Attendee: “I really enjoyed the show!”

Me: “What?!”

Attendee (now screaming): “I REALLY ENJOYED THE SHOW!!!”

Me: “Oh! Thanks! I’m glad you had good time! It was really fun!” (It almost always was).

Attendee: “I downloaded [insert Secret Cities album name here] illegally! Hope you don’t mind!”

Me: “Nope!”

I wasn’t lying. I didn’t really mind. We didn’t really mind. The reason is absurdly simple: This person heard our music, and enjoyed it enough to come to a show. Most times, they brought friends along. As a little-known band on the road, what more can you really ask for?

We love it because of the countless conversations like the one I recounted above. We love it because of the stadium’s worth of people that have listened to our songs on YouTube that might never have heard us otherwise. We love it because of that time in Atlanta on our first tour, when kids in the front row were mouthing along with our songs before our first record was even released.

We can’t put a dollar sign on those things. Why would we even want to?

the weirdest thing right now is that everybody KNOWS about it. i’m now famous for my kickstarter.

which is a little depressing. i wish that i could steal all that enthusiasm and high-fiving i’ve getting from strangers in the street (literally) and re-route it to the album when comes out. i don’t want this album to be remembered as “the kickstarter record.”

i do want this record to explode. and i want this record to explode because it is awesome.

The issue is that you then encounter the one thing worse than getting paid peanuts and that’s obscurity. People want to be entertained by music, not have to hunt things down. It has to be easy, which is why Spotify has gained so much traction. If you manage to get an average music fan’s attention on your band (out of the THREE THOUSAND others that released something that week) for 2 seconds and they look on Spotify and it’s not there, do you know what they do? They move on to another song. And you’ve lost your chance of gaining a fan. And the royalty. The number of people who would then spend time searching for alternative listening methods is miniscule.

While none of us have a crystal ball to see exactly which way the future of this business is going to turn, we have been actively embracing all possible legal outlets for our artists and their music. We have given away free album downloads by both Gama Bomb and Wormrot and like to think we keep an open mind on the latest ways people “consume” their music.

I do not believe for one minute the record industry is dying but evolving (as it always has) and it is up to us as record labels to find, develop and build careers for our artists utilizing our accumulative years of experience.

I think it is no coincidence that when Spotify launched here in the USA, we also had our best ever month of sales on iTunes. Spotify is just one of the many new ways that fans can find and listen to new music by our recording artists and should be seen as that and nothing more.”

Fortunately, the type of attack described in the research is difficult to undertake and is unlikely to carry a sufficient risk-reward ratio to interest genuine fraudsters. And, in the unlikely event that such an attack were to take place in the UK marketplace, the banking industry's fraud prevention systems would be able to detect when such an attack had happened.

Nevertheless, publication of such details could encourage nuisance attacks on the payment card systems, undermine public confidence in them and/or give organised crime access to material they might be able to develop further.

The bankers also fret that "future research, which may potentially be more damaging, may also be published in this level of detail". Indeed. Omar is one of my coauthors on a new Chip-and-PIN paper that's been accepted for Financial Cryptography 2011. So here is our Christmas present to the bankers: it means you all have to come to this conference to hear what we have to say!

"The more I have learned about the system, the worse it has gotten," Appelbaum said. "Even if they turn Haystack off, if people try to use it, it still presents a risk.... It would be possible for an adversary to specifically pinpoint individual users of Haystack."

I would like to stress that I am not resigning in shame over the much-maligned test program. It is as bad as Appelbaum makes it out to be. But I maintain that it was a diagnostic tool never intended for dissemination, never mind hype. I did have a solid, reasonable design, and described it in our brief overture of transparency. _That_ is what Haystack would have been. It would have worked!

What I am resigning over is the inability of my organization to operate effectively, maturely, and responsibly. We have been disgraced. I am resigning over dismissing pointed criticism as nonsense. I am resigning over hype trumping security. I am resigning over being misled, and over others being misled in my name.

Just to make it clear: Haystack is not at fault here; the State Department -- I am not so sure. Austin Heap can make whatever statements he likes; the government, however, is supposed to treat such statements with due skepticism and think through the political implications of their endorsement of any technologies. All this fast-tracking stuff would surely reflect bad on the State Department if after an independent security review it does turn out that Haystack has severe security flaws, which its testers -- or other Iranian uses -- may not have been aware of.

