@ my fellow adults who use tumblr a lot:

can you PLEASE put your age in your about/sidebar and make sure it’s accessible on mobile. imo if you’re an adult esp 20+ it’s a little weird that you wouldn’t have your age readily available on your blog. if you’re reading this now and you don’t have your age listed, please rectify that. i feel like teenagers get lured into talking to adults in fandom/lgbt spaces that they may not have intentionally sought out because they think they’re talking to other teenagers, and this can lead to a lot of other – much more insidious –problems

Can you guys step out of the tumblr “everyone over 20 is inherently predatory and creepy towards children” bubble for once and consider that encouraging people to give up their personal information for the imagined safety of the community is like…not safe?

this advice doesn’t even make sense for multiple reasons; if someone is intent on preying upon minors, all they have to do is follow your advice and lie about their age, being over 20 doesn’t mean you can’t be preyed on yourself, you should never be coerced into giving up your privacy on social media (seriously, did a fed write this?), and promoting the idea that turning 20 means your interactions with younger people should be viewed with suspicion is absolutely harmful, like OP do you have any common sense? At all?

“ignore your own privacy boundaries and discomfort and if you don’t idk 🤔sounds a lil sus 2 me, pedophile” will you guys stop larping as conservative politicians for one second please

think-of-the-children fearmongering is not the same thing as actually protecting minors

You’re talking about - much more insidious - problems while telling people if you don’t do what I tell you, you might be a threat to the safety of our community, like okay Dubya!

Let me tell you about the insidious things that happened when I was young in fandom spaces and older fans became my friends

1. I was taught real sex ed by a midwife, including a lot of pros and cons of various birth control

2. I learned you can just get anything printed into a book and having it in a physical book don’t legitimize something

3. I learned how to enjoy other cultures without making people from those cultures uncomfortable

4. I realized my guardians, while better than my past guardians, were still abusive and what I was experiencing was not healthy, even if distressingly common

5. I learned generosity without ulterior motives actually did exist

6. I learned I don’t have to abandon the things I enjoy as I get older.

7. I was taught ways to treat people differently in deference to their age while still treating them as peers.

(they treated me as an equal, but I was not included in any sexual discussions, for example)

8. I learned that friendships don’t have to be quid pro quo

All of these things super insidious and destructive to the conservative agenda.

Destroying the links between generations is part of how the powerful keep us from forming communities and bettering our lives. Don’t do the masters’ work for them.

So in conclusion fuck no I will not be putting my age in my sidebar.

shout out to forgotten asians.

shout out to south asians: asians from india, pakistan, sri lanka, bangladesh, afghanistan, bhutan, maldives, nepal.

shout out to ignored east asians from countries less romanticized than china, japan, and south korea: to mongolia, taiwan, vietnam, and further southeast to singapore, malaysia, the philippines, east timor, brunei, cambodia, myanmar, laos, thailand, indonesia.

shout out to ethnic groups within more known asian countries, like the tibetan people in china and the ainu and ryukyuan people in japan.

shout out to russian asians. shout out to central asians in former soviet countries, to people from kazakhstan, turkmenistan, tajikistan, uzbekistan, kyrgyzstan.

shout out to western asians in countries that don’t fit neatly into trivial western/european geographical boundaries of the middle east, of south asia, of europe, of africa. 

shout out to mixed asians, to latinx asians, to black asians, to indigenous asians, to mixed south and east asians, and every combination.

asian people are more than just the same few ethnicities shown on tv.

this is the first time in my life i’ve seen sri lanka included in anything and i’m in tears. thank you.

shout out to my asian fam. we are literally one of the most diverse and i love you guys whoo <3333

HEADS UP, DO NOT DOWNLOAD MODS OR MODPACKS FROM CURSEFORGE RIGHT NOW, CURSEFORGE HAS BEEN COMPROMISED

BE SAFE GAMERS PLEASEEE

an update direct from the curseforge twitter regarding this:

key points to note:

• CurseForge itself is not compromised in any way
• a user made several accounts (now banned) uploading projects with malware. the Luna Pixel Studios situation was hacked separately, uploading similar malware. LPS and CF are in contact.
• they're in the process of going through all relevant projects/files and will be deploying more security measures in future. no new files will be approved until this is resolved.
• DO NOT delete your curseforge client as this will not solve the issue. CF intends to deploy a fix for this through the client.
• DO scan your PC for malware and avoid downloading files from new accounts for the next few days.

(accurate as of June 7th, 1pm GMT).

an additional update on this, for people who very much want all of the available information, here is the technical write-up/ongoing document on what the maleware does, how to detect it, what is believed to be compromised, and what to do if you believe you may have been compromised. the hack is known to affect linux and windows; other operating systems are currently believed safe. if you have downloaded and run a modpack since may 22nd until july 6th, please check using the steps in the document below for infected files. if you have not done that, you are safe (although you should probably delete any mods believed to be infected). if you do not use windows or linux, you are safe. if you perform the steps below and find nothing, you are safe.

if you perform the steps below and find something, know that, currently, the server the maleware was communicating with has been taken down. you should act as though your passwords were compromised, but if it was only recently, then it is likely they are not.

the infected files are unlikely to be detected by your current anti-maleware, so make sure to manually check if you believe you have been compromised!

curseforge has also released a script you can run to check for the files.

this is the current list of known infected mods:

