John’s Blog

Gail Frederick, posting on the Heroku blog:

Over the past year, Heroku has been on a journey of reflection as we rebase the platform to address the changing needs of app teams toward the future without disrupting your business. In the Heroku way, we want to be thoughtful about your experience as we evolve.

When we started Heroku, it was the early days of cloud computing, before Docker and Kubernetes were household names in IT. We launched Heroku (and the platform-as-a-service category) to help teams get to the cloud easily with an elegant user experience in front of a powerful platform that automated a lot of the manual work that slowed teams down. To do that then, we had to build a lot of the tooling ourselves, like orchestration and self-hosting the databases in AWS. The platform delivered customers the outcomes they needed to deploy apps quickly and scale effortlessly in the cloud —all without having to worry about how the platform worked. […]

We’re excited to announce Heroku’s Next Generation Platform-as-a-Service that continues to deliver on this mission, addressing the needs of cloud-native and AI app delivery at scale with a delightful developer experience and a streamlined operator experience

Heroku had been the gold standard for developer productivity and hosting for so long. It was just so great and easy to deploy. Yes, it gets expensive as an app scales up, but for me it had always been worth the extra cost for peace of mind and not requiring a dedicated devops engineer on staff.

That time ended a few years ago. For some reason Salesforce has really neglected this platform that was once so great. I still use Heroku, but am actively researching better and more modern options.

In a related post, the new Fir stack is explained by Terence Lee:

Fir is still the Heroku you know and love. It’s rooted in the world renowned developer experience while built on a bedrock of security and stability. We achieve this by offering seamless functionality out of the box with the flexibility to customize as needed. In today’s complex development landscape, minimizing cognitive load is crucial.

Nice to see the embrace of existing open source tooling here instead of inventing something new when the rest of the industry has moved on.

This announcement is timely and interesting for me. Maybe they’ve been listening to feedback this entire time? Consider me very cautiously optimistic.

John Gruber with a very thoughtful piece regarding Substack over at Daring Fireball:

What I object to isn’t their laissez faire approach to who they allow to publish on their platform, but rather how they present all publications. People do call the publications on Substack “Substacks”. And Substack publications do all look the same, most of them right down to that telltale serif typeface, Spectral which is kerned so loosely it looks like teeth in need of orthodontia. It’s not an ugly font, per se, but it is very distinctive, which contributes, I think significantly, to the blurring of the branding line between Substack publications as discrete standalone independent entities or as mere sections under “Substack” as an umbrella publication.

Substack, very deliberately, has from the get-go tried to have it both ways. They say that publications on their platform are independent voices and brands. But they present them all as parts of Substack. They all look alike, and they all look like “Substack”. I really don’t get why any writer trying to establish themselves independently would farm out their own brand this way. It’s the illusion of independence.

One of the first questions I get asked by investors or others about Air Mail is: why didn’t you just use Substack. The above is one of the main reasons why I made that choice. Creating an independent site that looks like every other publication is a really poor way to create your voice and brand online.

Laurence Edmondson, writing for ESPN:

It was somehow fitting that Max Verstappen clinched this season’s title with a fifth-place finish in Las Vegas. A podium appearance may have been a more satisfying way to crown Formula 1’s latest four-time world champion, but this was a title campaign characterised by guts as much as it was by glory.

It was also a title campaign with a very different feeling to his previous three.

For the second year in a row the Las Vegas GP was a lot of fun. This is turning out to be the best street course on the calendar.

The previous race in Brazil really sealed this championship, but the Vegas result made it official. Congrats to Max, he earned it this year without having the fastest car on the grid.

Alex Kalinauckas has a great breakdown of 10 moments that led to Verstappen’s title this year.

“Bryce P. Tetraedwer, Global Tetrahedron CEO” writing for The Onion:

Founded in 1999 on the heels of the Satanic “panic” and growing steadily ever since, InfoWars has distinguished itself as an invaluable tool for brainwashing and controlling the masses. With a shrewd mix of delusional paranoia and dubious anti-aging nutrition hacks, they strive to make life both scarier and longer for everyone, a commendable goal. They are a true unicorn, capable of simultaneously inspiring public support for billionaires and stoking outrage at an inept federal state that can assassinate JFK but can’t even put a man on the Moon.

