Market-Driven Brittleness lawfaremedia.org

Barath Raghavan and Bruce Schneier, Lawfare:

Today’s internet systems are too complex to hope that if we are smart and build each piece correctly the sum total will work right. We have to deliberately break things and keep breaking them. This repeated process of breaking and fixing will make these systems reliable. And then a willingness to embrace inefficiencies will make these systems resilient. But the economic incentives point companies in the other direction, to build their systems as brittle as they can possibly get away with.

This is a tremendous essay — a call to action in opposition to the shallow cost-effectiveness embraced by corporations up and down the high technology chain. Now all we need is to hope businesses do things which are not in their immediate financial interest.

The Conclusions of That CAPTCHA Paper Seem Iffy to Me theregister.com

Thomas Claburn, the Register:

Google promotes its reCAPTCHA service as a security mechanism for websites, but researchers affiliated with the University of California, Irvine, argue it’s harvesting information while extracting human labor worth billions.

[…]

“Traffic resulting from reCAPTCHA consumed 134 petabytes of bandwidth, which translates into about 7.5 million kWhs of energy, corresponding to 7.5 million pounds of CO2. In addition, Google has potentially profited $888 billion from cookies [created by reCAPTCHA sessions] and $8.75–32.3 billion per each sale of their total labeled data set.”

I have seen this paper (PDF) being passed around and, while I find its participant-reported data believable — people are much less satisfied with image-based CAPTCHA puzzles than checkboxes — these calculations are unbelievable.

To reiterate, the researchers are estimating reCAPTCHA sessions have, over the past thirteen years, been responsible for $888 billion of Google’s income. In that time, Google has made $1.8 trillion in revenue. These researchers are suggesting up to 49% of that can be directly tied to reCAPTCHA cookies.

Here is the explanation they give in the paper for how they arrived at that conclusion:

[…] According to Forbes [3], digital ad spending reached over $491 billion globally in 2021, and more than half of the market (51%) heavily relied on third-party cookies for advertisement strategies [1]. The expenditure on third-party audience data (collected using tracking cookies) in the United States reached from $15.9 billion in 2017 to $22 billion in 2021 [2]. More concretely, the current average value life-time of a cookie is €2.52 or $2.7 [58]. Given that there have been at least 329 billion reCAPTCHAv2 sessions, which created tracking cookies, that would put the estimated value of those cookies at $888 billion dollars.

It seems the researchers simply multiplied the total estimated number of reCAPTCHA sessions by a current value average to arrive at this number. I am probably missing some obvious flaws, but there are three I noticed. First, this calculation assumes cookies created thirteen years ago still exist today and have the same value, on average as any other cookie. Second, it assumes all sessions materialize in a unique individually valuable cookie. Lastly, it is unclear that a cookie’s value can be directly tied to Google’s income, as the researchers claim: “Google has potentially profited $888 billion from [reCAPTCHA] cookies”. None of these assumptions makes sense to me.

Antitrust Probe in India Finds Apple Abused Position in Apps Market reuters.com

Aditya Kalra, Reuters:

An investigation by India’s antitrust body has found that Apple exploited its dominant position in the market for app stores on its iOS operating system, engaging “in abusive conduct and practices”, a confidential report seen by Reuters showed.

[…]

“Apple App Store is an unavoidable trading partner for app developers, and resultantly, app developers have no choice but to adhere to Apple’s unfair terms, including the mandatory use of Apple’s proprietary billing and payment system,” the CCI unit said in the June 24 report.

India is a rapidly growing market for Apple and one which Tim Cook identified as important in 2017.

At what point will it be easier for more flexible and open App Store policies to become available worldwide instead of individual countries and regions? That day seems to be approaching fast.

Apple Is Probably Undercounting CSAM in Its Internet Services theguardian.com

Katie McQue, the Guardian:

The UK’s National Society for the Prevention of Cruelty to Children (NSPCC) accuses Apple of vastly undercounting how often child sexual abuse material (CSAM) appears in its products. In a year, child predators used Apple’s iCloud, iMessage and Facetime to store and exchange CSAM in a higher number of cases in England and Wales alone than the company reported across all other countries combined, according to police data obtained by the NSPCC.

Through data gathered via freedom of information requests and shared exclusively with the Guardian, the children’s charity found Apple was implicated in 337 recorded offenses of child abuse images between April 2022 and March 2023 in England and Wales. In 2023, Apple made just 267 reports of suspected CSAM on its platforms worldwide to the National Center for Missing & Exploited Children (NCMEC), which is in stark contrast to its big tech peers, with Google reporting more than 1.47m and Meta reporting more than 30.6m, per NCMEC’s annual report.

The reactions to statistics related to this particularly revolting crime are similar to all crime figures: higher and lower numbers can be interpreted as both positive and negative alike. More reports could mean better detection or more awareness, but it could also mean more instances; it is hard to know. Fewer reports might reflect less activity, a smaller platform size or, indeed, undercounting. In Apple’s case, it is likely the latter. It is neither a small platform nor one which prohibits the kinds of channels through which CSAM is distributed.

