Feed aggregator

Sean Hollister, writing for The Verge:

Google’s Android app store is an illegal monopoly — and now it will have to change. Today, Judge James Donato issued his final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition for three whole years. Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.

These were Epic’s biggest asks, and they might change the Android app marketplace forever — if they aren’t immediately paused or blocked on appeal. And they’re not all that Epic has won today. Starting November 1st, 2024, and ending November 1st, 2027, Google must also:

• Stop requiring Google Play Billing for apps distributed on the Google Play Store (the jury found that Google had illegally tied its payment system to its app store)
• Let Android developers tell users about other ways to pay from within the Play Store
• Let Android developers link to ways to download their apps outside of the Play Store
• Let Android developers set their own prices for apps irrespective of Play Billing

If this ruling holds on appeal, it’s a real loss for Google, not a token loss.

Update: Regarding the bit in the first paragraph above, about rival app stores getting access to all apps in the Play Store unless the developers opt out, I was originally confused how this could possibly work. I should have read the injunction first. It states:

For a period of three years, Google will permit third-party Android app stores to access the Google Play Store’s catalog of apps so that they may offer the Play Store apps to users. For apps available only in the Google Play Store (i.e., that are not independently available through the third-party Android app store), Google will permit users to complete the download of the app through the Google Play Store on the same terms as any other download that is made directly through the Google Play Store. Google may keep all revenues associated with such downloads. Google will provide developers with a mechanism for opting out of inclusion in catalog access for any particular third-party Android app store. Google will have up to eight months from the date of this order to implement the technology necessary to comply with this provision, and the three-year time period will start once the technology is fully functional.

This is far less radical a dictum than Hollister’s description led me to believe. What Judge Donato is demanding is effectively pass-through to the actual Play Store listing for any apps and games that aren’t available in a third-party app store. So if you search in the Brand X app store for “FooApp” but FooApp isn’t available in the Brand X store, Brand X’s store app can let you install and download FooApp from the Play Store. But that counts as a regular Play Store installation. It’s just a way to encourage users of third-party stores to search those stores first, even though the vast majority of apps will likely remain exclusively in the Play Store.

There’s a line in Titanic that any IT or security professional can relate to. The ship’s architect explains that he wanted to include enough lifeboats for all the passengers, “but it was felt the deck would look too cluttered.”

That decision takes on a tragic significance in the second half of Titanic, and yet it’s a choice that’s replicated (although with less dire consequences) in companies to this day. It’s a constant challenge to get leadership to invest in breach prevention–many leaders would prefer to pay for cybersecurity insurance and hope for the best.

Yet, just as the famous shipwrecks of old inspired today’s laws about lifeboats, there are signs that the endless parade of data breaches is forcing greater investment in vulnerability management. (To be clear, we’re talking about “vulnerability management” in the broadest sense; not just patch management.)

In the past few years, NIST, the SEC, ISO, and PCI DSS have all published updated guidelines that mandate more proactive vulnerability management. Many of those guidelines specifically call out the role of leadership, such as the SEC, which now requires companies to report on how their managers and board of directors deal with vulnerabilities.

This is good news for IT and security teams; in a 2023 survey, 50% of respondents said that their organization’s vulnerability management program had support from leadership to “a large/great extent.” But obviously, that still leaves 50% of respondents out in the cold.

If you’re trying to get buy-in at your own organization, come equipped with the facts about the risks you’re facing, and come with a clear plan to remediate them. Thankfully there are plenty of resources available to help prioritize your needs. And if you’re still not getting through, you’re welcome to borrow the Titanic analogy.

To learn more about how vulnerability management is changing, read the full blog post.

Sarah Krouse, Dustin Volz, Aruna Viswanatha, and Robert McMillan, reporting for The Wall Street Journal:

For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said. [...]

The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.

This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.

We should rightfully blame China first for this attack — and the U.S. government ought to start treating such attacks by China as part of the second Cold War that they are, and retaliate in big ways — but secondary blame must go to Congress for passing the Communications Assistance for Law Enforcement Act (CALEA) in 1994, and to the FCC for broadening its interpretation a decade later. Verizon, AT&T, and the other companies whose networks were breached were — and remain — required by law to provide the back doors that the Chinese hackers exploited.

John Naughton, writing for The Guardian:

Once the use of RSS feeds had become common, someone had the idea that audio files could be attached to them, and Dave implemented the idea with a nice geeky touch — attaching a song by the Grateful Dead. Initially the new technology was called audio blogging, but eventually a British journalist came up with the term “podcasting” and it stuck.

