The Joy of Creating

So, I recently played The Beginner's Guide

And if you haven't heard of it, it's a fantastic game that leads you through the creation's of a programmer by the name of Coda, narrated to you by his dear friend Davey.

Now, I'm not the type to spoil a game without a warning,

and this is truly a game worth playing blind, hence why I linked it above to put it in front of as many people as I could. If you haven't played it, consider this your last opportunity to experience it for yourself before I talk about the story it tells within its two hour runtime. I'll even throw in a few line breaks just to make sure you're not just seeing how this paragraph ends before making a decision, and possibly discovering spoilers! I'm just that nice of a guy :)

Alright, it's Spoiler Time.

Throughout the game, we're told by Davey that Coda is depressed; that Coda loves to make prisons and speak to himself because he's longing for some form of social connection. So, Davey starts to share Coda's games with the world, and they do amazingly well - after, of course, Davey modifies the games to make them more accessible to players. Some of these changes include providing easy outs to puzzles, or placing something that we're initially told by Davey that Coda placed at the end of his games: A Lightpost.

Now, at the end of the game, Coda has left messages for Davey within his last game, basically calling Davey out for all the things he's done to Coda's games.

Coda never wished for his games to go public.

Coda never wanted his games to have a 'narrative', or answers to the questions he was posing in creating them.

Coda never placed a single lightpost in his games.

No, that's all Davey's doing.

And it's around this revelation, that we as the player might notice that some of the narration has become more about Davey rather than his best buddy Coda. Even to the point where Davey's going on full rants about how he's impacted by Coda's inability to keep making games. It's a parasitic relationship: Davey boasters himself by talking about Coda's work, all while draining Coda's creative energies as he has him keep making game after game after game to just fit a story Davey's sharing to the world. Without Coda, Davey has nothing new to show, or anything to talk about with these new friends he's made.

Without Coda, Davey is nothing.

And at the end of the game, Davey leaves you to explore the final bits of the level on your own. To then interact with a similar "glitch" from earlier in the game and everything fades as you stare out into a winding maze.

The game simply oozes charm in the way that it's told. At first, you believe that Coda is spiraling simply because that's what Davey said he's doing, and he's warping the concepts shown in game to something that fits Davey's narrative: Coda's a depressed programmer! He wants to seal himself off from the world! When in reality, we're never given actual proof that Coda was wanting to convey that message at all. Maybe he just really liked jails. It's left up to us as the player to come to our own conclusion.

And it begins to beg the question, have you ever found yourself living within either of these characters' shoes?

It's something I've been torn about ever since finishing the game last night - I've found myself in both situations almost simultaneously. For example, I've written a few books out of a need to escape from my old family situation - books of which I was incredibly proud of that I could craft whole new worlds even if they had a rather unimaginative beginning. But when it came time for me to persue writing as a career choice - when I was offered an opportunity to be published; my parents became the Davey in the situation and tried to control when I worked, what I wrote, so on and so forth. I stopped writing altogether; my escape from the insanity they threw me into was suddenly gone and my hopes for a new future were crushed.

Even to this day, I find myself raging the same war from both sides: I love to create just for the sake of creating; perhaps to even inspire someone to go out and try something new or to learn from a mistake of mine so they can be even better. But, there is a side that creeps up and whispers "Oh, but you could be doing this for money..." And all of a sudden, it's less about doing what I want to do and more following a vague attempt at chasing numbers that may never come. It's in part thanks to this wonderful game that I find myself easing up to a near infinite degree on myself, and I have more fun putting things out there - heck, even today, I made a new short for PlumesCast for TikTok and YouTube shorts. It may not be perfect yet, but I'm allowing myself to grow in whichever way the work and the world will let me - and I hope this can serve a bit of your sign to do so as well.

If you made it all the way down here, thanks. I've been thinking about this game non-stop since finishing it last night, and I appreciate you sticking through and reading this messy psuedo-review/revelation.

If you've played The Beginner's Guide, what did you think of it's story? And is there anything else out there that has invoked a similar feeling of self-discovery within you?

I'd certainly love to hear about it! And until next time,

I'll see you somewhere in the stars real soon...

A Whole Year Later

Remember when I created this Blog over a year ago?

Man, I do.

No, when I first created the blog about a year back, I was PSYCHED. Having a way to practice my HTML that I was learning AND be able to create more content? Pfft, sounded like a dream come true. And that's kind of what it was, a fleeting dream.

If I can be a bit nostalgic for a second, I want to talk to you about where my online username came from. PhantasmaPlumes. Not going to lie, I probably spent like a day and a half debating what would sound good. Big on rhetoric, I wanted the name to have a double meaning:

The first was a new identity I could easily toss aside if I needed to. A Phantasmagoria is like a dream, it exists and doesn't at the same time; it was perfect for the new account I made.

The second comes from another meaning Phantasmagoria has: an ever-changing scene. I was toying with the idea of creating... well, anything! All I knew was that I had a story that I wanted to share with the world, and I wanted to try and make people happier if I could.

