Kendrick Lamar x Not Like Us (Super Bowl)

Gentlemen, it is with great pleasure to announce it is, once again, Meat Day

no offense, but what was the point of that cool older lady character in Spirited Away

except, you know, to make me question my sexuality at 12 during midnight rewatches as I looked at her weirdly pretty mouth and had Questions

I think people are gonna get the wrong lesson from Kendrick winning Grammys for Not Like Us, that life's too short to not be a hater. No, because Drake had plenty of haters even before this and calling out his track record with minors. The takeaway should be let your haterism lead you to create transformative works of art. Let your anger, spite, and need to prove even 1 guy wrong fuel you to make cool shit. Kendrick dropped what, 4 diss tracks in the span of a week? It's easy to be a hater sitting on your couch. It's that much more impressive to convince the world your haterism was correct and that's only done with a convincing body of work arguing your case.

tldr: life's not too short to be a hater, let spite guide your heart into MAKING COOL SHIT !

Meta/Facebook worked with Cambridge Analytica and Russia to micro-target and infleunce 2016 election. No one did shit about it.

I'm not the most security savvy but two-factor authentication makes me deeply suspicious. Is it actually more secure or is it just annoying? Especially the ones that send a code to your phone that pops up in your notifications.

It is genuinely, massively, TREMENDOUSLY more secure to use 2FA/MFA than to not use it.

One of our clients is currently under attack by a group that appears to be using credential stuffing; they are making educated guesses about the accounts they're trying to lot into based on common factors showing up in the credentials in years of pastes and breaches and leaks. Like, let's say it's a professional arborist's guild and their domain is arborist.tree and they've had three hundred members who have had their credentials compromised in the last ten years and the people looking at all the passwords associated with arborist.tree noticed that the words "arboreal" and "conifer" and "leaf" and "branch" show up over and over and over again in the passwords for the members of the professional arborist's guild.

So they can make an educated guess for how to log in to accounts belonging to the tree-loving tree lover's club, combine that with the list of legitimate emails, and go to town.

And they are in fact going to town. We're getting between 1000 and 4000 login attempts per hour. It's been happening for a couple weeks.

And every single one of those attempts is failing - in spite of some pretty poor password practices that believe me, I have been doing some talking about - as a result of having MFA enforced for the entire group. They all use an app that is synced to their individual accounts with a mobile device, except that sometimes you have trouble getting a code when you're up in a tree so some of them have physical MFA tokens.

People try to sign into my tumblr sometimes. To those people I say: lol, good luck, I couldn't guess my own password with a gun to my head. But if I *did* have some password that was, like "tiny-bastard-is#1" they would also need access to my email address because I've got MFA set up on tumblr. And to THAT I say: lol, good luck, it's complex passwords and MFA all the way down.

Of the types of MFA that most people will run across, the most secure to least secure hierarchy goes physical token>app based one-time-passwords>tie between email and SMS. Email and SMS are less preferred because email is relatively easy to capture and open in transit and cellphone SIMs can be cloned to capture your text messages. But if you are using email or SMS for your authentication you are still miles and miles and miles ahead of people who are not using any kind of authentication.

MFA is, in fact, so effective that I only advise people to turn it on if they are 100% sure that they will be able to access the account if they lose access to the device that had the authenticator on it. You usually can do this by saving a collection of recovery codes someplace safe (I recommend doing this in the secure notes section of your password manager on the entry for the site in question - if this is not a feature that your password manager has, I recommend that you get a better password manager, and the password manager I recommend is bitwarden).

A couple weeks ago I needed to get into a work account that I had created in 2019. In 2022, my boss had completely taken me off of managing that service and had his own account, so I deleted it from my authenticator. Then in 2024 my boss sold the business but didn't provide MFA for a ton of the accounts we've got. I was able to get back into my account because five years earlier I had taken a photo of the ten security codes from the company and saved them in a folder on my desktop called "work recovery codes." If you are going to use MFA, it is VITALLY IMPORTANT that you save recovery codes for the accounts you're authenticating someplace that you'll be able to find them, because MFA is so secure that the biggest problem with it is locking people out of their accounts.

In any kind of business context, I think MFA should be mandatory. No question.

For personal accounts, I think you should be pointed and cautious where you apply it, and always leave yourself another way in. There are SO MANY stories about people having their phones wiped or stolen or destroyed and losing MFA with the device because they didn't have a backup of the app or hadn't properly transferred it to a new device.

But it's also important to note that MFA is not a "fix all security forever" thing - I've talked about session hijacking here and the way you most often see MFA defeated is by tricking someone into logging in to a portal that gives them access to your cookies. This is usually done by phishing and sending someone a link to a fake portal.

That is YET ANOTHER reason that you should be using a good password manager that allows you to set the base domain for the password you're using so that you can be sure you're not logging in to a faked portal. If your password manager doesn't have that feature (setting the domain where you can log in to the base domain) then I recommend that you get a better password manager (get bitwarden.)

In 2020 my terrible boss wanted me to write him a book about tech that he could have run off at a vanity press and could give to prospect customers as a business card. That was a terrible idea, but I worked on the book anyway and started writing it as a book about security for nontechnical people. I started out with a very simple statement:

If every one of our customers did what we recommend in the first four chapters of this book (make good backups, use a password manager and complex unique passwords, enable MFA, and learn how to avoid phishing), we would go out of business, because supporting problems that come from those four things is about 90-95% of our work.

So yes, absolutely, please use MFA. BUT! Save your recovery codes.

we have to write poems in my creative writing certificate program, so I pieced something together from Belphie's medical reports

agck guys can I ask for help one more time this week TT^TT I have a neurology & cardiology appt. for my PoTS on Tuesday in Cleveland. It'll be a 3 hour drive for me and I don't have the gas funds at all. I really need to make this appt. If you can help thank you:

you can see Aragorn thinking “it’s crazy how there are 8 of us ranging from like 3,000 to 30 years old and I am the only responsible adult here��� throughout The Fellowship of the Ring

American Girl is offering FREE downloads of books featuring their Black characters!!

This includes books and short stories featuring historical characters like Addy Walker, Cécile Rey, Melody Ellison and modern characters like Gabriela McBride, Makena, Evette, and Maritza.

Check it out!

Did a little fan art of a popular post on blue sky.

Hey there! Christina is facing a tough time and needs help to pay her property taxes to keep her home. Your support can really make a difference, so if you could take a moment to click the link below to donate or share it, that would mean a lot. Thank you!

https://gofund.me/0216c91e

i hope every single one of you outlives these hateful fucks on the news right now. i hope each and every one of you is able to find joy and support throughout these tumultuous times and i hope you get to live so fiercely as yourself. i hope you wake up one day to news that you’ve outlived those pieces of absolute shit and whether that brings you joy or relief or hope or what have you, i hope you live to see that day

Rudi got to be part of some experimental archeology today! Testing if this large comb found in the Oseberg viking grave could have been a horse brush/comb! It was super interesting to see how well it actually worked on her shedding winter coat.

(This one was a beautiful replica made by Knut Roger Brekke, not the real one obviously)

The thing with amateur local theater is it is almost always bad BUT keeping it alive is the most important thing