Slashdot Mirror
Audiophile Torrent Site What.CD Fully Pwnable Thanks To Wrecked RNG (theregister.co.uk)
Reader mask.of.sanity writes: Users of popular audiophile torrent site What.CD can make themselves administrators to completely compromise the private music site and bypass its notorious download ratio limits thanks to the use of the mt_rand function for password resets, a researcher has found. From the report (edited and condensed):What.CD is the world's most popular high quality music private torrent site that requires its users to pass an interview testing their knowledge of audio matters before they are granted an account. Users must maintain a high upload to download ratio to continue to download from the site. [...] "I reported it a year ago, and they acknowledged it but said 'don't worry about it,'" said New-Zealand-based independent security researcher who goes by the alias ss23.
What's this "CD" thing you speak of?
what's with that title?
News at 11.
This doesn't seem like particularly shocking news, nearly all torrent sites are poorly run.
I read the internet for the articles.
How can everyone maintain a high ratio. Doesn't having a high ratio require someone else to have a deficit?
Yeah not much in real good audio there. Sorry but a CD rip to FLAC is a joke. call me when you have found that rare japan release on SACD and then ripped that to FLAC....
Also their questionnaire is mostly Pseudo Knowledge and not real knowledge. Buddy of mine is an audio engineer with 2 degrees and he did not pass their test because he answered what was correct answers and not their audiophile misknowledge answers.
Do not look at laser with remaining good eye.
These are the people who spend over $9,000 for an audio cable because it makes "warmer sound", or better yet, audiophile SATA cables.
I don't do stupid shit like that, but I did spend several hundred dollars building my own SET tube amplifier. The difference is audible, dramatically so. So is the difference between an MP3 and any digital recording that doesn't use a lossy compression algorithm, assuming of course, that the mix wasn't done by the current crop of "more compression is always better" asshats.
In other words, while that tool who paid $9K for an ethernet cable (no shit, it's really a thing) probably can't actually hear any difference, lots of audiophiles do, and the paucity of quality source material in the online world sucks so much that ripped CD's on pirate sites are the predictable result.
We are on a relatively tech-savvy site, right? Why is there a link explaining what an audiophile is (as if I couldn't have guessed from the context even if I didn't know), but there is no link explaining how the exploit actually works? (It's not mt_rand that's the problem, it's how you seed it) Why do I have to google after reading the summary? What's the point of having editors here at all?!
What puzzles me to no end is: Where do idiots without any kind of the foggiest clue how their shit works get that kind of money? Usually, to have that amount of money to blow on bling, you have to have a job paying relevant sums. And those jobs in turn tend to require you to use the stuff between your ears as more than just as a hair fertilizer.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How about Audiophile ethernet cables. Hey, they're directional!
Ars Took them apart. and had a Double blind study with James Randi.
gold-coated, diamond-tipped network cables that would fix this. They would most likely give you higher quality sound on your digital downloads as well.
The audiophiles on the torrent site care about proper rips, not fucking audio cables. Take your worthless jabs elsewhere.
"Proper rips" means that the audio doesn't contain 50-ms gaps of zeroed-out data because the CD had a scratch.
captcha: channels
That does explain the very colorful album art.
I read as:
Do we look like we're experts in pulseaudio?
If there were experts, we wouldn't have pulseaudio.
Yeah, you can hear the difference between a solid-state amp and a SET amp, because the SET amp will sound like crap in comparison, with distortion and noise that is significantly higher than with the solid state amp.
And good luck actually hearing a difference between 320kbps or V0 MP3 compared to lossless. Try an ABX test, I think you'll be surprised at the result.
Eat the rich.
They need to run their server on an analog computer and install a special "real analog modem" that stretches the sound out to fit in the 20-2000Hz range and sends it directly over the phone line as a pure analog signal. Their customers will need to buy analog computers and analog recording devices and of course one of those special "modems." Only then will their users get the best sound possible coming out of their $10,000 home audio system.
Yea, it will be more expensive and keeping it temperature- and humidity-stable will be a pain in the rear, but it will be worth it.
As least that's what my friend's second cousin's son-in-law ex-con school chum says. He should know, he sells the stuff.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
The thing about "warmer" sound from tubes... it's actually not completely unreasonable. People don't listen to perfectly-reproduced signals, they like to mess with the frequency response. People mess with tone control all the time, and even the crappiest car radios have bass and treble control. Tubes mess with the signal in all sorts of complex ways, especially toward the top when a transistor would start clipping. It is reasonable that some people would find this distortion to be pleasant. It also seems like a non-trivial problem to recreate this distortion digitally, though recording it and playing it back should be fairly straightforward. I wonder if there's a market for pre-warmed music? :)
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
If I read you right, you are saying some audiophiles can tell the difference between a very expensive Ethernet cable and a normal-priced cable that meets the spec (with enough over-engineering so it continues to meet the spec after installation and in the face of environmental changes and normal levels of RF-noise)? I'm just not seeing how this is possible. Well, MAYBE if the cable is running through a very hostile environment well outside of what a "normal" Ethernet cable is designed to handle. But if that's you, then you've got bigger issues to worry about.
Oh, the audiophiles do have a point about cheap Ethernet cable: Every now and then, you will find cable that actually does not meet the spec. You will also occasionally find cable that barely meets the spec but as soon as you bend it a few time and the wire-strands start to break, it drop below spec. If you buy a reputable brand from a reputable vendor, you shouldn't have this problem. But in most markets you won't need to pay much if any premium to get a "known reputable" cable vs. "it tests okay out of the box but will it last over time" brand.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
A What.CD site administrator wrote in their forums that "We fixed this a few hours ago by using openssl_random_pseudo_bytes instead of mt_rand. This should have been done a long time ago, so thanks to the multiple users who reported this over the years."
