Martin Gumucio

If you have been enjoying the preview of the free music service Spotify you probably also just got this in the mail. Good of them to come clean with a security breach, god knows how many other services we use that just silently fix the holes in their protocols without admitting to stuff like this.

Dear Spotify user,

Last week we were alerted to a group that managed to compromise
our protocols. After investigating we concluded that this group
had gained access to information that could allow testing of a
very large number of passwords, possibly finding the right one.
The information was exposed due to a bug that we discovered and
fixed on December 19th, 2008. Until last week we were unaware
that anyone had had access to our protocols to exploit it.

Along with passwords, registration information such as your email
address,birth date, gender, postal code and billing receipt
details were potentially exposed. Credit card numbers are not
stored by us and were not at risk. All payment data is handled
by a secure 3rd party provider.

If you have an account that was created on or before December 19th 2008,
we strongly suggest that you change your password and strongly
encourage you to change your passwords for any other services
where you use the same password.

When choosing your password we provide you with an indicator of
the password strength to help you choose a good one. To change
your password please visit your profile page on our website.

https://www.spotify.com/en/account/profile/

For the technically minded amongst you, the information that may
have been exposed when our protocols were compromised is the
password hashes. As stated, we never store passwords, and they
have never been sent over the Internet unencrypted, but the
combination of the bug and the group’s reverse-engineering of
our encrypted streaming protocol may have given outsiders access
to individual hashes.

The hashes are salted, making attacks using rainbow tables unfeasible.
Short or otherwise bad passwords could still be vulnerable to
offline targeted brute-force or dictionary attacks on individual
users, but you could not run attacks in parallel. Also, there
has been no known breach of our internal systems. A complete user
database has not been leaked, but until December 19th, 2008 it was
possible to access the password hashes of individual users had
you reverse-engineered the Spotify protocol and knew the
username.

We are really sorry about this and hope you accept our apologies.
We’re doubling our efforts to keep the systems secure in order
to prevent anything like this from happening again.

Regards,
The Spotify Team

I thought I’d do another post about the MSSIAH cart, since its by far the most interesting piece of hardware in my studio at the moment. For this months rcc I wanted to do something with the bassline application. In contrast to my previous explorations this time I came fully prepared, printed manuals at the ready.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

The bassline is of course limited in the amounts of sound it can produce, as it is meant to mimic the classic TB-303. The “Transistor Bass”, while being a great synth, is possibly the most cliché thing any studio doing electronic music could feature. I’m not very interested in how accurate the cloning of the sounds are, as every instrument is and should sound different. But I can say this: They successfully transferred the things that are fun about the TB-303 to the MSSIAH.

The best thing about this cart is of course the whole idea of making new software for a 25 year old hardware platform. Some corners have to be cut of course, and 8-bit ventures do a great job of navigating between the flaws in the c64 computer while keeping the cart easy to use in the hands of non-technical musicians. The whole sampler application (another review for another day) is for example built around a bug in the SID-chip. It wasn’t intended to work as a sampler at all..

You get a wide array of different ways to play and use the synth. You can hook it up to your midi sequencer and just play notes, while still being able to do glides and accents, or you can trigger patterns from the midi sequencer, OR most interestingly of all you can let Bassline do its thing and only slave it to the midi clock. This is perhaps the most interesting mode of them all, since it allows you to control every parameter of the synth with CC midi messages from your midi sequencer. Transpose the pattern, turn up the accent. Tweak the filter, fantastically useful.

On the other hand if you prefer to keep things hands-on you can also run it competely stand-alone. If you feel like doing some light soldering you can even add potentiometers to the top of the casing of the c64 and use them to control the synth realtime as it plays.

So in essence, this is a geeks wet dream. 8-bit ventures have done their homework well.

Belkin, one of the leading brands for computer peripherals like bluetooth dongles or mobile mice got uncovered last week by using some less than ethical methods on getting good reviews. My only question is how can you do something like this thinking you can get away with it?

The full amazing story is here

I heard about this on this weeks BBC Digital Planet. It is an effort to map up all the different arguments from the two different sides, and an effort to make the current crisis in Gaza comprehensible.

Just in time for Christmas I got a pretty unique piece of gear in my mailbox. The MSSIAH is something so rare as a brand new accessory for a 25 year old computer.

It was with trepidation I approached the studio yesterday. We worked ourselves to the bone preparing the apartment, I had no time at all to prepare or research. With so many factors could go wrong, and only two hours at my disposal, I was curious to see how far I would get.

C64 and tv worked directly, the cart plugged in fine and everything just worked  right away fantastic!  Then reality set in. Just like with the old apps back in the day, I realize that I have no clue how to actually use the software. I forgot to download the manuals!  Just like the warez of old I was resorting to the old “press every key and see what happens” tactics.  Also my iPhone could not display precisely THOSE pdf’s from the 8-bit ventures websites.. modern technology eh?

So in the end it was a big day for retro technology, everything worked flawlessly, i could remote control it via midi, i could play notes on the keyboard. And thats about all I had time for during my first session. Turns out that the parts of the system that failed was me! and my iphone. Not the candidates I was expecting.

Update

One more session later and I have made the special little cable that was needed to connect it to the mixer. Enabling me to present to you the following sweet sweet sounds:

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.