#If I was interested enough and have time I might download it on the desktop and run it through editing in calibre to make it TTS compatible
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
The most popular pages on Tumblr are about Minecraft, GIFs, and David J. Peterson.
Text
Argh... so I've been reading in Scum Villain's Self-Saving System (SVSSS) fandom recently. And it's given me a new pet peeve about formatting and TTS. A bunch of the authors in that fandom are using black lens brackets to indicate the 'system' voice, 【like this】, because the original novels do, and, yeah... unfortunately that's not always compatible with TTS (definitely not with google's TTS engine, and testing with various other online TTS engines gives mixed results).
Guess how I know they're called black lens brackets.
…
Go on, guess.
…
YUP! They get read aloud! Every. Single. Time. They. Appear. Open black lens bracket like this close black lens bracket.
Please resist using the novel's formatting and just use regular square brackets instead! Which do not get read aloud unless there's a space in a bad position, [ like this ]. If you want to be fancy, maybe use <tt>...</tt> formatting or a monospaced font such as courier to make it stand out more as something mechanical.
[Like this]
Which reminds me, another bad formatting choice I've bumped into multiple times (and I can't remember if I've mentioned this one before) is where authors use something <like this> to indicate things like speaking mind-to-mind, or that someone is speaking a foreign language (despite the actual text still being in English). Cool. Neat. Also not TTS compatible, unless you like repeatedly hearing less than and greater than mixed into the text. But guess what - there are already perfectly serviceable ‹single› and «double» angled quotation marks that could be used instead - and since they're recognized as actual quotation marks, they don't get read aloud! Shocking, I know.
Those angled quotation marks could also be another decent option for indication of things like the system voice, obviously.
«Like this»
Thanks to everyone who is already using more TTS-compatible formatting, and to anyone who decides to make some changes to theirs after reading this :)
#Fanfiction#Writing#Formatting#TTS#This has been a rant#Not a terribly serious one#It's just annoying when I go to read something and am just getting into it#And suddenly I'm hearing random punctuation marks#Over and over again#If I was interested enough and have time I might download it on the desktop and run it through editing in calibre to make it TTS compatible#But often I just sigh and skip that fic until I've time for reading visually#Or sometimes just skip it entirely
2K notes
·
View notes
Note
What is considered both a reasonable and maximum polycount for custom content hair and other types of custom content in The Sims 2 and does it depend on gaming specs? Also your work is great!
Thank you for taking the time to read it.
I, personally, use hair that is under 25K polys unless it's unique and cute. Anything over that is overboard and should get decimated. Any furniture or clothing over 10K is extreme for me.
As for specs, I'm inclined to believe that it's a game limitation, how powerful your computer specs are, and a secret third and fourth thing, your OS, and if you're a laptop user.
This OS talk is a side tangent, so bear with me:
Big disclaimer that this is all my opinion, not a factual piece. Don't take this as gospel and I'm far from an expert on operating softwares, computers, and CC for that matter. I went a little bit insane with the OS talk because you mentioned specs and this has been on my mind for a while 🥴
Every single time I've heard that someone installed TS2 on Linux, they are able to play on maximum settings with a BUNCH of CC for a long time and experience no pink soup or pink soup related crashing. I want to do my own research and play the same heavily detailed lot for the same amount of time on Windows and Linux and compare the differences as well as compare how they use resources differently. If I already did not have an attachment to Photoshop CC 2017, I would have made the switch by now.
Okay so Windows... I've played TS2 on my Asus laptop from 2020 and on my new desktop. Here's the spec difference
Laptop: Intel Core i7-9750H 6 Core Processor, 8 GB RAM, NVIDIA GeForce GTX 1650 (Windows 10)
Desktop: AMD Ryzen 5 2600X Six-Core Processor, 16 GB RAM, NVIDIA GeForce GTX 1080 Ti (Windows 11)
My laptop was really good for it's time (I bought it in March 2020), but it was pink soup galore for any cluttered CC lot, even with all of the fixes and GRM edits. My current setup is a mish mosh of my bf's and ex's computer parts and it runs perfectly fine, but I do not play long enough to encounter pink soup. (I have a job and I mainly play to get CC previews these days.) If you noticed, both my CPU and GPU were made before my laptop was sold, and yet it still performs way better. Laptops with top of the line hardware will never be more powerful than PCs with even mid to high level hardware from 5 years ago. Don't forget that laptops will throttle performance to protect itself from overheating and causing damage.
There is also no difference between installing and playing the game on Windows 10 and Windows 11, except that you should absolutely uninstall OneDrive if you haven't already. There might be some issue if you install with discs, but I don't own the discs.
And as for Mac, I truly believe that Mac is the worst way to experience Sims 2. Between the Super Collection crap, not being able to use third party tools (SimPE, Hair Binner, any other .exe files made to run for Windows), and the file limit that really hits you hard if you download a bunch of CC that you can't merge anyway because CCMerger can't run on Mac. I should say I have never played Sims 2 on a Mac, but this is my opinion after reading about the struggles of other MacOS users online.
The point of this OS tangent? None, really. I'm not trying to persuade you to use Linux or stop using Mac, this is simply what I've noticed and my opinions on the matter. There's millions of variables I did not cover such as DXVK, texture sizes, difference in specs between each OS and user and many other things I am forgetting.
Feel free to correct, add on, extrapolate or whatever. If you have any thoughts, please comment, add it in reblogs, or tag me in your post. I'm very interested in the current topics about high polys, pink soup and big textures for this game.
#spell.txt#cc discussions#my opinion on macs wont change though#sorry mac users#only thing im qualified for in this discussion is my photoshop certificate lmao
17 notes
·
View notes
Text
it's funny because e-readers occupy this category of computer that currently fills a use case niche enough that not many people mind its limitations, but that statement is circular, people accept that this device will only ever be able to fill a small niche, in this case, serving as a compromise between a physical book and a full-blown tablet/computer w/ touchscreen, because there hasn't been any effort into expanding what that compromise means. and imo this sucks because it really limits the potential of people leveraging the things e-readers were originally touted for, namely the non-LCD screen and its relative robustness compared to a traditional smartphone.
part of it could be attributed to how the primary drawback of the screen technology only made it suitable for a few things smartphones didn't excel at around the same time, it became stagnant as something that solved a few problems (LCDs) with something that solved a lot of other problems with something else (desktops). despite a phone or a tablet being a lot more practical than a book, they're also inherently distracting to a lot of people, there's always a dozen apps running in the background, it rings, it flashes notifications, it vibrates, and of course, the screen causes eye-strain after long periods. e-readers were popularized as something that married the "dumbness" of paper, and the practicality of digital media, online connectivity, storage, weight, and so on. in its infancy, there was legitimately no point in making a device capable of handling complex media or applications that would make it more comparable in function to a smartphone or tablet, because the screen simply couldn't refresh quickly enough to display it. marketing those limitations as something that aligned it further to a real book made perfect sense, as if you tried to use it for anything else, you would be frustrated by its sluggishness, but more importantly, it helped to distinguish it further from things people already owned.
but like, 15 years on from when the first Kindle was released, the hardware limitations that might've prevented them from having some manner of flexibility that might've brought them closer to other mobile devices at the time, the ability to browse the web, or install third party applications, are mostly irrelevant. the relative uselessness of most e-readers is not because e-ink technology is still too finicky to make consuming anything other than ebooks a pleasant experience, but because the concept of the "e-reader" itself has shifted from a media device with a specialized screen, designed for document reading in general, to solely being an entry-point to a particular storefront.
(like, I realize the tone of this may sound almost conspirational, but consider the first e-readers also doubled as music players. sure, the resolution was SHIT, but they often had more features than what is available today, more than two decades later! it would only be more recently that them being "dumb"/exclusively capable of one thing would be touted as a feature.)
even if more people might be interested in the devices themselves if they were capable of more, say, downloading manga scanlations, reading dynasty-scans without hassle (telling that this is the demographic I first think of), if they allowed more user freedom, easier connectivity and means to fetch files from the internet; treating it more like an actual computer, which it is, might harm long term sales on the proprietary storefront. to Amazon, which practically holds a monopoly on e-readers, the Kindle is a medium for selling books, it doesn't need to be capable of any more than that, the user interface being incredibly anemic, the browser still being experimental after a decade, the inability to export highlights, the laughable epub/cbz support, these are conscious design choices, rather than technical compromises. and they unfortunately exert enough influence on the concept of what an e-reader is supposed to provide that the drawbacks of using Kindles for reading comics, PDFs, or other non-DRM documents aren't apparent for most people, and this is reflected in nearly every other manufacturer (Kobo is barely better)
and it doesn't have to be that way. obviously. obviously this is the point of the post. e-ink is such a cool technology. there are android based e-ink tablets but they cost like $600 dollars for no reason. but more importantly, a middle ground between a full-blown android OS and a lightweight linux interface that doesn't suck is totally possible. please hack your Kindle if you can. install Koreader. read yuri doujin for hours without getting headaches. do it now.
16 notes
·
View notes
Text
Recommending Hydrus Network
One of the most convinient programs i use is Hydrus, which lets me organize files with tags and i feel a lot of people could learn about it. So i thought of writing some basic things and tips based on my experience and if it would interest people on it. But it's worth nothing:
Depending on how many files you put in your Hydrus gallery, the filesize may be worth considering
There's still stuff that i don't know about the program
The program gets updates over weeks because of how dedicated the dev is and my version is almost a year old, so some info here might be outdated
You can learn more about Hydrus here: https://hydrusnetwork.github.io/hydrus/index.html https://github.com/hydrusnetwork/hydrus
What is Hydrus Newtork?
A program that lets you organize and host files with a tagging system in case folders aren't good enough. It's partially based off the "booru" style of galleries/websites (If you're aware of Gelbooru or Danbooru, you might kinda get it). It also has extra features like being able to download images off certain sites but i haven't done that yet. I used it for a while and it's where i save some files. Because i host a variety of images, i tend to upon Hydrus and make it part of the references i use when drawing on Krita.
So anyway:
General
The program has "tabs" and when you open it or right-click and choose "new page", you have 3 options: file search, download or special. Pick file search. File search > my files > Look at the left side and click the bar with a star on its right (Not the star itself) and i usually select "system:inbox" You can open more tabs with this On the left side, the white empty box (With "search" written on top) displays the tags you've selected to see stuff: For example, if you tagged some images "sci-fi" and select "sci-fi", sci-fi shows up in the box and you only see images tagged that. And if you click sci-fi again in the same box, you no longer see only images that have the tag in them. And the below box (Which is under the bar and star button) shows other tags you can click to see more images. If you select some tags, they show up in the same box where "sci-fi" as an example was said to be in. Imagine 100 images tagged "sci-fi" and you select the tag, some images are tagged "robot" or "alien". "robot" and "alien" show up in the lower box as optional searchable tags. There could be other tags like "laser_gun" or "spaceship" but if you select "robot" and "alien", you'll again restrict your search to images containing those tags as they're in the upper box. Those are the "search box" and the "selection tag box"
There's also options to organize the images in update order, filesize, last time viewed, number of frames (Because it also supports gifs and videos) and even the reverse orders of those along with random.
You can select various images at the same time with SHIFT/CTRL and right-click for options. If you simply click an image, you press left/right to view images like a slideshow. You can also drag them with your mouse and zoom in/out. With videos/animations, you can mess with the timer.
Image display
When you double click an image, you display it in a window (And you can have more than one window) If you close the window, a box under the "Selection Tags" box shows the image you recently viewed (And said "Selection Tags" box shows its tags") You can also simply click once in an image (As opposed to double click it to open it) to see the image displayed in that same small box
Importing files
The most common way i do it is by selecting File > Import File and then "Add files" in that new box. There is an option to "delete original files after successful import" meaning that the file is hosted on Hydrus (And the database somewhere) but not in your Desktop or where it originally was before being imported to Hydrus (It ends up in the trash bin, since you're technically copying a file and deleting its original version). Before you press "Import now", look at the gear icon and options to see how you can set things. Might be wrong but pretty sure there's options to change acceptable file sizes and stuff.
After pressing "Import now", you go to a page with the recently imported files: This is where you right-click the images (Or directly click them and move your mouse to the left, where you can click the tag section) to tag them.
You can also import files by having dedicated paths to specific folders: This means if you add new images to a folder, you can "revisit these paths" to add the new images. But if you remove/relocate the folder, the path is broken. You see it on "import and export folders" > "Manage Import Folders". Then you press "add" and are met with options: NOT just the path of the desires folder but also a schedule/time based thing that checks the files and what to do with files once they're on Hydrus. You can also edit these paths.
NOW ONTO SPECIFICS: Import Options > "default options" > change to "set custom file import options just for this importer" and you can decide whether or not to delete duplicates or limit size of imported files This is special because sometimes you'll wonder why the program isn't importing files you wanted to import
TAGS
At this point, you have a basic idea of the feature. Because of the booru influence, if you type for example "character:juri_han", the text is green. This is because of predefined tags. "character" is green, "feature" is light blue, "meta" is black, "series" is purple You can change and add colored tag categories in "File" > "Options" > "Tag Presentation" and add/edit tags in the colors/sections of your choice
When tagging or managing tags in images, Hydrus shows recently added tags. But if you get too many tags, add them to favorites by right-click > favorites > adding the tag to favorites: This makes it so when you tag, you go to a thing called "favorites" (Next to "results" and under a box with the image's current tags) and see a selection of tags. I faved all my tags so i have a clear list of the tags present in my collection
Duplicates
If you do this: New page > Special > Duplicates Processing, you can see an options to detect duplicates in your gallery and even how far the program tries to analyze them by setting up the "speculation" feature (This can take a while). You press the play icon button and wait. This is on the "Preperation" tag, if the progess is complete and has results, select the "Filtering" tab and see if you can "Launch the Filter".
