For certain reasons, I had to implement HLS Push for web delivery at Akamai in the past few days, and I’m so annoyed that I have to blog about it.

What is this HLS stuff?

For those of you who don’t know what HLS is, the format has become the de facto standard for videos and livestreams on the web. It usually consists of several media playlists (like Winamp back in the day), one for each video resolution. And there is the so-called master playlist, which links the other playlists. The master playlist is only read once by the video player.

The media playlist for the currently used resolution is called up regularly at intervals of several seconds during livestreams to see whether new media segments - i.e., audio and video in short clips of 1 to 60 seconds in length - have been added. So much for the theory.

How does the retrieval normally work?

Imagine you have a server that produces this livestream. It works reasonably well so far, but you don’t want all your viewers to access this server via HTTPS. After all, it has other things to do than deliver data to the internet. So you could put a CDN in front of it.

This retrieves the playlists and video segments from your server and distributes them to the browsers out there, taking the load off your server. This is the usual HLS pull and actually, all CDNs do exactly this.

But then Akamai came along and thought, “Hold my beer; we’re going to break that!”

What is Akamai doing differently now?

Akamai probably thought, “Why don’t we just have the data pushed directly into our system? Then it’s already available as soon as the user requests come in, and we don’t have to retrieve it anywhere else first”.

So far, the theory is certainly good and reasonably well thought out. But only in theory; just because the segments are in the system doesn’t mean that Akamai will deliver them.

The requirement was to send an audio stream with 2 different bitrates in HLS format to Akamai. This means that we have 3 playlists here, so 1x master + 2x media playlists for the different bitrates.

As soon as new segments are produced, they are uploaded to the Akamai endpoint, and then the media playlists are updated and uploaded. Also, straightforward so far. It’s just a pity that the player keeps giving up when playing these streams because the segments return an Error 404 Not Found when called up.

The first thought: Maybe it hasn’t been distributed internally yet. Could happen. So I add a delay before adding the segment to the playlist. This gives Akamai a little time to distribute it internally. The attempts fail, of course. Even after a 5-second delay for a 2-second segment, it’s a few KB of data, and we get many 404 Not Found responses.

The alternative to the delay

Holy shit! Let’s not give it a fixed time, but simply make a HEAD request to the segment URL. So we don’t retrieve the segment completely, but only the HTTP header, which already tells us whether the file is available.
And now guess!

You’re right, it works! At least for a few seconds. Because just because your server that pushes the segments receives the status 200 OK does not mean that the other CDN endpoints (PoPs) worldwide will also deliver this segment. But instead of taking a bit of time internally to pull the segment from their own caches, these Akamai idiots deliver a 404 Not Found status to the user client.

If you try to get it a second later, it is also delivered perfectly, but unfortunately, in this case, I have no influence on the player configurations to configure the retry.

So, let’s be honest: how did this bunch of idiots become one of the biggest CDNs? I wonder if they ever use their own stuff.

Twitch has published some new information about the new DJ program, which starts next week on Thursday, on August 1st, 2024.

This program is a reaction to the fact that it has been unclear for years how you can actually “legally” stream music on Twitch. With the start of the coronavirus pandemic, the world, for many DJs, virtually came to an end. Events and therefore their gigs were canceled, and some people and even companies had to fear for their existence.
Streaming on Twitch came at just the right time. And the music industry was like, “Are we a joke to you?”

Twitch switched to paying money out of its pocket to copyright holders to fend off any lawsuits. This will remain partly the case, but in the future, the streamer and Twitch will share this fee.

What I found most exciting and best was the point that DJs have to opt in to the DJ program. When a streamer does not do this, strikes will be issued much more quickly, and the channel may even be blocked. Participation in this program should ensure that you no longer have VoD and clip features on your channel in the future. Not even if the stream is currently being played.

By the way, accounts activated for the program ALWAYS pay a percentage of all Twitch revenue (i.e., via subs, bits, etc.) to the rights holders, regardless of whether the channel is currently streaming music, playing a game, or broadcasting “just chatting”, IRL, whatever. In return, streamers are free to operate secondary channels with which they can generate revenue without paying a fee. But of course, these channels have to collect the reach first.

Another interesting thing is that streamers who are live in “Just Chatting”, but play music from a DJ playing in the background — there are a few famous examples, for example, from a pub in Bremen — must also participate in the DJ program. Otherwise, the strike-and-block story applies again. It’s going to be so much fun.

