Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Nevada Wants to Reduce Online Protections for Children: All Internet Users Should Benefit from Strong Encryption

A youth engrossed in their phone.

Today we joined an effort to stop the State of Nevada from making it easier for children’s personal information to be obtained by child predators, criminal gangs, foreign nations, and others. The State of Nevada seems to think that children deserve less protection online. Under a misguided view of seeking to “protect” children, the State […]

The post Nevada Wants to Reduce Online Protections for Children: All Internet Users Should Benefit from Strong Encryption appeared first on Internet Society.

The Github Malware Attack – and the Importance of Trusting the Repository You Use

There’s a terrible attack happening against Github right now where attackers are forking legitimate repositories and injecting malware – and then hoping unsuspecting users will download code from the attacker’s repo instead of the original. A researcher estimates this is happening to about 100,000 repos on Github.

As Dan Goodin writes at Ars Technica:

The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories, meaning the source code is copied so developers can use it in an independent project that builds on the original one. The result is millions of forks with names identical to the original one that add a payload that’s wrapped under seven layers of obfuscation. To make matters worse, some people, unaware of the malice of these imitators, are forking the forks, which adds to the flood.

His article continues in great detail about how the attack works and the dangers involved. He also notes how Github is fighting back against this and removing malware repos … but the scale of the attack makes this hard.

A key point to me is that you should only download and execute code from repositories you trust.

This is kind of a 🤦‍♂️ statement, but it’s so easy to just search for code, find a repo, and use the code.

We all need to take the extra moment and figure out: is this repo a fork of another repo? And if so… why? There are perfectly legitimate reasons to fork a repo. Perhaps someone wants to improve the code or offer a new feature in a way the original developer didn’t want to.

But, as this attack shows, there are also malicious reasons for forking a repo.

We need to be sure we trust the source – which may mean doing the detective work to trace back and see if this is the original repo.

I wish the folks at Github all the best in combatting this attack. The ability to easily fork repos is such a key part of Github and the collaborative development of code. It’s unfortunate that it is being abused in this way. 🙁

New Excellent Analysis of Where IPv6 Grew in 2023

Where did IPv6 grow in 2023? Where did it not? What countries led on IPv6 deployment?

Recently a colleague of mine at the Internet Society, Robbie Mitchell, laid all this out in a long post titled “Governments and Industry Driving IPv6 in 2023”. With data and many charts he walks through where IPv6 deployment is improving and where more work is needed.

I found it fascinating to see how much the Asia-Pacific region is growing, while here where I live in the USA the growth was minuscule (1.7%). Particularly since historically the ISPs in the USA have been strong drivers of IPv6 growth.

I’ll note that if you want to track IPv6 growth, the Internet Society’s Pulse platform has a page about technologies at: https://pulse.internetsociety.org/technologies – on that page you can see data and maps that show IPv6 deployment (as well as for other technologies).

New Excellent Analysis of Where IPv6 Grew in 2023

Where did IPv6 grow in 2023? Where did it not? What countries led on IPv6 deployment?

Recently a colleague of mine at the Internet Society, Robbie Mitchell, laid all this out in a long post titled “Governments and Industry Driving IPv6 in 2023”. With data and many charts he walks through where IPv6 deployment is improving and where more work is needed.

I found it fascinating to see how much the Asia-Pacific region is growing, while here where I live in the USA the growth was minuscule (1.7%). Particularly since historically the ISPs in the USA have been strong drivers of IPv6 growth.

I’ll note that if you want to track IPv6 growth, the Internet Society’s Pulse platform has a page about technologies at: https://pulse.internetsociety.org/technologies – on that page you can see data and maps that show IPv6 deployment (as well as for other technologies).

AVFTCN 034 – The Cautionary Tale of the Death of Ello

Do you remember… Ello? For a brief time in 2014 to 2016-ish, it flared up as “the next emerging social network” and even as a “Facebook-killer”. And then it flamed out… and… in the summer of 2023, it disappeared completely as the site was taken offline.

