Search Results for "october 29"

Microsoft and Activision Blizzard extend their merger deadline to October, the UK’s CMA grants initial approval to Broadcom’s VMware acquisition, and Intel licenses its NUC designs to Asus.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

Could an open source alternative finally spell the end of Twitter’s short-form bulletin board style postings? It’s been tried before, but now there’s perhaps the best contender for the Twitter throne yet: Mastadon.

Featuring Tom Merritt.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Episode transcript:

Twitter.

“This website.”

A platform that people love to hate.

A platform people love to yell “I’m leaving.”

But they always come back.

They left for Pownce. And they came back. And Pownce died.

They left for Plurk. And they came back. And Plurk went niche.

They left to start whole new protocols like Diaspora and Identica.

But every time they fly to an alternative, they also fly back.

Except. Maybe this time? Is this the exception?

Because this isn’t the story of Twitter. This is the story of a place that has almost all the ingredients to keep the Twitter exodus.

Let’s help you know a little more about Mastodon.

It’s March 2007. The SXSW Interactive festival in Austin, Texas is filled with Web 2.0 pitches and internet stars. But one website is standing out. Twitter, with a giant screen in the convention center showing “tweets” as they happen in real time, steals the spotlight.
That feels like the last time people unanimously loved Twitter.
In 2009 a group calling itself the “Iranian Cyber Army” hacks Twitter through a DNS exploit. It won’t be the last time Twitter gets hacked. But it will cause one of the first big rounds of questions about whether Twitter is safe. It won’t be the last time that happens either.
In 2011. Twitter posts are credited with fueling uprisings in the Middle East known as the “Arab Spring” BUT it also launches the “Quick Bar”, a floating bar at the top of the iOS app which was withdrawn after loud user complaints.
Then there was #gamergate and the vitriolic arguments and harassment about what was true journalism and who were fake gamers. That led to calls for better Twitter moderation.
You get the idea. Controversies happen frequently on Twitter and when they do, users storm off to try an alternative.
And in 2016, the US presidential election made every one of those controversies look mild. A month out from election day, a European developer decided to be the latest to try to make yet another Twitter alternative. Maybe this would be the one.
Mastodon launched October 5, 2016 Developer Eugen Rochko posted on Hacker News, “Show HN: A new decentralized microblogging platform” It linked to a Github page.
There you could find the basic code of yet another decentralized social network. It stood out from previous attempts in a couple ways. First, it was truly open source, not a proprietary service pretending to be decentralized. Anybody could set up a Mastodon server. And second, it was polished. It looked like a slick implementation of Tweetdeck.
Developers in general were complimentary and several jumped in to help work on the project. Since anybody could set up a Mastodon server, lots of them did, showing that it could work as a truly federated and decentralized platform.
You just needed people to use it.
It simmered away with people wandering in as they heard about it in various corners of the internet. But that calm period changed. In March 2017.
The rancor on Twitter had been snowballing since the election of President Trump. It seems like background noise now, but at the time it was overwhelming. People got angry on Twitter before but not in the numbers and not with this kind of sustained rage. Almost every user on the platform was picking a side and firing shots at the other.
That may explain why a seemingly innocuous change began another exodus.
On March 30th, Twitter announced that the names of people you are replying to would not count against the character count, and if you replied to more than one person, only the first person’s name would show with the rest available with a click.
Minor stuff right. WRONG
With everyone angrily replying to each other and laser-focused on shaming their opponents by name, this was seen as hiding important information! In reality, this was the straw that broke the camel’s ability to stay on Twitter.
So when big names like IT Crowd creator Graham Lineman (aka Glinner) and Community and Rick and Morty creator Dan Harmon started accounts on Mastodon, a wave began. Motherboard’s Sarah Jeong had been working on an article about the little platform and found herself documenting a mass migration.
Mastodon users jumped 70% in 48 hours and Rochko met his $800 a month Patreon goal. Jeong posted her Motherboard article on April 4th. Mashable’s Jack Morse posted the same day with the title “Bye, Twitter. All the cool kids are migrating to Mastodon.” A few days later, April 7, Quartz and The Verge both had published guides on how to use Mastodon.
By April 9, 2017 Mastodon had 129,302 accounts. Nothing compared to Twitter’s hundreds of millions, but a hockey stick-like growth that caught people’s attention.
Rochko’s main instance, Mastodon.social had to lock registrations to encourage new users to sign up on one of the other 1,200 or so servers.
Mastodon was having its moment. Like Pownce, and Plurk and identi.ca and Diaspora before it.
And almost as quickly as it began. It ended.
The pattern held. The Twitter faithful got mad. The Twitter faithful fled. The Twitter faithful realized that they still liked yelling on Twitter and returned.
By May 22, the headline on the Verge was “What happened to Mastodon after its moment in the spotlight?”
Thankfully for Rochko and friends the story was more Plurk than Pownce. The flood had stopped but there was still growth.
The Verge’s Megan Farokh-manesh described it as a grab bag of “personal observations, video games, politics, comics, and a mix of users speaking in French, Japanese, Spanish, and more.”
In fact it was now a cozy community. Slightly bigger than it had been a few months before but the better for it. The Twitter masses had gone.
For now.