Through it all, InfoWars has shown an unswerving commitment to manufacturing anger and radicalizing the most vulnerable members of society—values that resonate deeply with all of us at Global Tetrahedron.

A fake announcement and CEO, but this news is actually real. And they did the whole thing with help and support from the families of Sandy Hook victims, bravo!

The real CEO, Ben Collins, is doing great things since he took over earlier this year.

Side note: I didn’t realize that The Onion was back in print. Shame on me for not subscribing earlier, but that’s fixed now.

Without a doubt the biggest pop culture event of the weekend was the Mike Tyson vs Jake Paul fight night, streamed by Netflix.

Leading up to the event I had expected to write about how interesting it was that everyone had been talking about this event. Kids around our neighborhood from elementary to high school age were all talking about it. All of the parents too. What a coup for Netflix.

It turned out to be more complicated with Netflix struggling under the load of over 60 million households tuning in to the stream! Wow. That’s an incredible hit. Regardless of the streaming woes, this seems to be a pretty big success for Netflix’s first live boxing event.

For context, this was more viewers than the final of the World Series, NBA Finals, or Wimbledon this year. Incredible.

Samantha Cole, reporting for 404 Media:

Just before dawn on a Friday morning last month, millions of Texans woke up to emergency alerts blaring from their phones at around 4 a.m. […]

Predictably, people were pissed. In the days after the alert, the Federal Communications Commission said it received more than 4,500 complaints about it. AMBER and Blue Alerts managed by the Department of Public Safety are only supposed to be sent between the hours of 6 a.m. and 11 p.m. […]

The FCC said in its reply to our request that there were so many complaints, sending them all would be “an undue burden on the agency.” The request produced more than 4,500 complaints, it said; instead of sending them all, it sent a “sampling” of 504 complaints.

This one woke up our entire household too, for an incident that happened hundreds of miles away.

Arc has become my favorite browser for daily use. At the urging of a friend I switched about 6 months ago, and I love it so much.

Founder Josh Miller posted a video update about what’s next for the Arc browser, and why they are going to create something new instead of a version 2.0 of Arc itself.

I sure hope this doesn’t mean the sunsetting of Arc itself, or too much divided focus in the company… but I’m very excited to see what they’re coming up with. Even if it’s not totally for me.

Interesting news from Pixelmator last week:

Pixelmator has signed an agreement to be acquired by Apple, subject to regulatory approval. There will be no material changes to the Pixelmator Pro, Pixelmator for iOS, and Photomator apps at this time. Stay tuned for exciting updates to come.

Good news, I think? Pixelmator has been one of the shining examples of how to properly build software for the Mac and iOS platforms. Congratulations to this team. I do hope this means longer term viability and wider adoption of the Pixelmator core products.

It’s over. Donald Trump and the Republicans have taken the White House, the Senate, and perhaps still the House. It’s a turning point in our American history. The people have spoken and we’ll now get what we deserve, for better or for worse.

I thought the Harris team ran a great campaign. It had energy, positivity, and good vibes until the end. But it wasn’t enough to beat out the Trump movement.

Time to move forward and keep working.

Quincy Jones was an absolute legend. What a life. What a contribution to music history. I was sad to see this news today. Rest in peace, Mr. Jones.

Nilay Patel isn’t afraid to make an endorsement, writing at The Verge:

In many ways, the ecstatic reaction to Harris is simply a reflection of the fact that she is so clearly trying. She is trying to govern America the way it’s designed to be governed, with consensus and conversation and effort. With data and accountability, ideas and persuasion. Legislatures and courts are not deterministic systems with predictable outputs based on a set of inputs — you have to guide the process of lawmaking all the way to the outcomes, over and over again, each time, and Harris seems not only aware of that reality but energized by it. More than anything, that is the change a Harris administration will bring to a country exhausted by decades of fights about whether government can or should do anything at all.

It is time to stop denying the essential nature of the problems America faces. It is time to insist that we use the power of our democracy the way it’s intended to be used. And it is far past time to move beyond Donald Trump.

