Mediaboss Marketing

Vanced, a popular YouTube app that enabled Android users to watch ad-free videos without a subscription, has been discontinued. In a statement shared on its official Twitter page, Vanced says it will take down download links from its website in the coming days.

While the statement doesnt include any details behind the discontinuation, developers of the app revealed in a Telegram message that they had to do it due to legal reasons.

According to The Verge, the developers recently received a cease and desist letter from Google, asking them to remove all references to YouTube. The owners were also asked to change their app logo and remove all links related to YouTube products.

The existing versions of the app will continue to work, at least for now. Since Vanced will no longer push any updates, the app will become outdated in two years or so.

In addition to access to add-free videos, Vanced also supported auto-repeat, background playback, and picture-in-picture features on the best Android phones. While Vanced is no longer available to download, there are still a few other free apps like NewPipe and SkyTube that deliver a lightweight YouTube experience.

Unsurprisingly, Vanced now suggests that users consider getting a YouTube Premium subscription to continue watching ad-free videos and unlock other features such as background play, access to YouTube Music, and the ability to download videos.

This isnt the first time that YouTube has taken action against third-party apps. Back in August, Google forced the Groovy Discord music bot offline. The music bot allowed Discord users to listen to music from YouTube videos. Just weeks later, Google forced the Rythm music bot to go offline. Before it was shut down, the Rythm bot was installed on over 20 million Discord servers.

See original here:
Google's legal threat forces YouTube Vanced app to shut down - Android Central

It's all about creating a place for people to monetize, grow and curate the ecosystem, no matter where they're building their audience, Zaccaria said. That is the key thing.

The platform, which was founded in 2016 by Zaccaria, his brother Alex and Nick Humphreys, hit 24 million users last year, with major names like Selena Gomez, Shawn Mendes, Bella Poarch and Dwayne The Rock Johnson joining in. Now its attracted a third round of funding, raising $110 million from a host of venture capital firms and bringing its valuation to $1.3 billion, the company announced Wednesday. Its also bringing on Mike Olson, former SVP of Growth Initiatives at Twitch, as its president, focusing on U.S. market expansion.

Protocol spoke to Zaccaria about the state of the creator economy, how Linktree works for creators, its recent integrations and the future of the platform.

This interview has been edited and condensed for clarity.

Can you generally speak to the state of the creator economy as it stands, and where Linktree fits into the space?

Obviously creators as a whole have been a thing for a long time. Thinking back to YouTubers and vloggers, and people monetizing content and monetizing their personalities, that has been around for 10 or 15 years. Particularly through the pandemic, people [are] realizing they can do a whole lot more. Tech enabling that has increased.

We're seeing people really find ways to monetize their passions, their hobbies, their side hustles, whether it's creating and building something physical or purely just through content. And I think we're seeing a new economy rise up and a new source of revenue for people, whether people make this a full-time living, whether it's through platforms like Twitch or YouTube or TikTok being a secondary source of income.

We see ourselves playing a big part of that, as a platform-agnostic place for everyone to curate their ecosystem, whether they're digital talent that lives in the world of YouTube or TikTok, or they live in the physical and digital world where they have they have physical goods and they're making products a bit selling through Etsy or Amazon, but they're also using content to promote and build their audiences.

What kinds of creators use Linktree the most?

We have over 23 million users worldwide. For verticals or user groups, there are just over 250 [groups] on the platform that self-identify when they sign up. We're pretty evenly split across those verticals. There isn't really one that makes up the majority. We say that we're platform-agnostic and we have a use case and value prop across the spectrum.

Do people that are bigger on different platforms use Linktree differently? What is Linktree doing to help facilitate all of their needs?

We don't see different use cases by platform, whether you're TikTok, Twitter, Instagram. What we see as different is the type of user on that platform. So if you're a musician that is bigger on Instagram, how you use it might be different to someone who's producing educational content on TikTok or a realtor who might be showing their listings on TikTok or a gamer on Twitch. Regardless of the platform you're coming from, Linktree is still this place that unifies your whole ecosystem, everything you care about, what's important, relevant and recent for you.