NCMEC addresses both these problems and I think its complaints are valid:

U.S.-based ESPs are legally required to report instances of child sexual abuse material (CSAM) to the CyberTipline when they become aware of them. However, there are no legal requirements regarding proactive efforts to detect CSAM or what information an ESP must include in a CyberTipline report. As a result, there are significant disparities in the volume, content and quality of reports that ESPs submit. For example, one company’s reporting numbers may be higher because they apply robust efforts to identify and remove abusive content from their platforms. Also, even companies that are actively reporting may submit many reports that don’t include the information needed for NCMEC to identify a location or for law enforcement to take action and protect the child involved. These reports add to the volume that must be analyzed but don’t help prevent the abuse that may be occurring.

Not only are many reports not useful, they are also part of an overwhelming caseload with which law enforcement struggles to turn into charges. Proposed U.S. legislation is designed to improve the state of CSAM reporting. Unfortunately, the wrong bill is moving forward.

The next paragraph in the Guardian story:

All US-based tech companies are obligated to report all cases of CSAM they detect on their platforms to NCMEC. The Virginia-headquartered organization acts as a clearinghouse for reports of child abuse from around the world, viewing them and sending them to the relevant law enforcement agencies. iMessage is an encrypted messaging service, meaning Apple is unable to see the contents of users’ messages, but so is Meta’s WhatsApp, which made roughly 1.4m reports of suspected CSAM to NCMEC in 2023.

I wish there was more information here about this vast discrepancy — a million reports from just one of Meta’s businesses compared to just 267 reports from Apple to NCMEC for all of its online services. The most probable explanation, I think, can be found in a 2021 ProPublica investigation by Peter Elkind, Jack Gillum, and Craig Silverman, about which I previously commented. The reporters here revealed WhatsApp moderators’ heavy workloads, writing:

Their jobs differ in other ways. Because WhatsApp’s content is encrypted, artificial intelligence systems can’t automatically scan all chats, images and videos, as they do on Facebook and Instagram. Instead, WhatsApp reviewers gain access to private content when users hit the “report” button on the app, identifying a message as allegedly violating the platform’s terms of service. This forwards five messages — the allegedly offending one along with the four previous ones in the exchange, including any images or videos — to WhatsApp in unscrambled form, according to former WhatsApp engineers and moderators. Automated systems then feed these tickets into “reactive” queues for contract workers to assess.

WhatsApp allows users to report any message at any time. Apple’s Messages app, on the other hand, only lets users flag a sender as junk and, even then, only if the sender is not in the user’s contacts and the user has not replied a few times. As soon as there is a conversation, there is no longer any reporting mechanism within the app as far as I can tell.

The same is true of shared iCloud Photo albums. It should be easy and obvious how to report illicit materials to Apple. But I cannot find an obvious mechanism for doing so — not in an iCloud-shared photo album, and not in an obvious place on Apple’s website, either. As noted in Section G of the iCloud terms of use, reports must be sent via email to abuse@icloud.com. iCloud albums use long, unguessable URLs, so the likelihood of unintentionally stumbling across CSAM or other criminal materials is low. Nevertheless, it seems to me that notifying Apple of abuse of its services should be much clearer.

Back to the Guardian article:

Apple’s June announcement that it will launch an artificial intelligence system, Apple Intelligence, has been met with alarm by child safety experts.

“The race to roll out Apple AI is worrying when AI-generated child abuse material is putting children at risk and impacting the ability of police to safeguard young victims, especially as Apple pushed back embedding technology to protect children,” said [the NSPCC’s Richard] Collard. Apple says the AI system, which was created in partnership with OpenAI, will customize user experiences, automate tasks and increase privacy for users.

The Guardian ties Apple’s forthcoming service to models able to generate CSAM, which it then connects to models being trained on CSAM. But we do not know what Apple Intelligence is capable of doing because it has not yet been released, nor do we know what it has been trained on. This is not me giving Apple the benefit of the doubt. I think we should know more about how these systems are trained.

We also currently do not know what limitations Apple will set for prompts. It is unclear to me what Collard is referring to in saying that the company “pushed back embedding technology to protect children”.

One more little thing: Apple does not say Apple Intelligence was created in partnership with OpenAI, which is basically a plugin. It also does not say Apple Intelligence will increase privacy for users, only that it is more private than competing services.

I am, for the record, not particularly convinced by any of Apple’s statements or claims. Everything is firmly in we will see territory right now.

Meta’s A.I. Models and ‘Open Source’ about.fb.com

Mark Zuckerberg:

Today we’re taking the next steps towards open source AI becoming the industry standard. We’re releasing Llama 3.1 405B, the first frontier-level open source AI model, as well as new and improved Llama 3.1 70B and 8B models. In addition to having significantly better cost/performance relative to closed models, the fact that the 405B model is open will make it the best choice for fine-tuning and distilling smaller models.

