner. he can use him as a punching bag if he wants to.

shen yuan and pidw are rather unreliable narrators - shen yuan says that shen qingqiu seemed fixated on making lbh suffer, and he definitely does do hyperspecific stuff (giving him a faulty cultivation manual to induce qi deviation; that preteen pissed him off bad) but most of the other stuff... encouraging disciples to bully and ostracise luo binghe, not taking much notice of him, taking his anger out on him - it's not really screaming "i'm a mastermind who's always thinking of how to ruin your life", more, "i'm embittered and hate everything, and you're a really convenient punching bag" ["Shen Qingqiu was filled with paranoia; he forever felt like everyone was secretly talking behind his back, discussing how he’d been unable to attain Core Formation even after this long. That it was unbecoming for one in his position. That they hoped to secretly finish him off and replace him."]

yqy doesn't directly do anything to lbh while he's a disciple, but just the very fact of him being sect leader and knowing that lbh is being abused is... pretty awful. it's one thing for lbh's contemporaries/sqq's disciples to participate in bullying; another if the foremost authority in cqms knows what's going on and does nothing.

i guess what i love about qijiu is how they show how two people who rose to power from the lowest beginnings can still... kind of be awful? and not even through well-planned malice (altho i won't deny that shen jiu was definitely vindictive and malicious at points wrt binghe, esp in the case of the cultivation manual passive murder attempt.) but just by ignoring and running roughshod over the vulnerable. power does fucked-up things to you, especially when you're already primed to accept that the world runs on exploitation.

did og yqy and sj deserve their ending? lbh didn't deserve to be abused either - if he didn't have plot armour and his bloodline, his story as a disciple would be of an orphan finally getting the chance to rise and instead having his path blocked by selfish petty teachers. shen jiu didn't deserve to be enslaved, yue qi didn't deserve to be put in solitary confinement and basically tortured by his teacher for a year. no one in pidw gets what they deserve - qijiu don't really get "what they deserve" in svsss' happier universe either.

this was all just a longwinded way to say i like qijiu, and i love how they fit into svsss thematically. bingqiu carve out their happy ending, but it takes a lot of work. no one really gets what they deserve, only what they manage to grab.

How to Prevent Cross-Site Script Inclusion (XSSI) Vulnerabilities in Laravel

Introduction

Cross-Site Script Inclusion (XSSI) is a significant security vulnerability that allows attackers to include malicious scripts in a web application. These scripts can be executed in the context of a user’s session, leading to data theft or unauthorized actions.

In this post, we’ll explore what XSSI is, how it impacts Laravel applications, and practical steps you can take to secure your app.

What is Cross-Site Script Inclusion (XSSI)?

XSSI occurs when a web application exposes sensitive data within scripts or includes external scripts from untrusted sources. Attackers can exploit this by injecting malicious scripts that execute within the user’s browser. This can lead to unauthorized access to sensitive data and potentially compromise the entire application.

Identifying XSSI Vulnerabilities in Laravel

To prevent XSSI, start by identifying potential vulnerabilities in your Laravel application:

Review Data Endpoints: Ensure that any API or data endpoint returns the appropriate Content-Type headers to prevent the browser from interpreting data as executable code.

Inspect Script Inclusions: Make sure that only trusted scripts are included and that no sensitive data is embedded within these scripts.

Use Security Scanners: Utilize tools like our Website Vulnerability Scanner to analyze your app for potential XSSI vulnerabilities and get detailed reports.

Screenshot of the free tools webpage where you can access security assessment tools.

Mitigating XSSI Vulnerabilities in Laravel

Let’s explore some practical steps you can take to mitigate XSSI risks in Laravel.

1. Set Correct Content-Type Headers

Make sure that any endpoint returning JSON or other data formats sets the correct Content-Type header to prevent browsers from interpreting responses as executable scripts.

Example:

return response()->json($data);

Laravel’s response()->json() method automatically sets the correct header, which is a simple and effective way to prevent XSSI.

2. Avoid Including Sensitive Data in Scripts

Never expose sensitive data directly within scripts. Instead, return data securely through API endpoints.

Insecure Approach

echo "<script>var userData = {$userData};</script>";

Secure Approach:

return response()->json(['userData' => $userData]);

This method ensures that sensitive data is not embedded within client-side scripts.

3. Implement Content Security Policy (CSP)

A Content Security Policy (CSP) helps mitigate XSSI by restricting which external sources can serve scripts.

Example:

Content-Security-Policy: script-src 'self' https://trusted.cdn.com;

This allows scripts to load only from your trusted sources, minimizing the risk of malicious script inclusion.

4. Validate and Sanitize User Inputs

Always validate and sanitize user inputs to prevent malicious data from being processed or included in scripts.

Example:

$request->validate([ 'inputField' => 'required|string|max:255', ]);

Laravel’s built-in validation mechanisms help ensure that only expected, safe data is processed.

5. Regular Security Assessments

Conduct regular security assessments to proactively identify potential vulnerabilities. Tools like our free Website Security Scanner can provide detailed insights into areas that need attention.

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

Conclusion

Preventing Cross-Site Script Inclusion (XSSI) vulnerabilities in your Laravel applications is essential for safeguarding your users and maintaining trust. By following best practices like setting proper content-type headers, avoiding sensitive data exposure, implementing CSP, validating inputs, and regularly assessing your app’s security, you can significantly reduce the risk of XSSI attacks.

Stay proactive and secure your Laravel applications from XSSI threats today!

For more insights into securing your Laravel applications, visit our blog at Pentest Testing Corp.

