Thursday, June 19, 2025

Unlocking Our Inner Musicians: My Journey with AI Music Tools

Table of Contents

Introduction: The Unforeseen Addiction to AI Music Creation

I recently stumbled upon Suno, an AI music generation tool, and I have to confess: I was almost instantly hooked! As someone who knows little about music beyond what fills my personal playlists, the idea of creating my own songs seemed utterly beyond reach. Yet, here I am, crafting full tracks from simple ideas, and it's exhilarating.

My initial foray into Suno, however, quickly highlighted a gap in my musical knowledge. I found myself scratching my head, trying to recall specific musical styles to guide the AI effectively. This minor hurdle, coupled with the realization that truly beginner-friendly tutorials are hard to come by, inspired me to share my own journey and the insights I've gathered. This post is for anyone curious about diving into AI music, especially if, like me, you're starting from square one.

Getting Started: Demystifying Suno's Credit System & Pricing

One of the first things that frustrated me about Suno is the hidden pricing structure – you can't easily see it without signing up. The good news is that if you just want to dabble, you can create 5 songs a day in pairs with 50 credits.

  • Free Tier: Every day, free accounts receive 50 credits, allowing you to generate 5 songs in pairs. These credits typically refresh around midnight UTC (which, for me in CST, means 7 PM). While I'm unsure if daylight saving time shifts this, it's a consistent daily refresh.
  • New Account Bonus: When you first sign up, you're usually granted 100 credits that primarily work with Model v3.5 (which creates songs up to 3.5 minutes long) and sometimes an additional 20 one-time gift credits for limited use with Model v4 (for songs up to 4 minutes). If your lyrics are longer than these limits, your songs will simply be cut off.

Once you get into it and start really enjoying the process (let's be honest, "addicted" is a good word!), you'll want to make 10 or 20 songs in a row. One idea often leads to another, and having to wait a day would definitely interrupt the flow. That’s where a paid plan comes in handy.

Suno's Paid Plans:

Suno offers three main plans, with annual subscriptions providing a 20% discount:

  • Free: 50 credits per day.
  • Pro: $10 for 2,500 credits per month, or $96 for a year (-20%).
  • Premium: $30 for 10,000 credits per month, or $288 for a year (-20%).

Premium might look like a better deal with 4x the songs for 3x the money, but the catch is that any unused credits at the end of the month don’t roll over. Unless you’re a full-time musician or a very prolific creator, the Pro plan seems to offer the best value, providing ample credits without the pressure to use a massive monthly allocation.

Flexible Credit Top-Ups:

Suno also offers a great solution for those who hit their monthly limit or prefer not to commit to a subscription: one-time credit blocks that do not expire! They are sold in four block sizes at $4 per 500 credits, costing $4, $8, $16, or $30. That's approximately 8 cents for each pair generated. If one used every monthly credit, the cost per pair would be roughly 4 cents on Pro and 3 cents on Premium, paying per month. If you use all your subscription credits before a month is out, you'll revert to 50 credits a day like free accounts until the next month's refresh.

Important Note on Credit Usage: Here’s what Suno says about credits: “Credits included in subscriptions do not carry over from day to day or month to month. Purchased top-up credits do not expire, but require an active subscription to use.” This means your purchased top-up credits only become accessible when you have an active Pro or Premium subscription.

Share the Music, Earn Credits!

You can also earn additional credits by inviting friends! When someone signs up using your referral link and generates 10 songs, you receive a bonus (up to 2,500 credits for up to 10 friends).

If you don’t have a referral link from your own friends, please feel free to use mine:

https://suno.com/invite/@marksz

Beyond Suno: Discovering Riffusion (An Unlimited Alternative!)

After playing with Suno for a while, I ran across this video about Riffusion:

"A New AI Music King is Here and it's Totally FREE & Unlimited!"

Please use my referral link to try it!

https://riffusion.com?r=WhiteMagic

Riffusion Caveats:

While the "unlimited" aspect is appealing, Riffusion does have a few quirks to be aware of:

  • Studio Mode: Activating "Studio mode" consumes a minimum of one hour of time each time it is activated, regardless of how soon you turn it off. Don't try to get more time by turning it on and off between generations as that will just burn it up much faster!
  • Song Length & Lyrics: Song length is limited to 4 minutes. However, you might notice that lyrics are often not fully performed as the song approaches its 4-minute mark.

Suno vs. Riffusion: A Quick Comparison

To help you compare the pros and cons of each, here's a side-by-side list:

Suno Likes:

  • Robust Internal Community Features: Suno itself acts like a social media platform with promoted genres, trending songs, playlists, hashtag challenges, and suggested similar songs within its ecosystem. You can follow other creators and discover new music directly on the platform.
  • User Experience: Left menu links can all be opened in new tabs, improving workflow.
  • Quality Consistency: Songs generally yield at least one decent rendition on the first try, reducing the need for multiple generations.
  • Rapid Development: New features and improvements are released frequently, keeping the platform fresh. They also have active feature suggestion sections in their Discord channel.

