Good for this person. This is exactly what you do. Screw the job.
I had a job that made me work an all nighter, 30 hours straight, over Thanksgiving. I resigned that Monday and it was one of the most satisfying decisions I’ve ever made.
Please pay attention to all the manipulation tactics this boss uses, because they’re pulling out every trick in the book.
“I’m not your boss, I’m your friend”
“Other people will be hurt by this and it’s your fault and I’m going to tell them all that”
Mocking language
Jobs are important too
“Be a team player”
“We’re your family too”
Talking as if this is a thing you must do
“We all make sacrifices”
Undermining your authority
“You caused all of this, really”
Accusing you of being “unprofessional”
“Look at the money you cost us”
“Just laugh it off and come back to work”
This is like a 101 course in how employers use guilt trips to coerce you into putting up with their bullshit. This is precisely why you should never trust those employers who insist that they’re “like a family.” They are not. It’s just a ruse so that your boss can neg you into putting your job ahead of your actual life.
I know it’s not hard to point out reactionaries hypocrisy when it comes to like safe spaces or hug boxes or whatever but genuinely how much of an echo chamber do you have to exist in for you to think this is a reasonable thing to say
reblog if attacking fascism is really the hill you want to die on
this is literally like one of the most justified and honorable hills you could die on??? lol??
If you feel like this comic doesn’t accurately represent you, and that you personally don’t act like this, good. That means this comic isn’t about you.
If you DO act like this, and are working on a counter argument about how not all _____ are ______ , well that’s just disappointing.
I love that four different people on my feed scheduled this joyous person to reblog by 8am on June 1. I look forward to seeing this a dozen more times today.
On May 3rd, Google released 8 new top-level domains (TLDs) – these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.
Usually, this should be a cool info, move on with your life and largely ignore it moment.
Except a couple of these new domain names are common file type extensions: “.zip” and “.mov”.
ALT
This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it’s in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.
What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.
Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.
ALT
ALT
ALT
ALT
ALT
This is what we’re seeing only 12 days into the domains being available. Only 5 days being publicly available.
What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you’re on, don’t enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.
I’m seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company’s internet, and that’s probably wise.
Be cautious out there.
I really want to reiterate how this can go wrong frequently and fast, folks.
A malicious actor sets up a page with an auto-downloader squatting on a domain name that matches a common zip file name like photos DOT zip. This website is set up to start an auto downloader upon being visited, downloading a zip file with the same name as the URL which contains malicious software (virus, worm, keylogger, etc).
Scenario.
Someone you know well sends you an email or text with promised photos attached. The email even reads something like this.
Because .zip is now a TLD, that plain text is automatically formatted into a link to malicious actor’s website without them having to send you anything.
Folk with family with iPhones or iPads that are sent multiple photos in one go might be familiar with iCloud’s tendency to automatically compile them into zip file for the sender and less savvy tech users have trouble NOT doing that.
These same less savvy users, or even just someone just not thinking in the moment, will click that .zip link, not realizing it isn’t the the same as clicking on the promised attachment.
They download a file that matches the name they expected. They open it because they were expecting that file and it’s from a trusted source. Except the file they downloaded isn’t the one that was sent by their trusted source and now they have malware.
Another Scenario.
An IT person tries to send you an email with instructions on how to resolve a problem with a commonly used filename like install-repair DOT zip or to install new software like microsoft-office DOT zip.
The email may start with instructions of where to go get the legitimate file to do the install or repair, but now a line later in the instructions is also has a link to a .zip URL. A user, already frazzled by IT problems, may click it to ensure they have the right file. Again, they download malicious code from a squatting website or it prompts them with a fake login and now the squatting website has stolen their login credentials for a legitimate site. All due to an expected email from a trusted source.
Above you can see microsoft-office DOT zip is already out there with a fake Microsoft login screen waiting to steal your credentials.
These risks are already out there now because the TLD has been activated.
Plain text on old post are already being resolved into links to the new websites.
Here you can see a tweet from 2021, long before .zip was a domain name, now resolves that plan text into a clickable link. You’ll start seeing this everywhere, and malicious actors do not have to lift a finger to send it to you.
Yes, a lot of users aren’t going to click that, but a lot of folk will. Whomever is squatting on photos DOT zip domain name has made a one time payment to have access to anyone that ever sees that file name typed out.
In an example of an existing squatter site, clientdocs DOT zip is exactly one such pre-setup .zip domain name that initiates an automatic download. This one may be harmless, but the set ups are already out there and waiting to catch folk.