For example, as a musician, we see our music users using our music-link functionality, which integrates Songlink/Odesli, which we acquired last year. That allows artists to embed their Spotify link or any other platform and it will show all the streaming services that the song or album is available on in the country that the user is in. They integrate our Bandsintown link, which we just recently partnered with, to show tour dates, or they might use our Shopify integration to show their merch.

Does Linktree plan to expand from individual and creator uses to enterprise uses?

Absolutely, and we have. Over the last year, we've seen the small business vertical itself grow about 327%, and brands like Red Bulls or Qantas, those kinds of big names using the product [have grown] over 500%. So we're sort of seeing brands really use it and drive their audience to the links in profiles to either go to Shopify or sign up to see new content. So we're seeing that as a big growth area. We already have quite a few users on enterprise plans, which is discounted pricing for bulk accounts. But were continuing to build functionality for brands, or even just users that want to manage and control multiple user profiles in one spot whether it's integration with payments or marketing tech or whatnot.

Does Linktree plan to get into the crypto/blockchain space? If so, what will that look like?

Web3 as a whole aligns with our vision of empowering creators. We're not necessarily pivoting to be a Web3 company and changing everything about what we do, but continuing to build on our vision of empowering creators to curate the digital universe. There is some specific functionality and integrations and tools that are coming down the line that we'll be rolling out over the next couple of months as well that are in a similar space to what we're doing already. I can't talk about the specifics on the partnerships and integrations, but they will be coming soon.

Were building functionality that will help service the NFT community, service Web3, service crypto, while still being true to what Linktree does without necessarily all of a sudden pivoting. We're already used by a lot of the Web3 community: Bored Ape Yacht Club, for example, use[s] Linktree. So we still have a product that can straddle Web 2.0 and Web3 quite easily.

What does Linktree plan to do with the funding?

It's obviously super exciting. We've got such a big product vision, and the capital is really to execute on that vision. The team really is the first part to help execute on that. Were at about 240 employees now and will likely be somewhere between 450 and 500 by the end of this year, with a bigger focus on the U.S. as well as some other global markets that are emerging for us. A lot of it is really going into the team, and also reinvesting back into the team to continue to ensure our employee experience is top of class.

Can you expand a little bit more upon how you're planning on building your product vision? In the near future, what is that going to look like for users?

We've done some recent ecommerce functionality, so well continue to build upon that [with] deeper functionality and partnerships with some other like-minded businesses. We [recently] did a partnership that has been in the works for a while, but we've pushed ahead with it because of the situation in Ukraine, with GoFundMe and allowing folks to create a GoFundMe link within their Linktree profiles so they can drive donations for Ukraine. So well continue to build upon that sort of area.

Is an IPO or public debut in Linktrees future?

To be honest, I think we're still pretty early. We were bootstrapped up until we took funding at the start of 2020 and profitable to that point. We did that all ourselves, we took on venture to help us grow and scale. We have a big vision and that has been great so far. So whilst the business has been around for five or six years, we still feel we are quite early on in the journey, particularly in the venture journey. So acquisition conversations and IPO conversations aren't really things we're talking about.

Go here to read the rest:
Snap plans to turn every public space into an AR experience - Protocol

From that understanding has sprung a recognition economy, which takes many forms: employee of the month plaques (and associated free parking spots), holiday chocolates, indoor food trucks. Those perks have become harder to distribute during the pandemic, with some people working from home, and many also trying to build more emotional distance between themselves and their jobs. But high turnover rates and low unemployment have reminded managers that their efforts to motivate workers are sorely needed, just when theyre toughest to execute.

So businesses are devising inventive methods of giving long-distance recognition. (Especially this week: Friday is National Employee Appreciation Day.) They are offering customized candles, shopping sprees, companywide shout-outs and quarterly days off. McKinsey recently hosted a thank-a-thon. O.C. Tanner, a software company, invites workers family members to Zoom meetings celebrating their achievements. Sunglass Huts employees sent 137,000 messages last year on its internal appreciation platform, Sunspired. The gifting company &Open asks its employees to send each other taco emojis over Slack, offering a lunch voucher to the five people with the most tacos at the end of the month.

