lemann
@lemann@lemmy.one
- Comment on Spotify doesn't make profit from music streaming, despite having over 400M monthly active users, because it pays two-thirds of all its revenue to the rights holders. 11 months ago:
It was purchased by Epic Games a year ago, who recently sold it to Songtradr, a licensing platform for background/‘mood’ music. Songtradr only retained 50% of existing Bandcamp staff (the rest were laid off a few weeks after the sale AFAICT, with the worst affected departments including Bandcamp’s editorial team and customer support. Epic Games handled the severance package, for some reason.)
People are pretty upset about the editorial team being laid off because it provided exposure for smaller/niche artists in a weekly publication. I’ve never checked it out personally checked it out because I never knew it existed - wishing I had now
Such a large layoff so quickly by the new owner feels like a sign of darker times ahead for Bandcamp IMO, seeing that it’s apparently been profitable since 2012 (Wayback link, new owners have nuked this from the site?). No need to milk the cow even more when the bucket is full…
- Comment on Spotify doesn't make profit from music streaming, despite having over 400M monthly active users, because it pays two-thirds of all its revenue to the rights holders. 11 months ago:
In the day and age of streaming sercices like Spotify, they should not exist IMO.
Back when people purchased their music from brick and mortar stores on vinyls, cassettes, and CDs, they had a place to facilitate a relationship with distributors etc to get your music on the shelves. Nowadays, this stuff can be done digitally, independently.
- Comment on Spotify doesn't make profit from music streaming, despite having over 400M monthly active users, because it pays two-thirds of all its revenue to the rights holders. 11 months ago:
R.I.P. Bandcamp
- Comment on Adobe abandons $20 billion acquisition of Figma 11 months ago:
I miss seeing the “Macromedia Shockwave” loading screen when firing up online games on Win 98 back in the day 😢
- Comment on Thousands of private camera footages from bedrooms hacked, sold online - VnExpress International 11 months ago:
It kinda depends on the setup I think, especially when vlans and firewalls are involved, you’d likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.
As always physical access is pretty much game over though lol.
My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a “bridge” between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.
Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth “bridge” entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN
With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you’d only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera’s dropped off the network, unless you dropped a payload to force it to return a good status lol
Does sound like a very fun exercise though tbh
- Comment on How May Mobility went fully driverless while avoiding the pitfalls of robotaxis 11 months ago:
Seems like a smart strategy, sounds a lot like a bus but just automated and much smaller in size, particularly running through residential areas that are typically seen as not worth transport investment.
The minivans are probably much easier to climb into (for injured or impaired individuals) compared to an SUV which may have an unnecessarilly high ride height and a door that doesn’t slide across for extra room
- Comment on How to enable persistent notifications on Android 14? 11 months ago:
Wait hold on - persistent notifications (where when you swipe, a settings cog icon appears) have been ripped out of A14? Everything disappears when you swipe?
Why 😭
- Comment on Cox Media Group claims to be listening to private conversations to sell advertisements 11 months ago:
Nice, thanks for the link 👌
- Comment on What do you use to mount encrypted drives on boot? 11 months ago:
Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.
There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks
I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.
What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!
- Comment on Trains were designed to break down after third-party repairs, hackers find 11 months ago:
Steroids? They’ve done a complete speedrun lol
Imagine if it was a more mundane issue, let’s say the air line in a carriage has blown out and none of the doors work under their own power. Roll the train into the third party workshop to carry out the fix… a copyright notice flags up on the panel screen and now you’ve got a long 20 ton dead brick in your workshop
Imagine this happened with cars, that would be outrageous man
- Comment on Trains were designed to break down after third-party repairs, hackers find 11 months ago:
With the fake parts scandal for airplanes I wonder if this should be mandatory for parts that impact public safety for public transport like trains, buses, planes and so on.
Airplanes are vastly more complex though. Four engines, flying at extremely high altitudes at hundreds of km/h, fully airtight, powerful onboard generators, food prep areas, bathroom etc, extensive ethernet networking for the small IFE units and WiFi access points, list goes on…
Whereas a train doesn’t have anything close to that, even the high speed ones with all the bells and whistles, so I think it would be a bit unreasonable to expect them to be held to the same standards as an airplane.
The only train I’d suggest an exception for would be a maglev though - OEM parts only there please, especially for traction and em equipment 😳
Dont get me wrong, I want a full right to repair enshrined in law and using a system like this just to prevent it is clearly wrong, but if it could be adapted to allow for critical parts to be made under license by third parties and helped prevent fake parts then may be a small amount of good can come from this shitty practice.
Some independent validation of the manufacturing materials, their grade and assembly quality could work well here, since I’m not too sure if blindly trusting the parts manufacturers would be a great idea as long as they have profits in mind
- Comment on Client did not pay? 11 months ago:
Free real estate 😂
- Comment on San Fran tech founder is accused of forcing his assistant into a 'slave contract' that called him 'Master' before trafficking her for sex around the world 11 months ago:
Missed one
- CEO
- Comment on SSH keys stolen by stream of malicious PyPI and npm packages 11 months ago:
I think so, assuming these malicious packages are all primitive enough to just look for the single file in a user’s home folder lol. The only downside here is needing to provide the keyfile location to ssh every time you want to connect… Although a system search would pretty much defeat that instantly as you mention
SSH keyfiles can be encrypted, which requires a password entry each time you connect to a SSH server. Most linux distros that I’ve used automatically decrypt the SSH keyfile for you when you log in to a remote machine (using the user keyring db), or ask you for the keyfile password once and remember it for the next hour or so (using the ssh-agent program in the background).
