I don't know why you are downvoted. The article is AI blogspam, it doesn't have any more factual information than eg https://www.darkreading.com/application-security/vercel-empl... and is full of empty LLMisms. It's depressing people are willing to read this.
That article you linked to didn't mention that Context.ai, from where this mess originated, is a YCombinator company. Most probably its founders are on this very web-forum.
I was trying to look it up (basically https://developers.google.com/identity/protocols/oauth2/java... -- the consent screen shows the app name) but it now says "Error 401: invalid_client; The OAuth client was not found." so it was probably deleted by the oauth client owner.
Why use AI generated pictures for the letters? Lot of the site wording is clearly AI too, but the pictures of final product are the most important aspect.
I'm genuinely asking, since it just makes the site look untrustworthy. The only thing balancing that are the real pictures of the peltier stamp process.
IP filtering is a valuable factor for security. I know which IPs belong to my organisation and these can be a useful factor in allowing access.
I've written rules which say that access should only be allowed when the client has both password and MFA and comes from a known IP address.
Why shouldn't I do that?
And there are systems which only support single-factor (password) authentication so I've configured IP filtering as a second factor. I'd love them to have more options but pragmatically this works.
Why are you (re-)implementing client security on provider end? If a client requires that only requests from a particular network are permitted... Peer in some way.
I do understand the value of blocking unwanted networks/addresses, but that's a bit different problem space.
They will never see a single cent from that, AA will continue to rotate domains and nothing was accomplished, except for spotify's legal team which earned easy money arguing against empty chair in court.
Maybe it's not about the money primarily. There are enough parties out there that want the people behind Anna's archive behind bars and I'm afraid this will end the same way as for the Pirate Bay guys in the best case and like it ended for Aaron Schwartz in the worst.
> piratebay continues to be the -to my knowledge- biggest public tracker out there
It has been compromised for more than a decade. The site is impossible to navigate without an adblocker due to malicious redirect ads and most of the major torrents are being monitored by rights management companies who will notify the user’s ISP of suspected infringement.
All public torrents are monitored by the movie studios, that has nothing to do with how The Pirate Bay is run. Users can just hop jurisdictions with a VPN and use these public torrents without ever getting any complaint letters.
If the operators of Anna's Archive live somewhere like Russia or China, there's a good chance nothing will ever come of any of this legal action. Anna's Archive's biggest challenge is just maintaining availability of infrastructure.
If they were not physically in Russia or similar country out of the jurisdiction of the court, then they have likely moved to one or operate from one.
At this point, the court is just a willing instrument of corporate anger and assistant to help vent their frustration. The secondary purpose, is to erode rights and privacy, for a continual surveillance state and gain as much control over the DNS infrastructure as possible.
Chevron hired a private prosecutor who was friends with the judge who took the case, to prosecute Donziger after he won a case outside of the US against Chevron.
That’s a big if. My bet is that they are in Central or Northern Europe, just like the Pirate Bay people. Unlikely anyone in Russia or China would care to offer a service primarily to the benefit of the western world. I bet there are similar sites in the Runet or behind the Great Firewall we don't even know about and that simply don't bother catering to us.
Yep. You can also see that in the design language and the written English on their sites and blog posts. Something created by people with a Russian or Chinese background would approach a myriad of little things differently.
What are you on about? rutracker, libgen, sci-hub, z-lib are all Russian/ex-Soviet projects and cater heavily to westerners. I'm 99% sure archive.is and anna's-archive are also in this category.
Z-library was/is very likely run by Russians. They were even arrested by FBI, but escaped. Archive.is is likely run by a Russian. LibGen was run by Russians.
They are all not Anna's Archive and one is not like the other. Z-library, LibGen maybe, Archive.is might be eastern Europe but almost certainly not Russia. Just because it's advantageous in some cases to appear Russian or Chinese doesn't mean it is true. Some are better in their camouflage others like https://migflash.com/ not so much.
There is no "strong case" in this article. Yeah the guy linked to it has a slavic name and likely speaks Russian. Guess what? That's true for most of eastern Europe you
will find plenty of people matching these criteria all over the rest of Europe.
> Unlikely anyone in Russia or China would care to offer a service primarily to the benefit of the western world.
