So… soundcards on motherboards.

They are not that bad anymore, seems one company holds quite a firm grip on this market Realtek. What you can expect form that  ? Well most cases its a ALC888 or similar, its not a bad codec. But here is a issue why this card is not that bad.

I will skip the audiophile part of having 600 ohm headphones since tbh i don’t see much people using that anyway. So what I will talk about is a bit of basic electronics.

The point is when you look around the left edge of the motherboard near the first pcie-x16 connector you will find the audio chip. And… that’s it.  This is where it ends. The motherboard cards are very simple, mostly they lack proper filtering since capacitors take up space.

Compare that to any decent stand alone card, you will see quite a lot of capacitors, a few more things like dacs and adc. This is what makes the soundcard better. Before in windows xp where hardware sound was still allowed it was more important since you got extra features.

Now since vista removed that people thinks a soundcard like that has no benefit. Wrong, there are work around’s and still the most importnat thing, the proper build of a sound card. I have several friends that can confirm it, its worth the money

So today we will talk about a few things form past week

Somewhere around the time BoM started last week a friend of mine came with a problem to me. His minecraft server got ass raped by ponies. So yeh i did decide to help him out and put his server on my coffee table (IKEA makes grate server racks, very good value as well)

In any case… since I’m the kind of guy that likes to know what happen i started digging out what kind of shitfest do we have here. Names or hosting providers and involved parties have been changed for their protection (sure… like noone has google)

So… there is a group of hackers, you could class them as gray hats. What they did was more or less go to minecraft forums and fish on the cheap host section for targets. They went for sup par host that offered little of everything including support. Mostly one man starup that rented a server in some data center and used a quick setup using premad things… and this is the problem.

First of all… for billing they used whmcs… that is a system that took the best as a example and like sony stores the user password in plaintext. That’s a good start. Also gives you the owners email. Bet the password works there as well.

Lets now go even one step further. There is a thing in linux called cpanel, and if I was in charge there would be a hardcode in the kernel that is hidden and obscured that would prevent that from working. Who ever decided root access www webpanel will be a good idea should be pummeld to death with internet explorer 5.0

Back to the topic at hand. Multicraft is sorta similar, its a minecraft admin panel for multiple servers that allows people their server not knowing what ssh is. Lets say that thing is insecure as shit. prone to injection and remote code execution attacks checking in google for multicraft exploits gives me guides, for noobs, for ppl that have little understanding how this works. That’s how easy it is to mess that up.

So about 5 hosts got hit, cheap host that attempted to get some easy money of people that wanted a cheap hosting. Since i had expirences with cheap hosts of www pages. I know its sometimes better to pay premium or have a friend with a fiber line in his house and a not that much used server

In anycase, BBQ is over, rant is over, time to resume boring evening

/Derresh

Ok… so i get a tweet…

Oh god, @Kickstarter uses "encrypted" passwords @MalukuSeito @Derresh_Fire @HarithBK

— LordKaT (@LordKaT) February 16, 2014

And what is my first thought, like the second i get this ? Of course, they got hacked.

You don’t have to be a IT expert to do this right, you hash and salt your passwords, its not hard to implement, you can find scrips for that for kinda anything that can interface with MySQL or similar DB. The funny thing here is, every single time someone gets hacked, they claim the password db was encrypted or something like that. Here is the thing. That dose not make the IT crowd feel better. When you’re say password is encrypted instead of making people sleep better at night you tell them “You got around 12h till they crack it, or less. change it NOW”

Also… in cases like that you send a email to your users, you force reset there passwords. You tell them to change the password everywhere else, since a lot of people use the same pass for a few things.

On a plus side. They did not handle credit card info.

After some time I finally got my scheduled fixes… somewhat. So my GF now fiance is living with me, need to start getting paperwork done for her to stay longer. She is also drawing stuff again so thats good

Tech wise… Small rant of bitcoins.

So… bitcoins, who ever invented this should get a noble price in economics for something that might devastate the economics system as we know it. So yeh, its money for nothing ppl think. Nope you need a digger, that runs 24/7, you can use your GPU for it, and not make it even for the utility bill or get a 2000$ digger rig that will mb make back the money you put in for it.

I am just waiting now for the whole system to have some sort of fundamental flaw. A hash based system has one risk, of getting cross hashes. As in two things can give you the same hash, its a very low chance, but due to that occurrence RAID 5 is considered no longer fail safe, due to the size of HDDs it can happen and garbage your data, it always had a chance to but now its just enough data to make the chance be considered. Time will tell how this goes, but don’t be surprised when this falls. Some countries are banning BTC trade, some are investigating. Its just a mess, someone will end it soon