On Windows you can do something similar with Cygwin and ssh-agent, however it is a little bit of a hassle to set up. If you use WSL i’d expect the auto keyfile decryption to work comparably to Linux, without needing to configure anything
- Comment on Virginia sheriff's office says Tesla was running on Autopilot moments before tractor-trailer crash 11 months ago:
Is Tesla still training the Autopilot neural network in 3D worlds, or are they now entirely relying on driver data?
- Comment on Apple Makes It Harder for Police to Access Your Push Notifications 11 months ago:
Honestly I think developers should just use push notifications to tell the app to fetch an update from their server. Or do what Element and Syncthing do, which is bypass that entire Google push infrastructure (FCM, formerly GCM?) and connect to their own ones instead - at the expense of some additional battery consumption, particularly when there’s poor cell service
- Comment on Starlink loses out on $886 million in rural broadband subsidies 11 months ago:
In the rural areas near where I am, gigabit fiber in underfunded areas is being installed, but sadly a vocal minority of residents keep burning up and sawing down the new fiber internet poles.
Of course we don’t hear about the good news from areas where it’s installed drama free, but the bad news where something goes terribly wrong is the one that sticks, and affects the general public’s impressions of a particular area or stereotype 😒
Admittedly the pole installation method for this is quite odd though, maybe a cost saving measure as usually it’s done underground
- Comment on Starlink loses out on $886 million in rural broadband subsidies 11 months ago:
This only really happens when fuckcars posts show up on /all IMO, where some of the more extreme opinion holders are more vocal.
Fuck cars means fuck car dependency, i.e. places designed specifically for cars: no sidewalks, no bus, no train, no safe bicycle or light motorized assistive vehicle infrastructure available - you need a car for everything, or stay trapped at home.
It doesn’t mean fuck cars literally.
It’s pretty well known that rural areas, by design, require cars and motorbikes to travel out of them - a train is ideal, but good luck convincing anyone to finance that kind of project. A bicycle could work well for moving around town though depending on how safe it is, saving some wear and tear from your vehicle
- Comment on SSH keys stolen by stream of malicious PyPI and npm packages 11 months ago:
I think they would start obfuscating the relevant code to get around it
Many ad networks and AABs do something similar (especially Admiral) in an attempt to evade ad blocking extensions
- Comment on CVS, Rite Aid, Walgreens hand out medical records to cops without warrants 11 months ago:
First one that came to mind when I saw the title TBH. First it was period tracking apps, now this. Scary state of things
- Comment on Windows 11 scores dead last in gaming performance tests against 3 Linux gaming distros 11 months ago:
Anticheats that run in the NT kernel may as well be described as rootkits, especially as they aren’t transparent about exactly what they’re doing. Then there’s the question of what happens if they get compromised
- Comment on A firm providing AI drive-thru tech to fast food chains actually relies on human workers to take orders 70% of the time 11 months ago:
One would think that by now, these companies would have built up enough training data to no longer require human intervention?
Is their existing “AI” tech just your usual old chatbot, except with a STT and TTS so it’s usable at a drive thru? The article only mentions that they started recently using ChatGPT to assist with speech recognition… so unless I missed it, there’s no mention of their current tech using LLMs at all - just another company trying to climb on board the AI hype train 🤦♂️
Presto said that off-site workers based in places like the Philippines that assist the chatbots will becoming [sic] increasingly expensive, Bloomberg reported.
Good. People in countries who aren’t so well off shouldn’t be exploited as cheap & disposable call center labor IMO.
- Comment on Top 50 defederated instances 11 months ago:
The room might stink, but nobody intentionally shat on the floor.
I like this figure of speech a lot, stealing it 😁
- Comment on Is jQuery still the go-to JS helper library? 11 months ago:
For me it’s the ability to set up a shared instance with the base request URL, and set headers for things like the user’s token, allowing all requests made with that shared Axios instance to be sent to the right path with the token without needing to define them for each individual request.
To be honest though something similar can be done with spread syntax in the Fetch API’s options parameter
- Comment on Fear of cheap Chinese EVs spurs automaker dash for affordable cars 11 months ago:
What a compact thing, also charges to full in just 3 hours from a normal outlet 🤯
- Comment on Waveterm 11 months ago:
it’s got telemetry on by default.
Very, very hard pass. Might even blow out my suspension doing so
- Comment on Apple blocked Beeper Mini’s iMessage Android app, but Beeper will keep pushing 11 months ago:
TIL, that is very neat
- Comment on Apple blocked Beeper Mini’s iMessage Android app, but Beeper will keep pushing 11 months ago:
Beeper and Beeper Mini are two completely different things
Beeper Mini, the version that does not require any kind of MITM bridge, has been blocked by Apple. Beeper, the version that requires the bridge, still works fine AFAIK
Wholeheartedly agree with the second paragraph though 👍
- Comment on Is jQuery still the go-to JS helper library? 11 months ago:
A lot of jQuery’s features are now available in native JS - would also suggest just using native JS anyway because jQuery won’t throw any errors into the console if a selector matches no elements etc.
The only additional library I’ve needed recently for (personal work) is Axios for requests - easier than working with the Fetch API in some cases
- Comment on Man what happened to this place? 11 months ago:
@Rentlar@lemmy.ca pretty much explained the issue.
Would suggest asking these questions in the dedicated community for selfhosters, who’d be able to point you to specific tools and things you can use to populate your instance with new data from across lemmy @selfhosted@lemmy.world