Russians are huge on the piracy scene and have been for decades, primarily because it’s an effective way for the Russian Federation to thumb their nose at the Americans. China has more than a billion people in it. I’m sure between the two of them there is at least one person that identifies with citizen of the world style liberalism (and, if I could venture to be an optimist, probably a lot more than one).
They are almost certainly being financed by the AI lobby as they have been open about providing API access to companies training AI in exchange for “donations.”[1][2][3] Having all of this data available online for free gives those looking for training data plausible deniability. It would turn into a huge legal headache if OpenAI had scraped Spotify directly, but if they launder it through a third party they can at least try to argue they weren’t responsible for the infringement.
Spotify got started doing the same thing, though.[4]
[2]: https://annas-archive.gl/blog/duxiu-exclusive.html (“We’re looking for some company or institution to help us with OCR and text extraction for a massive collection we acquired, in exchange for exclusive early access. After the embargo period, we will of course release the entire collection.”)
[3]: https://annas-archive.gl/donate (“Enterprise-level donation or exchange for new collections (e.g. new scans, OCR’ed datasets). […] We welcome large donations from wealthy individuals or institutions. For donations over $5,000, please contact us directly at Contact email.”)
[4]: https://torrentfreak.com/spotifys-beta-used-pirate-mp3-files... (“Rumors that early versions of Spotify used ‘pirate’ MP3s have been floating around the Internet for years. People who had access to the service in the beginning later reported downloading tracks that contained ‘Scene’ labeling, tags, and formats, which are the tell-tale signs that content hadn’t been obtained officially.”)
Or you know, MegaUpload. Raided at his home, while congress was trying to pass a bill, that allowed them to... stop online piracy... apparently, they REALLY needed that bill in order to do so.
First and foremost, I feel like Spotify is scummy. I don't like what they did when they were founded, I don't like what they do to artists.
I hate the hyperscalers being in this business (Google, Apple, Amazon) as that's another thing they do that devalues an otherwise healthy market. Bringing in outside business division revenues to dump on another market's prices is ecologically unhealthy for optimal capitalism and healthy competition.
On the one hand, while I want cheap media, I also want artists to make money. While Spotify puts real price pressure on artists, piracy brings artists absolutely nothing at all.
I get Gabe's value prop with Valve. Make the service easy, cheap, convenient, good, and piracy begins to diminish.
But if there are cheap services and cheap avenues (that still underpay artists), why then switch to a mode that pays artists nothing at all?
Do Bandcamp. Buy merch. Do something to support the artists. I feel like paying piracy services is the opposite of that.
But ethical quandary - doesn't Anna's Archive also support spreading research papers, etc.?
Complicated feelings.
I wish we had better ways to pay originators of things. Art, music, authors, researchers, ICs, ...
I feel like studios and middlemen and companies themselves are entities that exist because rewarding work or value or happiness at the site of exchange is hard/intangible.
I’d love to see a streaming service where my payment goes to artists I listen to.
Spotify pays 70% of their music revenue to publishers based on the total number of listens. All revenue is put together and split based on the global numbers. Which means that niche band I like will get next to nothing. Instead if they account for 50% of my listening time in one month, they should get 35% of what I paid to Spotify that month. Unfortunately big labels will never agree to that.
If you and I both pay $10/mo to listen to Spotify, and we are the only subscribers. If I listen to 1 song by Sabrina Carpenter, and you listen to 99 songs by Taylor Swift. Then of our $20 (after Spotify's share) 1% of the money will go to Sabrina and 99% of the money will go to Taylor. Because Taylor was played 99x more than Sabrina. Even though for both of us as users, our respective artist was 100% of our listening.
It doesn't calculate your amount of listening and determine the payout based on that. All listens are pooled together and all subscription money is pooled together. And the payout is determined based on that.
No, because let's say OP pays USD 10 and listens to only one song one time -- obviously, Linkin Park In the end -- right now, the payout is almost nothing.
Not all listens show the same intention. If I go to the barbershop and they're playing Spotify top-40 playlists running all day long, that is very different from me actively choosing what I want to listen to for a few hours a months while I'm listening in my car, or putting on Friends Per Second while doing the dishes.
My $7/mo should be going to the artists I actually chose to listen to, not the stuff that droned passively for hours in background environments. Particularly when I'm actually a high margin customer for Spotify; the cost to them of my subscription is low since I spend so little time on the service. That makes it all the more galling that my subscription cost is mostly going to Taylor Swift and Ed Sheeran.
