All of the CDs I’ve ordered have arrived, some quick info/review on them:

Punch ‘n’ Judy

Albums Purchased:

• Punch On!
• Spring!Time
• Live

After hearing Punch ‘n’ Judy perform at the Elf Fantasy Fair I had their songs stuck in my head and as a result just had to get their albums.

The albums sound good and I don’t really have anything bad to say about them apart from some the singing being off-key in some songs (Luckily only for short periods of time).

The Cobblestones

Albums Purchased:

• Laughstory
• Eating Trifle
• Late Breakfast

Came across The Cobblestones while listening to Punch ‘n’ Judy songs on MySpace (That was the only place I could listen to them), I like folk music and figured I’d just buy them. I don’t have much to say about their music, it just sounds good and well made.

Darius – Ergosphere

I was pleasantly surprised when I listened to the album, I incorrectly recalled Darius as being ambient music, however it is actually experimental techno which I like far more than ambient.

Album sounds good and professionally produced, has nice variety between songs and also works well as background music.

The Quick Brown Fox – Brutal Rhythm Rider

When I first downloaded this album I was of the opinion that most of the songs were too over the top for my taste, BPM was just too high and it felt too chaotic and noisy to be enjoyable.

However after listening to it a few times I’ve grown accustomed to the album and have to say it’s actually quite good, the songs are enjoyable to listen to and in the end the high BPM isn’t that disturbing.

An update of what I’ve been up to lately…

Elf Fantasy Fair

First of all I’ve been to the Elf Fantasy Fair in Haarzuilens last weekend with a group of 3 other furs, it was great fun and I met quite a lot of people. During the furry photoshoot on Saturday we had around I think 25 furries, of which 15 in suit, pretty awesome.

I also met quite a lot of bronies, I think about 16 in total, every single one said they hadn’t seen another brony yet, probably because I was the only one that wore an MLP related shirt.

Also had plenty of hugs and cuddles so yep, definitely an awesome weekend, and if possible I’ll surely be going again the next time in Arcen.

Server Distro Upgrades

I’m currently in the process of upgrading all my servers to Fedora 16, so far the 2 VM hosts at home have been upgraded and about 5/10 of the VMs running on them.

With regards to VPSs I haven’t upgraded any yet because they do run some stuff that should remain up at all times, however Radium, my newly acquired dedicated box at Hetzner is running Fedora 16 and so are the VMs running on that.

Furcast

I’ve also donated some of the space on Radium to Furcast that they can use to both host episode downloads and run some streams from during the show. So far there have been some troubles getting the VMs routing working properly however that looks more like a problem with Hetzner than with the actual VM.

I’ve also been working on writing the infrastructure for the statistics, I considered using CollectD but we wanted to have a shorter interval for the stats and some other things that I decided it would be easier to write it myself, and surely more interesting.

…

And with that you’re all up-to-date again. Xeross, out.

As all 2 of you have noticed, my blog has been unreachable for a while. My Pingdom statistics confirm it was 11 days, so why was it down?

Well first of all, my monitoring infrastructure in place is currently incapacitated, as in it doesn’t send email, yes this is bad and I should get around to fixing it. This causes the problem to only be noticed after approx. 5 days.

Second, I was sick during those 5 days, which isn’t the greatest state to be in to fix your shit. And to top that off my internet was being flaky.

So after fixing the internet I decided to tackle it and get this shit back up again. Something is fishy with that VPS.

Anyway we’re back, I’ll fix the monitoring server, and we’re good to go

o/

The Pirate Bay has been blocked by XS4ALL and Ziggo a few days ago, the domain name redirects to http://blokkade.ziggo.nl/ and switching DNS server just gets you the following result

xeross@alfa ~ [ ping thepiratebay.org
PING thepiratebay.org (194.71.107.50) 56(84) bytes of data.
^C
--- thepiratebay.org ping statistics ---
140 packets transmitted, 0 received, 100% packet loss, time 139003ms

At this moment in time I have no new information on the appeal and where it stands at the moment. Also all ISPs that BREIN has sent requests to to block The Pirate Bay have refused and are awaiting the appeal.