Suno Dislikes:

  • No Light Theme: Currently, there's no official light theme option, and the CSS is too complex for easy user customization.
  • No Unlimited Mode & Complex Pricing: There's no truly "unlimited" generation mode, and the credit-based pricing can feel less straightforward and perhaps not always a bargain.
  • Bug Resolution: Due to rapid feature development, some bugs may not be addressed as quickly as users might hope.
  • Play Bar Persistence: It needs a close button to see what it covers.
  • Limited Direct External Sharing & No Embedding: While you can share links to your Suno songs on external social media, there isn't a direct, seamless integration for sharing like embedding playable audio directly into a tweet or an Instagram story. Crucially, Suno actively blocks embedding via iframes, meaning you cannot easily host a playable version of your Suno song directly on your own website or blog without directing users back to the Suno platform.

Riffusion Likes:

  • Unlimited Free Generation: The major draw – unlimited song generation even at the free level (with only a modest 1-5 minute queue for processing).
  • Decent Quality: Offers good quality results, but a seemingly narrower training base.
  • Clean User Interface: Features a clean and simple light theme with responsive CSS, so it works nicely on any device without the need for a dedicated app.
  • Prompts Saved:  Lyrics generated with a prompt show the prompt, so you can easily use it again, or modify it for variation on a theme.
  • Lyrics Vary: Prompt generated lyrics vary in generated pairs.

Riffusion Dislikes:

  • Limited Navigation: While every menu item has its own link that you can bookmark, you can't right-click them to open in a new tab, which hinders the ability to compartmentalize projects efficiently.
  • Limited Features: It lacks a lot of the Suno features that make it easy to find songs similar to your own creations and liked songs.

Discord Community

Both Suno and Riffusion maintain active Discord groups, which can be great resources for tips, community support, and staying updated on new features.

AI Music and Creative Tools: Updates (June 2025)

The rapid advancement of AI music generation has sparked significant debate and controversy, particularly concerning artists' rights and the potential impact on their livelihoods. A core issue revolves around the data used to train these AI models.

Many AI music generators are trained on vast datasets of existing music, which often includes copyrighted material. Artists and rights holders argue that this training without explicit permission or compensation constitutes copyright infringement. This raises fundamental questions about who owns the "style" or "sound" of a particular artist or genre, and whether AI models are merely learning from or directly copying these elements.

Beyond copyright, there are concerns about the economic impact on musicians, songwriters, and producers. If AI can generate high-quality, customized music quickly and cheaply, it could potentially devalue human-created music, reduce opportunities for artists to get paid for their work, and even diminish the demand for traditional music production services. The fear is that AI, while a powerful tool, could displace human creativity rather than augment it, leading to a race to the bottom for musical talent.

Lawsuits and legislative efforts are ongoing globally as artists and industry organizations push for greater transparency, fair compensation, and clear regulations regarding AI training data and the commercial use of AI-generated content. This evolving landscape means that the legal and ethical implications of AI music are far from settled.

Here's a sample of various AI music and creative tools, along with their free offerings.   Please leave a comment to add your favorites to this list!                                                                      

AI Song GeneratorFree Songs Per DayReference
RiffusionUnlimited songs for free ('Slight queue delay)Details
Suno50 free credits per day (5 song pairs)Details
Brev AI20 free credits per day (4 song pairs)Details
AIMusicGen6 free credits per day (3 song pairs)Details
Loudly15 free song creations per day, 1 download per dayDetails
Mubert25 free tracks per monthDetails
AIVA3 free downloads per monthDetails
Soundful1 free MP3 download per monthDetails
UdioFree plan with limited features + earn credits by reviewingDetails
MusicMuse3 free songs per day (1 credit = 1 song pair)Details
Xound.ioLimited to a trial of 30-second max songsDetails
MakeSong10-song free trial (0/day after trial)Details
SoundrawFree trial availableDetails
Beatoven5 free 1-minute songs per month, no lyricsDetails
If you find another site that's useful at the free level, please leave a comment so I may expand this table!

Deep Dive into AI Music Creation: Tips & Advanced Concepts

For those ready to go beyond the basics, here are some ideas to expand your understanding and improve your AI music creations:

Running Open-Source AI Music Software Locally (for the Tech-Savvy):

For ultimate control and potentially unlimited, free generation (though requiring significant computing power and setup), you can explore running open-source models on your own machine.

Understanding AI Model Approaches: CoT vs. ICL

When working with AI music models, it's helpful to understand two core approaches:

  • Chain-of-Thought (CoT) Models: These models, like Suno, primarily generate songs based on lyrical content and genre prompts. They "reason" through the input to produce a coherent and musically appropriate song from scratch.
  • In-Context Learning (ICL) Models: With ICL, you provide it with a reference audio segment (e.g., 30 seconds of an existing song, either instrumental, vocal, or mixed). The model then tries to generate a new song with new lyrics that has a similar style, vocal characteristics, or musicality to the provided audio reference. This is powerful for creating variations or songs "in the style of" something specific.

Crafting Effective Prompts for Suno:

Your prompts are key to getting the results you want. Here are some tips:

