There’s a terrible attack happening against Github right now where attackers are forking legitimate repositories and injecting malware – and then hoping unsuspecting users will download code from the attacker’s repo instead of the original. A researcher estimates this is happening to about 100,000 repos on Github.
The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that’s wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.
His article continues in great detail about how the attack works and the dangers involved. He also notes how Github is fighting back against this and removing malware repos … but the scale of the attack makes this hard.
A key point to me is that you should only download and execute code from repositories you trust.
This is kind of a 🤦♂️ statement, but it’s so easy to just search for code, find a repo, and use the code.
We all need to take the extra moment and figure out: is this repo a fork of another repo? And if so… why?There are perfectly legitimate reasons to fork a repo. Perhaps someone wants to improve the code or offer a new feature in a way the original developer didn’t want to.
But, as this attack shows, there are also malicious reasons for forking a repo.
We need to be sure we trust the source – which may mean doing the detective work to trace back and see if this is the original repo.
I wish the folks at Github all the best in combatting this attack. The ability to easily fork repos is such a key part of Github and the collaborative development of code. It’s unfortunate that it is being abused in this way. 🙁
Where did IPv6 grow in 2023? Where did it not? What countries led on IPv6 deployment?
Recently a colleague of mine at the Internet Society, Robbie Mitchell, laid all this out in a long post titled “Governments and Industry Driving IPv6 in 2023”. With data and many charts he walks through where IPv6 deployment is improving and where more work is needed.
I found it fascinating to see how much the Asia-Pacific region is growing, while here where I live in the USA the growth was minuscule (1.7%). Particularly since historically the ISPs in the USA have been strong drivers of IPv6 growth.
I’ll note that if you want to track IPv6 growth, the Internet Society’s Pulse platform has a page about technologies at: https://pulse.internetsociety.org/technologies – on that page you can see data and maps that show IPv6 deployment (as well as for other technologies).
Where did IPv6 grow in 2023? Where did it not? What countries led on IPv6 deployment?
Recently a colleague of mine at the Internet Society, Robbie Mitchell, laid all this out in a long post titled “Governments and Industry Driving IPv6 in 2023”. With data and many charts he walks through where IPv6 deployment is improving and where more work is needed.
I found it fascinating to see how much the Asia-Pacific region is growing, while here where I live in the USA the growth was minuscule (1.7%). Particularly since historically the ISPs in the USA have been strong drivers of IPv6 growth.
I’ll note that if you want to track IPv6 growth, the Internet Society’s Pulse platform has a page about technologies at: https://pulse.internetsociety.org/technologies – on that page you can see data and maps that show IPv6 deployment (as well as for other technologies).
Do you remember… Ello? For a brief time in 2014 to 2016-ish, it flared up as “the next emerging social network” and even as a “Facebook-killer”. And then it flamed out… and… in the summer of 2023, it disappeared completely as the site was taken offline.
I was all in with Ello for a time! Kind of as Mastodon is today for me, Ello was where I was focused on posting and engaging. And then it wasn’t…
Andy Baio published last month a long, detailed post on “The Quiet Death of Ello’s Big Dreams”. I encourage you to go read it… and then I’ve got some commentary below.
As I climb up in that crow’s nest and look out at the horizon, his post points out some definite icebergs and opportunities for any of the new social networks…
… and also, again, the point that we need to own our own content!
Go ahead! Go read that… and then come on back here.
As Andy Baio writes, the promise of Ello was that it was going to be different. You can still read the Ello Manifesto via the Wayback Machine:
It was beautiful!
Here’s the part I liked:
“We believe there is a better way. We believe in audacity. We believe in beauty, simplicity and transparency. We believe that the people who make things and the people who use them should be in partnership.
We believe a social network can be a tool for empowerment. Not a tool to deceive, coerce and manipulate — but a place to connect, create and celebrate life.
You are not a product.”
How could you NOT sign up for that?? Particularly in a time (2014) when Facebook was going through yet another series of changes and pivots.
I jumped deep in. Partly because of that manifesto. Partly because I liked the minimalist ethos and design. And partly, if I’m honest, because one of the co-founders was from Vermont, and while I was living next door in New Hampshire, the site had a bit of the “Vermont vibe”. It was designed to be artsy and counter-cultural, etc. I was good with that!
I wrote a bunch of posts. I talked about Ello on other social networks. I added it to the footer on my blog sites to encourage people to follow me there.
The thing was, the whole beautiful dream was built on foundation of quicksand. As Andy Baio writes, they started out with $435,000 of venture capital (VC) funding, and soon got $5.5 million more… and six months later took $5 million more in VC funding and later some more.
Baio’s article covers this all in more detail, but the key point is:
VC’s always want their exit!
They’re not doing this out of the kindness of their hearts. They are investors who ultimately want to make a profit from their investment.
The moment you take VC investment, your future direction is guided by your investors – and their need for payback – sometimes even more so than your actual users.
Which is fine if you are a regular startup. Everyone understands now that “this is how it works” – and VC firms have played a very vital role in helping so many of the services we use to come into being.
BUT… when you are a social network that specifically positions itself as NOT “selling out” to the market… well… that’s a problem.
And Then It Was… Gone…
As Baio recounts in his piece, Ello then morphed through more “pivots”, was acquired by Talenthouse, and more changes happened.
Somewhere in there I left it behind. I found their pivot to “The Creators Network – Built by artists for artists” an interesting change… but they focused on visual arts with photography, images, artwork… and I’m a guy who likes text and audio. So it was kind of clear that it was no longer really a great place for me.
Besides which, by then I’d discovered Mastodon in its early days (Dec 2016) and was starting to spend more time there. (Oh, look at the butterfly… so beautiful! SQUIRREL!!!)