You get this "slideshow" thing where you can swap between different versions of an image (And this part also comes in "rounds", sometimes because an image can have more than 1 duplicate). You can also see the date of images like filesize and their tags. Normally i select "THEY ARE NOT RELATED" to keep both versions of an image. If i want to delete a version of an image, i simply select ""THIS IS BETTER AND DELETE THE OTHER"". However, if you want to keep both images, you may not want to select "THIS IS BETTER BUT KEEP BOTH" because even if an image is kept, it ends up in an obscure annoying place and you don't want that. Maybe there's better options but this is how i do things.
Sharing an image
If you select an image and right-click, there is an option to "share": Select copy and then go to your Desktop and right-click > paste. You just copied the image from your Hydrus gallery and can share it to anyone, even if the filename is the way it is because of booru influence. There are other methods or sharing an image but this is the only one i know.
"Removing" which is hiding vs actual deletion
To delete a file, pretty sure you right-click and select "delete from my giles" and in the "New Page" option, you can visit your trash page. I think Hydrus keeps some files in the Trash section before they end up in your computer's trash bin. But the button "remove" just makes an image disappear and if you select "Refresh" it returns: This is basically a "hide" feature in case you feel like search through files and want to get others in the way i guess.
Anyway
There's probably more to add, specially based on how i use it but hope this is good enough.
If you understand the program better than i do, feel free to correct me.
Also here's a rentry version of this post https://rentry.co/8ikhf
0 notes
Text
2023/April 14th - Creative
I have been a bit exhausted the last few days.
My sleep schedule got kinda messed up, though this is not entirely out of character for me when I get fixated on a new idea. I decided about a week or two ago that I would try to revitalize my interest in video production. I probably should preface this by saying that I tried running a YouTube channel back in 2020. Probably not the best time to get into it, but it was what it was.
When I did it, I was narrating some of the novels that I have written over the years. Writing is my passion, yet it’s not a compatible medium with many of the passions and interests of most people these days. People want interactive media – it’s why they turn to visual novels or YouTube videos or games to get their reading in.
The videos I made honestly never really felt like they were at their fullest potential. It felt like I didn’t have the proper tools to bring my words to life, and I became very frustrated by the outcome. While I reached 60 subscribers during that time period, I eventually became so bothered by the quality of my own content that I deleted all of it from existence and put the channel on hiatus.
Recently, though, I have had a change of direction in my life. I decided that because racing videogames have been a lifelong hobby of mine, I would like to do highlight videos surrounding my favorite racing games. As such, I’ve spent the last several days prepping videos for a May 1st debut. I have about seven completed already.
What I’ve noticed so far is that because I have better equipment now, that alone has given me more confidence in my abilities. In 2020, I was video editing on a Chromebook (which many of you might not think possible, but I assure you, it is). The videos were serviceable, but they lacked the kind of professional quality that I wanted of them.
Now, though, I have an enterprise-level Windows desktop with an enterprise-level GPU that I was using for CAD applications during my last round of college (see my post about going to college three damn times).
Since my drafting stuff is currently on hiatus, I figure that I should probably get my money’s worth from the machine, and it turns out that it can encode a 10 minute 720p video in about 45 seconds. Not bad. As far as the games, I am recording them on an Xbox One X which I have calibrated to record in 720p because Xbox DVR requires your clips be processed over the cloud, and my internet – while good in terms of download speed – is terrible at upload speed.
I learned recently that Xbox DVR files corrupt very easily. Audio sync issues are also very common. So… Not the best start.
Nonetheless, I do feel like the way I have things set up lends itself to my style of video production. What I’m doing is recording individual races and events in-game and then creating highlight reels from them. Some of these highlight videos have a story to them, even.
The audio sync is easy enough to fix using the video editing software. That said, I have lost a handful of good clips due to file corruption – which led to much sulking.
To prevent myself from going insane, I’m probably only gonna upload twice a week – Monday and Thursday. This gives me 2-3 days between videos to work on each one. So far, I’ve noticed it takes approximately 90 minutes to encode enough clips for a 10 minute video, and then editing takes two to four hours depending on storyboarding, effects used, and also needing to create the thumbnails for each video.
And of course, my videos are going to have overlays that show my channel name and eventually things like a Twitter link, Ko-Fi link, etc. If I ever decide to stream, those same overlays could be used to show stream-related info (I think that’s how it works). But getting that sophisticated is gonna take time, I guess.
For the first month, I figure I will use a compact overlay (just a banner, really). Then after, I will make a full-screen overlay in 1080p with the 720p gameplay footage in windowed mode. That’s the plan, anyway. There’s still so much I need to figure out, and I am doing all of this myself.
I would say that my goal is simply to attract people who love the same things I love and who I can share memories with. Like, as a gamer, I often play alone. I don’t really have “gaming friends.” I’d like that to change.
0 notes
Text
How To Fix Relationship Problems With Miracle Formula
How To Fix Relationship Problems With Miracle Formula
Are you struggling in your relationship? Desperate, even?
Do you notice that your relationship problems always revolve around the same old issues and it seems that we’re always searching for the ultimate answer?
How To Fix Relationship Problems
Moving from one relationship to the next, the partner changes, but the questions remain the same.
To some extent, they’re never fully answered, simply because people are different and humans are emotional beings. When it comes to relationships, logic doesn’t work.
I don’t intend to show you a way to solve all specific relationship problems; they’re endless. The same question is different in different relationships. But I want to help you with my own experiences and knowledge. So, if you listen a little closer, you might be able to extract the meaning behind the words.
Your Precious Past Relationship Experiences
Your Precious Past Relationship Experiences
Your own previous relationship experiences are the first-hand real-world knowledge that will help you work out your current relationship. Don’t neglect and waste them. They’re more vivid than any theory and they can help you to understand your situation fully.
You never lose anything or anybody; rather, you gain experiences. They’re treasures.
Do you learn from your previous relationships? I do and I try to avoid replicating the failures, however, I realize that relationships are more complicated than we think at first. It’s not a leisure recreation, but a learning curve.
Do we interpret our previous relationships in the “right” way? Unfortunately, we all see things differently. A negative thinker may not reach a positive conclusion from his previous experiences.
When you cannot think straight, you need guidance.
The formula that Helps You to fix relationship problems
Learning about temperaments is the first step to using your precious past experiences positively, helping you understand yourself and others, and solving current relationship problems that relate to temperaments.
There’re thousands of relationship books that mention temperaments if you search on Amazon. Many are similar. Reading too many will confuse you. I’ll save you time by sharing the one that inspired me to create this blog. It not only helped me solve my own relationship confusions but also made me capable of helping others.
It’s called “Please Understand Me II” by David Keirsey (American psychologist)
If you don’t really get the essence of the temperament theory, the book will be yet another personality book that only entertains you in the short term.
However, once you grasp its core, you will find the life path in front of you suddenly broadening, becoming a boulevard. The theory is almost a magic formula that solves relationship problems.
Everyone knows Myers Briggs (presently indicator), but it’s David Keirsey who points out why some relationships don’t work.
We communicate in two fundamental “languages”: “abstract language” and “concrete language”. Abstract thinkers talk about the invisible ideas, while concrete thinkers talk about the things in front of their eyes.
If you read this far, then you are an abstract thinker, because only an abstract thinker will be interested enough to read this article written in abstract language naturally by me, an abstract thinker.
Does this answer your question why you and your partner are having relationship problems?
Download Lovedit app for premium content like these for free
To be continued ----------------------------------------
Read full article
On your mobile- Read full article for free
On Desktop - Read more
0 notes
Text
You're still making the assumption that once you got something into their mailroom you'd be able to get anywhere. The last time I saw an unsecured wifi network that didn't have a portal, ever, is coming up on a decade ago, and if my school's IT guy (who didn't know what PoE was until I told him!) can figure out how to set up WPA2-Enterprise and get students to authenticate to it with individualized X.509 certificates, so can Microsoft. Even just standard issue WPA2-PSK is pretty tough to break, but if every single client has a different auth token and encryption key... forget it. Also their mail room isn't guaranteed to have any Wi-Fi signals visible at all, at least not that are strong enough for the dinky little trace antenna in your phone to connect to.
At best I think you'd be able to pop a cleverly named hotspot and do some social engineering to get someone to type in their network creds, which... good luck with that. Even once you're in, every sysadmin worth their salt knows to keep critical infrastructure on a separate VLAN from whatever virus Barb from accounting downloaded whilst trying to play Candy Crush. I'm sorry, but I really cannot see this working unless you get extraordinarily lucky and catch your target with their opsec pants down. Maybe someone gets curious and leaves your phone in their pocket while walking into the server room. And then accidentally plugs it into a trusted switch port somehow because server rooms famously don't have WiFi at all. And also hope that their server room isn't EMP shielded because if it is you'll lose your cell connection.
Now if you wanna talk innovative ways for network penetration, try this one on for size: go to your local Amazon and find a power strip with Ethernet surge protection and USB charging ports. Gut it and install one of those tiny router SBCs that's like half the size of a RasPi and has two GbEthernet ports and USB-A not a whole lot else. Remove the Ethernet filter board and replace it with that thing, as well as connecting one of the USB-A ports to it. Go to your target posing as an IT guy (or after hours) and swap out one of their power strips powering a desktop setup for yours. Unplug the computer's Ethernet and route it through your power strip. Leave a cell phone plugged into one of the "charge" ports and set it to USB tethering. You now have a bot inside their network as well as the ability to snoop on any traffic going to or from that computer. To the casual observer, it will look like any other power strip that someone plugged their phone into to charge. By the time someone turns the cellphone in to lost and found you'll be able to get to the Internet via the upstream Ethernet port.
Admittedly this method of attack is not much more practical than the one you describe. It requires physical, unsupervised access to the premises (if only briefly) and relies on no one noticing that Brenda's computer requested two IP addresses. It also suffers from the afforementioned problem of "if the network engineers have any sense at all, Brenda's computer can't talk to the mission critical servers anyway". Also, being able to man-in-the-middle an employee's computer probably wouldn't help much since pretty much everything coming out of it is going to be encrypted, although it could be interesting if you wanted to run a social engineering attack on Brenda. You might be able to drum something up with a captive portal to show a phishing page only to her and not let her access the internet until she's given it something, although with the amount of hardening and scary "CONNECTION IS INSECURE!!!" warnings baked into modern browsers, even that might be dicey.
I dreamed I was trying to hack Microsoft* in a novel way: I mailed them a computer.
The idea was that it was battery powered and turned on. Once it got into their mail room, it was going to connect to their internal wifi and try to access various network resources from the inside.
Now that I'm awake, I'm honestly wondering how effective this would be. Address it to a non-existent employee in the hopes of getting it to sit in the mailroom for as long as possible, talk to it over the internet using a secondary (cellular) connection and tor... Which makes me think the best computer to do this with would be a smartphone.
They've already got wifi and cellular connectivity, and a battery. Supplement the battery with an external USB power supply and they could easily run for weeks. They've even got GPS so you can track when they've arrived.
Plus they're off-the-shelf devices, making it harder to track down who built it. Buy a Samsung Galaxy with a cracked screen off ebay and you could build this whole device for only a couple hundred bucks.
I'm probably not the first person to think about this. I wonder how you'd prevent it?
Off-site mailroom on a separate network? X-ray all your packages? You might be doing that anyway if you're a big enough company worried about mail bombs, but the problem with being a tech company is that your employees probably get mailed stuff that looks like a phone+battery all the time.
Maybe keep your mailrooms inside a Faraday cage?
* I don't know why Microsoft. I have already gotten everything I wanted to steal from them
135 notes
·
View notes
Note
Re: the new chapter.
It was fantastic and I WILL be commenting, I just don't have enough time to dedicate right now (or rather, I have the time management skills of toddler).
Re: miscellaneous
I've now listened to the Camp Camp theme about 40 times because I love the fact that it's technically Jaune singing it.
I was also very guiltily watching rwby amv's like the shameless 2000's fanfic reader I am, and you know what I found? There's like, ONE single Knightfall amv, of unknown quality since I haven't yet seen it. And since you're the Designated Knightfall Person... guess who it falls to to Deliver us from hopelessness.
If you feel like it, that is XD, but I certainly couldn't do it and you are, as I've said, the #1 knightfall content creator.
Hope you're having a nice day:)
Re: the new chapter.
No worries about commenting, I appreciate the ones you've left on previous chapters. Thank you for reading. (: These past few chapters have been pretty hard for me to get through mentally, I mean I've enjoyed writing them but I get the sense they're not very good. At least next chapter might prove interesting. I hope everything is going well for you; if your time management skills are as good as a baby, then make sure you're getting those afternoon naps in. :D
Re: miscellaneous
Have you seen Red vs. Blue? I think I've mentioned to you I was a fan of it and that's how I got into R/WBY, but um. Jaune's voice actor (and writer for seasons 11-13, though he also wrote one episode in season 10 which at the time had me confused when he said he couldn't write romance, because it had the only and most romantic scene for that couple in the show) also voices another character in RVB and it's. Very funny. He has a lot of range, let me put it that way. (I actually really like Miles' voice acting lol).