[…]

Meta is committed to open source AI. I’ll outline why I believe open source is the best development stack for you, why open sourcing Llama is good for Meta, and why open source AI is good for the world and therefore a platform that will be around for the long term.

Benj Edwards, Ars Technica:

So, about that “open source” term. As we first wrote in an update to our Llama 2 launch article a year ago, “open source” has a very particular meaning that has traditionally been defined by the Open Source Initiative. The AI industry has not yet settled on terminology for AI model releases that ship either code or weights with restrictions (such as Llama 3.1) or that ship without providing training data. We’ve been calling these releases “open weights” instead.

I think I have seen this movie before, or at least a version of it.

On ‘Mogul Style’ theguardian.com

Derek Guy, for the Guardian:

The ruling class today is hardly inspiring in terms of taste. The preponderance of tech vests, which have replaced navy blazers, demonstrates that socio-economic class still drives dress practices, albeit with less appealing forms. The irony is that, while elites dress increasingly like the middle class preparing for a Whole Foods run, wealth inequality in the United States has mostly worsened every decade since the 1980s, the last era when men were still expected to wear tailored jackets.

Imagine being able to get all your clothes — heck, basically everything — made just for you, and choosing this costume.

CrowdStrike Fallout crowdstrike.com

CrowdStrike:

On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.

Pradeep Viswanathan, Neowin:

It turns out that similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company’s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

Rajesh Kumar Singh and David Shepardson, Reuters:

Delta Air Lines CEO Ed Bastian on Monday said it will take the U.S. carrier another couple of days before its operations recover from a global cyber outage that snarled flights around the world.

The Atlanta-based carrier has been hit hard by the outage. It has canceled over 4,000 flights since Friday, stranding thousands of customers across the country. By contrast, disruptions at other major U.S. carriers had largely subsided.

If one has a general worldview for technology today, they can find it in some analysis of this CrowdStrike failure. This saga has everything. For those who think this reinforces the safety of restrictive software policies, that is one possible explanation. Or for one who may be a permanent asshole and thinks diversity initiatives and “woke” programmers are to blame, they are both insufferable and wrong. For those who think marketplace concentration has a role to play — I am one — there is someone who agrees. And for those who want to blame the E.U., the Wall Street Journal has that angle covered.

One comment I found particularly insulting, however, was a line in Microsoft’s response: “We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines”. I get why Microsoft would want to reframe this issue; the words “Microsoft outage” are in headlines instead of “CrowdStrike bug”.1 But this does not minimize the impact of this bug — which Microsoft’s statement acknowledges in the very next sentence — and it does not disprove claims about concentrated market share. It is used by nearly 60% of Fortune 500 companies including, it says, 80% of the top automotive, financial, food and beverage, and technology companies. It may not have an influential position compared to the Windows install base at large, but who cares? That is not an appropriate metric for this specific software.

Blaming Microsoft’s agreement with the E.U. also seems unnecessarily reductive, though it had a role to play. If Microsoft could have restricted kernel access in the way Apple does, it is much less likely this precise catastrophic failure by a third-party company would have occurred. But it is beside the point. It seems it could have done so at any time if it did not unfairly give its own security products elevated access. Left unexplored is why it has not done so. Also, CrowdStrike was singing the praises of Apple’s approach when kernel extensions were deprecated in MacOS. CrowdStrike loved the idea of “[r]educing the need for privileged access” which “is always a more secure approach”. Why did it fail to do so on Windows? Even without the same kind of mandate as MacOS, it seems there has been ample opportunity all around to increase protections.

Though I was oversimplifying when I wrote “just a handful of vendors are entrusted with the digital infrastructure on which our society runs” — it is more than a handful, but it is a relative handful in most any category — I maintain at least part of my original argument as written:

Even if there are serious financial and reputational consequences for these failures, the world is still no closer to being freed of its dependence on Windows or Ticketmaster or Snowflake or CrowdStrike. These seem to be incredibly fragile systems on which society rests with little accountability for their makers.

CrowdStrike’s stock is down 23%, which is far more than AT&T suffered. But I am not comfortable with investors’ bad vibes as an accountability mechanism. There needs to be legal structures so that our world’s vast interconnected technological infrastructure has resilience as a rule.

  1. In that particular article, CrowdStrike is not mentioned until the final paragraph. ↥︎

You Will Not Believe This, but Tesla’s Nearly Fictional Optimus Robot Is Not Ready Yet gizmodo.com

Matt Novak, Gizmodo:

“Tesla will have genuinely useful humanoid robots in low production for Tesla internal use next year and, hopefully, high production for other companies in 2026,” Musk tweeted on Monday morning.

As Electrek points out, that’s a delay from what was previously promised by Musk. The Tesla CEO had said back in April that he’d have Optimus robots working in Tesla factories by the end of 2024 with deliveries to other companies by 2025. That’s clearly not happening anymore, based on more recent comments.

I am sure there are people somewhere who still believe this is a good-faith “serious endeavour” which is just facing a few hurdles and will soon be able to get groceries autonomously. But this thing was tentatively on track to be produced last year. I am sure this is just a minor delay, much like the fully autonomous vehicles which owners will be able to rent out to others as taxis, which is also assuredly mere weeks away.