There is only a percentage value at the start of the program, which is deducted before Twitch pays out. The figures currently in circulation are around 20% of the revenue. So from just under €5 for a sub, the usual €2.50 is withheld by Twitch with the usual 50-50 rule, plus another euro for the levy to the rights holders. The streamer therefore receives around €1.50. These figures are, of course, only rough values, as the conversion between US dollars and euros often results in less.

But you are on the safe side.

Moreover, very interesting is that there will be an artist blacklist that will not participate in this rights’ holder issue on Twitch via or with their record company. There are currently about 70 artists worldwide on the list. That’s not a lot and will hardly be noticed. However, the artist Prince, Tafkap or whatever he called himself was mentioned as an example.

In the future, Twitch will also use music fingerprinting. This means that if pre-releases are played that are not on a whitelist or catalog for release, the DJ will have a hard time. This fingerprinting is used to distribute the money to the artists accordingly.

And what happens with your music or mashups, i.e., other people’s music mixed with other music? This is supposedly not a problem at this time. Let’s see how well the fingerprinting works. If it’s as great as on YouTube, it’ll be hilarious. But without VODs, it’s only half as bad, as you’re not deprived of monetization.

A few days ago I wrote about how “excited” I was about the BlueSky export format because I wanted to fill my social page.

Today I wanted to do that with LinkedIn. I had to wait almost 24 hours for my 207 kB export. You have to build such slow systems first.

The wait was really worth it (not!) because in the end I somehow only wrote five real posts. However, I could only take over 4 of them because the fifth one is simply gone. GONE!

It’s still in the CSV, even with a URL. If you visit this URL, it says that the post cannot be displayed:

I would therefore strongly advise you not to post anything on LinkedIn that could be important to you one day. Probably another case of: Well, software problem. Can’t do anything against it!

This week was really exhausting, I tell you!

Monday and Tuesday in London. Directly 23,500 steps put down on Monday, when I went with the colleague through the city.
I was a little afraid that I wouldn’t get there at all, since the news was full of airport reports that didn’t encourage me much. You should be at the airport two to two and a half hours before departure so that you get your flight in time. Well, I was through security after 9 (nine!) minutes and then got to spend a nice 3 hours at the airport. Yeah!

On the train ride from Gatwick Airport to the City of London, I noticed that the railroads there do a few things more right than we do in Germany:

• if you’re not on the train, the staff doesn’t care at all - the train leaves because the next regional train is coming in about 15 minutes anyway.
• the line has 4 tracks - the two outer tracks for the slower trains, which stop everywhere; the two middle tracks for the faster trains
• on the trains, the cameras are used to generate a level indicator for every single coach

One negative point: Corona does not exist there. We got off the train in London with our masks on and a group of young men laughed at us with finger pointing.
Otherwise, the city is and remains actually quite cool, despite Brexit. You can feel the history of this remarkable city every time. I really love it!

Our appointment on Tuesday took place at a London WeWork, which is directly across the street from the London Tower. What an incredibly awesome location this is!

All in all a great trip, the city as full as ever and I have to say that I think it’s totally great that the metropolis has a congestion charge that actually does something. I have seen during the day virtually 99% only company vehicles and public transport. Only a few four-wheeled vehicles were private. German cities could learn a thing or two from this.

The rest of the week was dominated by the fact that we helped a state parliament in Germany livestream their plenary sessions. That was a lot of politics all at once. It really makes your head explode, I tell you! After that, it was also directly necessary to sleep for 11 hours at a stretch.

Oh yeah, in case you’re wondering, did I at least catch it in London? The test says no. Nice!

Do you already have some followers on TikTok? Maybe you’re even a minor celebrity? Well, then you’re probably not overweight, poor, or unattractive - however you want to define it all.

On The Intercept, internal guidelines for TikTok moderators have been published, which arguably prove that the Chinese platform deliberately favors pretty, rich, slim - in other words, what is somehow described as attractive in various minds - and ranks them higher in order to attract and keep more people on the platform.

Well, this reflects exactly what everyone already perceives on Instagram.

It’s just not funny anymore!

Last week the package Node-IPC got a dependency that simply deletes files from the hard disk after detecting a Russian IP of the user and creates a file on the desktop to demonstrate against the war.

The developer probably got a few pizzas and a visit from the local police after “some” complaints, including from NGOs. Of course he didn’t remove the dependencies in a commit, but just did a force push on the master to an old git state. So that in 2 years nobody will know what kind of shit he built.
But the hard part is: version 11 is still in the NPM repo. He probably can’t get it out of there. So you have a malware in NPM, but no code for it anymore. Yeah!