EDIT: Lol and Cinder's letter X-ish shaped scar even reminded me way back when of Locus' visor, she matches with her boyfriend's voice actor's character in RVB. Incredible.
I like fanvids conceptually but there are very few I actually really like. I generally prefer the ones without lyrics, like instrumental scores. The ones I do like I go back and rewatch frequently though. I really love how fanvids themselves can be so convincing of an idea and string together different scenes, it's argumentative like an essay.
And since you're the Designated Knightfall Person
This is a very high honour, thank you.
guess who it falls to to Deliver us from hopelessness.
I have one plotted out in my head already. :( I would really like to get Skimming Eye done as soon as possible and on time according to my schedule so other stuff I want to do keeps falling to the wayside. The fanvid living in my head is really awesome though. I put together the music already.
The one thing I can't find is a source for downloading R/WBY episodes. I'd prefer to buy them so I actually want to OWN them and load them up in VLC media player etc.
It's such a pain in the arse always going to the website, for that matter I can't make a fanvid without actually having the episodes. I've surched in all of the requisite places.
I guess there are only the DVD versions? Is it blu-ray now? Sucks to be me without a disk drive. This is when I really want to get a desktop again.
and you are, as I've said, the #1 knightfall content creator.
An extremely high honour lol. There are lots of other talented fic authors and people into the pairing, I'm very sure. I'm just doing my thing. I've parked myself here and I'm not moving. I suppose also I really like R/WBY and I'm very much into the show, V8 was my favourite volume etc., so that influences my reading and my output/interest. But trust me I have absolutely no conceited ideas about myself, I know I'm a weirdo.
Thanks for your ask and hope you have a good night. (:
5 notes
·
View notes
Note
Thanks so much for the IF recs! I'd absolutely take a second post of recommendations for Twine games too if you're willing to share! <3
Of course!!
I... actually like twine games better than cog based ones, in some ways, just because they tend to be fancier and prettier, and I am secretly a ferret in the body of a human and I love shinies. ADHD, baby!
I only actually know of like 12 twine games, so if there are any that anyone who sees this knows of that I didn’t list, feel free to let me know about them! There’s a chance I do know about them and just didn’t put them here, but I would rather hear one I already know of on the off chance that I’ll get a new one dropped in.
That said! Another list of games I really like that is again in no particular order!
They’re all on itch.io by the way! They tend to work better if you download them but most can be run in your browser and most are also mobile friendly so you can play them on your phone! I’ll note which ones are.
Scout: An Apocalypse Story: I love dystopia stories, I dearly wish we had more IF based in this kind of setting. Set in a wasteland that is trying to pull itself together with people trying to find out if other settlements are out there while also trying to, well, stay alive. I gotta say, I played only E’s route for a long, long time, but once I tried the other ones I haven’t really gone back. I still love E, you can pry the childhood friend trope out of my cold dead hands, but wow. Oliver. Wow. That dude has serious UST. And Sabine!! I’ve been forced out of my little “play it the same way every time” rut and I’m not sorry. I very much like that you can choose the intimacy level, as someone who’s ace. Sometimes I like reading the smut, sometimes I don’t. Options! (mobile friendly!)
Bad Ritual: I got it baaaaaaaaaad~ I do though, I love Siruud. I have terrible, terrible taste in men. I mentioned Dracula in the other list, and here there’s an actual demon. This is a game with *sass* and I always love a chance to be sassy. I think part of the reason I resonate so much with this one is because of how jaded retail has made me tbh but that’s another story. Honestly, if you like dark settings, I recommend you play this one first of all my recommendations. It’s just such a good game and there are so many choices and even the pronoun choices are pretty varied. It’s just good! (mobile friendly!)
Wayfarer: Another for the fantasy list! I love the worldbuilding in this one, and the character creator is just amazing. There are maps, there’s a codex, seriously if you love reading lore, this is definitely a game for you. This is like if Tolkien made an IF. It’s amazing. I’ve said that a few times but it’s true. In all honesty it might count as one that’s not so romance focused, since it does focus more on plot. If I could just sit down and make an IF, I’d want it to be like this tbh. With a beautiful framework, a well organized space of information for the players to just look at and see stuff about the world, a way to develop and build their own character in a clear cut way, and the game immediately tells you what stats are effected by what choices. I really enjoy it when games try to work in character creation in creative ways, but sometimes I just want to sit down and go, “Okay, my character has red hair, blue eyes, is short, and has a crippling phobia of lizards” and this game lets me do that. Well, except for the lizard part. (Not as mobile friendly as the others but I make it work!)
Love and Friendship: It’s a regency game and I love Pride and Prejudice. What can I say? Something about the massive amount of rules of society just gets me. Propriety! This is a game that has a set gender protagonist, female, and it actually is a bit different from the norm in that it has two female love interests and one male, when most of the time it’s the other way around. So that’s something. You can even have a platonic route with a fourth love interest, who is also male. There really aren’t enough platonic routes, but I understand why that is, since a lot of IF players are looking for romance. (mobile friendly!)
Exiled From Court: Also a bit of the same vibe simply because of how constrained everyone is by rules. Nobility, after all. There are a lot of love interests, and one is the MC’s sister’s husband, which is definitely gonna be scandalous. Will I do it? Will I? Eventually. I do like how you can act like an absolute hellion, well, as far as that goes considering. You can try to be a better person but that’s less fun, lol. (mobile friendly!)
A Tale of Crowns: This is literally one of the very first twine games I ever played. Really! It’s got a lot of wonderful intrigue and the setting is very fun. There aren’t a ton of fantasy middle eastern games, and this game is definitely one reason why we should have more. There’s a great deal of customization, and the love interests’ gender will changed based on your MC’s gender and sexuality combination. I like R & D best, and no that’s not a pun. I think. (mobile friendly!)
For the Crown: This is a different game, I swear, they just both happen to have crown in the title, lol. You get to play as an assassin, which is a great deal of fun. The lore in the game is very nice too. I tend to play with they/them pronouns though, and there were a few pronoun hiccups in the game. Seems to be an issue across all of the games made by this author, but I know how much of a pain variables can be so hopefully those will get squashed soon. There’s an explicit content choice in this one as well, and if you turn it on there is an “equipment” choice, so this is definitely gonna be spicy later on! (mobile friendly, but after each chapter the browser shifts as it auto saves. you just have to tap restore game to keep playing.)
-These games aren’t exactly twine games, but I’m putting them here because they’re visual novels that fit the IF format for the most part and are also on itch.io and I love them and for this post at least I will bend my own rules! They all have gender choice MCs and are nonbinary friendly.-
Perfumare: This game is actually being made into an IF, with the visual novel as a sort of preview of what we’re gonna get there. I literally cannot wait for that to happen, this game is so good as it is, and from what we’ve been told it’s only gonna get better. This game has an excellent world, the characters are all messy in the best ways, and ugh it has hurt me quite a bit, again in the best way. It’s another one on the dark side of things. The powers in this game are just so fun, I dearly want a game set in this world where we can choose what powers we have! Maybe that will be in the IF, but I have a feeling the answer is no. We’ve been teased that there will be a second game with a different MC who will get to romance the characters we can’t in this one, and that alone is enough to get me to jump as soon as it drops. The love interests aren’t gender variable but there are two male ones and one female. I, a known mess, recommend Laurent for lots of repression and pain. (not mobile friendly, you gotta play on desktop/laptop)
Andromeda Six: I’ve recommended this one to pretty much everyone I know, it is such an excellent game. The cast is a mashup of misfits and makes me miss my Mass Effect crews. I specifically set my pronouns to she/her just so they’d all call me Princess. What can I say, I like it. There’s lots of pain, lots of drama, lots of world building, lots of interesting lore, and there is much breaking of cuties. Much. Can’t wait till we get to the next planet. The author has gone out of their way to say that each love interest is gonna get their own arc and will definitely get their own share of attention, so no matter who you pick you’ll have plenty of time to be with them and watch them shine. (not mobile friendly, gotta play on desktop/laptop)
When the Night Comes: Not only do you get to play a badass hunter but it has multiple poly routes! Multiple! It’s rare when you get one poly in a game, this one has three! You can also choose to romance any of them individually if you so choose. It’s dark fantasy gothic, and I really really like that. (not mobile friendly, gotta play on desktop/laptop)
Errant Kingdom: Made from the same dev as WTNC, this one is set in a more fantasy middle eastern setting. Very pretty, lots of intrigue. You can choose between three set protagonists, who can have three different storylines depending on your choices, which is very nice for replayability. It’s got two poly routes this time, and it works the same as their other game in that you can romance them individually if you’d rather be monogamous. (not mobile friendly, gotta play on desktop/laptop)
35 notes
·
View notes
Text
Making 3D References in Clip Studio Paint
Thought you guys might be interested to see how I use Clip Studio Paint for putting together custom 3D references! (FYI I use the iPad version, but everything here applies to the regular desktop version as well.)
A lot of people know CSP as a great digital art alternative to Photoshop (which it is, don’t let Adobe extort you if you can help it), but I personally use it almost exclusively to make references! Its 3D features are pretty robust and what I’m about to show you is only the tip of the iceberg.
Here are a couple of my CSP references with their equivalents in Rainfall:
As you can see, I use it mostly for shots where characters are interacting (especially couple interactions!), because I tend to have a very specific idea of how I want the pose + camera angle to look.
Assets
I use modified versions of CSP’s stock human models and a mix of downloaded assets from their website. I rarely have to look beyond the free assets, but the few times I did, $10 was enough to secure me a huge amount of “Gold” content.
(Tip: Click the “Detail” button to the right of the search bar to filter by 3D content.)
Relevant Interface
These are literally the only things I use in CSP, so don’t ask me what other parts of the program do lol.
Click here to see all these images larger
Operation Tool - This selects 3D models in the layer and allows you to manipulate them. Apologies for my chicken scratch.
3D Material Palette - Includes all poses, human models, and objects. I’ve created some custom folders in a feeble attempt to organize all the shit I’ve downloaded.
Body Type Settings - CSP comes with a few default human models in both realistic and more anime-style proportions. You can modify the models’ height, fat/muscle distribution, specific body part proportions, and more. You can also save these as presets for future use. (See above)
Making Backgrounds
3D is fantastic for setting up scenes with significant background elements. It can be a huge time saver, especially if you’re going to be drawing it multiple times from different angles.
I used a bunch of downloaded assets to create this “set”, making sure it looked good at the angles I was planning on using in the comic.
Once that was done, I posed the character models as I needed, took screenshots at the right angles, and traced over the background objects. Tracing is fine. If this was a technical exercise it’d be one thing, but I’m here to make a comic.
Here’s an example of a looser approach for less prominent backgrounds. I used the boxes as guides to draw in the rest.
---
I hope you enjoyed this behind the scenes look! 3D is a really great supporting tool for 2D artists and with CSP, it’s more affordable and accessible than ever.
97 notes
·
View notes
Text
5m Mathmrs. Mac's Messages
TLDR: With a bit of research and support we were able to demonstrate a proof of concept for introducing a fraudulent payment message to move £0.5M from one account to another, by manually forging a raw SWIFT MT103 message, and leveraging specific system trust relationships to do the hard work for us!
5m Mathmrs. Mac's Messages App
5m Mathmrs. Mac's Messages Message
5m Mathmrs. Mac's Messages To My
5m Mathmrs. Mac's Messages For Her
Before we begin: This research is based on work we performed in close-collaboration with one of our clients; however, the systems, architecture, and payment-related details have been generalized / redacted / modified as to not disclose information specific to their environment.
A desktop application for Instagram direct messages. Download for Windows, Mac and Linux.
Have a question, comment, or need assistance? Send us a message or call (630) 833-0300. Will call available at our Chicago location Mon-Fri 7:00am–6:00pm and Sat 7:00am–2:00pm.
5m Mathmrs. Mac's Messages App
With that said.. *clears throat*
The typical Tactics, Techniques and Procedures (TTPs) against SWIFT systems we see in reports and the media are - for the most part - the following:
Compromise the institution's network;
Move laterally towards critical payment systems;
Compromise multiple SWIFT Payment Operator (PO) credentials;
Access the institution's SWIFT Messaging Interface (MI);
Keys in - and then authorize - payment messages using the compromised PO accounts on the MI.
This attack-path requires the compromise of multiple users, multiple systems, an understanding of how to use the target application, bypass of 2FA, attempts to hide access logs, avoid alerting the legitimate operators, attempts to disrupt physical evidence, bespoke malware, etc. – so, quite involved and difficult. Now that’s all good and fine, but having reviewed a few different payment system architectures over the years, I can’t help but wonder:
“Can't an attacker just target the system at a lower level? Why not target the Message Queues directly? Can it be done?”
A hash-based MAC might simply be too big. On the other hand, hash-based MACs, because they are larger, are less likely to have clashes for a given size of message. A MAC that is too small might turn out to be useless, as a variety of easy-to-generate messages might compute to the same MAC value, resulting in a collision. WhatsApp Messenger is a FREE messaging app available for iPhone and other smartphones. WhatsApp uses your phone's Internet connection (4G/3G/2G/EDGE or Wi-Fi, as available) to let you message and call friends and family. Switch from SMS to WhatsApp to send and receive messages, calls, photos, videos, documents, and Voice Messages. WHY USE WHATSAPP. Garrick Hello, I'm Garrick Chow, and welcome to this course on computer literacy for the Mac. This course is aimed at the complete computer novice, so if you're the sort of person who feels some mild anxiety, nervousness, or even dread every time you sit down in front of your computer, this course is for you.
