[Renee Dudley, with research by Doris Burke, at ProPublica]
Security lapses in Microsoft's own products led to hacks that in turn pushed President Biden to ask for help from it and other tech companies to improve White House security. Microsoft saw it as an opportunity to lock the White House into its products.
Microsoft pledged to give $150M in technical services to the government to upgrade its security. But it wasn't altruistic:
"Microsoft’s seemingly straightforward commitment belied a more complex, profit-driven agenda, a ProPublica investigation has found. The proposal was, in fact, a calculated business maneuver designed to bring in billions of dollars in new revenue, box competitors out of lucrative government contracts and tighten the company’s grip on federal business."
The result may have created an illegal monopoly on government systems - and increased its susceptibility to future Microsoft flaws:
"Competition is not the only issue at stake. As Washington has deepened its relationship with Microsoft, congressional leaders have raised concerns about what they call a cybersecurity “monoculture” in the federal government. Some, like Wyden and Sen. Eric Schmitt, a Republican from Missouri, have blasted the Defense Department in particular for “doubling down on a failed strategy of increasing its dependence on Microsoft.”"
Monocultures are bad. It's hard to see how these kinds of toxic relationships don't get worse over the next four years.
[Link]
·
Links
·
Share this post
This is very good. It's advertised as a piece about shipping in big tech companies, but honestly, I think it's true of many smaller companies too. It's not true in the smallest startups or for organizations with certain kinds of engineering cultures - but I suspect they may be in the minority.
"What does it mean to ship? It does not mean deploying code or even making a feature available to users. Shipping is a social construct within a company. Concretely, that means that a project is shipped when the important people at your company believe it is shipped."
Software engineering isn't a technology business: it's a people business. You're building tools that solve real problems for real people, and you're doing it inside an organizational structure that is also made of real people. There's no way to get around this: unless the organization is exceptionally organized around engineering needs (which many small and medium tech companies are!), you will have to navigate these sorts of interpersonal dynamics.
This hits the nail on the head for just about everybody:
"I think a lot of engineers hold off on deploys essentially out of fear. If you want to ship, you need to do the exact opposite: you need to deploy as much as you can as early as possible, and you need to do the scariest changes as early as you can possibly do them."
It seems counterintuitive, but again: if your goal is to ship (and it probably should be), you need to focus on doing that.
[Link]
·
Links
·
Share this post
[Signal]
Signal has improved its group call functionality pretty significantly:
"If you love group calls on Signal, but don’t want to create a group chat for every combination of your friends or colleagues, you’re in luck. Today we’re launching call links: Share a link with anyone on Signal and in just a tap or click they can join the call. No group chat required."
This is good news, and brings Signal in line with other videoconferencing software. These calls include hand raising, reply emoji, and the other functionality you'd expect to see elsewhere - while being end to end encrypted.
I'm hoping this is a prelude to even more group / workspace functionality. The blog post mentions that Signal's own meetings are Signal-powered (as they should be!), and it's a hop, skip, and a jump from there to powering internal chat with it, too.
This would be a game-changer for any organization that needs to maintain secure comms. It's also a good idea for anyone who conducts regular calls or chats in a group.
Signal is free and open source, is always end-to-end encrypted, and can be downloaded on every major platform.
[Link]
·
Links
·
Share this post
Bill Fitzgerald has updated his open source guide to personal privacy:
"Conversations about privacy and security often focus on technology and give scant attention to the human, non-technological factors that affect personal privacy and security. This post covers a range of concrete steps we can all take to regain control over what, when, and with whom we share."
I really appreciate the straightforwardness of the guide - these are things that everyone can do to help keep themselves safe. And because it's open source, the more eyes there are on it validating the information, the better the guide will get.
Some of the general advice is needfully pessimistic but doesn't always apply. For example, it talks about there not being an expectation of privacy on work devices, or using a work-provided VPN. That probably is generally true, but for example, in my role leading technology at ProPublica, I and others would absolutely flip a table if we decided to surveil our employees. (For one thing, that would be a terrible approach if we cared about keeping sources safe, which we obviously do.) So it's always worth checking in with your IT leadership to understand their concrete policy.