Broken File in CrowdStrike Update Causes Worldwide Systems Outages theverge.com

Emma Roth, the Verge:

On Friday morning, some of the biggest airlines, TV broadcasters, banks, and other essential services came to a standstill as a massive outage rippled across the globe. The outage, which has brought the Blue Screen of Death upon legions of Windows machines across the globe, is linked to just one software company: CrowdStrike.

[…]

“Our software is extremely interconnected and interdependent,” Lukasz Olejnik, an independent cybersecurity researcher, consultant, and author of the book Philosophy of Cybersecurity, tells *The Verge. “But in general, there are plenty of single points of failure, especially when software monoculture exists at an organization.”

Robert McMillan, Wall Street Journal:

Founded in 2011, CrowdStrike is widely used by Corporate America, supplying software that protects against cyberattacks to tens of thousands of customers, including 300 companies in the Fortune 500. The scale of the outage was compounded by the fact that cybersecurity software like CrowdStrike’s has access to the most fundamental elements of the operating system to ward off cyberattacks, security experts say.

This sounds like a terrible day for anyone affected. There are I.T. staff who were woken up in the middle of the night to see if there was anything they could do; while a workaround was posted within an hour and a half of CrowdStrike issuing this update, it requires tedious manual work on each impacted system. You can find countless stories online of hospitals, airports, government systems, broadcasters, and more severely interrupted by this one bad software update. A whole lot of people had a really terrible day today.

We keep seeing the ripple effects when just a handful of vendors are entrusted with the digital infrastructure on which our society runs. Bought tickets to a mainstream event in North America? It was probably facilitated by Ticketmaster, so your credit card was leaked. It and over a hundred other companies depended on Snowflake for data storage, which was breached. Do you live in the U.S. and own a phone? AT&T, T-Mobile, and Verizon have all suffered data breaches. Two years ago, Canadian ISP and cellular carrier Rogers was down for an entire day, “disrupting government services and payment systems”. Microsoft is busy convincing people it is taking security seriously after a series of embarrassing failures.

Even if there are serious financial and reputational consequences for these failures, the world is still no closer to being freed of its dependence on Windows or Ticketmaster or Snowflake or CrowdStrike. These seem to be incredibly fragile systems on which society rests with little accountability for their makers.

Update: Changed the word “driver” in my headline to “file” to reflect CrowdStrike’s technical analysis.

YouTube Subtitles Included in Large Data Set Used to Train Notable A.I. Models proofnews.org

Annie Gilbertson and Alex Reisner, Proof:

AI companies are generally secretive about their sources of training data, but an investigation by Proof News found some of the wealthiest AI companies in the world have used material from thousands of YouTube videos to train AI. Companies did so despite YouTube’s rules against harvesting materials from the platform without permission.

Our investigation found that subtitles from 173,536 YouTube videos, siphoned from more than 48,000 channels, were used by Silicon Valley heavyweights, including Anthropic, Nvidia, Apple, and Salesforce.

According to Gilbertson and Reisner, this is a data set called — appropriately enough — “YouTube Subtitles”, which is part of a larger set called the “Pile”, which is distributed by EleutherAI. The “Pile” was used by Apple to train OpenELM.

Chance Miller, 9to5Mac:

Apple has now confirmed to 9to5Mac, however, that OpenELM doesn’t power any of its AI or machine learning features – including Apple Intelligence.

Lance Ulanoff, TechRadar:

While not speaking directly to the issue of YouTube data, Apple reiterated its commitment to the rights of creators and publishers and added that it does offer websites the ability to opt out of their data being used to train Apple Intelligence, which Apple unveiled during WWDC 2024 and is expected to arrive in iOS 18.

The company also confirmed that it trains its models, including those for its upcoming Apple Intelligence, using high-quality data that includes licensed data from publishers, stock images, and some publicly available data from the web. YouTube’s transcription data is not intended to be a public resource but it’s not clear if it’s fully hidden from view.

Even if you set aside the timing of allowing people to opt out, it scarcely matters in this case. If YouTube captions were part of the data set used to train any part of Apple Intelligence, it would be impossible for channel operators to opt out because they cannot set individualized robots.txt instructions.

Five New York Times reporters wrote in April about the tension OpenAI created after it began transcribing YouTube videos:

Some Google employees were aware that OpenAI had harvested YouTube videos for data, two people with knowledge of the companies said. But they didn’t stop OpenAI because Google had also used transcripts of YouTube videos to train its A.I. models, the people said. That practice may have violated the copyrights of YouTube creators. So if Google made a fuss about OpenAI, there might be a public outcry against its own methods, the people said.

I could not find any mechanism to opt one’s own YouTube videos out of A.I. training. This is one of the problems of YouTube being a singular destination for general-purpose online video: it has all the power and, by extension, so does Google.

By the way, I am still waiting for someone in Cupertino to check the Applebot inbox.