Let’s take a minute to look at how Mastodon works. Because it’s not exactly a Twitter clone. And it points out some of the reasons Mastodon is seen as a good Twitter alternative, and also what its actual road blocks are to becoming massively popular.
Mastodon’s code is issued under the AGPLv3 open source license built on the W3C ActivityPub standard. That’s a standard used not just by Mastodon but other federated services like PeerTube for video, Pixelfed for images and Friendica, another social networking alternative.
But the point here is Mastodon is standards compliant. ActivityPub is a World Wide Web Consortium standard, like HTML.
Mastodon’s open source code is free and the license does not allow anyone to reverse that. It is administered by a German nonprofit called Mastodon which owns the trademark and runs two servers, the original mastodon.social and mastodon.online.
Mastodon describes its federation of servers as the ‘fediverse.’
Basically, anybody can take the code and start a server if they want to maintain it. And those servers can then integrate with other servers in the fediverse as much or as little as they want. Each server will have its own policies and moderation rules. So you can be on a server and see posts on every other server but you can choose a server that plays by rules you’re comfortable with. Want maximal free speech? Find a maximal free speech server. Want strong moderation and crackdowns on offensive speech, choose a server with those kinds of policies. You can still interact with the rest of the fediverse, but with filter levels and other rules that you’re comfortable with.
So for example a Mastodon server can see all the posts in the fediverse, but a particular server may choose to ban a list of swear words. If you sign up on that server you’d see all the posts from the rest of the fediverse unless they had swearing in them. But swearing doesn’t have to be banned everywhere. If you don’t mind seeing swearing you can choose a server that doesn’t block it.
And you can also block server yourself on your own account. Don’t like the policies or perspectives of the people who post on the mastodon server blacklicorice.rocks, you can stop it from ever showing up in *your* feeds, without needing the server you’re on to block it for everyone.
Of course, most people will pick a server that has policies they agree with, so they don’t have to do a lot of maintenance and blocking. But what if you change your mind. Or pick the wrong server. Or your server changes ITS policies?
This is where another feature of the fediverse comes in handy. You’re not locked into a server. You can try one out and then change your mind and not lose your data.
Mastodon makes it possible to take your follower lists along with you. With Facebook or Twitter that would mean abandoning everything. With Mastodon it just means a couple of export and import clicks. There are one or two steps depending on what you want to keep after you move. If all you want to keep is your followers– so people find you immediately at your new server– you can do that automatically. If you want to keep who YOU follow, as well as mute lists, block lists, bookmarks, domain blocks, you need to export a file with that info and import it when you set up the new account. The point being, it’s not complicated to move from one server to another.
This is also why Mastodon usernames look like email addresses. tom@mastdon.server for example. The first part is the user name and the portion after the at symbol is the server name.
Even with the ability to switch servers, the choice makes it daunting for some people to sign up in the first place. Not just for the simple reason of having to choose, but because the various apps are still developing better ways to make it easy to see what’s available and get signed up.
Whatever server you end up on, you’ll be able to view multiple feeds. And they’re pretty familiar if you’re a Twitter user. Different servers can tweak them a little but usually there’s one for people you follow, one for interactions with your posts, one to see everything on your local server and quite often one called “Federated” which lets you see every post from every server your server interacts with.
A lot of servers also have a feed called Explore which lets you see posts from across the fediverse that are getting a lot of attention. That’s the closest Mastodon gets to a “trending topics” feed.
There are also Direct messages, Favourites and Bookmarks. Favourites let other people know you like something, bookmarks are for you to reference something later whether you “like” it or not. And you can make your own lists.
The standard message posting on Mastodon has a maximum of 500 characters. You can attach an image, run a poll, add a content warning and select a default language that the post is in. Posts were jokingly referred to as Toots in the early days, a play on Tweets and because Mastdon’s logo is a big hairy extinct elephant. While the word toot is still in use, it’s somewhat deprecated.
Posts can also have varying privacy settings. You can let a post be public across the fediverse, private to only your followers, direct between users or even unlisted, so anyone can see it if they know where to look but it won’t be discoverable.
There are some differences from Twitter too.
Search is more limited as well, with most servers only returning searches for user names and hashtags. For example, the Explore feed only follows hashtags, not individual words in posts. And Boosts, the mastodon equivalent of Retweets, do not allow you to add commentary.
One of the downsides of Mastodon’s federated approach is that not every server is as well run as every other. Large popular servers have few problems but niche communities rely on the good graces of small teams or sometimes individuals. There is no monetization built into the platforms so the folks who run servers rely on crowdfunding like donations or Patreons.
So not every server is secure, and things like posting images can become an ethical dilemma if you know each image is increasing the cost of the volunteer who runs your server.
That boils down to two things working against Mastodon’s uptake with the wider populace: ease of use and difficulty of maintenance. Hold that thought though.
The tradeoff is that you get that ability to pick and choose moderation. Something that attracted people to another run at Mastodon in 2022. This time was much bigger.