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript

Source: https://www.securityweek.com/attackers-exploiting-remote-code-execution-vulnerability-in-ghostscript/

More info:

https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

https://www.openwall.com/lists/oss-security/2024/07/03/7

The character-specific leitmotif/theme stuff in Daniel Pemberton’s score for Across the Spider-Verse:

In opening sequence, “Spider-Woman (Gwen Stacy)”, Gwen’s material going through like 3 different formats immediately. Beginning with that calm/dreamy atmospheric stuff to indicate her most private experiences and domestic space (at home). Warm but sad. And then overlaid over the atmospheric stuff at 1:17 to 1:30 you hear what will become like an easily-recognizable Gwen motif/theme thing, though in this first reveal it’s distinct/memorable but it’s really quiet and almost completely alone and distant (she’s lonely). And even the structure itself of theme is like taking steps out and then back in, climbing and then stepping back down (like it’s reaching out, and then retreating again, like the traumatized Gwen). But then as the on-screen stuff transitions to Gwen’s public life/personae and exploits as energetic drummer and superpowered fighter at 1:33 we get like an explosive outburst of a much more action-oriented Gwen theme, and though earnest it sounds kinda like pastiche of like optimistic 1990s adventure (kinda like Gwen, earnestly wanting to engage with the world, but with like a veneer of forced/half-joking sunny Californian friendliness).

And then Miguel arrives, and in the part from 0:00 to like 0:30 in “Spider-Man 2099″ there’s the first declaration of Miguel’s theme with blaring distorted elephant trumpeting alongside like dirty techno pastiche. Nice. Instantly memorable though its first statement is singular and unadorned with any other accompanying music (very distinct/clear, like the first announcement of Gwen’s theme; and traumatized Miguel feels alone, like Gwen). Real cybertronic/laboratory feeling to it, evoking Miguel's mad-science-y world. Anyway, the theme is scary. A dangerous animal crying out in the dark night. Like you’re being hunted by a cyberpunk predator thing. Alarming and threatening and primal in a similar way to the first film’s Prowler theme (after all, while Kingpin and The Spot are arguably the chief threats to the wider world in the first and second films respectively, it is instead The Prowler and Miguel who are more like personal rivals/counterparts to Miles, and both, in a way, are a kind of family to him).

Then that spectacular and exhilarating moment in merely 20 seconds at 0:46 to 1:04 in “Indian Teamwork” where Miles is central (on-screen, even the other Spider-People around him are impressed, naturally taking cues from his leadership) and it’s the now-familiar electronic/hip-hop record-scratching Miles Morales sound/motif from first film, but as Pavitr appears on-screen, now it’s announcing itself aided with South Indian percussion instrumentation. And as their combined efforts lead to a climactic moment of heroism there is the triumphant general Spider-Man brass fanfare/theme (as the screen shows a money-shot, Miles and Pavitr effortlessly coordinate and cooperate, the two stars of the sequence), but the Spider-Man theme is backed not just by Miles’s electronic stuff but now also by like a powerful Karnataka sangitam vocal chorus, in harmony, as a kind of indicator for Pavitr.

And then the track during the finale (“Start a Band”), where Miles is trapped and defeated and basically stuck in a version of hell, with suspenseful strings. Before a threatening msked stranger he asks “Who are you?” (1:07), and awaiting any possible answer it’s like almost silent but with like a single metronome like a ticking time bomb, and then in response there’s like a little idk like “Doom” motif (1:12) when Prowler-Miles reveals his face (Oh no). But then the score adds the now-famous trademark Prowler theme howling (1:25) just as the menacing figure indeed confirms “you can call me The Prowler”. And then when we see Miles’ face as he considers the predicament and the electronic/hip-hop Miles motif comes back but now it’s punctured by an even more powerful doom motif (1:48), the doom now a part of his identity, as if Miles can’t ever escape the ramifications of what’s about to go down, whatever follows. Then the Prowler howling, still an alarm of sorts as in the first film, now also becomes like a desperate plea, crying in the night, and then as a levitating demon-like Spot appears on-screen outside of Miles’s family’s home about to “take everything” from him the general Spider-Man theme shows up again but it’s desperate and backed by the high-pitched pleading version/form of the Prowler howl. And almost like a response to the plea for aid, we cut to Gwen’s whereabouts (she’s committed to rescuing her friend) and the like Gwen motif of forceful garage/post-punk drums come in, and then as we see like Hobie’s tell-tale fractured glitch effect framing her (he’s committed to helping his friend, too) the electric guitar Hobie motif backs Gwen’s drums, as Gwen’s drumming becomes more insistent and confident (like her throughout this story, and now rather than running away from danger, Gwen is running towards the challenge). So that Miles’s electronic beat, Gwen’s drumming, and Hobie’s guitar coalesce, forming a coherency, and, finally, together, the Spider-Man theme. And we finally cut back to Miles, accepting the reality and seriousness of the situation, as the general Spider-Man theme rises despite and amidst all of the cacophony, with an expression of defiance and resolve, his fingertip alight with electricity on the verge of unleashing his power. End titles.

Fun stuff.

bottom of the barrel isekai review #3

Todays review: Choose your heros carefully

two BLs in a row... i would make a gay joke at my own expense but i'll be real, gay trash is soooo much more palatable as a whole then straight trash and i'm confident enough in whatever nebulous concept i've adopted as my sexuality to say that with something resembling pride.

so what's on the chopping block? utterly psychotic middle aged men reincarnated in a world ripe for their exploitation? perhaps a swarm of hyper busty vixens parading about on the strings of someone who has no idea how to utilize them? a magic system based on some mmo where its way to clear the author was bullied in or vaguely believed a certain class should be the strongest?

