Written by Nick Heer.

Archive for December, 2022

Stop Talking to Each Other and Start Buying Things

Catherynne M. Valente, on the now-familiar cycle of web communities (via Andy Baio):

All the rest are gone. Dismantled for parts and sold off with zero understanding that the only thing of any value the site ever offered was the community, its content, its connection, its possibilities, its knowledge. And that can’t be sold with the office space and the codebase. These sites exist because of what we do there. But at any moment they can be sold out from under us, to no benefit or profit to the workers — yes, workers, goddammit — who built it into something other than a dot com address and a dusty login screen, yet to the great benefit and profit of those who, more often than not, use the money to make it more difficult for people to connect to and accept each other positively in the future.

This is not my favourite piece of writing, but I think its cathartic style benefits the subject. One of the best reasons for preferring protocols over platforms for online communities is that we know how it always goes for centralization. Yet, we keep throwing our hat in with the next well-funded thing because this time, maybe, it will be different, right? The problem for engineering-led protocols is that it is not possible to simply add usability. Given our economic climate, I do not think it is a coincidence that commerce-driven platforms sit briefly in a sweet spot where they are incentivized for people but not quite exploiting them.

Funny how I am linking to another piece about how things end or close or stop on the last day of the year.

Your Memories in Their Cloud

Kashmir Hill, New York Times:

The photos transported me back to a tremendously fun evening that I had all but forgotten. Yet I wondered how there could be so many photos from just one night. How do I decide which to keep and which to get rid of?

This kind of data explosion is a result of economics, said Brewster Kahle, founder of the Internet Archive, a nonprofit library based in San Francisco that saves copies of websites and digitizes books and television shows. Taking a photo used to be expensive because it involved film that needed to be developed.

“It cost a dollar every time you hit a shutter,” Mr. Kahle said. “That’s no longer the case so we hit the shutter all the time and keep way, way too much.”

[…]

I noticed a philosophical divide among the archivists I spoke with. Digital archivists were committed to keeping everything with the mentality that you never know what you might want one day, while professional archivists who worked with family and institutional collections said it was important to pare down to make an archive manageable for people who look at it in the future.

Given enough time, I think all of us want to believe we could pare down our own digital stockpiles to just the files and photos that matter. But as I have thought about it more often, I have come to accept I will never be able to anticipate within my lifetime what is truly important in my data trove. Due to a botched iPhone backup from years ago, I am missing hundreds of photos I only later discovered were important and irreplaceable. As I tried to find those images on long-disused hard drives last year, I found images from family gatherings in decade-old Aperture libraries which took on an entirely new meaning when I rediscovered them.

These two examples tell the story of the advantage and disadvantage of managing your own files. I was only able to rediscover photos I thought were lost to time because I found them on an old Time Machine drive I had luckily left intact, but I lost a bunch of other images because of the same system. Like Hill, I have become cloud complacent: I now have way too many things stored in iCloud because I assume Apple has better data integrity practices than I am able to manage for myself. But that seems to carry obvious risks given that Apple — the world’s most valuable company — absolves itself of any guarantee that your data is safe and secure in its cloud services, to the extent it can legally get away with. This is typical and it still feels bizarre.

My long overdue project for 2023 is to ensure I have local versions of everything in iCloud. After all, I cannot know what may be relevant years from now, but I can have control over my ability to access it.

We Are Doing the Familiar Privacy vs. Law Enforcement Argument Again

Tim Bray:

I hate to write a piece just saying Someone Is Wrong On The Internet. But Reid Blackman’s The Signal App and the Danger of Privacy at All Costs (in the NYTimes, forsooth) is not just wrong but dangerously misleading. I haven’t seen a compact explainer on why, so here goes.

No disrespect intended toward Bray, whose explainer is very good, but the original article is a variation on the same story we have heard countless times before: private communications are good but it is dangerous if there are no carve-outs for law enforcement. Blackman’s article is specifically about Signal because it has disappearing message features and a greater degree of anonymity than other mainstream messaging apps. It is therefore amusing to see him hand-waving the many Signal messages obtained by the FBI from U.S. insurrectionists while presenting this case.

