As long as you do pass through of the USB device (or USB host controller), it should be fine. The VM acesses it directlty without passing through a virtualized version of the device (like what normally happens with sound, network, graphics) and the VM can even DMA to it. Down side is that the hardware isn’t visible to the host anymore, so if you pass through a GPU, it’s used exclusively by the VM, not the host. If you connect a monitor to the GPU, you see the VM, not the host. So you can only do this with hardware that is intended specifically for use within the VM. Zune management sounds like an ideal use case. See IOMMU if you’re interested in some if the tech side if it.

This is my first time doing pass through and idk what other optimizations I could do or if I’ve done anything wrong/sub optimal. I’d like your input. I’ll send you a message later

For anyone curious if this is an option (running windows in a VM for audio), I’ve had good luck so far. Feels native, but I have more tests to do before I say it’s viable. Without passing through (iommu) the audio interface, it’s unusable.

I installed Linux and set up a Win 10 pro VM yesterday. I did GPU pass through (although I doubt that was necessary). I also did pass through of my audio interface (MOTU 8pre-es). Windows saw it and it showed up in the proprietary MOTU software after installing the drivers in the VM, however I couldn’t get audio to play. I then tried passing through the USB root hub (built in to mother board) that the MOTU was connected to and then it worked. It worked just as it would running on bare metal. I tried playing a couple projects in Cubase and had no audio dropouts. Cubase has a meter that shows you if you missed audio buffer deadlines and why (CPU, disk) and it didn’t, to my surprise.

Things I still want to try:

1. How low can I get my buffer size / ASIO latency?
2. Can it handle 192KHz sample rate and at what buffer size? The tests I did yesterday were 48k and 44.1k projects.
3. How does it feel (in terms of latency) when using a MIDI controller keyboard.
4. Can I do multi channel recording without dropouts?
5. Does the VM break Cubase’s audio latency compensation when recording (this determines recording latency and automatically aligns the recording to where yiud expect it tobel). I have a feeling that the VM may introduce a latency that Cubase doesn’t account for.
6. Does iLok or another license that I need fail in VM? I only used Steinberg licenser based software yesterday.
7. Probably some other stuff I’ve not thought of yet.

What I’ve not figured out is a way to sort of boot my existing windows install. I’m sure there’s a way, but idk. I know it’s possible to pass an entire disk to the VM, but my host Linux install is on the same nvme. I guess what I’d want is a way to create a virtual block device that maps the other partitions from the nvme and then pass that virtual block device to the VM. Alternatively, install Linux to a different drive, but I’d rather not buy another nvme at this time.

They also dropped support for older plugins of which I have a lot. This is a big issue for audio stuff IMO. Apple breaks backwards compatibility frequently, which has some benefits, but commercial audio plugins are expensive and updates generally aren’t free. I actually have a bunch of very old plugins that were free, but no longer supported. Many were windows only and I can still run them roughly 15-20 years later, but even the ones that were released for Mac, I have no hope of running.

If you’re doing audio work professionally, you probably keep buying updates for your plugins, so Mac is probably a good choice. I don’t even release music (I just make noise). I’m just a hobbiest (with some higher end equipment and software). There’s a lot of hobbiests who wouldn’t be able to afford the software update costs (ignoring the Apple hardware costs). Depending on the plugin libraries, it’s bigger than the Apple hardware costs. Granted there are some really good free plugins, but some of the really popular stuff isn’t.

I had some bad g.skill DDR4 last year. I assumed it was out of warranty. Thanks for the tip!

What DAW do you use? I built a new PC and was thinking of trying to run DAW (Cubase in my case) via windows VM with pass through of my audio interface. Given the timing sensitivity of audio, I’m not optimistic. Have you tried this?

No reason it can’t be done on 120v (from a technical level). In fact, most solar inverters in the US could do this at a technical level as they basically do the same thing, just on a larger scale (higher current and therefore are wired in to electrical panels rather than through outlet as outlets have lower current limits). All you need is the inverter to synchronize its AC output to match grid. If you had a smaller inverter, you could just connect it to an outlet (ignoring building codes, insurance, and other non technical reasons). So the choice is then to have centralized larger inverters or smaller inverters per panel or 2. If you live in a very densely populated area where you can only pit a panel or 2 on a balcony or you don’t have control of your electrical panel, then the small inverter method makes sense.