Regardless, I would feel comfortable sharing this verbatim. I'm grateful that Bill has released it under a Creative Commons Attribution Share-Alike license, so there are opportunities to create designs for this guide and share them back to the community.
[Link]
·
Links
·
Share this post
Unsure what to do now? Molly White has some solid ways to get started helping:
""Many of us have looked back on historic events where people have bravely stood up against powerful adversaries and wondered, “what would I have done?” Now is your chance to find out. It did not just start with this election; it has been that time for a long time. If you’re just realizing it now, get your ass in gear. Make yourself proud.""
There are compelling suggestions here around protecting yourself; working to support press freedom and access to information; migrant rights; reproductive rights; trans rights. But more than that, the spirit of this post is that we should have a bias towards meaningful action.
[Link]
·
Links
·
Share this post
Some good advice from Heather:
"One practical thing you can do in as much depth as you like, identify a particular area of information that you care about or feel is important and protect it. Whether it's critical public data, old abandoned websites, or niche community content that you think is worth preserving, the information is worth saving."
There is lots of practical advice in her piece: contributing to ArchiveTeam and to the End of Term Web Archive, downloading a copy of Wikipedia, and simply keeping a copy of useful information. I agree - particularly in a world where we're all so dependent on storing things in the cloud. The longevity of all of that information matters.
[Link]
·
Links
·
Share this post
Senator Wyden has long been a loud voice for surveillance reform and stronger data protections, so this op-ed isn't really a surprise - but it's still nice to see him weighing in here:
"Data brokers are selling the ability to track phones that visit abortion clinics and follow them back across state lines, all the way to their owners’ homes. All it takes for this kind of 24-hour surveillance is a credit card. Given the creepy enthusiasm with which MAGA government officials are inserting themselves into women’s health choices, these tracking tools present a pressing danger for women across the country."
As the Senator points out, data brokers are a clear danger to many peoples' safety, including women in a reproductive healthcare context. I think about this a lot in relation to journalists, whose personal information is often made available by these organizations and can be (let's be clear: absolutely is) used to threaten harm in retaliation for reporting on a story. And then, of course, brokers are often used as a way for law enforcement to bypass the need for a warrant: if someone's whereabouts or communications metadata are available to anyone with a credit card, civil rights protections can easily be bypassed.
Californians will have the ability to have their data removed from any broker - as long as that broker actually takes steps to comply with the law - from 2026. This isn't enough; these brokers shouldn't exist to begin with. But at least it's one step in the right direction. Everyone should enjoy the same protections.
[Link]
·
Links
·
Share this post
This is a genuinely inspiring post from John O'Nolan about the foundation behind Ghost and how it operates. It feels like a blueprint for so many open source projects.
"The business model was simple: We would make a great open source product that people wanted to use. Those people would need a server to use the product, so we would also sell web hosting. The revenue from our hosting would fund further development of the open source product."
This sounds simpler than it is. I tried it and failed - but John, Hannah, and team have made it work well, growing a dedicated community around a high-quality, well-designed product that serves a specific set of needs really well.
This will be interesting to watch:
"So, as we reach our headcount limit of 50 people — which is likely to happen in the next couple of years — our intention is to expand the seats on Ghost's board of trustees beyond myself and Hannah."
John describes it as part of building "a more diverse and representative governance structure" for Ghost. There are lots of ways to cut that, but he paints a strong picture that includes bringing in the community and upholding transparency.
What also blew me away here was that Ghost was profitable eleven days after launching its hosted service, which in turn was released not long after the initial Kickstarter campaign was closed. I'd love to hear more about how much of the platform was already built and how they pulled that together.
[Link]
·
Links
·
Share this post
[Bluesky Announces Series A to Grow Network of 13M+ Users]
An important announcement from Bluesky:
"We’re excited to announce that we’ve raised a $15 million Series A financing led by Blockchain Capital with participation from Alumni Ventures, True Ventures, SevenX, Amir Shevat of Darkmode, co-creator of Kubernetes Joe Beda, and others."
