amgg

So, hey, Bandcamp is a great service that a lot of musicians and fans rely upon for fair distribution and sales of music. It is a really great thing.

Unfortunately, Bandcamp's owners decided that having a sustainably profitable business wasn't Enough for them and sold it to Epic Games a year ago, with the idea that it'd become a money-printing factory that does All The Licensing.

And that didn't pan out, so a week ago Epic re-sold Bandcamp to Songtradr, which is basically an A&R pay-for-play scam with the trappings of respectability. Here's a video Benn Jordan did on the topic (focusing on a site called Taxi but Songtradr is the same basic thing):

Now Songtradr is blocking the Bandcamp union from actually being, y'know, a union. They aren't honoring the union terms, have locked workers out of critical systems, are completely ignoring the collective bargaining power of Bandcamp as a company and are doing all sorts of heinous shit.

However! This is not a time to boycott Bandcamp! All that does is make Bandcamp less valuable and gives Songtradr more sway over them, while disproportionately impacting the musicians who rely on it. Please look to see what the union is requesting in terms of support and solidarity. There's a lot you can do to show your support.

Independent musicians thank you.

I can't stress this enough: if there's a union involved, don't boycott if they haven't asked you to. The union is leading the response here, and the best thing you can do is support the union in what they're asking for. If and when they ask for a boycott, act in support, but please don't launch your own boycott independent of them.

In ecology, we have the concept of an "invasive species". Of course, the species itself is not a malevolent force; typically it had a home somewhere, and it's been introduced somewhere else against its own will. But, it happens to do very well in this new place. Take the Himalayan Blackberry, a species that is constantly threatening ecosystems around where I live. It has few if any predators because herbivores around here are not prepared to eat through its massive thorns and rigid woody stems. It can very easily starve other plants out and steal their sunglight by jumping over them. In many places, it will win. or has already won. Because it is a better competitor.

But here's the thing about monocultures: they are unstable. They are vulnerable. As soon as a disease finds a way to infect the dominant species, or a new animal shows up that can eat it, or hell the monocultured species just runs out of nutrients in the soil because there's not a whole ecosystem replenishing important nutrients it consumes- they start to die.

We see this constantly in cases where the process has been accelerated by monocrop agriculture. Monocrop farming is constantly dealing with crops being incredibly brittle and vulnerable to change.

And we see this in software. A protocol is created. An idea is born. A single implementation of that idea is adapted everywhere, because it works already, so people use it. Or a single implementation is so good, that people stop using all the other ones that came before it. Or a tool becomes so complex that nobody could hope to remake it from the ground up with the resources available to them. And then people find a bug in the code. And now everyone is scared, because everyone is vulnerable.

This has happened with TLS by way of OpenSSL. With any chrome bug by way of electron, With webp by way of libwebp. With data parsers, with video codecs, chat protocols, file sharing protocols, operating systems, with many many things. Heaven forbid someone find a way to attack libcurl!

The industry and culture around technology sees re-making something that already exists as "duplicated effort", that serves no purpose. So often it happens only to get around licensing restrictions or a lack of open source code. But it serves other purposes. To reinforce the foundations. To ensure that if something is vulnerable, not everything is weakened while it adapts. To find places where the protocol was violated because the only implementation of the protocol did not notice the violation (looking at you Matrix). To provide options, to explore other ways of solving the same problem.

And to reproduce the knowledge necessary to understand these technologies in the first place. Because someone's got to maintain what we build now, and none of us last forever.

This has happened with TLS by way of OpenSSL. With any chrome bug by way of electron, With webp by way of libwebp. With data parsers, with video codecs, chat protocols, file sharing protocols, operating systems, with many many things. Heaven forbid someone find a way to attack libcurl!

GUESS WHAT, FUCKER

The one rated HIGH is probably the worst curl security flaw in a long time.

good luck to curl team. we're all counting on you.

(or, well, one of their delivery services.)

🔊 Just a fair warning - there are some perhaps annoying glitch sounds in the attached recording. The volumes are normalized to limit loud spikes, as they were a lot worse in person. 😅

See also, the sequel: I broke Google TTS.

so, my phone service has a rather clever anti-spam tactic, which works like this:

• I receive a phone call from an unknown number, and it goes through screening when I answer it. It rings until the fifth ring, the voicemail greeting plays out, then I've got 30 seconds to judge if it's a spam robocall or if it's genuine
• If it's okay, I press 1, and it interrupts the ring/voicemail sequence and I answer the call like usual.
• If it's spam, I press ### (the # key by itself normally opens my PBX menu, so it doesn't go through) and hang up immediately.

Pressing ### and hanging up, will shove the call to voicemail, then launch a "DTMF bomb", which is a rapid sequence of over a hundred tones of DTMF keysmash, even including some of the "ABCD" keys. This has blown up spammers' cheapass PBXes, especially ones with poor security and too much trust given to the DTMF decoder on the call server.

So, when IKEA called from a random 1-877 number to confirm my furniture shipment worth $1200 (that's the equivalent of blåhaj!), the only thing it said is "To continue in English, please press 1."... and I had no idea who it was, immediately thought it was spam, and did the ### gesture. Oops.

What follows is a transcript of the call in the recording above.

Distorted voices and weird audio in this one, if that freaks you out.
The stack of effects on the clip is Maximus (an FL compressor, I think), Frequency Shifter, Parametric EQ, Delay and Convolver.

enjoy the next 8 seconds of my take on dtmf bomb remix i guess

might extend later if i'm feeling cutesy

i have no sample editing game but melody game is on point!

on some level the proper moment to post this has passed but on another level i'm not just gonna not post it

holy shit

Hatoful Boyfriend creator Hato Moa just revealed that, ever since Epic bought out Mediatonic and acquired the distribution/royalty rights to their version of Hatoful Boyfriend, the smartphone and PS versions were pulled down as part of the rights transfer, and then... nothing, and they haven't received a royalty or a single bit of communication from Epic in almost two years, and can't get in contact with their accountant.