I mean, I understand and agree, and I'm pretty sure that Spotify Premium users are very skewed towards less mainstream tastes, so I agree it would be better for smaller artists and would probably change the power balance (well, if we forget that music labels exist).
But yeah, if as others pointed out you were to give 70% of your subscription cost to the artist that composed/performed the single track you listened this month, it would be very different.
At the end of the day, indies need to be on Spotify much more than Spotify needs them there. But for mainstream artists, it's the opposite; so the representatives of top-40 artists are the ones dictating the terms of how the system works for everyone, and unsurprisingly the system they've settled on is one that seems fair enough as long as you don't think too deeply about it, but ensures that the biggest slice of the pie goes to themselves.
To play the devil's advocate, if we do this, your favorite artist will get paid less if you listen to others using Spotify radio shuffle feature vs if you stay on the artist page and only listen to that one artist?
Well, if I listen to a shuffle radio then the artists I listen to will get paid, right? Which I’m fine with, it’s not that I want to support one specific artist (I can buy their album or merch if that’s my goal), I just want the money I pay to go to artists I listen to, not to the people from top charts that I don’t care about
That sounds like the intended effect. I think the objection is that the user's payment is being diluted by all the other listeners. Someone who listens to spotify constantly is going to influence the payouts much more than someone who listens to it occasionally, even though they are paying the same amount to spotify and the latter user might have only subscribed to listen to one band.
100 people subscribe to spotify and listen for 100 hours a month each, for $10 a month. You listen to your favourite artist for 50 hours and other stuff for 50 hours. No-one else listens to your favourite artist.
I assume that if this is band is treated as the "average"
Total listening hours = 100 * 100 = 10,00.
Total money: 100 * 10 = $1,000.
They get: 50 / 10,000 * $1,000 = $5
That seems fair? Obviously some bands won't have negotiating power when they first start and might get less, or some get more, but that feels like how the industry always worked, and not something to do with spotify?
You don't see the problem because you're using the same number of hours for everyone. When you have some accounts using 500 hours and others using 50 there are problems. And the 500 hour account is more likely on autopilot and reinforcing whatever's already popular.
Let’s say I listen to 10h a month of a single artist, nothing else. So 100% of my payment (minus Spotify take) should go to that artist.
Let’s say you listen 90h to another artist, and nothing else.
In the current model both artists are put together, 100h and let’s say $20 to split. Your artist gets 90% because they’ve been listened to for 90h, so they get $18 and my artist gets $2
In my model my artist gets $10 because they get 100% of what I pay and your artist gets $10 because they get 100% of what you pay.
The unfairness comes when you spend an abnormal amount of time listening. If you listen less than the average user then the bands you like won't be getting x% of your money that lines up with your listening habits.
I always thought it was a really cool idea to bridge the spotify streaming idea with local style purchasing, so say 10$ a month and the user gets ~3$ per month of that to "buy" media. so it defaults initially to their most played artist unless they indicate they want to buy something in particular instead.
Artists get big cuts when people buy their music, and if people decide to cancel their paid subscription, they still have the bought media available with no predatory gating like spotify uses to try to coerce people to resubscribing.
Not sure if you're aware, but it's the labels, not Spotify:
> It pays roughly two-thirds of every dollar it generates from music, with nearly 80% allocated to recording royalties and about 20% to publishing, though how much artists and songwriters ultimately receive depends on their agreements with rights holders, which Spotify does not control. [0]
Spotify is frantically trying to escape the record label's death grip (hence podcasts), because they know they can squeeze it for just about anything with licensing deals. It's a terrible business model! Spotify keeps a third for their costs (& finally some profit in the past year or two), ie. about the same that Apple takes from App Store for basically nothing[1].
How the record labels convinced the world that Spotify is the bad guy here is beyond belief.
Wow. This is certainly a take. Two things:
1. Spotify has had a policy for a couple years now of not paying artists who generate less than 1,000 streams per year PER song. So if I get 999 streams on each of my 50 songs every year, I get nothing from Spotify.
2. Major labels own major stakes in Spotify. They are one and the same.
Ad. 1, I’m not saying Spotify is perfect, though in this case I would not be surprised if the algorithm was mandated by the record labels as the industry standard.
