"Those of us who are makers, who create the source, need to be wary of those who would take our creations and squeeze out the juice. They’re grifters who will hop onto the next fad, but we’re trying to build something big here, something long term—something that lasts for generations."
Matt Mullenweg takes a strong stand for open source, and against companies that claim to be open but aren't quite.
Of course, not everything Automattic does is open source - its commercial operations were kicked off by the centralized Akismet anti-spam service, after all - but I agree that this clarity is useful.
It ends with a call to action: to support organizations that support ecosystems rather than abuse them. It's hard to disagree with that.
[Link]
· Links · Share this post
"Today, a group of six computer scientists are revealing a new attack against Apple’s Vision Pro mixed reality headset where exposed eye-tracking data allowed them to decipher what people entered on the device’s virtual keyboard. The attack, dubbed GAZEploit and shared exclusively with WIRED, allowed the researchers to successfully reconstruct passwords, PINs, and messages people typed with their eyes."
Fascinating stuff. This attack doesn't work with a normal laptop or device because we tend to look at the screen as we type instead of the keys. But on the Apple Vision Pro, your gaze is your pointer. By tracking what you're paying attention to, attackers can understand exactly what you're typing, including sensitive information.
Apple has patched the problem, presumably by making its virtual avatars just a little bit more dead in the eyes. But as more eye-based interfaces roll out, more exploits will surely be discovered. As we reveal more of ourselves in virtual space, more of our secrets become apparent, too.
[Link]
· Links · Share this post
"Some people call our strategy "open-core" and that's technically right. Still, I'd rather say that we have two pieces of software: one that is open-source and another that is not. I think that's more honest because we're not trying to hide the fact that we're selling a non-open-source version of our software."
This is a pretty honest take on open sourcing a product in a VC-funded startup, which needs to maintain a certain level of valuation growth to justify its investment.
Someone in edtech once told me that if I held back any of a product I was building that they would tell their substantial network not to use it. I don't think that's fair: I'm not sure there's much to be gained by making features that are mostly used by wealthy companies free. This is particularly true when owning your licensing means you still retain optionality to provide a lower-cost or zero-cost license for certain organizations.
I also like this reason for open sourcing their core product:
"Finally, by going open-source we commoditize our competitors' core functionality. This means they now have to compete against us in terms of innovative features, performance, and price, all of which are usually not their strong suits, let's be honest."
When executed well, and used against high-priced enterprise software in particular, this approach deflates closed-source business models and can be a real competition lift. I like that Briefer is naming that.
The one piece I don’t agree with is this:
"Open-source helps us manage Briefer's roadmap along with our users because there will be more of them, and because they'll have access to the source code. That way, they can help us figure out where to go, and help us get there by implementing what they need."
My experience in open source is that it doesn't absolve you from needing to keep a tight hand on the product steering wheel. Your open source community can actually muddy the water here, because open source users aren't always the same thing as customers, and may need a different set of features or functionality. Maintaining a coherent product vision is harder in open source, not easier.
Still, this was a lovely post to read, and I appreciate the open thinking. It certainly made me want to check Briefer out.
[Link]
· Links · Share this post
[iA]
"In a text editor, chapters are files. Organizing your files is work, but in a large text body it’s essential work. Your book or thesis will grow from it and get stronger as you clarify the structure. With iA Writer 7.2, structuring large writing projects has become a lot easier."
In other words, my favorite text editor just got a big upgrade for anyone writing large projects (hey, that's me!).
I've long been an iA Writer superfan: all my blog posts are written in it, and I use it as the starting point for most meaningful documents. This new update brings it into direct competition with Ulysses, another markdown text editor I love. I've been using iA Writer for short-form writing and Ulysses for longer-form writing (I have a very large book draft in there right now). But now, potentially, I can do it all from one app.
What it doesn't seem to do - yet - is the kind of file re-ordering that Ulysses excels at, so I can move scenes and chapters around each other with ease. From this post, it sounds like that will come:
"Tree view is the first step toward a document outline. Tree view is the technical foundation for offering a more detailed view of the document structure. All we can say for now is that it will work very much like tree view, just inside the document."
It's all great work. This level of care and attention in a text editor really matters. I'm grateful that iA exists.