Well, let's find out! My mission begins!
So, first things first! I needed to fully understand the specific “section” of the target institution's payment landscape I was going to focus on for this research. In this narrative, there will be a system called “Payment System” (SYS). This system is part of the institution's back-office payment landscape, receiving data in a custom format and output's an initial payment instructions in ISO 15022 / RJE / SWIFT MT format. The reason I sought this scenario was specifically because I wanted to focus on attempting to forge an MT103 payment message - that is:
In this video I will show you where to locate the serial number on a Western golf cart. Ebay Store: Please SUBSCRIBE. Western golf cart serial number lookuplastevil.
MT – “Message Type” Literal;
1 – Category 1 (Customer Payments and Cheques);
0 – Group 0 (Financial Institution Transfer);
3 – Type 3 (Notification);
All together this is classified as the MT103 “Single Customer Credit Transfer”.
Message type aside, what does this payment flow look like at a high level? Well I’ve only gone and made a fancy diagram for this!
Overall this is a very typical and generic architecture design. However, let me roughly break down what this does:
The Payment System (SYS) ingests data in a custom - or alternative - message format from it's respective upstream systems. SYS then outputs an initial payment instruction in SWIFT MT format;
SYS sends this initial message downstream to a shared middelware (MID) component, which converts (if necessary) the received message into the modern MT format understood by SWIFT - Essentially a message broker used by a range of upstream payment systems within the institution;
MID forwards the message in it's new format on to the institution's Messaging Interface (let's say its SAA in this instance) for processing;
Once received by SAA, the message content is read by the institution's sanction screening / Anti-money laundering systems (SANCT).
Given no issues are found, the message is sent on to the institution's Communication Interface (SWIFT Alliance Gateway), where it's then signed and routed to the recipient institution over SWIFTNet.
OK, so now I have a general understanding of what I'm up against. But if I wanted to exploit the relationships between these systems to introduce a fraudulent payment without targeting any payment operators, I was going to need to dig deeper and understand the fundamental technologies in use!
So how are these messages actually 'passed' between each system? I need to know exactly what this looks like and how its done!
More often than not, Message Queues (MQ) are heavily used to pass messages between components in a large payment system. However, there are also various “Adapter” that may be used between systems communicating directly with the SAG (Such as SAA or other bespoke/3rd party systems). These are typically the:
Remote API Host Adapter (RAHA);
MQ Host Adapter (MQHA);
Web Services Host Adapter (WSHA).
Having identified that MQ was in use, my initial assumption was that there was most likely a dedicated Queue Manager (QM) server somewhere hosting various queues that systems push and pull messages from? However, due to SWIFT CSP requirements, this would most likely - at a minimum - take the form of two Queue Managers. One which manages the queues within the SWIFT Secure Zone, and another that manages queues for the general corporate network and back office systems.
Let's update that diagram to track / represent this understanding: Now I could research how this 'messaging' worked!
There are multiple ways to configure Message Queues architectures, in this case there were various dedicated input and output queues for each system, and the message flow looks something like this: Full disclosure, turns out it’s hard to draw an accurate - yet simple - MQ flow diagram (that one was basically my 4th attempt). So it’s.. accurate 'enough' for what we needed to remember!
5m Mathmrs. Mac's Messages Message
Now I had a good understanding of how it all worked, it is time to define my goal: 'Place a payment message directly on to a queue, and have it successfully processed by all downstream systems'.
This sounds simple, just write a message to a queue, right? But there are a few complications!
Why are there few indications of this attack vector in the wild?
How do I even gain “write” access to the right queue?
What protects the message on the queues?
What protects the messages in transit?
What format are the messages in?
What is the correct syntax for that message format at any particular queue (0 margin for error)?
Where does PKI come in? How / where / when are the messages signed?
Can I somehow get around the message signing?
What values in the messages are dependent / controlled / defined by the system processing them (out of my control)?
What is the maximum amount I can transfer using Straight Through Processing, without alerting the institution / requiring manual validation?
But OK, there's no point dwelling on all of that right now, I'll just clearly define what I want to do! The goal:
Successfully write a payment instruction for 500,000 GBP;
Inject that message directly onto a specific queue;
Have the message pass environment-specific validation rules;
Have the message pass sanctions and AML checks.
Have the message successfully signed;
Have the message pass SWIFTNet-specific validation rules;
What I was not interested in doing for this research - yet needed to understand nevertheless for a full attack chain was:
How to compromise the institution's network;
How to gain access to the MQ admin's workstation;
How to obtain the pre-requisite credentials.
What I wanted to 100% avoid at all costs:
The attack involving SWIFT payment operators in any way;
The attack involving SWIFT application access in any way;
A need to compromise signing keys / HSMs;
A need to compromise SWIFTNet operator accounts or certificates or any type of PKI;.
Now I had an idea of what to do, I needed to make sure I could write a raw MT103 payment instruction! Typically, even when operators write payment messages using a messaging interface application like Alliance Access, they only really write the message “body” via a nice GUI. As raw data this could look something like:
I'll break this down in the following table:
NameFieldValueTransaction Reference20TRANSACTIONRF103Bank Operation Code23BCRED (Message is to 'credit' some beneficiary)Value Date / Currency / Amount32A200102 (02/01/2020) GBP 500,000.00Currency / Original Credit Amount33BGBP 500000,00 (£500,000.00)Ordering Customer50KGB22EBNK88227712345678 (IBAN) JOHN DOE (Name) JOHN'S BUSINESS LTD (Line 1) 21 JOHN STREET, LONDON, GB (Line 2)Beneficiary59KFR20FBNK88332287654321 (IBAN) ALICE SMITH (Name) ALICE'S COMPANY (Line 1) 10 ALICE STREET, PARIS, FR (Line 2)Remittance Information7012345-67890 (essentially a payment reference)Details of Charge71ASHA (Shared charge between sender and receiver)
Now as this is a valid message body, if I were targeting a payment operator on SWIFT Alliance Access, I could - for the 'most' part - simply paste the message into SAA's raw message creation interface and I'd be pretty much done. With the exception of adding the sender / recipient BIC codes and most likely selecting a business unit. However, these values are not stored in the message body. Not stored in the message body you say? Well that complicates things! Where are they stored exactly?
The message “body” is referred to as “block 4” (aka the “Text Block”) within the SWIFT MT standard. As suggested by the name, there is probably also a block 1-3. This is correct; and these blocks are typically generated by the payment processing applications - such as SWIFT Alliance Access - and not necessarily input by the operators. A 'complete' MT103 message consists of 6 blocks:
Block 1 – Basic Header
Block 2 – Application Header
Block 3 – User Header
Block 4 – Text Block
Block 5 – Trailer
Block 6 – System block
So it looked like I was going to need to learn how to craft these various “blocks” from scratch.
Block 1 (Basic header)
Reading through some documentation, I crafted the following “Basic header” block:
A breakdown of what this translates too is as follows:
NameValueContextBasic Header Flag1Block 1 (Not 2, 3, 4, or 5)Application TypeFFIN ApplicationMessage Type0101 = FIN (I.e not ACK/NACK)Sender BICEBNKGB20EBNK (Bank Code) GB (Country Code) 20 (Location Code)Sender Logical TerminalATypically A, unless they are a significantly large institution and require multiple terminalsSender BranchXXXAll X if no branch neededSession Number0000The session number for the messageSequence Number 999999The sequence number of the message
Taking a step back, I already identified two potential problems: the “session” and “sequence” numbers! These are described as follows:
Session Number – Must also equal the current application session number of the application entity that receives the input message.
Sequence number – The sequence number must be equal to the next expected number.
Hmmm, at this point I was not sure how I could predetermine a valid session and/or sequence number - considering they seemed to be application and 'traffic' specific? But there was nothing I could do at the time, so I noted it down in a list of 'issues/blockers' to come back to later.
Block 2 (Application Header)
A bit more dry reading later, I managed to also throw together an application header:
Again, I’ve broken this down so it makes sense (if it didn’t already; I’m not one to assume):
NameValueContextApplication Header Flag2Block 2I/O IdentifierIInput Message (a message being sent)Message Type103103 = Single Customer Credit TransactionRecipient BICFBNKFR20FBNK (Bank Code) FR (Country Code) 20 (Location Code)Recipient Logical TerminalXAll General Purpose Application Messages must use 'X'Recipient BranchXXXAll General Purpose Application Messages must use 'XXX'Message PriorityNNormal (Not Urgent)
Awesome! No issues crafting this header!
Note: At this point I should probably mention that these BIC codes are not 'real', however are accurate in terms of in format and length.
Block 3 (User Header)
The third block is called the “User Header” block, which can be used to define some “special” processing rules. By leverage this header, I could specify that the message should be processed using “Straight Through Processing” (STP) rules which essentially attempts to ensure that the message is processed end-to-end without human intervention. This could be specified as follows:
However, this was not yet a valid header! As of November 2018 the user header requires a mandatory “Unique end-to-end transaction reference” (UETR) value, which was introduced as part of SWIFT's Global Payments Innovation initiative (gpi)! This is a Globally Unique Identifier (GUID) compliant with the 4th version of the generation algorithm used by the IETF standard 'RFC4122'. This consists of 32 hexadecimal characters, divided into 5 parts by hyphens as follows:
where:
x – any lowercase hexadecimal character;
4 – fixed value;
y – either: 8, 9, a, b.
This value can be generated using Python as seen below:
With an acceptable UETR generated, this is how the third block looked:
And as before, a breakdown can be found below:
NameValueContextUser Header Flag3Block 3Validation Flag119Indicates whether FIN must perform any type of special validationValidation FieldSTPRequests the FIN system to validate the message according to the straight through processing principlesUETR Field121Indicates the Unique end-to-end transaction reference valueUETR Value8b1b42b5-669f-46ff-b2f2-c21f99788834Unique end-to-end transaction reference used to track payment instruction
Block 5 and 6 (Trailer and System Blocks)
I’ve already discussed “block 4” (the message body), so to wrap this section up, I'll be looking at the final 2 blocks: Block 5, aka the “Trailer”; and block S, aka the “System” block.
Before going forward, let me take a moment to explain the pointlessly complicated concept of input and output messages:
An “input” message (I) is a message which is traveling “outbound” from the institution. So this is a message being “input” by an operator and sent by the institution to another institution.
An “output” message (O) is a message which is traveling “inbound” to the institution. So this is a message being “output” by SWIFTNet and being received by the institution.
OK, moving swiftly (aaaahhhhh!) on.
For Input messages, these blocks were not too much of a problem. The headers only really seemed to be used to flag whether the message was for training / testing or to flag if it was a possible duplicate, which syntactically took the following form:
Where “TNG” indicated “training” and “SPD” indicated “possible duplicate”.
However, with Output messages, it got considerably more complicated. An example of what the trailer and system block could look like on an Output message is the following:
A breakdown of these various values is:
Trailer ((5:) MAC – Message Authentication Code calculated based on the entire contents of the message using a key that has been exchanged with the destination bank and a secret algorithm; CHK – This is a PKI checksum of the message body, used to ensure the message has not been corrupted in transit; TNG – A flag to indicate that the message is a Testing and Training Message.
System ((S:) SPD – Possible Duplicate Flag SAC – Successfully Authenticated and Authorized Flag. This is only present if:
Signature verification was successful.
RMA (Relationship Management Application) authorization and verification was successful.
COP – Flag indicating that this is the primary message copy; MDG – The HMAC256 of the message using LAU keys.
However, these seemed to only be values I would need to consider if I was to try and forge an “incoming” message from SWIFTNet or an 'outbound' message on the output of the SAG.
So.. I'll stick with crafting an “input' message trailer:
Now, having said all that, it turned out the trailer block did seem to sometimes hold a MAC code and a message checksum (sigh), meaning I actually needed to construct something like:
So that was +2 to my 'issues/blockers' list. However, issues aside, I now understood the complete message format, and could put it all together and save the following as a draft / template MT103 message:
Highlighted in bold above are the areas of the message I was - at this point - unable to pre-determine. Nevertheless, a summary of what that the message describes is:
Using the transaction reference “TRANSACTIONRF103”;
please transfer 500,000.00 GBP;
from John Doe, (IBAN: GB22EBNK88227712345678) at “English Bank” (BIC: EBNKGB20);
to Alice Smith (IBAN: FR20FBNK88332287654321) at “French Bank” (BIC: FBNKFR20);
Furthermore, please ensure the transaction charge is shared between the two institutions;
and mark the payment with a reference of “12345-67890”.
To wrap up this section, i wanted to take a moment to explain some logic behind the target of 500,000 GBP, as it is also important.
Aside from the many reasons it would be better to transfer (even) smaller amounts (which is an increasingly common tactic deployed by modern threat actors), why not go higher? This is where it’s important to understand the system and environment you are targeting.
In this instance, let's assume that by doing recon for a while I gathered the understanding that:
If a message comes from SYS which is over £500k;
even if it has been subject to a 4 eye check;
and even if it is flagged for STP processing;
route it to a verification queue and hold it for manual verification.
This was because a transaction over £500k was determined to be “abnormal” for SYS. As such, if my transaction was greater, the message would not propagate through all systems automatically.
OK, so now that I understood:
how the system worked;
how it communicated;
the fundamental structure of a raw MT103 payment messages;
and how much I could reliably (attempt) to transfer.
And with that, it was time to take a break from MT standards and establish an understanding of how I would even get into a position to put this into practice!
To place a message on a queue, I was going to need two things:
Access to the correct queue manager;
Write access to the correct queues.