So Dave was present at the creation of some cool stuff, but it was blogging that brought him to a wider public. “Some people were born to play country music,” he wrote at one stage. “I was born to blog. At the beginning of blogging I thought everyone would be a blogger. I was wrong. Most people don’t have the impulse to say what they think.” Dave was the exact opposite. He was (and remains) articulate and forthright. His formidable record as a tech innovator meant that he couldn’t be written off as a crank. The fact that he was financially secure meant that he didn’t have to suck up to anyone: he could speak his mind. And he did. So from the moment he launched Scripting News in October 1994 he was a distinctive presence on the web.

One of Winer’s numerous aphorisms that resonates deeply with me: People return to places that send them away.

Dave Winer:

Today is the 30th anniversary of this blog. Hola!

I did a roundup of thoughts when this blog turned 25. I stand by what I wrote then, but I’d add this. My blog started because I needed content to test a script I had written that sent emails on my Mac using Eudora, which was an early scriptable app and I had a nice scripting system that worked with it. I looked around for something to send (30 years ago today), and shot out an email to the people whose business cards I had collected at various tech conferences. It was a thrill, so I did it again, and again and three more times, before I realized hey I could use this thing to get my own ideas out there. And thus began this thing that I still do to this day. Look at the two posts I wrote about WordPress in the last few days. There may be hope to find a blogosphere buried somewhere in there. And it may be possible to give them some sweet new writing tools so they can get excited about writing on the web the way we did all those years ago. I actually am kind of optimistic about that. Maybe we can stand up something in the midst of the noise. When we booted up podcasting, approx 20 years ago, we had a slogan — “Users and developers party together.” It worked! That is still the way I want to build stuff, it’s the only way I know how to do it. Blogging started out as a programming adventure and eventually became a form of literature. How about that. I’m up for doing more of that if you all are. But please expect to make contributions, don’t expect it all to come to you for free, because as we know nothing really is free.

Winer is rightfully renowned for his technical achievements — outliners as an application genre, RSS in general, and RSS in the specific context of podcasting in particular — but what’s kept me reading Scripting News for the entirety of Scripting News’s 30-years-and-counting run is his writing. He has such a distinctive writing voice that is impossible to imagine in any medium other than the web. But I think that’s because he helped define what writing not just on the web, but for the web, even meant.

Thanks for it all, Dave.

Aaron Vegh and Ben Rice McCarthy (of Obscura renown) have teamed up to create Croissant, a new app — currently iPhone-only — for cross-posting to Mastodon, Threads, and Bluesky. 15 years ago I wrote “Twitter Clients Are a UI Design Playground” and that piece stands up, but it’s not Twitter/X in particular (certainly not anymore — X support is conspicuously omitted from Croissant’s current lineup up supported platforms), but tweet-like platforms in general. Croissant proves that this domain remains a UI playground. It’s both visually distinctive and intuitively familiar, with a fun and fluid UI. It’s the sort of app that I want to find reasons to use.

Free to download and try with a single account; $3/month, $20/year, or $60 as a one-time purchase for multi-account support, which is where Croissant really shines.

See also: Dan Moren at Six Colors, John Voorhees at MacStories, and Nick Heer at Pixel Envy.

My thanks to WorkOS for, once again, sponsoring the week at Daring Fireball. WorkOS is a modern identity platform for B2B SaaS. Start selling to enterprise customers with just a few lines of code. Ship complex features like SSO and SCIM (pronounced skim) provisioning in minutes instead of months.

Today, some of the fastest growing startups are already powered by WorkOS, including Perplexity, Vercel, and Webflow.

For SaaS apps that care deeply about design and user experience, WorkOS is the perfect fit. From high-quality documentation to self-serve onboarding for your customers, it removes all the unnecessary complexity for your engineering team.

Another good overview of the Automattic/WP Engine saga, this one from Ari Levy at CNBC:

Mullenweg may be openly enthusiastic and grateful for the employees he still has on board, but the WordPress community is a mess. Many WP Engine customers are suffering, and Automattic is gearing up for a legal fight against a private equity firm with over $100 billion in assets.

Hard not to be reminded, somewhat, of the righteous indignation fueling Steve Jobs’s end of life crusade against Google for creating Android. Some big fundamental differences, of course. WordPress is GPL open source and iOS isn’t open at all. It’s the righteous fervor of the founder/leader of the company that’s reminiscent.

Emma Roth does the yeoman’s work of summarizing the complex and fast-moving legal feud between WordPress’s commercial arm and WP Engine, a major WordPress hosting provider:

Over the past several weeks, WordPress cofounder Matt Mullenweg has made one thing exceedingly clear: he’s in charge of WordPress’ future.