J.D. Vance Left His Venmo Public wired.com

Dhruv Mehrotra, Tim Marchman, and Andrew Couts, Wired:

US senator J.D. Vance, an Ohio Republican and former US president Donald Trump’s pick for vice president, has a public Venmo account that gives an unfiltered glimpse into his extensive network of connections with establishment GOP heavyweights, wealthy financiers, technology executives, the prestige press, and fellow graduates of Yale Law School—precisely the elites he rails against. A WIRED analysis of the account, the people listed as Vance’s friends, and, in turn, the people listed as their friends highlights sometimes bizarre and surprising connections. Experts, meanwhile, worry that the information revealed by the peer-to-peer payment app raises the potential for stalking, trolling, and impersonation.

In May 2021, reporters for Buzzfeed News easily found Joe Biden’s Venmo account.

It remains completely baffling to me for a payment app, of all things, to have an option for publicly exposing transactions like it is a social network. Shortly after Biden’s account was found, Venmo removed a feature which showed public transactions from complete strangers — this is among the most ridiculous series of words I have ever typed. Despite Venmo’s explanations, I will likely never understand why it is like this.

Fully Apple Pilled

To promote the launch of a new Beats Pill model, Apple’s Oliver Schusser was interviewed by Craig McLean of Wallpaper — where by “interviewed” I mostly mean “guided through talking points”. There is not much here unless you appreciate people discussing brands in the abstract.

However, McLean wanted to follow up on a question asked of Schusser in a 2019 issue of Music Week (PDF): “where do you want to see, or want Apple Music to be, in five years?” Schusser replied:

We want to be the best in what we do. And that means, obviously, we’ll continue to invest in the product and make sure we’re innovative and provide our customers with the best experience. We want to invest in our editorial and content, in our relationships with the industry, whether that’s the songwriters, music publishers, the labels, artists or anyone in the creative process. But that’s really what we’re trying to do. We just want to be the best at what we do.

With McLean given the opportunity for a response at the end of that timeframe, where does Apple Music now find itself? Schusser answered:

We are very clearly positioned as the quality service. We don’t have a free offer [unlike Spotify’s advertising-supported tier]. We don’t give anything away. Everything is made by music fans and curated by experts. We are focused on music while other people are running away from music into podcasts and audiobooks. Our service is clearly dedicated to music.

With spatial audio, we’ve completely revolutionised the listening experience. [Historically] we went from mono to stereo and then, for decades, there was nothing else. Then we completely invented a new standard [where] now 90 per cent of our subscribers are listening to music in spatial audio. Which is great.

And little things, like the lyrics, for example, [which] you find on Apple Music, which are incredibly popular. We have a team of people that are actually transcribing the lyrics because we don’t want them to be crowd-sourced from the internet. We want to make sure they’re as pristine as possible. We’ve got motion artwork and song credits. We really try to make Apple Music a high quality place for music fans.

And while most others in the marketplace have sort of stopped innovating, we’ve been really pushing hard, whether it’s Apple Music Sing, which is a great singalong feature, like karaoke. Or Classical, which is an audience that had completely been neglected. We’re trying to make Apple Music the best place for people to listen to music. I’m super happy with that.

This is quite the answer, and one worth tediously picking apart claim-by-claim.

We are very clearly positioned as the quality service. We don’t have a free offer [unlike Spotify’s advertising-supported tier]. We don’t give anything away.

I am not sure how one would measure whether Apple Music is “positioned as the quality service”, but this is a fair point. Apple Music offers free streaming “Radio” stations, but it is substantially not a free service.

Everything is made by music fans and curated by experts.

This is a common line from Apple and a description which has carried on from the launch of Beats Music. But it seems only partially true. There are, for example, things which must be entirely made by algorithm, like user-personalized playlists and radio stations. Schusser provided more detail to McLean five years ago in that Music Week interview, saying “[o]f course there are algorithms involved [but] the algorithms only pick music that [our] editors and curators would choose”. I do not know what that means, but it is at least an acknowledgement of an automated system instead of the handmade impression Apple gives in the Wallpaper interview.

Other parts of Apple Music suspiciously seem informed by factors beyond what an expert curator might decide. Spellling’s 2021 record “The Turning Wheel”, a masterpiece of orchestral art pop, notably received a perfect score from music reviewer Anthony Fantano. Fantano also gave high scores to artists like Black Midi, JPEGMAFIA, and Lingua Ignota, none of whom make music anything like Spellling. Yet all are listed as “similar artists” to Spellling on Apple Music. If you like Spellling’s work, you may be surprised by those other artists because they sound wildly different. This speaks less of curation than it does automation by audience.

For the parts which are actually curated manually, do I know the people who are making these decisions? What is their taste like? What are their standards? Are they just following Apple’s suggestions? Why is the “Rock Drive” playlist the same as any mediocre FM rock radio station?

We are focused on music while other people are running away from music into podcasts and audiobooks. Our service is clearly dedicated to music.