[Link]
· Links · Share this post
"On June 26th 2024, I launched a website called One Million Checkboxes (OMCB). It had one million global checkboxes on it - checking (or unchecking) a box changed it for everyone on the site, instantly."
This story gets deeper from here: how he found a community of teenagers secretly writing to each other in binary using the checkboxes in the site is lovely.
[Link]
· Links · Share this post
[Ingrid Melander and Guy Faulconbridge at Reuters]
"[Telegram founder] Durov, who has dual French and United Arab Emirates citizenship, was arrested as part of a preliminary police investigation into allegedly allowing a wide range of crimes due to a lack of moderators on Telegram and a lack of cooperation with police."
At face value, this seems like an enormous deal: the idea that a social network operator should be arrested for not moderating and not cooperating with the police seems like a precedent with implications for a great many platforms.
Telegram has been blocked in Russia since 2018. While it's unlikely to be blocked as such in the EU, it's plausible to see a world where it's removed from app stores and made harder to access.
Decentralized platform builders in particular will be watching this carefully: what does this mean for people who are building censorship-resistant and governance-free platforms overall?
Of course, at the same time, we may not have all the information yet. We'll have to watch and see.
[Link]
· Links · Share this post
[George Hammond at the Financial Times]
"Y Combinator, the San Francisco start-up incubator that launched Airbnb, Reddit, Stripe and Coinbase, is backing a weapons company for the first time, entering a sector it has previously shunned."
Specifically, its a low-cost cruise missile startup, which the Financial Times reports would be suitable for use in a potential war between the US and China. The cruise missiles are 10x smaller and 10x cheaper than today's alternatives, but presumably still murder people.
Also from the article:
"There is “a very interesting situation where geopolitical heat and the end of zero-interest rate policies have made people become more pragmatic,” said the founder of one start-up that was in the same group of YC-funded companies as Ares. [...] “People support builders doing cool, hard stuff.”"
Very interesting indeed. Certainly, you can make money by selling weapons of war. But should you? And in what world is killing people "cool stuff"?
Silicon Valley's origins are in large part military, of course, so this shouldn't be too much of a surprise. But for a while there, in the wake of the this-is-for-everyone radical inclusion of the web (which was not a military creation), it seemed like tech was heading in a different direction. It's disappointing to see that this was ephemeral at best.
[Link]
· Links · Share this post
"I want to talk about three examples I see of cracks that are starting to form which signal big challenges in the future of OSS."
I had a knee-jerk initial reaction to this post - what open source bubble?! - but Tara Tarakiyee makes some important points here about our dependence on open source code and how that might change over time.
The through line to all of them is about money. The OSI's new "open source AI" definition is loose because AI vendors likely couldn't make money otherwise (although whether they can make money anyway is still up for debate); source-available licenses have become prevalent because it's easier to sell commercial licenses and therefore make a living building software; much open source software was precariously funded through European Commission Next Generation Internet grants, which are now evaporating.
While we can stand for pure open source values all we like, the people who build open source software need to make a living: food must go on the table and they need a roof over their heads. Ideally their compensation would extend beyond those basic necessities.
This has been the perennial problem for open source: how can it be sustainable for the people who build it? We're not launching into a post-monetary Star Trek future any time soon. In the meantime, people need to be paid for their work, or open source runs the risk of being a hobbyist-only endeavor.
People won't pay for software that they don't need to pay for. I suspect open-core, which opens the core of a software platform while monetizing high-value extensions, is the best answer we can hope for. But even that might not be realistic.
[Link]
· Links · Share this post
[Alexander Saeedy and Dana Mattioli at The Wall Street Journal]
"The $13 billion that Elon Musk borrowed to buy Twitter has turned into the worst merger-finance deal for banks since the 2008-09 financial crisis."
"[...] The banks haven’t been able to offload the debt without incurring major losses—largely because of X’s weak financial performance—leaving the loans stuck on their balance sheets, or “hung” in industry jargon. The resulting write-downs have hobbled the banks’ loan books and, in one case, was a factor that crimped compensation for a bank’s merger department, according to people involved with the deal."
Let that sink in.
It's not like this was unpredictable: it was obvious that Elon Musk was not going to turn Twitter into a roaring success. While Twitter was, at its heart, a media company, Musk's direction has been a muddle of three sometimes-competing priorities: his long-held desire to create X, an "everything" app; his desire to build his own brand in an effort to boost his own equity and therefore wealth, sometimes in ways that got him in trouble with the SEC; and his desire to influence global politics.