  • Pronunciation: Phonetic spellings will generally be pronounced better by the AI than unusual acronyms or highly stylized words.
  • Model Version Differences:
    • v3.5 (Free & Paid): Tends to repeat a single short verse, filling the song length with repetition. This is the primary model for free users.
    • v4.0 (Limited Free Access & Paid): Plays a verse once, then fills the remaining time with instrumentals and potentially vocalizations without words. Free users often get limited access to this model as a trial.
    • v4.5 (Paid - Pro & Premium Only): This is the latest and most advanced model. It offers significantly enhanced voices, more complex sounds, smarter prompt interpretations, and can generate songs up to 8 minutes long while maintaining quality and coherence. Access to v4.5 and its full feature set (like advanced editing, Covers, and Personas) generally requires a paid subscription.
  • Using Personas Effectively: Personas can be powerful, but they might introduce a mix of words from the original song. A common "hack" is to load the persona, then immediately delete the persona name, keeping only the specific styles you wish to include or exclude.
  • Simple Prompts & Hints: Start simple! For parody or satire, you can often approximate your favorite songs or artists by using auto-generated lyrics combined with general style suggestions, as artist names are typically not allowed in prompts.
  • Shorthand for Prompts: To fit more information into Suno's 200-character prompt limit (for style/description, lyrics can be longer), use shorthand:
    • | instead of "or"
    • & instead of "and"
    • Omit spaces (e.g., Parody:SoundofMusic)
  • Use Examples: If you have a specific theme or mood in mind, providing examples (even short phrases) can clarify your intention to the AI.

Maximizing Your Suno Experience:

  • Visuals: While Suno's default song art is convenient, it's usually not eye-catching. Consider using free AI tools (listed below) to create better images and video loops to accompany your best songs for sharing.
  • Community Inspiration (Within Suno):
    • Browse Other Songs: Explore songs from other users for inspiration and to learn about different styles and prompt techniques. This is a great way to "train your inner AI"!
    • Engage: Give "thumbs up" and "follows" to songs and creators you like. This not only supports others but also helps your own songs gain attention.
    • Playlists & "For You": Use playlists to track examples you like. Following creators and liking songs will help the "For You" list (https://suno.com/for-you) on your Home page better curate content for you based on the styles you create or enjoy.
    • Follow Personas: Follow other creators' personas so you can easily find and reference them in your own library.
  • Playlist URL Hacks: You can sometimes "hack" the URLs for custom genres not officially listed on Suno's master list to create specific playlists.
    • Example: For a genre like "Broadway Musical" you can bookmark a link like: https://suno.com/style/Broadway%20Musical

Desired Features (Hopefully Coming Soon!):

Based on my experience, here are some features that would significantly enhance the user experience:

  • Multi-Song Playlist Management: The ability to add multiple songs to a playlist, or select multiple playlists for one song (available in the Android app, but not desktop currently).
  • Listen Later/Queue Button: A dedicated "listen later" or "add to queue" button.
  • Repeat Options: A repeat button for a playlist or individual track (like in VLC).
  • Bulk Download: An automation feature for bulk downloading your songs to back up your work. (Be mindful of Suno's terms; they reserve the right to delete anything deemed offensive!)

It's crucial to understand the terms of service when using AI music generators, especially if you plan to use your creations commercially.

Important Note on Content Ownership: Music Generation sites all pretty much own any lyrics you generate from a prompt, or at least claim broad licenses. To minimize copyright complications, consider using a separate AI like Gemini or Copilot to write your lyrics. This way, you at least retain ownership of the lyrical portion of a song that might gain popularity!

Additional Resources & Tools

Free AI Tools for Better Visuals (Images & Video Loops):

Enhance your songs with engaging visuals.

Finding UserScripts for AI Music Sites:

For advanced users, UserScripts can extend functionality. You can find many user-contributed scripts on platforms like Greasy Fork. Simply search for "suno" or "riffusion" on their site to see available scripts, or use these links:


Song Examples:

When reviewing your songs, or those of others notice:

  • Lyrics likely from simple prompts
  • Catchy graphics
  • Useful Directives
  • Creative styles
https://suno.com/playlist/ef25b89c-9173-4761-a651-9c3bf3708d73
https://www.riffusion.com/playlist/26fd0458-e60e-48aa-9370-1c55af07e7c5

Conclusion

AI music generation tools like Suno and Riffusion are incredibly powerful and accessible, even for those of us with no formal musical training. They open up a world of creative possibilities, allowing you to turn simple ideas into full-fledged songs. While each platform has its unique strengths and limitations, the journey of experimentation and discovery is truly rewarding. So, jump in, play around, and unlock your inner musician – you might just surprise yourself!

Posted by at No comments:

Tuesday, June 10, 2025

AI Music Generation: Toys, Joys, or a Threat? (DRAFT)

 HTML Table of Contents  to blog topics to insert here

Introduction

I was recently introduced to Suno, and I have to say, I was almost instantly addicted!

I know little about music, except for what I like to listen to. However, I quickly realized my knowledge is incomplete. I don't know the names of many musical styles, which makes it a bit tricky to use Suno effectively.

I never thought I could create music before. Now, I find it so much fun to take simple ideas and see them implemented as full songs!

While many tutorials exist online, few offer a basic starting point for beginners like me. That's why I wanted to share my experience and some tips.

Cost

One thing that is annoying about Suno is that you can’t see the pricing on the homepage without signing up for an account first. The good news is, if you just want to dabble with it a bit, you can create 5 songs a day in pairs with 50 credits. These credits reset to 50 every night at what I'm guessing is midnight UTC. I'm not sure if daylight time will affect this, but I currently see my credits refresh at 7 PM CST.
When you sign up for a new account, you start with 100 credits that work with model v3.5 (limited to 3.5 minutes). You also get 20 credits as a one-time gift for model 4 (limited to 4 minutes). If you have long lyrics, your songs will just get cut off at those time limits.
Once you get into it and start really enjoying the process (let's be honest, "addicted" is a good word!), you'll want to make 10 or 20 songs in a row. One idea often leads to another, and having to wait a day would definitely interrupt the flow. That’s where a paid plan comes in handy.