Music has undeniably shaped Apple from its earliest days and, especially, following the launch of the iPod. Its executives are fond of repeating the line “we love music” in press releases and presentations since 2001. But Apple’s dedication to separating music from other media is a five year old decision. It was previously wholly dedicated to music while shipping an app that also played audiobooks and podcasts and movies and all manner of other things. Plus, have you seen the state of the Music app on MacOS?

This is clearly just a dig at Spotify. It would carry more weight if Apple Music felt particularly good for music playback. It does not. I have filed dozens of bugs against the MacOS, iOS, and tvOS versions reflecting basic functionality: blank screens, poor search results, playback queue ordering issues, inconsistencies in playlist sort order between devices, problems with importing files, sync issues, cloud problems, and so forth. It is not uniformly terrible, but this is not a solid foundation for criticizing Spotify for not focusing on music enough.

Spotify sucks in other ways.

With spatial audio, we’ve completely revolutionised the listening experience. [Historically] we went from mono to stereo and then, for decades, there was nothing else.

This is untrue. People have been experimenting with multichannel audio in music since the 1960s. “Dark Side of the Moon” was released in quadrophonic audio in 1973, one of many albums released that decade in a four-channel mix. In the 1990s, a bunch of albums were released on SACDs mixed in 5.1 surround sound.

What Apple can correctly argue is that few people actually listened to any multichannel music in these formats. They were niche. Now?

Then we completely invented a new standard [where] now 90 per cent of our subscribers are listening to music in spatial audio. Which is great.

A fair point, though with a couple of caveats. Part of the high adoption rate is because Spatial Audio is turned on by default, and Apple is paying a premium to incentivize artists to release multichannel mixes. It is therefore not too surprising that most people have listened to at least one Spatial Audio track.

But this is the first time I can remember Apple claiming it “invented” the format. Spatial Audio was originally framed as supporting music mixed in Dolby Atmos. In its truest guise — played through a set of AirPods or Beats headphones, which can track the movement of the wearer’s head — it forms a three-dimensional bubble of music, something which Apple did create. That is, Apple invented the part which makes Atmos-mixed audio playable on its systems within a more immersive apparent space. But Apple did not invent the “new standard” taking music beyond two channels — that was done long before, and then by Dolby.

Also, it is still bizarre to me how many of the most popular multichannel mixes of popular albums are not available in Spatial Audio on Apple Music. These are records the artists deliberately intended for a surround sound mix at the time they were released, yet they cannot be played in what must be the most successful multichannel music venue ever made? Meanwhile, a whole bunch of classic songs and albums have been remixed in Spatial Audio for no good reason.

And little things, like the lyrics, for example, [which] you find on Apple Music, which are incredibly popular. We have a team of people that are actually transcribing the lyrics because we don’t want them to be crowd-sourced from the internet. We want to make sure they’re as pristine as possible.

I really like the way Apple Music displays time-tracked lyrics. That said, I only occasionally see inaccuracies in lyrics on Genius and in Apple Music, so I am not sure how much more “pristine” Apple’s are.

Also, I question the implication of a team of people manually transcribing lyrics. I have nothing to support this, but I would wager heavily this is primarily machine-derived followed by manual cleanup.

We’ve got motion artwork and song credits.

Song credits are good. Motion artwork is a doodad.

We really try to make Apple Music a high quality place for music fans.

I want to believe this is true, but I have a hard time accepting today’s Apple Music is the high quality experience worth raving about. Maybe some music fans are clamouring for animated artwork and bastardized Spatial Audio mixes of classic albums. I am not one of them. What I want is foundation of a reliable and fast jukebox functionality extended to my local library and streaming media, and then all this exciting stuff built on top.

And while most others in the marketplace have sort of stopped innovating, we’ve been really pushing hard, whether it’s Apple Music Sing, which is a great singalong feature, like karaoke. Or Classical, which is an audience that had completely been neglected.

These are good updates. Apple has not said much about Apple Music Sing or its popularity since it launched in December 2022, but it seems fine enough. Also, Spotify began trialling its own karaoke mode in June 2022, so maybe it should be credited with this innovation.

Apple Music Classical, meanwhile, remains a good but occasionally frustrating app. Schusser is right in saying this has been a neglected audience among mainstream streaming services. Apple’s effort is built upon Primephonic, which it acquired in August 2021 before launching it re-skinned as Classical in March 2023. That said, it is better now than it was at launch and it seems Apple is slowly refining it. It is important to me for there to be mainstream attention in this area.

We’re trying to make Apple Music the best place for people to listen to music. I’m super happy with that.

The thing I keep thinking about the four paragraph response above is that Schusser says a lot of the right things. Music is so important to so many people, and I would like to believe Apple cares as much about making the best music service and players as I do about listening to each week’s new releases.

I just wish everything was better than it currently is. There are many bugs I filed years ago which remain open, though I am happy to say the version in the latest Sequoia beta appears to contain a fix for reversing the order of songs when dragging them to the playback queue. If Apple really wants to position Apple Music as “the quality service” that is “the best at what we do”, it should demonstrate that instead of just saying it.