I was all in with Ello for a time! Kind of as Mastodon is today for me, Ello was where I was focused on posting and engaging. And then it wasn’t…

Andy Baio published last month a long, detailed post on “The Quiet Death of Ello’s Big Dreams”. I encourage you to go read it… and then I’ve got some commentary below.

As I climb up in that crow’s nest and look out at the horizon, his post points out some definite icebergs and opportunities for any of the new social networks…

… and also, again, the point that we need to own our own content!

Go ahead! Go read that… and then come on back here. 🙂

The Promise of Ello

As Andy Baio writes, the promise of Ello was that it was going to be different. You can still read the Ello Manifesto via the Wayback Machine:

A dark gray screen with the text:
---
Your social network is owned by advertisers.

Every post you share, every friend you make and every link you follow is tracked, recorded and converted into data. Advertisers buy your data so they can show you more ads. You are the product that’s bought and sold.

We believe there is a better way. We believe in audacity. We believe in beauty, simplicity and transparency. We believe that the people who make things and the people who use them should be in partnership.

We believe a social network can be a tool for empowerment. Not a tool to deceive, coerce and manipulate — but a place to connect, create and celebrate life.

You are not a product.
---
and then two buttons at the bottom: "I Agree" and "I Disagree"

It was beautiful!

Here’s the part I liked:

“We believe there is a better way. We believe in audacity. We believe in beauty, simplicity and transparency. We believe that the people who make things and the people who use them should be in partnership.

We believe a social network can be a tool for empowerment. Not a tool to deceive, coerce and manipulate — but a place to connect, create and celebrate life.

You are not a product.”

How could you NOT sign up for that?? Particularly in a time (2014) when Facebook was going through yet another series of changes and pivots.

I jumped deep in. Partly because of that manifesto. Partly because I liked the minimalist ethos and design. And partly, if I’m honest, because one of the co-founders was from Vermont, and while I was living next door in New Hampshire, the site had a bit of the “Vermont vibe”. It was designed to be artsy and counter-cultural, etc. I was good with that!

I wrote a bunch of posts. I talked about Ello on other social networks. I added it to the footer on my blog sites to encourage people to follow me there.

I encouraged people to join Ello – and was very excited about the ability to use Markdown in posts. I wrote about some of the exciting things that were going on and some of the posts from other early adopters.

The Wayback Machine shows that at the end of my time there, I had published 374 posts, was following 177 people, and was followed by 457 people.

The Dream Was Built On A Problem

The thing was, the whole beautiful dream was built on foundation of quicksand. As Andy Baio writes, they started out with $435,000 of venture capital (VC) funding, and soon got $5.5 million more… and six months later took $5 million more in VC funding and later some more.

Baio’s article covers this all in more detail, but the key point is:

  • VC’s always want their exit!

They’re not doing this out of the kindness of their hearts. They are investors who ultimately want to make a profit from their investment.

The moment you take VC investment, your future direction is guided by your investors – and their need for payback – sometimes even more so than your actual users.

Which is fine if you are a regular startup. Everyone understands now that “this is how it works” – and VC firms have played a very vital role in helping so many of the services we use to come into being.

BUT… when you are a social network that specifically positions itself as NOT “selling out” to the market… well… that’s a problem.

And Then It Was… Gone…

As Baio recounts in his piece, Ello then morphed through more “pivots”, was acquired by Talenthouse, and more changes happened.

Somewhere in there I left it behind. I found their pivot to “The Creators Network – Built by artists for artists” an interesting change… but they focused on visual arts with photography, images, artwork… and I’m a guy who likes text and audio. 🤷‍♂️ So it was kind of clear that it was no longer really a great place for me.

Besides which, by then I’d discovered Mastodon in its early days (Dec 2016) and was starting to spend more time there. (Oh, look at the butterfly… so beautiful! SQUIRREL!!!)

And then, last year in July 2023, after a series of outages, the Ello site simply vanished. Boom. Done.

No warning. No messages to users. No opportunity to download your content. No information. Nothing. Zip. Nada.

