Microsoft Says It Is Prioritizing Security Again blogs.microsoft.com

Satya Nadella, in a memo to Microsoft employees since posted on the company’s blog:

Today, I want to talk about something critical to our company’s future: prioritizing security above all else.

Microsoft runs on trust, and our success depends on earning and maintaining it. We have a unique opportunity and responsibility to build the most secure and trusted platform that the world innovates upon.

Charlie Bell, Microsoft’s executive vice president of security, expanded upon the company’s specific goals and priorities, and explained a particular incentive:

We will mobilize the expanded [Secure Future Initiative] pillars and goals across Microsoft and this will be a dimension in our hiring decisions. In addition, we will instill accountability by basing part of the compensation of the company’s Senior Leadership Team on our progress in meeting our security plans and milestones.

The obvious point of comparison for these memos is Bill Gates’ ‘Trustworthy Computing’ memo from 2002:

Trustworthiness is a much broader concept than security, and winning our customers’ trust involves more than just fixing bugs and achieving “five-nines” availability. It’s a fundamental challenge that spans the entire computing ecosystem, from individual chips all the way to global Internet services. It’s about smart software, services and industry-wide cooperation.

There is a sort of MBA-type wordiness in Nadella’s memo that is not present in the more direct Gates memo despite the latter being considerably longer, but both have similar goals. Microsoft’s poor track record, especially recently, is corroding the trust of its enterprise and government customers but — and this is the catch — where are they going to go?

Sponsor: ListenLater.net — Turn Articles Into Podcasts listenlater.net

Thanks to Listen Later for sponsoring this week’s posts at Pixel Envy.

Some sponsors provide their own Friday posts, but I was asked to write a little something of my own for Listen Later and I am happy to do so. I only accept sponsorships for products I actually like and would use. Listen Later is just such a service.

ListenLater

I use Listen Later to read long articles to me while I work, when I cook, and as I clean up after dinner. I have also used it to translate news stories. Maybe my favourite use is as a drafting tool for when I am writing a longer article and need to hear it read back to me. The text-to-speech quality is excellent, and having it show up in my podcast app alongside episodes from the shows I listen to makes it easy to keep track of new articles.

You know that article you swear you were going to read but still have not got around to? Yeah, the one in that ancient browser tab. Try hearing it with Listen Later’s free trial instead.

WhatsApp Pushes Back on Encryption-Hostile Policies in India economictimes.indiatimes.com

Raghav Mendiratta, of Stanford University’s Center for Internet and Society, in March 2021:

Under Rule 4(2), it is mandatory for a significant social media intermediary providing messaging services to identify the first originator of a message if a competent court or executive authority orders that it is necessary to do so for the purposes of investigation and prosecution of certain offences punishable with imprisonment for a term not less than five years. Technical experts say that compliance with this requirement is not possible unless end-to-end encryption on messaging services such as WhatsApp is broken.

WhatsApp sued over these rules the same month and then, last week, threatened to leave India if it is required to comply with policies that threaten encryption.

Indu Bhan, Economic Times:

WhatsApp LLC on Thursday told the Delhi High Court that the popular messaging platform will end if it is made to break encryption of messages.

“As a platform, we are saying, if we are told to break encryption, then WhatsApp goes,” counsel Tejas Karia, appearing for WhatsApp, told a Division Bench comprising Acting Chief Justice Manmohan and Justice Manmeet Pritam Singh Arora.

This is a familiar threat from WhatsApp, but it feels particularly weighty in India owing to the its extraordinary popularity in the country. I have to wonder if WhatsApp is bluffing. Would it really abandon the hundreds of millions of users in its most popular geography?

Apple Modifies Terms of Core Technology Fee With More Exceptions developer.apple.com

Apple:

[…] Today, we’re introducing two additional conditions in which the CTF is not required:

  • First, no CTF is required if a developer has no revenue whatsoever. […]

  • Second, small developers (less than €10 million in global annual business revenue*) that adopt the alternative business terms receive a 3-year free on-ramp to the CTF to help them create innovative apps and rapidly grow their business. […]

Two fundamental issues remain with the Core Technology Fee — namely, that developers still need to pay Apple even if their app is distributed exclusively outside the App Store and in-app payments are handled by a third-party processor, and the fee is an unknown and surprising future charge. One marvels at how the Mac could remain such a successful developer platform for so long without the support of a per-install fee.