I thought this paragraph from Blackman was worth highlighting:

What’s more, the company’s proposition that if anyone has access to data, then many unauthorized people probably will have access to that data is false. This response reflects a lack of faith in good governance, which is essential to any well-functioning organization or community seeking to keep its members and society at large safe from bad actors. There are some people who have access to the nuclear launch codes, but “Mission Impossible” movies aside, we’re not particularly worried about a slippery slope leading to lots of unauthorized people having access to those codes.

I sympathize with the thrust of this argument. Good governance is an essential part of democratic society and rebuilding trust in institutions must be a high priority. We should also be wary of slippery slope arguments. But Blackman does not present any evidence for how Signal — or any comparable application — would be able to turn the binary question of whether something is end-to-end encrypted into a gradient of access levels. In fact, this whole piece feels very much like a slippery slope argument itself: if you use Signal, you are a “witting or unwitting” proponent for adding barriers to prosecuting criminals.

This all feels very familiar. One would think prestige newspapers would stop publishing such well-worn ideas without further development of their arguments but, well, here we are.

This Year in Financial Scams

David Gura, NPR:

A woman better known for setting fashion trends than financial ones, Paris Hilton, appeared on The Tonight Show Starring Jimmy Fallon in January. After talking about her recent marriage and trip to Burning Man, the former reality TV star went deep on the NFTs, or non-fungible tokens, she was hawking.

The audience seemed a bit perplexed when she promised, Oprah-style, to give each of them an NFT — another kind of digital asset that is basically cartoony crypto art. But when Fallon, who is himself an NFT enthusiast, seemed blown away, they applauded.

“Peak hype,” though, crested quickly.

A year for the books. Fallon allegedly has a financial stake in MoonPay through which he bought the NFT he promoted on-air.

I want to point and laugh, but real people are losing real money as the rich pump air into this fiction. Matt Damon is doing just fine even after bitcoin has lost — as of writing — over seventy percent of its value compared to when his Crypto.com television commercial began airing.

LastPass Breached, Customers’ Password Vaults Stolen

LastPass:

We recently notified you that an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of our production data. In keeping with our commitment to transparency, we want to provide you with an update regarding our ongoing investigation.

Paul Ducklin, of Sophos’ Naked Security blog:

To be fair to LastPass, the company didn’t repeat its original claim that no password vaults had been stolen, referring merely to “customers’ information” being pilfered.

But in its previous breach notifications, the company had carefully spoken about customer data (which makes most of us think of information such as address, phone number, payment card details, and so on) and encrypted password vaults as two distinct categories.

This time, however, “customers’ information” turns out to include both customer data, in the sense above, and password databases.

Simon Sharwood, the Register:

That file “is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”

Which means the attackers have users’ passwords. But thankfully those passwords are encrypted with “256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password”.

Wladimir Palant, creator of Pain-Free Passwords, poured cold water on any relief that assurance may have provided:

I’ll translate: “If you’ve done everything right, nothing can happen to you.” This again prepares the ground for blaming the customers. One would assume that people who “test the latest password cracking technologies” would know better than that. As I’ve calculated, even guessing a truly random password meeting their complexity criteria would take less than a million years on average using a single graphics card.

But human-chosen passwords are far from being random. Most people have trouble even remembering a truly random twelve-character password. An older survey found the average password to have 40 bits of entropy. Such passwords could be guessed in slightly more than two months on the same graphics card. Even an unusually strong password with 50 bits of entropy would take 200 years on average – not unrealistic for a high value target that somebody would throw more hardware on.

Jeremi M. Gosney also has concerns about LastPass’ track record.