They have three plans:
  • Free: 50 credits per day.
  • Pro: $10 for 2500 credits per month, or $96 for a year (-20%) .
  • Premium: $30 for 10,000 credits per month, or $288 for a year (-20%).

Premium looks like a better deal with 4x the songs for 3x the money, but the catch is that any unused credits at the end of the month don’t roll over.

Unless you’re a full-time musician, I think Pro is the better deal. You can also buy blocks of credits that don’t expire! They are sold in four block sizes at $4 per 500 credits, costing $4, $8, $16, or $30.  That's 8 cents for each pair generated.  If one used every monthly credit the cost/pair would be 4 cents on Pro, 3 cents on Premium, paying per month. If you use all your credits before a month is out, you'll get 50 a day like free accounts until the next month.

Here’s what Suno says about credits: “Credits included in subscriptions do not carry over from day to day or month to month. Purchased top-up credits do not expire, but require an active subscription to use.”

You can also earn credits by encouraging your friends to sign up and make 10 songs. If you don’t have a referral link from your own friends, please use mine:
https://suno.com/invite/@marksz

Riffusion:
After playing with Suno for a while, I ran accross this video about Riffusion:
A New AI Music King is Here and it's Totally FREE & Unlimited!
https://www.youtube.com/watch?v=uBmLqOTs2jo
https://invidious.f5.si/watch?v=uBmLqOTs2jo 

Please use my referral link to try it!

https://riffusion.com?r=WhiteMagic


Riffusion Caveats:  

Studio mode burns an hour when turned on, so don't try to get more time by turning it on and off between generations as that will just burn it up much faster!


Song length is limited to 4 minutes like the free models on Suno, but lyrics are often not performed as song approaches a 4 minute length.



Suno Likes: 
Great social media features with promoted genres, playlists, hashtag challenges, and suggested similar songs.
Left menu links can all be opened in new tabs.
Songs generally have one decent rendition on the first try.
New features come out every few weeks!
Feature suggestion sections in Discord.  

Suno Dislikes:
No light theme available, and the CSS is too complex to easily roll your own!
There is no unlimited mode, pricing is complex and not a bargain.
Due to rapid feature development, not all bugs are addressed as quickly.
Limited Direct External Sharing & No Embedding: While you can share links to your Suno songs on external social media, there isn't a direct, seamless integration for sharing like embedding playable audio directly into a tweet or an Instagram story. Crucially, Suno actively blocks embedding via iframes, meaning you cannot easily host a playable version of your Suno song directly on your own website or blog without directing users back to the Suno platform.

Riffusion Likes:
Unlimited song generation even at the free level (with modest 1-5 minute queue).
Decent quality results, but a seemingly narrower training base.
Clean and simple light theme with responsive CSS so it works nicely on any device without the need for a dedicated app.

Riffusion Dislikes:
While every menu item has its own link that you can bookmark, you can't right-click them to open in a new tab to compartmentalize projects.

Both Suno and Riffusion have active Discord groups.

HTML TABLE of Music Generation sites with a free level to be inserted here.

Ideas to expand:  

Running similar open source software on your own computer:

Install YuE 7B Locally to Generate Full Songs with Music from Lyrics
https://invidious.reallyaweso.me/watch?v=RSMNH9GitbA
https://youtu.be/RSMNH9GitbA

llamusic/llamusic model to create lyrics with extensive style suggestions
https://ollama.com/llamusic/llamusic

suno-ai/bark: 🔊 Text-Prompted Generative Audio Model
https://github.com/suno-ai/bark

CoT vs. ICL Models:

Designed for generating songs primarily based on lyrics and genre prompts, a "Chain-of-Thought" (CoT) approach, meaning it tries to reason through the lyrical content and genre to produce a coherent and musically appropriate song from scratch.

In-Context Learning (ICL) means you can provide it with a reference audio segment (e.g., 30 seconds of an existing song, either instrumental, vocal, or mixed). The model then tries to generate a new song with new lyrics that has a similar style, vocal characteristics, or musicality to the provided audio reference.

Phonetic spellings will likely be pronounced better than unusual acronyms.

Suno Model version differences:
3.5 will repeat a single short verse
4.5 will play it once, then fill the rest of the time with instrumentals and maybe some vocalizations w/o words.  If using a persona, garbled lyrics from the original song can (often?) take over!

Personas can introduce words as a mix of the original song.  After loading the persona, delete it again just keeping the styles to include and exclude.

simple prompts & hints, parody & satire auto lyrics to approximate favorite songs as artist names are not allowed in styles, 

Shorthand to squeeze examples into 200 character limit prompts, | instead of or, & instead of and, omit spaces like "Parody:SoundofMusic",

Use examples to clarify a theme

highlight best songs with better graphics as Suno's art is convenient, but usually not eye catching

Browse other folks songs for inspiration, examples.  Train your inner AI!  ;-)
Thumbs up & Follows will bring your own songs attention as well.  Use playlists to track examples you like.  This will also help you find more songs of the styles you create or play most on the "For You" list:
https://suno.com/for-you
which is part of the many lists on the Home page.
Follow rather than just like other folk's personas so you can easily find them in your own library.

Hack the URLs for playlists of your own custom genres not on the master list.  e.g.
Happiness is an inside jobFeatures I'd like to have like add multiple songs to a play list, or select multiple playlists for one song (available in the Android app)
A listen later button (Well add to queue may do?)
A repeat button for a playlist or track (like in VLC)

Automations like bulk song download to backup your work.  Site terms allow them to delete anything deemed offensive!