In a way, the blog was kind of reminiscent of that mentality: I was ready to toss so many things to the wall just to see what stuck and what didn't, but what I ended up doing was burning myself out just as I was getting started rather than provide myself the groundwork to experiment. To be honest with you, similar to a lot of content creators when they first start out, they focus on the numbers, and it just destroys any hope they have.

I definitely wasn't immune to that - I was trying my best to create content on all cylinders. I had YouTube videos going up Tuesday, Thursday, and Saturday, Twitch Streams going Monday, Wednesday, and Friday, and lastly, a weekly podcast episode going live on Sundays. Even without the blog, I was firing on all cylinders and eventually, I had to make a decision on to which I needed to focus on to grow as a content creator, and that... was like a house of cards falling over.

Watching them all kind of collapse as I fell harder against myself SUCKED.

The past year was a major growing point for me as a person; I survived some crazy work projects, got certified in Salesforce and HTML/CSS, cleared who knows how many miles as I earned The Conqueror Challenge medals, plus y'know, got to spend another fantastic year with my Fiancee.

OH YEAH, YOU WOULDN'T KNOW THAT PART.

Like, dude... I could go onto a whole thing about how the Fox Wife and I got engaged. It was one of our first "real" vacations together, not being driven by anything else like a family member doing something stupid, and man, it was so nice. I think it sparked something in the both of us: an ever-growing desire to see the world together. And for the most part, we've been making that happen where we can; our weekends together have brought us out to different states to see underwhelming balloons, a convention filled with fellow nerds, and I couldn't tell you how many bookstores we've visited together.

And it's been a blast.

Sure, there's a lot of things I could sit back and say "I wish I did this or that differently," with as much regret as my voice could hold, but man, I've enjoyed picking myself back up every time. Life is never an easy journey - that line about it being a marathon is definitely true. But I wouldn't have it any other way. It's what's giving me the inspiration to come back to this and keep going; despite my planning on starting something brand new on a different site. And my attempt to do so on Tumblr, but we don't need to talk about that one!

All that to say, it's good to be back. I'm hoping within the coming weeks I can draw up some good reviews for a number of the books I've enjoyed in the past few months, share a few experiences, and enjoy laughing with everyone once again. So, until next time...

I'll see you in the stars...

This One's for the Retail Workers - Convenience Store Woman Book Review

Have you ever worked a retail job? Then this one is a must read for you.

Head's up, that's an affilated link to get the book via Amazon. If you like the review, want to read the book yourself, and want to help support the blog, consider getting it at the link above!

It was the Spring of 2016...

I had recently left my IT job for Mercedes Benz after my Director at the time decided to take off the entirety of December while we had a major construction project on our plates and were massively understaffed. Exhausted from working back to back days yet not quite done with my degree and having moved back home to save rent money, I decided the best next step for me was to take an easier job - just something that I could comfortably work at while balancing my college schedule. I began to send out applications to a bunch of entry-level positions, stuff like McDonald's, the local bar, and even construction, all to no real avail. They saw what I was - a 21 year old reaching for the stars that wouldn't stay at a place for longer than a month, let alone a year if they could find better; why waste their time? Rejection after rejection rolled in until finally, one company reached out: Target.

From there, I was no longer Seth, the IT Administrator who needed to work late hours to make sure all the tablets were up to date so we could repair cars coming in. No, I was Seth, the full-time cashier who was probably too friendly for his own good. But, in that moment, a massive shift in my mind came about: I was a part of a team bigger than just me - I was a part of the Target expereince. For some, I was the first person they saw as they walked by my lane, and for many others, I was the last Red-Shirted member on their way to the door. And I felt a sense of belonging, a sense of comradery, a sense of solidarity with everyone that dared to take on Bullseye's mantle. I was a Target Team Member.

Over the next three years up until shortly after I graduated college with my Bachelor's of Business Administration in Information Security and Assurance with a specialization in Cybersecurity (I don't get to give the full title often, let me have this one,) the iconic Target red flowed through my veins. I moved through the company, jumping from Cashiering to Guest Services, Cafe to Stocking, and eventually ending as the almost Produce Team Lead, I knew that store like the back of my hand, and I loved it. Sure, there were bad days and worse coworkers, but we were all united behind the big red balls. We were a family.

Well, family until I left. Then y'know, it just never was the same. Work dramas just don't hit the same when you're talking about a horribly configured Firewall compared to an employee accidentally shattering an entire case of Fireball liquor after all. But, what if I never left? What if I was a perpetual Target Team member until this very day?

That's what today's book explores...

In 163 pages, we live a part of the life of our protagonist, mid-30's Keiko Furukua, in a way that is both violently plain yet utterly unique as she fights with some of the most real examples of life that I could ever imagine being written. You see, Keiko isn't exactly our typical plucky protagonist; in fact, she's quite the opposite in that she's highly analytical and painfully not empathetic, to the point in which she, as a child, used a quick shovel crack to the side of the head to stop two boys fighting. Because of this, she often struggles when she doesn't have any type of instructions, because left to her own imagination her "solutions" to problems often get her in trouble. Keiko strives from a young age to act "normal," to mirror the lives of those around her as to not stand out, and the store in which almost all of this takes place in, Smile Mart, just so happens to have a set time for everything.