This breach will be catastrophic for an unknown but non-zero number of people and businesses. When it was spun off by LogMeIn as an independent company in December 2021, the press release said it had over thirty million users and tens of thousands of business customers. Some of those, particularly corporate clients, will be high-value targets, and they will now be expected to change all of their passwords. I am not sure what is a typical number of records, but anyone I know who uses a password manager has hundreds. I sympathize with anyone dedicating days of work to correct for LastPass’ failure to protect their customers’ data.

A password-less future cannot come soon enough.

Benchmarks Need to Represent Actual Usage

DXOMARK:

The results of our battery tests revealed that autonomy was largely impacted by this always-on screen feature, draining the battery about 4 times faster! The battery will last roughly 100 hours in idle when activating the feature, instead of 400 if the feature is deactivated. […]

Matt Birchler:

Well, this test was done with the phones in airplane mode, all wireless connections were disabled, and the phones were never used. In other words, they’ve eliminated all other battery drains from the phone and left just the screen. This is a perfect example of a bad benchmark, in my opinion, as it gives you a comparison that feels scientific, but tells you nothing of value.

If you use your phone without any of its telephony features, then perhaps you, too, could see a fourfold improvement in its battery life. I read the original article and I am struggling to understand the point of running this benchmark without any additional context. Without a followup test investigating real-world conditions, these are merely some context-free numbers — hardly a useful test.

User Stylesheets Are Still Pretty Great and Should Be More Widely Supported

Have you thought about your user stylesheet lately? I cannot blame you if you have not, especially if you have no idea what I mean when I write “user stylesheet”. Here is Jennifer Kyrnin’s great explanation of what that is:

In the past, the internet was filled with bad web design, unreadable fonts, colors that clashed, and nothing adapted to fit the screen size. At that time, web browsers allowed users to write CSS style sheets that the browser used to override the styling choices made by page designers. This user style sheet set the font at a consistent size and set pages to display a specified color background. It was all about consistency and usability.

As Kyrnin writes, web designers usually do a better job these days, and most browsers no longer support user stylesheets by default. Google removed them from Chrome nine years ago and they were made optional in Firefox in 2019. But Safari, my browser of choice, still makes user stylesheets easily visible and, if you have the inclination, I recommend its use for a low-effort way of blocking irritations and overriding bad design choices.

For example, while I frequently use and appreciate the services of the Internet Archive, and the reporting of the Intercept and ProPublica, I find their modal nags to be more intrusive than necessary. So I have this section in my user stylesheet to override those elements:

#donato,
html>body #donato,
#donate_banner,
html>body #donate_banner,
/* same for the intercept */
#third-party--viewport-takeover,
html>body #third-party--viewport-takeover{
    display: none !important;
    height: 0 !important;
    position: absolute !important;
    left: -99999em !important;
}

.InterceptWrapper .Post-body--truncated{
    max-height: none !important;
    overflow: visible !important;
}

.InterceptWrapper .Post-body--truncated:before{
    content: unset !important;
}

/* propublica nag */

body.app iframe.syndicated-modal{
    display: none !important;
}

I pulled these specific selectors by finding the bothersome elements on these websites using Safari’s Web Inspector.

For those of you with some CSS knowledge, the above rules might look like overkill. The logic of including both display: none and left: -99999em seems to make no sense. The only explanation I have is that some of these rules are more applicable to the Internet Archive donation nag while others apply to the Intercept’s email box.

Also, this stylesheet has the cruft of fifteen years of new rules and changing websites, so that may also be a factor.

Here is another example of the power of user stylesheets: you know those awful “sign in with Google” prompts that became more aggressive this year? You can turn them off if you remain signed into your Google account, but you can also style them out of view:

#credential_picker_container,
iframe[title="Sign in with Google Dialog"]{
    display: none;
    position: relative;
}

This is the kind of lightweight solution that I love. It is unnerving to know Google has so much power over the web that it offers users the trade-off of staying logged into their account or be nagged on major websites that offer Google’s login option. It is rewarding to defeat it with five lines of CSS.

