Burlington, VT television station WCAX has posted an interview with Page about Phish's history of charitable giving. The piece covers Phish's philanthropic history from Ben & Jerry's Phish Food and the WaterWheel Foundation to the Essex Irene Relief Benefit show, as well as touching on the generosity of the fan base and the state of Phish today. Says Page, "Having more fun than ever. I really am." You can read the story and see the video from the piece here.

Read more...

Quick - in two minutes or less, name your ten favorite Phish jams.

Members of the Phish.net working group did just that over email. It's an interesting exercise - since you are answering quickly, you bring all of your subjective biases, feelings and reasoning specific to that particular moment in time to the table. Every single one of us who answered found ourselves in disbelief that we forgot about certain jams that others had on their lists. Many of us wanted to go back and change some of our votes, but for our purposes here I've held all of us to our initial lists. In other words, our individual lists came from the heart, rather than our heads - we tried to keep this as spontaneous as possible.

Read more...

Phish fan and webmaster Kevin Spence has posted an interview with Paul Languedoc on his website, careerthoughts.com. It's an interesting glimpse into Paul's work both as a soundman and a guitar craftsman.

Read more...

They say 80% of passwords on the internet are "weak" passwords. When sites use annoying guidelines like "you must have an uppercase character, a lowercase character, a number and a special character," it's not because the webmaster was feeling cruel and abusive and all powerful, but rather because he or she was trying to protect his users. Gaining access to a website with weak security is trivial. You want to protect your users' data, including their password, which may be their key for other websites too.

So here's your security 101: when you store data in a database, step 1 would be storing a password. Storing a password as plain text is not very secure and would certainly be problematic if someone unauthorized gained access. So to combat this, developers encrypted passwords. But passwords that can be decrypted are equally problematic, anyone who could get them could certainly decrypt them. So developers changed to one-way encryption: encrypt it, and then when you give me your password, I'll encrypt it again and see if it matches! Brilliant!

But computers got faster, and thus were born "rainbow tables." Essentially, hackers would start generating encrypted versions of dictionary words, common passwords, and other phrases, and these encrypted strings are known as hashes; when you got a list of encrypted passwords, you could compare them to your list of known hashes. Brilliant!

So developers struck back with "salts." Add some random stuff to the beginning or end of the password and encrypt it, thus rendering rainbow tables null and void. Unless, of course, someone gets your salt. Then what? You can't even decrypt the passwords yourself to re-encrypt them with a new salt. You have to force everyone to change their password.

With the not-too-long-ago release of some compromised passwords from a fellow Phish site, we decided to bump up our security efforts. Phish.net used to utilize a mix of SHA1 and MD5 encryption, fairly common cryptographic hashing functions. The challenge with these is that they are very fast - a computer processor can compute these hashes in microseconds, enough that one could hit a login form 10,000 times per second and just run through the dictionary. Knowing that weak passwords make up 80% of the accounts out there, just knowing usernames - something one could easily pull from, say, our forum - you'd probably be able to gain access to at least a few thousand accounts.

As a result, today, we switched to bcrypt for encryption. bcrypt is very slow (in computer terms). In fact, we actually slow our implementation down further. In other words, it still only takes a fraction of a second, far too little for a human to notice, but enough that a computerized attempt to gain access would be hindered by how long the response would take. The automation of such an action is severely handicapped by this slow encryption. Converting a list of the passwords from our database into something usable elsewhere would still be a mammoth task.

On the flip side of this, what if someone just keeps hitting your site trying to login? To combat this, on Phish.net, we implemented "rate limiting" some time ago. Too many failed attempts and the login process won't continue.

How can you take advantage of this? Simply login to Phish.net. The next time you login successfully, your password will be automatically converted to the new encryption.

Read more...

Welcome to Mystery Jam Monday Part 126 here at Phish.net. This jam was hand picked by @bl002e, the third professor to receive tenure here at Mystery Jam University. As usual we will be playing for an MP3 download, courtesy of our friends at LivePhish.com / Nugs.Net. The rules haven't changed: you need to correctly identify the song and the date to win. Post your guess in the comments. One guess per person per day (with the second “day” starting after I post the hint). A hint will be posted on Tuesday (if necessary) and the answer will be posted on Wednesday. Good luck...

Wednesday Answer: Congrats to MomaDan for correctly ID'ing the 7/20/99 "Misty Mountain Hop," and kudos to bl002e for a nice MJ selection. That said, it just goes to show how hard it is to stump the users. And with that, the Blog is going to call it a year. Mystery Jam Mondays will return in 2013...

For the 125th time, welcome to Mystery Jam Monday here at Phish.net. As usual we will be playing for an MP3 download, courtesy of our friends at LivePhish.com / Nugs.Net. The rules haven't changed: you need to correctly identify the song and the date to win. Post your guess in the comments. One guess per person per day (with the second “day” starting after I post the hint). A hint will be posted on Tuesday (if necessary) and the answer will be posted on Wednesday. Good luck...

Tuesday Hint:

Wednesday Answer: Congrats to donatello for being the first to guess the 5/8/94 "Antelope" from The Day After the Bomb (Factory). That said, the win was hint-aided, so the Blog will count that as a moral victory. The Blog will be back on Monday with yet another Mystery Jam for your listening pleasure.