Sources/related links:

• TorrentFreak: Dutch Pirate Bay Blockade Goes Live
• TorrentFreak: Dutch ISPs Refuse To Block The Pirate Bay
• TorrentFreak: Dutch ISPs Ordered To Block The Pirate Bay

Today in a main proceedings that was filed by Stichting BREIN the court in The Hague has ruled that 2 of the largest ISPs in the Netherlands, Ziggo and XS4ALL, will have to block access to The Pirate Bay, they have until the 25th of January to implement this or will face fines of €10,000/day up to a maximum of €250,000.

After this victory BREIN is also trying to get other ISPs to also block The Pirate bay, using the court ruling as leverage. However these will wait to see if XS4ALL and/or Ziggo will appeal, before going through such drastic measures.

The following IP addresses and domain names are ordered to be blocked (Source: Tweakers.net):

Stichting BREIN has also been given permission to supply additional IP addresses and domain names to be added to the blockade, which is worrying as they can be added without any proper review of what is being blocked, however they are held liable if IP addresses or domain names they provide aren’t directing to The Pirate bay.

Something Interesting

One thing of particular interest is that Stichting BREIN had to prove that people using XS4ALL and Ziggo as their ISPs are using The Pirate Bay. To do this they sampled 50 movie torrents. This gave them 11,105 IPs exchanging the movies, of which 5,143 Dutch IPs of which in turn 1,477 (28,7%) are Ziggo IPs and 240 (4,7%) are XS4ALL IPs. However it is unclear if this sample provides an accurate average.

Then, to determine how many people using these ISPs have downloaded from The Pirate Bay they extrapolated the results, using data from AdPlanner (Note that it isn’t very that accurate), which estimates the amount of unique visitors from the Netherlands per month at 500,000. This leads to an estimate of 143,500 Ziggo customers and 23,500 XS4ALL customers that supposedly exchange copyrighted material through TPB. Note that they are extrapolating IPs collected from trackers on torrent downloads with website visits, while they are unrelated.

The judge based on this concurred that 30% of Ziggo customers and 4.5% of XS4ALL customers have recently downloaded illegal material from The Pirate Bay. This is crooked because the torrents could’ve come from someplace else, the material isn’t necessarily copyrighted (Free and open source software, and alike). Plus downloading movies and music both aren’t illegal in the Netherlands, which is completely ignored, partially because BREIN asserted that, even though you can disable uploading, no one actually does this.

Updates

January the 11th 2012: XS4ALL has officially announced to appeal the court ruling, their CEO stating the court ruling is “Censorship” and that this is “A dark day in internet history”
January the 12th 2012: Ziggo has also officially announced to appeal the ruling.

Further Reading:

• https://torrentfreak.com/dutch-isps-ordered-to-block-the-pirate-bay-120111/
• http://www.cyberguerrilla.info/?p=3778
• (Dutch) http://tweakers.net/nieuws/79266/ziggo-en-xs4all-moeten-the-pirate-bay-blokkeren.html
• (Dutch) http://tweakers.net/reviews/2446/brein-vs-punt-pirate-bay-internet-naar-de-haaien.html
• Stichting BREIN being hypocritical idiots: https://torrentfreak.com/copyright-corruption-scandal-surrounds-anti-piracy-campaign-111201/

Various “news” sites have reported that EA, Nintendo and Sony have dropped their SOPA support, though they’ve never published a press release about it and they weren’t even on the official list of SOPA supporters, Techdirt explains what caused this error.

So they don’t support SOPA? No, they do support it, as they’re all members of the ESA (Entertainment Software Association) which supports SOPA as can be seen in the official list of supporters (Mirror).

If you want to check whether a tech company is supporting SOPA don’t forget to look at the list of members of the ESA and the BSA (Business Software Alliance) who also support SOPA.

A security advisory was released yesterday detailing a denial-of-service vulnerability that most of the web could be affected by.

The vulnerability lies in the hashing algorithms used by a variety of programming languages (including Python, Ruby, PHP and Java). When collisions happens these algorithms will take up large amounts of CPU cycles to deal with them (From what I understand).

To give you an idea of the extent of this problem I’ll quote the PDF linked in the advisory, take for example PHP:

On an i7 core, the 60 seconds take a string of multi-collisions of about 500k. 30 seconds of CPU time can be generated using a string of about 300k. This means that an attacker needs about 70-100kbit/s to keep one i7 core constantly busy. An attacker with a Gigabit connection can keep about 10.000 i7 cores busy.