Across the duration of the book, Keiko shares with us the mundane way she lives her life: She eats (so she has energy to work,) she sleeps (so she can get up for work,) and she lives (so she can show up for work.) Being a cog to Smile Mart's system is so important to her, that she practically lives to work, yet it is never addressed as to whether or not this actually makes her happy. In fact, it's more addressed to the fact that society has such a strict mandate of "rules" to follow that Smile Mart allows her to slide by mostly undetected that makes her enjoy(?) the job so much. She can copy her co-worker's fashion style to match that of what a mid-30's woman would wear, share in the emotions of others to raise just the right amount of rage when someone shows up late, and ultimately, she can pass as normal so long as she stays at the store. But, that can't last forever, right?

Just FYI, there are some heavy spoilers ahead about the central conflict of the story and how the book ends below, so hey, feel free to skip this part and read the book yourself from here. It's fantastic, and absolutely worth a few hours of your time. Then y'know, come back and let me know what you thought. We cool? We cool.

Have you ever had the pleasure, or lack there of I should say, of meeting someone who believes "Women should stay in the kitchen" and can't get a partner to save their lives? Yeah, there's an incel character, and he is the most unlikable piece of garbage in the entire book - it actually really soured my read of it because, lo and behold, the dude read like my old college roommate at times. Felt really bad that I juxtapositioned him into this dude's spot, but hey, if the shoe fits... ANYWAY...

This dude gets introduced about midway through, and you know from how much time they give this complete loser that Keiko is going to get involved with him in some way or another. And surely enough, it's not long after he gets fired for stalking a female guest and is doing, just that, again. By this point in the book, he's made mention of how he would never go after Keiko because she's not attractive enough for him, working at a convenience store is below him (despite him doing so,) and that he's working on what sounds like a crypto scam to make it big, and just needs someone to fund it. And despite all of these unappealing bits, Keiko actually lets the guy into her home. Much to our dismay.

The worst part is that Keiko isn't doing this out of love or anything like that, in fact, she does this because she sees this misogynist's hatred of modern society as simpathetic to her needs: that if she takes in this human trash, the world accepts her a bit more because now she's not a 30-something year old woman without any romance in her life! No, she's got herself a man, and the most bizarre part? This actually works. Her family and friends are through the roof that Keiko is "healing" even though this man has no prospects and is just a leech upon her! The dude adamently declares that he "wants to get back at all the women who are just a parasite to their men, I'll become a parasite myself!"

I lied, the ABSOLUTE worst part is that because of this waste of oxygen, Keiko leaves Smile Mart. Her coworkers, too, are beyond excited for her, even forgiving the man for stalking them and being a terrible employee! What a novel concept! They even give her gifts to celebrate their new relationship! Without the store to guide her life decisions, Keiko begins to fall into a deep stasis - where time loses its meaning and even existing without the sake of the store becomes a challenge. The Incel of the Month comes with his own series of problems revolving around money, and even when you think he's going to have a redeeming moment, he opts to have Keiko take the blunt of the responsibility and has her apply to a bunch of locations to make him money.

I won't go completely into detail as to where we leave our misunderstood protagonist at the end of the novel, but it is relatively bittersweet.

Genuinely speaking, I enjoyed my ride with Convenience Store Woman. I couldn't put it down once I started, and in truth, it actually ignited a bit of a flame within me to keep reading. I'm currently working on Before the Coffee Cools, so I'll be sure to let you know how that is once I'm done. CSW is definitely a little gem though, and one of which I think everyone could do with a read of. If you've ever worked retail, I think the story will stick with you more, especially if you had older co-workers that regalled you of their woes. But, I will admit, the last quarter of the book is pretty depressing, and this book isn't the happiest in most regards - I gotta say that if you're not feeling up for it, then it's completely valid to skip it for now. But, after reading it, I hope you'll remember Keiko's story the next time you approach a part-timer; chances are, their story runs deeper than you'd ever imagine.

Now then, are you saving 5% today and every day with your Target RedCard?

Cyber Cafe Chats: Would you like Personal Data with that request, Sir?

It's kind of funny when you think about it. You hear all of these people talking about the greatness of AI, how it'll "make your tech job completely useless in a few years," but then, all of a sudden, all of that confidential data you were testing ChatGPT against gets out. Oh yes, dear reader, get that cup of coffee ready, because it's time for another

Plumes' Cyber Cafe Chat

Today's Brew is something that I think a lot of people read about, maybe even argue use cases here and there for, but don't really understand:

What are the dangers of using AI?