The bottom-line benefits of workplace affirmation have perhaps never been so widely confirmed and creatively interpreted. But affirmation typically benefits workers who are more vocal about their accomplishments or those who are able to drop family or other personal obligations to pick up last-minute professional tasks. And the stakes of recognition arent just about improving peoples moods but about who gets advancement opportunities and the higher pay that comes with them.

Being affirmed and recognized can build confidence, said Mr. Brennan, who has advised clients to reward their highest-performing workers by inviting them to be C.E.O. for a Day, which means giving full-company presentations and even dressing like the chief executive. Ive seen it turn someone from being staff into a leader.

Executives who emphasize recognition have often learned from periods in their careers when they felt underappreciated. Take Evan Wilson, chief experience officer at Meritrust Credit Union in Wichita, Kan., who spent his earliest office years wondering why no one seemed to notice the extra hours he put in at a regional bank.

He now swears by Dr. White and Dr. Chapmans The 5 Languages of Appreciation in the Workplace, adapted from the love languages. Mr. Wilson asks all of his direct reports to take the assessment. And he responds by leaving his office door open for the employee whose language is quality time, for example. He also asks managers at the firm to rate themselves on how good they are at giving recognition, on a scale of one to ten, and suggests that those struggling rely on the languages for a boost.

The problem with appreciation is its like a bucket that leaks, Mr. Wilson said. Its the role of the leader to recognize Im the one who needs to bring that encouragement.

Continued here:
Bosses Are Finding New Ways to Drive Employee Satisfaction - The New York Times

Free plugins abound on the internet these days, but music-makers are busy people. Many of you don't have the time to keep a watchful eye on the headlines for every complimentary compressor and gratuitous granular synth that's been tossed on the ever-expanding pile of free music software available to the financially savvy producer.

Good news: that's what we're here for. In addition to spotlighting the good stuff in our daily news coverage, we're finishing off each month with a carefully curated round-up of all the free music-making software that's been released over the past 30 days, ensuring you stay up to date with the music production world's most essential freebies.

This March, we've got veritable goldmines from Audio Damage and Toneboosters, AI-powered sample management tools from Waves, another unmissable offering from Spitifire LABS and a screamingly good emulation of the Ibanez Tube Screamer. Dig in.

Platforms: Mac/PC | Formats: VST/AU | Download

Audio Damage surprised music-makers this month by making not just one or two, but 33 of its products available for free download. Weary of providing ongoing support for older software that may not work on newer systems, the manufacturer decided to chuck the whole lot online for free. The upshot is that you now have access to 33 previously paid-for plugins for free, though there may be a bit of trial and error involved to find the ones that will work on your system.

There are some real zingers to choose from, including the Phosphor and Basic synths, the Mangleverb reverb, the Bitcom bitcrusher, the Filterstation filter, the PanStation auto-panner, the Discord 3 pitchshifter, the Automaton buffer effect, the Kombinat multiband distortion and the Axon neural network drum machine.

Platforms: Mac/PC | Formats: VST/AU | Download

Audio Damage appear to have started a trend: following their announcement, Toneboosters also decided to make 23 of their 'retired' plugins available to producers for free. These legacy effects will come without any support or warranty, but thats no reason not to give them a try. They hail from Toneboosters TrackEssentials and BusTools series, and cover everything from dynamics processors to EQs, tape sims, de-essers, reverbs and pitch-shifters.

Platforms: Mac/PC | Formats: Standalone | Download

Waves made waves in the music production world this month with the announcement of a free sample management tool, Cosmos, that comes bundled with 2,500 free royalty-free one-shots and loops.

Cosmos is designed to bring order to your sample collection, putting all the loops and one-shots on your hard drive into one easy-to-search place. Waves says that its Neural Networks technology can analyse, auto-tag and sort your samples, leaving you with a single unified database where you can easily find everything you have. The tool runs as a standalone app, or can be integrated with Waves' CR8 creative sampler plugin.