By October 2022, Mastodon had grown to 300,000 users. A little less than three times what it had during the great yet brief migration of 2017. It wasn’t booming but it wasn’t declining. Just a nice slow growing community of people. A small suburban feel.
Then. On October 27, 2022, Elon Musk closed his long embattled acquisition of Twitter.
It would be an entire separate episode to discuss all the events of Musk’s first few months owning Twitter. Lifting the ban on President Trump, firing executives, firing more people, lifting more bans, launching paid verification, unlaunching paid verification, laying off more people, making decisions by poll. And with each event, the Twitter user did what Twitter users have always done. Flee to try something else.
And there were new platforms to try like Hive and Post and platforms on the comeback trail from decline, like Tumblr. But the biggest by far was a familiar furry trunk.
Mastodon had never gone away. It was never in decline. But it had never grown like this. Between October and November 2022 it grew 800% to 2.5 million. Still much smaller than Twitter’s 350 million plus, but now in the conversation.
The holidays took some of the momentum away though as people paid less attention to whatever wild thing Twitter’s CEO was posting. And after the first of the year, CES diverted the tech world’s attention such that Musk’s antics seemed to engender less panic than they had.
By February, Mastodon users had fallen from the 2.5 million high to 1.4 million.
It looked like an old story. Twitter users angered. Twitter users flee. Twitter users get over it. Twitter users come back. Alternative platform left to pick up the pieces.
Except.
January 19, Twitter changed its API kicking off third-party clients. That left developers of the clients wondering if they shouldn’t make a Mastodon app. The folks who made Tweetbot launched Ivory. The folks who made Aviary, launched Mammoth and even got funding from Mozilla. Suddenly there were easier ways to get started with Mastodon with experienced developers who by all rights should not have been given the opportunity to do this.
And on February 10, Cloudflare, a company who makes its money securing big websites from cyberattacks and downtime, launched Widlebeest. It lets you quickly spin up a Mastodon server that supports ActivityPub and other Fediverse APIs, with the ability to publish, edit, boost, and delete posts. And of course the server will sit behind Cloudflare’s security from denial of service and other attacks. You still needed some tech chops, but it made it a lot easier for someone to get a server up and going and not worry as much about the maintenance and security.
And Fast Company had another point. Maybe Mastodon isn’t following the Twitter alternative pattern at all. Maybe it’s following the Twitter pattern.
In April 2009, two years after launch, Nielsen noted that only 40% of Twitter users still used the service. In February 2011, Forbes noted Twitter’s user base had dropped by 5 million. Even as recent as 2014, a Reuters/Ipsos poll found that 36% of people who joined Twitter said they never used it.
And yet, Twitter, even after all of the outrage– is still going.
Mastodon may or may not be a replacement for Twitter. But it may very well be a new platform in the mix, and possibly could become something totally new and unexpected.
In other words, I hope you Know A little More, about Mastodon.

The story of RSS is simple and yet combative. In fact RSS’s success may hinge on one man’s idealistic dedication to his principles. Tom takes you through the history of RSS.

Featuring Tom Merritt.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Episode transcript:

You probably use an RSS feed. In fact if you got this episode as a podcast you definitely used an RSS feed. Most people these days don’t even know they’re there. The story of RSS is simple and yet combative. In fact RSS’s success may hinge on one man’s idealistic dedication to his principles. If you’ve ever thought “why are people making this so complicated?” If you’ve ever wondered what it would be like to be a person who just shut everyone up with an action that for right or wrong would stand the test of time. Get ready to Know a Little More about RSS.