There's no three-dimensional chess being played here; this likely isn't an intentional plan by Musk to write off the debt. It's simply narcissistic mismanagement, and one has to wonder how this will affect his businesses at Tesla and SpaceX in the longer term. There will come a time when shareholders declare that enough is enough - although given that they approved his ludicrous pay deal, perhaps that time isn't coming soon.
[Link]
· Links · Share this post
"A federal judge ruled that Google violated US antitrust law by maintaining a monopoly in the search and advertising markets.
“After having carefully considered and weighed the witness testimony and evidence, the court reaches the following conclusion: Google is a monopolist, and it has acted as one to maintain its monopoly,” the court’s ruling, which you can read in full at the bottom of this story, reads. “It has violated Section 2 of the Sherman Act.”"
This is seismic, both for Google and for the web. As The Verge points out, this is so far about liabilities, not about any prescriptive remedy. But as one of the major factors in the decision was the payments that Google makes to browser manufacturers, it seems likely that any remedy will change how this works. In turn, the impact across tech could be significant.
Apple received $20 billion from Google in 2022 to be the default search engine (it shares 36% of ad revenue from Safari users with the company). That's a big number, but nothing compared to its $394bn in total revenue. But for Mozilla, the impact might be more profound: in 2021, these payments represented 83% of its revenue. What happens to it without this underwriting?
It's too early to say exactly what will change, but this is also potentially a gift for the new batch of AI startups that are trying to seize search engine ground. The era of the internet flux that we've found ourselves in - wherein everything is once again up for grabs and seemingly-entrenched incumbents change dramatically at a moment's notice - shows no sign of slowing.
[Link]
· Links · Share this post
"In the most recent financial quarter, Apple generated $24.4 billion in revenue from Services. The Mac, iPad, and wearables categories together generated just $22.3 billion. Only the iPhone is more important to Apple’s top line than Services."
This is an interesting piece about how Apple's services revenue is set to overtake its hardware business.
Over on his blog Pixel Envy, Nick Heer worries:
"It would be disappointing if Apple sees its hardware products increasingly as vehicles for recurring revenue."
I'd go further. The beauty of Apple's product line is that they're comparatively well-made products that push the boundaries of user experience, bringing technology breakthroughs to a creative audience: as Jobs put it, "bicycles for the mind". Customers (including me) accept higher prices because the products are exceptional, but that depends on a product line that is complete.
If the product offering is a higher-priced hardware device and premium monthly services on top of it, the investment starts to have diminishing returns. It's a loss of focus on what made Apple great, and why people keep coming back to it. It's greed, essentially: continuing to push the Apple user base further and further, assuming the breaking point is very far out.
That puts them at risk from being disrupted by someone else. Windows ain't it, but at some point someone is going to come in with a really great set of hardware on an alternative stack. The question won't be whether it beats Apple as-is, but simply whether it's good enough at a lower price point. And then that company will grow their offerings, until before you know it, Apple has serious competition. It's disruption 101, and the further Apple pushes out its expense and friction, the more susceptible it becomes.
[Link]
· Links · Share this post
[Shiraz Shaikh on Global Network on Extremism & Technology]
"Video games and their associated platforms are vastly becoming hubs of radicalisation, extremism and recruitment by far-right extremist organisations. The development of bespoke games and modifications, often known as MODs, has given extremist organisations the ability to further spread their digital propaganda."
This is both depressing and inevitable: games are incredibly popular and share social media's ability to let people share with each other at scale. Unlike social media, some of the modes of communication directly have violent modes of expression.
Valve's apparent under-investment in trust and safety, and protections against extremism, are also partially inevitable. How do you police voice communication across disparate games? But there's more to it than that:
"In terms of the material and content available on these gaming platforms, there is evidence of far-right propaganda available in huge amounts. The materials include books, videos, documents, manifestos, memes and more. Even on other platforms apart from Steam, interviews of far-right leaders, such as Andrew Anglin, are available for users."
This seems easier to police, and should be. That this material is available says a lot about Valve's priorities.
