A social app for creatives, Cara grew from 40k to 650k users in a week because artists are fed up with Meta’s AI policies
"On Wednesday, Zhang opened her email to find a horrible shock: her bill for using Vercel, a web hosting company, would cost $96,280 for the last week."
Unfortunately, too few people are really aware of all the very personal data that is passed on. Health data reveals a lot about someone and therefore clearly identified victims, whether for advertising or suppression.
»Female health apps aren’t doing enough to protect sensitive data, study says:
Inconsistencies and contradictory data privacy policies were found in several popular female health apps«
Dovrei iniziare quantomeno a provare a fare certe pixel art che mi servono, se ho intenzione di fare i miei giochini, ma ho realizzato che sto un po’ rimandando… Ci ho pensato un attimo, e mi rendo conto che succede perché semplicemente non ho le condizioni esterne giuste per mettermi a disegnare quella roba: tutti i programmi (per PC) sono scomodi. 😶️
Più o meno su mobile (tablet o smartphone) qualcosa di agibile si trova, e riesco a disegnare senza incazzarmi affatto, anche se, ovviamente, non è il massimo… con il touch screen, tra le dita che coprono la vista, la generale imprecisione dei tocchi, e il fatto che quando sono a casa vorrei usare il potenzialmente più comodo PC per i disegnini pixellosi, non riesco granché ad accontentarmi. Appunto, su PC non ci sono software comodi, perché per qualche motivo l’ennesima devianza dei tempi moderni è che si debba usare il mouse e solo il mouse per disegnare pixel art — e voi sapetecome sto io col mouse (mi accorgo ora di non averlo mai spiegato bene però… pazienza, un giorno scoprirete) — nonostante ai tempi antichi il topo non esisteva nemmeno, eppure con la tastiera si disegnava bene uguale. Vi giuro, non ho trovato un editor completo che sia uno che permetta di disegnare muovendo un cursore e piazzando il colore usando solo la tastiera, e questo per me è un problema più grande di quello che suona. 😩️
A dire il vero, ne ho trovato giusto qualcuno sperimentale, progettini iniziati per sfizio e mai finiti, con troppi compromessi e limitazioni che mi impediscono di prendere ed usarli con felicità; ve li elenco per pietà: cmdpxl, pypixelart, KDP, Pixkey e, Peachel. Stavo quasi pensando di usare programmi di fogli di calcolo per disegnare, che di base hanno un buon workflow per la tastiera (e a volte ci ho disegnato sopra…), e permetterebbero di usare le macro per implementare le funzioni di settore mancanti… ma mi sono subito scontrata con la realtà di: niente Excel su Linux (il 2007 va in Wine ma palle), LibreOffice Calc non permette di mappare a tasti il secchiello per colorare le caselle (non è chiaro se sia una funzione mancante oppure un bug), OnlyOffice Spreadsheet ha millemila bug tra cui problemi di ridimensionamento delle celle (non ho voluto nemmeno proseguire oltre quindi lmao), e sia Excel Online che Google Sheets fanno veramente cahare liquido. E allora, pure stavolta, l’ennesimo progetto laterale inizia… 🤬️
https://octospacc.altervista.org/wp-content/uploads/2024/05/image-7-960x481.pngL’ennesimo concretizzarsi del sesto corollario di Murphy (“Non ci si può mettere a far qualcosa senza che qualcos’altro non vada fatto prima”) mi stava facendo avvilire, ma non avevo altra scelta ormai, quindi ho iniziato, e ho deciso anche stavolta di creare un programma mio anziché forkarne uno esistente (sarà meno una rogna per me svilupparlo e mantenerlo). E, devo dire, è buono, perché tra ieri e oggi ci ho preso gusto: ho già la parte di base di disegno a posto, e ora posso implementare gli strumenti più utili e originali, ho un sacco di idee per rendere il disegno più veloce e piacevole che col mouse! Ma prima, sto finalizzando il formato “proprietario” dell’app… si, è quel plaintext lì anziché un banale JSON o un oscuro formato binario; ma voi non siete pronti, avrete altre foto solo tra un po’… 🙃️https://octospacc.altervista.org/2024/05/30/disegnare-senza-rogne/
btw
è davvero accaduto “creerò il mio editor di pixel art con blackjack e squillo di lusso” (implementerò un mini casinò direttamente nell’editor per tutti quei momenti in cui io o gli altri artisti ci rompiamo le palle di lavorare)
PupperPost provides a super-nice experience for #blogging: from idea to a post you own in no time and without fuss, easily customizable, extremely nice UI on all Apple platforms, and especially great on the Mac.
When I'll get around blogging more, which is something I really want to do 🥺, PupperPost will be my home!
