In software, sometimes to get attention it helps to release a 2.0. People tune out and don't know that 1.1 and 1.2 were great. That's sort of how I feel about Jon Stewart returning to The Daily Show. (Wha…?!) I never got into watching his TV+ show, or even recent Trevor Noah. Tonight's a new chance.
Good interview at Platformer with Eugen Rochko. Some of his thoughts on AT Protocol:
My hope still is that — fingers crossed — when Meta starts federating with Mastodon that the critical mass will be large enough that Bluesky developers will just say, okay, fine. Maybe that W3C approved standard protocol is the way to go instead of making our own custom stuff. Even if it doesn't happen out the gate, maybe it will still start making sense for them someday.
Because Threads is opt-in for the fediverse and Bluesky keeps growing, ActivityPub might not end up dwarfing AT Proto the way we expected.
I have a really hard time coming up with dark mode colors. Nothing looks right.
I'm expecting a little bit of pushback when launching something totally new, because it's true that existing features are not without flaws. But I've dedicated a lot of time over the last month to fixing bugs. Hopefully even if it's not always noticeable, it does make a difference.
Introducing notes in Micro.blog
Today we're launching a major new feature for Micro.blog Premium subscribers. Micro.blog notes are a new way to save content in Micro.blog when you don't want to use a blog post or draft. Notes are private by default, end-to-end encrypted across all platforms, with a special companion app named Strata for iOS. (Android coming soon.)
Notes are great for:
- Jotting down ideas or brainstorming future blog posts. Notes use Markdown, so it's easy to move the text into a blog post draft later.
- Sharing content with a smaller group of friends or family, without that content being linked on your blog. When a note is shared, it is given a unique, random-looking URL on your blog that you can send to others.
- Journaling within Micro.blog, so you can use the same platform whether you're writing something just for yourself or sharing it with the world in a blog post.
From the launch of the platform, Micro.blog has been about public blog posts. We want to make the web a little better with thousands of new blogs, where the user owns their identity and content. Some people want private posts too, but we’ve delayed adding that because it doesn’t fit perfectly into the public web. With the wrong implementation, it would turn Micro.blog into more of a closed silo, with some features only available when you’re signed in.
Notes will be Micro.blog’s initial solution to private posts, a foundation we can build on. By default, notes really are private. They are encrypted and we can’t see them. But any note can be shared with others. When sharing a note, it’s decrypted and published to a corner of your blog, accessible only by direct URL.
This level of encryption adds a new wrinkle to how Micro.blog usually stores data. We've tried to keep it simple, but honestly it can be confusing, and we expect a few bumps along the road. We will continue to make it as seamless as possible. There are options to download a copy of the "secret key" used in Micro.blog, as well as saving a copy to iCloud. I recommend both.
In the future, notes will make their way into more Micro.blog features. For example, you can imagine attaching notes to bookmarks, web page highlights, or a book you're reading. We are very excited about the potential for this in Micro.blog.
Here's a screenshot from the web. Enjoy!
Thanks to @vincent for all his work on our new mobile app Strata. It's no small thing to get a new app off the ground, especially one that has to integrate with a larger platform API, sign-in, and encryption right out of the gate for 1.0.
I added a help page with an overview of how encryption works for notes in Micro.blog, and some basics about the API that Micro.blog and our new app Strata use.
Having one of those moments while fixing a bug where I can't believe this worked at all, for anyone except me.
I made a short video showing some of the new notes feature in Micro.blog.
Excellent interview with Jay Graber on Techmeme Ride Home, on YouTube here. Clear framing of Bluesky's goals and how the platform fits into the web. Sometimes I still can't believe we're all working toward a more open, social web again. 🎉
Jason Snell writing at Macworld:
What I’m saying is that if Apple would take the chance on four or five wild ideas, it might learn enough to create one or two hits. Given the sluggish growth in its Wearables, Home, and Accessories product category lately, it feels like it might be worth getting a little weird and risking failure to chart some new directions in home tech.
Apple is so successful now that most of what they do is judged against the iPhone, but smaller weird products could lead somewhere great too. Amazon did this and it led to the Kindle and Echo.
If you’ve been following the Bridgy and Mastodon drama, consider that many Mastodon users don’t want a bridge that allows Bluesky to federate with Mastodon, but they do want Bluesky to support ActivityPub so Bluesky can… also federate with Mastodon. 😜
Great post from @writingslowly on how categories and filters work in Micro.blog.
Mastodon and public data
I’ve been thinking about Mastodon and the fallout from Bridgy’s plan to connect ActivityPub servers to Bluesky. For a snapshot of how this blew up, see this GitHub issue discussion, now thankfully closed after it devolved into personal attacks.
It often feels that (some) Mastodon folks care more about Mastodon as a platform than they care about the open web as a platform. I’m not sure if that’s a completely fair framing, but thinking about it this way has helped clarify my view of debates around public posts.