People say RSS stands for Really Simple Syndication though it really doesn’t. That’s one of the charms of the story of RSS. Throughout its formative years nobody could agree on much and the name is still a matter of debate to this day.
If you’ve heard of RSS at all, it was most likely in connection with Podcasts. Podcasts are delivered through RSS feeds to the apps and platforms where you can listen to them. Behind every Apple Podcast, Google Podcast, Audible Podcast and even most Spotify podcasts, there’s a simple RSS feed. You may also use RSS as a feed for headlines. If you use Feedly, NewsBlur or Inoreader or something like that you’re using RSS.
But where did RSS come from? Oh my friends. Be prepared for a tale of idealism, abandonment, betrayal and perseverance. It is the tale of RSS.
In the earliest days if you wanted to know if a website had been updated you had to visit it. As websites became more common this became a chore. So people experimented with ways to let you know when a website had been updated, without you having to go there. One of the earliest attempts at this was the Meta Content Framework or MCF, developed in 1995 in Apple’s Advanced Technology Group.
Ramanathan V. Guha was part of that group and a few years later, he moved over to browser-maker Netscape, where he and Dan Libby kept working on these sorts ideas. Guha particularly liked developing Resource Description Frameworks, or RDFs, similar to the old MCF he worked on at Apple. They were complex ways to show all kinds of things about web pages without having to visit them.
But Netscape’s team was of Guha, Libby and friends was not alone. And early on they weren’t he most likely to succeed. The Information and Content Exchange standard, or ICE, was proposed in January 1998, by Firefly Networks — an early web community company– and Vignette- a web publishing tool maker. They got some big names to back ICE too. Microsoft, Adobe, Sun, CNET, National Semiconductor, Tribune Media Services, Ziff Davis and Reuters, were among the ICE authoring group. But it wasn’t open source. In those days respectable tech companies like those I just named, still cast a skeptical eye on open source code. How were you supposed to make money on it? Who would keep working on it if they weren’t paid? So the members of the ICE authoring group paid people to develop it. And in the end that meant it developed slower than competing standards.
Interestingly, ICE’s failure caused Microsoft to get a little more open, a little earlier than you might expect. In 1997 Microsoft and Pointcast created the Channel Definition Format, or CDF. They released it on March 8, 1997 and in order not to fall under the death by slow development that ICE seemed to, they submitted it as as standard to the W3C the next day.
It was adopted quickly and in fact its success planted the seed of its successor. Dave Winer had founded a software company in 1988 called UserLand. UserLand added support for CDF on April 14, 1997 one month after its release. Winer also began publishing his weblog, Scripting News in CDF. But CDF, like ICE, was more complicated than a smaller site needed. So on December 27, 1997, Winer began to publish Scripting News in his own scriptingNews feed format as well. He just simplified CDF for his own needs and made that available for anyone who wanted to use it to subscribe.
Meanwhile Libby had been working away at his own version of a feed platform and Netscape was about to make a big launch that would cause his project to surpass them all. On July 28, 1998, Netscape launched My Netscape Portal, This was one of the earliest Web Portals. A place that aggregated links from sites around the Web. You could add sites you wanted to follow, like CNET or ZDNet and then see their latest posts all in one place.
Netscape kept the links updated with a set of tools developed by Libby. He had taken a part of an RDF parsing system that his friend Guha had developed for the Netscape 5 browser, and turned it into a feed parsing system for My Netscape. He called it Open-SPF at the time, for Site Preview Format.
Open-SPF let anyone format content that could then be added to My Netscape. It was rich like CDF, open like CDF but had one advantage over CDF. It worked on My Netscape, which suddenly everyone wanted to be on.
Netscape provided it for free because that meant the company didn’t have to spend time reaching deals for content. You want your content on My Netscape, use Open-SPF, it can be there. That meant there was more content available for My Netscape than was usual on curated pages. The content was free for both the users and Netscape. More content meant more users and more users meant Netscape could serve more ads. And content providers were willing to create the Open-SPF feeds, because they weren’t burdensome to create and the sites got more visitors who saw their content on My Netscape and clicked on links to come to their sites.
Sound familiar? This arrangement is the one Google still tries to rely on for Google News. Except the news publishers have changed tunes. Back then they were all about bringing visitors to their websites and happy that Netscape sent folks their way for free.. But as the years have passed and revenue has shrunk, now they’re more about getting Google to pay them for linking to their news.
Anyway back to the rise of Netscape.
1999 is not only the end of the millennium. It’s not only when everyone actually got to party the way Prince had been asking them to pretend to party. 1999 was a huge year for RSS. It was about to reach its modern form and become something users of RSS today would recognise. By name.
On Feb. 1, 1999 Open-SPF was released as an Engineering Vision Statement for folks to comment on and help improve.
Dave Winer commented that he would love to add Scripting News to My Netscape but he didn’t have time to learn Netscape’s Open-SPF. However because he had his own self-made feed format using XML he’d “be happy to support Netscape and others in writing syndicators of that content flow. No royalty necessary. It would be easy to have a search engine feed off this flow of links and comments. There are starting to be a bunch of weblogs, wouldn’t it be interesting if we could agree on an XML format between us?”
However by Feb. 22, Scripting News was publishing in Open-SPF and available at My Netscape. Feeling like it was a success, Libby changed the name of Open-SPF to refer to the fact that it used RDF, calling it the RDF-SPF format and released specs for RDF-SPF 0.9 on March 1. Shortly after release he changed the unwieldy name to RDF Site Summary, or RSS for short. Thus begins the first in a parade of meanings for RSS
And the new name took off. Carmen’s Headline Viewer came out on April 25th as the first RSS desktop aggregator and Winer’s my.UserLand.com followed on June 10th as a web-based aggregator.
Folks liked the idea obviously, but a lot of RSS enthusiasts thought the RDF was too complex, Dave Winer among them. Libby hadn’t ignored Winer’s earlier offer either. In fact, Libby thought they weren’t really using RDF for any useful purpose. So he simplified the format adding some elements from Winer’s scriptingNews, and removing RDF so it would validate as XML. This was released on July 10, 1999 as RSS 0.91.
Some folks write that the name changed to Rich Site Summary at that point but Winer wrote at the time “There is no consensus on what RSS stands for, so it’s not an acronym, it’s a name. Later versions of this spec may say it’s an acronym, and hopefully this won’t break too many applications.”
Anyway by 1999, like Toy Story, RSS is on a roll. Libby is bringing in feedback from the community and creating a workable usable standard that is reaching heights of popularity beyond just the confines of My Netscape.