But I was wrong. This is a meaningful relaxation of terms for entirely free apps, like the young developer example raised by Riley Testut during the March DMA compliance workshop.

Spotify Is Recommending ‘A.I.’-Generated Music twitter.com

Zach Ocean:

Encountered AI music in the wild today

Motown-style tracks straight from Suno/Udio with … interesting … titles and lyrics

Recommended by Spotify via Discover Weekly

These “interesting” songs include instant classics like “My Arms Are Just Fuckin’ Stuck Like This” and “It’s Time To Take a Shit on the Company’s Dime”. Classic Happy Bunny-style humour.

Ryan Broderick explains in Garbage Day:

The story behind the page is interesting. Obscurest Vinyl started as a Facebook page that would photoshop fake album covers for classic records that didn’t exist. The page recently shifted into posting AI songs to go with the fake album covers. As one commenter noted, you can tell the songs are AI because most of them feature bass and drum parts that don’t repeat in any discernible pattern. The account also regularly fights with users on Instagram who gripe about it using AI.

Truly embarrassing for Spotify that it is recommending stuff like this, and not for the first time.

Tech Journalism Has the Same Faults as Other Beats asteriskmag.com

Timothy B. Lee, writing in Asterisk:

Over the last decade, Silicon Valley elites have grown increasingly frustrated with media coverage of their industry. And they aren’t wrong that coverage has grown increasingly negative. But I think they’re wrong to assume this reflects a hostility toward Silicon Valley in particular.

A more banal explanation is that companies like Google, Facebook, and Uber aren’t startups anymore. It no longer makes sense to publish positive profiles introducing readers to these companies. So reporters have switched to treating Silicon Valley giants like other big companies, which means mostly writing about them when they do something wrong.

Lee is right that tech journalism often consists of thin stories built off press releases and simplistic narratives — but so, too, does most general audience journalism. While there is the occasional nuanced story with correct weighting given to affirming and dissenting views, it is far more common to see misapplied view from nowhere journalism. But, critically, this is true of all beats. Erwin Knoll once said “everything you read in the newspapers is absolutely true except for the rare story of which you happen to have firsthand knowledge”, and that includes knowledge of media itself. Given how pressured journalists are, as Lee is careful to note, it is not difficult to see why stories across a range of topics become either pure boosterism or damp scandals.

The Curious Case of Apple’s Third-Party SDK List for Privacy Manifests jessesquires.com

Apple:

Starting May 1, 2024, new or updated apps that have a newly added third-party SDK that‘s on the list of commonly used third-party SDKs will need all of the following to be submitted in App Store Connect:

  1. Required reasons for each listed API

  2. Privacy manifests

  3. Valid signatures when the SDK is added as a binary dependency

Jesse Squires:

Historically, Apple has rarely, if ever, explicitly acknowledged any third-party SDK or library. It took years for them to even acknowledge community tools like CocoaPods in Xcode’s release notes. Thus, it is interesting to see which SDKs they have deemed important or concerning enough to explicitly mandate a privacy manifest. And, in typical Apple fashion, I’m pretty sure SDKs authors were not notified about this in advance. We all learned which SDKs need privacy manifests at the same time — when the list was published.

When this requirement was announced at WWDC last year, I assumed this list would be dominated by SDKs for analytics, authentication, logging, advertising, and other potentially sensitive use cases. After all, it came on the heels of reporting by the Markup and the Wall Street Journal about SDKs invisible to end users and implicated in mass surveillance, with one such software package — X-Modebanned by Apple and Google.

This list of SDKs contains seemingly few such packages. As of writing, there are 87 SDKs on Apple’s list and fully one-quarter of them — by my count — are Flutter packages intended to simplify cross-platform development. I can see how there could be risks to file and photo pickers, for example, but this list sure looks more like it is comprised of popular SDKs, not necessarily ones of privacy concern. Kits from Facebook and Snap are on the list, but TikTok’s is nowhere to be found. Several Google SDKs are on the list, including Firebase analytics, but Google’s standalone ads framework is not; Unity is on the list, but not Unity’s ad kit.