SUPRISIE! WE ARENT EVEN LOOKING AT TRASH TODAY YOU UTTER HEATHENS, WE ARE LOOKING AT SOMETHING VAGUELY COOL, I FUCKING TRICKED YOU, WE AREN'T AT THE DUMPSTERS WE ARE AT THE FARMERS MARKET AND WERE HITTING THE ANTIQUE STORE, GENDER AMBIGUOUS PARENTAL FIGURE WANTS TO PICK UP SOME VINTAGE COOKWARE TO SPICE UP THE GODDAMN KITCHEN

Ramblings aside, my established format usually stats that we have a short opening related to the title then a not so brief summation of the story, but this time the summation of the story will in fact be nothing more than a summation, as I genuinely think you should go ahead and read through this title.

our titular hero shane has been bullied by his friend to play test his beta for a gacha game

a game in which you use magical stones to revive ancient heroes and command them to destroy a collection of horrors from some demonic realm.

shane awakens after a long day of Gameing and finds that he is now stuck within this world, a magical divine sheep provides him after some prodding some game functions, along with a single stone to summon his first hero. from there, the trio set off to solve the darkness of the world and find a way to return back to whence they came. solveing the other mysteries and oddities the world holds for them.

and that's it, you ain't gonna learn a single thing more about this story from me, get the fuck out of my house...

well i'm not done yet and a little bit of this will be spoilers.

ok so why do I like this? the action is bad, the art isn't anything to write home about, the armor and weapon design makes me want to curl up in a small hole, bury me gentle please...

Well as i think i've said prior, A lot of things can be hidden if you have enough meat on the bones of it, to the point where i can ignore the guts of it being playdough and the skin being saran wrap you splashed paint over.

the story itself is overwhelmingly interested in how a world that functions through mmo and gacha logic would work. what happens when you can summon someone who is truly the pinnacle of humanity through shear luck? what about the common rabble that are only lucky enough to be able to afford one pull and end up getting some D grade shitterton, Bob the Spackle artist, special skill Crack Spackle.

what about the fact that you can just tell them to attack things and you can take a nap in the middle of a low grade dungeon? the concept of auto play but introduced to the idea of the world at large.

now lets pull out form smaller game concepts, the heroes are the only ones that can defeat the shadows, and only the summoner can control the heros. meaning that the heroes can only be as heroic as the summoner. a brave man shackled by those who even the gods have abandoned.

what about the towns in games that dont have the right vendors? the ones that cannot give the player things they want, the areas without bazaars or weapon shops or summoning areas or shop functions, what happens to them if they have no draw to keep players in them?

these are the questions that the manhwa loves to explore and I love exploring them with it. now, on to our normal questions.

"Is the underlying story, barring any other concept, good?"

Yes, its both a compelling romance with both the main character and the main love interest being good fits for each other with interesting flaws and qualities. they are not perfect and that makes them fun to follow. even without the romance the story has enough aspects for you to follow if you want to ignore the twinks prancing around.

 "on a sliding scale of min to max, how much is the author using this to explore fetish" 

0, big goose egg. unless the author has a fetish for being held in their sleep then yeah i guess thats a thing.

"How many story crutches does the author use to explore the story" 

I cant exactly see any noteworthy crutches, even the normal "game aspects" thing is something they have to specifically work towards within the story.

 "Is the author attempting to use the story as a way to explain why he is not weird."

they are trying to say that gachas are bad and I for one believe they should say it fucking louder for the rest of the world to hear.

------------------------------------------------------------------------

I am now going to be taking isekai requests to review on top of the ones I have set aside for myself to review. to submit an isekai, please send it to me as an ask with the site where I can read through it.

Watched:  10/01/2023

Format:  Criterion

Viewing:  First

Director:  George Archainbaud

So, I became aware of Thirteen Women (1932) via the You Must Remember This podcast during an episode discussing the ill-fated Peg Entwistle, the actress who famously threw herself from the H in the "Hollywood" sign when her career stalled.  I was also aware this was one of several pre-Thin Man films in which Myrna Loy (praise be her name) appears as an Asian character/ person of mixed-heritage.

It's a tight, hour-long movie, and more thriller than horror, although there's quasi/ possibly supernatural elements.  

The movie was only semi-available for a while, then in the Internet Archive and other places in pieces, but now it's at Criterion and looks and sounds terrific.

Here's your story:  a group of former sorority pals are still in touch, writing chain letters (this is 1932 and facebook is not a thing).  At some point, one of them decided to start reaching out to a famed Yogi/ Swami to get her horoscope, and suggested all of the girls do the same.  But as the horoscopes trickle in, they predict death and chaos.  We see one of the girls, a sister-act circus acrobat, learn someone will die in her act, and she immediately drops her sister to her death, and goes mad.  Entwistle's characters kills her husband with a knife, I believe, and she's out of her only performance well before the half-way mark.

As more members of the friend circle are picked off, we learn there's a mysterious and exotic beauty (Myrna Loy) paired with the Swami, but she's pulling the strings using some form of hypnosis.

It's a fascinating, exploitative film relying on an absurd premise and set-up.  featuring a largely female cast - thrusting Irene Dunne into the lead as a widower who is neither overly skeptical nor biting on the power of the stars hook, line and sinker.  It's also kind of sexy in that pre-Code manner of suggesting lots of sex off-screen as Loy's character bewitches dudes who are useful to her.  

The only real mystery is the "why" of the murders and chaos.  And, as it turns out, we never really, fully find out.  But it seems the sorority had been responsible for making Loy's life hell at the school, and forced her to leave after working and scraping to get in and afford it.  A "half-caste", she's half "Hindu" and half-Anglo, and fits in with neither.  Although the movie's most eye-poppingly racist moment isn't the reveal that the women we've been so worried about were maybe terrible people in college.  It's when the cop helping them out describes Loy's character's ethnicity.  

The movie's brief run-time means we don't get to all 13 women, but that would probably feel repetitive as a film, anyway.  It also gets to the point and wraps up within seconds.  

Anyway - it's a product of it's time, but could be remade now with no problem.  