Mullenweg heads up WordPress.com and its parent company, Automattic. He owns the WordPress.org project, and he even leads the nonprofit foundation that controls the WordPress trademark. To the outside observer, these might appear to be independent organizations, all separately designed around the WordPress open-source project. But as he wages a battle against WP Engine, a third-party WordPress hosting service, Mullenweg has muddied the boundaries between three essential entities that lead a sprawling ecosystem powering almost half of the web.

To Mullenweg, that’s all fine — as long as it supports the health of WordPress long-term.

See also: Mullenweg’s “alignment” offer to Automattic’s nearly 1,900 employees.

Taegan Goddard, writing at Political Wire:

It’s worth recalling that a major reason Trump won in 2016 was that, just before the election, news broke about emails related to a closed investigation into Hillary Clinton’s emails being found on Anthony Weiner’s computer, the estranged husband of a top Clinton aide.

In the end, nothing came of this discovery, but the extensive news coverage of it almost certainly swayed the election. It was the top story in every major newspaper.

But this new evidence presented against Trump wasn’t even the lead story in the New York Times or Washington Post this morning. And it didn’t even make the front page of the Wall Street Journal or USA Today.

It’s true that millions of words have already been written about Trump’s attempt to overturn the 2020 election. But there was plenty of new information included in this filing which is directly relevant to the biggest news story this month.

This, I think, is entirely explained by the conventional wisdom that the U.S. news media is “liberal”, a decades-long work-the-refs strategy from Republicans. The truth is the news media is effectively in the tank for Trump, sanewashing his literal nonsense, outright lies, and violence-inspiring hate speech against even legal immigrants. But our major political news media remains so hyper-focused on appearing not to favor one political side over the other that it’s completely lost sight of what ought to be their north star: the truth. If the truth favors one party over the other, so be it. That’s the job of reporting the news.

The difference between how these same publications treated Hillary Clinton’s “but her emails” nonsense in 2016 compared to Jack Smith’s motion this week could not be more stark.

Update: If you prefer, imagine if a special counsel appointed by the Attorney General submitted a brief alleging any crimes at all committed by Kamala Harris. Let’s say personal tax evasion — crimes, but insignificant compared to multiple attempts to overthrow the results of the last presidential election. The major U.S. newspapers and cable channels would have covered nothing else in the days since. Yet for this brief laying out copious evidence that Trump attempted the worst crime imaginable against U.S. democracy itself, it’s relative crickets chirping and shoulder shrugs. Remember too that Trump is already a convicted felon. If Harris had been convicted of a felony this year, do you think it would be mentioned more frequently in news stories than it actually is for Trump? If you don’t, I have a bridge to sell you.

Editor’s note:  The following story was submitted by Don Gardner, W7PJ, ARRL Idaho Section Emergency Coordinator.

On the evening of September 21, 2024, Greg Owen, WX7Z, heard an amateur radio emergency call on the VHF frequency known as the national simplex calling frequency, 146.52 MHz. Ed Clark, K7ELC, was calling to get medical help for a 51-year-old man who had rolled his four-wheeler.

Mac M...

The first weekend of October is when ARRL encourages local groups to hold the Simulated Emergency Test, or SET. Throughout September, ARRL shared materials about resilience through National Preparedness Month. Now, as entire areas are washed away in the aftermath of Hurricane Helene, the utility value of amateur radio is more necessary and visible than ever.

When disaster strikes, infrastructur...

I missed this announcement from MLB a month ago:

Major League Baseball today announced a new multi-year international partnership with European workwear leader STRAUSS that makes the German company the Official Workwear Partner of MLB. The partnership marks STRAUSS’ first league-wide deal in the United States. STRAUSS entered the U.S. market in late 2023, and American brand awareness is the cornerstone of its marketing efforts. The new partnership also affords STRAUSS marketing rights with MLB across Canada, Mexico and Europe. As part of the deal, STRAUSS’ name and logo will adorn MLB batting helmets during the Postseason and regular season games in Europe, as well as MiLB batting helmets all season long, beginning in 2025.

But I couldn’t miss it watching postseason games on TV this week: there’s a ridiculous-looking “Strauss” on both sides of every player’s batting helmet now, as prominent as the team logo on the front. It looks even more desperate and obsequious on the helmets than it does printed in all-caps in MLB’s bootlicking press release. This is the sort of gimmick you expect from a struggling independent minor league team, not Major League Baseball.

They should’ve put the rights to these on-helmet ads up for public auction. I’d have chipped in for a fan-backed initiative to buy that on-helmet ad space to affix this slogan: “FIRE ROB MANFRED”.

