Thursday, 8 November 2007

Speaking personally

I quite like waffles.fm. The SQL injection attack on what.cd last night has me a little worried about them, but I guess it's a beginners mistake that they will learn from. Hopefully so will waffles. These sites are barely a few weeks old, so I applaud the progress they have made in this short time. Many of the features that were present on OiNK have been implemented in some form, and the staff are beginning to settle into a routine. Both have a good user base and the users are busy linking their collections. I sincerely hope both sites do well, they've got some big shoes to fill.

Edit: I'm hearing reports that What.cd is suffering from another SQL injection attack. Be extremely careful if you plan on visiting.

Edit 2: The SQL injection attacks continue. This doesn't bode well for What.cd:



Edit 3: I'm not Paine, I'm azc. The clue is below where it says "POSTED BY AZC". Hope that clears up some confusion.

65 comments:

Anonymous said...

What? Why such a change of heart?

Anonymous said...

Ehm?

Mr said...

But... I like Paine's postings! :D

But fair amount of love to both sites...
what<3
waffle<3

now... let the friendship begin! xD

Anonymous said...

Noobs. :(
Seriously, the first thing to do when making a new site is to make sure input is properly filtered. :(

Anonymous said...

Ugh, one of the first things to do when securing a site is to make sure input is properly filtered. Noobs. :(

Anonymous said...

Hmmm.. sudden change of opinion?

Then again, yeah, you were provoked.. but I don't know why you went specifically for Waffles.

Jeremy said...

They aren't being attacked, they're upgrading their servers.

muffins said...

Posted by azc at 19:57 7 comments

Paine didn't post this

Anonymous said...

ah see this is nice, everyone is for the music again

Anonymous said...

I want both sites to be prosperous. Why can't both sites co exist in harmony? Why is that such a far fetched idea?

roddie said...

What's the latest on the invite situation at Waffles.fm? I sent off an email before it started and knew it would take a while for them to reply to all the emails they would receive. I was initially lurking in the IRC channels to keep upto speed with it all, but nothing seemed to be happening so I haven't been bothering recently. So should I hold out for an email or do am I going to have to go on an invite-begging quest sometime soon?

Anonymous said...

yeah guys, paine isn't the only contributer for this site so don't get confused about why it seems to be a change. It isn't a change, its a post from azc, not paine.

Blutharsch said...

So I'm still a bit confused on how an OiNK power user is able to get into either of these "amazing trackers", what with Waffles invites being held onto as tightly as the last bump of coke at a high school prom party, and with legitimate what.cd invite codes not working.

Other sites that were open a bit longer (like funkytorrents) aren't exactly stable... 504 Gateway timeouts 3 out of 4 times I try accessing the site.

phaiel said...

fairweather fan eh?

m3unit07 said...

azc posted this guys, Paine isn't the only contributer
chill out, I'm glad another contributer posted their own opinion

Anonymous said...

Erm, is Paine still a contributor on this blog? I don't see him/her on the list of contributors.

Anonymous said...

nice to see a level-headed comment on the situation

TeamHCN said...

I like Waffles, too, and I'd like it even more if I were actually a member.

I sent my email containing proof of my OiNK membership (I joined in the beginning, before open registration closed) on October 30th. When I got no response, I re-sent the same message from a different address; that was at least 4 days ago. Neither of the addresses I used were Hotmail or Yahoo!.

I understand there are a ton of people asking for invites, and only 1 or 2 people to deal with all the messages. I'm not trying to sound ungrateful, but it's getting frustrating hearing all this hype about Waffles and not being able to join. It feels like I'm being ignored. I wasn't never a top 10 OiNK member, but I wasn't a leecher either – I had my Power User+ status, the 1.2 share ratio to back it up.

All I'm saying is, I hope this situation gets resolved so that people aren't stuck begging for invites on IRC.

Jared said...

yeah they got attacked again. goatse this time. they caught it much quicker this time though, and shut down the site with a BBS message (although it did say they were switching servers at first, until they got to it to change it).

earlier today they had posted an apology about the SQL injection and asked users to report any vulnerabilities privately.

the images don't upset me all that much. the fact that some sophomoric prank has to shut down a site for hours and hours does.

Anonymous said...

hmm, bi-polar much ?

love the waffles already.

Anonymous said...

You guys are pretty dumb for missing the fact that Paine didn't make this post.

As for the SQL injections ... really weak. I've had worse shocks from a potato.

Anonymous said...

this is azc not paine.

i hope that what learns from this and SANITIZES ALL USER INPUT!

i'm still going to wait for boink to come out, at least we know for sure that TPB is somewhat competent.

Don't Need Anything said...

i actually am with roddie. i sent in my "proof" but i'm not sure if i may still be getting allowed in or if i need to look around for invites.

Anonymous said...

What exactly does a SQL injection mean and why shouldnt I visit?

Anonymous said...

azc you are my hero

Anonymous said...

Or a fair amount of hate to both sides anyway.

I think he's just screwing with us. I love Paine. Don't ever leave us.

Anonymous said...

Yeah i am seriously lacking an invite on waffles.fm as well. i NEED it. How does one go about getting it? I've always been the one giving the invites so this is a new thing looking for them :)

Anonymous said...

Haha. Paine, you're a pussy sellout. Yesterday you posted that you hated waffles and today you like it. WTF. Please end yourself.