❝… Libraries burn. The Internet Archive may seem like a sturdy and eternal repository for our collective object permanence about the internet, but it is very fragile, and could disappear like that.❞
🌎 Welcome to the inaugural members of the Digital Commons Task Force (DCTF).
Researchers, policy and technology experts with a strategic outlook will help consortium partners of the NGI Commons initiative to provide strategic input on several aspects of the NGI Commons work.
@kubikpixel allein wenn ich schon #timemanagement lese, bekomm ich Ausschlag. Oft gehts drum „wie schaffe ich noch mehr in noch weniger zeit“….schön richtung ausbeutung und burnout etc……aber wenn es in powerpoints drin steht, muss es ja gut sein. aktuell bekommt es dann halt noch das buzzword #ki drauf gepackt, verkauft sicher halt besser. mein gott ist die menschheit dumm und leicht beeinflussbar……erschreckend.
@der_manu viele erhoffen sich davon produktiver zu sein, dafür wird über sie an die cheffen die aushorchung verkauft – das von oben nach unten befehlen/regieren/handhaben läst sich so als hightech verkaufen an die opfer 🤷♂️🙄
📱 Handy entrümpeln, Energiesparen und Sicherheit erhöhen!
👉 Daher unnötige (auch) vorinstallierte Apps am besten entfernen, (sofern möglich).
Wer braucht zB schon die 💹 Börsenapp??
Jede App benötigt Speicherplatz. Falls sie im Hintergrund ausgeführt wird, wirkt sie sich auch noch auf die Leistung aus.
Sofern eine App auf Daten oder Systemfunktionen zugreifen darf, ist das zudem ein mögliches Risiko für #Sicherheit und #Privatsphäre.🕵️
@Skoop The business account is the admin. Your personal account is the user that you use to log in on the device has access to product licences. That's how it works for me at least ;-)
@ErHaWeb How many Websites have you linked on your phone/tablet currently as "app"? 🤔
In the meantime, I have more and more doubts as to whether we "have to" use/offer everything that is technically possible? Or whether we should think more about what is actually useful for the user or is actually used by them?
@Xitnelat Interesting objection. I currently have 5 websites on my home screen. Unfortunately, 3 of them don't have an app icon, which would make it easier to recognise them. They are websites that I visit frequently for various reasons. Precisely because we don't know how users use our website, we should incorporate these little things, especially if they hardly involve any significant effort. In the end, perhaps one user will be helped. You can also see it as a step towards accessibility.
Er is een mooie #app waarmee je kan meten hoeveel herrie een #vliegtuig maakt. Dit wordt dan ook doorgegeven. #Explane heet deze app. Nu dreigt de app te moeten stoppen omdat er geen developer meer is 😕. Welke #developer zou dit leuk vinden om te doen?
Zuckerman vs: Zuckerberg: why and how this is a battle of the public understanding of APIs, and why Zuckerman needs to lose and Meta needs to win
Imagine that you’re a cool, high-school, technocultural teenager; you’ve been raised reading Cory Doctorow’s “Little Brother” series, you have a 3D printer, a soldering iron, you hack on Arduino control systems for fun, and you really, really want a big strobe light in your bedroom to go with the music that you blast-out when your parents are away.
So you build a stepper-motor with a wheel and a couple of little arms, link it to a microphone circuit which does a FFT of ambient sound, and hot-glue the whole thing to your bedroom lightswitch so that the wheel’s arms can flick the lightswitch on-and-off in time to the beat.
If you’re lucky the whole thing will work for a minute or two and then the switch will break, because it wasn’t designed to be flicked on-and-off ten times per second; or maybe you’ll blow the lightbulb. If you’re very unlucky the entire switch and wiring will get really hot, arc, and set fire to the building. And if you share, distribute, and encourage your friends to do the same then you’re likely to be held liable in one of several ways if any of them suffer cost or harm.
Who am I?
My name’s Alec. I am a long-term blogger and an information, network and cyber security expert. From 1992-2009 I worked for Sun Microsystems, from 2013-16 I worked for Facebook, and today I am a full-time stay at home dad and part-time consultant. For more information please see my “about” page.
So what is an API? My personal definition is broad but I would describe an API as any mechanism that offers a public or private contract to observe (query, read) or manipulate (set, create, update, delete) the state of a resource (device, file, or data).
In other words: a light switch. You can use it to turn the light on if it’s off, or off if it’s on, and maybe there’s a “dimmer” to set the brightness if the bulb is compatible; but light switches have their physical limitations and expected modes of use, and they need to be chosen or designed to fit the desired usage model and purpose.