But user stylesheets have drawbacks and are evidently from an earlier era of the web. The ways you might employ user styles today are often similar to browser extensions like StopTheMadness or any number of ad blockers. Modern extensions are far more powerful, too, as rules can be tailored to individual websites or run globally. The biggest advantage to the user stylesheet is also its Achilles’ heel: it only works globally, meaning the same rules are applied to all websites. That means your CSS selectors need to be highly specific. If another website has the app class on the <body> element which contains an <iframe> with the syndicated-modal class, it will also get hidden in the same way as it does for me on ProPublica. Finally, many modern websites are built with ugly generated markup which can change any time the code base is updated.

Still, I rely on this user stylesheet to keep my sanity when browsing the web today. Unlike browser extensions, there are no security or privacy questions to worry about, and it is entirely controlled by the user. I saved my stylesheet in my iCloud Drive so it syncs between my Macs; Safari for iOS does not support user styles. It is a feature that will probably be deprecated across all browsers sooner than I would like, but I will be using it until that day arrives. If you have even a passing knowledge of CSS, I encourage you to experiment with its possibilities.

Parting the Curtains of Google’s Ad Display Network

Craig Silverman and Ruth Talbot, ProPublica:

ProPublica spent months trying to crack open Google’s black box ad business. We wrote thousands of lines of code to scan more than 7 million website domains looking for Google ad activity, sourced and analyzed data on millions more domains from half a dozen data partners, and spoke to some of the most knowledgeable experts about Google’s display ad business.

In the end, we matched 70% of the accounts in Google’s ad sellers list to one or more domains or apps, more than any dataset ProPublica is aware of. But we couldn’t find all of Google’s publisher partners. What we did find was a system so large, secretive and bafflingly complex that it proved impossible to uncover everyone Google works with and where it’s sending advertisers’ money.

This report builds upon an October investigation from Check My Adspreviously linked — and it reveals how Google’s power and scale do not meaningfully reflect the trust of advertisers. There is, perhaps, an argument to be made for putting space between ad buyers, sellers, and placements, similar in spirit to the way media separates its business side from its journalism side. But that would require Google to display dilligence at a level it is either incapable of or unwilling to do in all parts of its advertising business. Judging by the quality of ads I see on Google’s own properties like YouTube, it seems monitoring ads at scale would preclude that level of confidence in buyers or sellers.

TikTok Admits It Used Journalists’ Location Data to Try to Find Their Sources

Emily Baker-White, reporting for Forbes in October:

TikTok spokesperson Maureen Shanahan said that TikTok collects approximate location information based on users’ IP addresses to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior.”

But the material reviewed by Forbes indicates that ByteDance’s Internal Audit team was planning to use this location information to surveil individual American citizens, not to target ads or any of these other purposes. Forbes is not disclosing the nature and purpose of the planned surveillance referenced in the materials in order to protect sources. TikTok and ByteDance did not answer questions about whether Internal Audit has specifically targeted any members of the U.S. government, activists, public figures or journalists.

Baker-White today:

An internal investigation by ByteDance, the parent company of video-sharing platform TikTok, found that employees tracked multiple journalists covering the company, improperly gaining access to their IP addresses and user data in an attempt to identify whether they had been in the same locales as ByteDance employees.

According to materials reviewed by Forbes, ByteDance tracked multiple Forbes journalists as part of this covert surveillance campaign, which was designed to unearth the source of leaks inside the company following a drumbeat of stories exposing the company’s ongoing links to China. As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.

Hannah Murphy, Financial Times:

Two members of staff in the US and two in China gained access to the IP addresses and other personal data of FT journalist Cristina Criddle, to work out if she was in the proximity of any ByteDance employees, the company said. However, the company failed to find any leaks.

A BuzzFeed journalist and a number of users connected to the reporters through their TikTok accounts were also targeted.

Similar tactics have previously — allegedly — been used by Facebook and Uber. It is perhaps not my place, but those are not the two companies from which I would take lessons on ethics. But it does illustrate the vast amount of granular information available to some of the world’s largest companies. Their surveillance is part of the societal fabric. The disadvantage for TikTok is that its spying carries the added weight of possible connections to an authoritarian state. The additional layer of complication is certainly worth discussing, but it should not distract from the fundamental assault on user privacy shared by all three companies without legal consequence.