And why did Clinton choose to speak about Haystack and not say Tor or any other tool? Also, not very clear. Were the diplomats charmed by all the buzz around Haystack in the media? Possibly. That said, it would be very good to know whether the State Department did ANY analysis/testing of Haystack's claimed capabilities, thought through how well it could scale in Iran, and whether they may be hurting its users in Iran -- current and future ones -- by lining up behind them. Were these questions asked and answered?

I like Hollywood as much as the next guy -- and yet something just doesn't feel right about Haystack. What really bothers me is that one cannot download and examine their software; as far as the Internet is concerned, Haystack doesn't exist. In fact, Heap says that it is only distributed to trusted contacts inside Iran; putting it online would create a situation where the government could easily get hold of it as well and then reverse-engineer it or ban it or find a way to track its users.

So, in essence, the outside public - including Iranians -- are asked to believe that a) Haystack software exists b) Haystack software works c) Haystack software rocks d) the Iranian government doesn't yet have a copy of it, nor do they know that Haystack rocks & works. (And who could fault them for not reading Newsweek? I certainly can't). For someone with my Eastern European sensibilities, that's a lot of stuff to believe in. Even Santa -- we call him Ded Moroz -- appears more plausible in comparison.

To me, it seems like a no-brainer: if you want to distribute technology that may endanger lives, make sure that the technology is secure. The only good way that I know of to make sure that it's secure is to let outsiders test it.

Almost every good idea has already been built. Sometimes new ideas are just ahead of their time. There were probably 50 companies that tried to do viral video sharing before YouTube. Before 2005, when YouTube was founded, relatively few users had broadband and video cameras. YouTube also took advantage of the latest version of Flash that could play videos seamlessly.

Other times existing companies simply didn't execute well. Google and Facebook launched long after their competitors, but executed incredibly well and focused on the right things. When Google launched, other search engines like Yahoo, Excite, and Lycos were focused on becoming multipurpose "portals" and had de-prioritized search (Yahoo even outsourced their search technology).

The fact that other entrepreneurs thought the idea was good enough to build can be a positive signal. They probably went through some kind of vetting process like talking to target users and doing some market research. By launching later, you can piggyback off the work they've already done.

Startups are primarly competing against indifference, lack of awareness, and lack of understanding -- not other startups. For web startups this means you should worry about users simply not coming to your site, or when they do come, hitting the BACK button.

One of our free titles was the #1 download on Amazon for the entire month of February. The subsequent sales of books 2 and 3 in the series increased by a rate of 20 to 1. For this series, digital sales are approaching 20% of the total product sales distribution and growing. With the visibility of the digital sales on Amazon, we have seen a substantial increase in print sales to the brick and mortar book chains. In this one instance, digital is driving print sales.

Much of the talk by the big 6 publishers has been stress over cannibalization of print sales, or the idea of replacement sales, by ebooks. For midlist publishers such as ourselves, I believe we fight against substitution. We capture the "browser" market. If our title is not available or visible, a customer will simply substitute for another one in the genre. Free gave us the visibility that we could not purchase.

In 2008, 1,500 releases broke the "obscurity line" (sold over 10,000 albums).

Out of [those], 227 artists broke the "obscurity line" for the first time ever.

Out of the 227 first-timers, 14 artists did it own their own; approximately 106 were signed to a major; the rest were signed to indies.

Tommy Boy is more than a record company; we don't consider ourselves a record company anymore, we're much more than that. Now we're sort of a strategic artists positioning company, and our job is to take an artist from where they are in revenues to a much higher number. If we work with Artist A that's making half a million dollars a year, our goal is we take them to a million in year one, two million in year two, and three or four in year three. That's our goal. And then we take a percentage of that revenue. And we're talking about dollars, not record sales, because we may decide to give the records away, and we may only make about 10% of our money from the music and master use or 20% and the rest of it will come from touring and merch, publishing and possibly sync and other things. We'e not concerned with where the money comes from as long as it comes.

Tommy Boy is known for building brands, from Queen Latifah and Ru Paul, to De La Soul and Afrika Bambaataa, Naughty by Nature, House of Pain, so many household names now that you know. When you mention the name, you can see them; like Digital Underground, when you close your eyes, an image of who they are comes up. Coolio ... they all became significant brands, and that's what we did. Tommy Boy is itself as a significant brand. We're not just a record company. Our business always was building brands. How we used to make money was selling records; but we don't see it as the way we can make money now. It's one of the streams of revenue that we can make money from, but it's no longer the most significant or even the second most significant way we'll be making money. We can no longer be limited in how we see artists to the music domain. It's more than the music. We have to work with the artist's positioning.

"We're kind of more worried about being ignored than being ripped off."