If you haven't heard about it already, good ol' Samsung has temporarily banned internal use of AI's such as ChatGPT and others until they can create a safer model after proprietary data was leaked. Now, this isn't anything surprising if you read through any open AI's Terms and Regulations, where most will cite something akin the following from popular AI chat site, Character.AI:

You acknowledge and agree that any questions, comments, suggestions, ideas, feedback, or other information about the Website or Services ("Submissions") provided by you to Character AI are non-confidential and Character AI will be entitled to the unrestricted use and dissemination of these Submissions for any purpose, without acknowledgement of or compensation to you.  

Granted, that's just legalese to say that whatever you give the website, it is fully entitled to do with that information whatever it wishes to do. In most cases, the conversations held with your AI companion are used to train the AI to facilitate chats better, but in training the AI, you might end up teaching it something that should've stayed private. Allow me to explain. 

Let's say that I was writing a letter to a friend, and I asked Bard AI, Google's AI suite, to proofread my letter to make sure it sounds good. It does so, tells me I'm such a wonderful friend and gives me the thumbs up. Well, even though I close the website, my letter still lives within Bard somewhere - in fact, it might be the example that comes up when the next user comes up and asks Bard, "Hey! How do I write a letter? Can you give me an example?"

Now mind you, if I just wrote a simple How-Do-Ya-Do, it probably wouldn't be a big problem; you might get something like my bud's name and my name, but other than that, it's nothing confidential. And that in itself is why I'm not up in arms with OH DEAR GOD, STOP USING AI. Trust me, anyone could find out that information needlessly fast if they wanted to find that on you, and I think AI is still a great reference tool to use so long as you're not marketing yourself on it (looking at you AI "Artists.") No, it's when you start including more personal information that something you probably shouldn't read, like perhaps if I wrote, "Hey man, here's that address for BlahBlah over at Y location. They're usually out and about from this time of day to that, so y'know, don't show up them lmao."

 

Why I would write that in a letter is beyond me, but you get my point. No, the reality is, is that anything you feed these AI bots is free game, not only for them but for anyone on the back-end, and that includes Law Enforcement if need be. Similar to the clause above from Character.AI, there are others listed within these AI website's Terms of Services that quite plainly say, "Hey, if we believe you are of harm to yourself or others, we can give these chat logs to authorities." While I don't think any of my readers would participate in something underhanded like that, it's still good to know.

 

It's hard to differentiate between the real life and the internet at times - and with how share happy the world has become now that our phones are social media machines, sometimes we overshare at times. It's alright if you have in the past! This is just a great learning opportunity, after all! But, I still vividly remember a line from my 1st grade typing class advising us: "Don't put anything online that you wouldn't want your favorite family member or best friend seeing." I'm lucky enough that most of my family isn't around for that first bit, but hoo boy would my Sister strangle me out if I posted anything dumb online. Thankfully, she's yet to find my blog :)

 

Jokes aside, while what I presented above is just an example, the reality is is once you submit something to a bot, or any website for that matter, you no longer have control over it. Even secure websites can get breached, so you need to be mindful of what you share. And, as boring as it is, I highly recommend looking through a modern Terms of Service document to see what all these wonderful websites are doing with your information. It's not my job to put a tin-foil hat on you though, nor would I want you to become overly paranoid about using the internet - it's a fantastic tool that has allowed for countless amounts of good in the world, but I do want to make you aware of what some of the dangers can be so you can better protect yourself. 

You're already reading this, so clearly you have great tastes and are doing the right thing in boosting your Cyber Security smarts. Also, you look amazing! Did you do something different with your hair? 

 

And of course, if you have any questions, please feel free to leave a comment below or email me over at PlumesCast@gmail.com; just know I may read your question on the pre-recorded air so I can train the world a bit more :) Also, feel free to share this article and the blog in general! 

 

I'll see you next time for another Cyber Cafe Chat very soon!

Cyber Cafe Chats: Passwords, who needs 'em, right?

Y'know, I know the saying is 'April showers bring May flowers,' and I don't know about you, but I'm tired of getting caught out in the rain when I try to sneak for lunch. So, let's hurry up and get a cup of coffee ready, because it's time for another

Plumes' Cyber Cafe Chat

And today's brew is going to be something that I'm sure you've all heard plenty about over the recent years:

Why do I need to make a different password for every site?

Cybersecurity - it's a broad term. For some people, that's just talking about password management and making sure you're using a VPN while on public Wi-Fi. For others, that's talking about firewalls, User Access Controls, and Intrusion Detection and Response systems. Then you have people like me who get woken up at 3AM from an alert saying that someone is trying brute force their way into your domain. Takes all kinds of folks, really.

That's where today's chat comes in, actually. Not because it happened recently, no - I'm counting my lucky glow in the dark ceiling stars that I've been blessed enough to get some good sleep recently. Y'see, despite whatever definition you give the term Cybersecurity, there's one element that stays the same throughout all systems, no matter how robust: The Human Element.