Scammers Are Taking Advantage of Equifax Breach Settlement Notices

Brian Krebs:

The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number.

But be aware that phishers and other scammers are likely to take advantage of increased public awareness of the payouts to snooker people. Tim Helming, security evangelist at DomainTools.com, today flagged several new domains that mimic the name of the real Equifax Breach Settlement website and do not appear to be defensively registered by Equifax, including equifaxbreechsettlement[.]com, equifaxbreachsettlementbreach[.]com, and equifaxsettlements[.]co.

So far, those URLs do not contain anything more than parked domain advertising, but it is not difficult to imagine how they could be used — recall how something similar happened earlier in the Equifax breach. Is there a legal requirement for settlement websites like Equifax’s or the Apple butterfly keyboard suit to be separate from either party’s own hosting? I can imagine why that would be desired, but the use of these generic domains is an opportunity for scammers.

Krebs:

Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit.

This is a choice. In addition to 143 million Americans, thousands of Britons and Canadians were also compromised. An investigation by the Office of the Privacy Commissioner of Canada found Equifax retained consumer data beyond Canadian law and its own internal policies — data later stolen. The broker market in Canada is different to that in the U.S. but, so long as the market here is dominated by American firms like Equifax and TransUnion, the lack of a culture of privacy will be a liability.

TikTok to Begin Showing Users Why a Video Was Recommended to Them

TikTok:

TikTok For You feeds enable people to discover an incredible diversity of ideas, creators, products, and entertainment. Our system recommends content by ranking videos based on a combination of factors based on your activity on our app, which includes adjusting for things you indicate you’re not interested in. Our goal is to serve a range of relevant and entertaining content. To help people understand why a particular video has been recommended to them, we’re rolling out a new tool over the coming weeks.

This sounds like a good step forward, albeit a limited one. The explanations for these recommendations have a similarly limited language and scope as ad transparency efforts like those from Google and Meta. They are often a narrow window into how these systems work, but too vague to understand why that specific material was chosen.

Although coverage of TikTok’s feature did not indicate a specific reason why it is being rolled out, I wonder if it is partially due to the European Union’s Digital Services Act, which requires larger platforms to explain their algorithmic choices. Expect more changes like this.

Twitter Bans Links to Other Social Media Platforms

Twitter:

At both the Tweet level and the account level, we will remove any free promotion of prohibited 3rd-party social media platforms, such as linking out (i.e. using URLs) to any of the below platforms on Twitter, or providing your handle without a URL:

Prohibited platforms:

  • Facebook, Instagram, Mastodon, Truth Social, Tribel, Post and Nostr

This is an obviously stupid policy because enforcing it means driving away pretty much everyone. Businesses big and small link to posts they made on Instagram and Facebook, which means a bunch of social media managers are in for a rough start to what is likely their last week of work for the year. Creative people link to their Instagram posts all the time. (Update: Twitter’s policy says it permits cross-posting, even from banned sites like Instagram, but you are somehow not supposed to “promote” those profiles while doing it. You can link to a specific Instagram post, I guess, but not mention your Instagram profile. This seems impossible to enforce.) Meanwhile, I bet Tribel and Nostr are thrilled about being lumped in with successful platforms; they are so small that neither one has a Wikipedia page.

Also, my handle — pretty much everywhere — is just my name. If I tell people they can find me anywhere by searching “nickheer”, I am violating this rule by indicating my handle without a URL.

Maybe more interesting are the exceptions to this rule: linking to one’s YouTube profile is not a bannable offence, and neither is LinkedIn, for some reason. TikTok links are also not prohibited. Oh, and this rule may not apply if you buy ads for a post with a prohibited link, but the wording of that exception is unclear and it could simply mean that Meta is allowed to keep buying ads on Twitter.