[Link]
· Links · Share this post
[Kate Conger at the New York Times]
""Time and again, Ms. Yaccarino has faced similar situations, as Mr. Musk is always one whim away from undoing her work. Ms. Yaccarino’s task of repairing and remaking X’s business over the past year has been complicated by Mr. Musk’s seeming disregard for the advertising industry and his constant unraveling of her efforts."
This reads like damage control - she's possibly leaving, although if that happens it's not clear if she's jumping or she's being pushed.
I have little sympathy: she knew what she was getting into. And she'll do just fine. But the project of supporting Elon Musk's work has been one of supporting right-wing ideologies, antisemitic conspiracy theories, and reactionary politics. Nobody who aligns themselves with this gets a pass.
I thought this detail was interesting:
"The internal documents about X’s revenue show that Ms. Yaccarino hopes to net $8 million in political advertising this quarter. If she succeeds, it would represent a marked increase from the company’s political earnings when it was still Twitter — the company earned less than $3 million from political advertisers during the 2018 U.S. midterm elections, the last cycle before it banned political advertising."
This is likely what Musk's Trump alignment is about: he wants to encourage that side of the aisle to advertise extensively on X. And likely, they'll bite. Nothing is as deeply-felt or as ideological as it appears; this is, however ham-fistedly, about money.
[Link]
· Links · Share this post
[Elizabeth Lopatto at The Verge]
"Last week, the founders of venture capital firm Andreessen Horowitz declared their allegiance to Donald Trump in their customary fashion: talking about money on a podcast.
“Sorry, Mom,” Ben Horowitz says in an episode of The Ben & Marc Show. “I know you’re going to be mad at me for this. But, like, we have to do it.”"
No, you don't.
As I've discussed before, investors like Andreessen and Horowitz are putting concerns about crypto regulation and taxation of unrealized gains over a host of social issues that include mass deportations, an increase in death sentences, military police in our cities, and potential ends to contraception and no-fault divorce. It's myopic, selfish, and stupid.
It looks even more so in a world where Trump is reportedly already regretting appointing JD Vance as his Vice Presidential candidate and where Musk has reneged on his $45M a month pledge to a Trump PAC. They come out looking awful.
The progressive thing to do would be to starve their firm: founders who care about those issues should pledge not to let a16z into their rounds, and other VCs should refuse to join rounds where a16z is present. This is likely too much activism for Silicon Valley, but it would send the strong signal that's needed here.
The desire for profit must never trump our duty of care to society's most vulnerable. Agreeing with this statement should be a no-brainer - but we're quickly learning how many would much rather put themselves first.
[Link]
· Links · Share this post
[Christine Hall at FOSS Force]
"The Apache Software Foundation is making changes in an attempt to right a wrong it unintentionally created when it adopted its name 25-years ago."
This is an unnecessarily awkward article (why describe the existing logo as cool in this context?!) to describe a simple premise: the Apache Software Foundation is slowly, finally, moving away from its appropriation of the Apache name and its racist use of faux Native American imagery.
For a while, it's preferred to refer to itself as ASF, and now it's going to have a much-needed logo change. That's fine, but it needs to go much further. It's past time to just rip off the Band Aid.
Still, this is far better than the obstinate response we've seen in the past to requests for change. A new logo, slight as it is, is hopefully an iteration in the right direction.
[Link]
· Links · Share this post
[Kayleigh Barber and Seb Joseph at Digiday]
"After much back and forth, Google has decided to keep third-party cookies in its Chrome browser. Turns out all the fuss over the years wasn’t in vain after all; the ad industry’s cries have finally been heard."
Advertisers are rejoicing. In other words: this is bad.
It's possible that Chrome's "new experience" that lets users make an "informed choice" across their web browsing is really good. Sincerely, though, I doubt it. Moving this to the realm of power user preferences rather than a blanket policy for everyone means that very few people are likely to use it.
The result is going to be a continued trend of tracking users across the web. The people who really, really care will do the work to use the interface; everyone else (including people who care about privacy!) won't have the time.
All this to help save the advertising industry. Which, forgive me, doesn't feel like an important goal to me.
Case in point: Chrome's Privacy Sandbox isn't actually going away, and this is what Digiday has to say about it:
"This could be a blessing in disguise, especially if Google’s plan gets Chrome users to opt out of third-party cookies. Since it’s all about giving people a choice, if a bunch of users decide cookies aren’t for them, the APIs in the sandbox might actually work for targeting them without cookies."