A vote for Harris is a vote for the future. It is a vote for solving collective action problems. It is a vote for working together, instead of tearing our world to shreds.

David Folkenflik, for NPR:

The Washington Post has been rocked by a tidal wave of cancellations from digital subscribers and a series of resignations from columnists, as the paper grapples with the fallout of owner Jeff Bezos’s decision to block an endorsement of Vice President Kamala Harris for president.

More than 200,000 people had canceled their digital subscriptions by midday Monday, according to two people at the paper with knowledge of internal matters. Not all cancellations take effect immediately. Still, the figure represents about 8% of the paper’s paid circulation of roughly 2.5 million subscribers, which includes print as well. The number of cancellations continued to grow Monday afternoon.

This whole situation is a complete mess.

I have no problem with a newspaper declining to endorse a candidate. It’s an outdated practice that makes little sense in today’s media landscape. But the timing is just plain awful. If you’re not going to make an endorsement then announce that a year in advance. Not days before the general election. Just sloppy all around. I feel for the editorial staff and the integrity of the great people at the Post that had nothing to do with this decision.

The backlash has been so fierce that Jeff Bezos has written an op-ed in response:

Presidential endorsements do nothing to tip the scales of an election. No undecided voters in Pennsylvania are going to say, “I’m going with Newspaper A’s endorsement.” None. What presidential endorsements actually do is create a perception of bias. A perception of non-independence. Ending them is a principled decision, and it’s the right one.

Again, no disagreement here. But this should have been announced a year ago, at least.

The first few Apple Intelligence features are rolling out this week with iOS 18.1.¹ I’ve been using the betas of this for a few months now, and it’s a good upgrade overall.

The marketing blitz for Apple Intelligence has been very aggressive. If you’ve watched any live TV over the past month you’ve likely seen dozens of Apple Intelligence ads.

I can’t help but think most casual phone users will be very confused by what Apple Intelligence actually does. Is it useful? Sure! Especially the notification summaries feature, it’s very handy. But is it worth buying a new phone just for this? I’d say no. Handy features, not life changing.

This is the first of a few batches, and things will certainly get better and more robust over time.

Gareth Edwards, writing for Every:

On October 3, the British government announced that it was giving up sovereignty over a small tropical atoll in the Indian Ocean known as the Chagos Islands. The islands would be handed over to the neighboring island country of Mauritius, about 1,100 miles off the southeastern coast of Africa.

The story did not make the tech press, but perhaps it should have. The decision to transfer the islands to their new owner will result in the loss of one of the tech and gaming industry’s preferred top-level domains: .io.

The .io domain is still wildly popular. Let’s hope a good actor takes over the oversight of the tld.

For those of us observing from the sidelines, the great Wordpress fight of 2024 is getting ugly. It’s feeling more like giant companies battling about money.

Last week, DHH chimed in on one of the issues at hand:

And yet, I can see where this is coming from. Ruby on Rails, the open-source web framework I created, has been used to create businesses worth hundreds of billions of dollars combined. Some of those businesses express their gratitude and self-interest by supporting the framework with dedicated developers, membership of The Rails Foundation, or conference sponsorships. But many also do not! And that is absolutely their right, even if it occasionally irks a little.

For any successful open source project there are bound to be many more users of the project than contributors. I’m guilty of this for sure. I don’t have the drive like many others to contribute freely to open source. I would like to spend more time here, but it’s low on my long list of priorities. And that’s okay!

That’s the deal. That’s open source. I give you a gift of code, you accept the terms of the license. There cannot be a second set of shadow obligations that might suddenly apply, if you strike it rich using the software. Then the license is meaningless, the clarity all muddled, and certainty lost.

Bingo. I saw a lot of feedback this past week basically saying “gosh I don’t usually don’t agree with DHH, but he’s exactly right this time.”

Matt Mullenweg had originally published a rather nasty post in response, but it was taken down. I’m glad Mullenweg reconsidered. There’s no need for personal attacks in any of this. He did leave a few responses which are reasonable arguments.

