Recently I’ve bought The Orange Box at Steam to kinda complete my Valve games collection. Jordan (my host) already gave me his second Half-Life 2 and Episode One copies for Steam and I loved it. I never played Half-Life 2 until August ‘09 because my computer couldn’t handle it. (1 GHz Pentium 3 + 384 MB RAM, heh)
Then, Steam had this ‘weekend deal’ for Counter Strike: Source: it was being sold for €5 euros, a no-brainer so I bought it. In December ‘09 I bought Garry’s Mod (Gmod) so I could make cool stuff with all the props from Half-Life 2 and Counter Strike: Source – or play at the Mr. Green Zombie Survival servers.
Anyway, I really love Valve’s games, they look good, run great and have so much detail in them – it’s amazing. That’s why I bought The Orange Box, so I could finally play Episode Two of Half-Life 2. I also played Portal which is a mindboggling game too, can’t wait for Portal 2. (comes to PC and Mac in late 2010)
But then… there’s Team Fortress 2! Man, this game is awesome! I’m no good at FPSes (games like CoD 4 are way too ‘fast-paced’ for me), but TF2 is great. I love the graphics style and the variety in classes. I should have played this years ago but I guess it’s never to late to start playing. So, if you want to have a game of TF2 with me, add my Steam ID – it’s in the ‘Linkies’ block at the right of this page. See you ingame!
Basically I was looking for a decent/portable/robust/durable/sexy notebook for when I’m going to college (computer science) later this year. The notebook will be used for the casual internet/music/messenger stuff, but also for my creative things such as software/web development and other new projects.
Currently I’m a happy Windows 7 user and I’ve been using Windows XP and Vista (for half a year) in the past. Next to that, I’ve used Linux distros like Ubuntu etc. But when I started using Apple’s Mac OS X in VMware/dualboot, I fell in love with it. It gave me the same ‘feeling’ of awesomeness that I currently have with my iPod touch. Sure, they have a higher price tag than PCs. ( = Windows) Yes, there is more software/games available for Windows. But when you are looking for a quality thing that just works, supports all the applications that you use and is very sexy… then you can’t disagree that Macs are awesome.
That, plus the fact that I’m curious for a Mac, is why I have decided that my notebook for college will be the MacBook Pro 13″. It costs €1149 euros here but I’m hoping to get the student discount of €70 euros. Still it’s alot of money for a 13″ notebook with a Core 2 Duo CPU, but I’m willing to pay this price premium because of OS X, the notebook itself (design, build quality) and the excellent battery life. Apple states that it can last up till 10 hours at one single charge, and even when we convert this to real-world values it should still last like 8 hours or something. I spent €230 euros back in 2009 on my iPod touch (2G, 16GB) and I’m still super satisfied with it and I really like that feeling. Maybe it’s what drives Mac-fanboys in their ‘Mac is better than PC’ rants? I hope to find that out soon.
I’ll be dualbooting it with Windows 7 for the odd Windows-only things like maybe some Visual Studio work. Steam will be available for the Mac soon, and even though my Windows rig + 20″ flatpanel is great for gaming, I hope to play some games like Team Fortress 2 and ofcourse Portal 2 (coming out later this year) at it. Yes, I’m aware that the 15″ and 17″ MacBook Pros have Core i5 CPUs and dedicated GPUs, but there’s a price difference of €600 (!) euros and I’m not able/willing to pay that for 2 inches more screenspace and a beefed up CPU/GPU – specs that I’ll never need on my college notebook, haha. Anyway, when I get my ‘financing’ done I’ll pickup a MacBook Pro 13″ 2010, they refreshed about a week ago or something so I believe that it’s the perfect moment for me to dive into Macs. I’ll also get a sleeve with it, so I can wrap it up in that & drop it in my backpack – it’s compact enough for that.
If you want to support me in my financing (my only income is my parttime supermarkt shelf-fill job that generates around €100 euros per month), you can always do a donation of any amount at this donation page. It will help me with purchasing my first notebook!
I’ll make a post here when I finally get there, so stay tuned.
UPDATE:I went to the Apple Store yesterday and played around with all the MacBooks there. Before I went there, I was worried about the 13″ (1280 x 800) display. However, it was epic & large enough. By the way, I have been on 1024 x 786 for years till I recently went to 1680 x 1050 for desktop. Anyway, this really is the notebook that I’ll be buying. I was tempted to buy it yesterday (as I’m going to the UK for a week @ saturday, and don’t have a notebook)… but because of the ashcloud all shippings are delayed so it wasn’t in stock. Oh well, I would be broke if I bought it now anyway!