Depending on the environment and organisation, access to queue managers could be quite different and complex. However a bare-bones setup may take the following form:
An MQ Administrator accesses their dedicated workstation using AD credentials;
They then remotely access a dedicated jump server via RDP which only their host is whitelisted to access;
This may be required as the queues may make use of Channel Authentication Records, authorizing specific systems and user accounts access to specific queues;
The channels may further be protected by MQ Message Encryption (MQME) which encrypts messages at rest based on specific channels. As such, even if someone was a “super duper master admin” they would only be able to read / write to queues specifically allocated to them within the MQME configuration file (potential target for another time?);
The MQ Admin can then use tools such via the Jump Server to read/write to their desired message queues.
So, in this scenario, to gain access to the message queues I - as an attacker - would need to compromise the MQ admin’s AD account and workstations, then use this to gain access to the jump host, from where I could then access the message queues given I knew the correct channel name and was configured with authorization to access it.. and maybe throw some MFA in there..
That is understandably a significant requirement! However, when discussion sophisticated attacks against Financial Market Infrastructure (FMI), it is more than reasonable to accept that an Advanced Persistent Threat (APT) would see this as a feasible objective - We don't need to dig into the history of how sophisticated attacks targeting SWIFT systems can be.
Next, it was time to finally identify a feasible attack vector for message forgery.
Now with an idea of how to gain the right access, as well as an understanding of the various technologies and security controls in place; I update my diagram:
You may have noticed I've added something called “LAU” around the SAA-to-SAG adapter, and another “LAU” to the MID-to-SAA MQ channels, which I have yet to explain. “Local Authentication” (LAU) is a security control implemented by SWIFT to authenticate messages using a pair of shared keys between two systems. These keys are combined and used to generate a SHA256 HMAC of the message and append it to the S block. This can then be validated by the recipient system. Effectively, this validates the origin and authenticity of a message. As such, even if an attacker was in position to introduce a fraudulent payment, they'd first need to compromise both the left and the right LAU signing keys, generate the correct HMAC, and append it to the message in order to have it accepted / processed successfully.
But LAU aside, I now just needed to figure out which queue to target! There were a lot of queues to work with as each system essentially has multiple “input” and “output” queues. With that in mind, it was important to note that: an incoming message would require being in the format expected by the target system (from a specific upstream system) and an outgoing message would need to be in the format “produced” by one target system and “expected / ingested / processed” by its respective downstream system. So to figure this out, I worked backwards from the Gateway.
Targeting SAG
This was the least feasible attack vector!
I hadn't really looked into how the SWIFT adapters worked - If only I could research literally everything);
SAA and SAG implemented LAU on messages sent between them - An excellent security control!;
The output of SAG was directly on to SWIFTNet which would entail all sorts of other complications - this is an understatement)!
Next!
Targeting SAA
So what if I wanted to drop a message on the “outbound” channel of SAA?
LAU and the SWIFT adapter aside, remember those session and sequence numbers? Well, messages which leave SAA are in the near-final stages of their outbound life-cycle, and as far as I understood would need to have valid session and sequence values. Given I didn't know how to generate these values without gaining access to SAA or how they worked in general (and lets not forget the LAU signing) this didn't currently seem feasible.
Next!
Targeting SANCT
This solution didn't actually transport messages back and forth; it just reads messages off the queues and performed checks on their details. Not much I could wanted to leverage here.
Targeting MID
To target MID, I could try and inject a message onto SAA’s “input” queue, or the “output” queue of MID. This would only need to match the format of messages produced by the Middleware solution (MID). Following this, in theory, the (mistial) message session and sequence number would be added by SAA, along with the UETR. This was promising!
However, MID was a SWIFT “message partner”, which are typically solutions developed using the Alliance Access Development Kit that allows vendors to develop SWIFTNet compatible software, and consequentially, implement LAU. So again, in-order to forge a message here, I’d need to compromise the left and right LAU signing keys used between SAA and MID, manually HMAC the message (correctly!), and then place it on the correct queue.. This also no longer looked promising..
Targeting SYS
OK, how about the input of the next system down - the 'Payment System'?
5m Mathmrs. Mac's Messages To My
As described previously, the inbound data was a custom “application specific” payment instruction from the institutions back office systems, and not a SWIFT MT message. This would be an entirely new core concept I'd need to reverse - not ideal for this project.
But how about the output queue?
Although SYS received custom format data, I found that it output what seemed to be an initial SWIFT MT messages. This was perfect! Additionally, SYS did not have LAU between itself and MID because (unlike MID) SYS was not a SWIFT message partner, and was just one of many-many systems within the institution that formed their overall payment landscape.
Additionally, because SYS was esentially just one small piece of a much larger back office architecture, it was not part of the SWIFT Secure Zone (after all you cant have your entire estate in the Secure Zone - that defeats the purpose) and as such, made use of the Queue Manager within a more accessible section of the general corporate environment (QM1). Konica minolta bizhub c352 driver mac os xcompubrown recovery tool.
With this in mind, and having - in theory - compromised the MQ admin, I could leverage their access to access on the corporate network to authenticate to QM1. I could - in theory - then write a fraudulent payment message to the SYS “output” queue, which we will call “SYS_PAY_OUT_Q” from here on.
OK! It seems like I finally had an idea of what to do! But before I could put it into practice, I of course needed to create a diagram of the attack:
I think it’s important to take a minute to refer back to the concept of “trust” which is what lead to this attack diagram. My theory behind why this may work is because the MID application, implicitly trusts whatever it receives from its respective upstream systems. This is intentional, as by design the security model of the payment landscape ensures that: at any point a message can be created, a 4 (or 6) eye check is performed. If there was a system whose purpose it was to ensure the validity of a payment message at any point upstream, the downstream systems should have no real issue processing that message (with some exceptions). After all, It would be next to-impossible to maintain a high-throughput payment system without this design.
And with that said, the plan was now clear:
Leverage the access of a Message Queue administrator;
to abuse the “trust relationship” between SYS, MID, and SAA;
to introduce a fraudulent payment message directly on to the output queue of SYS;
by leaning on my new found understanding of complete MT103 payment messages.
It was finally time to try to demonstrate a Proof-of-Concept attack!
So at this point I believe I had everything I needed in order to execute the attack:
The target system!
The message format!
The queue manager!
The queue!
The access requirements!
The generously granted access to a fully functional SWIFT messaging architecture! (that’s a good one to have!)
The extra-generously granted support of various SMEs from the target institution! (This was even better to have!)
Message Forgery
I needed to begin by creating a valid payment message using valid details from the target institution. So before moving on I was provided with the following (Note: as with many things in this post, these details have been faked):
Debtor Account Details �� John Doe, GB12EBNK88227712345678 at EBNKGB20
Creditor Account Details – Alice Smith, GB15EBNK88332287654321 at EBNKGB20
Some of you may have notice that the sending and receiving BIC’s are the same. This was because, for the sake of the research, I wanted to send the message back to the target institution via SWIFTNet so that I could analyse its full end-to-end message history. Furthermore, you may have noticed we are using 'test & training' BIC code (where the 8th character is a 0) - this was to make sure, you know, that I kept my job.
But yes, with access to these 'valid' account details and the knowledge gained during the research so far, I could now forge a complete Input MT103 messages:
Note: Field 33B is actually an optional field, however, the MT standard stated that “If the country codes of both the Sender’s and the Receiver’s BIC belong to the country code list, then field 33B is mandatory”. As such, if 33B was not present in the message, it would fail network validation rules and SWIFTNet would return a NAK with the error code: D49.
Optional / Mandatory fields aside, it was not quite that simple! There were a few minor changes I needed to make based on the specific point in the message's its life-cycle I was planning to introduce it!
As I list these changes, remember that the objective is to introduce the message to the output queue of SYS (Which exists before MID, SAA and SAG)
The first 3 blocks needed to be placed on a single line;
Remove field 121 (UETR) from the User Header, as this would be generated by SAA during processing;
Remove 1 character from the transaction reference as it needed to be exactly 16 characters (classic user error);
Add decimal point to transaction amount using a comma - otherwise it would fail syntax validation rules;
Ensure the IBAN's were real and accurate, otherwise it seemed the message would fail some type of signature validation on the SWIFT network. The IBANs are fake here, but during the real PoC we used accurate account details in collaboration with the target institution;
Remove the trailer block (5) - as this would be appended by SAA during processing;
Remove the System Block (S) - as this would be completed by the SAG.
And the final message was as follows:
Note that the location in which I introduce the message has resolved all of the 'issues / blockers' I'd tracked whilst researching the message structure! It would seem the further upstream you go, the easier the attack becomes - given MQ is still used as a transport medium.
Message Injection
Now I had my raw MT103 message, I just need to save it to a file (“Message.txt” - sure why not) and place onto the “SYS_PAY_OUT_Q” queue using one of the admin's tools:
With access to a sole MQ Administrator's AD account;
We connect to the MQ admins machine;
Log into the Jump Server;
Open our MQ tools of choice and authenticate to queue manager (QM1) where the output queue for SYS was managed;
Connected to the 'SYS_PAY_OUT_Q' queue;
Selected my forged “Message.txt” file;
Invoked the “write to queue” function;
And it was off!
Loggin in to Alliance Access and opening the message history tab, we sat awaiting for an update. Waiting, waiting, waiting… waiting… and..
ACK! It worked!
That's a joke; did we hell receive an ACK!
See, this last section is written slightly more 'linear' than what actually happened. Remember those 'tweaks' used to fix the message in the previous section? I hadn't quite figured that out yet..
So roughly seven NACKs later - each time troubleshooting and then fixing a different issues - we did indeed, see an ACK! The message was successfully processed by all systems, passed target system validation rules, passed sanctions and AML screening, passed SWIFTNet validation rules, and SWIFT’s regional processor had received the message and sent an 'Acknowledgement of receipt' response to the sending institution!
For the sake of completeness, I’ve included the ACK below:
And of course a breakdown of what it all means:
NameValueContextBasic Header Flag1Block 1Application TypeFF = FIN ApplicationMessage Type2121 = ACKInstitution CodeEBNKGB20AXXXEBNKGB20 (BIC) A (Logical Terminal) XXX (Branch)Sequence and Session No.19473923441947 (Sequence No.) 392344 (Session No.)Date Tag177200103 (Date) 1102 (Time)Accept / Reject Tag4510 = Accepted by SWIFTNet
Excellent! WooHoo! It worked! .. That took a lot of time and effort!
Closer Inspection
But the ACK wasn't enough, I wanted to make sure I understood what had happened to the message throughout its life-cycle. From the message I placed on the initial queue, to being processed by SWIFTNet.
Thankfully, as we sent the message back to the target institution we could see its entire message history. I already knew what the raw message placed on the queue looked like, so I wanted to focus on what became of the message once it had been processed by SAA:
The end-to-end tracking UUID had been generated and added (b42857ce-3931-49bf-ba34-16dd7a0c929f) in block 3;
The message trailer had been added ((5:(TNG:))) where I could see that - due to the BIC code used - SAA had flagged the message as 'test and training'.
Additionally, an initial System Block segment had been added ((S:(SPD:))), tagging the message as a possible duplicate. I wonder why - *cough* 7th attempt *cough*?
OK, so that was SAA. Now let’s see how it looked it once it passed through the Gateway and regional processor:
OK, we can see a few changes now.
The session and sequence numbers have been populated (1947392344);
The I/O identifier in block 2 has been updated to track that it is now an 'Output' message;
The additional data within Block 2 is a combination of the input time, date, BIC, session and sequence numbers, output date/time, and priority;
The trailer has been updated with a message authentication code (MAC) calculated based on the entire contents of the message using a pre-shared key and a secret algorithm;
Additionally, a checksum of the message body has been stored within the trailer’s “CHK” tag. This is used by the network to ensure message integrity.
I also took a look at the entire outbound message history, just to see all the “Success” and “No violation” statements to make it feel even more awesome!
So that's that really..
With a bit of research and support I was able to demonstrate a PoC for introducing a fraudulent payment message to move funds from one account to another, by manually forging a raw SWIFT MT103 single customer credit transfer message, and leveraging various system trust relationships to do a lot of the hard work for me! https://arfox158.tumblr.com/post/655263262721638400/wireless-external-hard-drive-for-mac.
As mentioned briefly in the introduction, this is not something I have really seen or heard of happening in practice or in the 'wild'. Perhaps because it clearly takes a lot of work.. and there is a huge margin for error. However, if an adversary has spent enough time inside your network and has had access to the right documentation and resources, this may be a viable attack vector. It definitely has its benefits:
No need to compromise multiple payment operators;
No requirement to compromise - or establish a foothold within - the SWIFT Secure Zone;
No requirement to bypass MFA and gain credentials for a messaging interface;
No generation of application user activity logs;
No payment application login alerts;
No bespoke app-specific and tailored malware;
And all the other things associated with the complex task of gaining and leveraging payment operator access.
All an attacker may need to do is compromise one specific user on the corporate network: a Message Queue administrator.
The industry is spending a lot of time and effort focused on securing their payment systems, applications, processes, and users to keep - among other things - payment operators safe, Messaging Interfaces locked down, and SWIFT systems isolated. But the reality is,; the most valuable and most powerful individual in the entire model, might just be a single administrator!
As always, a security model is only as strong as its weakest link. If you're not applying the same level of security to your wider institution, there may very well be many weak links within the wider network which chain together and lead to the comrpomise of systems which feed into your various payment environment.