Bluesky is quick to point out that it will continue to not use blockchains or crypto, and that they will "not hyperfinancialize the social experience (through tokens, crypto trading, NFTs, etc.)".
Instead, this may be an indication that blockchain investors are interested in other forms of decentralization; Bluesky is talking about adding voluntary paths to revenue for creators, so there may be some way to make a return there. (I'd been wondering what the business model would be, in order to justify these funding rounds.)
Bluesky's CEO Jay Graber previously worked on ZCash, a cryptocurrency based on Bitcoin's codebase, so has some clout in that community, but this may have implications for other projects and companies that want to raise money. (Another investor is True Ventures, which previously heavily backed Automattic; those implications are also interesting.)
Another important note: Bluesky's had some flak in the past for not federating. But this announcement notes that there are over a thousand other personal data servers, which is a solid achievement.
[Link]
·
Links
·
Share this post
[Maggie Harrison Dupré at Futurism]
File this under "good, but I can't believe this wasn't already banned":
"Sweeping changes to Federal Trade Commission (FTC) guidelines aimed at cleaning up the polluted, confusing world of online product reviews went into effect on Monday, meaning the federal agency is now allowed to levy civil penalties against bad actors who knowingly post product reviews and testimonials deemed misleading to American consumers."
Regardless of the fact that they should obviously have never been allowed, fake reviews, including AI-generated reviews, are now definitively not. This also includes people who buy star ratings and followers (which, as a practice, is I think far more prevalent than we might realize).
Because this is a US law, and the internet is what it is, we can probably expect a lot of these activities to now take place overseas, on other platforms.
[Link]
·
Links
·
Share this post
[Hannah Devlin, Tom Burgis, David Pegg and Jason Wilson at The Guardian]
Quite a disturbing new startup coming to light in The Guardian:
“The footage appears to show experimental genetic selection techniques being advertised to prospective parents. A Heliospect employee, who has been helping the company recruit clients, outlined how couples could rank up to 100 embryos based on “IQ and the other naughty traits that everybody wants”, including sex, height, risk of obesity and risk of mental illness.”
Eugenics is a discredited, troubling idea, and the startup’s claims are akin to junk science, even if the underlying data was drawn from UK Biobank, which seems like a great resource when used for good. Still, the startup is clearly out there offering its services, while using a regulatory arbitrage strategy (operating between jurisdictions to exploit legal differences and finding ways to exploit loopholes in the law) that isn’t a million miles away from techniques used by startups like Uber, and throwing up all kinds of ethical questions in the process.
A major figure in the startup is Jonathan Anomaly (his real name), who has been advocating for “liberal eugenics” for some time:
“Anomaly is a well-known figure in a growing transatlantic movement that promotes development of genetic selection and enhancement tools, which he says should not be confused with coercive state-sponsored eugenics. “All we mean by [liberal eugenics] is that parents should be free and maybe even encouraged to use technology to improve their children’s prospects once it’s available,” he told the podcast The Dissenter.”
Of course, eugenics isn’t controversial or unethical solely when it’s forcibly done by the government. As the article notes:
“Katie Hasson, associate director of the Center for Genetics and Society, in California, said: “One of the biggest problems is that it normalises this idea of ‘superior’ and ‘inferior’ genetics.” The rollout of such technologies, she said, “reinforces the belief that inequality comes from biology rather than social causes”.”
Enough ink has been spilled on science fiction stories that describe the effects of exactly this startup’s mission that the founders should have understood they were building a biotech torment nexus: something that was described in fiction as a technology that must never be built for the good of humanity, lest we fall victim to both intended and unintended consequences. Regardless, if someone can build it, they eventually will, and here we are.
There’s a related ethical question raised here, which related to who, exactly, should have access to biological research data. It turns out that UK Biobank also gave access to its database to a race science group. Should it have? Or should there be ethical safeguards on these databases? I’m more inclined to say that knowledge bases should be as open access as possible, but the implications for use by eugenicists and racist groups are pretty dire.