The exploit was fixed before the news hit the waves. Check the github.
https://github.com/WhatCD/Gaze...
Look at it like a kind of religion. They are the chosen ones - the ones with supreme hearing and musical appreciation, they just _know_ that buying that expensive platinum coated pure silver audio cable (naturally cryogenically treated - and using the long time cooling kind*, not the inexpensive short time cooled) simply sounds better and science just doesn't apply to real audiophiles. Compare that to misc. cranks that may very well be good scientists in their area of expertise but can still believe in the most inane medical quackery or the existence of perpetuum mobiles. It's a matter of faith.
(* yes that _is_ a thing, guess they have to come up with something new as audiophiles always keep upgrading their already perfect systems)
Slashdot is using 733t-Speak terms from a decade ago in its headlines, so why not CDs? I heard they were the Bee's Knees, at one time...
It actually has a lot more of Vitamin B17 scams and antivacc than religion.
Thinking again, that, too, has a lot in common with religion... ok, you win.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This was found and fixed last year. Nice timely journalism.
So how should a member maintain a ratio of 0.90 or higher when downloading a release that has 100 seeds and no downloaders other than himself?
It is fairly common to find people who are incredibly skilled in one area but completely retarded in others. I know plenty of engineers, doctors, and lawyers who are smart and articulate when discussing their niche area of expertise who also have some surprisingly large blind spots.
To get an invite to use that site for years, still have no idea what the site actually looks like!
Michael
http://s1.sfgame.us/index.php?rec=58163
You're right, of course. It's basically EQ biased towards midrange with a bit of smooth roll-off compression on top, and a few other various effects, partly also because the output transformers absolutely murder the damping factor, leading to muddy and uncontrolled "warm" bass response.
It's all relatively easily recreated using a modern DSP, provided an adequate signal analysis of the original analog hardware.
Eat the rich.
I like building tube amps, partly for fun and partly because they sound nice. Not pure or clear like high end solid state systems, but nice.
I think a lot of modern music benefits from being amplified by tubes because it is heavily distorted to start with. Try opening a ripped CD in Audacity or similar audio editing software. Most stuff beyond about 1990 has clipping (where the samples hit the ceiling/floor of 16 bit signed numbers) all over the place. The worst are practically a frequency modulated square wave.
Tubes really help soften this out and make songs listenable again.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
That's a neat little trick to replace digital distortion with analog distortion, getting music on LPs kinda does the same thing, I guess.
We really should break the knee caps of everyone responsible for the loudness war, though.
Eat the rich.
LPs can't cope with the square wave clipping that CDs handle, the needle would be damaged or jump out of the track. So they have to be mastered differently, with less distortion and loudness.
So vinyl really does sound better than CD sometimes.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It's part of the normal process of LP mastering, the master itself isn't different. It has all the brickwall limiting and clipping that the CD version has, there's just an extra step to kinda-sorta mitigate it a bit, so you don't burn out the motors in the cutting lathe with a square wave.
Eat the rich.
Sounds like a load of pretentious fucks to me. There's only two grades of audio quality worth talking about: recorded or live . No one give a flying fuck about your hi-fi other than yourself.
You get everything on other ones as well. And it even lasts longer, as a private tracker just disappears, while a magnet link keeps working (and brings several opentrackers in its meta informations).
Please don't go all Bob Carver / Sunfire with the "easily recreated" bit.
That's like saying I can take an impulse response plot from a cathedral, and thereafter accurately apply its reverberation to a signal both digitally and off-site.
And yes, there are tools which can do something like this. Can they work? Sure. Are they perfect? No. Is it easy? Sure: I just set up a speaker and a microphone, push a few buttons, and existing software takes care of generating a model for me.
I bought a Line:6 guitar amp for my then-wife several years ago. It models things with DSP, and was at the time very close to the best of its type. It can make some very interesting and useful sounds, and it is very flexible in the manner in which those sounds are created, but none of the sounds it makes are exactly like a Marshal half-stack or a Fender Twin.
I think we've reached parity with lossy compression, and have been there for years, and that -V0 (or 320 CBR) is good enough for anyone. I'm astounded and impressed that the very best MP3 compressor is both open-source, and widely used by for-profit industry.
But don't tell me that the nonlinearities of an amp, or any other non-linear analog thing are easily recreated, unless you also want me to tell you that I can model a speaker in such a way that any speaker can sound identical to any other speaker. (It's technically true, aside from things like dispersion characteristics: I can "easily" make my freebie Altec-Lansing crap-shit computer speakers sound like a $15k pair of Martin Logans, albeit at very low volumes. And if I do, it's a fucking lie. See also: Synthesized musical instruments: It may be a very good and aurally pleasant trombone-like sound, but it's not a trombone and it cannot be.)
Kid-proof tablet..
That's...not exactly accurate.
First, a square wave doesn't exist in reality. Everything, analog and digital, that actually exists in this world has bandwidth limitations, and this in and of itself means that a waveform cannot be square.
The maximum frequency of a CD is 22.5KHz, according to Nyquist.
But LPs have plenty of bandwidth, and in fact many LPs have been sold with about twice (!) the bandwidth of a CD. CD-4 is a quad audio format wherein the front channels were recorded normally, and the rear channels were recorded at twice the frequency. It only existed on vinyl.
Cutting vinyl is part art, part science. The machine is a vinyl lathe, and it's very analog. Feeds and speeds, like any other automatic lathe. It's important to have the grooves far apart enough that they don't interact, but it's also important that they be close together so you can fit the entire work onto one disc. And this colludes with amplitude, as lower amplitudes require less space (but tend to have a higher SNR).
A skilled vinyl lathe operator will/has/does increase the feet speed during the loud parts, and decrease it for the quiet parts.
Kid-proof tablet..