It’s an unnecessary and risky can of worms that’s been opened up.
Holy Unforced Errors, Batman.
Critical intel.
One of the examples above, familyphotos[dot]zip, also actually exists as a warning site to this exact thing. It autodownloads a zip file, containing a single text file, labelled “what_happened.txt”:
“Hey, this isn’t family pictures!”
You’re right – and that link you clicked wasn’t a file attached to the email or message you received.
Thanks to Google[0][1], now it’s impossible to discern the difference between a link to an attachment called “familyphotos.zip” and a link to this file… unless you are able to inspect the destination of a link before clicking it. Most software and apps don’t allow that, and most people don’t know how to tell the difference anyway.
Something else to be aware of beyond autolinking, as with some clever use of an @ and unicode slashes near-indistinguishable from normal said fake URLs can be longer too. Yikes.
On May 3rd, Google released 8 new top-level domains (TLDs) – these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.
Usually, this should be a cool info, move on with your life and largely ignore it moment.
Except a couple of these new domain names are common file type extensions: “.zip” and “.mov”.
ALT
This means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it’s in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.
What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.
Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.
ALT
ALT
ALT
ALT
ALT
This is what we’re seeing only 12 days into the domains being available. Only 5 days being publicly available.
What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you’re on, don’t enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.
I’m seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company’s internet, and that’s probably wise.
Be cautious out there.
I really want to reiterate how this can go wrong frequently and fast, folks.
A malicious actor sets up a page with an auto-downloader squatting on a domain name that matches a common zip file name like photos DOT zip. This website is set up to start an auto downloader upon being visited, downloading a zip file with the same name as the URL which contains malicious software (virus, worm, keylogger, etc).
Scenario.
Someone you know well sends you an email or text with promised photos attached. The email even reads something like this.
Because .zip is now a TLD, that plain text is automatically formatted into a link to malicious actor’s website without them having to send you anything.
Folk with family with iPhones or iPads that are sent multiple photos in one go might be familiar with iCloud’s tendency to automatically compile them into zip file for the sender and less savvy tech users have trouble NOT doing that.
These same less savvy users, or even just someone just not thinking in the moment, will click that .zip link, not realizing it isn’t the the same as clicking on the promised attachment.
They download a file that matches the name they expected. They open it because they were expecting that file and it’s from a trusted source. Except the file they downloaded isn’t the one that was sent by their trusted source and now they have malware.
Another Scenario.
An IT person tries to send you an email with instructions on how to resolve a problem with a commonly used filename like install-repair DOT zip or to install new software like microsoft-office DOT zip.
The email may start with instructions of where to go get the legitimate file to do the install or repair, but now a line later in the instructions is also has a link to a .zip URL. A user, already frazzled by IT problems, may click it to ensure they have the right file. Again, they download malicious code from a squatting website or it prompts them with a fake login and now the squatting website has stolen their login credentials for a legitimate site. All due to an expected email from a trusted source.
Above you can see microsoft-office DOT zip is already out there with a fake Microsoft login screen waiting to steal your credentials.
These risks are already out there now because the TLD has been activated.
Plain text on old post are already being resolved into links to the new websites.
Here you can see a tweet from 2021, long before .zip was a domain name, now resolves that plan text into a clickable link. You’ll start seeing this everywhere, and malicious actors do not have to lift a finger to send it to you.
Yes, a lot of users aren’t going to click that, but a lot of folk will. Whomever is squatting on photos DOT zip domain name has made a one time payment to have access to anyone that ever sees that file name typed out.
In an example of an existing squatter site, clientdocs DOT zip is exactly one such pre-setup .zip domain name that initiates an automatic download. This one may be harmless, but the set ups are already out there and waiting to catch folk.
It’s an unnecessary and risky can of worms that’s been opened up.
Holy Unforced Errors, Batman.
Critical intel.
One of the examples above, familyphotos[dot]zip, also actually exists as a warning site to this exact thing. It autodownloads a zip file, containing a single text file, labelled “what_happened.txt”:
“Hey, this isn’t family pictures!”
You’re right – and that link you clicked wasn’t a file attached to the email or message you received.
Thanks to Google[0][1], now it’s impossible to discern the difference between a link to an attachment called “familyphotos.zip” and a link to this file… unless you are able to inspect the destination of a link before clicking it. Most software and apps don’t allow that, and most people don’t know how to tell the difference anyway.
ALT
ALT
ALT
ALT
ALT
ALT