Reference links like legal analysis:

Suno Exposed: Terms Of Service... 

(Don't Release AI Music Until You Watch)

https://invidious.perennialte.ch/watch?v=HlGIxLH1K-M
https://youtu.be/HlGIxLH1K-M

Riffusion Exposed: Terms Of Service... Watch Before You Sign!

https://invidious.reallyaweso.me/watch?v=cDjaufNY4tY
https://youtu.be/cDjaufNY4tY

Suno prompts - Prompting AI music (Warning several ads for paid guides)
https://howtopromptsuno.com/

Note: Music Generation sites all pretty much own any lyrics you generate from a prompt.  Save you credits and use an AI like Gemini or Copilot to write your lyrics so you at least own that portion of a song that might get popular!

Free AI tools for better images and video loops:

AI Video Generator: Text & Image to Stunning Video, Simple & Quick | Hailuo AI
https://hailuoai.video/create

Free AI Video Generator - Bing Video Creator [app only for now, several vids/day]

https://www.bing.com/images/create?ctype=video

 
LightX [One free video clip per day]
https://www.lightxeditor.com/ai-photo-editor/edit?tab=text2video

GitHub - hpcaitech/Open-Sora: Open-Sora:
Democratizing Efficient Video Production for All https://github.com/hpcaitech/Open-Sora

GitHub - THUDM/CogVideo: text and image to video generation: CogVideoX (2024) and CogVideo (ICLR 2023) https://github.com/THUDM/CogVideo

Song Examples:  
lyrics likely from simple prompts
Catchy graphics
Useful Directives
creative styles

Hacking AI Music sites with UserScripts:
https://greasyfork.org/en/scripts?q=suno
https://greasyfork.org/en/scripts?q=riffusion

Related Articles:
AI is coming for music, too
https://www.technologyreview.com/2025/04/16/1114433/ai-artificial-intelligence-music-diffusion-creativity-songs-writer/

References:
YuE-s1-7B-anneal-en-cot | AI Model Details
https://www.aimodels.fyi/models/huggingFace/yue-s1-7b-anneal-en-cot-m-a-p

https://github.com/alisson-anjos/YuE-Interface/blob/main/README.md#model-suffixes-explained



Posted by at No comments:
Labels: ,

Saturday, December 30, 2023

Goodbye Teamviewer, Hello RustDesk!

Sometime in the last month TeamViewer has dropped their free for personal use policy, or changed the algorithm it uses to detect commercial use.  It now requires a minimum of $298.80/year (with auto-renewal) for a single license.  I've been using TeamViewer to help friends and relatives with computer problems for many years, so this started me on a bit of exploration of the alternatives.  The TeamViewer Reddit threads about this indicate that many others are frustrated with this change as well, and like me, were surprised at the change made without prior notice.  After having similar problems with many major TeamViewer releases, and not liking the new interface, I've decided it's time to look for something better.
Former TeamViewer promise to keep it free for personal use.

After looking at several alternatives, one stood out from the rest as the basic portions are free and open source!  Giving it a quick try I found it even easier than TeamViewer to use, as the person I'm trying to help can just accept the connection without having to tell me the password several times, or use words like bravo, or Victor to distinguish similar sounding letters like b, d, g, p, t and v.

This alternative is RustDesk, which you can download here.  You'll find the most common system install links just under the big colorful scam warning telling you not to install this software on the advice of someone you don't know well and trust.

As switching remote desktop tools can be a bit confusing, I'd like to share what I've learned in my initial use of the RustDesk client, and the community level RustDesk Server.  I will also be sharing my experience with RustDesk at the January 18, 2024 Champaign-Urbana Computer Users Group meeting.

While the terms client and server are used in different ways in different contexts (like with Virtual Network Computing: VNC), RustDesk uses them as most end-users would think of them.  A client, like a web browser is something you run on your computer that accesses servers in the cloud (e.g. in a data center) and the default servers managed by RustDesk are in several data centers world wide.

Here is a screenshot of the Windows RustDesk client version 1.2.3 released 2023-10-13 with the free (noted in green or orange) and paid (noted in red) features annotated:
Everything necessary to help someone who can install the client for themselves is available with just a client installed at each end.  Connecting is even easier than TeamViewer, as the person being helped can just accept the connection after sharing their ID, rather than reading the password to the helper.

If you want to access your own systems remotely, you'll need a permanent password.  That can be accomplished by running your own server, entering the hostname (e.g. rustdesk.example.com) and the server key in the Network settings, and then the password in Security settings.
When I want to help someone who doesn't need a stored password on my server, I just erase my server information before that session, and then paste it back in afterward to access my own systems.  I have found the free ArsClip clipboard manager handy for this.



Due to the 4K high resolution display I normally use, I prefer to change the "Default view style" from "Scale original" to "Scale adaptive" in the Display settings.
After starting with the Windows client, it took me a little time to find the settings in the Linux client as I'd gotten used to the hamburger menu in the upper right.  This client does not have a consistent user interface, and only offers settings via the three dots near the client ID.
I don't understand this, but the above screen shot was taken on my Windows system viewing my Linux client on the rpi with the RustDesk server being used, but the status indicated it was not connected to the server on the same system as the client!  Is this some weird issue with the way my old router does NAT?