In his piece, Baio captures some of the surprised and angry responses of users. People who had watched 8 years of work just vanish from the Internet (thankfully, the Internet Archive captured a good bit of it).

What We Can Learn

In the end, the cautionary tale of Ello reminds us yet again that:

  • We must own our own content!

We can’t assume that anything we put into ANY of the platforms will continue to exist indefinitely. If we want that content to be available, we need to put it somewhere that WE control.

This means … yes… thinking about good old personal websites again! Personal sites that we might actually have to pay a little bit for. And ideally with our own domain.

Now, the good news is that you can start very easily these days. For example this newsletter is on the hosted WordPress.com site. I don’t have to do much admin and I’m not paying much. The advantage is that I can export this entire site and save it on a disk drive. And I can easily import that to a new hosting provider if I want. And I guess I trust Automattic enough that I believe they wouldn’t just shut down and disappear – particularly not with how many millions of websites are hosted on WP.com.

There are other non-WordPress solutions that are similar, too. And there are a zillion newer frameworks for starting up your own site if you are okay playing with some code. The point is that you can set yourself up fairly easily with a website.

You can own your own content.

POSSE and PESOS

But then of course comes the problem of USING your own website(s). It is SO MUCH EASIER to just open an app or social network site and post your thoughts and reflections.

Open app. Type or upload photo. Publish. Boom. Done.

Which is why we have so much of our content locked up inside walled gardens owned by others. It’s why so many people contributed on Ello and all the other past social networks (and all the ones today).

But we need to change our habits if we don’t want to be victims to the next Ello that vanishes.

Back in 2018, I wrote about the “POSSE” idea that came out of the IndieWeb movement:

Publish on your
Own
Site,
Syndicate
Elsewhere

Basically… start writing on your own site… and then share it out onto social networks.

And I try to do this… even on Mastodon, my current focus area. (Because at some point Mastodon GmbH could conceivably run out of money and shut down mastodon.social.) I mean… I will post short things to Mastodon that I really don’t care about. They are mostly ephemeral comments that I don’t really care whether they are around in the future.

But… the moment I start thinking about writing a thread of multiple posts on Mastodon, I ask myself the critical question:

  • Can I post this on one of my own sites first?

And then I go write it on that site, and share the link on Mastodon. Or I may in fact create a Mastodon thread… but with the knowledge that it’s all captured back on my own site.

Alternatively, the other approach is to keep on publishing content on platforms as you do today, but then capture all your content back onto a site you control. This has been referred to as PESOS:

Publish
Elsewhere
Syndicate to
Own
Site

Elizabeth Thai wrote a great post comparing POSSE and PESOS last year. She also wrote a follow-up post explaining her (mostly manual) way of bringing her content back onto her own site.

There are of course tools and plugins that can automate this. I do a form of this with my danyork.me site that pulls in copies of things that I write across the Internet. It’s using a WordPress plugin that just pulls regular old RSS feeds – and so naturally works only with things that have RSS feeds. There are other plugins that can bring in your posts from other services. If you want to go the PESOS route, it is now possible where you can mirror most of the various services onto a site under your control.

The Key Point

To something Elizabeth Thai wrote in her second post… I don’t know that I really want to capture everything that I share on social networks. A cool feature of Mastodon is that you can get a RSS feed of your posts. I could add that to my danyork.me aggregator site… but do I really care about some of those posts? Not really!

The key point in all of this is:

  • If a site where you frequently publish content were to just disappear as Ello did, WOULD YOU BE OKAY WITH THAT?
  • Or would you wish that you still had access to some of what you published there?

If the answer to the second question is yes, then it’s time to be thinking about how to bring that content onto a site that YOU control. Many sites have ways to get historical archives (but some don’t).

But even if you can’t easily get the historical posts, you can at least change your habits for new posts. Whether you choose POSSE or PESOS … or some other idea… the key point is to start owning your own content.

Because at some point all the various platforms and services may pull an Ello on us and just disappear. Or they may change their business model (um… Medium!) so that it’s harder for people to find your content.