Also banned:

  • 3rd-party social media link aggregators such as linktr.ee, lnk.bio

It was only earlier this year when Linktree raised a round of funding at a billion-dollar valuation. Time flies.

Twitter is going great, friends, and if you do not think Elon Musk is a business genius for spending $44 billion to buy the company without any plan besides replatforming a bunch of scumbags and banning the account posting trips taken by the SpaceX plane, you just cannot see the eight-dimensional chess game he is playing. He is a very smart man with a thick skin living in his happy multibillion-dollar world, and he is just trying to save civilization by bringing Nazis back and banning people from posting links to their Mastodon account on Twitter, the free speech platform.

Update: Twitter has now removed all evidence of this policy’s existence from its official support channels, but the Internet Archive never forgets. Really gives you confidence this was a well-considered policy from the super genius business person who now owns Twitter.

Why We Argue About the Same Things Over and Over

WNYC’s On the Media:

As we approach the end of the year, OTM correspondent Micah Loewinger takes a look at the some of the big media narratives that felt representative of 2022. He speaks with political scientist Paul Fairie, who has devoted his Twitter account to investigating refrains like “nobody wants to work anymore” and “people are losing their sense of humor” to show that seemingly modern moral panics have been repeated in the American press every decade for over a century. With the help of voice actors (see below), listen as Paul and Micah dive deep into the newspaper archives to demonstrate how little has changed in our political discourse.

If you have somehow missed Fairie’s explorations of history on Twitter, he has published a thread of the threads. Putting it all in perspective.

Publishing Blog Updates to Mastodon

Jesse Squires:

If you follow me on Twitter, you’ve likely noticed that my blog posts are automatically tweeted for me. There are multiple services you can use to do this, like Zapier and IFTTT. I use both services for various automations. Each has built-in actions for listening to an RSS feed and then tweeting new items as they appear. Sadly, neither service has a built-in action for Mastodon. However, we can achieve the same results with a generic webhook action on both platforms.

Squires’ post inspired me to check on how my posts are automatically published to Mastodon in a way I do not pay for. It turns out I have a Zapier action set up but, at some point, the company began charging for new uses of the webhook action. Using webhooks on IFTTT remains free. Unfortunately, I have not worked out how to make the links prettier, and I dare not touch the Zapier action in case it gets paywalled.

Negotiations Between MIT and the New W3C Organization Seem to Be Going Poorly

James Hercher, writing at Ad Exchanger in April:

The Worldwide Web Consortium (W3C), the main technical standards developer of the internet (HTML and CSS, the code underlying the web, are two such W3C standards), will lose longtime university partner MIT as administrator and US host organization at the end of this year.

[…]

Without a new structure and financial plan in place for 2023, why haven’t W3C members panicked about what looks like a potential looming catastrophe? Despite W3C executives being hard at work on a potential solution for more than the past year, they haven’t made much progress.

In June, the W3C announced its transition:

The World Wide Web Consortium is set to pursue 501(c)(3) non-profit status. The launch as a new legal entity in January 2023 preserves the core mission of the Consortium to shepherd the web by developing open standards with contributions from W3C Members, staff, and the international community.

Robin Berjon, who is on the board of this new entity, posted a status update today, and it is worrisome:

At this point it looks like we will not have an operational W3C nonprofit on Jan 1. Every Director will vote their conscience, but it seems likely that the asset transfer will be rejected, leaving MIT responsible for its contracts with W3C Members (for which they have paid).

No one knows what happens then.

These stumbling negotiations will not ensure the immediate collapse of the web or anything like that, but it sounds like MIT is parting from the W3C in the most difficult way possible. It is worth keeping an eye on this.

Facebook’s Widely Viewed Content Report Still Shows a Platform Full of Suspicious and Poor-Quality Links

Last month, Jeff Horwitz of the Wall Street Journal explained that Facebook’s most recent Widely Viewed Content report was a cause for celebration at the company, as it indicated the apparent triumph of the platform’s moderation tools over spammers and scammers. It was a well-coordinated leak — the Journal article was published at exactly the same time Facebook released its report — and it did its job by highlighting Facebook’s recent efforts after an embarrassing previous quarter report. It looked like a more positive direction, but I urged caution.