I think you’re on to something, but sort of accidentally. A couple replies to you are saying it’s not possible, but I think they’re making an assumption that is not correct in many cases.

The replies is saying it’s not possible because the layers are flattened before passed to the compression, thus the uncensored/unredacted data is not part of the input to the compression and therefore cannot have any impact on its output. This is true assuming you are starting with an uncompressed image.

Here’s a scenario where the uncensored/unredacted parts of the image could influence the image: someone takes a photo of their ID, credit card, etc. It’s saved in a lossy compressed format (e.g. JPEG), specifically not a lossless format. They open it in an image editing tool to 100% black out some portion, then save it again (doesn’t actually matter the format). I feel lile someone is going to think I’m misunderstanding if I don’t explain the different output scenarios.

First is the trivial case: amultilayer output with the uncensored/unredacted data as its own layer. In this case, its trivial to get the uncensored/unredacted data as it is simply present and visible of you use a tool that can show the individual layers, but the general assumption is that this is not the case – that the output is a single layer image, in which we have 2 scenarios.

Second case: lossy compressed original, lossless censored. Consider that this censored/redacted image is flattened and saved as a lossless format such as PNG. Certainly there will be no compression artifacts of the uncensored/redacted data both because it is lossless (no artifacts added by PNG) and that it was flatted prior to being passed to PNG. However, the uncensored/unredacted artifacts remain in the uncensored/unredacted portions of the image. These were introduced by the compression that was applied prior to the censoring (e.g. the JPEG compression that contained the pre censored image). I suspect this is actually a common case.

Third case: lossy compressed original, lossy compressed censored: same as second case, except now you have additional artifacts, in particular you bow have artifacts from the censored portion, and the artifacts of the previous lossy compression are also adding additional artifacts. This is probably more difficult, but the point is that the original uncensored/unredacted artifacts are still present.

Basically what Nintendo did on one of their schemes to prevent unauthorized software (Famicom Disk System, which was a floppy disk drive for the Japanese version of the NES). This was the physical Nintendo logo embossed on to floppy disk and with a flat disk instead, the disk can’t be physically loaded (sort of, you can add extra cut outs). Other game systems required a logo or similar other brand/trademark/IP to be present in the game code in order to boot, so if you wanted to make your own game without Nintendo’s blessing, you had to invlude their IP in your physical disk or in the game code just to get it to boot. This BMW patent seems to be in the spirit of those hard and software protections that prevent people from doing what they want with the hardware (car) they bought.

Yeah and it’d be cool if they threw in a couple other games to show its versatility. HL3 of course, but a multiplayer game and maybe a unique puzzle game would be a good mix of game types.

I think you’re mixing up ME and 2000. ME (consumer) came after 98 (consumer) and 2000 (business) was the NT (business) version. I ran 2000 for a few years. Huge step up from 98/ME in stability and less eye candy bloat than XP.

Slackware was my first and I didn’t know that package managers existed (or maybe they didn’t at the time) to resolve dependencies and even if they did, they probably lagged on versions. I learned true dependency hell when trying to build my own apache, sendmail, etc from source while missing a ton of dependency libraries (or I needed newer versions) and then keeping things relatively up to date. Masochistic? Definitely for me, but idk how much of that was self inflicted by not using the package tool. Amazing learning at the time. This would have been mainly Slackware 3.x and 4.x. I switched to Debian (not arch BTW).

It appears that it shall be known as the Dalacos Paradox: using something as an example of something that is best ignored or forgotten, thus increasing its attention and preventing it from being forgotten.

EDIT: I found “boomerang effect”, which I think captures this in that you get the opposite of the intended behavior although this seems to be focused more on persuasion rather than bringing attention to something that you don’t want to get attention.

An non political example might be “this book/movie/picture/song is so bad that no one should read/watch/see/hear it”, thus brining attention to it and causing more people to read/watch/see/hear it than would have had it not been mentioned. Most of the stuff I was finding that sounded close seemed to be not quite right (related to persuasion or in the context of counter examples).