But wait, that’s not it yet!

Now a Github user named qpwo comes around the corner and just builds a different malware for Node which publishes all SSH keys of the user. Why? To show what a crap NPM is and how “great” it is that the function to report malware simply remains ineffective. It is there, but nothing happens for days. Probably too many tickets came in and it was easier for Github or Microsoft, the owners of NPM, to close their eyes instead of taking stronger action against malware.

But I have to use NodeJS!
Well, I sure hope there’s no one standing next to you forcing you to do that. But if the child has fallen into the well, please run NodeJS only and exclusively in a secure environment like something container-like. But of course you shouldn’t have any secrets in there, because the next malware will come around the corner and push not only SSH private keys, but also all ENV variables somewhere - out of your control.

It bothers me a bit that we have now reached dependency hells. It’s not just NPM, but every modern language that needs dependencies of dependencies of dependencies and then downloads half the internet before the first use. Just the other day a colleague installed two linters for a pure HTML/CSS project: ESLint and Stylelint (+ Stylelint Config Standard). These things have 462 dependencies installed. 462! It’s so broken!

In reality check, yes, there is no way for normal developers to trust anyone anymore. What company, other than the really big one, takes the time to actually review or at least skim the dependencies?
And everyone who has repositories with node packages on Github knows how often a pull request from dependabot comes in, pointing out how many security holes you have lying around.

The ecosystem is so broken, but I’m not surprised anymore that Fefe just laughs his ass off over the argument: “Software bug, can’t do anything!”

Update: The readme of the intentional malware package additionally advises against using Docker, as there are too many break-out vulnerabilities for someone who really wants to harm you to succeed.

2nd update: Markus asked on Twitter, what you can do now. Good question! As written, theoretically you would have to start reviewing all dependencies now. Or build them yourself, with the appropriate consequences - i.e. no maintenance, security holes, etc. Can’t you? Well, that’s stupid now.
In the end, the answer is the same as with your hosting providers: Trust. So not necessarily blind trust. As a developer, you can lose that very quickly. And if a package has countless dependencies, first assume that the developers of the library or framework had no idea what they were doing. In the end, this article only serves to raise awareness for the problems that you yourself had not thought of before.

3rd update: Originally I wrote that the malware reporting feature on NPM has been removed, however Github/npm simply does not respond for several days when reporting malware via the feature.

Has it really been almost 4 months since the last blog post? And every time I take myself again to blog more.

And now I try it again, because there are a lot of things floating around in my head. But that follows in the next few days 😉

Due to the lack of alternatives you’re currently faced with 3 big questions:

1. do I want a virtual assistant? And if the answer is "yes":
2. do I prefer Amazon’s Alexa?
3. do I prefer Google Assistant?

For many people in Germany, the answer to the first question is: "For God’s sake, no! A spy like that won’t come into my house!" You may stop reading now, this article is not for you.

In my household, the answer to the other two questions was: "Phew, let’s try both systems and see what becomes a standard. After almost 2 years with Alexa on Amazon’s Echo devices and more than 2 years with the Google Assistant on Google Homes, both systems distributed throughout the house – each room equipped with both systems – I draw my personal conclusion that the Google Assistant is worlds better than the Alexa.

Advantages and disadvantages of Alexa

Getting started with Amazon’s devices is very easy. The biggest online shop is nearly giving the devices to customers for free – I started with the big tube, then I went on with the small Echo, later I got the first Echo Show and then the second generation Show.

Once you have equipped the rest of the family with an Echo Show, you can finally use the video telephony in your living room, which has been propagated for decades but has never really been implemented. It’s easy to use, but you’re limited to mobile phones as alternative devices if you don’t own an Echo Show.

For the Amazon devices you get a lot of so-called skills, i.e. possibilities of interaction, which then triggers "something", e.g. switching the lights on and off. I used these skills not only for simple light things, but also for home automation.

Amazon initially gave away a lot of Echo devices at skill programming workshops to get developers to flood the skill store. It was also very easy to create a skill - briefly set the sentence that the user has to say, set the target script where the statement should be triggered on the Internet, and the skill is ready.

What bothers me personally are the fixed sentences. Apart from the fact that you can’t think as stupid as the end user anyway, translated skills from non-German companies are rather ugly and the whole thing is very halting. This makes the use of Alexa’s simply too uncomfortable for normal consumers.

The name and trigger words of Alexa are also extremely counterproductive. If you watch movies about "Alexander the Great", it is advisable to switch off the microphone first. The alternatives like "Echo" and "Computer" aren’t really better either.