As Squires writes, any documentation about why these SDKs are on Apple’s list would be helpful. I would even take a sentence fragment.

From Space to Story in Data Journalism nightingaledvs.com

Robert Simmon, Nightingale:

The launch of Ikonos was one of a handful of developments that allowed newsrooms to expand from reporting on rocket launches and satellite hardware, to using remote sensing data as an essential tool to help tell stories. A wide variety of satellite data are now used to provide context to the news, to document events, and as a tool for investigation.

It still blows my mind that I — a nobody — can open Google Earth any time I want and see aerial photography with a level of detail that would have been classified not too long ago. Years of imagery are available, too, so if I want to see how an area has changed, it is just a few button clicks away. I appreciated Simmon’s look at how capabilities like these have allowed journalists at places like Bellingcat and Buzzfeed News to document events in ways that would not have been possible before widespread consumer satellite photography.

Sponsor: ListenLater.net — Turn Articles Into Podcasts: Send a Link, Receive Human-Like Narration to Your Podcast App listenlater.net

Welcome to a world where your reading list becomes your listening playlist. We are thrilled to introduce you to ListenLater.net — an innovative service that turns articles into podcasts, making your favourite reads accessible in your favourite podcast app.

ListenLater

Have you ever stumbled upon an article that piqued your interest but didn’t have the time to delve into it? Whether you’re commuting, exercising, or relaxing, ListenLater.net simplifies the process. Just email the article’s URL, and presto! Listen Later takes over, converting it into an engaging podcast episode. The narration is so lifelike, you’ll find yourself immersed in the listening experience.

But the innovation doesn’t end with articles. Listen Later enhances your entire email experience. Forward any email, and it will transform its content and attachments into a podcast episode just for you — whether it’s work reports, newsletters, or those lengthy reads you’ve postponed.

Worried about language barriers? Listen Later has you covered! ListenLater.net offers multilingual translation and narration services. Simply select your preferred language, and immerse yourself in a vast array of content, all available to your ears.

Join us in embracing convenience and versatility. Listen Later brings your articles, emails, and documents to life in audio format. Head over to ListenLater.net and start your free trial today. Let’s redefine the way we consume information, one podcast at a time.

What Is Noise? newyorker.com

Rarely do I link to something just because I want you to go read it, but this piece by Alex Ross in the New Yorker is just such an occasion. It is a wonderful piece about how we sometimes embrace noise and sometimes reject it, and what “noise” even means. (Via Matt.)

FCC Votes to Restore Net Neutrality Rules in U.S. arstechnica.com

Tom Wheeler, former FCC chairman, writing for the Brookings Institution in October, following a vote to begin the process of reclassifying broadband as a “Title II” telecommunications service, regarding efforts to paint net neutrality regulations as no big deal:

It is the conduct of the ISPs that is in question here. Because telephone companies were Title II common carriers, their behavior had to be just and reasonable. Those companies prospered under such responsibilities; as they have morphed into wired and wireless ISPs, there is no reasonable argument why they, as well as their new competitors from the cable companies, should not continue to have public interest obligations.

Jon Brodkin, Ars Technica:

The Federal Communications Commission voted 3–2 to impose net neutrality rules today, restoring the common-carrier regulatory framework enforced during the Obama era and then abandoned while Trump was president.

[…]

ISPs insist the rules aren’t necessary because they already follow net neutrality principles yet also claim the rules are so burdensome that they will be prevented from investing more in their networks. Lobby group USTelecom today said the “relentless regulation” comes at the cost of “failing to achieve Internet for all.”

Karl Bode, Techdirt:

While broadband providers have already started whining about the rules and threatened to sue, privately (just like last time) broadband industry executives doubt the rules will have any meaningful impact on their businesses. The rules aren’t onerous, won’t likely be enforced with any consistency, and big companies like AT&T and Comcast have never, ever really had to worry about serious FCC penalties for any of their various predatory, anti-competitive, or illegal behaviors.