I’ve used WxWidgets and Win32 API in C. I suspect OP will quickly learn why electron is popular even though it’s so bloated. That said, sounds like OP wants a light weight and cross platform option, so WxWidgets gets my vote. Granted it’s been over 10 years since I’ve used it.

I agree unless the backend server is including it in the response/response headers for some reason, which wouldn’t make a tool like this work in the general case. I thought maybe there was a Cloudflare API that would inadvertently leak the origin IP in an error response in some special case or something of that nature, but I’d assume they would have patched that rather quickly. I’m very curious if this tool ever worked and if so, how.

If you had a single specific host you were trying to find the origin server for, you could basically scan their ASN and well known data center, particularly the big cloud provider, IPs by sending requests to them with the desired host header to try to find an entry point (load balancer, reverse proxy, web server), but I don’t think that’s practical, particularly with a free API that (presumably) responded in a reasonable amount of time. The underlying API used by the linked script is no longer available, so I don’t know if it worked or response times.

Furthermore, a well configured system should ignore requests not originating from Cloudflare’s IPs (or use a tunnel) to prevent bypassing Cloudflare, although I’ve seen plenty not do this. Cloudflare even publishes the subnets you should allow. Easy to integrate that in to a cron type job, terraform, or other way to keep rules updated even though they’ve very rarely changed.

They’re not actually bad. It’s just a joke that nearly everyone plays along with kind of like Americans using imperial measurements. Americans don’t actually use imperial. Sure, the products may list both measurements, but just for historical reasons. TV shows and movies use them as just another trope, which helps with keeping the illusion up. Anyway, I’m gonna go buy a pound of candy corns and eat the shit out of them.

I was curious as to how it’s done unfortunately that repo won’t answer. All it’s doing is calling a separate http api that returns the IP. I looked quickly and didn’t find a repo for that other API.

I think this was mostly answered in the other comments, so I’ll mention another category of people: felons although perhaps they fall in to the desperate people category because many employers do simple background checks on people and purposefully avoid hiring felons, thus the job prospects of felons is limited.

Why don’t companies hire them? I assume due to perception from that company’s customers, current/potential employees who wouldn’t want to work with felons, and associated risks (depending on the nature of the crime and the business of course).

I know of a company that specifically advertises that they hire felons and that they’re absecind chance employer to help people get their life back together. As far as I understand it’s mostly manual labor and factory type work and I assume they pay less than their competitors, so would have less operating costs. If this is the case, wouldn’t more businesses want to do so?

It may not be overall beneficial. They may attract some customers as they advertise how they’re helping people and by using their services, you’re helping people get their life on track, but they may also lose some customers. For some positions, hiring can be difficult for any company and this may make filling those positions even more difficult/costly such that savings aren’t worth it.

Generally if there’s an easy way to make money/more profit, it would be prevalent, so there’s probably down sides (thst are not necessarily apparent) that out weigh the benefits or people are not trying to maximize profit for some reason (possibly due to bias resulting in incorrect assessments).

It could be, but they seem to get through Cloudflare’s JS. I don’t know if that’s because Cloudflare is failing to flag them for JS verification or if they specifically implement support for Cloudflare’s JS verification since it’s so prevalent. I think it’s probably due to an effective CPU time budget. For example, Google Bot (for search indexing) runs JS for a few seconds and then snapshots the page and indexes it in that snapshot state, so if your JS doesn’t load and run fast enough, you can get broken pages / missing data indexed. At least that’s how it used to work. Anyway, it could be that rather than a time cap, the crawlers have a CPU time cap and Anubis exceeds it whereas Cloudflare’s JS doesn’t – if they did use a cap, they probably set it high enough to bypass Cloudflare given Cloudflare’s popularity.

Is there a particular piece? I’ll comment on what I think are the key points from his article:

1. Wasted energy.

2. It interferes with legitimate human visitors in certain situations. Simple example would be wanting to download a bash script via curl/wget from a repo that’s using Anubis.

3A) It doesn’t strictly meet the requirement of a CAPTCHA (which should be something a human can do easily, but a computer cannot) and the theoretical solution to blocking bots is a CAPTCHA.

and very related

3B) It is actually not that computationally intensive and there’s no reason a bot couldn’t do it.