I looked into the book it's based on, and it sounds like an absolutely crazy ride.  I may check it out.

  https://ift.tt/5viAKHg via The Signal Watch https://ift.tt/WOlbhHd October 01, 2023 at 09:59PM

ECE568 Lab #1: Buffer Overflow, Format String and Double Free Vulnerabilities

Introduction These are the instructions for Lab 1. This lab consists of 6 programs and each program has a different vulnerability. The first four are mandatory (5 marks each) while you will receive bonus points for the last two parts (also 5 marks each). Stack Overflow (targets 1-4): You will write an exploit for the first four programs with a buffer overflow vulnerability. The programs are…

The Rise of the Underdogs: How This Football Team Shocked the World

In sports, there's nothing quite as captivating as a team considered an underdog defying the odds to achieve greatness. In the world of football, there have been countless instances of teams overcoming adversity and upsetting the established giants. One such story that continues to resonate in the football world is the rise of Leicester City in the English Premier League during the 2015-2016 season.

The Background

Leicester City Football Club, based in the East Midlands of England, had spent most of its history in the lower tiers of English football. Before the 2015-2016 season, Leicester had only been a top-flight club sporadically, with their best finish in the Premier League being 14th place. In fact, they had just avoided relegation the previous year, finishing 14th in the table. Their squad, though spirited, lacked the star power of the league's traditional powerhouses such as Manchester United, Chelsea, and Manchester City.

The 2015-2016 season, however, was something different. Under the management of Claudio Ranieri, a relatively seasoned but often dismissed coach, Leicester embarked on a journey that would change the landscape of English football.

The Key Ingredients

Leicester's success wasn't built on an abundance of wealth or superstar signings. Instead, it was a blend of tactical ingenuity, team chemistry, and players who played with a chip on their shoulders.

Teamwork Over Stars: Leicester’s squad wasn’t filled with expensive marquee players, but with hard-working, determined individuals who gelled together on the field. Key figures like Jamie Vardy, Riyad Mahrez, and N'Golo Kanté proved that in football, the sum can be greater than its parts.

Jamie Vardy’s Story: Vardy’s rise was the epitome of the underdog story. He started his career playing for Stocksbridge Park Steels in the lower divisions before eventually being scouted by Leicester. In the 2015-2016 season, Vardy became one of the most lethal strikers in the Premier League, setting a new record for consecutive matches scored in (11) and finishing with 24 goals.

Riyad Mahrez’s Brilliance: Mahrez, the Algerian winger, was one of the most creative players in the league. His dribbling, vision, and composure in front of goal made him the driving force in Leicester’s attack, and he was instrumental in their surprise title push, eventually winning the PFA Player of the Year award.

N'Golo Kanté’s Midfield Dominance: Kanté was a revelation. His tireless running, interceptions, and work rate in the midfield allowed Leicester to transition quickly from defense to attack. His defensive contributions were critical in Leicester's ability to counter their more dominant opponents.

Claudio Ranieri’s Tactics: Ranieri's style of play was built on solid defense, quick transitions, and exploiting counter-attacks. The team was organized and disciplined, playing with a compact formation that frustrated opponents while allowing them to capitalize on their fast-paced forward play.

The Season That Shocked the World

Leicester City’s remarkable rise began to gain traction in the 2015-2016 season when they went on a 13-match unbeaten run early in the campaign. By the time January rolled around, they were firmly entrenched in the top four and began to dream of an unlikely title challenge.

What set Leicester apart was their consistency. While the bigger clubs faltered and failed to string together results, Leicester kept winning. They achieved crucial victories against traditional powerhouses like Manchester City, Chelsea, and Tottenham Hotspur.

As the season drew to a close, Leicester maintained a tight grip on first place. Their final run included a thrilling 2-0 victory over Sunderland and a 4-0 demolition of Swansea. On May 2, 2016, the dream became reality: Leicester were crowned Premier League champions for the first time in the club’s history, with two games to spare.

The Significance of Leicester’s Victory

Leicester's 2015-2016 title victory was not just a remarkable achievement for the club but a defining moment for the Premier League and football in general. It proved that with the right combination of belief, tactics, and team unity, the impossible could be achieved. Leicester’s triumph showcased the power of a well-coached team over financial dominance, inspiring countless smaller clubs around the world that anything is possible.

It also shifted the narrative of the Premier League, where the expectation was always for the wealthier clubs to dominate. Leicester’s victory shattered that narrative and became a symbol of hope for teams with limited resources.

Aftermath and Legacy

Since their title win, Leicester City has continued to be a competitive force in the Premier League, regularly qualifying for European competitions. They have also made significant strides in terms of infrastructure and investment, ensuring that their title-winning season will be remembered not just as a fluke but as a cornerstone of their long-term ambition.

The impact of their underdog story can still be felt, as smaller clubs in major leagues continue to look to Leicester as proof that with the right approach, anything is possible in football. Leicester's rise serves as a reminder that the underdog can often become the victor, shocking the world and rewriting the rules of the game.

In conclusion, Leicester City’s 2015-2016 Premier League victory was more than just a surprise— it was a revolution in football, proving that the beautiful game has a place for everyone, no matter their size or stature. It was the ultimate rise of the underdog.

this post now has the vibes of "rpg codex entry found in a tattered journal clutched by a skeleton" lmaoo.

If you would like to check out the work of ex-bioware developers who are making indie games, consider:

Stray Gods

Eternal Strands

Exodus

The Concierge (very early in development)

If you're interested in other indie games with interesting storytelling and settings, consider:

ARCO

Shadowrun: Hong Kong, or Shadowrun: Dragonfall

Vampire Therapist

Roadwarden

Night in the Woods

Storyteller

Red Strings Club

Super Lesbian Animal RPG

Scarlet Hollow

Disco Elysium

The Inverted Spire (demo)

New Arc Line (early access)

If you'd like to venture into Making Something, consider these beginner friendly, free engines, listed in order of ease of use (imo):

Choicescript: For text based interactive fiction games. Very easy to use, and even has options to monetize through the host company if it meets certain criteria, however, few options for formatting or aesthetics.