Or Ruby:

A typical POST size limit in Ruby frameworks is 2 MB, which takes about 6 hours of i7 CPU time to parse. Thus, an attacker with a single 850 bits/s line can keep one i7 core busy. The other way around, an attacker  with a Gigabit connection can keep about 1.000.000 (one million!) i7 cores busy.

This allows someone to take down almost any webserver with (very) limited resources. Possible workarounds are: limiting CPU time, limiting the POST size, or limiting the maximum amount of POST variables.

I’m currently waiting for the first PoCs and exploits to be published and will post an update when I get my hands on one (Which will also confirm if I understand the exploit correctly).

Update: I can see how this will ruin your day

Update 2: Go here for an easy to understand explanation.

GoDaddy has seen a massive amount of domains being transferred away from them as customers are moving elsewhere because of their support for SOPA. Among the companies transferring are Wikipedia and the Cheezburger Network (Who own over 1000 domains). It all took off when a GoDaddy boycott was started on Reddit. Various other domain registrars are even offering discount codes for anyone transferring to them.

Just today (The 25th of December) the counter is standing on 28,656 domains transferred out as seen on DailyChanges, and the amount just keeps climbing, day after day more and more domains are being transferred away.

GoDaddy has now retracted their public support for SOPA but the damage has been done, not to forget that they helped write SOPA, not just support it. I have no idea how long this will keep going and how many people will move away but it’s gonna hurt (It’s already hurting actually). GoDaddy is even begging for people to stay.

I’m sure more companies will face the wrath of the public because of their SOPA support, and various companies are already retracting their support for it, some companies never even explicitly supported SOPA “they agreed with Floyd Abrams’ analysis of SOPA. That’s it. They didn’t say their firms supported SOPA”.

Merry #LulzXmas to everyone http://imagebin.org/190224 Stratfor rooted. All your base are belong to us. <3 #Anonymous

This tweet just went out from the @AnonymousIRC Twitter account (First occurance of the tweet I could find), a mirror of the defacement can be found on Zone-H. The Stratfor website is down as I write this.

Stratfor is a large private intelligence corporation having fortune 500 companies and international intelligence agencies as their clients (source). A full list of clients can be found here.

Edit: there’s also this:

Over 90,000 Credit cards from LEA, journalists, intelligence community and whitehats leaked and used for over a million dollars in donations

- By @AnonymouSabu

So one million dollars from compromised credit cards, from what I can understand of later tweets they only used corp execs credit cards, who wont feel it that hard in their pockets, but not sure if I’m very fond of this action.

The Video Posted

‘Twas the night before Caturday, closed were the pools
Vids of Saint Rickrollas posted by trolls
I, in my Guy Fawkes mask, her, licking my sack,
Had decided to hate people of skin coloured black
I heard a loud CRASH and put down my liquor
Was our home being robbed… by a nigger?
I threw open the door and who should I see
But Raptor Jesus eating a baby
Sweet Raptor Jesus, the Almighty Reptile
Was clutching an uzi, looking hostile
“O Raptor Jesus!” I fell to my knees
He undid his pants and yelled, “Bitch, suck on THESE!”
Within moments his sacred love juice came a-gushing
But it was not gay, for our balls were not touching
“Where is your god now?” he said with a grin
Blessed dino spooge dripping from my chin
“I don’t GIVE gifts,” he explained to me
“I offer a system of barter, you see”
He did up his pants and pulled out a bag
Full of win, torrents, and hentai mags
Pedobear plushies! Codes that trip!
/d/elicious caek! Handmade Mudkips!
He gave me my gifts: a bottle of lube
And a Weighted Companion Cube
“Your girlfriend,” he asked, “Is she hot?”
She appeared in the doorway; he yelled “JACKPOT!”
He stretched out her vag, once tight and narrow
in exchange for copypasta with oregano
We smiled and waved as he went on his way
Knowing that, in nine months, my girlfriend would pay
As he ventures through the night, Raptor Jesus sings
“This is why we can’t have nice things.”

- Credits go to whomever wrote this fine piece of art.