Platforms: Mac/PC | Formats: VST/AU/AAX | Download

Were big fans of all of Spitfire Audios free LABS instruments, but the new Glass Pianoplugin- a collaboration with composer Philip Glass - looks particularly appealing. Powered by samples that were captured at Glasss home in Manhattan, NYC, and released to mark his 85th birthday, this gives you the sound of his baby grand piano, which has been in the same room since the 1990s.

Glass Piano comes with six presets that cover everything from standard grand piano tones to more atmospheric and warped sounds. The fittingly minimalist interface and control set means that both beginners and more experienced players will be able to get started quickly and easily.

Platforms: Mac/PC | Formats: VST/AU/AAX | Download

In what's certainly the month's strangest free plugin news, car manufacturer Kia announced that they're switching gears, changing lanes and taking a sharp left turn into the world of music-making software.

Launched as part of a marketing campaign and created in collaboration with DaHouse Audio, Kia's free software instrument move.ment is based on the sounds of nature. Its development was driven by science, were assured: The sounds of movement in nature produce whats known as pink noise, says Kia. This increases the alpha waves in the brain, inducing the flow state of consciousness, the state in which the brain is at its most creative.

Beyond the marketing flim-flam, move.ment isn't quite the car crash you might expect. After selecting your nature sound source, you can shape it in the Mixer section, which comes with individual controls for the Sampler, VCO, Noise and Reverb effect. Theres also a filter, an ADSR envelope and an Output section.

Platforms: Mac/PC | Formats: VST/AU/AAX | Download

This one's for the guitarists amongst you - in a delightful mashup of cutting-edge tech and classic gear, GuitarML have used machine learning techniques to recreate the sound of the legendary Ibanez Tube Screamer overdrive pedal in a free plugin. Using sophisticated neural networks, the developer has created a faithful emulation of the Screamer that should reproduce the full spectrum of sonic possibilities presented by all combinations of the Tone, Drive and Level knobs.

Platforms: Mac/PC | Formats: Browser-based | Play

Though it's not technically music 'software', Tahti.studio is a free music-making tool that's so powerful we couldn't bear to exclude it from this list. Released in December last year, the browser-based groovebox received an update this month, with the most exciting addition being an open source library of free-licensed drum samples that features, among others, 808, 909, and household percussion kits fromBedroom Producers Blog.

Inspired by Elektrons hardware grooveboxes, Tahti.studio offers some pretty advanced sample-based sound generation and sequencing possibilities. You have eight tracks to work with, and plenty of flexibility. For example, each track has its own multimode filter, distortion, frequency shifter, sample-rate reducer, and amp envelope. Almost all parameters can be modulated on a per-step basis, and there are three freely assignable modulation sources per track.

Each step can have its own micro-timing, retriggering, probability, and trigger conditions, while tracks can have individual lengths and sequencer speeds. There are four send effects (chorus, phaser, reverb, delay) and a master compressor and soft clipper. Collaboration is possible, too, thanks to the option to export and share patterns in their proprietary file format. You can also render patterns to WAV files so that you can continue to work on them in your DAW.

More:
The best new free music-making software: unmissable freeware synths, drum machines and effects for March 2022 - MusicRadar

Earlier this year, major technology companies, non-profits, and government agencies convened for an urgent meeting at the White House to discuss how best to address the security concerns posed by free and open-source software (FOSS)software that is developed by a distributed community rather than a centralized company. For years, tech companies and security experts have made the case for greater investments in the security of the FOSS ecosystem, as it has become an increasingly important part of critical digital infrastructure. The importance of doing so was highlighted by the recent Log4Shell vulnerability in the log4j FOSS package. Deployed across a vast range of digital applications, log4j exposed a huge amount of software to a devastating security vulnerability and illustrated the urgent need to improve security in open-source software.