I have several systems at home that I want to monitor when I'm away, so I've installed the free server on my rpi (Raspberry Pi 4 Model B) to connect via a permanent password.  I also help several people who have lost their vision late in life, and don't know how to use a screen reader.  For them it is easiest if I can take control of their computer when they call me for help.

If this does not prove reliable enough, I may need to consider spending $4 or $5 a month for a virtual private server (VPS) to host the service in a real data center with a static IP address.

Setting up a server for an average user is not a trivial task as it requires an understanding of many details like DNS, security, firewalls, port forwarding through NAT, etc.  I made quite a few mistakes along the way, and will share a few to perhaps fill in some of the gaps in the RustDesk documentation.

I installed docker on my system thinking it was required, and then decided I didn't really need it.

The next thing I did was download and install the client and then followed these server install instructions on my rpi.   This involved downloading two files with curl, installing the client with apt install, and running the 2nd to configure the server.  After several tries where curl just gave me a zero byte length file for the client, I just downloaded it with Firefox, and that worked fine.  Later I was told to add the L option to follow local location redirects, which solves that problem.

The 2nd one was not a problem.  These are the install commands/files that were current at the time for my Raspberry Pi 4, with -O updated to -OL.
curl -OL https://github.com/rustdesk/rustdesk/releases/download/1.2.3/rustdesk-1.2.3-armv7-sciter.deb
sudo apt install -f ./rustdesk-1.2.3-armv7-sciter.deb
curl -O https://raw.githubusercontent.com/techahold/rustdeskinstall/master/install.sh
chmod +x install.sh
sudo ./install.sh
Except for having to download rustdesk-1.2.3-armv7-sciter.deb with Firefox instead of curl, this worked, and gave me my server key to use with my subdomain name.  Then all I had to do was enter the ports to forward in my router.

The first problem I had was that I chose to use one of my own domains to use for a server name.  I've been retired from IT work for almost two decades, so I haven't had to think about DNS details in a long time.  Most of the time software like cPanel or Let's Encrypt takes care of the niggly details for me.  I use an inexpensive hosting service (which I highly recommend) that like many, with rising license fees has switched from cPanel to DirectAdmin.  The one thing cPanel really does better is dynamic DNS updates of A records for a subdomain.  I tried in vain to get the DirectAdmin scripts for this I could find online to work, but even with AI code generation to help, I couldn't.  I was afraid to run the install script a 2nd time, as I don't know if it'll only work as a fresh install.

For days I was stumped at how to solve this problem until I read this in a help item at freedns.afraid.org which said: "If you ... have multiple hostnames to update, you can leave 1 of them an A record, and make the rest of them CNAME's so you do not have to issue multiple updates each time."  I had set up my RustDesk server to use my own domain name rather than the one FREE DNS gives me.  I had totally forgotten that I didn't need to dynamically update it with DirectAdmin, as I could just use a CNAME DNS record that points to my free DDNS name!  The moral of the story is to get your DNS working for the server name before installing the server.

I could not find any detailed server administration documentation for the free server, except for a user provided set of uninstall commands.

As this diagram from a ham radio blog about configuring the Windows RustDesk server points out, it avoids LAN/WAN route confusion if you can put your server on a VPS rather than a home Raspberry Pi 4 as I did.
I still haven't found the right settings in my old ASUS router to make the NAT performance better on my home network.  The article suggests using a DNS feature of the router, but mine doesn't have that.  I can probably use a Static Route for my LAN instead, but I've not tried that yet as that involves more details to look up!  I also wonder if it'd help to put my private IP address in the rpi hosts file?

Even though connections to my rpi running both the server and client often require many attempts, this setup seems to work pretty well for all other hosts I've tried.

References:
rustdesk/rustdesk · Discussions · GitHub

Alternative remote help software includes:
DWService - web-based remote access, remote administration, remote support
                    See also: Computer Remote Control using DWService
Chrome Remote Desktop (Does not help you track your remote passwords easily.)

AnyDesk (3 managed devices at the free level)


Posted by at No comments:

Sunday, December 29, 2019

Browser Bloat & Service Workers


Contents  

  1. Introduction
  2. Which Browsers use Service Workers?
  3. See Service Workers
  4. Service Worker Functions
  5. Push Notifications
  6. Check Memory Use
  7. Freeing Memory
    1. Subframes
    2. JavaScript
    3. Memory Monitoring
    4. Manage Extensions
    5. Exclude Extensions from Sync
    6. Restart Your Browser Often
  8. Remove or Block Service Workers
  9. Security Considerations
  10. What are the long term solutions?
  11. Footnotes and Reference Links

1. Introduction

We know multiple tabs and extensions in our browsers use additional memory and CPU resources, but did you know most web sites you visit now install JavaScript programs, with out your knowledge or consent, called service workers to do things like place ads on your desktop your ad blocker usually can't stop, and these service workers are each run in their own system process with all the memory and system overhead that entails? These programs can even run after you close the tab or site that installed them, and some restart every time you launch your web browser.

About two weeks ago I launched my Chrome browser, and noticed once again I got a desktop notification ad from a company I ordered something from once. This ad was starting to pop up every time I opened my browser, despite running an ad blocker. I consider desktop notification ads to be particularly annoying, so I opened developer tools, and unregistered the service worker for that site, and a bunch of others from sites I almost never visit, and don't want offline content from. I used Process Hacker to note that Chrome memory usage dropped from about 2.5Gb to 1.1Gb, and with each service worker I deleted, one Chrome process thread went away. While I could have stopped this ad by changing the notification setting for this site, I had no idea the service workers in my browser took so much space!