The modern equivalent for web-browsers is called Selenium WebDriver and is widely used by both automated software testers and criminal bot-farms, to name but two purposes.
So yes: the tech industry — or perhaps: the tech hacker/user community — has a long history of wiring programmable motors to light switches and hoping that their house does not catch on fire… but we should really aspire to do better than that… and that’s where we come to the history of EBay and Twitter.
History of Public APIs
In the early 2000s there was a proliferation of platforms that offered various services — “I can buy books over the internet? That’s amazing!” — and this was all before the concept of a “Public API” was invented.
People wanted to “add-value” or “auto-submit” or “retrieve data” from those platforms, or even to build “alternative clients”; so they examined the HTML, reverse-engineered the functions of Internal or Private APIs which made the platform work, wrote and shared ad-hoc tools that posted and scraped data, and published their work as hackerly acts of radical empowerment “on behalf of the users” … except for those tools which stole or misused your data.
The eBay API was originally rolled out to only a select number of licensed eBay partners and developers. […] The eBay API was a response to the growing number of applications that were already relying on its site either legitimately or illegitimately. The API aimed to standardize how applications integrated with eBay, and make it easier for partners and developers to build a business around the eBay ecosystem.
On September 20, 2006 Twitter introduced the Twitter API to the world. Much like the release of the eBay API, Twitter’s API release was in response to the growing usage of Twitter by those scraping the site or creating rogue APIs.
an ecosystem of ad-hoc tools that attempt to blindly and retrospectively track EBay’s own platform development would not offer standardisation across the tools that use those APIs, and so would thereby actually limit potential for third-party client development; each tool would be working with different assumed “contracts” of behaviour that were never meant to be fixed or exposed to the public, and would also replicate work
proliferation of man-in-the-middle “services” that would act “on your behalf” — and with your credentials — on the Twitter and EBay platforms, presented both a massive trust and security risk to the user (fraudulent purchases? fake tweets? stolen credentials?) with consequent reputational risk to the platform
But at the most fundamental level: Public APIs exist in order to formalise contracts of adequate means by which third-parties can observe or manipulate “state” (e.g.; user data, postings, friendships, …) on the platform.
By offering a Public API the platform frees itself also to develop and use Private APIs which can service other or new aspects of platform functionality, and it’s in a position to build and “ring-fence” the Public API service in the expectation of both heavy useand abuse being submitted through it.
Similarly: the Private APIs can be engineered more simply to act like domestic light-switches: to be used in limited ways and at human speeds; it turns out that this can be important for matters like privacy and safety.
Third parties benefit from Public APIs by having a guaranteed set of features to work with, proper documentation of API behaviour, and confidence that the API will behave in a way that they can reason about, and an API lifecycle management process with which will enable them to make their own guarantees regarding their work.
The shortest summary of the lawsuit that I have heard from one of its ardent supporters, is that the lawsuit:
[…] seeks immunity from [the Computer Fraud and Abuse Act] and [the Digital Millennium Copyright Act] [for legal] claims [against third parties or users] for automating a browser [to use Private APIs to obtain extra “value” from a website] and [the lawsuit also] does not seek state mandated APIs, or, indeed, any APIs
(private communication)
To make a strawman analogy so that we can defend it’s accuracy:
Let’s build and distribute motors to flick lightswitches on and off to make strobe lights, because what’s the worst that could happen? And we want people to have a fundamental right to do this, because Section 230 says we have such a right. We won’t be requiring any new switches to be installed, we just want to be allowed to use the ones that are already there, so it’s easy and low-cost to ask for, and there’s no risk to us doing this. But we also want legal immunity just in case what we provide happens to burn someone’s house down.
In other words: a return to the ways of the early 2000s, where scraping data and poking undocumented Private APIs was an accepted way to hack extra value into a website platform. To a particular mindset — especially the “big tech is irredeemably evil” folk — this sounds great, because clearly Meta intentionally prevents your having full, automated remote control over your user data on the grounds that it’s terribly valuable to them, and their having it keeps you addicted, so it helps them make money …
And you know what? To a very limited extent I agree with that premise — or at least that some of the Facebook user-interface is unnecessarily painful to use.
E.g. I feel there is little (some, but little) practical excuse for the heavy user friction which Facebook imposes upon editing of the “topics you may be interested in receiving adverts about“; but the way to address this is not to encourage proliferation of browser plugins (of dubious provenance regarding privacy and regulatory compliance, let alone uncertain behaviour) which manipulate undocumented Private APIs.
Apart from any other reason, as alluded above, Private APIs are built in the expectation of being used in a particular way — e.g. by humans, at a particular cadence and frequency — and on advanced platforms like Facebook they are engineered with those expectations enforced by rate limits not only for efficiency but also for availability, security and privacy reasons.