Ad 2, you’ll be surprised to hear the labels only held cumulative 20% stake up to the IPO and all of them subsequently wound it down. Their stake is now insignificant.
However, they had, have, and will always have, enormous leverage due to licensing-they’re monopolists and Spotify can either agree to whatever the terms are, or shut itself down.
Imagine if Netflix never started producing original content. They’d be at mercy of others or, more probably, already dead. Music doesn’t work that way and Spotify can’t just generate a bunch of pop hits to avoid paying the labels. They are trying to do that with podcasts.
Spotify here is the victim as much as the artists.
> Not sure if you're aware, but it's the labels, not Spotify:
*not only Spotify
They had plenty of problems from people abusing their system to steal listens from actual artists.
Their system is basically "one big bucket of listens" - if your song gets listens, you get money. So if you pay your sub, and listen to say 5 niche musicians only, it still all goes mostly to the most popular songs.
Now you might already notice the flaw here - if you say, make a bunch of bots that just listen to songs to boost their revenue, not only your sub doesn't pay artists you listen, but also to fraudulent ones.
Then there was problems with using fake collaboration tags, AI music to hijack artist profiles, and few others.
> Their system is basically "one big bucket of listens" - if your song gets listens, you get money. So if you pay your sub, and listen to say 5 niche musicians only, it still all goes mostly to the most popular songs.
That's basically how radio is accounted for in royalties, as well.
With Spotify knowing exactly who listened to what, it could be more precise (and arguably more susceptible to the fraud), but tbh what they do is standard (compulsory licensing) industry practice.
With radio, everyone that listens to a particular station is listening to roughly the same mix of songs, and they're "paying" (by listening to ads) on a per-hour basis.
If either of those was true with spotify, the unfairness would go away.
But when different listeners are paying very different amounts per hour, any correlation between payment amount and preferred content causes problems.
Whenever an actual artist reveals their earnings, it’s absolutely pitiful.
A quick search suggests a very steep drop off from the top earners.
‘At 100 million streams, artists can earn approximately $300,000-$500,000 in gross royalties. However, the actual amount reaching the artist varies dramatically based on their contracts. Major label artists receive $90,000-$150,000 after the label’s cut, while independent artists could keep $255,000-$425,000 after distributor fees.’
https://rebelmusicz.com/how-much-do-artists-make-on-spotify/
As an academic, I am happy to see my work on Anna's Archive. Unless your book goes gangbusters, few humanities scholars make any real money from publications, and maybe the 5-10 biggest names in my field make something might get something like ~$40k at signing, and maybe a few thousand more from book sales. So far, I've netted $326 from my first book. But that doesn't matter! We publish because we want our work out there in the world, not because we think it might make us money.
On the other hand, I have no idea who runs Anna's Archive. I wouldn't be surprised if it were backdoor funded by AI companies who want the data available for scraping. Maybe that explains the Spotify debacle?
> piracy brings artists absolutely nothing at all.
This has historically been unclear. Lots of artists make more money from touring and merchandise than from record sales, and piracy is likely to boost those.
In a similar vein, the recent thread on bootleg recordings - with both the article and the comments suggesting a more complicated relationship between piracy and band warnings.
True to an extent, but records are great promotional tool, and rather expensive to make if you don't want it to sound like poop. Perhaps something like $10-25k on the very low end for something half-way "serious", and that's assuming you're not going all Chinese Democracy and can actually cut the thing in a week or so. Then it has to mixed, mastered, art prepared, etc.
Most small-medium time artists can't afford to front all the expenses. If no one buys the records, no record company will give the band an advance. Even if most records don't really generate any direct profit for the band, getting the production bankrolled is a pretty big benefit.
people that get their music from AA would never buy it or pay spotify for it, so the "loss" is completely imaginary. same goes for movies, videogames etc
in some sense yes, as long as there are sources of good enough cheaper alternatives millions of people won't ever pay for Spotify (or even use the free version with ads, but the free-with-ads version is in itself a good enough for many many many people), but of course in a vacuum with only Spotify people would probably pay for it!
though the determination of damages is usually completely all over the map (and usually skews high to serve a punitive purpose, though I doubt it has any real deterrent effect).
If I like an artist I buy a physical copy of the album.