And then, last year in July 2023, after a series of outages, the Ello site simply vanished. Boom. Done.
No warning. No messages to users. No opportunity to download your content. No information. Nothing. Zip. Nada.
In his piece, Baio captures some of the surprised and angry responses of users. People who had watched 8 years of work just vanish from the Internet (thankfully, the Internet Archive captured a good bit of it).
What We Can Learn
In the end, the cautionary tale of Ello reminds us yet again that:
We must own our own content!
We can’t assume that anything we put into ANY of the platforms will continue to exist indefinitely. If we want that content to be available, we need to put it somewhere that WE control.
This means … yes… thinking about good old personal websites again! Personal sites that we might actually have to pay a little bit for. And ideally with our own domain.
Now, the good news is that you can start very easily these days. For example this newsletter is on the hosted WordPress.com site. I don’t have to do much admin and I’m not paying much. The advantage is that I can export this entire site and save it on a disk drive. And I can easily import that to a new hosting provider if I want. And I guess I trust Automattic enough that I believe they wouldn’t just shut down and disappear – particularly not with how many millions of websites are hosted on WP.com.
There are other non-WordPress solutions that are similar, too. And there are a zillion newer frameworks for starting up your own site if you are okay playing with some code. The point is that you can set yourself up fairly easily with a website.
You can own your own content.
POSSE and PESOS
But then of course comes the problem of USING your own website(s). It is SO MUCH EASIER to just open an app or social network site and post your thoughts and reflections.
Open app. Type or upload photo. Publish. Boom. Done.
Which is why we have so much of our content locked up inside walled gardens owned by others. It’s why so many people contributed on Ello and all the other past social networks (and all the ones today).
But we need to change our habits if we don’t want to be victims to the next Ello that vanishes.
Basically… start writing on your own site… and then share it out onto social networks.
And I try to do this… even on Mastodon, my current focus area. (Because at some point Mastodon GmbH could conceivably run out of money and shut down mastodon.social.) I mean… I will post short things to Mastodon that I really don’t care about. They are mostly ephemeral comments that I don’t really care whether they are around in the future.
But… the moment I start thinking about writing a thread of multiple posts on Mastodon, I ask myself the critical question:
Can I post this on one of my own sites first?
And then I go write it on that site, and share the link on Mastodon. Or I may in fact create a Mastodon thread… but with the knowledge that it’s all captured back on my own site.
Alternatively, the other approach is to keep on publishing content on platforms as you do today, but then capture all your content back onto a site you control. This has been referred to as PESOS:
There are of course tools and plugins that can automate this. I do a form of this with my danyork.me site that pulls in copies of things that I write across the Internet. It’s using a WordPress plugin that just pulls regular old RSS feeds – and so naturally works only with things that have RSS feeds. There are other plugins that can bring in your posts from other services. If you want to go the PESOS route, it is now possible where you can mirror most of the various services onto a site under your control.
The Key Point
To something Elizabeth Thai wrote in her second post… I don’t know that I really want to capture everything that I share on social networks. A cool feature of Mastodon is that you can get a RSS feed of your posts. I could add that to my danyork.me aggregator site… but do I really care about some of those posts? Not really!
The key point in all of this is:
If a site where you frequently publish content were to just disappear as Ello did, WOULD YOU BE OKAY WITH THAT?
Or would you wish that you still had access to some of what you published there?
If the answer to the second question is yes, then it’s time to be thinking about how to bring that content onto a site that YOU control. Many sites have ways to get historical archives (but some don’t).
But even if you can’t easily get the historical posts, you can at least change your habits for new posts. Whether you choose POSSE or PESOS … or some other idea… the key point is to start owning your own content.
Because at some point all the various platforms and services may pull an Ello on us and just disappear. Or they may change their business model (um… Medium!) so that it’s harder for people to find your content.
As the enshittification of most platforms continues, the cautionary tale of Ello is that if we care about the content we publish, then we need to own where it is published.
[The End]
Recent Posts and Podcasts
Here is some of the content I’ve published and produced recently on my personal sites:
Thanks for reading to the end. I welcome any comments and feedback you may have.
Please drop me a note in email – if you are a subscriber, you should just be able to reply back. And if you aren’t a subscriber, just hit this button and you’ll get future messages.
This IS also a WordPress hosted blog, so you can visit the main site and add a comment to this post, like we used to do back in glory days of blogging.
Or if you don’t want to do email, send me a message on one of the various social media services where I’ve posted this. (My preference continues to be Mastodon, but I do go on others from time to time.)
If you use Mastodon or another Fediverse system, you should be able to follow this newsletter by searching for “@crowsnest.danyork.com@crowsnest.danyork.com“
You can also connect with me at these services, although I do not interact there quite as much (listed in decreasing order of usage):
Disclaimer: This newsletter is a personal project I’ve been doing since 2007 or 2008, several years before I joined the Internet Society in 2011. While I may at times mention information or activities from the Internet Society, all viewpoints are my personal opinion and do not represent any formal positions or views of the Internet Society. This is just me, saying some of the things on my mind.
I’m doing it again… instead of writing and creating new posts in the morning, I’m sitting there scrolling through Mastodon… or reading the latest news on Memeorandum or Techmeme… or jumping into work email or Slack before I really need to. And sooner or later, any of the “free” time I had is gone and it’s time to start the work day. The time has melted away.
Consumption has triumphed over creation, yet again.
And yet it is so incredibly easyto fall into that pattern… again and again and again….
So today I’ll write this small post of self-reflection to start yet again. Here’s to yet another attempt to break that pattern and build newer, stronger habits!