Like some kind of VH1 Behind the Music story, as it reach that’s height, everything fell apart.
Netscape would never release a new version of RSS again.
In the absence of Netscape’s influence, two competing camps arose.
Rael Dornfest wanted to add new features, possibly as modules. That would mean adding more complex XML and possibly bringing back RDF.
Dave Winer preached simplicity. You could learn HTML at the time by just viewing the source code of a web page. Winer wanted the same for RSS.
On August 14, 2000, the RSS 1.0 mailing list became the battleground for the war of words between the two camps.
Dornfest’s group started the RSS-DEV Working Group. It included RDF expert Guha as well as future Reddit co-founder Aaron Swartz. They added back support for RDF as well as including XML Namespaces. On December 6, 2000 they released RSS-1.0. and renamed RSS back to RDF Site Summary.
Not to be left behind, two weeks later On December 25, 2000, Winer’s camp released RSS 0.92.
Folks, grab your steaks knives. We have a fork.
In earlier days, Libby, or someone at Netscape, would have stepped in. In But AOL had bought Netscape in 1998 and had been de-empahasizing My Netscape. They wanted people on AOL.com. And if they didn’t care about Netscape, they cared even less about RSS. In fact they actively did things that could have ended RSS. In April 2001, AOL closed My Netscape and disbanded the RSS team, going so far as to pull the RSS 0.91 document offline. That document was used by every RSS parser to validate the feeds. Suddenly all RSS feeds stopped validating. Apparently this had little effect on visitors to AOL.com or people dialing in to their internet connection, so AOL just let them stay broken. With the RSS team gone and AOL doing nothing, RSS feeds were looking dead in the water.
But the RSS 0.91 document was just a document after all. And there were copies. Anybody theoretically could host it as long as everyone else changed their feeds to validate to the new address. Dave Winer stepped up.
Winer’s UserLand stepped in and published a copy of the document on Scripting.com so that feed readers could validate. That right there won Winer a lot of good will.
An uneasy truce followed. Whether you were using Netscape’s old RSS 0.91, Winer’s new RSS 0.92 or the RDF Development Group’s RSS 1.0 they would all validate.
By the summer of 2002, things are going OK and tempers have cooled. Nelly has a hit song advising folks what to do if things get hot in here. Maybe we can solve this? Let’s try to merge all three versions into one new version we can all agree on and call it RSS 2.0. right?
Except they couldn’t agree. Winer still wanted simplicity. RDF folks still wanted RDF and the fun features it would bring. They would agree to a simplified version of RDF but they still wanted it. To make matters more confusing, Winer was discussing what should happen by blog, with everyone pointing to their own blogs. The RDF folks were talking about it on the rss-dev mailing list.
Communication, oddly in a discussion about a communication platform, was the problem. Since neither side was seeing each other’s arguments they never came to an agreement. So Winer’s group decided not to wait. On September 16, 2002, UserLand released their own spec and just went and called it RSS 2.0. AND Winer declared RSS 2.0 frozen. No more changes.
Discussions continued on the RSS-dev list but Winer’s camp got another victory when in November 2002, the New York Times adopted RSS 2.0. That caused a lot of other publications to follow suit. Further consolidating the position.
The next year in another move fending off the debate, on July 15, 2003, Winer and UserLand assigned ownership of RSS 2.0 copyright to Harvard’s Berkman Center for the Internet & Society. A three-person RSS Advisory board was founded to maintain the spec in cooperation with the Berkman Center which continued the policy of considering RSS frozen. Mic. Dropped.
There was still a resistance. IBM developer Sam Ruby set up a wiki for some of the old RDF folks, and others, to discuss a new syndication format to address shortcomings in RSS and possibly replace Blogger and LiveJournal’s protocols. The Atom syndication format was born of this process and was proposed as an internet official protocol standard in December 2005. Atom has a few more capabilities and is more standard compliant, being an official IETF Internet standard, which RSS is not. But in practice they’re pretty similar. Atom’s last update was October 2007 but it is still widely supported alongside RSS.
And RSS 2.0 kept going. In 2004 its abilities to do enclosures, basically point to a file that could be delivered along with text, led to the rise of Podcasts. Basically RSS feeds that pointed to MP3 files.
In 2005, Safari, Internet Explorer, and Firefox all began incorporating RSS into their browser’s functions. Mozilla’s Stephen Hollander had created the Web Feed icon, the little orange block with a symbol like the WiFi symbol at an angle. It was used in Firefox’s implementation of RSS support, and eventually Microsoft and Opera used it too. It was also used for Atom feeds. Stephen Hollander did what most could not. Get people interested in providing automated Web feeds to agree on something.
And in 2006, with Dave Winer’s participation, RSS Advisory Board chairman Rogers Cadenhead relaunched the body, adding 8 new members to the group in order to continue development of RSS.
Peace in the form of an orange square was achieved.
OK. So RSS has a colorful history. What the heck does it do?
That part is pretty simple. It’s a standard for writing out a description of stuff so that it’s easy for software to read and display it.
Basically you have the channel (or Feed in Atom) and Items (or entries in Atom).
RSS 2.0 requires the channel to have three elements, the rest are optional. So to have a proper feed you need a title for your channel, a description of what it is and a link to the source of the channel’s items.
Like Daily Tech News Show – A show about tech news. And a link to dailytechnewsshow.com
Optional elements of RSS are things like an image, publication date, copyright notice, and even more instructions like how long to go between checking for new content and days and times to skip checking.
The items are the stuff in the feed. There are no required elements of an item, except that it can’t be empty. It has to have at least one thing in it. So an item could just have a title or just have a link. However most of the time an item has a title, a link and a description. The description can be a summary or the whole post. Other elements of the item include author, category, comments, publication date and of course enclosure.
So for our Daily Tech News Show example title might be Episode 5634 – AI Wins, the description might be “Tom and Sarah talk about how AI just won and took over everything.” And the link to the post for that episode.
The enclosure element lets the item point to a file to be loaded. The most common use for the enclosure tag is to include an audio or video file to be delivered as a podcast.
For Daily Tech News Show that would be a link to the MP3 file.
In the end an RSS reader or a podcast player looks at an RSS feed the way your browser looks at a web page. It sees all the titles, links descriptions and possible enclosures, and then loads them up and displays them for you.
After a rather stormy opening decade, RSS has settled down into a reliable and with apologies to team RDF, simple way of syndicating info. Really Simple Syndication indeed.
Like podcasting which it provides the underpinnings to, RSS has been declared dead several times. But it just keeps on enduring. I hope you have a little appreciation for that tiny file that delivers you headlines and shows now. In other words, I hope you know a little more about RSS.