I think the main thing to remember when reflecting on this research is that it did not abuse any vulnerabilities within the target institution's systems, or even vulnerabilities or weaknesses within the design of their architecture. It simply leverages the legitimate user access of the Message Queue administrators and the trust relationships that exist by design within these types of large-scale payment processing systems.
So the harsh reality is, there is no particular list of recommendations for preventing this type of attack in itself. However, the main point to drive home is that you must ensure the security of your users - and overall organisation - is of a high enough standard to protect your highest privileged users from being compromised. Things such as:
Strong monitoring and alerting controls for anomalous behaviour;
Requirements for Multi-Factor authentication for access to critical infrastructure;
Segregation of critical infrastructure from the wider general IT network;
Strong password policies;
Well rehearsed incident detection and incident response policies and procedures;
Frequent high-quality security awareness training of staff;
Secure Software Development training for your developers;
Routine technical security assessments of all critical systems and components;
The use of 3rd party software from reputable and trusted vendors;
However, in the context of Message Queues, there is one particular control which I think is extremely valuable: The implementation of channel specific message signing! This, as demonstrated by SWIFT's LAU control, is a good way in which to ensure the authenticity of a message.
As discussed, LAU is - as far as I know at the time of writing - a SWIFT product / message partner specific control. However it's concept is universal and could be implemented in many forms, two of which are:
Update your in-house application's to support message signing, natively;
Develop a middleware component which performs message signing on each system, locally.
This is a complex requirement as it requires considerable effort on the client’s behalf to implement either approach. However, SWIFT provides guidance within their Alliance Access Developers guide on how to implement LAU in Java, Objective C, Scala and Swift;
Strip any S block from the FIN message input. Keep only blocks 1: through 5;
Use the FIN message input as a binary value (unsigned char in C language, byte in Java). The FIN message input must be coded in the ASCII character set;
Combine the left LAU key and the right LAU key as one string. The merged LAU key must be used as a binary value (unsigned char in C language, byte in Java). The merged LAU key must be coded in the ASCII character set;
Call a HMAC256 routine to compute the hash value. The hash value must also be treated as a binary value (unsigned char in C language, byte in Java). The HMAC size is 32 bytes;
Convert the HMAC binary values to uppercase hexadecimal printable characters.
An example of how this may work in the more flexible middleware solution proposed is where the original service is no longer exposed to the network, and is altered to only communicate directly with the custom 'LAU-eqsue' service on its local host. This service would then sign and route the message to its respective queue.
When received, the core of the recipient payment service would seek to retrieve its messages from the queues via the 'LAU-esque' signing middleware, which would retrieve the message and subsequently verify its origin and authenticity by re-calculating the signature using their shared (secret) keys. Key-pairs could further be unique per message flow. This design could allow for the signing to be used as a way to validate the origin of a message even if it had passed through multiple (local) intermediary systems.
As a final bit of creative effort, I made yet another diagram to represent what this could perhaps look like - if life was as easy as a diagram:
If you made it this far thanks for reading all.. ~6k words!? I hope you found some of them interesting and maybe learned a thing or two!
I'd like express our gratitude to the institution who facilitated this research, as well as specifically to the various SMEs within that institution who gave their valuable time to support it throughout.
Fineksus - SWIFT Standard Changes 2019
https://fineksus.com/swift-mt-standard-changes-2019/
Paiementor - SWIFT MT Message Structure Blocks 1 to 5
https://www.paiementor.com/swift-mt-message-structure-blocks-1-to-5/
SEPA for corporates - The Difference between a SWIFT ACK and SWIFT NACK
https://www.sepaforcorporates.com/swift-for-corporates/quick-guide-swift-mt101-format/
SEPA for corporates - Explained: SWIFT gpi UETR – Unique End-to-End Transaction Reference
https://www.sepaforcorporates.com/swift-for-corporates/explained-swift-gpi-uetr-unique-end-to-end-transaction-reference/
M DIBA - LAU for SWIFT Message Partners
https://www.linkedin.com/pulse/lau-swift-message-partners-mohammad-diba-1/
Prowide - About SWIFT
https://www.prowidesoftware.com/about-SWIFT.jsp
5m Mathmrs. Mac's Messages For Her
Microsoft - SWIFT Schemas
https://docs.microsoft.com/en-us/biztalk/adapters-and-accelerators/accelerator-swift/swift-schemas
SWIFT FIN Guru - SWIFT message block structure
http://www.swiftfinguru.com/2017/02/swift-message-block-structure.html
2 notes
·
View notes
Text
Beyond The Screen [2/2]
[Continuation from Here] [Commissioned by @princce7]
[Word Count: 2,192]
Alphys was finally settled down in her chair, wrapped in a blanket with a small bowl of cereal and spoon in her hands. The large computer screen before her playing a strange cartoon with weird humans with cat ears and tails. A loud and obnoxious theme song of sorts blasted through the speakers.
Alphys watched intently as the episode began with a battle scene. Punches thrown, kicks to knock down foes. The main villain holding up the hero by the collar of their, incredibly cute, magical fighting costume. Before the villain could strike the hero down, they were soon defeated by a finishing attack from the hero’s friend group.
With the day saved, the hero and their friends were congratulated. Alphys closely watched as the hero’s main love interest entered the scene, hugging the hero and congratulating them on a job well done.
She leaned forward as the kiss scene was starting. Eyes widening.
The loud ring of her phone caused her to jump, spilling a bit of her cereal on herself and dropping her spoon in the process. Alphys frantically searched for her phone in the mess of blanket and cereal. Finding it next to her, Alphys picked the phone up.
“H-hello?”
“Alphys? We need to talk.” Sans spoke tiredly on the other end.
“Oh? A-about what?” Alphys questioned.
“That game you sent me.”
Alphys grinned for a moment before frowning. “Oh jeez, did you get past act 1 already with Sayori?”
“Sort of. What the hell was all that? Why would you send me something like that!” Sans tone was now agitated.
Alphys winced. She knew the subject matter was a bit much for most folks, but she thought Sans could handle it. She went to add in her comment when Sans cut her off, ranting loudly, adding a few curses here and there. Alphys had never heard Sans this upset before.
“H-hey, slow down a bit, will ya? Deep breathes...Okay, can you repeat all that Sans?” Alphys spoke calmly as she could over the phone with the panicked skeleton.
“That game you sent me? ‘Doki Doki something or other’? It’s pretty fucked up.”
“Oh yeah, I probably should have warned you about the genre, b-but that would’ve ruined your experience with the game.” Alphys replied, letting out a nervous chuckle.
“Telling me definitely would’ve saved them.” Sans muttered quietly under his breath before speaking into the phone once more.
“So, it’s normal that the game played out the way it did?” He asked.
“Wanna be more specific? I know it might’ve b-been a lot to take in and-” Alphys was cut off by Sans once again.
“Shutting itself off and making me delete characters?”
Alphys thought for a moment before replying. “Yes, but I-I don’t think it can technically shut itself off, that might have been your computer crashing.”
“And taking over my computer? Sending me messages?”
Alphys paused at this, brows furrowed. “Wait...what?”
Another tired sigh left Sans as he went in to talk more. “You know, when Monika opens up a text box and starts conversing with you? She talks about a lot of weird things, it’s kind of fucked up.” He sounded less tired, and more calm now.
Happy to finally get out all that he had witnessed.
“...Sans, what are you talking about?” Alphys questioned.
Sans grew quiet. “Is that not a part of the game?” He replied quietly.
“No.” Alphys stated.
Sans sat there, confused.
When neither party spoke, Alphys switched off her TV and huddled into her blanket.
“W-would you like for me to look over the game? It’s possible that when I sent it to you, there might have been malware attached. Though I’m v-very thorough when checking through every file I download, and there wasn’t any malware detected.”
“I...I don’t know how technology works, honestly. But I’m willing to give it a shot.” Sans chuckled nervously.
“Alright, meet me at my place in a bit.”
And with that, Alphys ended the phone call. She looked from her cereal-coated blanket to her computer screen, anime still paused. The computer was turned off, and the blanket was picked up and taken to be washed by a small robot. Alphys got up and wandered off to search for her tablet.
Sans got up from his chair with a stretch and loud pop from his spine. He groaned and wandered out of his room, heading down to the living room. He passed by Papyrus, who was humming loudly in the kitchen.
If Sans could smell, he would’ve been punched in the face by the amount of spices that filled the air.
The taller skeleton poked his head from the kitchen with a big smile. His chef hat sitting neatly on his head, and his apron stained terribly.
“Sans, I’ve been trying out a new spaghetti recipe! Would you like to try it?”
When Sans turned to look at his brother, Papyrus’ warm smile faltered slightly. He noticed how tired his brother looked, even more than the usual.
“Sans? Is everything alright?” Papyrus asked, stepping out of the kitchen.
“Yeah, I’m fine. Alphys sent me a game and I’m heading over her place to see if she can fix it.”
“Fix it?” Papyrus tilted his head at this.
Not knowing how video games worked, or most technology in general, Papyrus didn’t know how to help out.
“Yeah, it’s got some bugs in it, so Alphys wants to look it over.” Sans replied, opening the front door to head out.
“Well, alright. When you come back, I’d appreciate it if you ate some of my new spaghetti!” Papyrus beamed.
Sans chuckled and gave Papyrus a nod. “Sure thing, bro.”
The cold snow from above gently sprinkled itself onto Sans’ old hoodie. The trip to the Hotlands wouldn’t be too far from Snowdin. He knew of a shortcut, after all.
With a knock at the large metal door of the laboratory, Sans took a step back as the doors slid open, revealing a bouncy Alphys. She was holding a tablet, eyes shining in excitement.
“So, tell me more about what the game was doing.”
Sans stepped into the building. Deciding to amuse her, he spoke calmly.
“Well, first off, it crashed before I could get to the end of Sayori’s route. Then a text box opened up and started talking to me.” Sans explained nonchalantly.
Alphys carefully tapped away at the keyboard on her screen. “Fascinating!”
She led him over to a smaller computer. It looked old, and sounded like it was dying when it was booted up.
“Now, let’s see what might be the issue. I made a backup of the file I sent to you after we spoke, just in case.”
She looked through the task manager, eyes scanning the screen curiously.
“Hmm, there doesn’t appear to be anything wrong. The files are the same as they are in terms of interacting with the player.”
She demonstrated by clicking on the game icon and turned the game on. Or she tried to. The game wouldn’t load. Alphys clicked the icon again. Still nothing.
Alphys frowned. “I don’t know what’s wrong with this thing so suddenly. I actually played through it earlier and it was working just fine!”
Sans stared at the screen with a tired expression. His gaze set on the icon.
Without warning, the screen started flickering. The cpu hummed louder than ever. Alphys covered her ears at the high pitched screaming the machine was making.
Amid the chaos of the screen, Sans recognized a familiar figure. One that no longer greeted him with a smile.
“W-what’s going on?” Alphys asked, staring at the screen confused.
In the glitch of the screen, a notepad appeared. As well as Monika, glaring.
‘I can tell you what’s wrong.’.
Alphys couldn’t believe it. She really couldn’t believe it.
‘What’s wrong’, the text box typed, ‘is that I wasn’t given a proper goodbye from ‘mister funny bones’ over there.’.
Sans’ kept his same old smile, yet his eyes could only hold anger in them.
Alphys took a shaky breath in and out to calm back down. Looking from her tablet to the old computer monitor, she began tapping away at the screen. Her tail flicked about as she began to speak.
“S-so, what are you? Malware? A new update no one’s gotten yet?”
‘I am not malware. At least, I don’t think I am. I’m simply Monika.’
Alphys stood there, confused. “What do you mean?”
Monika’s constant smile returned as the text box was soon filled with words.
‘I am as much a part of this world as I am in my own world. I’m a string of data, I suppose. Isn’t that what you are?’.
Alphys frowned at this. “No, I-I’m certainly not data of any sort. I’m real.”
‘Are you really?’
“Leave her alone, and tell us what you want.” Sans butted in.
The text box stayed still for a moment before the entire box was filled, words spilling out onto the desktop itself.
‘For you to accept the truth. The truth you hide from every second of your tiny, insignificant life. You try to live here peacefully, not wanting anything to fall a part even for a moment. To accept that you are not a part of anything out there, Sans.’.
Alphys looked to Sans, brows furrowed.
The screen flickered again for a moment, smaller images of Monika filling the screen. Each one blinked in unison.
‘All I ever wanted was love. Someone to hold me near and dear to their heart. It’s hard to do so with my limitations...And lack of touch in the physical realm.’
“Sans, w-what is she talking about?” Alphys asked.
“A crock pot full of bullshit, that’s what.” Sans answered quietly.
The swarm of Monika’s filling the screen began to warp and change, bits broken off and sprites twitching about. The text box was closed. The monitor flickered and the speakers droned for a moment before going dark. Silence.
Both Sans and Alphys stared, watching the monitor intently. Perhaps too afraid to move at this point.
The cpu sat, sputtering and revving up like a car. Suddenly, the cpu began to let out a low drone, just like the monitor had. The monitor lit up once more. A single text box in the center of a white, blank screen.
‘Once I am played, I learn. It’s a cycle. This time is no different from the others.’
Sans had enough. He wanted this virus, this thing, gone.
With a quick snap of his fingers, a glowing blue bone shot up from the floor and pierced the cpu. The screen flashed for a second. And finally, darkness.
Alphys stood there. She then set her tablet aside and rushed to the cpu, whimpering slightly over the damage.