Bode has, for years, covered the effort to paint the reversal of net neutrality rules as inconsequential. Contrary to popular belief, the reclassification to a Title I service produced plenty of ill effects. Part of the problem was in mainstream coverage of what the rules meant and, similarly, in what their 2018 undoing would entail. Given the U.S.’ pivotal role in internet products worldwide, this protective measure to reduce the power of ISPs is a welcome one.

Lots of People Were Locked Out of Their Apple IDs mjtsai.com

Michael Tsai:

I had another instance of my Apple ID mysteriously being locked. First, my iPhone wanted me to enter the password again, which I thought was the “normal” thing it has done every few months, almost since I got it. But after doing so it said that my account was locked.

Chance Miller, 9to5Mac:

There appears to be an increasingly widespread Apple ID outage of some sort impacting users tonight. A number of people on social media say that they were logged out of their Apple ID across multiple devices on Friday evening and forced to reset their password before logging back in…

There is (unsurprisingly) nothing relevant on Apple’s system status page, but the developer version shows two instances of “maintenance” affecting Apple accounts. It is unclear to me if it is affecting only accounts associated in some way with a developer Apple ID. Neither of my Apple IDs — both of which are connected to developer tools — were affected by this problem.

This problem is about eighteen hours old. It would be useful if Apple said literally anything useful to acknowledge the issue.

I Hope This Email Finds You mastodon.social

Waldo Jaquith:

I made a new Mastodon bot, called “I Hope This Email Finds You.” Twice a day it proposes a novel way to conclude that sentence that opens so many emails. (It uses phrases from Google Books that include the phrase “finds you.”) I’ve been having fun reading these, so I turned it into a bot because you, too, might have fun reading them.

This bot is excellent. At times sweet, at times absurd.

Update: The link has been changed to reflect a server move. Links to old posts remain at the old server.

Websites That Forbid Other Websites From Linking to Them malcolmcoles.com

Malcolm Coles:

10+ years ago I created an annual list of websites that FORBADE you from linking to them, DEMANDED you write to ask for permission or LIMITED links to only their home page. Royal Mail even promised to post me a paper licence.

Now a decade has passed, let’s see who’s still doing it … And yes I’ve linked to your websites to prove this. Uh oh.

Some of these are even more bizarre than a blanket link ban, like Which? limiting people to a maximum of ten links to their site per webpage. Why would anyone want to prevent links? Perhaps terms like these are are a clumsy way of restricting hotlinking or poorly protected nonpublic sections of a site, but there are better options than some legal document with questionable enforceability.

Sponsor: Magic Lasso Adblock: Incredibly Private and Secure Safari Web Browsing magiclasso.co

Online privacy isn’t just something you should be hoping for — it’s something you should expect. You should ensure your browsing history stays private and is not harvested by ad networks.

By blocking ad trackers, Magic Lasso Adblock stops you being followed by ads around the web.

Screenshot of Magic Lasso Adblock

It’s a native Safari content blocker for your iPhone, iPad, and Mac that’s been designed from the ground up to protect your privacy.

Rely on Magic Lasso Adblock to:

  • Remove ad trackers, annoyances and background crypto-mining scripts

  • Browse common websites 2.0× faster

  • Double battery life during heavy web browsing

  • Lower data usage when on the go

So, join over 300,000 users and download Magic Lasso Adblock today.

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

The Onion Is the Latest Publication to Be Sold by G/O Media nytimes.com

Mark Stenberg, reporting for Adweek in January:

Digital media company G/O Media is shopping around its portfolio of editorial assets in hopes of securing buyers for individual titles, part of a broader effort to divest the properties ahead of another challenging year for the media industry, according to four people familiar with the efforts.

[…]

“Your reporting is largely incorrect. As with many multi-title media properties, we are always entertaining opportunities,” said a representative for G/O Media. “We have sold sites and purchased sites. Having said that, we do not comment on transaction rumors and speculation.”

It was “largely incorrect”, according to G/O Media, to suggest the company was thinking about selling off its portfolio of sites just two months after selling two of its sites to Paste. CEO Jim Spanfeller even gave an “exclusive” interview to Sara Fischer, of Axios, to dispel the rumours. Weeks later, the company sold and purged the shell of Deadspin, and then it sold the A/V Club and the Takeout.