Ready for a passwordless life? Tom explains how Passkey will get us there and why it’s coming sooner than you think and later than you’d like.

Featuring Tom Merritt.

About the FIDO Alliance.
About Public Key Cryptography.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Episode transcript:

I just figured out passwords and now they’re switching to passkeys!
And supposedly you just tap a thing on your phone and you’re in?
How is that even secure?
Confused? Don’t be.
Let’s help you know a little more about passkeys.

Passkeys are the hope for our passwordless future. They’re based on FIDO 2 from the FIDO Alliance.
FIDO stands for Fast Identity Online and the alliance includes Amazon, Apple, Google, Meta, Microsoft, Samsung, Intel, Qualcomm PayPal, Wells Fargo, US Bank, Visa 1Password, LastPass, RSA. the list is rather long but I think that gives you the flavor. It’s big tech companies, security provider’s chip makers and banks.
The FIDO alliance develops FIDO 2 as an open standard in cooperation with the World Wide Web Consortium or W3C.
I did an entire episode on FIDO 2, which aims to increase authentication security, but here’s the short version. FIDO 2 gives you single multi factor, meaning it doesn’t require a password. FIDO 2 is probably most familiar to folks in corporate enterprises that use things like Yubico’s Yubikeys. They’re the little USB dongles you insert or tap to provide a second factor.
Many of you may NOT be familiar with those and that’s the reason FIDO 2 hasn’t spread faster. As much as it would be great if everyone bought something like a Yubikey, most people just aren’t going to do that. And until you get most people to do it, sites aren’t going to want to pay developers to redo their authentication system.
That’s why you see it in a corporations right? The company CISO just makes everybody use the yubikey to log in. The devs have to implement it because every employee int he company is going to sue it. Also because the CISO told them to do it.
In the wider world you need a diverse array of websites and device manufacturers to support it AND a bunch of consumers who adopt it. And consumers won’t adopt something unless it’s easy.
So we’ve been in this holding pattern for awhile, waiting for adoption by devs who are waiting for adoption by consumers who are waiting for easy implementation which requires adoption by devs and now I’m dizzy.
But passkey seems about to get us off this merry-go-round. Because passkey is designed to be easy while also being secure.
Passkey is an implementation of FIDO 2, but instead of making you get another thing, like a USB key, it uses the devices you already have. They sort of turn your device into the yubikey.
Here’s how creating a passkey works.
Let’s say you have an iPhone and you’re using Chrome. You go to a website, let’s say passkeys.io. It probably will ask you for an email address. The email address is not necessary for passkey to work. So you can go ahead and give it a fake one or a spam one if you want. However the email address is likely going to be used for account recovery in case you lose the phone that has all your passkeys. So you might want to use a working email address.
After you enter the email address, you press “Set up passkey.” It then prompts you to use with whatever you use to protect your devices overall security. It could be FaceID, could be a fingerprint scanner. Maybe it’s a nice complex PIN. Let’s say it’s a fingerprint scan. Press your finger on the fingerprint scanner on your device and you’re in. That’s it. You just created a secure account.
Yep! WAY easier than enter a password twice, oh you don’t have enough character oh you didn’t use special characters. None of that. No adding it to the password manager. Email address. Create passkey. Fingerprint scan. Done. In the background your OS has stood the passkey securely and may be syncing it with other devices.
And you gave precious little to the company you created the passkey for! It knows whatever email you gave them and has created a token to match with your passkey in the future. It has NOT stored your passkey. An attacker cannot steal your password from the company because the company doesn’t have it.
The next time you go back to sign in on that same iPhone, you’ll just choose “Sign in with passkey,” swipe your fingerprint and you’ll be signed in.
But ah you say. What if I want to sign in on my Windows machine using the Edge browser?
Go to passkeys.io on Edge and select sign in with passkeys. Your passkey isn’t on that device so it gives you the option of using a QR code. Scan the QR code with your phone and the synced passkey tells the website that it’s you and logs you in on the Edge browser.
In the future once support is fully implemented it will get easier. Bluetooth LE from Windows can directly notify your iOS or Android phone of the login request through an encrypted tunnel. You see that notification on your phone. So you pick up your phone and unlock it.
OK so what happens if you lose your phone? One hedge against that is if you have multiple devices. You can store your passkeys on a laptop and a phone. Apple, Microsoft and Google provide end-to-end encrypted syncing of passkeys across devices. But there’s also good old account recovery by email which is why you want to give a working email along with your password. Right now account recovery is so much more secure than passwords that some sites only log you in by sending you an email. Keeping your email account secure is quite important of course and will continue to be so. And it will be important to have multiple ways to securely log in to your email. So you’ll want passkeys on more than one device.
In a world of passkeys you’ll need multiple ways of getting to your email of course, but also you’re device security becomes paramount. Unlocking a laptop or phone will serve the same step as entering a password used to. This will take some education for people who use insecure passwords on their devices. However, to steal passkeys will still require physical access which is much more secure than passwords are now. Still, best practice is to make sure you have a sufficiently complex PIN backing up face or fingerprint.
Is this really more secure? The full details are in our episode on FIDO 2 but think of it this way.
Right now, you might try to be secure by using a password manager to create a long complex password and store it in an encrypted vault. You then use another long complex password to unlock the vault and access the password for a website and enter it there. Then if you are using MFA you open an app generating codes and type a code in separately. Every one of those steps is phishable. Somebody could be tricking you into entering the password or the MFA code into the wrong box at the wrong time. It can happen to the most careful among us.
With Passkey, unlocking your device replaces unlocking your password manager. Except the password is an encrypted key much more complex than any your password generator would generate, and is automatically sent directly to the site requesting it. That site combines it with its token to validate it’s the right account and authenticate you. (See our episode on Public Key Cryptography to understand how this works securely)
Since during that process, you didn’t have to type anything anywhere there’s no chance it gets typed into the wrong place. Since only the site you’re trying to log into can make use of that key, there’s no risk of sending your passkey to the wrong location. To intercept the key and try to use it to pretend to be someone would require breaking some incredibly strong encryption. And there is no password stored by the site! So there is no password database to breach.
So where can you use passkeys?
Many browsers support it including Chrome on ChromeOS, Windows and macOS, Microsoft Edge on Windows and macOS and Safari on MacOS.
Apple started supporting passkeys in iOS 16, iPadOS 16 and macOS Ventura
Google supports passkeys in Android as of October 2022 and ChromeOS in beta with full support in 2023.
Windows will support passkey in 2023.
Passkeys are supported by PayPal, eBay, WordPress and a growing list of websites.
And here’s where a lot of folks see downside. In pursuit of the mass market of consumers passkey does leave folks out. If you’re on Linux you can use Fido 2 like a yubikey but you may not be able to use passkey, without also using a Mac, iOS, Android or Windows device.
That may make you upset and I get it. Passkey is meant to be the mass market version of FIDO 2 so it runs on the mass market platforms. Thankfully FIDO 2 is an open standard so passkey can be extended to other platforms, it’s just going to take someone doing the work.
But remember that even if you’re using the mass market platforms the keys are always stored locally. Their cloud services are used for sync not storage and are end-to-end encrypted. That may or may not make you feel better but it’s not as egregious as managing the keys for you.
So can we ditch passwords? Not yet.
By the end of 2023 all the operating systems will fully support it along with the major browsers and more websites will as well. At that point users will need to update their operating systems and start learning what passkey is and decide if they trust it. But we’re close. Within a couple of years we should start seeing passkeys become common and passwords less so.
In other words, I hope you know a little more about passkey.