Now, that's not just a fancy sci-fi term for the resistance against our ChatGPT overlords. No, the Human element refers to us, the users who access our companies' information on the daily. From the outside in, us IT nerds probably seem like a bunch of jerkwads that don't care about your need to go to Facebook, but there's actually a lot of thought that goes into a successful security network. For example, I could build the world's most secure network - lock everything down behind multiple layers of Multi-Factor Authentication, have attention checks to make sure you're still actively using the information you're reading else I'll terminate your access and make you log in again, and I'll monitor how much data you're pulling so if you pull an unusual amount, I drop the connection immediately. Yes, I could do all of that to help protect against passwords being stolen, accounts being left open while users walk away from their machines, and stop data thievery in its tracks - all three things being real concerns that we face as System Admins alike. But you have to admit, that'd be a real pain in the ass to get into every day, right?

No, a good System Administrator knows how to balance security needs with their usergroup. They need to be able to understand that not everyone can handle multiple MFA prompts all at once, and that if you disconnect things on people too early, they waste more time getting back into the system than actually using it. And as such, they build their network alongside those limitations; I tell you all of this to give you some understanding as to why it's so important to keep your passwords secure. We do a lot of things to make sure getting access to our system, for those who are intended to have access, can be easy - so with that consideration in mind, we can talk about the other half of the Human Element.

Tell me, did you know that nearly 90% of all data breaches are caused by employee mistakes? It's true! Now, when we say mistakes, we can mean a lot of different things: clicking on a spam link and downloading malware, granting access to malicious actors because they say they're a new IT person, and yes, even sharing your password. Whether that be by a phishing attack where you get an email saying to change your password and for some reason, it mysteriously doesn't work after doing so, or you leave your passwords on a 'safe' sticky note under your keyboard, password theft attributes to countless successful breaches every year.

I can hear you now, "Well, alright Seth, I get that I need to make a secure password..." but that's not what I want to tell you. I mean, yes, please do, but what I mean is keep different passwords for all your services!

It doesn't matter if you have a super secure password if you use it everywhere after all!

So that's why I implore you, PLEASE figure out a password system that works for you. I understand that it's hard to remember passwords, but it doesn't have to be. In fact, you can use a system like this:

Date	Super Cool Password	Website or Purpose
2023Q2	P@$$W0rd$Rul3!	@Work

Allow me to explain: In the example above, we've made the password 2023Q2P@$$W0rd$Rul3!@Work.

Trust me, I don't expect anyone to have a password that complex, but this should give you an idea of what I mean. In my example, I use:

1. A Date - which is great for passwords that expire every set amount of days. You can keep the same password throughout the year just by changing the quarter!
2. A Root Password - Which is a password only I would know. Something that's secure but has value to me. You could even make this a passphrase like "PasswordsAreForChumps!"
3. The Website or Purpose of the Site - This helps add an extra layer of security where it's not just the Website name. You could do YT or Videos for YouTube for example!

If you follow the same pattern, creating passwords becomes easier and less complex to remember as time goes on. Think about it: You could easily come up with your own system instead of trying to think about which cat you liked more the day your password resets, couldn't you?

But, I do want to wrap this up because we're getting in deep at about 1,000 words already. Crazy how time flies, huh? Anyway... Passwords don't have to be some complicated thing that you dread creating. You can easily establish a system that works best for you, and that way you don't have to write down everything - or, if you do, write down the model for your passwords. No one will understand it at a glance like they would "GOOGLE PASSWORD TEEHEE". But, by doing this, you not only keep yourself more secure for if someone were to crack your password across all of the websites you may access, but you also help keep your company a bit more secure too. And doesn't it sound nice to make your IT people not work as hard? :)

Thank you again for joining me on yet another Plumes' Cyber Cafe Chat. Of course, you're more than welcome to send any password related questions my way by leaving a comment below, and if this helped, maybe send this over to someone who'd appreciate a quick lesson on cybersecurity. And as always, I'll talk to you again very soon; until next time!

Welcome to Cyber Cafe Chats with Plumes! Today's Brew: USB Condoms and Zero Day Vulnerabilities a plenty!

Hello everyone!

It's your new favorite System Admin here with a few digestable updates on security vulnerabilities on things you care about; that's right, it's time for a new section:

Plumes' Cyber Cafe Chats

Now, you're probably wondering what my Cyber Cafe Chats are all about. Good question! Honestly, I'm stilly defining it, but it's essentially breaking down the complicated news of the world of Cybersecurity and more in an easy, digestable format that's best enjoyed with your favorite blends and a steller vibe. So relax, get something warm to power through your Monday with, and let's chat.

Why do I keep hearing about "USB Condoms?"

If you've been watching the news lately, you've probably heard about "Juice Jacking" issues on the rise, but who would be stealing your precious Apple Juice? Well, it's not that different from your Grade School bully taking advantage of you, to be entirely honest. Just instead of something cool and delicious, it's your precious data or resources, which may or may not be more important to you. Personally, I prefer the white grape flavored profile data.