If I would like to know anything from Alexa, Bing is used as a search engine in the background, which leads to the fact that the answer is complete crap very often.

Advantages and disadvantages of Google Assistant

Google doesn’t really make it difficult to get started with your own assistant. Many shops throw the Google home mini devices literally after you. Also here I started with the first tubes, which were only half as high as the Echos, but nevertheless offered very good sound.

Shortly afterwards, small versions of the Google Home devices came out, just like from Amazon, but thanks to the fabric cover and the round edges, the first version was prettier than the Echos.

The development of “Actions”, the skills for the Google Assistant, is a bit more complicated. As a developer you can use helpers like Dialogflow (formerly known as api.ai) to use machine learning for what users try to say and how to tune it. Of course Dialogflow can also be used for Alexa Skills, but you still have to export what they have learned and re-import it for the Skills.

If a developer wants to control devices, these device groups have to be provided by Google – this made it impossible to support my external blinds for a long time, but Google has also improved this for a few months now. Unfortunately, eQ-3 with Homematic IP is not able or willing to offer support here. The company simply does not want to realize that this leads me to the consideration of exchanging this system as well.

And despite missing support on the part of some German companies the Google Assistant works nevertheless really substantially better and more intuitively in the operation, than Alexa. The products of Google are really clearly more valuable, than Amazon’s devices.

What Google can do really well in contrast to Alexa, however, is the assignment of the currently speaking person to Google accounts and also the use of several languages at the same time. Some actions are curtained in English, but not in German. The fundamental conversion to English in a German-speaking household would then be rather annoying.

The important difference

In my opinion, the biggest difference between the two systems is simply that you notice what they were created for. The Google Assistant was created to help people understand and use voice control in everyday life, that you can also learn and control with your speech. At Amazon they wanted to put a device on the market that could be used for shopping via speech and that could even do other things. Maybe.

The natural speech input and output, the more pleasant output voices, as well as better answers to everyday questions, make the Google Assistant with the Google devices the better assistant for me and my home.

Disadvantage: I must equip the rest of the family with another videotelephony system now 😉

As always, this is my personal opinion. If you have another opinion or experience, I would love to read it on your blog.

Several weeks ago I synchronized my favorite playlist to the phone, so I was forced to test the offline functionality on the plane.

Music is playing - what could go wrong?

Said and done: headphones on, music on. So far so good. YT Music only plays the music of Youtube videos that were recognized as music. So if you have also favored a lecture, it is not to be heard.

Videos are not music

Basically you can’t do anything wrong with a music player - but as a user you notice that it’s Youtube. You can listen to songs which are available on Google Play Music in YT music as you do on Spotify & Co.

However, if you have started to add videos to the playlist, the audio stream contains all the stuff that can be heard in the video, eg. an intro like in many music videos or even an outro, as in this video. That’s really annoying when it comes to listening pleasure. Now you could start to maintain separate playlists, but for me playlists are like tagging - if I have a song from the 90s, I don’t want to put it into both playlists “90s Audio” and “90s Video”.

And then of course there’s the already missing feature to upload your own music. I have so much music from the 90s and early 2000s that YT and Play Music don’t provide. Same with the other streaming services. Sometimes you can’t even buy them digitally. And that’s annoying. I even thought about switching to Amazon Music Unlimited a few months ago, but then they switched off the music upload feature.

Crashes

I recently heard that Youtube Music crashed all the time for some people. Well, for me a crash is associated with the message “Unfortunately Youtube Music has stopped”. I didn’t get this.

However, all this still doesn’t work out so well. Whenever I pressed Pause, the software quits itself after a few minutes. Maybe it drew too much energy and was killed by the system or it quits itself, because it is unused since period X. But that’s annoying.

Also, the sound likes to jerk sometimes, which I couldn’t see with Play Music in this form.

Conclusion

So as soon as Google turns Play Music off, it could be a very exciting thing for me as long as they haven’t moved all the existing features. For me, local players/playlists/MP3 files are out of the question. I want to stream it and I don’t want to run a file management system and even not my own streaming server.

Woohoo! I just uploaded my first YouTube video. Of course I uploaded videos before, but never published them, because they were party videos with SingStar or made some tests for apps I developed that uploaded videos to YT.

But in the last days I were part of the Online Marketing Rockstars 2018 event and I put a small camera to my office’s point of view and created a small timelapse video at the entrance of the first fair exhibition hall, where all the visitors entered the fairground.