[Link]
·
Links
·
Share this post
Cory Doctorow discusses how he reads writers like Molly White:
"This conduit is anti-lock-in, it works for nearly the whole internet. It is surveillance-resistant, far more accessible than the web or any mobile app interface. It is my secret super-power."
I agree. I start every day in my RSS reader (I maintain a very simple live list of my subscriptions over here) and it's one of the best tools I use. I rarely miss a news story from a publisher I care about - whether that's a newsroom, an individual, or an organization. And nobody's getting in the way to try and predict what I should be interested in.
RSS is free, open, well-established, and easy to use. More people should be using it. Even you.
[Link]
·
Links
·
Share this post
"I'm excited to share an experiment I've been working on: a solar-powered, self-hosted website running on a Raspberry Pi."
Lovely!
The key seems to be a Voltaic 50-watt panel and 18 amp-hour battery, which run to around $300 in total. That's not a lot of money for something that can theoretically run in perpetuity.
I've been wanting to make my own website run on fully green energy for a long time, and it's hard to find a web host that does this directly rather than through trading carbon credits, which I'm deeply suspicious of. (The exception is Iceland, where geothermal energy is common.)
I wonder what it would take to productize something like this and make it an all-in-one home server solution? Or to put your wifi router and modem on solar? (Assuming your whole house isn't on solar, that is, which mine sadly isn't.)
This also seems fair:
"It may seem unconventional, but I believe it's worth considering: many websites, mine included, aren't mission-critical. The world won't end if they occasionally go offline. That is why I like the idea of hosting my 10,000 photos on a solar-powered Raspberry Pi."
I feel the same way.
[Link]
·
Links
·
Share this post
Mathew Ingram's overview of the WordPress drama continues to be updated with new information. The hole just seems to be getting deeper and deeper. As he says: it's a mess.
"It's pretty clear that Matt sees what he is doing as protecting WordPress, and forcing a no-good corporation to cough up some dough after years of taking advantage of the community (he says he has been trying to negotiate with WP Engine for more than a year now, while WP Engine says it gives back to WordPress in a number of ways.) To some observers like me, however — and to some other longtime members of the WordPress ecosystem — it looks like Matt has dragged the WordPress community into a legal mess with a variety of unforeseen and potentially serious consequences."
I still don't fully understand what prompted this sea change in how Matt has addressed the wider community, including WP Engine. I have this ongoing sense that there's another shoe left to drop, whether it's relating to stalling revenue at Automattic and pressure from its board (pure conjecture on my part, to be clear), or something else entirely. Without some strong motivating factor this just seems to be self-sabotage.
At this point I'm really curious to see what's next. All this drama has also made it clear that for the kind of CMS WordPress is - more of a framework than an out-of-the-box solution at this point, but with a strong ready-made editing and administration experience - there aren't many alternatives. That's not to denegrate other projects like Drupal, etc, because I think they're different kinds of CMSes. Ghost is much more narrowly focused, too. I think if WordPress had a real competitor in its space, this might all be playing out differently.
(If I was WP Engine and had run out of options to de-escalate, I'd be going ahead and forking WordPress right now. And what a mess that would be.)
[Link]
·
Links
·
Share this post
Anil Dash makes a pertinent observation about the current state of the web:
"At the start of this year, I wrote The Internet Is About To Get Weird Again, which began by calling back to the Internet of 2000. In thinking more about it, though, we more closely resemble the Internet of a few years later, where the crash of the dot-com bubble and the stock market had the same effect that the popping of the crypto bubble did: the casuals who were just trying to make a quick buck are much less likely to jump in the pool."
I agree.
The way I've been thinking about it is: There's everything to play for. We understand what can go wrong. We understand many of the needs, although we should always go out and learn more. But for the first time in a long time, the internet isn't calcified: there isn't a sense that the platforms people use are set. Anyone can come along and build something new, and it's absolutely possible for it to catch on.