When I post to my blog, my posts are on the web, and so hopefully make the web a little better. I’m contributing to sort of a larger purpose, something I can refer to later myself, and maybe something others will find value in too. It’s a subtly different mindset than posting to a specific platform where I mostly expect my followers to see it.
My blog is connected via ActivityPub to Mastodon, and via cross-posting to Bluesky, Nostr, Threads, and elsewhere. But I could disconnect those platforms and it wouldn’t change much about how I post and what I write about.
That’s not to say there aren’t great reasons to prefer a smaller, more controlled audience. We have Mastodon post visibility to limit who can see posts. We have robots.txt to discourage search engines. We have settings to make posts ephemeral. As Bridgy developer Ryan Barrett said himself in an article on TechCrunch, this level of control is one thing that has made Mastodon a good online home for many people:
A lot of the people there, especially people who have been there for a while, came from more traditional centralized social networks and got mistreated and abused there, so they came looking for and tried to put together a space that was safer, smaller and more controlled. They expect consent for anything they do with their data.
I respect this view. It’s not how I approach my own blog, but I would never argue that someone shouldn’t be able to protect themselves. There should be a variety of approaches in between sharing everything online and sharing nothing.
And we do have additional solutions already. Mastodon server administrators can block other servers that are causing problems. Users can mute or block other users. These solutions apply equally to Mastodon servers and to a potential Bluesky bridge.
If there are no technical differences between blocking a rogue Mastodon server and a Bluesky bridge, what are people truly concerned about? It often appears to get back to identifying with Mastodon and its principles, and inherently distrusting other companies, fearing a return to the worst of massive, centralized platforms.
If this sounds familiar, it’s not unlike the reaction many had when Threads was rumored to support ActivityPub. I blogged about this last year, hoping more people would see it as a positive step forward:
Meta adopting ActivityPub has the potential to fast-forward the progress of the social web by years. Ever since I grew disillusioned with Twitter a decade ago and started pushing for indie microblogs, then writing a book about social networks and founding Micro.blog, I could only dream of a moment where a massive tech company embraced such a fundamental open API.
Smaller social networks are an important part of finding our way out of the social network mess of larger, especially ad-based platforms. Mastodon deserves enormous credit for making federation and smaller servers actually work. I can’t overstate how significant it was for Mastodon to be a mature platform that could welcome users leaving Twitter X.
Federation is just one part of the progress we can make, though. We also need to embrace the open web again, encouraging more people to have their own blog and identity online. Bridgy has been working toward these goals for years, helping people connect their blog to other social networks.
My concern with some Mastodon users (again, not everyone!) pushing back against interoperability with non-Mastodon platforms is that it moves Mastodon away from the open web, which is surely at odds with the original purpose of Mastodon and many of its features, from an open client API to federation itself. We can already see some signs of Mastodon putting up slight roadblocks to open web access. For example, permalink posts on Mastodon require JavaScript — you can’t view HTML source and get the post details, making it a little more difficult to build tools that understand Mastodon pages. At the API level, some servers also require signed ActivityPub requests, making it a little more difficult to look up user profiles.
The developer community for Mastodon is free to make any of these decisions they want. To play this out to its most extreme version, they could even disable RSS feeds, treating Mastodon servers more like protected, mini silos.
But moving away from openness will not only limit the potential of the fediverse, it risks holding back the larger social web. If there’s a knee-jerk reaction to interoperability with other platforms, Mastodon may find that its head start as the largest federated platform becomes eroded, eclipsed by Bluesky and other platforms. I would ask the folks on Mastodon who are so strongly against bridging to Bluesky if that's the future they really want.
Some of my best blog posts are buried behind really boring, unhelpful post titles. If a post resonates with folks and is shared, it can only be because someone actually read it. The opposite of clickbait.
Apple is twisting the truth
I don't want my whole life to be writing blog posts and podcasting about Apple's changes for the EU's Digital Markets Act, but this latest developer update from Apple feels like an insult to developers, playing us for fools.
Let's start with how Apple keeps mentioning all the new APIs that are part of this rollout:
To comply with the Digital Markets Act, Apple has done an enormous amount of engineering work to add new functionality and capabilities for developers and users in the European Union — including more than 600 new APIs and a wide range of developer tools.
They said the same thing in the initial news announcement:
The changes include more than 600 new APIs, expanded app analytics, functionality for alternative browser engines, and options for processing app payments and distributing iOS apps.
Apple repeatedly talks about these "600 new APIs" as if it is a favor to developers, but it was Apple's choice to handle it this way. For example, to comply with the DMA's requirements on sideloading or marketplaces, Apple could've chosen a system similar to installing apps from TestFlight. This would require zero new APIs for developers, just as TestFlight itself has no new APIs when building a beta version of your app.
Apple created the new APIs — a significant number in MarketplaceKit alone — so that they would have control over distribution. By both reviewing marketplaces and requiring that marketplaces use new APIs to install apps, Apple can track app install numbers, allowing them to invoice developers the new €0.50 Core Technology Fee. The new APIs help Apple, not developers.