The Executive Director of The Mockingbird Foundation, Ellis Godard, who co-founded the Foundation in 1997 and who helped to start Phish.net in the 1990s, is featured in an article in the December 7, 2012, edition of the Daily Sundial, the newspaper of California State University, Northridge, at which Professor Godard teaches. You can read the article and listen to an interview with Ellis here.

Read more...

IT did not take long for the powerful energy from Phish's SPAC shows in July to juice "leg two." In August and in early September, 2012, Phish once again performed several shows, and a host of improvisations, that are as "must hear" as the highlights of their 1580+ show career. While there were a few performances that were seemingly through-the-motions, the brief tour concluded incredibly well in early September at Dick's in Colorado. Fans have every reason to be optimistic about the music of the New Year’s Run at Madison Square Garden (12/28 - 12/31/12).

Read more...

Welcome to MONDAY NIGHT MYSTERY JAMS here at Phish.net. As usual we will be playing for an MP3 download, courtesy of our friends at LivePhish.com / Nugs.Net. The rules haven't changed: you need to correctly identify the song and the date to win. Post your guess in the comments. One guess per person per day (with the second “day” starting after I post the hint). A hint will be posted on Tuesday (if necessary) and the answer will be posted on Wednesday. Good luck...

Thursday Answer: Congrats to WayIFeel for quickly identifying the 8/5/11 "Roggae." The Blog will be back on Monday with MJMCXXV.

Most Phish fans recognize the band’s early composition “David Bowie” as belonging to a full quiver of songs with improvisational potential. It sits among a select group of 10 songs that have been performed more than 400 times. Perhaps fewer fans realize that once upon a time, “David Bowie” (DB) was one of the primary, if not the leading jamming song. Following its debut in 1986, DB quickly developed into a workhorse and “go to” jamming song, as Tim Wade (@TheEmu) has noted in several of his many early show reviews. Even while such stalwart classics as “Mike’s Song” and “You Enjoy Myself” were played fairly straightforward from 1985 - 1990, DB was fast becoming the choice song for serious, significant “Type II” improvisation. During its peak years, from 1993 - 1995, DB was a super heavyweight for regular and longer duration exploratory jamming, one of a very small group of contenders that included “Mike’s Song,” “YEM,” and “Tweezer.” But after 1995, DB sadly fell into period of steady, and then more precipitous decline. Despite upticks in 1997 and 2003, the trend line was downward. Not only was the song played less frequently, and placed less prominently in setlists, it also lost much of its improvisational fortitude, becoming more of a proverbial horse put out in the pasture for retirement, and typically played in a straightforward, “Type I” (non-exploratory) manner.

Read more...

I was thinking about how little play Undermind and Round Room have gotten in 3.0, and I got curious to see how the different albums rank out. Most of this is expected (Originals not on studio albums and cover songs are far and away the top two spots) and some, though perhaps not surprising, seem interesting to me (Joy takes the top spot among studio albums by a quite a bit). In any case, here are the numbers, delivered in the form of a blog entry to justify the hour or so I spent doing it.

Songs appearing on Junta that were also on The White Tape were only counted for Junta. "Slave" was counted as part of The White Tape, which obviously changes the scoring for that album significantly.

Read more...

Welcome to the 123rd installment of Mystery Jam Monday here at Phish.net. As usual we will be playing for an MP3 download, courtesy of our friends at LivePhish.com / Nugs.Net. The rules haven't changed: you need to correctly identify the song and the date to win. Post your guess in the comments. One guess per person per day (with the second “day” starting after I post the hint). A hint will be posted on Tuesday (if necessary) and the answer will be posted on Wednesday. Good luck...

Thursday Answer: Congrats to jmponder for quickly identifying the 8/9/04 "Chalk Dust" that I didn't quite mask. The Blog will be back on Monday with another Mystery Jam...

A triumph of moronism, the book A TINY SPACE TO MOVE AND BREATHE (notes from the fall, 1997) compiles a series of essays about Phish and their fall 1997 shows so profoundly asinine that they undermine the foundations of pedagogy, betraying the futility of educating idiots like author Walter “Waxbanks” Holland in the first place.

Read more...

Ticketless for NYE, or can you use an extra for a ticketless friend (who can't)? You can win a FREE NYE ticket in Mockingbird Foundation's partner GlowStickWars.com's NYE Sweepstakes. Entry's simple. Here's how.

Just gear up for new years at the GSW online store using the promo code: "PHISHNYE" at checkout. For every $10 you buy, you'll get one entry into the giveaway drawing! To sweeten the pot, your entries will be doubled if your order includes any re-usable, LED products, and every PHISHNYE order will include a bunch of fun freebies.

Remember, 10% of all ShowStick® (thin soft glowstick) sales is donated to The Mockingbird Foundation, so you can can great stuff, give to a great cause, and enter to win a ticket to see a the greatest band ever play MSG on New Year's Eve! No purchase necessary. Full contest details here.

Read more...

Welcome to Mystery Jam Monday Part 122 here at Phish.net. As usual we will be playing for an MP3 download, courtesy of our friends at LivePhish.com / Nugs.Net. The rules haven't changed: you need to correctly identify the song and the date to win. Post your guess in the comments. One guess per person per day (with the second “day” starting after I post the hint). A hint will be posted on Tuesday (if necessary) and the answer will be posted on Wednesday. Good luck...

Wednesday Answer: Congrats to McGrupp81 for being the first to get the 5/26/89 "YEM"... obviously a fairly atypical version. The Blog will return on Monday with another Mystery Jam. Happy Thanksgiving!