I just brought Light Years on cassette by Nas.
I’m an hobbyist musician and I’m going to sell actual cassettes and donate the profits. I’m never going to get the 500 million streams you need to make money off Spotify
I've always liked China's business model for music. In China, all music is free to stream and download. Musicians make their money the more traditional way, through performances, merchandise, promotions/advertising, etc.
The US still enforces copyright law on song distribution which is the big difference. It basically requires a middleman (like spotify) that soaks up all the revenue from that distribution while giving almost nothing back to the artists.
Global distribution. For $40/year. That was fucking unheard of 20 years ago. Spotify is the best thing that ever happened to artists. Don't let the mediocre one's who blame their lack of success on Spotify fool you. They don't make money because they likely suck and can't book dates because no one wants to see them.
Finally the correct take on spotify. Artists were 100% fucked before spotify, streaming saved them. Now we have more artists making money than ever, but since most of them arent really successful they whine and whine when they'd be making nothing 20 years ago.
> why then switch to a mode that pays artists nothing at all? Do Bandcamp. Buy merch. Do something to support the artists.
I don't like this perspective because it puts the onus on the individual consumer. Many people who listen to music struggle to make ends meet. They do not have the extra money to afford buying albums off of bandcamp, yet they are contributing members of society and they deserve to be able to listen to music.
Meanwhile there are billions of dollars floating around in the music industry. Spotify absolutely has the spare cash to pay their artists more; they just choose not to.
As much as I love the idea of Gabe's "piracy is a service issue" philosophy, I think the real truth is likely that piracy is an issue of capitalism and wealth inequality.
Sure, why not? Current US music revenue is $6/mo per US taxpayer. For less than half the cost of Spotify you could 5x the income going to musicians if you skipped the middleman and magically just paid them directly. That doesn't seem like a bad deal.
No one 'deserves' to listen to music. It's not a right. It's a luxury that you can either afford or you can't. FM radio is still around for those people.
>>> ...piracy brings artists absolutely nothing at all.
I'm not sure about that. A related situation is software piracy. There was a long time period when it was easy for people to get "free" copies of software titles such as a major word processing program, by copying them at work and bringing them home. This might not really have hurt the vendor of the software, because they still sold lots of copies to businesses. But it effectively kept anybody from bringing a less feature rich but lower priced alternative to the market. Some of the companies whose works were copied became effective monopolies.
Another way of putting it was that the software had two price tiers: A paid tier for businesses and a free tier that kept competitors out of the market. Had anybody done this deliberately, it might have been considered "dumping."
Music piracy may have a similar effect of creating a moat for the big labels and players who can diversify their income streams, while preventing small-scale acts from offering an acceptable but lower priced alternative.
>I get Gabe's value prop with Valve. Make the service easy, cheap, convenient, good, and piracy begins to diminish.
>But if there are cheap services and cheap avenues (that still underpay artists), why then switch to a mode that pays artists nothing at all?
Spotify cancelled my package, and keeps sending me offers to rejoin at twice the price (actually more than that, it was a joint account with my wife, so its like 2.5 times if we were both to start paying again). Every time I listen to spotify without the package I get 3 ads to 1 song. Sometimes 2 ads when its generous.
I would have probably paid my spotify tax on time every month without thinking about it. But now I hate them to pieces.
It seems like my options are:
1. Sign up for a service without the all of music I want to listen to.
2. Sign up for a service thats as scummy as spotify but hasnt quite enshittified yet.
3. Download all the mp3s from my spotify playlists and listen to them locally without the weird payment/advertising apparatus in between.
The entire record industry is scum and Spotify is just a part of that. It can just die a swift death, would be for the best. Bandcamp is much better. Much lower barrier to entry for everyone and it has my favorite artists.
> First and foremost, I feel like Spotify is scummy. I don't like what they did when they were founded, I don't like what they do to artists.
> While Spotify puts real price pressure on artists,
You know that Spotify doesn't pay artists, right? That Spotify pays 70% of its revenue to rights holders before it sees a single cent itself? And that it's rights holders who pay artists?
I wish the angry pitchfork mob for once managed to attack the actual culprits: the Big Four. Nope, that day will never come.