"Juice Jacking" refers to the the practice in which a malicious actors compromise a USB terminal, in this case the power terminals within coffee shops, airports, and other such public charging stations, to load malware onto your charging device. You see, your USB cable has two pairs of wires: one that handles power, and another that handles data; hackers use that data pair in order to install things like cryptominers, keyloggers, and sniffers alike to find what all you have on your device, and in some cases, extract it onto a store where they can access it later. There's no such thing as a free lunch, after all.

So, in order to protect yourself, you could get a USB Data Blocker such as the one linked, AKA a USB Condom. These specialized USB adapters have the data lines severed within them, and akin to their latex counterpart, block the flow of data from a potentially infected USB cord and hub from getting to your system.

That said, you can also employ the tried and true method of carrying your own charging equipment. If you use your own charging brick and USB to plug into one of these public charging stations, NOTHING can get across the AC/DC powerline to infect your machine. Or, if you're so on the go that sitting at a public charging station won't work for your busy lifestyle, a portable power bank such as the one listed here may suit all your needs. With some power banks even being able to charge multiple devices at once multiple times, you may find yourself even forgetting the brick and USB at home and not missing it whatsoever.

iOS Webkit Compromises, Android Vulnerabilities, and Chrome Memory Exploitations, OH MY

Now, before I wrap up our first Cyber Cafe Chat, I would like to bring your attention to a series of Zero Day Vulnerabilites that have been announced as of this past week, as well as asking the question: When is the last time you updated your device?

Zero Day Vulnerabilities, for those not in the know, are issues that were previously unknown to the provider that don't have a working fix yet; they've only been disclosed. Most of which receive patches that mitigate the damage, but until a fix is created and is provided to the public, hackers can exploit users who don't keep their devices up to date, and just such a thing has happened on our mobile world. You see, recently a pair of zero-day vulnerabilities were discovered on iOS devices listed below:

• iPhone 8 and later,
• iPad Pro (all models),
• iPad Air 3rd generation and later,
• iPad 5th generation and later,
• iPad mini 5th generation and later,
• and Macs running macOS Ventura.

These vulnerabilities are initiated by sending would-be victims text messages or emails with links that lead to a compromised website, in which either Chrome or WebKit vulnerabilities would be loaded based on the Operating System of the device. This vulnerability has already been patched out on Chrome as of October 2022, but has recently seen new life in the iOS sphere. That said, please take this opportunity to make sure your devices are up to date.

For iOS, that would be 16.4.1 – released on April 7^th, 2023, while for macOS, that would be 13.3.1 also released on the 7^th.

For Android, that would either be the March or April Update for Android 13, depending on your model. Google Pixel phones have yet to receive the April update, for example.

Additionally, a new zero day vulnerability was discovered within Chrome’s JavaScript engine, in which a threat actor could trigger browser crashes by memory exploitation as well as arbitrarily running code on infected devices. While the main targets identified in the attack thus far are high-risk individuals like politicians, journalists and more, we can’t be too cautious considering the clientele we work with, and the risk spyware would have on our machines.

Google has recently released a patch to fix this issue however, so I’d like to ask that you take a few minutes to update Chrome. Shouldn't take you more than a few minutes, so feel free to use that time to get some caffiene in you; you know your boy is about to do the same after writing all this out.

Of course, if you have any questions or concerns, please feel free to let me know!

It's honestly been an absolute pleasure writing this up for everyone, and I hope that you'll be able to use some of the information provided to protect yourself and others. And, if you liked this and want more easily digestable cyber information, I'd appreciate the follow! Still new to this whole blogging thing, so feel free to let me know how I can make this better for you as well! Until next time everyone...

I'll see you in the stars soon~!

3CX's Silence about the Supply Chain Attack is not new for the Tech World

As much as I'd prefer my first professional blog post to be something more... personal, I suppose, last night's 3CX Vulnerability reveal is the most recent of many known cybersecurity issues that get very little attention paid onto them until other media resources start talking about it, then it is all hands on deck. Except, not really. Allow me to explain. 

Before I go too deep into this, I want to start off by saying that I'm going to be referencing the article that tipped off to an issue last night before stream, a whole 12 hours before 3CX would make a statement, written by BleepingComputer. The article does a fantastic job of explaining what happened, but for those who are curious, here's a short and sweet version:

• 3CX, a Voice-over Internet Protocol (VoIP) phone company's desktop client was compromised via its GIT repository, in which threat actors injected malicious registry-editing code to 'beacon' back to retrieve the payload.
• Should the payload run, it would harvest system info, including stored credentials from Chrome, Edge, Brave, and Firefox User profiles, then attempt to connect back to deliver the stolen information. 

Here's the fun part about all of this, certain Anti-Virus (AV) systems were already detecting that something wasn't right as of MONDAY.  In fact, some were even doing as they should have and began wiping the 3CX installation from running, so you would think at some point, 3CX would have made a proper statement, right? 

... RIGHT?