Moving on to the web browser update, there is going to be universal concern from web developers about Apple disabling PWAs in the EU. On letting web apps use browser engines other than WebKit, Apple writes:
Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent.
Was this statement from Apple written by a hallucinating AI? All mainstream web browsers have a strict security model for JavaScript. Cookies and local storage cannot be accessed across web apps. It's even difficult or impossible to make certain web requests from JavaScript because of cross-site scripting and CORS limitations. The only way this could be circumvented is with a rogue web browser engine that did away with these standard constraints, but Apple already has this scenario covered because they approve every browser engine:
To help keep users safe online, Apple will only authorize developers to implement alternative browser engines after meeting specific criteria and committing to a number of ongoing privacy and security requirements, including timely security updates to address emerging threats and vulnerabilities.
Users want to run Firefox and Chrome, popular browsers that are trusted by users. The DMA was created to allow this kind of choice. No one is asking Apple to blindly let browser engine malware take over home screens.
Some have argued that the DMA is poorly written, or at least too vague and open to interpretation. It actually gives gatekeepers like Apple significant leeway when it comes to security. Quoting from section 6.4:
The gatekeeper shall not be prevented from taking, to the extent that they are strictly necessary and proportionate, measures to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, provided that such measures are duly justified by the gatekeeper.
Apple has clearly jumped on this to give themselves an out, ignoring the spirit of the law. When it benefits Apple, they take the DMA requirements much further than intended. When it doesn't benefit them, they lean back on the "integrity" of iOS and barely comply at all.
Wrapping up, Apple writes:
EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.
It is hard to take this seriously after Apple's bad-faith effort to comply with the DMA. I'm sure WebKit engineers regret this change, but Apple leadership doesn't. By limiting PWAs just as PWAs are starting to be competitive with native apps, Apple ensures that native apps have no real competition on iOS, strengthening Apple's hold on app distribution.
I get frustrated when a company is actively making the web worse instead of better. Spare me the justifications. If I demonstrated any hostility toward my platform's users, developers, or the open web more broadly, I hope people would call me on it too.
To balance my criticism of Apple today, it appears Apple is letting Epic Games have a dev account in Europe, and presumably a marketplace later. From Tim Sweeney on Twitter X:
I'll be the first to acknowledge a good faith move by Apple amidst our cataclysmic antitrust battle, in granting Epic Games Sweden AB a developer account for operating Epic Games Store and Fortnite in Europe under the Digital Markets Act.
Seems like great news all around. This is one to keep an eye on. 🍿
We're two weeks in to the Vision Pro launch! On today's Core Intuition, I start by asking Daniel if he's returning it. We talk about whether Apple should be worried about the rollout, Mark Zuckerberg's comparison to the Quest 3, and more thoughts on how (and whether) the Vision Pro is needed.
Fani Willis testifying in Fulton County, Georgia yesterday:
You're confused. You think I'm on trial. These people are on trial for trying to steal an election in 2020.
Before this, I was receptive to the idea that maybe she should step aside to avoid this trial going off the rails. But it's unfair for her personal life to be made public on such weak evidence. She's done the work to bring these charges against Trump and should finish the job.
Letitia James, after New York’s $350 million fine on Trump:
The scale and the scope of Donald Trump’s fraud is staggering. And so too is his ego, and his belief that the rules do not apply to him. Today we are holding Donald Trump accountable. We are holding him accountable for lying, cheating, and a lack of contrition, and for flouting the rules that all of us must play by.
🇺🇸
Quiet morning working on Mac software. Fixed a handful of bugs in Micro.blog and released a new version. Will continue to roll out server improvements for the new notes feature as I have them ready.
I hadn’t read Tantek Çelik’s post on the ephemeral web yet when I blogged about Mastodon yesterday, otherwise I would’ve linked to it. Really good:
All reply-contexts of and replies to such posts and conversations lost, like threads unraveled from an ancient tapestry, scattered to the winds.
Fun 3-point contest tonight, especially the Steph vs. Sabrina addition. Hope they keep some version of that going in future years. Watching the dunks now but the scoring is usually so subjective it distracts from how amazing everything is. 🏀
It's easy to be blinded by past decisions. I took a fresh look at our pricing this weekend and ran some numbers. Going to try to simplify things even further. (No price increase. $5 is the ideal price for all things, from a latte to blog hosting.)
Eugen Rochko on recent Mastodon spam. I haven't noticed any problems yet but I expect some spam DMs will hit Micro.blog from this as well:
There is an ongoing spam attack on the fediverse for the last couple of days. It's more widespread than before, as attackers are targeting smaller servers to create accounts. Before, usually only mastodon.social was targeted and our team could take care of it.
Interesting thread from Mastodon's Renaud Chaput, noticed via The Fediverse Report, about how Mastodon is approaching quote posts:
It is a complex task and we have been working on defining the feature and the protocol-level details for some time. We are moving forward, and there are fewer hard questions to answers, but progress is there.
I can see a place for more control like this. But also, I like simple Markdown and HTML block quotes, because it scales from microblog posts to excerpts of long posts, for the whole web.