Tom explores the history, usage, and possible dangers of QR Codes.

Featuring Tom Merritt.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Transcript:

I went to a restaurant and they said their menu was a little box full of boxes.
How am I supposed to read that.?
Someone said point my phone at it?
Confused?
Don’t be, let’s help you Know A Little More about QR Codes.

The “QR” in QR code stands for Quick Response code. It was invented by Masahiro Hara of the Denso Wave subsidiary of Japan’s Denso automotive parts company in 1994. He was inspired by the black and white patterns created when playing the game Go. The original application of the QR code was to identify parts in auto manufacturing at high speed.
The QR code is a type of 2D or matrix barcode, as opposed to the widespread UPC bar code you see a lot of, which is considered a 1D bar code. A 1D bar code is read in one dimension. So with UPC a laser horizontally the series of varying widths of black and white bars. Whereas a 2D barcode is read vertically and horizontally and uses rectangles, dots, hexagons and other patterns.
The big advantage of a 2D bar code is it can hold more information and deliver it quicker than a 1D bar code.
A QR code uses black squares called data modules arranged in a square grid on a white background. The background should extend outside the square in what’s called a “quiet zone” to make it easy to detect what’s actually part of the QR code’s matrix. You can encode four standard types of input data or “encoding modes:” numeric, alphanumeric, byte/binary and kanji.
The maximum amount of information you can encode depends on which of these inputs you’re using as well as your level of error correction and the dimensions of the grid. Grid dimensions are described by a level number from 1- 40. With level 1 having 21 by 21 data modules and each level adding 4 until you get level 40 with 177 x 177 data modules.
Maximum capacity can be found with the 40-L numeric encoding which encodes just numbers at the maximum dimensions of the grid with the lowest error correction. It can hold 7089 characters. The Alphanumeric version of the same thing holds 4,296 characters. Most QR codes you see in everyday life are around versions 2-5 and usually hold between 20 to 100 characters, enough for a shortened URL.
Because a QR code is two dimensional you need an image sensor to detect it. Since almost every phone now has a camera, the phone has become the most familiar way QR codes are scanned.
A Reed-Solomon error correction process is used to interpret the pattern. Reed-Solomon is also used in CDs, Blu-ray Discs, DSL and RAID 6. In QR codes there are four levels of error correction L is the lowest restoring approximately 7% of data, M is the middle at 15%, Q is the next up at 25% and H is the highest at 30%. This is going to offend statisticians and data professionals but you can roughly think of it as if up to 7% of the data is damaged the L error correction will still let you read the data. In practice most QR codes seem to use M. I guess they assume if more than 15% of that sticker is damaged you might as well get a new menu sticker.
But let’s get into how that pattern of blocks gets turned into your restaurant menu or wifi password or name of a conference room or whatever. The whole QR code is made up of just those blocks, called data modules, either black squares or empty white spaces.
You might have noticed there are always three distinctive larger squares in the corners of a QR code, Those are position markers. They are used along with a smaller square or set of squares in the fourth corner to calibrate the size, orientation and angle in which the pattern is being viewed.
Now your QR code reader, likely your phone’s camera, knows where the code is and can adjust for how big it looks in your camera. It can even do these adjustments on the fly as your unsteady hand wavers over the restaurant table.
Next it needs to know some things about what kind of encoding and error corrections and such were used. This way it can interpret the data correctly.
The mode indicator is placed in the bottom right indicating the input type. Other format information like error correction quality and character count is placed near the three squares. These are done as a sequence of 4 bit indicators.
That stuff is always the same and lets the reader know whether to look for numbers, alphabets kanji whatever and how much will be redundant error correction code
Now it’s time to read the whole point of this exercise. The data. The thing. The link to the menu. The kind of auto part this is. The WiFi Password!
In the space remaining after the position markers and format data, the encoded data is placed from right to left in a zigzag pattern until it reaches an end indicator. The amount of bits used for your data varies by the type of input. So numbers can get 3 digits into 10 bits, alphanumeric gets 2 characters into 11 bits and so on. You can even switch encoding types if you need to. Just throw in another 4-bit indicator.
You often need to mix input types because alphanumeric can only do capital case and 8 punctuation marks. So to do anything beyond that you need to use bytes which takes up more bits.
And that’s it, once the reader has interpreted all that it has the data and then the reader goes from there whether that’s showing you a URl you can tap or a wiFi password you can enter or the name “brake pad.”
You may wonder who keeps track of how that all works so that every reader works with every QR code.
QR codes have been standardized multiple times over the years. The first time was in October 1997 issued by the Association for Automatic Identification and Mobility, followed by one in January 1999 from JIS or Japanese Industrial Standards. And then the heavy, the International Standards Organization, or ISO issued its first standard in June 2000 and most recently updated it on February 1st, 2015.