Good evening habboons! You are lucky today, thanks to good ole Niggus + Aaron from ForceHotel.com, another SQL vulnerability in the emulator was detected. Well, actually ‘thanks’ to the scriptkiddies that tried to abuse it…
We were discussing the weak security of running MySQL under it’s almighty root account, and after I told him to create a limited account and disable file functions etc for it, errors showed up in the server log. A scriptkiddie was using this SQL vulnerability in an attempt to create a new database table, but was caught in the act: he failed to use it properly thus leading into errors in the server log, notifying Aaron of a SQL exploit. Congratulations, the ‘I failed at haxing’-award goes out to you.
This is a SQL vulnerability, which allows badguys to execute any SQL query that they want at your database. This includes modifying data, but, under an insecure server setup, creation of new files in the filesystem like shells etc: so they can take over your server and stuff! Bad times! How to fix?
1) Open up virtualUser.cs of the emulator sourcecode
replace it with… dbClient.AddParamWithValue(“badge”, Badge);
dbClient.runQuery(“UPDATE users_badges SET slotid = ‘” + slotID + “‘ WHERE userid = ‘” + this.userID + “‘ AND badgeid = @badge LIMIT 1″); // update slot
3) Save and recompile
Woop, another SQL vulnerability patch. Provided free of charge by Pvt. Nillus, with help from ForceHotel and a noob scripter.
Another tip: don’t use MySQL’s root user for your private server: it’s not safe. Create a limited account like ‘holo_user’, and only give it access to SELECT, UPDATE, INSERT, DELETE. Then configure your emulator and CMS to use this account. This prevents them from using the file functions, incase they find a SQL exploit. Good evening boons, and stay safe.
Don’t forget to apply the previously published fix too, it’s another SQL vulnerability in the emulator:click here for the other patch
Also, if you are feeling generous: you can always donate to me with PayPal. Any amount is welcome, I have never charged money for my work so any amount is welcome. Thank you!
Alright, this is something about a school project of me and a friend. It was our final project for ‘IT’ at secondary school so we decided to do something cool. We had to find a ‘customer’, get a list of wishes and preferences and then design & build the product. Our assignment was to make a ‘digital studying environment’, as existing solutions were found to be too complex ‘n complicated for students to use.
Raspberry = simple equals powerful, ya dig?
Wishes from our ‘customer’:
The ’superadmin’ of the school adds courses and assigns teachers, generates and distributes registration keys etc
Teachers can add content to their course, such as links, documents, YouTube videos, plaintext or HTML etc
Students can sign up and login, but only with a registration key given to them by their school
Students can browse the course catalog, then join a course. They will be approved by the teacher
Once a student is member of a course, he/she can access the content, memberlist and hand in files/projects
Students can upload 10 files of max 10MB per file and share the links/file IDs with students, teachers etc
Students can send each other messages through the system
Users have a ‘virtual piece of paper’ for their marks, issues and whatever. These are visible for teachers, admins etc
Search for users by their firstname, surname or username, then view their profile or send ‘em a message
Users can change their password
When users lose their password, they can request a ‘reset password’ link and set up a new password this way
Some misc stuff
The system is written from scratch in PHP, uses MySQL for DB backend and is called ‘Raspberry’. The default language is Dutch but it’s easy to translate it. Yesterday we had a ’system test’ with a bunch of 13 yo kids and the system performed very well. Remarks: ‘file uploading/sharing is too complex’, which is understandable because you have to copy paste file links/IDs into messages etc. Because of time-issues we couldn’t use MVC (eats up alot of time if you design shit that way, if you ask me), so it’s done differently. Example of file uploading. Anyway, it’s an awesome system and we got the best mark of our class rofl. You can check it out here:
I noticed that either ‘Hebbo’ or ‘imadj’ finally found out one of the main exploits in Holograph Emulator – 2.5 weeks later, and he has used it against some private servers. To generally just fuck some shit up. I know that I did it to some of you guys too, but I still believe that I had a valid reason to do so. Hebbo/imadj’s obviously not.
I have used this exploit against you guys with a reason, not because I’m a badguy. That’s why I present to you, free of charge and packed with nillus love: the security fix for your Holograph Emulators. Open up the source code, and follow me. Change the following things:
1) catalogueManager.cs
public static void handlePurchase(int templateID, int receiverID, int roomID, string decorID, int presentBoxID, int teleportID1)
to
public static void handlePurchase(int templateID, int receiverID, int roomID, int decorID, int presentBoxID, int teleportID1)
int decorID;
if(!int.TryParse(packetContent[4], out decorID))
{
// Decoration data was not numeric
return;
}
else
{
catalogueManager.handlePurchase(templateID, receiverID, 0, decorID, presentBoxID, 0);
}
3) Compile your server. You should now get a few errors, this is because your ‘handlePurchase’ method now only accepts integers (‘int’) for ‘decorID’. So, the error log will show you the methods that require changes. Navigate to them, and in their function call replace the “0″ with 0, so you’re not passing it a string anymore. I noticed there are alot of breeds of Holograph Emulator so this is different for every sourcecode. Just find the calls to ‘handlePurchase’, and replace any “0″ with 0.