FOSS is decentralized and free to use, so when security vulnerabilities are found it is difficult to determine the exact extent of the threat. Perhaps the most vexing part of the problem is that it is difficult to know which FOSS packages are most widely used (and therefore most concerning if a vulnerability is found in a given package). This lack of knowledge about which FOSS packages are deployedand whereleaves defenders in the dark and makes hard decisions about where to deploy resources even more difficult.

To address this problem, our team at the Laboratory for Innovation Science at Harvard (LISH) has partnered with the Linux Foundation and the Open Source Security Foundation (OpenSSF) to determine which FOSS packages are most widely deployed. Our findings, documented in a report released today, provide a detailed look at which FOSS packages are deployed in production applications and offer a number of lessons for policymakers and developers about how to improve the security of a critical building block of the digital economy.

First released in 1999, log4j is a FOSS component that carries out logging tasks for other pieces of software built on top of it. For example, if a developer of a piece of software needs to log all activity in an application for auditing or debugging purposes, she can utilize the log4j component so she does not have to build such logging functionality from scratch. log4j is extremely popular and is used in production software at companies including Apple, Google, Amazon, Twitter, and Tesla.

As early as 2013, a bug was introduced in the log4j code that treated logged text as code and executed it on the underlying system. Thus, an attacker would simply need to perform an action that would be logged (e.g., changing their username, writing a message in a chat, etc.) using a specific line of code, which would then be executed by the system, including reaching out to a server on the internet and downloading and running a piece of malicious code hosted there. Discovered in November 2021 by a member of Alibabas security team, the vulnerability was named Log4Shell.

The widespread use of log4j (potentially tens of millions of devices), combined with the ease of exploitation (a simple line of code), created a worst-case scenario. To that end, Jen Easterly, the director of the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) called Log4Shellthe most serious vulnerability Ive seen in my decades-long career. Within days of the release of the patch (long before most organizations could install it), there were over 800,000 attacks in a 72-hour period. Chinese and Iranian government-sponsored actors were observed taking advantage of the vulnerability.

The Log4Shell vulnerability is an important example of a much larger issue. FOSS has become a critical building block of the modern economy. However, its distributed and decentralized nature leaves it susceptible to significant bugs that can go unnoticed by developers for years. Further, and even more concerning, is that when such a vulnerability is found, because FOSS is built into nearly every software system, but is not well tracked, it may be difficult to identify all vulnerable instances of the software that are in production.

Prioritizing efforts to address the issue

To determine which FOSS packages are the most widely used (and therefore, the most concerning if a vulnerability is found in them) our team at LISH teamed up with the Linux Foundation and the OpenSSF. We worked with software composition analysis (SCA) companies to aggregate data on the most widely used FOSS packages. SCAs are hired by their customers to scan their codebases to help ensure they are not violating any software licenses. Therefore, by working with just a handful of SCAs, we were able to get insights into FOSS built into products sold by thousands of companies. While this method allowed us to get deep insights into the FOSS companies build into their software, this is only one layer of the technology stack, albeit an important one. In future studies we will consider other layers in the stack.

By identifying the most widely used FOSS packages, we hope to improve efforts to enhance the security of FOSS packages by looking for vulnerabilities in the most popular FOSS packages first. (Our final report can be found here.)

To ensure the privacy of the data shared by the SCAs, and to account for different size customer bases across the SCAs, we utilized statistical z-scores to aggregate the data and organize it such that we could rank-order the FOSS packages observed. Since the FOSS packages that developers build into their software frequently rely on other FOSS packages themselves, we considered both the direct observations of FOSS packages developers built upon, as well as the indirect FOSS packages those packages iteratively rely upon. Additionally, due to the differences in norms in computer programming languages related to the number of functions in a given package (and therefore how many packages a piece of software relies upon), we considered the npm repository (which hosts JavaScript packages) separately from all other repositories and languages. Not doing this would have caused JavaScript packages to incorrectly dominate the list. Finally, we considered FOSS packages in both a versioned and version-agnostic manner such that different levels of granularity could be observed.