As the enshittification of most platforms continues, the cautionary tale of Ello is that if we care about the content we publish, then we need to own where it is published.

[The End]


Recent Posts and Podcasts

Here is some of the content I’ve published and produced recently on my personal sites:

And new posts for the Internet Society (who has no connection to this newsletter):


Thanks for reading to the end. I welcome any comments and feedback you may have.

Please drop me a note in email – if you are a subscriber, you should just be able to reply back. And if you aren’t a subscriber, just hit this button 👇 and you’ll get future messages.

This IS also a WordPress hosted blog, so you can visit the main site and add a comment to this post, like we used to do back in glory days of blogging.

Or if you don’t want to do email, send me a message on one of the various social media services where I’ve posted this. (My preference continues to be Mastodon, but I do go on others from time to time.)

Until the next time,
Dan


Connect

The best place to connect with me these days is:

You can also find all the content I’m creating at:

If you use Mastodon or another Fediverse system, you should be able to follow this newsletter by searching for “@crowsnest.danyork.com@crowsnest.danyork.com“

You can also connect with me at these services, although I do not interact there quite as much (listed in decreasing order of usage):


Disclaimer

Disclaimer: This newsletter is a personal project I’ve been doing since 2007 or 2008, several years before I joined the Internet Society in 2011. While I may at times mention information or activities from the Internet Society, all viewpoints are my personal opinion and do not represent any formal positions or views of the Internet Society. This is just me, saying some of the things on my mind.

I’m Doing It Again… Getting Sucked Into Consuming Vs Creating

IMG_4021I’m doing it again… instead of writing and creating new posts in the morning, I’m sitting there scrolling through Mastodon… or reading the latest news on Memeorandum or Techmeme… or jumping into work email or Slack before I really need to. And sooner or later, any of the “free” time I had is gone and it’s time to start the work day. The time has melted away.

Consumption has triumphed over creation, yet again.

That’s no way to get back into writing more. That’s no way to develop habits of consistent writing.

And yet it is so incredibly easy to fall into that pattern… again and again and again….

So today I’ll write this small post of self-reflection to start yet again. Here’s to yet another attempt to break that pattern and build newer, stronger habits! 

——

Image credit: a generated image from Leonardo.ai

TDYR 415 – Why ULA’s Vulcan Centaur Launch Was So Important

On January 8, 2024, United Launch Alliance (ULA) successfully launched their Vulcan Centaur rocket - in this episode I talk about WHY this was such an important milestone and about the current state of the launch industry where SpaceX is the only company consistently launching rockets. You can read more at: - https://www.danyork.com/2024/01/ulas-successful-vulcan-centaur-rocket-launch-is-good-news.html -https://crowsnest.danyork.com/2023/11/03/avftcn-022-the-global-chokepoint-where-spacex-is-the-only-consistent-launch-provider/ Comments are welcome - do you want more episodes like this?

AVFTCN 033 – Kiwix, Meshtastic and content and connectivity during an outage

Tonight here in northwestern Vermont we’re supposed to get the double trouble of heavy, wet snow and a windstorm with winds up to 49 mph (79 kph). The combination will undoubtedly cause trees to fall, taking down power and Internet cables. Forecasters are expecting power outages all across the state.

In these moments, I often think about what we would do in an extended power or Internet outage. Specifically, I think about:

  • How can we access Internet content offline? (Without a connection)
  • How can we communicate without Internet or telecom connectivity?

In this newsletter, I’ve got a couple of thoughts….

Accessing Internet content… offline.

Given that we store so much of our information online – what do you do without a connection? Do you have local repositories / copies of all your critical files?

But also – what if you want to look up information? Say… from Wikipedia? How do you do that?

Readers who have been around for a while may be already saying “That’s simple, Dan, I just use curl, wget, or something similar to pull down a copy of a website!”

And yes, you can do that. It works.

But there’s a far more elegant solution – Kiwix!