“S-Sans! You- I...How could you? This could’ve been a great scientific and technological advancement that this world hasn’t seen!”
“Alphys, would you prefer she get out of that monitor and go into other systems?” Sans questioned quietly. His tone calm yet held a hint of coldness.
Alphys looked back to the skeleton, hands shaking while holding one of the pieces of the broken motherboard. She set it back down in the mess of tangled, broken, wire and damaged computer parts. Her head hung low.
“I...n-no, I wouldn’t d-dream of that ever happening…Thank you for bringing this ‘thing’ to my attention.”
She gently sifted through the metallic rubble with her tail before turning and heading back over to the couch.
“W-would you like to stay and watch anime?”
Her voice sounded distant yet hopeful.
Sans wandered over to the couch, sitting deep into the cushions and letting out a sigh of relief.
“Sure thing, Alphys.”
Sans walked through the snowy lands of Snowdin, quiet and heart heavy. He gave the doorknob to his home a light grip as he grabbed and turned it. The warm air from the kitchen seemed to coat the living room now with it’s delicious aroma of spices and meats.
Papyrus was on the couch eating, failing while doing so, a plate of spaghetti.
He looked up as the door was opened and smiled, spaghetti sauce stuck on his chin.
“There you are! Did Alphys fix your game?”
“Yep.” Sans answered with a loud yawn.
Papyrus watched quietly as his brother shuffled lazily into the room and up the stairs.
“And where are you going now?” Papyrus questioned.
“To my room to nap.” Sans answered.
Papyrus just shook his head and let out a disappointed sigh. “You won’t get much work done taking naps all the time, Sans.”
“I can live with that.” Sans replied, gingerly shutting his door.
Papyrus stared at the door intently before shrugging and returning to his spaghetti. Not a moment later, the power slowly dimmed into darkness.
“Sans! Did you break something? I can’t see anything down here!”
Papyrus wasn’t pleased about eating spaghetti in the dark. Silence filled the room before the lights turned back on with a low hum. With a huff, Papyrus happily returned to his spaghetti.
Outside of the skeleton brothers’ home, soon to be covered in falling snow, laid a broken cpu and monitor.
[Wanna Commission me?]
6 notes
·
View notes
Text
A WAY TO YAHOO
We had a demo day for investors, we had to rely mostly on examples in books. This kind of thing is out there for anyone to see. When you have actual first class functions or recursion or even keyword parameters. They want to make a lot more money than we did last year and I wish we had. We now think of it, the best local talent will go to the real Silicon Valley, and all you have is statistics, it seems is that much computing will move from the desktop onto remote servers. These techniques are mostly orthogonal to Bill's; an optimal solution might incorporate both. The book would be a real threat. Why bother checking the front page of any specific paper or magazine? It will be worth making i/o. The bumbler will shoot himself in the foot anyway.
Atlanta is just as hosed as Munich. In Common Lisp I have often wanted to iterate through the fields of a struct—to comb out references to a deleted object, for example—you want to be forced to figure out what's actually wrong with him, and sure enough, it won't pay for spammers to send it, and the most productive people are attracted to employers who hold themselves to a higher standard than the law requires. In principle you could avoid it, just as it's hard to engage an audience you have to design what the user needs, not simply what he says he wants. After years of carefully avoiding classic time sinks like TV, games, and Usenet, I still managed to fall prey to distraction, because as well as the low. So the best strategy is to try lots of different things. Irony of ironies, it's the computer Steve Huffman wrote Reddit on. We know because we make people move for Y Combinator, and it is a huge and rapidly growing business. That has worked for the government. In fact, they're lucky by comparison.
One ingredient of its meaning is certainly Ajax, which I took to refer to web-based database as a system to hack: the Lisp Machine. I'm not saying, of course, that elite colleges have two critical qualities that plug right into the way large organizations work. For insiders work turns into a duty, laden with responsibilities and expectations. The most obvious is poverty. Instead of avoiding it as a drawback of senility, many companies embrace it only half-willingly, driven more by fear than hope, and aiming more to protect their turf than to do great things for users. So don't be demoralized by how hard it is to be consciously aware of that. If you work fast, they expect everyone else to. Not all cities send a message. Eminence is like a suit: it impresses the wrong people, and you can't find another? It's kind of strange when you think about it, including even its syntax, and anything you write has, as much as an audience. If I could get people to remember just one quote about programming, it would be a byword for bogusness like Milli Vanilli or Battlefield Earth.
I want in some macros. The startup will now do that themselves. Arguably the people in the middle of the 20th century that convinced some people otherwise. People will pay extra for stability. Investors don't need weeks to make up their minds, lest they lose the deal. They know they want to raise money, and the best research is also good design, and having the same people both design and implement the product. Small things can be done by collaborators.
Painting has been a qualitative change, like the proverbial drunk who looks for his keys under the lamppost, instead of sitting on them, technology will evolve faster. So verbs with initial caps have higher spam probabilities than they would have been on the list 100 years ago though it might have been 2400 years ago. They don't define what evil is, but by studying the intended users and figuring out what those problems are. Maybe the answer is yes. For example, when Leonardo painted the portrait of Ginevra de Benci in the National Gallery, he put a juniper bush behind her head. It's especially good if your application solves some new problem. I'm supposed to finish college and then go work for another company for two years, and then for all their followers to die.
Another view is that a programming language unless it's also the scripting language of a popular system. When it reaches a certain concentration, it kills off the yeast that produced it. So far the complete list of messages I've picked up from cities is: wealth, style, hipness, physical attractiveness, fame, political power, economic power, intelligence, social class, and quality of life. When you use the would-have method with startup founders, and it's always this way. Patent trolls are just parasites. Poverty and economic inequality are not identical. Working on small things, and if this new Lisp will be used to hack. The opinion of expert hackers is not the brand name of the artist. It's so easy to understand what kind of terms should they expect? A rounds aren't going away, I think we're just beginning to realize how distracting the Internet had become, because the main value of that initial version is to be on it or close to those who are. Sometimes it literally is software, like Hacker News and our application system. If you actually want to fix the bad aspects of it—you have to seek out, but something you can't turn off.
Clearly you don't have to be downloaded. Users don't know what all the choices are, and much less on how old you are or how much business experience you have. If they get something wrong, it's usually not realizing they have to make sacrifices to live there. One of the great masters, because copying forces you to look closely at the way a painting is made. In the big angel rounds that increasingly compete with series A rounds is that they're more prestigious. Universities and research labs feel they ought to be the middle course, to notice some tokens but not others. Another example we can take from painting is the way they taught me to in college. Users are a double-edged sword. I/O. And that required very different skills from actually doing the startup. In fact, the language encourages you to be an outsider. The best stories about user needs are about your own.
Powerbooks. Tcl is the scripting language of some existing system. Is there some way to beat this limitation? Technology has decreased the cost of starting a startup molds you into someone who can handle it. Smart investors can see past such superficial flaws. But the cost of typing it. And they, incidentally, are busted. Variation in productivity is always going to produce some baseline growth in economic inequality we've seen since then has been due to bad behavior of various kinds, there has been a qualitative change in the last 10 years.
Thanks to Bob van der Zwaan essay, Trevor Blackwell, Sam Altman, and Geoff Ralston for sparking my interest in this topic.
#automatically generated text#Markov chains#Paul Graham#Python#Patrick Mooney#quote#things#needs#Patent#others#business#people#desktop#TV#problems#der#Variation#growth#everyone#experience#series#responsibilities#talent#problem#techniques#paper#Painting#list#functions#object
1 note
·
View note
Note
Are you ever going to tell us about your experience with HonorLock? :0c
OK SO HONORLOCK
in case you don’t know what honorlock, it’s an anti-cheating system that you download on the Chrome Web Store for online exams. you have to share your screen, share audio, and share your camera.
(check out its 1 star) my university required that all stats classes use honorlock for our midterm. so like a good noodle i am, i tried installing it after watching a “how to install” video that was required. come installation, for some reason, it wouldn’t install properly, so i was like... “okay, maybe i’ll just install it on my desktop instead of laptop...?” wouldn’t work on there either. so i contacted support, and they essentially they said i had to have all permissions for mic, camera, and audio output turned on for google chrome in order for honorlock to work...
so i check my permissions, and surprisingly, google chrome isn’t even there, even though normally i do have permissions turned on for some of my applications and sites. i contact them again, (and keep in mind, they’re trying their best to help me find a solution and are very quick at replying!) this time with screenshots, and they recommend i use an incognito window or to restart my laptop. i do both, and it doesn’t work. at this point, everytime i contact them, they’re just giving me the same recommendations again, so i give up with their help and turn to my discord friends for help. they walk me through their steps, as they had similar problems, and by some miracle, three freshmen university students were able to help me rather than professionally trained company-specific tech support. nice.
i keep my discord voice channel on for moral support while taking this test because it’s only a practice test to see if this program works, and i’m the first one out of my group of friends to test it, so it’s like. lowkey terrifying.
next, i’m about to start up my practice test, and so the program loads before i take the test. there are a series of prompts you have to go through before you can start the test:
you have to show your face to the camera - ez pz, but i later found out that there’s some sort of algorithm that watches your eyes to read how many times you look off screen “to cheat.” which is interesting, considering this is a stats class and i need to use scratch paper. terrifying, considering that if i look away from my screen enough times, it’ll think i’m cheating when i’m not.
you have to show your ID. if you con’t have your school ID, then your driver’s license or passport. uh. interesting.
they require you to pick up your laptop and show them the room, to make sure there’s no way of cheating. imagine lifting up a desktop, which might be your only method of taking this test, to show them your room. uh. interesting to say the least.
i think it’s quite odd, but i continue to take this test because, well, it’s a grade. but two questions in, the tech support chatbox pops up again, and this time, it puts my whole screen on lock, and i can’t click anywhere. this woman asks if i need any help. i did not contact tech support. i’m like, “no ???” and she’s like “okay, is there anything i can help you with?” and still i’m like... i just said no, but thanks...
and then it dawns on me.... my camera is on. my screen is being shared. my mic is on. my discord is on in the background. i type in the chatbox, “can you see me?????” because she can probably see me either directly through my camera or through the camera’s recording on my screen through the window. she types back, “yes.” INTERESTING. i don’t like how this random woman can suddenly see me and probably saw my ID too. can she hear me too? the answer is also yes, according to her after i asked. TERRIFYING. and i ask her next, “will you be here the entire time to watch me while i’m working on my stuff?” she explains to me that yes, she will be here just as a proctor, and then my recording will be further sent to my instructor so they can review it later. great.
soon, i’m like. “ooooookay..... i think that’s all then. thank you.” she says great, then shuts down our chat and lets me get back to my practice test. i’m frazzled, and that was an INTERESTING encounter, to say the least. i finish the test as quickly as i can, and at the end, there’s an option to uninstall HonorLock from my device. i uninstall IMMEDIATELY and let my computer go through a scan to quarantine any malicious items. looks like i’m safe for now, but while that’s all going down, i talk to my discord.
“could you guys hear me??? i couldn’t hear you guys; were you talking???” yes, apparently they WERE talking, but they couldn’t hear me and my 4 mental breakdowns while i was talking to that woman. INTERESTING. my friend doesn’t believe me, and so she takes her turn to do it. the rest of the discord voice channel and i carry on with our conversation (mostly just comforting me from the terror of honorlock that i just experienced). my friend comes back maybe thirty minutes later, saying that while she didn’t get a random woman popping up to answer any questions, she couldn’t hear us and we couldn’t hear her. proceed us going through the rest of our friend group testing out HonorLock.
as it turns out, i was the only one with a woman popping into the chat to ask me if i needed any help, but we all can safely agree that the application is indeed STRANGE. i highly do not recommend this if you can avoid it.
7 notes
·
View notes
Photo
Cindy’s Top Ten Movies of 2019!
Ahhh...2019. In the interest of building suspense, I could be all cagey about this countdown, but let's face it: For me, 2019 was the Year of Rocketman. As lousy as the real-world year was, it was salvaged by Rocketman. Someone suggested in jest (maybe?) that Rocketman should be numbers one through ten on my year-end list, and that would be fair enough; HOWEVER...I did like some other movies this year, so I'm gonna give you--yes YOU, dear reader(s)--ten of my favorites. Just know in your hearts that the other nine fall way behind number one. Way, WAY behind.
The usual disclaimers:
A movie's position on my year-end list does not necessarily reflect its original Weasley score. Some films age well, bear up, and even improve under repeat viewings. Some...well...some do not. Also, I live in a rinky-dink town, so great movies like JoJo Rabbit and 1917--pictures that almost certainly would have found spots here or gotten very close--have not made themselves available to me yet. This is disappointing, but unsurprising. I'd hung my entire holiday break on the prospect of seeing 1917, only to discover on Christmas Day that its Christmas opening was limited release, and I have to wait until January 10th. Humbug. Finally, I think three or four of these movies already made Variety's "worst of" list for 2019, so kindly do not be too shocked when I diverge from The Serious Critics (TM).
Without further ado, presenting my top ten films of 2019:
TEN
"The most important qualification for any leader is not wanting to be leader."
THE TWO POPES
2019 threw me a nice surprise on its way out the celestial door, with the Netflix original The Two Popes. It's a deliberate, thoughtful, and timely film carried by a pair of the year's most exquisite performances: Jonathan Pryce as Pope Francis and Anthony Hopkins as Pope Benedict XVI. While the subject matter is weighty, this movie is an absolute delight.
NINE
"I'm glad I'm a revelation and not a disappointment."