EchoFeed Automatically Publishes Feeds to Open Social Protocols echofeed.app

For about seven years, I have been automatically broadcasting new posts to Mastodon using a Zapier workflow. That was followed earlier this year by a Bluesky auto-posting setup powered by Linus Rath’s excellent WordPress to Bluesky plugin.

I can still recommend the latter; the former, though, gave me grief from day one. Zapier automatically posts gross short addresses instead of nicer permalinks, and I could not figure out a way to change this. (It is probably very easy. Please do not make fun of me.) Also, posts containing an ampersand in the title — of which there have recently been a few — have not been parsed correctly.

Happily, enemy of Perplexity Robb Knight launched EchoFeed in April:

It supports reading RSS and Atom and JSON feeds and then posting those items to Mastodon and Micro.blog and Bluesky and GitHub and Discord and LinkAce. Or it can send them as Webmentions and Webhooks.

After the AT&T debacle, I figured I would set up EchoFeed and consolidate everything into one account. It could not have been easier, and my feeds have been working great. Free for one feed to one service, and just $25 U.S. per year to remove limitations.

The Return of Piracy netwars.pelicancrossing.net

Anthony Ha, TechCrunch:

Some of those changes [in streaming] would be welcome, but they reinforce the sense that streaming — at least as envisioned by the executives currently running the business — won’t be all that different from the old cable TV ecosystem. Some things will be better (on-demand viewing), some will be worse (compensation for writers, actors, and other talent), and there might be different players at the top. But in many ways, it will feel like the same old TV.

Wendy M. Grossman:

This is the moment when lessons from the past of music, TV, and video piracy could be useful. Critics always said that the only workable answer to piracy is legal, affordable services, and they were right, as shown by Pandora, Spotify, Netflix, which launched its paid streaming service in 2007, and so many others.

It’s been obvious for at least two years that things are now going backwards. […]

If subscription streaming executives are determined to relive the past so, too, will those competent at searching the web for bootleg copies.

Manager Magazine Suggests Collaboration Between Apple and Porsche Beyond CarPlay theautopian.com

Stephen Rivers, the Autopian:

A recent story from Manager Magazine implies that Apple and Porsche are working on a car that’ll end up being a much greater integration than we’ve seen before. It highlights how the two brands have worked closely in the past, how Apple execs love to drive Porsches, and how they might work together in the future:

Preparations are now underway for an Apple-Porsche. Since Cook abandoned plans for his own Apple Car at the end of February, there have been completely new options for collaboration. A lot is now possible for Porsche; some developments and projects from the world of the Apple Car could now become available. It’s not just about software, they say in Stuttgart; Apple has also pursued exciting approaches to battery systems, for example.

That’s been translated by Google, but it gets the idea across. […]

Apple showed the new version of CarPlay first in mockups with Aston Martin and Porsche branding, and I am tempted to write this article off as a mere misinterpretation of that existing relationship. But if Manager’s sources are right, this could be a somewhat deeper connection. I would not go so far as Rivers’ article claims — that this is some kind of spiritual successor to Apple’s axed car project — yet if any company knows a thing or two about selling $120,000 cars, it is Porsche.

Prime Day Continues to Be Dangerous for Amazon’s Workforce theregister.com

Matthew Connatser, the Register:

Authored by Senator Bernie Sanders (I-VT) for the Health, Education, Labor, and Pensions (HELP) Committee, the investigative report [PDF] claimed Amazon’s annual Prime Day sale is “a major cause of injuries for the warehouse workers who make it possible.”

[…]

The study said the data showed that Amazon’s overall injury rate was above 30 percent for nearly every single week of 2019. Even during the COVID-19 pandemic, when this data was compiled, Amazon’s injury rate hovered between 15 and 25 percent, it added.

On Prime Day 2019 and in the first two weeks of December, injury rates climbed to over forty percent. But that was five years ago, and it is strange to me the HELP Committee report is not built around more recent data.

In May, the Strategic Organizing Center published its own report including data from 2023:

Three years after Amazon pledged to make the company “Earth’s Safest Place to Work” by cutting its total injury rate in half by 2025, a new analysis from the Strategic Organizing Center (SOC) shows the retail giant has reduced its overall injury rate by less than two percent. Drawing on newly released data, SOC also finds that injury levels at Amazon warehouses increased by as much as 59 percent during the company’s 2023 peak operational periods, including Prime Day and Cyber Monday.

Like the government report, the SOC says the injury rate at Amazon warehouses is double that of the industry average. It also says the injury rate in 2020 did not contain the Prime Day peak in the summer — as you can also see in the HELP report — because Amazon moved Prime Day to October.

Taboola to Sell Ads for Apple in News and Stocks axios.com

Sara Fischer, Axios:

Ad tech giant Taboola has struck a deal with Apple to power native advertising within the Apple News and Apple Stocks apps, Taboola founder and CEO Adam Singolda told Axios.

[…]

Most people know Taboola as the company responsible for placing chumbox ads at the bottom of many news stories online.