Excusez-moi for the dirty formatting, but this will do the trick! I’m not going to elaborate on what is happening here for your own safety, just do it and you’ll be on the safe side again.
Please spread this fix to everyone that has a Holograph Emulator running and ‘imadj’ will soon find out that his game is over. Post the joyful news at RaGEZONE that good ‘ole Pvt. Niggus has helped you guys once again. (I can’t post there anymore) Still, please pay attention to the previous posts on my blog. I still believe that I was right in my decision and I would like to hear your opinion on this whole story. Thanks!
Just Cause 2 PC was released at the 23th of this month, and today I’ve finally been able to play it: it’s awesome. The game looks and runs great at my E8400 @ 3.6Ghz + 4GB RAM + HD4870 GPU, everything maxed out except for AA at a resolution of 1680 x 1050. GTA IV had alot of graphical issues at my PC, and almost a year later it still runs far from perfect, but this baby runs great from day #1.
Explosions - they not only look awesome, but they sound kickass too!
I’m in the middle of my last (!) test week for school so I haven’t been really able to play it (only the 2 first missions) but from what I’ve seen so far; this game is epic. It’s so overwhelming and packed with action and unique stuff, which compensates for the pretty weak storyline. There are shitloads of vehicles (cars, planes, boats, helis) and weapons and you can go anywhere on the tropical island of Panau (400 square miles), to wreak havoc at government property or just do sickass stunts.
Have you ever wanted to hijack a commercial airliner in mid-air?
Even though good videos are piling up at YouTube, you have to try this game. It’s €49.99 at Steam but I’m confident that there are other ways to get a copy of it. It’s like 4.5 GB to download and runs great at most PCs, but you NEED to have Windows Vista/7 or it simply won’t work. I’m sure I’ll be playing this game for a long time as I just love doing random stuff in it at this very moment.
Yeah I noticed that there are multiple people going around using the name ‘Nillus’, pretending that they are me. Ofcourse it’s great for my e-peen, but it’s confusing alot of people.
I am the ‘real Nillus’, I’m from the Netherlands and this is my website. If you see anyone on MSN pretending that they are ‘Nillus’, check their address. My address ends with @nillus.net, any other ones/non-verified ones are impersonators.
NEVER give out your passwords to people saying that they are Nillus. Don’t fall for their scams, saying “hey i am nillus i made a new server send $25 to my paypal and i will give it to u” etc. I never charge money for my work, and if I really had a new server it would be on my blog anyway. Stay safe and use Comic Sans common sense.
Alright, time for some updates. You probably know that in the last weekend, me and some other fellows have hacked all big Holo-powered private servers to generally mess everything up and redirect it to yesterdays blog post here at nillus.net.
In one day, my blog generated 3400 visits, with roughly 9000 pageviews by 2500 unique visitors. I decided to do some updates now.
Why did we attack those private servers? Well, in the last 2 years, loads of people have been using my free software to make so called ‘Habbo retros’ – private servers for Habbo Hotel. We have seen that alot of people have been removing my name, or other developer names, from the footer (‘powered by’-line) etc and often claiming that they wrote the software themselves.
Next to that, rumor had it that some of these private servers were making excessive amounts of money. This money was generated by AdSense, selling credits (for purchasing virtual furniture etc) and other content. I have heard from trusted sources that these people were making hundreds of euros/dollars per month, and after deducting the server bills etc, most of it went into their pockets.
So, it all comes down to this:
People were using my free software. Basically every Habbo private server runs at my server (hotel server) or a baseoff of it, in combination with Meth0d’s HoloCMS or YifanLu’s PHPretro for the site
A minority of these private servers was rumored to make excessive amounts of money, we are talking about hundreds/thousands of euros here
Alot of these ‘highroller private servers’ have removed/modified the powered by line, so just ripping & stealing our work
This sucks ass, imagine that you wrote free software, dedicated countless of sparetime hours to it for people to enjoy, and some of them remove your name and start making sick ass money off it. And for the developers who made it all possible: no appreciation, no small donations, nothing. Do you really think that this is what keeps them going? No. Lack of motivation and appreciation was one of the main reasons that stopped me developing private server software. Thank you.