Well, they sort of did. As more and more users came pouring into the 3CX support pages, we get this THRILLING bit of information from someone (who probably doesn't have a job anymore) on the support team. Ahem: 

    "While [contacting the AV softwares] sounds ideal, there's hundreds if not thousands of AV solutions out there and we can't always reach out to them whenever an event occurs. ... it makes more sense if the SentinelOne {AV in question} customers contact their security provider and see why this happens. Feel free to post your findings here if you get a reply." - JohnS_3CX

 God, I'd hate to be them right now. And I'm sure it doesn't take a System Administrator to see why this was the absolute worst answer you could've given to a bunch of concerned individuals. In fact, a Gold Partner SweetAction came in to add this great nugget of information after people raised concern about whitelisting the application:

"...the executable is signed by the trusted vendor and the vendor has stated multiple times that you should bring it up with the AV vendor... What does IT do when a business app is being flagged by AV and all indications are that it's a false positive?" But hey, at least you can reach out to their company to have them give your data away. They're great for HOTELS, SCHOOLS, AND MULTI-SITE LOCATIONS. Hell, THEY'RE THEIR SPECIALTIES. 

But you know what the cherry on top is, dear reader? Even the CEO, the CEO of 3CX himself, Nick Galea came out on one of these forum threads and says the following,

"... I don't even know why we promote both and we will review this." 

Mind you that this is in reference to why they have the Desktop version and the PWA (Phone Web App) version. So, not only did they not respond in the way that they should've, but they really hit us with the "Damn I'unno lmao" response too. But, this isn't the first time we've seen something like this, and quite honestly, this won't be the last time we see it either. Allow me to explain. 

See, as someone who has written Disaster Recovery (DR) plans and has implemented them across different locations, this is a pretty common thing to do at first - you keep your mouth shut to the public as long as possible about really happened. Then, once you have a good grasp on the situation, you can then make a public announcement with a plan of attack, remediation options, etc. 

HOWEVER...

It should have never escalated to the level that it did, with the severity of what happened behind it, with as minimal as a response that it got. This was a known issue, something that multiple AV systems were screaming about for almost a week, and thanks to a lack of communication about it, hell, even chalking this up to false positives of all things, was an absolutely terrible way to come about it. Add onto the fact that there has yet to be an official email or anything of the sort to let users know that something to this magnitude has happened, and yeah, I can easily foresee 3CX losing customers. 

Anyway, the phone's ringing, you going to answer it?

"So, you've made a blog; what's it going to be about?"

    You know, I've received this question at least four or five times since creating this blog a few days back. And if you're on any of those "HOW TO MAKE THE BIG MOOLAH WITH A BLOG YEE-HAW" sites that try to sell you on a course you really don't need, they'll hit you with that question too. It's a valid one, don't get me wrong, but it seems... I'unno, wrong? Let me explain. 

    When it came to writing things before in the past, whether that be poetry or short stories, heck even going as far to say full novels, there was one thing to keep in mind: the beginning had to be inviting and the ending had to be satisfying for you, the writer. What I mean by that is that you could pull the wool over your readers, give them one of the most suspenseful reads where they never want to put the book down, and then at the end have a twist that only the truest detail hunters would be able to get a glimpse of its coming. It may be divisive, but if it was satisfying to you, the writer, then who cares? That energy you get from completing something new, that euphoria of seeing people argue your works and discover their own meanings in things; that's the energy you'll cherish and use to your next project. I feel like this blog is just that, me writing whatever I feel like writing and telling my whimsical little stories in my style. 

    Let's be real, there's definitely going to be some structure to all of this, but just like the podcast, I like to ramble and go on side tangents. And from those side tangents, I'll go on another two or three, and then MAYBE after I indulge you on how I used to race for the umpteenth time, I'll get back to what I was originally talking about. That's essentially the energy I'm carrying into this blog - I love having the creative freedom to talk about what I want to talk about, but I'll also keep it somewhat grounded, so here's a few examples of things you could see from me in the coming weeks:

• Supplemental PlumesCast Info - Bro, if you've heard my podcast, PlumesCast, you know that sometimes there's not enough time in the world for me to talk about everything that I want to, so I'll make additional blog points to talk about some of the episodes. Kind of like a retrospective without the retro part :)
• Media Reviews - As I've steadily grown out my 2023 Media list on Twitter and as I've mentioned on the stream a number of times, I wanted to create a book club of sorts for a long while. I figured the blog would be a great spot to do so outside of the Discord - could bring some new faces into the community too!
• Lastly, Recipes - Although it's been a long time since I sat down and did a cooking stream, I would say I'm still very consistent with cooking with the Fox Wife, and one of the many things we've talked about is creating a cookbook together. Now, I know there's a whole world wide web out there for you to get your recipes, but just imagine, having the Plumes Tips and Tricks on how to best prepare it! [Let's be entirely fair here, it'd probably be me laughing about how I burned the hell out of something, but y'know y'know.]