Some sites like AliExpress had a service worker for each store I'd visited in that site! After restarting the browser, that annoying ad was gone! I repeated this on my Chromebooks and the nasty freezes where the cursor would not move, or barely moved with my track-pad have not happened since.

This started weeks of reading up on service workers, subframes, browser and virtual memory management, leading to some conclusions I think every one who uses a web browser should know.

2. Which Browsers use Service Workers?

All major web browsers (including Chrome 45+, Firefox 44+, Edge 17+, Safari 11.1+) support service workers1. This includes Chromium based browsers such as Blisk, Brave, Epic, Opera, Slimjet, Vivaldi, etc.  Firefox seems to be the only one that allows a user to disable service workers for all sites. The Tor browser 9.02 based on Firefox 68.3.0ESR (Extended Support Release), Basilisk, Pale Moon, and all Firefox ESR releases to date have service workers disabled by default. Service worker memory bloat does not seem to be an issue on mobile operating systems such as Android or IOS as they don't seem to stay in memory when not in use.

3. See Service Workers

There are several ways to see if you have service workers in your browser. In Chrome, and Chromium based browsers, open a new tab and go to the url: chrome://serviceworker-internals/. In Firefox, use about:serviceworkers. In Edge, use the developer tools, which works in all the other browsers as well, for an individual site.

Here is an example chrome://serviceworker-internals tab in Opera:

In Chrome the above works as well as the Developer tools Application tab:


In Microsoft Edge, there was only the Service Workers tab in developer tools:
As of January 15, 2020 Edge based on Chromium provides the same chrome://serviceworker-internals/ URL as other Chrome browsers.

I don't have access to a Mac, so all I can tell you about Safari, is how to enable the developer tools.

4. Service Worker Functions

Service workers can dramatically speed up the loading of a web page, allow the browser to present parts of a page before all the elements have loaded, add offline functionality like offline reading or editing (as with Gmail or Google Docs), conserve bandwidth, and provide notifications (or ads) even when the page is not loaded.  Additional examples are in the footnotes2, including an example service worker with a polite opt-in checkbox3

5. Push Notifications

Push notifications are the one feature of service workers most likely to be abused4. Here are some requests from a blog site5 that asked permission to allow notifications.

What they don't tell you is this also allows them to leave a service worker in your browser for a long time, that can persist after reboots.  If you want to revoke this permission, the easiest way is to use the site settings.  This works in most browsers, just click the icon left of the URL (web address) you are visiting, and select block or Ask by Notifications.  (Navigate to Site settings if you don't see that.)  Please see Allow Website Notifications POP-UP Scam for detailed instructions for popular browsers.

6. Check Memory Use

Most operating systems (like Windows6,7) and browsers (like Chrome8 and Firefox9) provide a task manager to show the resource consumption (CPU, memory, etc.) of system processes.  The browser task managers have the advantage of showing which feature (tab, extension, service worker, or subframe etc.) is associated with a process.  (Chrome used to compare its total to other browsers, but that feature was dropped a long time ago.)

Here is an image of the Chrome task manager running under Windows 10 with an AMD Radeon RX 550 graphics card with 4GB of ram.  Note how much larger the GPU process is than the Browser:
Also note the Gmail service worker highlighted in blue.  This is what allows you to continue reading recent email messages after loading your inbox even if your connection drops.  Note the service worker memory footprint is also larger than other extensions and tabs in this example.

Let's look at another task list when visiting https://www.wunderground.com/.
Notice there are 10 processes labeled Subframe highlighted below the weather tab.  These are all portions of that page that come from other sites.  For several reasons Chrome isolates each portion of the page into a separate process.

7. Freeing Memory

Now how do we get back some of the memory all these things take up in our browser?

7.1 Subframes

Let's start with those subframes we were just looking at. The ad blocker running when that was taken was uBlock Origin with default settings. According to this reddit discussion Privacy Badger does a better job of blocking these. Let's see what happens when we switch to that:
This cut the subframes from 10 to 2, and based on their names, I'd guess at least one provides useful content on the page.  Privacy Badger also has a lower memory footprint than uBlock Origin.

7.2 JavaScript

Here is a memory footprint of Chrome running with the  --process-per-site option:
Note how all the tabs have one memory footprint together, but still account for about 1.4Gb of the browser memory.

Here are about the same tabs loaded after blocking Javascript on just the W3Schools site.
Not many sites are functional without Javascript, however this works fine if you're just looking up some syntax details on W3Schools.  If you like switching between many tabs, you might use site settings or an add-on like NoScript, or JavaScript Switcher to turn off JavaScript when possible to save memory.  (Note Mozilla moved Firefox JavaScript controls from the options menu to about:config in 2013.)

7.3 Memory Monitoring

Besides the task managers, memory monitors are handy to provide early warning when memory is running out.  I compared the five memory monitors in the chrome web store and found the one offered by: pd4d10 about tied for lowest memory footprint with the one offered by: dan.belz69.  I prefer the tooltip detail in the former, and wish the later did a restart rather than a refresh on click.

Unfortunately, I have not seen any sites that provide memory footprints for extensions or add-ons.
I simply watched these five in the Chrome task manager to get a feel for their size variations over time.  A more rigorous approach can be found in this comparison of uBlock and ABP.