If you start driving these Private APIs at rates which are inhuman — 10s or 100s of actions per second — then you should and will expect them to either be rate-limited, or else possibly break the platform in much the same way that flicking a lightswitch at such a rate would break that lightswitch or bulb.
With this we can describe the error in one of the proponent’s claims: We aren’t requiring any new [APIs] to be installed, we just want to be allowed to use the ones that are already there — but if the Private API is neither intended nor capable of being driven at automated speeds then either something (the platform?) will break, or else there will be loud demands that the Private APIs be re-engineered to remove “bottlenecks” (rate limits) to the detriment of availability and security.
But if you will be calling for the formalisation of Private APIs to provide functionality, why are you not instead calling for an obligation upon the platform to provide a Public API?
Private APIs are not Public APIs, and Public APIs may demand registration
The general theme of the lawsuit is to demand that any API which a platform implements — even undocumented Private ones — should be legally treated as a Public API, open for use by third party implementors, without reciprocal obligation that the third-party client obtain an “API Key” to identify itself, nor to abide by particular behaviour or rate-limits.
In short: all APIs, both Public and Private, should become “fair game” to third party implementors, and the Platforms should have no business to distinguish between one third-party or another, even in the instance that one or more of them are malicious.
This is a dangerous proposal. Platforms innovate new functionality and change their Private API behaviour at a relatively rapid speed, and there is currently nothing to prevent that; but if a true “right to use” for a Private API becomes somehow enshrined, what happens next?
Obviously: any behaviour which interferes with a public right-to-use is illegal, so it will therefore become illegal to change or remove Private APIs — or at very least any attempt to do so will lead to claims of “anticompetitive behaviour” and yet more punitive lawsuits. The free-speech rights of the platform will be abridged by compulsion to never change APIs, or to support legacy-publicly-used-yet-undocumented APIs forever more.
I don’t want to keep flogging this horse, so I am just going to try and summarise in a few bullets:
Private APIs exist to provide functionality to directly support a platform; they are implemented in ways which reflect their expected (usually: human) modes of use, they are not publicly documented, they can come and go, and this is normal and okay
Public APIs exist to provide functionality to support third-party value-add to a platform; they are documented and offer some form of public “contract” or guarantee of behaviour, capability, and reliability. They are often designed in expectation of automated or bulk usage.
Private APIs do not offer such a public contract; they are not meant to be built upon other than by the platform itself. They are meant to be able to “go away” without fuss, but if their use is a guaranteed “right” then how can they ever be deprecated?
If third parties want to start using Private APIs as if they were Public APIs then the Private APIs will probably need to be re-engineered to support the weight of automated or bulk usage; but if they are going to be re-engineered anyway, why not push for them to become Public APIs?
If some (in-browser) third party tools claim to be acting “for the public good” then presumably they will have no problem in identifying themselves in order to differentiate themselves from (in-browser) evil cookie-stealing malware and worms; but to differentiate themselves would require use of an API Key and a Public API — so why are the third-party tool authors not calling to have the necessary Public APIs?
Just because an academic says “I wrote a script and I think it will work and that I [or one of your users] should be allowed to run it against your service without fear of reprisal even though [we] don’t understand how the back end system will scale with it”— does not mean that they should be permitted to do so willy-nilly, not against Facebook nor against your local community Mastodon instance.
@alecm I'm right in my reading that the suit doesn't require FB to maintain the APIs, or not rate limit them, it just immunizes Zuckerman from civil liability?
That seems pretty different to what you're implying about it becoming illegal to remove Private APIs? Where are you getting that from?
#App developers, is there an easy way to securely share sensitive data (eg. login credentials) locally between two #apps on the same device? And if not, what about non-sensitive data (like how the #SimpleApps or whatever they're called now share themes)? 🔏
Basically it's a family of apps with a common login and we're trying to avoid the user having to log in separately on each one. We're using #Capacitor, if that matters ⚙️
What key would I use for encryption? (Will it have to be provided by the app builds, since I'm guessing every sister app would need to share the same decryption key?)
What's the way to share the database file between apps, given that Android isolates apps so much? (Is it using the Files permission and then literally opening the file like a normal desktop program...or is there some other magic I'm not aware of?)
The rate of remote work in the EU rose from 11.1% in 2019 to 20% in 2022.
The use of digital tools and the possibility to work remotely can carry the risk of an ‘always-on' culture. We want to ensure workers’ rights and well-being are prioritised in this #digital age.
That’s why this week we launched the first-stage consultation of European social partners on fair telework and the right to disconnect.