Om Malik:

Apple’s decision to strike a deal with Taboola is shocking and off-brand — so much so that I have started to question the company’s long-term commitment to good customer experience, including its commitment to privacy. As it chases more and more revenue to appease Wall Street, it’s clear Apple will become one of those companies that prioritize shareholders over paying customers and their experience.

Fischer reports the ads which appear in News and Stocks will have a level of scrutiny similar to those in the Taboola Select program. Still, Malik is right — this feels wrong for Apple and wrong for users.

Then again, services revenue seems to have compelled Apple to do lots of things which previously felt wrong. It has a credit card with interest rates currently between 19.24% and 29.49%. It aggressively advertises its services in its operating systems to the detriment of users’ experiences.

These moves may not feel like they fit Apple’s brand if your impression of it was formed more than ten years ago. There is no use protesting that they are out of character, however, when priorities like these feel like they represent today’s Apple.

The Richest People in Silicon Valley Are Backing Trump After He Got Shot rollingstone.com

Miles Klee, Rolling Stone:

Whether the stigma attached to MAGA culture is truly softening in deep-blue California, it’s clear that players large and small in its business culture feel emboldened and energized by the attempt on Trump’s life. Musk and his far-right Twitter friends have meanwhile done everything they can to elevate those voices and convince other people reluctant to share their admiration for Trump that the time to start is now. […]

Some of the richest people in the United States — including Marc Andreessen and Ben Horowitz, the Winklevii, and David Sacks — are firmly behind this Republican nightmare ticket, but this should not surprise anyone. Aside from the odious behaviour of these specific individuals over the years aligning with the Trump ethos, wealthy Americans generally backed the Trump/Pence campaign in 2020 and in 2016.

Whether and how this trend fits in California is murkier, as fully one-third of respondents said they had an income of $100,000 or greater; I could not find a state-level breakdown for higher incomes, let alone one at a county level. But it should not be too surprising for financial elites to back this ticket. Some of them did in 2016; more did in 2020. Trump is an increasingly safe choice for the faux contrarians of Silicon Valley.

Update: Steven Levy, Wired:

Andreessen and Horowitz are smart enough to know this, so their objections come off as both paranoid and self-interested. But I think there’s something more happening, an element that’s often cited to explain why some Silicon Valley people have turned to Trump: They resent how the media, some of the “woke” population, and left-leaning politicians don’t appreciate them, and even vilify them. In Trumpland, their wealth and the wisdom supposedly associated with it is respected.

For all anyone talks of prioritizing facts over feelings, a whole lot of people would do well to acknowledge they have emotional stakes in a situation. The tech industry is no longer being treated as an endless factory of greatness by the public and the press. Not all criticisms are valid or warranted, but nobody should believe the “pseudo-populist effort” of the Trump/Vance ticket when the people with financial stakes do not.

AT&T Paid to Delete Stolen Phone Records wired.com

Kim Zetter, Wired:

US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, paid a member of the hacking team more than $300,000 to delete the data and provide a video demonstrating proof of deletion.

[…]

The hacker who received the payment from AT&T alleges that Binns was responsible for the breach and shared samples of the data with him and others after downloading it. He says he believes Binns allegedly stole “several billions” of records from AT&T, though WIRED was unable to confirm this. Reddington [a security researcher] understands that the data that was deleted was the only complete dataset taken by the hackers. Reddington says he does not believe the hackers posted the data publicly, though he’s not sure how many people received excerpts of the data Binns allegedly provided or what they did with it.

Also currently unknown: how big the sample data sets are, what is in them, and whether the full set has actually been deleted.

Apple vs. Emulation reverttosaved.com

The AltStore (italicized note mine):

After 3 months in review — including 30+ days for appeal — UTM SE was approved for PAL 🎉 [The E.U.-only Apple-blessed version of AltStore.]

Apple also called us to say they decided to allow it in the App Store too, what a coincidence!

Our first set of 3rd party apps is now notarized, and will be available for PAL users soon 🙂

Finally. This was the emulator rejected just before WWDC from appearing in the App Store because Apple only wanted to allow emulators for gaming consoles, not retro personal computers.1 Apple also prevented it from being notarized for alternative distribution, which is something it should not be doing unless its executives really like skeptical phone calls from regulators.

One caveat, though: UTM SE is a JIT-less build. Its developers were originally resigned to its permanent rejection but I think their perseverance paid off, even if its performance is below developers’ and users’ expectations.

Riley Testut:

Thanks Apple for once again proving the best way to change the App Store rules is to submit an app to AltStore :)

Craig Grannell:

As a fan of emulation and safeguarding gaming’s history, I find myself increasingly frustrated with Apple in this space. It has – either by intent or incompetence – created the circumstances in which iOS has a confused, messy, inconsistent emulator ecosystem.

The word Grannell uses in the headline of this article — “incoherent” — is apt. At least there is now the tiniest bit of competition in the market for iPhone software distribution.

  1. Someday, someone will submit a vintage smartphone game emulator to the App Store and really test the iPhone-as-a-console theory. ↥︎