Evil Billionaire Attack

Over at Wired, I propose that the chaos unfolding in the wake of Elon Musk’s acquisition of Twitter qualifies as a new kind of security risk in which the intrusion mechanism is simply massive amounts of money.

In the field of information security, there’s a kind of vulnerability known as the evil maid attack whereby an untrusted party gains physical access to important hardware, such as the housekeeping staff coming into your hotel room when you’ve left your laptop unattended, thereby compromising it. We have here a new analog, just as capable of wrecking systems and leaking data. Call it the “evil billionaire attack” if you’d like. The weapon is money, and more specifically, the likelihood that when the moment arrives you won’t have enough of it to make a difference. The call is coming from inside the house.

The reason this strategy works is that most ideas of any consequence are owned by people with more money than you, and then whenever possible they string them together into a network with the specific intent of making the gravity inescapable. Founders and investors and excitable technology writers like myself frequently use the term “platform” to describe technical systems with granular components that can be used to compose new functionality, and the power sources propelling the technology industry find platforms particularly appealing when the bits can be monetized each time they are used.

A platform is better than an app, or so the theory goes, because you can use a platform to build multiple apps, or enable other developers and companies to build apps from which you might take a 30 percent cut. Whatever its advantages, the Twitter debacle should spell the end of the proprietary platform as a serious technical undertaking, a high profile illustration that they are too risky to trust no matter how strong the code might be.

iPhone 12

My first gadget review! I previewed the specs of the new iPhone 12 for Wired.

The iPhone 12 comes with a new ProMotion OLED display, which Apple is calling the “Super Retina XDR” screen. It’s the biggest visual upgrade since the original Retina screens a decade ago, and it’s crafted out of a new material called ceramic shield, which is vastly stronger than regular glass—one-fourth as likely to crack when you angrily throw it across the room. Whether you’re watching news anchors debunk political misinformation or trying to catch up with the incomprehensible meme cycle, this brilliant display is the tool for the moment, your perfect window for the end of the world.

Let’s go time traveling

Things should have been different before, but maybe they can still be fixed now? If you have files from the past which need to be converted or altered in ways that would require writing a new inode to your local storage disk, ordinarily you’d lose the original timestamps, and the new versions would instead end up with the timestamp corresponding with the point when you ran the conversion. It doesn’t have to be this way. Here’s a Bash function which copies timestamps between files.

Pingkiller

A new Chrome extension which stops the HTML “ping” attribute from tracking your browsing activity.

Processing Fellowship recap

As my fellowship with the Processing Foundation wound down, I wrote a bit about the process of deriving the guiding principles of p5.js far enough to write useful documentation for it — a dissection manual, if you will.
more

CNN election coverage

Lately I have been on CNN’s election night coverage, in particular interactive data visualizations for the Senate and the House.

The Internet Is Lying To You

Error 301: This post has moved permanently.
Just kidding! Ha ha! But I did write about the problems with aggressive link redirecting for New York Magazine.

This is both dangerous and ridiculous. Pages load more slowly, and the extra useless links are much more likely to break, and it’s impossible to know where you’re actually heading until after you’ve already clicked. One of the reasons users must so awkwardly tumble through a useless proprietary server that performs customized URL-redirecting behaviors is because this sort of thing is not actually included in any of our technical standards for building computer networks, and it is not part of any standard because it is a terrible idea. Bouncing internet users around between obfuscating servers in a game of internet pinball is a patently absurd way to run any sort of address system. It is a terrible distributed collective architecture that comes at the expense of the real internet.

ACLU

I’ve been doing some work for the ACLU lately, and Fast Company profiled the team in an article that I still cannot believe is titled The ACLU is building a tech dream team. Your move, Trump.

Meltdown, Spectre, and everything else

For Wired, a meandering essay that uses the Meltdown and Spectre exploits to point out problems with how we think about the future:

Anything that seeks to reshape the infrastructure built by our past selves should deserve our most aggressive scrutiny, regulation, and suspicion. If backtracking overeager technology is already proving so catastrophic for the cheap chips in our laptops and phones, then we certainly have no hope of reversing its changes to our homes, cities, and oceans.

more

Processing Foundation Fellowship

The Processing Foundation runs a fellowship for people interested in interactive art, and I am part of the 2018 class. I’ll be working on the documentation for p5.js, helping to clean up the developer-facing architecture and design logic so it’s easier to contribute.

AMP for Email

Google recently unveiled a set of proposed upgrades to email. For New York Magazine’s tech section, I wrote about where it went wrong – most notably, that it should not be possible to “unveil” upgrades to a standardized communication platform in the first place.

The biggest flaw is simply that it can’t reasonably be called version two of email. That isn’t Google’s fault — version two of email doesn’t exist anywhere else either. We aren’t even trying. That is such a profound moral failure that maybe technical failure was also inevitable. And so a lukewarm quasi-open standard pushed by a monopoly interest punts our indefensible collective apathy right into the next generation, deeply broken and silly and misguided but also, embarrassingly enough, still the best we say we can do.

more

This is in many ways the spiritual successor to a previous article I wrote about the continued stagnancy of email.

Net Neutrality

New York magazine’s tech blog Select All let me go wayyyy overboard explaining why internet application protocols like http:// and ftp:// intrinsically fight for net neutrality even with the FCC does not.