Kiwix is software that lets you download Internet content so that you can read it offline. It started out focused on Wikipedia, but has expanded since then to cover other sites. The cool thing is that you can use Kiwix in several ways:

  • On a desktop computer (Mac, Windows, Linux)
  • On a mobile phone (IOS, Android)
  • On a Raspberry Pi (which you could then use with WiFi to serve as a local hotspot)

(There are also browser extensions for popular browsers, which could work with a server product they offer, or simply with the “zim” files stored in a folder on a drive..)

You then download the appropriate packages of content (“zim” files) and… ta da… you are using the site offline!

If you have a free 109 GB, you can download the entire 6.3 million articles from English Wikipedia and have your own offline copy. They also have packages of all sorts of subsets of Wikipedia – the top 100 pages, various sections, with-and-without images, and more.

The Kiwix library currently has hundreds of “books” that you can download for offline access. (At this moment, it says “1010”, but that includes multiple different download options for many of the sites.) There is also content from TED Talks and more.

The nice part is you can just have Kiwix on your mobile phone with some site content – and then as along as you can keep your phone charged, you can have access to all the Internet content.

Kiwix is a nonprofit organization primarily supported by users and foundations (including the WikiMedia Foundation) and they are doing good work. I do encourage you to check them out!

There are of course other solutions out there for offline access of Internet content. Do you have one you like? If so, please drop me a note – I’m always curious about solutions people find.

Messaging without Internet connectivity

I often wonder – what would we do if we had an extended power outage for multiple days? It’s been a while, but we have had ice storms that knocked out power and Internet for several days … or even longer. We saw some of the extreme storms last year that knocked out connectivity for days or weeks in other parts of the world.

Like all good Vermonters, we have a portable generator that we could use to provide some electricity. We live in an area with many homes that would probably get attention from the utility companies and so might not be out for too long.

But what if we were? How could we communicate with other people in our area if we didn’t have Internet or telecommunications?

One option of course would be to get a Starlink antenna. They can work with minimal power and so we could use it to get Internet access and be able to communicate with others. If other people in the area also had Starlink dishes we could be able to connect.

I do think there is tremendous power in the low Earth orbit (LEO) satellite systems to add another layer of resilience.

BUT… that requires people to have the Starlink equipment, pay for subscriptions, etc.

What other ways are possible?

I don’t have a specific answer yet myself that I have worked with.

But I’m intrigued by what the folks involved with Meshtastic are doing. As they say, it is “an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices.”

It’s pretty cool! It’s based off of using “LoRa” hardware and unlicensed spectrum. The Meshtastic documentation does a decent job of explaining what it is all about and how it works.

WARNING! This all gets über-geeky and dives down into building your own hardware, installing your own software, etc. If you like that kind of thing, it’s awesome. If not… you may just want to skip ahead. 😀

I was going to write more details… but I found that someone else already did! By way of a Mastodon post, I found that a person going by the name of “Hydroponic Trash” has written “a guide on building autonomous, off-grid, encrypted, and solar-powered communications infrastructure that lets you send text messages without any cellular or power infrastructure.”

You can view it at:

(Yes, it’s on Substack… but you can still read it, and the person is working on make a PDF available on his website.)

Fair warning that as he gets toward the end, he gets into use cases and you may not agree with his politics. But if you focus on the first 3/4 of the article, it’s fascinating to see all the parts and pieces that can create this kind of low-power, off-grid communications network.

I’m personally hoping we don’t get to the point where we need systems like this… but given the increasingly extreme weather we’re seeing, who knows! I’m glad there are people out there working on solutions like these.

What other communication ways have you seen to add resiliency to our communications?


Thanks for reading to the end. I welcome any comments and feedback you may have.

Please drop me a note in email – if you are a subscriber, you should just be able to reply back. And if you aren’t a subscriber, just hit this button 👇 and you’ll get future messages.

This IS also a WordPress hosted blog, so you can visit the main site and add a comment to this post, like we used to do back in glory days of blogging.

Or if you don’t want to do email, send me a message on one of the various social media services where I’ve posted this. (My preference continues to be Mastodon, but I do go on others from time to time.)