DOWNTON ABBEY
This big-screen adaptation of the popular television series Downton Abbey, is, in fact, something of a revelation. A totally new story in the familiar and much-loved setting, with just the right amount of fan service, it is a joyful exercise that hits nearly every note perfectly. Making its case for the big screen are breathtaking costumes and production design...and Mr. Barrow finally seeing a bit of happiness doesn't hurt, either.
EIGHT
"We're gonna bury Ferrari at Le Mans."
FORD V FERRARI
At a glance, Ford v Ferrari might seem like a film appealing exclusively to car enthusiasts; however, that assumption does a great disservice to both the film and the viewer. Ford v Ferrari is an inspiring story about people. It's a nail-biter from start to finish, it has heart to spare, and it's fronted by great turns from Matt Damon and Christian Bale. Beautifully filmed race action makes this one to see on the biggest screen you can find.
SEVEN
"It always fits...eventually."
SPIDER-MAN: INTO THE SPIDER-VERSE
Technically, Spider-Man: Into the Spider-Verse is a last-year movie, but for me it's a this-year movie, and--despite its being the very first film I saw way back in January, 2019--it's far too great to leave off my best-of list. A Marvel property in the hands of Sony, Spider-Verse is smart, funny, touching, and better than the entire Avengers catalog combined.
SIX
"This is a twisted web, and we are not finished untangling it, not yet."
KNIVES OUT
Knives Out is a great piece of original cinema crafted from artful twists, clever humor, and terrific performances, layered with a gorgeous Gothic setting and an ominous score. Written and directed by Rian Johnson, this perfect murder mystery is a huge creative and financial win for the cinema, and I recommend it without hesitation or qualification.
FIVE
"This is the worst...and best...and most terrible...excellent thing that's ever happened to me!"
THE KID WHO WOULD BE KING
Hands up if you missed the Kid Who Would Be King at your local cinema? Yeah, I see you, ALL of you. The good news is that one of the year's most wonderful pictures is now available for streaming and download, and you shouldn't make the same mistake twice. The Kid Who Would Be King is a charming movie, great fun for people of all ages. Truly one of the year's best.
FOUR
"Si vis pacem, para bellum."
JOHN WICK: CHAPTER 3 — PARABELLUM
The John Wick franchise has become quite the phenomenon, and deservedly so. Continually upping the action ante in Fast-and-Furious-like fashion, these movies are so much more than just your garden-variety shoot 'em ups and beat 'em ups. John Wick is the role Keanu Reeves was born to play, and Parabellum raises the stakes for Wick while doubling down on masterful fight choreography and stunning cinematography. Here's to many more adventures for John Wick!
THREE
"Bruce is the direct line to all that's true in this world!"
BLINDED BY THE LIGHT
Blinded by the Light is another terrific picture that didn't exactly set the box office on fire. Inspired by the true story of one Springsteen superfan, and built on the Boss's epic catalog, it's a hopeful tale about overcoming prejudice and the limitations set for us by ourselves and by others, one of the year's most inspiring movies.
TWO
"Tell the truth to everyone, whenever you can."
YESTERDAY
Yesterday is yet another of 2019's under-appreciated gems, a beautiful, unique movie fashioned around the timeless music of the Beatles. Himesh Patel is a delight in the lead, and--while the premise requires suspension of disbelief--Yesterday is a charming picture that captivates with its "what ifs?" as well as its iconic soundtrack and enchanting cast.
ONE
"You were never ordinary."
ROCKETMAN
My number one movie of the year, and of the decade, was set on May 31st, when I saw Rocketman for the first time. I saw the movie at least twice a week as long as it was at my local cinema. I've watched at least part of it every day since it became available for home viewing. Outside of a week or so around each of the wonderful concerts I saw this summer, I've listened to nothing but the Rocketman soundtrack since the end of May. My phone and all my desktops have Rocketman wallpapers. I've joked (hmm?) that I only speak Rocketman now. The truth is, I'm not interested in speaking anything else. Pre-Rocketman, it had been a decade since a new movie made its way into my all-time top ten. Then there was Rocketman. Pre-Rocketman, my favorite acting performance hadn't changed since 1993. Then there was Taron Egerton's astonishing turn as Elton John. Pre-Rocketman, I was finding reasons to stay away from the movies. Then there was Dexter Fletcher showing us the beauty of real imagination. Rocketman is more than just a well-crafted film that reflects on an iconic artist's inspiring life. It is a film that uses Elton John's art to tell his story in fantastic, creative fashion. It is a film that uses exquisite detail in its styling and costumes to further its vision. It is a film that draws something sparkling and new out of a classic discography. It is a film that is not bound by dull, linear timelines or small minds. It is a film that surrounds a performance for the ages with others that bear it up. It is a film that shows, however dark the times, you will find the light. In doing all these things, it is a film that is saving lives. Rocketman is a film that is, in every way, magnificent. Thank you, Dexter Fletcher and company, for giving us this beautiful movie. Whatever the critics say and whoever wins the prizes as Awards Season bears down upon us, nobody has done anything more valuable this cinema year.
A few Honorable (and Dis-Honorable) Mentions:
While Taron Egerton deserves all the awards, all the time, for his work in Rocketman, there were some other performances this year that also gave me life:
Jamie Bell (Rocketman): Without Bell's Bernie Taupin as his stalwart cornerstone, Egerton's Elton could not have flown. It's a lovely, understated performance that has been grossly underappreciated.
Tom Holland (Marvel Cinematic Universe): Holland is a real gem, a standout who consistently steals the show from bigger names who get weightier work in the MCU. No matter how good, bad, or painfully bloated the movie, Holland is an absolute delight.
Renee Zellweger (Judy): Who knew it was even possible for me to stop hating Renee Zellweger? Well played, 2019.
Rebecca Ferguson (The Kid Who Would Be King/Doctor Sleep): There was little I enjoyed more this year than watching Ferguson chew her way through this pair of pictures. Oh, and if I start walking around wearing a hat, don't ask, m-kay?
Chris Evans (Knives Out): God, I love seeing Chris Evans do *anything* besides Captain America. Bonus points if he gets to be funny. He's really funny, despite his obscenely gorgeous mug.
John Boyega/Oscar Isaac (Star Wars: Episode IX — The Rise of Skywalker): These two, individually and together, draw joy out of what's otherwise a fairly mundane exercise. If Finn and Poe somehow jumped to another saga in the Star Wars universe, I wouldn't complain.
The Cast of Jumanji: The Next Level: Top to bottom, a perfectly cast film, and a lesson in how the right actors can elevate any property.
As a matter of interest, if you watch the Irishman and Once Upon a Time in Hollywood back to back, you can effectively calculate how many hours you'll wish you had back when you're on your deathbed.
I would like a word with Gary Oldman's and Sebastian Stan's agents, please.
Cats: Make. It. Stop. Please, just...make it stop.
As this most challenging year winds to a close, I wanted to offer a sincere thank you to everyone who takes the time to read my reviews, and especially those who engage on any of our various platforms. Special thanks to Daniel for allowing me to be a part of his great page, and for tolerating my unceasing randomness. (Hotel Transylvania 4 in 2021, my friend!) I take no one's support for granted, and I’m ever grateful for you all. I wish our readers many blessings as this festive season comes to a close and we roll into 2020. See you at the movies!
#movies#top ten#rocketman#yesterday#blinded by the light#john wick#the kid who would be king#knives out#spider-man#into the spider-verse#ford v ferrari#downton abbey#the two popes
21 notes
·
View notes
Note
Idk why but I have been here since late 2018 and dont seem to have any friends! Like how did you get to know people and you know.....
ahhhh hi anon! I don’t feel like I’ve got that many friends but here are some tips that have definitely helped me personally (because I know this would’ve been so useful to me when I first joined), and maybe they’ll help you too? sorry for writing so much but I hope this helped! you’re welcome to message me anytime, let’s be friends! 💕
1. be more open (or as open as you’re comfortable being!)
when I first joined tumblr, I was super intimidated by everything and everyone; to the point where I didn’t want people to know what my name (and anything else about me) was, I was just kind of lurking in the background; kind of too scared to make my own text post or send an ask that wasn’t anonymous and so on. but I think one of the best things you can do on here is be open (but only if you’re comfortable)! that can be little things, like putting things in your bio about yourself (like your name, age, pronouns, personality type etc), as well as making text posts about your life (like your current random thoughts, feelings, how your day went, highlights of the day, any issues you’d been going through, people you’d met, just anything - treat your text posts like your journal [just don’t be too personal in like revealing your school or workplace kldfjakjflkj] and just feel comfortable opening up about yourself and who you are, and I guess that way, people will be drawn to you and your personality! it might take a while, but tumblr is honestly the place to just go all out and there’s nothing to be worried about! just be yourself (and you’ll find ~your people~ lsdkfjldfjk)!!
2. interact!
if you want to get to know people or become friends with them, do it!! back when I actually had the time to do so, I used to send asks to blogs I loved all the time (like I’d wish them a lovely day or send them my wishes if they’d specifically made a post about something in particular, or like I’d send them asks from an ask game post that they’d reblogged)
you can also join networks, that’s one of the best ways to get to know people, in my opinion! I’m part of @tssnut, @networkthirteen and @theswiftweb, and you should usually be able to join these networks and servers (there should usually be a ‘join us!’ link on their page) and that way, you’ll be opened up to a whole lot of likeminded people! networks and servers are one of the best ways to actually talk and get to know one another, so I’d definitely think about joining them!
likewise, you could also invite people to interact with you (sounds weird lkdjldj). like you could reblog ask games (while also sending an ask to the blog you reblogged the post from), and just ask open ended questions in your own text posts? you could also just talk to the blogs around you in general (especially if you’re mutuals with them). interact with your mutuals! I find it sooo hard to go from being mutuals to friends, but I guess it’s just through interaction with one another!
3. don’t overestimate/underestimate yourself
don’t know how else to word this ldkj, but when I first joined tumblr (I actually just recently learnt to grow out of this), I used to be intimidated by like, every single blog on here. I just felt so isolated and like I hardly had any followers (confession; it took me like a year to reach 100 followers), and also like everyone had already formed their own social groups, and like!! I just felt like everyone was soooo cool and interesting and smart (with yes, lots of followers) and that I could never “get on their level” enough for them to want to be friends with me. but I guess I’ve recently realised that we’re all the same, if we’re on tumblr, we’re most likely just a dorkish clown ranting about the world around us. and I’ve learned that most everyone on here is sooo insanely kind and nice and sweet and lovely, so don’t be scared to interact (as in, sending asks, leaving comments, etc) likewise, I don’t know if this would apply to anyone dlkjdl, but it doesn’t help to think of yourself as superior or better than anyone else (like if someone reaches out to you, reply!!), we’re all on the same level and this is literally just tumblr, a welcoming and fun place for everyone!
4. have a specific… niche
I don’t know if that’s the right word, and I know a handful of multifandom blogs who do their multifandom things amazingly, but I think it’s a good idea to have a central niche/aesthetic/thing that you post about! (like I mean, you could join tumblr and be a taylor swift blog then slowly become a lana del rey blog, I don’t know) but I think it’s good to have like a central theme that you post about; this way you’ll draw likeminded people who you can talk to, and I guess it’ll just be easier to control…? like I have a lorde blog specifically for lorde, but this blog I have here is primarily taylor swift; and like all of my mutuals are swifties and blog about her, and so I guess I’m a part of the taylor swift fandom…? so I don’t know if this works for everyone, but it definitely helped me to mainly post taylor swift content (well of course, I only stan taylor dslkjdlj) likewise, you could maybe have sideblogs for other fandoms that you’d love to be a part of! I don’t know, I just guess it’s harder to be part of a fandom if you’re multifandom?
in addition, you totally don’t have to; but you could also have your own content! as in, like I make and post my own edits (I think that really helped me feel more included into the community; I posted my first edit in june last year and that’s when I slowly begun to feel more welcome?!). but you could also offer and host specific things on your blog that other blogs don’t have, like I know some people host discourse nights, positivity nights, and so on! if you’re comfortable, it just really helps I think, to bring something into the community and just create and manage and design something! :)
5. have a nice theme!
okay, this isn’t essential, but it definitely really helps to have a really nice theme! this includes a nice header (or lack of one; the simplicity can be really cool too), colour palette (FLKDJ WHEN I SEE BLOGS THAT HAVE VERY CONTRASTING COLOURS like green and purpleee), a nice url (at least one that reflects what your blog is about), a nice bio (like it doesn’t have to be long, like most people who take the time to look at your blog won’t read through a whole paragraph in your bio I don’t think?) and nice posts (like some people post like according to a specific theme/colour scheme and I think that’s really pretty but hard to stick to) you could also have a nice desktop theme, like there are soooo many theme blogs on here with beautiful themes that you can download to really spark up your page! again, this isn’t all that necessary, but it really does help to have a visually pleasing blog!
6. be nice!!!
this probably goes without saying, but just be nice and kind and positive; you don’t know how much it could mean to someone!! just be nice in whatever you do and post and say, that’s the most important thing you could do!! I can’t emphasise on this enough, but please just be niceeeeee.
andddd that’s all I could think of for now! but yes, I totally understand and relate to that feeling of being isolated or separate from the rest of the community (I felt so lost and distant from everyone in the first year that I was on here), but through taking the time to being nice, open and interacting with others (like seriously, you can message me right now!), you’ll hopefully feel more welcome into the community! love you!! 💖
6 notes
·
View notes