And, as Anil says, the spirit of the web is more intact than it has been in a long time. Gone (hopefully) are the Wall Street-esque folks who are here to make a bunch of money; instead, we're left with the people who genuinely care about connecting and creating and making something good. That's what powered the web's heyday, and that's what has the potential to make a difference now.
Let's go make good stuff.
[Link]
·
Links
·
Share this post
The feud between Automattic (or more specifically, Matt Mullenweg himself) and WP Engine is getting bonkers:
"WordPress.org has taken over a popular WP Engine plugin in order “to remove commercial upsells and fix a security problem,” WordPress cofounder and Automattic CEO Matt Mullenweg announced today. This “minimal” update, which he labels a fork of the Advanced Custom Fields (ACF) plugin, is now called “Secure Custom Fields.”"
What appears to have happened is this:
Technically, Automattic (or anyone) can fork any open source plugin - that's what open source is all about. But seizing the upgrade path and swapping for the new version in-place in the portal is a pretty rotten move.
ACF is well-used in commercial sites and is often provided by agencies as a bedrock for their customizations. This isn't some sideline: for many users, ACF makes WordPress significantly more useful.
It's an existential issue for any open source plugin contributor. Again, forking is well within anyone's rights - but replacing the upgrade path is something only Automattic can do.
This is only muddied by the fact that the portal is technically owned by Matt alone, rather than Automattic. But the lines are blurry at best.
Whereas the feud had previously not created a risk to WordPress's functionality, for many serious users this is now a big problem. A stable platform with solid upgrade paths is a huge part of why people choose WordPress. Whatever's going on behind the scenes, this altercation has created huge risk for anyone who's thinking about making the leap (and, at the same time, may open up opportunities for other open source CMS vendors).
[Link]
·
Links
·
Share this post
"The Harris campaign has remained largely silent on whether Khan will be allowed to stick around. And it remains entirely unclear whether Harris will continue Biden’s support of something that, for once, at least vaguely resembles antitrust reform and a crackdown of concentrated corporate power."
Many tech leaders - the article calls out Reid Hoffman - have put open pressure on Harris to let go of Khan. FTC leaders often change between administrations, but I agree the premise that Lina Khan has actually done a pretty good job - and certainly better at anti-trust than we've seen in decades.
That's important because tech hasn't been a sideline industry for a long time. It's integrated into every aspect of how we live our lives and learn about the world. We should care about how much power an individual tech company (and its backers) can get, both to protect a competitive market and to ensure no one company has outsized influence on our democracy.
And as Karl Bode points out, it will say a lot about Harris's Presidency:
"Right now, Harris is remaining ambiguous about whether Khan will be allowed to stay at her post; allowing voters to fill in the blanks using vibes and their imagination. Whether Khan is kept in office, or replaced with yet another cookie cutter careerist, should prove pretty immediately telling in the new year."
We may find out soon.
[Link]
·
Links
·
Share this post
Bix Frankonis does not agree with my analysis of the Fediverse and the Social Web Foundation. For him, much of the issue relates to appropriation of the "social web" name:
"Like many trade groups, this one is named and self-described in a manner deliberately meant to capture and colonize an entire area. To become, in effect, synonymous with what its name names. It shits on twenty-five years of the web."
He's obviously entitled to his opinion, but I personally think it's a stretch to say that it shits on 25 years of the web. Of course there was a social web before the Fediverse - I'm a long-term indieweb participant and an even more long-term blogger. But I don't think that precludes this name, which is more of a bet on one embodiment of the future of the social web.
But here's what I really love: this conversation is playing out across platforms, across blogs, and across sites. In many ways, it's an illustration in itself of what the web is, and why blogging remains wonderful.
[Link]
·
Links
·
Share this post
"Addressing the Maker-Taker challenge is essential for the long-term sustainability of open source projects. Drupal's approach may provide a constructive solution not just for WordPress, but for other communities facing similar issues."
Dries lays out a constructive approach to crediting open source contributors. There's no stick here: just a series of what amount to promotion and status levels in return for making contributions like "code, documentation, mentorship, marketing, event organization" and so on.