Until the next time,
Dan


Connect

The best place to connect with me these days is:

You can also find all the content I’m creating at:

If you use Mastodon or another Fediverse system, you should be able to follow this newsletter by searching for “@crowsnest.danyork.com@crowsnest.danyork.com“

You can also connect with me at these services, although I do not interact there quite as much (listed in decreasing order of usage):


Disclaimer

Disclaimer: This newsletter is a personal project I’ve been doing since 2007 or 2008, several years before I joined the Internet Society in 2011. While I may at times mention information or activities from the Internet Society, all viewpoints are my personal opinion and do not represent any formal positions or views of the Internet Society. This is just me, saying some of the things on my mind.

The Joys Of Being Your Own IT Department – And Of DNS and RSS

Tonight I was looking at my danyork.me aggregation site and I was confused… why were my posts from my danyork.com site NOT appearing in the master list? I *knew* I had written there.

Of course my initial thought was some problem with the RSS feed. Yep! 

On danyork.me I’m using the older FeedWordPress plugin for WordPress that does RSS syndication. A quick look told me that the feed it was supposed to be pulling in was:

https://www.danyork.com/rss.xml

Except… that was showing up as invalid XML. 🤷‍♂️

Screenshot of W3C RSS Validator showing that the feed is invalid

After some trial and error, I discovered that… I need to drop the “www” on the feed! 🤦‍♂️ If I instead use this:

https://danyork.com/rss.xml

Then… everything works!

Screenshot of the W3C Feed validator with the feed successfully validating

I made the update to the FeedWordPress settings, forced an “Update Now” and … 🎉 …. the posts started appearing again at danyork.me!

So it’s somewhere between a DNS issue (cue “it’s always DNS!”) and a web hosting issue. My DanYork.com site is one of the ones that I still have running on the old TypePad platform…. and THAT  is where I suspect the issue lies.

www.danyork.com is just a CNAME pointing over to lodestar.typepad.com, where TypePad is then redirecting it to my specific blog. However, if I do a ‘curl’ for the www URL, I can see I get a plain HTML page that looks like it may be trying to do a meta refresh. If I do a ‘curl’ on the non-www URL, I get the correct RSS feed.

However, in an amusing bit of 🤦‍♂️, the RSS feed says that it should be at “www.danyork.com”:

<atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="self" href="https://www.danyork.com/rss.xml" type="application/rss+xml" />

But of course that won’t work.

So… something for me to dive into at some point and figure out.

Maybe I should call my IT team!  Oh, wait… that’s … me! 🤦‍♂️

 

An Excellent Read: The Verge on how "Google shapes everything on the web"

If you want to understand how we got to the Web that we have today, I would strongly recommend reading this beautiful piece by Mia Sato at The Verge on the theme of “Google shapes everything on the Web

It is an interactive piece that explains in both text and animations why it is that search engine optimization (SEO) has driven every website to look the same… why even short articles are being broken up by headings… why author bylines are suddenly expanding into bios…  … and why the #Web is increasingly bland, useless, and untrustworthy

It also explains why increasingly people are using other search experiences (ex TikTok) - or moving content into other systems - purely because the Web is no longer working in the way it used to. It’s now gamed by so many… and filled with generative-AI spawned content farms….

Certainly some of us keep posting to our good old websites or blogs… largely because they were and are labors of love, not profit.

But those seeking profit or fame are all playing the SEO game… and we with our regular old websites will lose out on the discovery.

I thought one of the final paragraphs was on point about the paywalling of content (my emphasis added):

But no matter what happens with Search, there’s already a splintering: a web full of cheap, low-effort content and a whole world of human-first art, entertainment, and information that lives behind paywalls, in private chat rooms, and on websites that are working toward a more sustainable model. As with young people using TikTok for search, or the practice of adding “reddit” to search queries, users are signaling they want a different way to find things and feel no particular loyalty to Google.

People are looking for alternatives, and increasingly they are moving to private communities / walled gardens in large part to avoid the spam... and to avoid the blandness and overall "enshittification" of the Web.