Twine: For text based interactive fiction games. Has more control over styling and interactive elements, can lend itself to a more "poetic" style of interactive fiction with more of a flourish in the presentation.

Ren'py: For visual novels. Pretty easy to use, you can manage fine with the default ui and plug in branching dialogue text and images to your heart's content without much stress. Support for minigames, more elaborate UI, and even animations if you feel fancy. If you want to keep it to pure text, that is also an option.

Godot: A fully fledged game engine. It has support for both 2d and 3d games, and has been used for everything from point and clicks to RPGs to puzzles to action games.

Please boycott AAA games until there is significant change in their labour policies and worker exploitation. These companies will not produce good art or treat their employees with dignity as long as consumers keep giving them money.

thinking about veilguard and bioware in general, i think we are reaching a point where people need to grapple with the inherent limits of what stories can be told in our Current Society and in AAA gaming companies.

on a labour level: mass layoffs, tons of developers leaving despite previously talking about how passionate and happy they were to be involved, not even paying severance, and crunching employees to the point of burnout. this is unfortunately pretty standard for AAA game companies.

on a cultural level: it is SO white and SO centrist-ly Canadian. i wrote up these asks outlining how. it is a repeated pattern of writing in which they go into tortured racial oppression allegories at best, while constantly peppering in a "but BOTH SIDES were wrong and made mistakes :( :( :(", in between their fictional atrocities that are clearly mirroring irl genocides and enslavement. or at worst, it's "the qunari are radical islamic borg" which has even less nuance. i personally thought, since dai came out in 2014, and a lot has changed since then about the world and in public awareness, that this would have filtered into the narrative and resulted in more satisfying and historically grounded writing. unfortunately not the case. it's shocking if you compare it to how sharp and aware and unflinching something like disco elysium is.

so what does this mean?

under these conditions, it is unavoidable that we get development by people who are rapidly cycled out of the company or demoralized into burnout. we get digestible, easy little soundbites of lore without much substance, because any complexity needs more time and coordination rather than the process of "quick, we have these assets, a lot of people involved in making them just got laid off, we need to make Something by next quarter to show the CEO". we get very little cohesion between games, despite the clear intent from dai to have so many plot points set up to follow through in a sequel, because the team and development are so chaotic that they can't hold onto a vision and complete it.

we also get this inherent caution and "conservatism" from the narrative, because on an ideological level, they're largely white people who want cops to be included in pride. so any major change to even a fictional society is Bad and Scary, and shouldn't be done without making sure that every character finger-wags appropriately at non-state violence. there is clearly not much ideological or even ethnic diversity within the leadership; or at least not enough that anyone there felt comfortable even speaking up on minor issues like the Incredibly Orientalist Isabela Outfit, let alone anything larger.

i don't personally think there's too much value in trying to analyze veilguard's plot or lore at this point. the final product is chaotically developed and does not seem to reflect the goals of the creators as set up in prior games, it's basically a ship of theseus in terms of the people and ideas involved in making it. this is sad for all of us, who were interested in the story, and attached to the characters, and were creatively fulfilled by engaging in the fandom. it's probably worse for the developers who have lost their jobs, burnt out, or feel unhappy with the game that they spent years of their life working on. it's certainly miserable as an indictment of The Industry, as well as the general societal climate of white Canadian centrism.

the solution is to create a society where people can develop games in peace and prosperity and stay on projects for longer, rather than constantly getting turfed out without severance pay. and to get some genuine leftists, poc, and indigenous people on staff who can weigh in and provide significant input, rather than a Council Of Liberal White Edmontonians every time.

in the meantime, at the very least, let's please stop preordering AAA games and supporting companies who notably abuse their employees.

[ad_1] Washington Sundar in third test vs NZ (PC: BCCI/X) Over two Indian Premier Leagues, in 2023 and 2024 respectively, Washington Sundar bagged a mere four wickets in nine matches. It is true that T20 cricket is not exactly a barometer to judge someone’s credentials for the longest format. But there was no doubt that a piece or two of the jigsaws were missing from his bowling. It seemed as if Washington was mostly bowling with a flatter trajectory. Around 5-6 months later, when he was rather surprisingly picked in India’s playing XI, against New Zealand, for the Pune Test, Washington turned out to be the trump-card, bagging a 10-wicket haul for the match. The transformation was quite incredible, and for a moment, one pondered whether the previous version was akin to a long-lost twin brother of the bowler who took a string of wickets versus New Zealand.  Just zoom your lens on Washington’s bowling in the just-concluded Test series, and it could be clearly seen that there was more energy in his run-up. The telling difference was the kind of overspin Washington imparted on the ball.  Just think of the jaw-dropping delivery to Rachin Ravindra in the second Test. The ball dipped and turned, and there was inward drift. Eventually, Ravindra was beaten on the outside edge, with the stumps getting rattled.  Washington’s exploits weren’t just restricted to the Pune Test as he added another five scalps in Mumbai to finish with a rich haul of 16 wickets for the series. Behind the scenes, Washington is said to have worked with S Sriram, who has had coaching stints with Bangladesh and Australia. With an impressive showing against New Zealand, Washington has also put his hat in the ring for the upcoming Border-Gavaskar-Trophy in Australia. The tall off-spinner is again expected to impart overspin and extract bounce from those surfaces in Australia.  In the first Test at Perth, he could also come into the equation in the second innings. With the sunshine beating down on the pitch, generally tracks in Perth tend to crack as the game progresses, which should assist Washington.  Lest we forget that Washington is competent with the bat in hand too. Who can forget the game-breaking stand with Shardul Thakur in the Gabba Test? With R Ashwin and R Jadeja in the mix, India also have a couple of experienced pros to choose from for the opening Test. But Washington might just be the best-suited candidate of the trio to take the number seven slot in the batting order.  Just spool back in time, and it can be observed that Washington has grabbed every single opportunity with both hands. In the 2017 IPL, he replaced an injured Ashwin at Rising Pune Supergiant on the back of castling Steve Smith in trials.  At the Gabba, in 2020-21, his contributions with both the bat and ball powered an injury-ravaged Indian side to one of their greatest-ever triumphs. A few years later, from nowhere, he established himself as one of the mainstays of India’s bowling line-up versus New Zealand. There is enough evidence to believe that the quiet and unassuming cricketer is all set to shine brightly in the forthcoming Test series in Australia. The post Is Washington Sundar the best-suited candidate to take over No.7 slot in Perth? appeared first on Sports News Portal | Latest Sports Articles | Revsports. [ad_2] Source link