I've certainly had to deal with the maker-taker problem too, although not at the magnitude that either Drupal or WordPress need to consider it. When I worked on Elgg, the open source ecosystem was relatively underdeveloped, and I don't remember it being much of a problem. In contrast, Known plugged into a significantly more advanced ecosystem. The solution Dries lays out makes a ton of sense to me, and I wish we'd done more along these lines in both cases.
[Link]
·
Links
·
Share this post
"A couple months ago I was hanging out with my aunt, and she mentioned her cable+internet bill was around $250 per month. I thought that was insane and that I should do something about it. She's a 75 year old retiree that watches baseball and the hallmark channel, and she shouldn't have to pay as much as a car payment every month to do it."
What follows is a very smart way to share media profiles with a family member who doesn't live in your house, using Tailscale as a way to make them seamlessly appear like they're a part of your household.
Tailscale is easy-to-use and is virtually magic. I use it across my devices, and recommend it to others. This is a use case that makes a lot of sense.
[Link]
·
Links
·
Share this post
"Technology has transformed how we spend, study, live, eat — even how we sleep. And for the 6.75 billion people around the world who consider themselves religious, technology is also changing their faith. How people worship, pray, and commune with the divine is transforming from Seoul to Lagos."
These are amazing stories that sometimes sound like provocative satire: PETA is building robot elephants for Hindu temples, for example. Or take this app, which will narrate the Bible in your own voice, perhaps so that you can make it more accessible for your children.
Many of the examples feel a lot like startups spotting new markets without consideration for whether they should. Some are more authentic. All are continuing examples of how the internet is changing religious life all over the world.
[Link]
·
Links
·
Share this post
"Blogs coax out deeper thinking in smaller blocks. A blog gives you the space to explore and nurture ideas over time, perhaps growing so slowly you hardly notice the extent of the evolution of your thoughts till you read something you wrote a few years ago."
Everyone should blog. It's been the single most transformative tool in my career - and a huge part of my life.
Given the latter part, I needed to hear this:
"We know, when we’re reading a blog, that we’re getting a glimpse into the writer’s active psyche, a tour of their studio as it were — not hearing their thesis presentation or reading their pre-print publication; hearing from other people being people is part of the appeal of blogs."
Over the last few years I've downgraded the amount of personal writing in this space in favor of more thoughts about technology. I never quite know where the balance is, but I think there's a lot to be said for turning the dial closer to the personal.
If you haven't started yet: try it and let me know about it. I'd love to read your thoughts.
And if you know you want to start but don't know where, Get Blogging! has your back.
[Link]
·
Links
·
Share this post
"Every problem at every company I’ve ever worked at eventually boils down to “please dear god can we just hire people who know how to write HTML and CSS.”"
Yes. Co-signed.
Speaking of which ...
"ProPublica, the nation’s leading nonprofit investigative newsroom, is in search of a full-stack senior product engineer to lead work on our publishing systems and core website."
I'm looking for an exceptional engineer who cares about the open web to join my team. If that's you - or you know someone who fits this description - there are more details at this link. I'm here to answer any questions!
[Link]
·
Links
·
Share this post
"Links — connections between ideas — are the magic system of the Internet. They power the open web, enriching online writing. Generative AI is the parasitic dark magic counterpart to the link."
I love Tracy's observation that "online, we think together", which also calls back to the original definition of the word blog ("weblog" = "we blog").
Links are context, further thought, community. Removing that context removes depth. They're inherent to the web: they're what the web is. When platforms want to strip-mine value from our work - our writing, our thinking - by lifting it away from its community and context, we need to fight back. And fight back we will.
[Link]
·
Links
·
Share this post
PSA for anyone who switched to Arc as their main browser (hey, that's me!): it had a giant vulnerability that the team, at the time of writing, doesn't seem to have acknowledged publicly, although it has been patched.
Aside from the lack of disclosure, perhaps the biggest ongoing concern for me is in the last few paragraphs:
"while researching, i saw some data being sent over to the server [...] this is against arc's privacy policy which clearly states arc does not know which sites you visit."
Sigh.
[Link]
·
Links
·
Share this post