So, with all of that said, there's a plethora of topics just beyond our grasp here, but that's why I also wanted to ask the following: What kind of stuff would you like to read me talk about? Would you prefer a more grounded approach with topical information, such as recent cyber crimes? Or can it be more overarching? Can I teach y'all about some well-being tips that you can start applying to yourselves today? You tell me world; I'm here to make y'all smile, and I'm going to have a good time doing it regardless of the path we take. 

Welcome to the Blog!

Y'know, for the very first blog post, you would expect something professional like "Hello, and welcome to my blog. Today we'll be talking about..." but if you know anything about me, and chances are you may not and this is our first chat but, I'm anything but ordinary. No, for me to start this all off, I'm going to go with something familiar...

HELLO EVERYONE, welcome to the Phantasmagoria of Plumes, a blog dedicated to... well, a lot of things really! If you're one of the people from above that this is the first time we're meeting, then let me take a second to introduce myself:

My name is Seth, and I'm (at the time of writing this) 28 years old. I'm a Systems Administrator with about 10 years worth of experience under my belt, slowly working my way to a Chief Information Security Officer's position. I'm also a Twitch Streamer, and the host of PlumesCast; a podcast dedicated to teaching life lessons through stories, bringing light to our struggles to remind everyone that despite how diverse the world is, we're truly not alone, and making you smile at least once per episode! 

Now, you're probably wondering, 'Well Seth, it's nice to meet you, but why would you lead on your age instead of your experiences?' And that's a good question! You see, I've had the pleasure (read: questionable experience,) of working with a variety of people across my career such as:

• The Old Timer - The 65+ year old who fights change with such a viscous desperation you'd think I was trying to take their actual child away from them. Also assumes that you don't know anything because "you're too green."
• The Exhausted Middle Management - The 40's through 60's, not quite where they want their career to be, but are making more than enough money that they're comfortable where they're at and don't feel like pursuing much else. Probably daydreaming of retirement as I'm typing this.
• The Broken Youth - The under 40's who are still trying to figure out where they want their life to go, how they want to achieve it, and most importantly, how can they afford it? Depending on how they're feeling that day, your day could be quiet or the loudest you've ever seen - the tea is always hot with them though. And last of all...
• The ID10Ts - You really don't know how they ended up in their situation, but man, they'll either sell you on whatever they're doing, or they'll make you wonder what the hiring manager was on and how you could get some. 

Suffice to say, I've worked with a lot of people, and I'm always looking to meet new faces - it's part of the reason that I started streaming. Typically, the only interactions I get to have at work because of my young age, outside of immediate coworkers and friends I make along the way, are with people having issues with their computers. Great for teaching myself stuff for the career and all, but TERRIBLE for the social aspect of y'know, a healthy life. So, in the middle of June 2020, I said "Y'know, I want to make people laugh through this pandemic weirdness, and I want to meet new people!" And thus, PhantasmaPlumes became a reality and I've been going (mostly) strong ever since. 

But, as I began to develop more content and I became more confident in the stuff I was doing, I realized, I didn't really get to talk life advice and tell personal stories as much as I wanted to during streams. It's kind of hard to talk about the importance of good Cyber Hygiene when you're getting destroyed by the Elite Four in Pokemon, as I'm sure you know. That's how PlumesCast, my weekly podcast, started to form within my head: it was actually a Subtember goal for 2021 - I wanted to start a new form of content that anyone who couldn't catch a stream for whatever reason could still hang out with me. But, it wouldn't stay a gaming type podcast for long - in fact, if you search PlumesCast on Spotify, Apple Podcasts, Google Podcasts, or even Alexa, you'll find that most of the episodes are talking about mental health, well-being, so on and so forth. There's a good reason for that, let me explain.

After my Father passed of colon and liver cancer in 2016, I realized how many life questions I never had answered. I felt lost, scared; the deeper I went into that horrific thought pattern, the worse I felt like my life was going. My Mother, by this point in life, was already a drunkard living her best life down in Florida, and my Sister who would fill the crucial role my parents left was often so busy that I felt like I was bothering her with my stupid questions. It's a terrible place to find yourself in; you don't even realize that it's happening until you hit the ground, the air gets knocked out of you, and when you finally get that first breath to look around, it's all dark. Most of the time, people will give up there, accept their fate as a lost soul and march onward trying not to sink deeper - honestly, I nearly did the same. But, I had too many people who relied on me to stay down, too many friends that considered me the Dad of the group to show them my fears - I had to grow up fast once again. 

In doing so, I realized that there are countless people in that rut, filled with questions to give their lives meaning that they're too scared to ask or they don't know who to ask. That's what PlumesCast morphed to become - I wanted people to reach out and ask the questions they were too afraid to, and I wanted to answer them in a way a friend would. Looking back, I think I've done a pretty good job - we've had some serious laughs, some tears, but from those who've I talked to after them finding my humble little podcast, I know I've left a mark on their hearts. And that's why I wanted to take my content one step further. Welcome to The Phantasmagoria of Plumes.