Networks are made of computers, and computers take instruction. They do as they are told reliably until they break, and for decades now, what we have told them to do is move information around as quickly and efficiently as possible. This is for two reasons: practical, because at the dawn of the internet it was important to squeeze bits over the limited bandwidth of dial-up modems; but also elemental, because designing any technology with intentionally suboptimal performance is self-evidently idiotic, so nobody does it — aside from the current FCC, apparently. Nonetheless, for the most part, the internet’s underlying application-layer protocols try to run as quickly as possible. This will remain true unless the internet is completely rebuilt atop a different foundation.

more

Easier Literate Programming

The tools I’ve been building for literate programming, such as lit and the Markdown import plugin for Rollup, are powerful and can help you fit literate programming into a serious application build process. But what if you don’t want to bother with a build process?

Here’s a quick-and-dirty alternative for JavaScript on the web: lit-web.js. It lets you load Markdown files as script tags, like this:


<script type="text/markdown" src="//path/to/literate/programming.md"></script>

If lit-web.js is loaded on the page, it will find these “Markdown scripts,” fetch their content, parse the Markdown to remove everything but the code blocks, and execute the resulting code string in JavaScript. My goal with this was to create a tool that presents the lowest possible barrier to entry into literate programming. Here’s an example I’ve written for the D3.js demo site bl.ocks in which the data visualization uses its own README.md documentation as the source code.

Better Literate Programming

First, several big updates recently to the original version of lit, my agnostic tool for literate programming.
  1. It can now preserve correct line numbers for debugging, which is the killer feature I’ve been trying to figure out; this is the only reason I haven’t written all my source code in this format for the past couple years.
  2. You can pipe the processed content over stdin/stdout instead of just writing files to disk, which should enable any shenanigans you want to wire up that I have not anticipated.
  3. Best of all, thanks to some logging tricks it also lets you actually execute Markdown documents. Usage would be something like this:
    
    # use Python to execute the fenced code blocks inside script.py.md
    $ python $(./lit.sh --input "script.py.md" --before "#")
    

In addition, I’ve reimplemented the same core logic as a Rollup plugin. This is optimized for JavaScript, supports sourcemaps for debugging, and can be delivered via npm with semantic versioning for dependency management.

Object Iteration

New on GitHub and npm: I rebuilt the ES5 array methods from JavaScript and made them work with objects/hashmaps.

Augmentad Reality

A new project with Rich Harris and Aliza Aufrichtig: Augmentad Reality is a custom hardware heads-up display which overlays ads on whatever you were looking at anyway. This is a real device which actually works, built and coded within about six hours at the Stupid Shit No One Needs & Terrible Ideas Hackathon and subsequently covered by Gizmodo. Welcome to the future!

Tweet Strings

My new piece for Motherboard unpacks the recent changes to Twitter’s character limits. In short, the big news is not that the tweets are growing longer, it’s that they are now being treated as data structures, not text strings.

Twitter has always performed text analysis of the tweet content to detect elements and extract them as distinct entities to discrete data fields. Now the separation is fixed and formal: They’re auxiliary data points, not part of the message content, and as such they will need to be specifically interpreted by any program, site, or service that integrates with Twitter. This means that tweets are no longer just text; they are turning into something entirely new.

Web Safe

Web Safe 2k16 is a strange, beautiful project in which writers sift through their memories of the early internet using a specific color as a prompt. I wrote about blue.

How To Block Genius.com Annotations

Update, 2016.05.25: I’d recommend using Genius Blender, a simple JavaScript one-liner, over the methods described below. You can read more about the security issues surrounding Genius in my new article for the Verge.

Over the weekend I wrote a tool to break the annotation functionality of genius.com.

Slow down. You wrote a what to do what to who now?

Genius, formerly known as Rap Genius, is a web site that allows users to annotate blocks of text that appear on other sites. It’s very cool technology; you can just visit any page on the internet using a Genius redirect link, and it will show up with all sorts of additional information which has already been appended by other people. I wrote some code which lets site owners break the Genius annotations for their site, as well as a WordPress plugin which makes that code much easier to use.

If it’s cool, why do you want to break it?

There are two sides to that coin. The existence of the technology they’ve developed should be concerning to anybody who wants to put something on the internet. Not everything needs or deserves freeform annotation by users, and some things – some people – may be actively or disproportionately harmed by it. Genius has made special arrangements with some sites, such as the New York Times (which is also my employer), but hasn’t provided a way for smaller users to either opt in or opt out. This means they’re effectively forcing it on everyone.

I’m also firmly of the opinion that we’ll all be better off if functionality like this is handled by a standards body like the W3C, or a non-profit like the WikiMedia Foundation, or at least an open-source software project. Annotations are a pretty fundamental expression of the nonlinear ways we talk, write, and think, so I’m nervous about the possibility that the content and mechanisms could end up owned by a single for-profit tech startup.

Why did you do this now?

A few days ago Ella Dawson wrote a very upsetting blog post about how Genius was functionally equivalent to forcing crude, violent, or hateful user comments onto a web site she created as a safe space to write about the sensitive work she does. When she reached out to Genius for help, the solution they suggested was “don’t look at the annotations.” This bothered me, so I stayed up all night tinkering and figured out how to make a defensive tool.

more →

Audio Metadata

For VICE/Motherboard, here’s an obsessive deep dive into the minute details of music metadata, and how information about the songs we love is being co-opted for questionable ends by streaming services like Spotify and Google Play.

Format shifts have already altered the mechanics of music simultaneously several times over the past few decades, and the recent rush toward streaming services like Spotify and Google Play now positions a technology company between the listener and the material. Surely remote cloud storage is a new audio format at least as much as the Walkman?

This is a new kind of consumer relationship, and the play button has a different meaning for each side; to the business, it does more than just switch on entertainment. As a result, there’s now a sort of subtle power play occurring over control of the metadata which surrounds the music and connects it to search fields, filters, and playlists. This is unfortunate, because our ability to meaningfully engage with something depends first and foremost on whether we can find it at all.

Hacker News