This is why we decided to fuck those servers up. I didn’t select them myself, someone else was doing this. I just received names of the private servers to fuckup, saw that my name was gone, they were having AdSense, large user base and often premium services -> fuck them up.I think an apology fits here. I regret messing up OpenHotel.co.uk for example, it would have been better if I had mailed them with my frustration first, rather than just going all out without warning.
Nevertheless, I hope you guys all understand why this was happening. Please:
restore the original powered by line. If you are using HoloCMS: ‘Powered by Holograph Emulator + HoloCMS. Written by Nillus, Meth0d, YifanLu and others’. Replace ’HoloCMS’ with PHPRetro if you are using PHPRetro instead. Feel free to add (your own) names to the line, but ensure that it atleast contains the above
put yourself in the position of developers. Wouldn’t you love getting a small donation from the people that make so much money with your work? I’m not saying you have to donate and I never will, but if you are feeling generous and want to do something in return, any amount is welcome! Just … something that makes you feel like ‘I think they know that we love their work now’. Thank you.
If everyone is cool now, then the hackings will stop here and no more databases will be leaked. Again, I apologize for being too quick with my decisions and stuff but hey – I was just really pissed off.
Soaphotel.org – users table, use Firebug to login to any account of SoapHotel.org that you want. (Open with Notepad) – link removed
Habbok.com
Habbo.st
Jabbo.in
Holo.be V26 – regrets
OpenHotel.co.uk – regrets (should have mailed you guys first )
Habbohotel.biz
Pixelhotell.org
Forcehotel.com – regrets, it wasn’t Oni after all. Neither big money makers
And probably some more, I didn’t select the hotels myself. Enjoy the users tables, we have got the users table of all hotels ^ above. They contain names, passwords, emails, ip addresses, date of births and all kinds of other stuff. Do what it what you want, more users tables will follow if you guys don’t stop being dickheads. Oh, and the databases of the ones listing ‘regrets’ wont be posted.
Some of Habbok.coms data:
“<removed>” … I filtered your email addresses to stop them from getting harvested by spam bots, but still – over 95000 accounts with all data will be available soon if this bullshit doesn’t stop.
ORIGINAL POST
All your stuff deleted, renamed or just messed up? Most likely that it’s been us getting access to your Holo powered private server. Why are we doing this? It never hurts to deal some damage to the greedy people, aka the people who run those big private servers and yet refrain from saying ‘thankyou’ or donating $1 – while they make a few $1000 per month.
OMG NOES!!111einseinseins
Holograph Emulator/HoloCMS is a double project that me & Meth0d (Roy) started back in 2007. I wrote the hotel server (C#), Meth0d wrote the site frontend called ‘HoloCMS’. (PHP) Holo was never developed for making us money, it was for fun & educational purposes. Over the years, people have used these projects for their Habbo private servers. Then, they also charged a bit of money to pay server bills, server upgrades etc. Both things are good & not a problem – it’s totally up to you.
But what happens now is that people like Habbok.com and Habbohotel.biz…
have removed my name, or the names of other developers from their site footers etct
claim they have done all the work (either the hotel server (‘Holograph Emulator’) or the site frontend (‘HoloCMS’) )
make shitloads of money off their private server. Private servers like soaphotel.org, habbohotel.biz etc make thousands of euros by selling VIP, credits, furniture and other services. 15 year old kids making mad money off something like this. Heck, last time I saw someone who has 2 iPhone contracts at the same time – just because he didn’t wanted to wait for his contract to expire, so he could get the new 3GS. Still, they think it’s not cool to show the developers their appreciation, by means of a simple ‘thank you for all your work’ or maybe even a donation. Thanks, you are really motivating us to keep developing free software – not
How would that make you feel? What I mean is that, making a small bit of money off it for server bills etc is good. But when you start generating massive amounts of cash (you are also stealing Sulake’s customers), and don’t even thank the original creators, you can expect that you piss them off. You had it coming, enjoy restoring it all – or not?
Remember, I can always use a donation of any amount, because I’m saving up for a laptop for school. If you have enjoyed my works (Holograph, DebboProject, ION/Deltar, whatever) and you are feeling generous: any donation is welcome at nillus14 AT gmail DOT com. (PayPal) Thanks, you help me to keep my work free for everyone.
For the ‘high rollers’… if you are donating solely to stop your private server from getting fucked up, well make sure you make a reasonable donation then – as only the rich private servers are being fucked up. This isn’t about money, it’s about being loyal & thankful and all that hippie stuff.
Appreciation (it doesn’t matter how!) keeps developers going. Treating them like garbage doesn’t. It’s up to you what you do with this.