Considering the currently don’t pay small time artists a dime so they can funnel more money to the record labels that own them, they are still a piracy outfit.
pcbway and jlcpcb sponsorships, especially on hobby electronics YT videos, are quite interesting case.
On one hand they seem redundant at this point. Both companies are well known to the target audience to the point of saturation, there isn't really any serious competition (in terms of capabilities, speed and price) and yet they keep sponsoring more projects.
On the other hand, it's probably the sponsorship I tolerate the most. Both are genuine companies unlike all the borderline scams such as all the vpns, brilliant, mobile games, etc.
A lot of these videos get recommended to me, and although I haven't done hardware designs in 10+ years at this point, it's pushing me to get back into it again - and PCBWay lives in my head rent-free for when I do. If it were a one-off sponsorship I'd have forgotten about it, but the consistency across a load of different channels really cements it.
To be honest, without the sponsorship from PCBWay I would probably have stopped making videos on my channel.
It’s not a lot of money - but there is an informal commitment that I will try and produce a video a month. It’s also very on brand for my content - hobby electronics with a focus on embedded (ESP32 range of microcontrollers).
I think the videos are entertaining and educational. Actual viewer numbers fluctuate wildly and despite over 50K subscribers - a “successful” video for my channel is around 3000 views (channel is in my profile).
I still find it amazing that I can get PCBs manufactured at such an affordable price. Even SMD assembly is reasonably priced. Short production runs are more than doable at the amateur level.
I absolutely love your project and I hope it will become a breakout success. It has all the right components for a computing environment that is not controlled.
Have you thought about RISC-V implementations of the kernel as well (iirc you're on ARM and on x64)?
Oh, it only gets better. Thank you so much. If you ever get to the point where you have something ready to order please drop me a line (mail in profile) and I'll buy one set to evaluate and if it works well I will get some more people on it.
The board is part of the CI pipeline for the OS. The kernel is built in the normal CI pipeline, unit tested, etc. then platform-specific images are built.
Those are picked up by GitHub CI runners (could be anything but I'm using GH for now) that pull those image artifacts and send them over the internet to the board, which stores them on the microSD slot.
Then the board will boot the device-under-test (either by enabling a USB VBUS line, asserting PS_ON and pressing the power button, whatever the device needs) and will serve the image either a via USB mass device or by switching on access to the microSD card directly via a ribbon connector/custom microSD PCB and ribbon cable.
The kernel then communicates over serial back to the Link, which proxies that back up to the CI runner for evaluating test runs, etc.
Everything is configured using MQTT and mDNS. Using async Rust via Embassy for the firmware.
5-pin on the bottom left is for power - 5V 2A 'always on' supply (on the ATX24 adapters that's the 5vsb line), 5V 3A aux line (for VBUS, optional and not otherwise used to power the board itself), a sense line for the aux power (board will shut down and display an error on over-current of the main line if not sensed), active-low aux line enable signal (PS_ON for ATX24 sources), and ground.
This means that it's used to cut power on x86 machines, or to use a stock desktop PSU even for arm/riscv dev boards. In the future I want to make this all rack mounted and have a dedicated power supply for multiples of these.
The value of this kind of sponsorship is not as much about becoming know to the target audience but creating the environment to grow the number of audience.
Some of them just seem like a good deal. Imagine how much value is generated from Marco Reps revealing where the ppms are kept to thousands of young engineers a year in exchange for a few one-time payments. Value for PCBway from planting customer seeds and value for society by cultivating people who can actually do things.
The Coca Cola company still makes advertisements, even though everyone already knows about Coke. You have to keep your name in the top of your target audience’s mind.
At this point I think it's about creating new audience. I've been to a talk where a jlcpcb teached programmers how to build an NFC business card - most of these guys wouldn't know where to start with electronics but some of them are dabbling in them rn.
I'm guessing bambu implementation returns the server socket's listen address, and they bind to 0.0.0.0. (Typography pet peeve, how do I disambiguate that dot?)
What's surprising is how this got shipped. Do the devs use some other client that has the WinSCP setting on by default, or is that feature only used by their slicer and their SDK does it by default?
One theory I have is they bound the server to the printer's address originally and it behaved properly, but then changed to 0.0.0.0 later.
I wish there was a common convention for logical grouping like we have in math when disambiguating operator precedence with parenthesis, but those are already taken for asides in regular prose. Maybe curly braces?
reply