A "blessing in disguise" for advertisers does not read as an actual blessing to me.
[Link]
· Links · Share this post
[Om Malik]
"Apple’s decision to strike a deal with Taboola is shocking and off-brand — so much so that I have started to question the company’s long-term commitment to good customer experience, including its commitment to privacy."
This move says a lot about modern Apple, but more than that, it likely says a lot about the performance of Apple News.
For many news publishers Apple News pageviews are a multiple of the reads on their own websites: it's a serious source of traffic and impact. The fact that Apple is finding itself having to make changes to how it makes revenue on the platform means that the mechanism itself may be under threat.
It's never a good idea to put your trust in a third party: every publisher needs to own their relationships with their communities. The pull of Apple News has been irresistible, and Apple has seemed more trustworthy than most. This may have been a false promise, and publishers should take note.
[Link]
· Links · Share this post
This is somewhere between a call to action and a wake-up call:
"If you wish to be moral, you have to also pay attention to whether what you're doing actually works. And the best way to do that is to set up a forcing function for it: that's what checks and balances do."
"[...] Imagination isn't just a trite word to make your heart glow in pulp-class young-adult dystopia — imagination is the ability to depict justice, to see what we ought to aspire to. It is not a gift but rather a skill to hone."
There is an inherent question here about how you can create binding systems that enforce ethical standards - but also, how you can determine which ethical standards actually lead to the outcomes you want to establish.
I think there's a lot here that can be addressed through more distributed equity. As Robin says, "anywhere a powerful entity operates it is at risk of unethical behavior and therefore must be held in check by a control mechanism". One system of control - insufficient in itself but I think still necessary - is to ensure that power is spread among more people who are more connected to the effects of that power.
Distributing equity literally means handing over the means of production not just to workers but to those impacted by the work, reconnecting the decisions to their consequences. I don't know that you can have ethical tech that is motivated by centralized power. As Robin implies: so far, it hasn't worked.
[Link]
· Links · Share this post
"We’re real people who have rent to pay and mouths to feed. We make $300 per month from donations from our self-hosted users. It would take us more than ten years of donations to pay one month of salary for our small team. If we cannot capture the economic value of our work, the project will become unsustainable and die."
It's more than a little painful to see new open source businesses re-learn what I and other open source founders have learned over time.
I'm fully in support of Plausible moving to AGPL and introducing a Contributor License Agreement, but I don't believe this will be enough. Indeed, Plausible is moving to "open core" and privatizing some of the more lucrative features:
"We’re also keeping some of the newly released business and enterprise features (funnels and ecommerce revenue metrics at the time of being) exclusive to the business plan subscribers on our Plausible Analytics managed hosting."
What's particularly interesting to me is that they're maintaining source availability for these features - it's just that they're not going to be released under an open source license.
Open source purists might complain, but I believe it's better for the project to exist at all and use licensing that allows for sustainability rather than to maintain open source purity and find that the developers can't sustain themselves. I'd love for these things to be compatible, but so far, I don't believe that they are.
[Link]
· Links · Share this post
[Jonathan Zeller at McSweeney's]
"We do not live in some tech dystopia in which our smartphones clandestinely use their mics to pick up every word we say and then feed us commercial messages based on them. The truth is simpler and not at all alarming: your phone only seems to be listening to you because it’s collecting data about every word you type, every website you visit, and, through GPS tracking, everywhere you go in the physical world."
No notes: this is pretty good.
[Link]
· Links · Share this post
"ShareOpenly breaks the door even wider than sharing to Mastodon, and I intend to be using it to update some of my examples listed above. Thanks Ben for demonstrative and elegant means of sharing."
Thank you, Alan, for sharing!
There's more to come on ShareOpenly - more platforms to add, and some tweaks to the CSS so that the whole thing works better on older devices or smaller phone screens. It's a simple tool, but I'm pleased with how people have reacted to it, and how it's been carried forward.
There are no terms to sign and there's nothing to sign up for; adding a modern "share this" button to your site is as easy as following a few very simple instructions.
[Link]
· Links · Share this post
"Former [Microsoft] employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others."