I can’t shake the feeling that I wouldn’t want to be building a business on Wordpress right now. It used to be the safe, stable, easy choice. Things change.

The great Dave Winer, on blogging for 30 years:

Today’s the big day. Thanks to John Naughton’s wonderful piece in the Guardian, I’m hearing from people all over the world about what blogging means to them. I appreciate all of the messages, but would appreciate them even more if they were on your blog. We need to keep using the tech. Blogging is kind of lost, and I would like to see that change. Every time you post something you’re proud of on a social media site, how about taking a moment and posting it to your blog too. And while there, if appropriate, link to something from some part of your post, even though the social media sites don’t support linking, the web is still there and it still does.

The Wordpress and WP Engine battle continues.

Ivan Mehta has a good summary on TechCrunch:

In response [to the WP Engine cease-and-desist], Automattic sent its own cease-and-desist letter to WP Engine, saying that they had breached WordPress and WooCommerce trademark usage rules.

Mullenweg then banned WP Engine from accessing the resources of WordPress.org. While elements like plug-ins and themes are under open source license, providers like WP Engine have to run a service to fetch them, which is not covered under the open source license.

This broke a lot of websites and prevented them from updating plug-ins and themes. It also left some of them open to security attacks. The community was not pleased with this approach of leaving small websites helpless.

This really messed a bunch of folks up and I feel bad for the developers and maintainers of the sites hosted on WP Engine now. I would guess the vast majority of WP Engine customers were completely unaware of these issues when they chose the hosting provider. Now their sites are left vulnerable and they’re having to move hosting or explain to their customers what’s going on.

I have a few friends still in the Wordpress development game, and this is just a shame for them. Good people, trying to make a decent living, working off of an open source project and good brand reputation. Now all of that is up in the air.

I can certainly see Mullenweg’s key points here, and I sympathize. But was this the correct way to go about all of this?

Also earlier this month, Mullenweg announced that they’d offer a salary buyout for any Automattic employee that wanted to leave the company because they disagree with the direction. 159 people (8.4% of the company) took the offer.

What’s next…?

Hursh Agrawal, CEO of The Browser Company, on the company blog:

We want to let all Arc users know that a security vulnerability existed in Arc prior to 8/25/24. We were made aware of a vulnerability on 8/25, it was fixed on 8/26. This issue allowed the possibility of remote code execution on users’ computers. We’ve patched the vulnerability immediately, already rolled out the fix, and verified that no one outside of the security researcher who discovered the bug has exploited it.

The vulnerability was discovered by “xyzeva”, who has an awesome write up on their blog, including this summary of the facts:

• arc boosts can contain arbitrary javascript
• arc boosts are stored in firestore
• the arc browser gets which boosts to use via the creatorID field
• we can arbitrarily change the creatorID field to any user id

thus, if we were to find a way to easily get someone elses user id, we would have a full attack chain

This was an incredible find, and honestly, quite a sloppy bug. I’ve been using Arc for a few months now as my daily driver and I really like it. Glad this is fixed.

Also, nice to see that Arc is taking care of the hacker for disclosing this vulnerability properly with a $20k bounty.

Donald Papp for Hackaday:

There’s a wild new feature making repair jobs easier (not to mention less messy) and iFixit covers it in their roundup of the iPhone 16’s repairability: electrically-released adhesive.

Here’s how it works. The adhesive looks like a curved strip with what appears to be a thin film of aluminum embedded into it. It’s applied much like any other adhesive strip: peel away the film, and press it between whatever two things it needs to stick. But to release it, that’s where the magic happens. One applies a voltage (a 9 V battery will do the job) between the aluminum frame of the phone and a special tab on the battery. In about a minute the battery will come away with no force, and residue-free.

This is so cool.

via Daring Fireball

Big drama in the world of Wordpress, by far the world’s most popular CMS.

Matt Mullenweg, on the Wordpress blog:

I spoke yesterday at WordCamp about how Lee Wittlinger at Silver Lake, a private equity firm with $102B assets under management, can hollow out an open source community. (To summarize, they do about half a billion in revenue on top of WordPress and contribute back 40 hours a week, Automattic is a similar size and contributes back 3,915 hours a week.) Today, I would like to offer a specific, technical example of how they break the trust and sanctity of our software’s promise to users to save themselves money so they can extract more profits from you.