1. Golem Awakening
2. Phanerozoic Worlds
3. Autobroadcast
4. Museum Curator Advanced
5. Vault Integrations (Bug Fix)
6. AmazingTitles
7. dungeonx
8. HavenElytra
9. DisplayEntityEditor
10. The Nexus Event Custom Event
11. SimpleHarvesting
12. McBounties
13. More and Ore advanced
14. Easy Custom Foods
15. AntiCommandSpam Bungeecord Support
16. UltimateLevels
17. AntiRedstoneCrash
18. hydrationPlugin
19. NoVPN
20. Fragment Permission Plugin
21. Anti ChatReport
22. Additional Weapons+
23. Just Enough Ingots

note that vault integrations is not the official vault hunters mod; douwsky has confirmed that is an unofficial mod. these mods have all been removed from curseforge and cannot be currently downloaded. if you don't have one of these mods, you might be safe, but still run a check to be certain! the maleware is designed to replicate itself across all jar files on your system (yikes), and so if you ran one of these mods while it was infected, it still may be present on your system.

as of now, the maleware is believed to have been neutralized (the server it communicates its payload to is offline). however, still behave as though you may have been compromised.

stay safe, and i hope this information helps!

New Things to Beware on the Internet

On May 3rd, Google released 8 new top-level domains (TLDs) -- these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.

Usually, this should be a cool info, move on with your life and largely ignore it moment.

Except a couple of these new domain names are common file type extensions: ".zip" and ".mov".

ALT

This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it's in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.

What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.

Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.

ALT

ALT

ALT

ALT

ALT

This is what we're seeing only 12 days into the domains being available. Only 5 days being publicly available.

What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you're on, don't enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.

I'm seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company's internet, and that's probably wise.

Be cautious out there.

I really want to reiterate how this can go wrong frequently and fast, folks.

A malicious actor sets up a page with an auto-downloader squatting on a domain name that matches a common zip file name like photos DOT zip. This website is set up to start an auto downloader upon being visited, downloading a zip file with the same name as the URL which contains malicious software (virus, worm, keylogger, etc).

Scenario.

Someone you know well sends you an email or text with promised photos attached. The email even reads something like this.

Because .zip is now a TLD, that plain text is automatically formatted into a link to malicious actor's website without them having to send you anything.

Folk with family with iPhones or iPads that are sent multiple photos in one go might be familiar with iCloud's tendency to automatically compile them into zip file for the sender and less savvy tech users have trouble NOT doing that.

These same less savvy users, or even just someone just not thinking in the moment, will click that .zip link, not realizing it isn't the the same as clicking on the promised attachment.

They download a file that matches the name they expected. They open it because they were expecting that file and it's from a trusted source. Except the file they downloaded isn't the one that was sent by their trusted source and now they have malware.

Another Scenario.

An IT person tries to send you an email with instructions on how to resolve a problem with a commonly used filename like install-repair DOT zip or to install new software like microsoft-office DOT zip.

The email may start with instructions of where to go get the legitimate file to do the install or repair, but now a line later in the instructions is also has a link to a .zip URL. A user, already frazzled by IT problems, may click it to ensure they have the right file. Again, they download malicious code from a squatting website or it prompts them with a fake login and now the squatting website has stolen their login credentials for a legitimate site. All due to an expected email from a trusted source.

Above you can see microsoft-office DOT zip is already out there with a fake Microsoft login screen waiting to steal your credentials.

These risks are already out there now because the TLD has been activated.

Plain text on old post are already being resolved into links to the new websites.

Here you can see a tweet from 2021, long before .zip was a domain name, now resolves that plan text into a clickable link. You'll start seeing this everywhere, and malicious actors do not have to lift a finger to send it to you.

Yes, a lot of users aren't going to click that, but a lot of folk will. Whomever is squatting on photos DOT zip domain name has made a one time payment to have access to anyone that ever sees that file name typed out.

In an example of an existing squatter site, clientdocs DOT zip is exactly one such pre-setup .zip domain name that initiates an automatic download. This one may be harmless, but the set ups are already out there and waiting to catch folk.

It's an unnecessary and risky can of worms that's been opened up.

Holy Unforced Errors, Batman.

quick and easy workaround (until you can find a better solution)

is to add

||zip^

||mov^

to your My Filters tab in Ublock Origin. reblog to save a life

you know what would be one of the greatest things Tumblr could implement right now?

there are currently community labels based on nsfw content but i believe adding a label for flashing lights would be incredible

i personally don't have epilepsy, but my father does and i would not like to find out i've inherited it scrolling through my dash.

this is a matter of safety and accessibility. our community is already conscious about these matters, but adding a uniform system would help everyone

(please reblog this post, spread the idea)

Okay but legit, if you're not in a Buy Nothing group, seek out your closest one. We literally got a free washer and dryer once. We've gotten groceries, craft supplies, pet supplies, clothes, and all sorts of shit. It's awesome.

On top of that, Instead of donating our old unwanted stuff to places like Goodwill, which wildly mistreat their workers, Buy Nothing lets me donate things directly to my community, without the risk that the sorters at the thrift shop will just throw things in the trash. I've passed along open things of hair care products that I didn't wind up liking but that had nothing wrong with them. I've passed along snacks we didn't like, pet food we didn't wind up using, and all sorts of perishables that would have otherwise gone right in the garbage.

My local group even has regular meetups where people bring all their stuff at once, and it's like a giant garage sale where everything is free.

They have a damn near global presence, so check out the website if you're looking for a local group!

reblog for sample size!

fizzy propaganda. its messy because i dont have many screenshots (and graphic design is my passion /s) but! vote fizzy!

@old-mcyt-sillymen

since no one seems to be happy with lgbt, mogai, or any other acronym or umbrella term, i came up with a new one that i think is gonna cover all our bases:

mpreg = marginalized people of romantic, erotic and gender

this post came into my house and killed my family in front of me

imagine your ocs

wasn't that nice :)