Yesterday, the Integrity Institute published a more comprehensive analysis:

While this is in general good, and the teams working internally to improve the quality should feel good about their work, we do not see any significant change in the quality of content that made it into the top links and top posts lists. The majority of content there continues to fail basic media literacy checks. A dip in unoriginal content is compensated by a rise in content using spam networks. And we’ve found content that might violate Facebook’s policies that Facebook may have overlooked.

[…]

Finally, a quick note of what wasn’t on the top content lists: the passing of Queen Elizabeth II. She died on September 8th, so well within the Q3 time range of this list, but no story about her makes it into the top 20.

It is very odd, though perhaps explained by having such a large volume of coverage diluting the impact of any specific link. Remember, this report only shows the twenty most popular links, posts, and pages on Facebook, and is only a fractional sliver of what gets published there. That, I think, makes it all the more notable to see the peculiar and specific traffic arbitrage scheme found by these researchers.

It Barely Matters That Apple Missed Its Two-Year Goal for the Apple Silicon Transition

Chance Miller, 9to5Mac:

If you view the November [2020] announcement [of the first M1 Macs] as the start of the transition process, Apple would have needed to have everything wrapped up by November 2022. This deadline, too, has passed. This means Apple has missed its two-year transition target regardless of which deadline you consider.

[…]

So that leaves us where we are today. You have Apple Silicon options for every product category in the Mac lineup, with the exception of the Mac Pro. During its March event, Apple exec John Ternus teased that the Mac Pro with Apple Silicon was an announcement “for another day.” That day, however, hasn’t yet come.

Miller also notes that an Intel version of the Mac Mini remains available. But it hardly matters for Apple to have technically missed its goal since all of its mainstream Macs have transitioned to its own silicon, and it has released an entirely new Mac — in the form of the Mac Studio — and begun the rollout of its second generation of chips in that timeframe. Also, it sure helps that people love these new Macs.

Update: The December 18 version of Mark Gurman’s newsletter contains more details about the forthcoming Mac Pro:

An M2 Extreme [Gurman’s own term for two M2 Ultras] chip would have doubled that to 48 CPU cores and 152 graphics cores. But here’s the bad news: The company has likely scrapped that higher-end configuration, which may disappoint Apple’s most demanding users — the photographers, editors and programmers who prize that kind of computing power.

[…]

Instead, the Mac Pro is expected to rely on a new-generation M2 Ultra chip (rather than the M1 Ultra) and will retain one of its hallmark features: easy expandability for additional memory, storage and other components.

I am interested to see how this works in practice. One of the trademarks of Macs based on Apple’s silicon is the deep integration of all these components, ostensibly for performance reasons.

AM Radio Is Being Dropped From Electric Cars

Michael Levenson, New York Times (via Dave Pell):

An increasing number of electric models have dropped AM radio in what broadcasters call a worrisome shift that could spell trouble for the stations and deprive drivers of a crucial source of news in emergencies.

Carmakers say that electric vehicles generate more electromagnetic interference than gas-powered cars, which can disrupt the reception of AM signals and cause static, noise and a high-frequency hum. (FM signals are more resistant to such interference.)

Perhaps not the reason you expected for why some automakers are no longer offering AM radios; certainly, this was not the reason I was expecting. Levenson documents many great examples for preserving its availability.

MarsEdit 5

Daniel Jalkut recently released a new version of MarsEdit which, in my eyes, is hands-down the best MacOS application for writing for the web. I do not use anywhere near all of its features, but nearly everything for this website is written using MarsEdit. I adore it. This is the first new version in years and it is a completely fair $60, but MarsEdit 4 users can get a copy for half the price.

Update: I originally said Brent Simmons was responsible for MarsEdit 5 because I do not know how time works. Sorry or thanks to both developers.