The specific example has to do with WP Engine disabling revisions to posts.

What WP Engine gives you is not WordPress, it’s something that they’ve chopped up, hacked, butchered to look like WordPress, but actually they’re giving you a cheap knock-off and charging you more for it.

This is one of the many reasons they are a cancer to WordPress, and it’s important to remember that unchecked, cancer will spread. WP Engine is setting a poor standard that others may look at and think is ok to replicate. We must set a higher standard to ensure WordPress is here for the next 100 years.

Mullenweg continues later on his personal blog:

So it’s at this point that I ask everyone in the WordPress community to vote with your wallet. Who are you giving your money to? Someone who’s going to nourish the ecosystem, or someone who’s going to frack every bit of value out of it until it withers?

In response, WP Engine has sent a cease-and-desist letter to Automattic, including this interesting line:

Stunningly, Automattic’s CEO Matthew Mullenweg threatened that if WP Engine did not agree to pay Automattic – his for-profit entity – a very large sum of money before his September 20th keynote address at the WordCamp US Convention, he was going to embark on a self-described “scorched earth nuclear approach” toward WP Engine within the WordPress community and beyond. When his outrageous financial demands were not met, Mr. Mullenweg carried out his threats by making repeated false claims disparaging WP Engine to its employees, its customers, and the world.

🍿🍿

Nilay Patel’s annual iPhone review for The Verge is a great read, as always. This year I really enjoyed his take on the camera system and the new “Photographic Styles” features:

The iPhone 16 and 16 Pro allow you to exclude yourself from this narrative entirely with a huge upgrade to the Photographic Styles feature that allows you to adjust how the camera processes colors, skin tones, and shadows, even after you’ve shot a photo.

It’s a subtle feature, but allowing these styles to be changed after capture is very nice.

You can pick between five “undertone” settings that are meant to adjust skin tones and nine “mood” settings that feel a lot like high-quality Instagram filters. You can shoot with a live preview of any of the styles, and then you can tweak the settings or even switch styles entirely later on.

And all of these styles offer three new fine controls: there’s “color,” which is basically saturation, and “palette,” which is the range of colors being applied. Most importantly, there’s a new control called “tone,” which lets you add shadows back to your photos. It turns out Apple is using “tone” in this context to mean “tone mapping,” and in my tests, the tone control allowed me to reliably bring the iPhone’s image processing back to reality by turning it down.

The tone control is semantically aware — it will adjust things like faces and the sky differently, so it’s still doing some intense computational photography, but the goal is for you to be able to take photos that look a lot more like what a traditional camera would produce if you bring the slider all the way down.

See also, Halide’s new “Process Zero” features.

So many great tools for photographers using phones. More of this, please.

Julie Jargon, for The Wall Street Journal: (Apple News+ Link)

Starting this week, [Instagram] will begin automatically making youth accounts private, with the most restrictive settings. And younger teens won’t be able to get around it by changing settings or creating adult accounts with fake birth dates.

Account restrictions for teens include direct messaging only with people they follow or are already connected to, a reduction in adult-oriented content, automatic muting during nighttime hours and more.

Under the new accounts, teens won’t be able to see sensitive content, such as posts or videos that show people fighting or that promote cosmetic procedures—and Instagram’s algorithm won’t recommend sexually suggestive content or content about suicide and self-harm.

A Wall Street Journal investigation earlier this summer revealed that sexual videos were being recommended to teen accounts. Mosseri said Instagram has worked hard to ensure that the platform doesn’t show teens such content. The new teen default settings should significantly reduce the chances of that, he added.

Teen accounts will receive notifications telling them to close the app after an hour. (They can ignore it.) Sleep mode, which mutes notifications overnight, will be automatically enabled.

Good changes overall, and certainly better than nothing.

It seems pretty clear to me that kids shouldn’t be on social media at all and I’m shocked that so many parents allow it. What would be better is to prevent all kids and teens from using social media until they are mature enough to handle it, but that’s not going to come from Meta.