In aggregate, we analyzed nearly 600,000 data points from the SCAs, and compiled lists documenting the 500 most used FOSS packages, one for each combination of direct/indirect, npm/non-npm, and versioned/version-agnostic packages. Although this more granular approach makes it harder to precisely say which FOSS packages are the most widely used, it provides more insight into the intricacies of the ecosystem. For example, log4j showed up as number 38 on our list of direct, non-npm, version-agnostic packages, but as number 126 on our list of indirect, non-npm, version-agnostic packages. Moreover, FOSS packages whose primary purpose are to pass data to a logger, potentially including log4j, (e.g., slf4j-api and log4j-api) showed up even higher on our lists (slf4j-api was number 1 on our list of direct, non-npm, version-agnostic packages). However, without deeper insights into how such packages were being used, it was not possible to know if they were relying on a vulnerable version of log4j.

The complexities of log4j became even more intricate when considering version numbers. By a nearly 3 to 1 margin, version 1.x of log4j was much more widely used than version 2.x. However, the Log4Shell vulnerability did not impact version 1.x, and therefore the bulk of log4j users in our dataset were not actually susceptible to the Log4Shell issue (although there are numerous vulnerabilities in the 1.x versions that remain unfixed since it has not been updated since 2015). In aggregate, despite the complexities of our results, they allow for an intricate understanding of the Log4Shell problem, and our hope is that they will also shine light on similar intricacies to help prevent such widespread vulnerabilities in the future.

Our report also identifies a number of high-level issues that need to be addressed if the FOSS ecosystem is to be properly secured:

The scale and scope of the vulnerabilities affecting FOSS packages have been known within the tech community for years. However, it is only recently that federal policy has reflected the importance of this issue to the economy and national security. A May 2021 executive order, for example, directed the U.S. National Institute for Standards and Technology (NIST) to provide guidance for companies on providing a software bill of materials (SBOM) to their customers. An accurate SBOM would give companies deeper insights into the software that is baked into their software, so they would know if they are vulnerable to issues like Log4Shell immediately. Other measures have been considered but failed to be made into law. Funding a FOSS security center within the Department of Homeland Security, for example, was included in the House version of the 2022 National Defense Authorization Act but didnt make it into the final bill.

In response to the Log4Shell vulnerability, the White House National Security Council, held a meeting in January with firms like Google and Microsoft, open-source organizations including the Linux Foundation, the Apache Software Foundation, and OpenSSF, and numerous federal agencies and departments. The meeting focused on preventing, finding, and shortening response time to FOSS vulnerabilities and discussed various potential public-private partnerships. Although there were no concrete pledges from the meeting, the intent was to start a discussion, identify possible paths forward, and commit to future meetings that would yield specific commitments by the various stakeholders.

The Log4Shell issue has also garnered the attention of the U.S. Federal Trade Commission (FTC), which has threatened to fine companies that fail to patch the issue and lose customer data as a result. While the FTCs move may encourage many companies to address the security issue, the fact that the FTC is playing a leading role in the response illustrates that the government lacks broad tools to address major cybersecurity vulnerabilities like Log4Shell.

Log4Shell was by no means the first major vulnerability in FOSS, but hopefully it represents a turning point that will inspire the federal government to take action to address this complex problem. Numerous private entities have already joined the effort by sponsoring FOSS projects and security improvement endeavors including Googles Secure Open Source Rewards, the Plaintext Group/Schmidt Futures FOSS Virtual Incubator and the efforts of the OpenSSF like their recently announced Alpha-Omega Project (sponsored by Microsoft and Google). Such efforts are important, but public support for research and legislation leading to more secure FOSS is critical and cannot come soon enough.

Frank Nagle is an assistant professor of business administration at Harvard Business School. His research is supported in part by the Linux Foundation.

Amazon, Google, and Microsoft provide financial support to the Brookings Institution, a nonprofit organization devoted to rigorous, independent, in-depth public policy research.

More here:
How to prioritize the improvement of open-source software security - Brookings Institution