Insecure Deserialization in Symfony: Explained with Code

In today’s threat landscape, web application security can be compromised through overlooked weaknesses in serialization. One such vulnerability is known as "Insecure Deserialization." If you're using Symfony, understanding and defending against this attack vector is vital.

In this article, we'll break down what insecure deserialization is, why it’s a threat to Symfony-based applications, and how to detect and mitigate it—with real-world code examples and references to our website vulnerability scanner tool.

🔍 What is Insecure Deserialization?

Deserialization is the process of converting a stream of bytes back into an object. In Symfony, PHP’s native serialization mechanisms (serialize() and unserialize()) or Symfony’s Serializer component can expose vulnerabilities when user-controllable data is deserialized without validation.

If attackers can manipulate serialized objects, they can potentially inject malicious payloads that lead to:

Remote Code Execution (RCE)

Object Injection

Application state manipulation

⚠️ Real-World Impact in Symfony

Let’s take a look at a simplified insecure example:

❌ Vulnerable Symfony Controller

// src/Controller/VulnerableController.php namespace App\Controller; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; class VulnerableController extends AbstractController { public function deserialize(Request $request): Response { $data = $request->get('data'); $object = unserialize($data); // DANGEROUS return new Response('Deserialized!'); } }

If an attacker sends a specially crafted serialized object (e.g., via POST or GET), this could lead to arbitrary code execution or manipulation of system behavior.

✅ Secure Deserialization Techniques in Symfony

Instead of directly unserializing raw input, use Symfony’s Serializer component securely or switch to formats like JSON which are safer by default.

✔️ Safer Approach Using Symfony Serializer

use Symfony\Component\Serializer\SerializerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\JsonResponse; use App\Entity\User; public function safeDeserialize(Request $request, SerializerInterface $serializer) { $json = $request->getContent(); $user = $serializer->deserialize($json, User::class, 'json'); return new JsonResponse(['message' => 'Deserialized safely!']); }

By using JSON and Symfony’s serializer, you avoid exposing internal PHP objects to untrusted input.

🧪 Test Your Symfony App for Insecure Deserialization

You can instantly check if your website has this or other vulnerabilities using our free security scanner.

📸 A screenshot of the Website Vulnerability Scanner landing page

Screenshot of the free tools webpage where you can access security assessment tools.

This tool performs vulnerability assessments without needing access to your code. It's fast, user-friendly, and completely free.

📄 Sample Vulnerability Report Output

Here’s how an insecure deserialization issue might appear in a vulnerability scan report:

📸 Screenshot of a report to check Website Vulnerability.

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

The report details:

Vulnerability name

Severity level

Affected endpoint

Suggested mitigation steps

To generate a free report, visit: https://free.pentesttesting.com

🧰 Symfony Deserialization Exploit Example

Here's an example of exploiting deserialization using a malicious payload:

Attacker-Crafted Serialized String

O:8:"ExploitMe":1:{s:4:"data";s:18:"phpinfo(); exit;";}

This payload assumes a class ExploitMe exists with a __destruct() or __wakeup() method executing eval() or dangerous functions.

Recommended Symfony Hardening Tips

Avoid using PHP’s unserialize() on user input.

Use JSON and Symfony’s Serializer instead.

Validate all incoming data types and values.

Restrict class autoloading to trusted namespaces.

Leverage a WAF (Web Application Firewall).

💼 Need a Deeper Security Review?

If you're concerned your app may be vulnerable, our cybersecurity experts can help.

🔐 Explore our professional penetration testing service here: 👉 Web App Penetration Testing Services

We test your application for OWASP Top 10, business logic flaws, and framework-specific misconfigurations—including Symfony.

📰 Stay Informed — Subscribe to Our Newsletter

Join 1,000+ developers and security engineers staying updated on threats and defenses.

📩 Subscribe to our LinkedIn Newsletter

🧠 Final Thoughts

Insecure deserialization isn’t just a theoretical risk—it’s been used in real-world breaches. If you're using Symfony, avoid using native PHP deserialization unless you're 100% confident it’s safe. Even then, sanitize everything.

🔗 More posts like this on our blog: https://www.pentesttesting.com/blog/

Let us help you secure your code—before someone else finds your flaw.