Shoey said...

I like Waffles, because I'm in Waffles and not What and therefore couldn't make a valid comparison.

Anonymous said...

what.cd --> RIIA
a message appear on the main login page of all members, saying that riia have all the information of members of the database and will procceed for terminating pirates who registered there. go ahead and delete your accounts!!!

Anonymous said...

sorry guys but i'm not sure on that -> can i be a member on waffles.fm if i was a member of oink?

Anonymous said...

is the attack you're talking about the message about the riaa/piracy/oink?

Anonymous said...

http://img85.imageshack.us/img85/1773/piracyci4.jpg

Bob said...

Wait . . . so is the SQl-injection attack causing that weird piracy is illegal thing?

Anonymous said...

Sentence? what sentence? nobody has ever been jailed for downloading afaik, only fined.
it's a bad joke..

Sculay said...

its changed to redirect to 2girls n cup to meatspin now

Anonymous said...

yes.

Anonymous said...

srsly someone needs to stop these pranks.

Hans said...

Ok, some people...how do you even get up in the morning?

In any event..looks like what is having to do some fast growing up, sucks for them but that's where it's at. Ironic though, that with said weaknesses on a site you could argue that even a user database doesn't prove anything since anybody could manipulate that as well, with proper knowhow.

Oh well.

For the record, I prefer the layout and functionality of waffles to what, but both are decent sites, and political sniping aside, there should be no reason not to support both sites. *nothing* is gonna be oink for a very long long time, so people should just chill out and accept what is presented at face value, nothing more, nothing less.

Again, My 2c.

Ameneon@Oink.

ryne said...

how serious is this?

Anonymous said...

rofl @ the moron calling it the riia, and also believing it.


The person/persons doing these SQL injections are furthermore proving they have no life, and are pathetic little shits.

yiourx said...

Probably, someone has mentioned this before.

I am NOT jimmy, but his idea is nice. Here is how you can find mp3s on google:

http://www.jimmyr.com/mp3.php

That's what i did with oink. Just queried an mp3 name...

Anonymous said...

Noone cares whether any of you faggots got or need invites, stop spamming every single topic with your pathetic whining

mo0k. said...

aaw..i still remember the day you invited me to OiNK :D

long time no see.

i don't like waffles though.
it's a ballus lixxus deluxxus :O
(mature ?) enyhows.
oh yea, if you see madstylin, tell him i said hi!
mamamamamamammaadstyylin

piglet said...

come back paine, youre the only one i trust on the intarnets

Anonymous said...

I'm assuming it's not really anti-piratical folks that are attacking what. It's fucked up that people from our own community are attacking it. I know, let's have people from waffles attack what and people from what attack waffles and if they're all really succesful we'll have NO good torrent sites. Or instead, let's NOT have have TWO good torrent sites.

What the fuck, is it about your penis size, or is it about getting good music? What happened to the hydra?

Candice said...
This comment has been removed by the author.
Anonymous said...

Invite begging gets you nowhere when invites are closed.

Anonymous said...

Lol @ what.cd

I'm glad i deleted my account there a couple of days ago. Also, i never used the account I had. :)

readerofbooks said...

is Paine no longer a contributor on his own blog?

Anonymous said...

Posted by azc at 19:57 12 comments --- I didn't notice it at first either. Not the same blog poster. It's kind of odd that Paine let's people of other opinions post on teh paine blog. Hmm, anyway, cowabunga dude.

raZna said...

so there is light after all ...

Anonymous said...

It's sad that some people apparently just hop on a computer for the first time and managed to find this site/use torrents..

Anonymous said...

The screenshot appears to show a cross-site scripting attack, not SQL injection.

XSS is considerably harder to defend against, and I very much suspect almost every tracker out there has an XSS vulnerability somewhere.

This is said as someone who is a member of neither waffles or what.

jasoniscool said...

FYI invites will be open today at 5pm EST for the first 2500 users

Anonymous said...

i have to admit, i'm getting pretty fucking sick of what.cd crashing every time it goes up. fucking site goes down more often than every slut in highschool put together.

Anonymous said...

So if I turn of JavaScript, I'm not affected by the cross-siting/injections on what.cd? ?

Anonymous said...

mm. what.cd refuses connection
but the tracker doesn't
someone can explain?

astmatik said...

what is fyi?

Anonymous said...

I know this site isn't meant for this...

But...

Are invites being sent to all former Oink users, from Waffles ???

I'm Hurtin w/out the pink palace (just like everyone else), sorry to sound so pathetic.

I wish everyone the best.

OiNK's Biggest Fan said...

Sorry but are you OiNK himself?? or just an amateur / oink lover???

Χελωνάκι χωρίς όνομα said...

For Your Information

Anonymous said...

Haha, what has been offline pretty much the past 3 days.. how pathetic..

Long live delicious food! That's what you got for disagreeing with me on what is better, as in X360/PS3, what/waffles, ketchup/mustard, Edam/Gouda. :)

Also, astmatik, lol, lern2usewikipedia/urbandictionary/google?

Sean said...

waffles is really good. i encourage all former oinkers to seek invites there

Anonymous said...

FYI = For your information


what.cd is down right now, because it's much easier to make a site more secure without forums & irc channels being flooded with "omg wtfux da riaa is after us gtfo" fucktards.

Patience is key.