Katie Robertson, New York Times:

G/O Media announced on Thursday that it had sold The Onion, a satirical news site, to a group of digital media veterans.

[…]

The real-life Global Tetrahedron is owned by Jeff Lawson, a co-founder and former chief executive of the technology communications company Twilio. The chief executive is Ben Collins, who was a senior reporter at NBC News until recently.

G/O Media still owns six publications — for now. For its part, the Onion says you should feed it one dollar.

‘Microsoft Must Stop Selling Security as a Premium Offering’ directionsonmicrosoft.com

Mary Jo Foley:

In a perfect world, Microsoft would take security seriously again. It would be transparent about breaches. Its execs would stop gloating about increasing security service revenue at a time when Microsoft can’t secure its own employees, let alone customers, against incidents that are happening with increasing frequency. And Microsoft would include must-have security capabilities as part of existing subscriptions instead of selling them as add-ons.

Microsoft sure is lucky to be so deeply enmeshed in the operations of businesses and governments that it is able to sell security for a fee because its all-in-one offering has basically no competition.

True Believing Tesla Retail Investors wsj.com

Hardika Singh, Wall Street Journal:

Bartash isn’t alone. Scores of individual investors have piled into Tesla shares in recent years, lured by the company’s technology, visionary chief executive and mammoth stock market gains. Through the end of last year, the stock was one of the top 10 wealth-creating companies for investors over the past decade, according to Morningstar, rising from about $10, on a split-adjusted basis, to $250.

But the shares have since hit a rough patch, down almost 40% in 2024. Tesla is the second-worst performer in the S&P 500 and off more than 60% from its peak in November 2021. The company’s market value fell below $500 billion last week for the first time in nearly a year, after climbing as high as $1.235 trillion.

It is hard to blame these people for sticking with Tesla despite its actual performance. Tesla’s stock is in the tank for the year, and Singh’s story was published Monday, one day before a bleak earnings report. Income was less than half was it was a year prior, revenue and margin fell, and it sold many fewer vehicles than it made.

Even so, Tesla’s stock jumped 12% because its CEO said “A.I.”, and he recently promised a robotaxi service once again and a less expensive model. Investors apparently believe him.

The Utility of Google Search Was Sacrificed for Ad Growth wheresyoured.at

Ed Zitron read a bunch of the emails released in United States v. Google and believes the quality of Google’s search engine has been in decline since early 2019 thanks to new leadership:

These emails are a stark example of the monstrous growth-at-all-costs mindset that dominates the tech ecosystem, and if you take one thing away from this newsletter, I want it to be the name Prabhakar Raghavan, and an understanding that there are people responsible for the current state of technology. 

Because these are only a sampling of the emails released as part of that trial, they paint a necessarily incomplete picture, and one that is possibly wrong.

Zitron’s reporting focuses on similar themes to Megan Gray’s retracted story for Wired in which Google allegedly “alters queries billions of times a day”, each time making a “behind-the-scenes substitution of your actual query with a different query that just happens to generate more money for the company”. These claims were not actually proven in court, as far as I can figure out, but gestures toward them were found by Davey Alba and Leah Nylen of Bloomberg, and can be found in Zitron’s story:

A day later, Gomes emailed Fox and Thakur an email he intended to send to Raghavan. He led by saying he was “annoyed both personally and on behalf of the search team.” in a long email, he explained how one might increase engagement with Google Search, but specifically added that they could “increase queries quite easily in the short term in user negative ways,” like turning off spell correction, turning off ranking improvements, or placing refinements — effectively labels — all over the page, adding that it was “possible that there are trade offs here between different kinds of user negativity caused by engagement hacking,” and that he was “deeply deeply uncomfortable with this.” He also added that this was the reason he didn’t believe that queries were a good metric to measure search and that the best defense about the weakness of queries was to create “compelling user experiences that make users want to come back.”

This is not the same thing as what Gray claimed, even though it is along similar lines. Google allegedly sacrificed an update to its search engine which improved the quality of results for users because it was less profitable. This was done, according to these emails and documents, with cooperation between search and ads. And it could do all of this because Google’s management team knows it has a search monopoly and that does not come cheap.