📌 Has your site been tested for this vulnerability? Try it now: https://free.pentesttesting.com

[ad_1] Washington Sundar in third test vs NZ (PC: BCCI/X) Over two Indian Premier Leagues, in 2023 and 2024 respectively, Washington Sundar bagged a mere four wickets in nine matches. It is true that T20 cricket is not exactly a barometer to judge someone’s credentials for the longest format. But there was no doubt that a piece or two of the jigsaws were missing from his bowling. It seemed as if Washington was mostly bowling with a flatter trajectory. Around 5-6 months later, when he was rather surprisingly picked in India’s playing XI, against New Zealand, for the Pune Test, Washington turned out to be the trump-card, bagging a 10-wicket haul for the match. The transformation was quite incredible, and for a moment, one pondered whether the previous version was akin to a long-lost twin brother of the bowler who took a string of wickets versus New Zealand.  Just zoom your lens on Washington’s bowling in the just-concluded Test series, and it could be clearly seen that there was more energy in his run-up. The telling difference was the kind of overspin Washington imparted on the ball.  Just think of the jaw-dropping delivery to Rachin Ravindra in the second Test. The ball dipped and turned, and there was inward drift. Eventually, Ravindra was beaten on the outside edge, with the stumps getting rattled.  Washington’s exploits weren’t just restricted to the Pune Test as he added another five scalps in Mumbai to finish with a rich haul of 16 wickets for the series. Behind the scenes, Washington is said to have worked with S Sriram, who has had coaching stints with Bangladesh and Australia. With an impressive showing against New Zealand, Washington has also put his hat in the ring for the upcoming Border-Gavaskar-Trophy in Australia. The tall off-spinner is again expected to impart overspin and extract bounce from those surfaces in Australia.  In the first Test at Perth, he could also come into the equation in the second innings. With the sunshine beating down on the pitch, generally tracks in Perth tend to crack as the game progresses, which should assist Washington.  Lest we forget that Washington is competent with the bat in hand too. Who can forget the game-breaking stand with Shardul Thakur in the Gabba Test? With R Ashwin and R Jadeja in the mix, India also have a couple of experienced pros to choose from for the opening Test. But Washington might just be the best-suited candidate of the trio to take the number seven slot in the batting order.  Just spool back in time, and it can be observed that Washington has grabbed every single opportunity with both hands. In the 2017 IPL, he replaced an injured Ashwin at Rising Pune Supergiant on the back of castling Steve Smith in trials.  At the Gabba, in 2020-21, his contributions with both the bat and ball powered an injury-ravaged Indian side to one of their greatest-ever triumphs. A few years later, from nowhere, he established himself as one of the mainstays of India’s bowling line-up versus New Zealand. There is enough evidence to believe that the quiet and unassuming cricketer is all set to shine brightly in the forthcoming Test series in Australia. The post Is Washington Sundar the best-suited candidate to take over No.7 slot in Perth? appeared first on Sports News Portal | Latest Sports Articles | Revsports. [ad_2] Source link

Discover the Best Books for Software Security and Hacking - Top 10 Recommendations by Reddit Users With the growing threat of cyber attacks, it's essential to stay informed about software security and hacking techniques. Fortunately, there are many great books on the market that cover these topics in depth. Reddit users have recommended some of the best books on software security, covering topics such as malware analysis, encryption, and social engineering. In this article, we will provide an overview of these books and their contents. "The Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus Pinto "The Web Application Hacker's Handbook" is a comprehensive guide to web application security that covers the latest hacking techniques and how to defend against them. The book provides a detailed overview of web application vulnerabilities, including cross-site scripting, SQL injection, and session hijacking, and explains how attackers exploit these vulnerabilities to compromise web applications. The authors also cover the tools and techniques used by hackers, as well as the best practices and tools that developers can use to build secure web applications. "Security Engineering: A Guide to Building Dependable Distributed Systems" by Ross Anderson "Security Engineering" is a comprehensive guide to building secure and dependable distributed systems. The book covers a wide range of security engineering principles and practices, including cryptography, access control, intrusion detection, and security protocols. The author provides detailed examples of how these principles can be applied to real-world systems, and offers guidance on how to design and implement secure systems that can withstand attacks and failures. "Threat Modeling: Designing for Security" by Adam Shostack "Threat Modeling" is a guide to designing secure software by identifying and addressing potential security threats. The book covers the threat modeling process, including how to identify potential threats, assess their impact, and develop countermeasures to mitigate them. The author also covers the different threat modeling methodologies and provides guidance on how to integrate threat modeling into the software development lifecycle. "Hacking: The Art of Exploitation" by Jon Erickson "Hacking: The Art of Exploitation" is a hands-on guide to hacking that teaches readers how to write their own exploits. The book covers a wide range of hacking techniques, including stack overflow attacks, format string vulnerabilities, and heap overflows, and provides detailed examples of how to exploit these vulnerabilities. The author also covers the basics of assembly language and C programming, and provides guidance on how to use these languages to write exploits. "Applied Cryptography" by Bruce Schneier "Applied Cryptography" is a comprehensive guide to cryptography and its applications in software security. The book covers the principles of cryptography, including symmetric and asymmetric encryption, hash functions, and digital signatures, and explains how to use these principles to secure software. The author also covers the latest cryptographic protocols and provides guidance on how to implement them in software. "The Tangled Web: A Guide to Securing Modern Web Applications" by Michal Zalewski "The Tangled Web" is a guide to web application security that covers the latest web application security issues and how to defend against them. The book covers a wide range of topics, including the basics of web architecture, HTTP, and HTML, as well as the latest web application vulnerabilities, including cross-site scripting, CSRF, and Clickjacking. The author also provides guidance on how to use different security measures, including CSP, HSTS, and HTTPS, to secure web applications. "Black Hat Python: Python Programming for Hackers and Pentesters" by Justin Seitz "Black Hat Python" is a guide to using the Python programming language for hacking and penetration testing.