There is funding available to organizations for eligible amateur radio-related projects and initiatives, particularly those with a focus on educating, licensing, and supporting amateur radio activities. Youth-based projects and initiatives are especially encouraged. The ARRL Foundation grants program accepts proposals on a cyclical basis three times a year, in February, June, and October. Award...

Victoria Gomelsky, reporting with absurd credulity for The New York Times:

Hodinkee, the watch enthusiast website based in Manhattan that has helped spread the gospel of mechanical watchmaking since its founding in 2008, has a new owner.

On Friday, the Watches of Switzerland Group, one of the world’s largest watch retailers with more than 220 multibrand and brand stores in Britain and the United States, announced that it had acquired the media company, which includes a website, a magazine, a brand partnerships division and an insurance business. Neither company would disclose the terms of the deal. [...]

Both Mr. Clymer and Mr. Hurley said Hodinkee’s staff, which now totals about 35 people, would remain intact and that its editorial team would remain independent of Watches of Switzerland oversight.

“But at a point in time,” Mr. Hurley said, “when you click on the Hodinkee Shop, you will see the full range of the product that WatchesofSwitzerland.com carries. We are going to do some work over the next several months to make that effectively seamless.”

There is a name for a publication that is owned by a retailer: catalog. I’d love to be proven wrong and see Hodinkee return to excellence, but that seemed far more likely as an independent website than as a subsidiary of the world’s largest premium watch retailer. For years I read Hodinkee daily; for the last few years I largely stopped reading it at all. Here’s Clymer’s own column announcing the acquisition (“joining forces”) and his return to day-to-day leadership of the site.

ASWFC GEOMAGNETIC DISTURBANCE WARNING ISSUED AT 0042UT/04 OCTOBER 2024 BY THE AUSTRALIAN SPACE WEATHER FORECASTING CENTRE.

Two coronal mass ejections first observed on 01-Oct and 03-Oct are
expected to impact Earth over 04-05 Oct. Lack of analyzable corona
graph imagery makes arrival time predictions uncertain.

INCREASED GEOMAGNETIC ACTIVITY EXPECTED DUE TO CORONAL MASS EJECTION FROM 04-06 OCTOBER ...

My insight into corporate legal disputes is as meaningful as my opinion on Quantum Mechanics. What I do know is that, when given the chance this week to leave my job with half a year’s salary paid in advance, I chose to stay at Automattic.

Listen, I’m struggling with medical debts and financial obligations incurred by the closing of my conference and publishing businesses. Six months’ salary in advance would have wiped the slate clean. From a fiduciary point of view, if nothing else, I had to at least consider my CEO’s offer to walk out the door with a big bag of dollars.

But even as I made myself think about what six months’ salary in a lump sum could do to help my family and calm my creditors, I knew in my soul there was no way I’d leave this company. Not by my own choice, anyway.

I respect the courage and conviction of my departed colleagues. I already miss them, and most only quit yesterday. I feel their departure as a personal loss, and my grief is real. The sadness is like a cold fog on a dark, wet night.

The next weeks will be challenging. My remaining coworkers and I will work twice as hard to cover temporary employee shortfalls and recruit new teammates, while also navigating the complex personal feelings these two weeks of sudden, surprising change have brought on. Who needs the aggravation, right? But I stayed.

I stayed because I believe in the work we do. I believe in the open web and owning your own content. I’ve devoted nearly three decades of work to this cause, and when I chose to move in-house, I knew there was only one house that would suit me. In nearly six years at Automattic, I’ve been able to do work that mattered to me and helped others, and I know that the best is yet to come. 

I also know that the Maker-Taker problem is an issue in open source, just as I know that a friend you buy lunch for every day, and who earns as much money as you do, is supposed to return the favor now and then. If a friend takes advantage, you’re supposed to say or do something about it. Addressing these imbalances is rarely pretty. Doing it in public takes its own kind of courage. Now it’s for the lawyers to sort out. 

On May 1, 1992, a man who’d been horribly beaten by the L.A. police called for calm in five heartfelt, memorable words: “Can’t we all get along?” We couldn’t then, and we aren’t, now, but my job at Automattic is about helping people, and that remains my focus at the conclusion of this strange and stressful week. I’m grateful that making the tough business decisions isn’t my responsibility. In that light, my decision to stay at Automattic was easy.

P.S. We’re hiring.

The post I stayed. appeared first on Zeldman on Web and Interaction Design.

ARRL® The National Association for Amateur Radio® is tracking how amateur radio is proving critical in areas hit hard by Hurricane Helene, especially in North and South Carolina, portions of Tennessee, and beyond. In the hardest-hit Asheville, North Carolina, area, homes and entire towns have been swept away by flood waters and mudslides. Over 200 people have been killed, and many more are stil...