7.4 Manage Extensions

On reading the article above, I learned that extensions not only took up space themselves, but many increased the size of every tab loaded in the browser.  I found that I could regain a great deal of memory by simply disabling extensions in Chrome and Firefox that I'm not using until I need them. For example, now I only enable LastPass (who's degraded functionality has me looking at alternatives) when I change a password, or register one on a new site.  This takes a bit longer.  I sure would like to see disable added to the remove and hide menus in the extension icon right-click menu in Chrome.  [Note to self, figure out where best to submit that idea.]

Now when I add and extension, I also consider the cost-benefit in terms of memory footprint.  It is also useful to review browser features, and possibly choose a browser that has features previously only available as extensions built into the browser, like the ad blocking in Brave.

7.5 Exclude Extensions from Sync

After taking inventory of my extensions, I found I had many that I had played with once on one computer that were replicated on many others.  For this reason, I think it is wise to disable sync of extensions in Firefox and Chrome, and manually add them on each system they are used.  This is especially important for Chromebook users.

7.6 Restart Your Browser Often

All browsers seem to take more memory the longer they run.  Closing and restarting the browser can free up wasted memory.  Chrome has a debug url chrome://restart which will restart your browser and keep your current tabs.  This is especially handy on Chromebooks as you can free up memory with out having to log into the Chromebook again!

8. Remove or Block Them

Before removing (unregistering) a service worker, consider that it may be hard to get back. Once unregistered, the browser remembers that decision so it may be hard to change your mind later. Most service workers perform their job quickly, and don't hang around in memory. Therefore, I'd try removing the unwanted persistent ones first by blocking notifications.  Then I would close the browser, wait a minute or two, then re-open it with nothing but a blank tab like about:blank, and then see if any persistent  memory hogs are left.

In Firefox you can block all service workers with the about:config setting  dom.serviceWorkers.enabled.  In Chrome (and related browsers) there is the Block Service Workers extension that will prompt you before allowing a service worker to run.  I suggest limiting the number of sites you allow to use notifications to a few whose notifications are most useful.

9. Security Considerations

In Chrome 67 Site Isolation was added to defend against web attacks like Spectre and Meltdown, adding another 10 to 13% to the memory footprint. This is one reason multi process browsers are safer than single process browsers like Basilisk and Pale Moon, but at a cost of much larger memory use.

Search the web for "MarioNet attack" and you'll find many articles describing undesirable activities service workers could do.  This paper says it isn't a big problem because a "Service Worker can stay alive only for about one minute after the user navigates away from the website".  However, I do not believe this is true if you allow notifications on the site that installs the service worker, and there are many ways a site can nag or trick you into doing so.

10. What are the long term solutions?

Since the early days of the Internet, there has been a constant battle between advertisers, spammers and shoppers for control of their online experience and system resources.  One of the factors that lead to early Google search engine popularity was that ads were simple and fast plain text links instead of images.  Most web developers are paid by the corporations who profit from ads, so are highly motivated to design pages with eye catching video and interactive features that make it almost impossible to block all unwanted content.  Advertisers now detect and block ad blockers, and programmers are responding with anti-blocker blockers.  The EU tried to regulate cookie use, but the laws only resulted in "agree or leave notices" on websites, and more subtle tracking and super cookies.  Merchandisers bribe shoppers with discounts to install their app which can more easily nag you and violate your privacy, and personal assistants spy on conversations so AI can guess what ads to serve next.

What might change in the future?  Will operating systems be re-designed so that the browser will be more closely integrated with virtual memory management?  This seems to already be an advantage of mobile device operating system event driven tasking.  Will web standards integrate some basic functions typically used in JavaScript into CSS or will new funding schemes like Basic Attention Tokens (BAT) help solve the ad battle?  How about bringing back plain text ads linking to ad content with out loading it on the current page?

Will web scraping evolve into meta browsers that scrape what you want off a page, and display a static snapshot until you want to interact with a page again?  Could we see something like dynamic link libraries for browsers to re-use common JavaScript code?  Will stand alone programs that don't require the overhead of the browser make a come back?

Please leave your ideas in the comments!

11. Footnotes and Reference Links

Are Browser Extensions Slowing You Down? - Make Tech Easier

Using the Chrome Task Manager to Find In-Browser Miners

Get an Ad Blocker | Protect Against Websites That Spy - Consumer Reports
  1. Can I use... Service Workers, etc
  2. ServiceWorker Cookbook (with detailed function examples for developers)
  3. Taking the web offline with service workers - mobiForge
  4. Browser push notifications: a feature asking to be abused - Malwarebytes Labs
  5. Example Blog Post that Requests Notifications
  6. Beginner Geek: What Every Windows User Needs to Know About Using the Windows Task Manager
  7. Windows Task Manager: The Complete Guide
  8. How to Use Chrome’s Built-In Task Manager
  9. Task Manager: see what tabs or extensions are slowing down Firefox


  10. Task Manager - see what tabs or extensions are slowing down Firefox | Firefox Help
  11. Service Worker Security FAQ: Why doesn’t Chrome prompt the user before registering a Service Worker?
  12. Debug Background Services With Chrome DevTools
  13. Turn notifications on or off - Computer - Google Chrome Help
  14. Does service worker runs on background even if browser is closed? - Stack Overflow

    15. Last update: 1/16/2020
Posted by at No comments:
Subscribe to: Posts (Atom)