Denso freely licenses QR code tech as long as users follow either the JIS or ISO standards. While Denso holds patents on the technology, it waived its rights for standardized codes and its patents in the US and Japan have already expired.
Denso does still hold the trademark on the name QR code and maintains some proprietary, non-standard implementations. But the ones you mostly see are standards-compliant.
You probably figured this out but QR codes are static. Once they’re printed, they don’t change. Even if you made an animated GIF of a QR code, the reader would just keep trying to show you the latest one. Once you make a QR code it’s meant to stay that way. Which makes them great for permanent information, which is why they were very good at parts identification. This is a shock absorber and we have very little expectation it will suddenly become a brake pad so we can slap a QR code on it so the assembly robots know what it is.
However at some point folks had the bright idea to encode URLs into QR codes. Why not? URL’s are just alphanumeric strings after all. Now, the URLs are still static. But any URL can be made to point to a different thing over time by redirecting it. Knowalittlemore.com for instance points to the ACast site where the podcast lives. I could change that to point to the daily tech news show blog posts about the show instead, if I wanted. So URLs sort of bring in the idea of a dynamic QR code, and so some people refer to static vs. dynamic QR codes. Let’s be clear, they’re all static. So when someone says a QR code is dynamic, it just means it has a URL. The code itself isn’t actually dynamic. But it points to a URL that you know you can redirect to different things. This is helpful for say, a restaurant that changes its menu.
It is also helpful for malicious types who want to do crimes and other malicious behavior.
As I think is clear by now, QR codes themselves are not risky as they only hold static data. QR code readers when working properly would prevent unauthorized executions of that data and there’s not a lot of leeway to make a very capable executable anyway. So the bigger worry is the URL. The practice of encoding URLs in QR codes is widespread, dare we speculate it is the norm, and that means the same risks that come in clicking any URL anywhere come with QR codes. One weakness could be a third party QR code reader that let its permission down a little. But even the most buttoned-down from the OS manufacturer built into the camera app QR code reader –can just take you to a malicious site like any email text message or link on the web.
As such you should only scan QR codes if you’re certain of the source. QR code stickers out in the world might be legitimate or might have been stuck there by someone malicious, possibly over the legitimate code. This doesn’t mean you should never scan a QR code in public but use secure QR code readers and look carefully at the link you’re being sent to before tapping it.
Some malicious links can look to you like they operate normally while engaging in malicious behavior like accessing your browser history or sending text messages without your knowledge.
It’s also good to doublecheck the URL after you tap to make sure it took you where you expected to go. Don’t just look at the graphics or the site layout, those can be faked. And resist the urge to log in, pay for something or download an app from a QR code link. Those are all popular scam vectors. There are legitimate times to use QR codes for that, but you need to be very sure about the legitimacy of the code before you do any of those.
And finally keep in mind that while the actual scanning of a QR code leaks no data, using a QR code to go to a website exposes all the same kinds of data as any visit to a website. Like your IP address, kind of browser and device, etc. This is no worse than browsing the web mind you, but something to keep in mind.
Finally , there are a few variations on the QR code you may encounter.
The Micro QR code holds a very small amount of info but doesn’t take up space so it’s often used on small items. It only has one positioning square in the upper left corner.
Denso Wave has a proprietary version called the IQR code that can be square or rectangular. It works well on cylindrical objects and holds more information than the standard QR Code.
And Frame QR codes take advantage of the error correction process to allow for a canvas area that can be used for logos, graphics etc.
QR codes are just bug dumb links in the world made of squares. Treat them like any big dumb link you’d find anywhere.
In other words, I hope you know a little more about QR codes.

Microsoft announced the free upgrade to Windows 11 will begin rolling out on October 5th, starting with new devices. Protocol’s Amber Burton has an article called ‘There aren’t enough data scientists’: How the future of reskilling in tech is changing. South Korea’s National Assembly passed an amendment on Tuesday prohibiting large app-store operators from requiring the use of their in-app purchasing systems.

Starring Tom Merritt, Sarah Lane, Lamarr Wilson, Roger Chang, Joe, Amos

MP3 Download

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!

Apple places Wistron on probation after an internal audit found the company violated its Supplier Code of Conduct, Microsoft is looking to develop its own ARM chips, and the operators of the supply-chain attack against SolarWinds had access since at least October 2019.

MP3

Please SUBSCRIBE HERE.

You can support Daily Tech Headlines directly here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!