The book covers a wide range of topics, including network programming, web scraping, and reverse engineering, and provides detailed examples of how to use Python to write exploits and automate hacking tasks. The author also covers the basics of the Python language, making it an accessible resource for both beginner and experienced Python programmers. "The Art of Deception: Controlling the Human Element of Security" by Kevin Mitnick and William L. Simon "The Art of Deception" is a guide to social engineering and how to defend against it. The book covers a wide range of social engineering techniques, including pretexting, phishing, and baiting, and explains how attackers use these techniques to gain access to secure systems. The authors also provide guidance on how to identify and defend against social engineering attacks, including training employees and implementing security policies. "Serious Cryptography: A Practical Introduction to Modern Encryption" by Jean-Philippe Aumasson "Serious Cryptography" is a guide to modern encryption and its practical applications. The book covers the principles of encryption, including symmetric and asymmetric encryption, hash functions, and authenticated encryption, and provides detailed examples of how to use these techniques to secure data. The author also covers the latest cryptographic protocols, including TLS 1.3 and Signal Protocol, and provides guidance on how to implement them in software. "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws" by Dafydd Stuttard and Marcus Pinto "The Web Application Hacker's Handbook" is a comprehensive guide to web application security and how to test for vulnerabilities. The book covers a wide range of topics, including the basics of web application architecture, input validation, authentication, and access control, and provides detailed examples of how to find and exploit security flaws in web applications. The authors also cover the latest attack techniques, including SQL injection, cross-site scripting, and file inclusion vulnerabilities. "The Art of Exploitation" by Jon Erickson "The Art of Exploitation" is a guide to software exploitation and how to write exploits. The book covers a wide range of topics, including the basics of assembly language, stack overflows, format string vulnerabilities, heap overflows, and return-oriented programming. The author also provides detailed examples of how to write exploits for real-world software vulnerabilities, making it an excellent resource for both beginner and experienced exploit developers. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" by Michael Sikorski and Andrew Honig "Practical Malware Analysis" is a guide to malware analysis and how to dissect malicious software. The book covers a wide range of topics, including malware behavior analysis, code analysis, and memory forensics, and provides detailed examples of how to analyze real-world malware samples. The authors also cover the latest malware analysis tools and techniques, making it an essential resource for anyone interested in malware analysis or reverse engineering. In conclusion, software security is a critical topic for anyone interested in technology or cybersecurity. The books recommended by Reddit users provide an excellent starting point for those looking to learn more about software exploitation, malware analysis, social engineering, and encryption. By reading these books and staying informed about the latest threats and vulnerabilities, you can better protect yourself and your organization from cyber attacks. Remember to always practice safe online habits and keep your software up to date to stay one step ahead of the hackers.

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw vulnerability has raised significant concerns due to its potential for remote code execution. The flaw allows attackers to control format strings, leading to unauthorized access and manipulation of network border appliances without requiring…

Securing Your Code: An In-Depth Guide to C++ Obfuscation

In today's software development landscape, protecting your code from unauthorized access and tampering is more important than ever. One of the most effective methods for securing your code is C++ obfuscation. This technique not only enhances the security of your applications but also protects your intellectual property. In this article, we will delve into the intricacies of C++ obfuscation, exploring its benefits, techniques, and best practices. If you're looking to safeguard your code, understanding the ins and outs of C++ obfuscation is crucial.

What is C++ Obfuscation?

C++ obfuscation is a process that transforms the code into a format that is difficult to understand and reverse-engineer. The primary purpose of this technique is to protect the software from being easily deciphered by malicious entities. Obfuscation can involve various methods, such as renaming variables, encrypting strings, and altering control flow. These transformations make it challenging for anyone attempting to decompile or analyze the code.

Benefits of C++ Obfuscation

Implementing C++ obfuscation in your projects brings several advantages. First and foremost, it significantly enhances the security of your code by making it harder for attackers to reverse-engineer and exploit vulnerabilities. This added layer of protection helps safeguard your intellectual property and prevents unauthorized access to your software. Additionally, obfuscation can deter software piracy and reduce the risk of code theft.

Common Techniques in C++ Obfuscation

String Encryption

String encryption is a popular obfuscation technique that involves encoding strings within the code to make them unreadable. During execution, these strings are decrypted, allowing the program to function normally. The primary advantage of string encryption is that it hides sensitive information, such as passwords and API keys, from plain sight. However, it can also increase the complexity of the code and impact performance.

Control Flow Obfuscation

Control flow obfuscation alters the logical flow of the program, making it difficult for an attacker to understand the code's execution path. This technique can involve adding fake branches, loops, and conditional statements that obscure the actual logic. While control flow obfuscation provides robust protection, it can also complicate debugging and maintenance.

Virtualization

Virtualization transforms the code into a virtual machine language, which is then interpreted by a custom virtual machine at runtime. This method offers high security by creating an additional layer between the code and the hardware. The process involves converting standard instructions into virtual instructions, which are difficult to reverse-engineer. However, virtualization can impact performance and increase the size of the executable.

Implementing C++ Obfuscation in Your Projects

Choosing the Right Tools

When it comes to selecting obfuscation tools, there are several options available, each with its own set of features and capabilities. Popular tools include Obfuscator-LLVM, Stunnix C/C++ Obfuscator, and VMProtect. When choosing a tool, consider factors such as ease of integration, performance impact, and the level of security provided.

Best Practices

Integrating obfuscation into your development cycle requires careful planning. Start by identifying the critical sections of your code that need protection. Implement obfuscation gradually and test thoroughly to ensure that the functionality remains intact. Maintaining a balance between code readability and obfuscation complexity is essential to prevent future maintenance issues.

Case Study: AntiSpy SDK

The AntiSpy SDK is a cutting-edge C obfuscation library that secures code across platforms using the latest technologies and C standards. This powerful tool protects your code with encrypted strings during compilation, virtualization, and control flow obfuscation. By implementing AntiSpy SDK, developers can ensure that their applications are safeguarded against reverse engineering and unauthorized access. Numerous real-world applications have successfully utilized this SDK, demonstrating its effectiveness in enhancing code security.

Conclusion

In conclusion, C++ obfuscation is a vital practice for developers aiming to secure their code and protect their intellectual property. By understanding and implementing various obfuscation techniques, you can significantly enhance the security of your applications. Tools like AntiSpy SDK offer advanced features that make the obfuscation process more efficient and effective. Embrace C++ obfuscation today to safeguard your software and stay ahead of potential threats.