Maybe there were more, but those are my main takeaways from the article and they’re all legit. The design of Anubis is in many respects awful. It burns energy, breaks (some) functionality for legitimate users, unnecessarily challenges everyone, and probably the worst of it, it is trivial for the implementer of a crawling system to defeat.

I’ll cover wasted energy quickly – I suspect Anubis wastes less electricity than the site would waste servicing bot requests, granted this is site specific as it depends on the resources required to service a request and the rate of bot requests vs legitimate user requests. Still it’s a legitimate criticism.

So why does it work and why am I a fan? It works simply because crawlers haven’t implemented support to break it. It would be quite easy to do so. I’m actually shocked that Anubis isn’t completely ineffective already. I actually was holding out bothering testing it out because I had assumed that it would be adopted rather quickly by sites and given the simplicity in which it can be defeated, that it would be defeated and therefore useless.

I’m quite surprised for a few reasons that it hasn’t been rendered ineffective, but perhaps the crawler operators have decided that it doesn’t make economic sense. I mean if you’re losing say 0.01% (I have no idea) of web content, does that matter for your LLMs? Probably if it was concentrated in niche topic domains where a large amount of that niche content was inaccessible, then they would care, but I suspect that’s not the case. Anyway while defeating Anubis is trivial, it’s not without a (small) cost and even if it is small, it simply might not be worth it.

I think there may also be a legal element. At a certain point, I don’t see how these crawlers aren’t in violation of various laws related to computer access. What i mean is, these crawlers are in fact accessing computer systems without authorization. Granted, you can take the point of view that the act of connecting a computer to the internet is implying consent, that’s not the way the laws are, at least in the countries I’m familiar with. Things like robots.txt can sort of be used to inform what is/isn’t allowed to be accessed, but it’s a separate request and mostly used to help with search engine indexing, not all sites use it, etc. Something like Anubis is very clear and in your face, and I think it would be difficult to claim that a crawler operator specifically bypassed Anubis in a way that was not also unauthorized access.

I’ve dealt with crawlers as part of devops tasks for years and years ago it was almost trivial to block bots with a few heuristics that would need to be updated from time to time or temporarily added. This has become quite difficult and not really practical for people running small sites and probably even for a lot of open source projects that are short on people. Cloudflare is great, but I assure you, it doesn’t stop everything. Even in commercial environments years ago we used Cloudflare enterprise and it absolutely blocked some, but we’d get tons of bot traffic that wasn’t being blocked by Cloudflare. So what do you do if you run a non-profit, FOSS project, or some personal niche site that doesn’t have the money or volunteer time to deal with bots as they come up and those bots are using legitimate user-agents coming from thousands of random IPs (including residential! – it used to be you could block some data center ASNs in a particular country until it stopped).

I guess the summary is, bot blocking could be done substantially better than what Anubis does and with less down side for legitimate users, but it works (for now), so maybe we should only concern ourselves with the user hostile aspect of it at this time – preventing legitimate users from doing legitimate things. With existing tools, I don’t know how else someone running a small site can deal with this easily, cheaply, without introducing things like account sign ups, and without violating people’s privacy. I have some ideas related to this that could offer some big improvements, but I have a lot of other projects I’m bouncing between.

I like forums, but maybe I’m part of the problem. I’ve read a forum obsessively for years without registering an account. Even when I have an account, I rarely post/comment. I’ve been reading Lemmy almost daily for over a year before registering an account and don’t reply much even with an account. Decentralization starts with individuals, so I’m going to try to add signal to the fediverse.

I generally prefer the traditional flat forum UI with oldest first, but that’s mostly a client issue. The problem though is if others are using a different UI the conversation may flow differently (think threaded vs flat forums).

RE karma, a lot of forums show post counts and like counts next to their forum profile, which is often included in every reply, so in some ways, the likes (karma) was a little more in your face. I think there was less astro turfing due to scope of benefit. What I mean is that while traditional forums were decentralized, so was the account and its reputation, so karma (like/post count) farming was isolated to that specific forum/community and if you were astro turfing, you’d get banned and lose that and could not transsfer that to other forums. Services like reddit effectively make this transferrable between forums. I’m concerned about how this will play out as decentralized platforms grow. It could be worse than reddit. I’ve been trying to come up with ways to handle this, but I can find flaws in every idea I’ve had so far.