This is a damning story about profit over principles: Microsoft failed to close a major security flaw that left the government (alongside other customers) vulnerable because it wanted to win their business. This directly paved the way for the SolarWinds hack.
This doesn't seem to have been covert or subtext at Microsoft:
"Morowczynski told Harris that his approach could also undermine the company’s chances of getting one of the largest government computing contracts in U.S. history, which would be formally announced the next year. Internally, Nadella had made clear that Microsoft needed a piece of this multibillion-dollar deal with the Pentagon if it wanted to have a future in selling cloud services, Harris and other former employees said."
But publicly it said something very different:
"From the moment the hack surfaced, Microsoft insisted it was blameless. Microsoft President Brad Smith assured Congress in 2021 that “there was no vulnerability in any Microsoft product or service that was exploited” in SolarWinds."
It will be interesting to see what the fallout of this disclosure is, and whether Microsoft and other companies might be forced behave differently in the future. This story represents business as usual, and without external pressure, it's likely that nothing will change.
[Link]
· Links · Share this post
"After 17 of using Twitter daily and 24 years of using Google daily neither really works anymore. And particular with the collapse of the social spaces many of us grew up with, I feel called back to earlier forms of the Internet, like blogs, and in particular, starting a link blog."
Yay for link blogs! I've been finding this particularly rewarding. You're reading a post from mine right now.
Kellan wrote his own software to do this, based on links stored in Pinboard. Mine is based on Notion: I write an entry in markdown, which then seeds integrations that convert the bookmark into an HTML post on my website and various text posts for social media.
Simon Willison has noted that adding markdown support has meant he writes longer entries; that's been true for me, too. It's really convenient.
Most of all: I love learning from people I connect, follow, and subscribe to. Particularly in a world where search engines are falling apart as a way to really discover new writers and sources, link blogs are incredibly useful. It's lovely to find another one.
[Link]
· Links · Share this post
Microsoft's Recall software seems like a horrible idea:
"Surprise! It turns out that the unencrypted database and the stored images may contain your user credentials and passwords. And other stuff. Got a porn habit? Congratulations, anyone with access to your user account can see what you've been seeing. Use a password manager like 1Password? Sorry, your 1Password passwords are probably visible via Recall, now."
Worse, it's going to be built into Windows 11 for all compatible hardware, in a way that will make it hard or impossible to disable. This doesn't make sense to me: which privacy-conscious CIO (just for example, one working in a well-regulated industry where privacy is a legal requirement) would allow this to roll out? This is yet another reason for Windows 10 to remain the most popular version.
It also seems like nobody at Microsoft (or nobody at Microsoft with power) has considered the potentially serious social implications of what they're building:
"Victims of domestic abuse are at risk of their abuser trawling their PC for any signs that they're looking for help. Anyone who's fallen for a scam that gave criminals access to their PC is also completely at risk."
I'm increasingly concerned about what Apple will be rolling out on Monday. We're hearing quite believable rumors that it'll be AI-based, but is it going to be Apple's take on the same thing? That, too, has the potential to be a disaster.
Once again, I can't believe that the only way to get away from this stuff will be to run Linux on the desktop.
[Link]
· Links · Share this post
"The pervasive nature of modern technology makes surveillance easier than ever before, while each successive generation of the public is accustomed to the privacy status quo of their youth."
The key, as Bruce Schneier argues here, is not to compare with our own baselines, but to take a step back and consider what a healthy ecosystem would look like in its own right.
The underlying story here is that Microsoft caught state-backed hackers using its generative AI tools to help with their attacks, and people were less worried about the attacks themselves than about how Microsoft found out about them. It's a reasonable worry, and I thought the same thing: if Microsoft found this, then they're likely more aware of the contextual uses of their platform than we might assume.
This is certainly less private than computing was twenty or thirty years ago. But it's not a major iteration on where we were five years ago, and without intervention we're likely to see more erosion of user privacy over the next five years.
So what should our standards for privacy be overall? How should we expect a company like Microsoft to treat our potentially sensitive data? Should we pay more for more security, or should it just be a blanket expectation? These are all valid questions - although I also have ready, opinionated answers.
Perhaps the more important question is: who has the right to come to a conclusion about these questions, and how will they be enforced? As of now, it's still open.
[Link]
· Links · Share this post