Linked List: October 7, 2024

Monday, 7 October 2024

The Talk Show: ‘An Acoustic Nightmare’ ★

Tyler Stalman joins the show to discuss the iPhone 16 lineup’s cameras, and the state of iPhone photography.

Sponsored by:

Squarespace: Make your next move. Use code talkshow for 10% off your first order.
Memberful: Monetize your passion with membership. Start your free trial today.

Judge Bends Google Over the Barrel in Final Epic v. Google Ruling ★

Sean Hollister, writing for The Verge:

Google’s Android app store is an illegal monopoly — and now it will have to change. Today, Judge James Donato issued his final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition for three whole years. Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.

These were Epic’s biggest asks, and they might change the Android app marketplace forever — if they aren’t immediately paused or blocked on appeal. And they’re not all that Epic has won today. Starting November 1st, 2024, and ending November 1st, 2027, Google must also:

Stop requiring Google Play Billing for apps distributed on the Google Play Store (the jury found that Google had illegally tied its payment system to its app store)

Let Android developers tell users about other ways to pay from within the Play Store

Let Android developers link to ways to download their apps outside of the Play Store

Let Android developers set their own prices for apps irrespective of Play Billing

If this ruling holds on appeal, it’s a real loss for Google, not a token loss.

Update: Regarding the bit in the first paragraph above, about rival app stores getting access to all apps in the Play Store unless the developers opt out, I was originally confused how this could possibly work. I should have read the injunction first. It states:

For a period of three years, Google will permit third-party Android app stores to access the Google Play Store’s catalog of apps so that they may offer the Play Store apps to users. For apps available only in the Google Play Store (i.e., that are not independently available through the third-party Android app store), Google will permit users to complete the download of the app through the Google Play Store on the same terms as any other download that is made directly through the Google Play Store. Google may keep all revenues associated with such downloads. Google will provide developers with a mechanism for opting out of inclusion in catalog access for any particular third-party Android app store. Google will have up to eight months from the date of this order to implement the technology necessary to comply with this provision, and the three-year time period will start once the technology is fully functional.

This is far less radical a dictum than Hollister’s description led me to believe. What Judge Donato is demanding is effectively pass-through to the actual Play Store listing for any apps and games that aren’t available in a third-party app store. So if you search in the Brand X app store for “FooApp” but FooApp isn’t available in the Brand X store, Brand X’s store app can let you install and download FooApp from the Play Store. But that counts as a regular Play Store installation. It’s just a way to encourage users of third-party stores to search those stores first, even though the vast majority of apps will likely remain exclusively in the Play Store.

Chinese Government Hackers Compromise ‘Back Door for the Good Guys’ in U.S. Communication Networks ★

Sarah Krouse, Dustin Volz, Aruna Viswanatha, and Robert McMillan, reporting for The Wall Street Journal:

For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said. [...]

The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.

This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.

We should rightfully blame China first for this attack — and the U.S. government ought to start treating such attacks by China as part of the second Cold War that they are, and retaliate in big ways — but secondary blame must go to Congress for passing the Communications Assistance for Law Enforcement Act (CALEA) in 1994, and to the FCC for broadening its interpretation a decade later. Verizon, AT&T, and the other companies whose networks were breached were — and remain — required by law to provide the back doors that the Chinese hackers exploited.

John Naughton on Dave Winer ★

John Naughton, writing for The Guardian:

Once the use of RSS feeds had become common, someone had the idea that audio files could be attached to them, and Dave implemented the idea with a nice geeky touch — attaching a song by the Grateful Dead. Initially the new technology was called audio blogging, but eventually a British journalist came up with the term “podcasting” and it stuck.

So Dave was present at the creation of some cool stuff, but it was blogging that brought him to a wider public. “Some people were born to play country music,” he wrote at one stage. “I was born to blog. At the beginning of blogging I thought everyone would be a blogger. I was wrong. Most people don’t have the impulse to say what they think.” Dave was the exact opposite. He was (and remains) articulate and forthright. His formidable record as a tech innovator meant that he couldn’t be written off as a crank. The fact that he was financially secure meant that he didn’t have to suck up to anyone: he could speak his mind. And he did. So from the moment he launched Scripting News in October 1994 he was a distinctive presence on the web.

One of Winer’s numerous aphorisms that resonates deeply with me: People return to places that send them away.

30 Years of Dave Winer’s Seminal Blog, Scripting News ★

Dave Winer:

Today is the 30th anniversary of this blog. Hola!

I did a roundup of thoughts when this blog turned 25. I stand by what I wrote then, but I’d add this. My blog started because I needed content to test a script I had written that sent emails on my Mac using Eudora, which was an early scriptable app and I had a nice scripting system that worked with it. I looked around for something to send (30 years ago today), and shot out an email to the people whose business cards I had collected at various tech conferences. It was a thrill, so I did it again, and again and three more times, before I realized hey I could use this thing to get my own ideas out there. And thus began this thing that I still do to this day. Look at the two posts I wrote about WordPress in the last few days. There may be hope to find a blogosphere buried somewhere in there. And it may be possible to give them some sweet new writing tools so they can get excited about writing on the web the way we did all those years ago. I actually am kind of optimistic about that. Maybe we can stand up something in the midst of the noise. When we booted up podcasting, approx 20 years ago, we had a slogan — “Users and developers party together.” It worked! That is still the way I want to build stuff, it’s the only way I know how to do it. Blogging started out as a programming adventure and eventually became a form of literature. How about that. I’m up for doing more of that if you all are. But please expect to make contributions, don’t expect it all to come to you for free, because as we know nothing really is free.

Winer is rightfully renowned for his technical achievements — outliners as an application genre, RSS in general, and RSS in the specific context of podcasting in particular — but what’s kept me reading Scripting News for the entirety of Scripting News’s 30-years-and-counting run is his writing. He has such a distinctive writing voice that is impossible to imagine in any medium other than the web. But I think that’s because he helped define what writing not just on the web, but for the web, even meant.

Thanks for it all, Dave.

Croissant 1.0 ★

Aaron Vegh and Ben Rice McCarthy (of Obscura renown) have teamed up to create Croissant, a new app — currently iPhone-only — for cross-posting to Mastodon, Threads, and Bluesky. 15 years ago I wrote “Twitter Clients Are a UI Design Playground” and that piece stands up, but it’s not Twitter/X in particular (certainly not anymore — X support is conspicuously omitted from Croissant’s current lineup up supported platforms), but tweet-like platforms in general. Croissant proves that this domain remains a UI playground. It’s both visually distinctive and intuitively familiar, with a fun and fluid UI. It’s the sort of app that I want to find reasons to use.

Free to download and try with a single account; $3/month, $20/year, or $60 as a one-time purchase for multi-account support, which is where Croissant really shines.