John’s Blog

Jon Levine on The Cloudflare Blog:

In September, we announced that we’re building a new, free Web Analytics product for the whole web. Today, I’m excited to announce that anyone can now sign up to use our new Web Analytics — even without changing your DNS settings. In other words, Cloudflare Web Analytics can now be deployed by adding an HTML snippet (in the same way many other popular web analytics tools are) making it easier than ever to use privacy-first tools to understand visitor behavior.

It’s limited to one domain per account for now, but the sign up process is super simple. I’m trying this out on a test project to see how it looks. Mostly because of this:

Being privacy-first means we don’t track individual users for the purposes of serving analytics. We don’t use any client-side state (like cookies or localStorage) for analytics purposes. Cloudflare also doesn’t track users over time via their IP address, User Agent string, or any other immutable attributes for the purposes of displaying analytics — we consider “fingerprinting” even more intrusive than cookies, because users have no way to opt out.

The concept of a “visit” is key to this approach. Rather than count unique IP addresses, which would require storing state about what each visitor does, we can simply count the number of page views that come from a different site. This provides a perfectly usable metric that doesn’t compromise on privacy.

Excited to give this a spin. I really want a privacy-respecting alternative to Google Analytics.

Speaking of new stuff: I spent a few days this week upgrading my new project to use Stimulus 2.0 and Tailwind CSS 2.0, both out within the past few weeks.

I’m loving this new set up. I’ve used Stimulus a ton over the past few years, so that’s not particularly new to me. Although the new data values and classes APIs are pretty handy in 2.0.

But starting a project fresh in 2020 with all of the new good stuff, mostly Tailwind related, has been such a breath of fresh air. My app bundle is super small and focused on exactly what I need. I have a handful of generic Stimulus controllers that are used throughout the app to provide functionality. Nothing I’m doing there is limited to one particular context in the app: everything is reusable throughout.

There’s really never been a better time to develop for the web.

Rails 6.1 has been officially released. Time keeps marching forward for this framework.

There are a couple of really nice features in here I’m looking forward to working with. I’ve been resisting using the new multi-db features for a while now and it might be perfect timing for me on Air Mail. Not that there’s anything wrong with the features, but mostly because I didn’t want to introduce extra complexity until it was absolutely necessary.

We’re currently storing a ton of user-related data (subscriptions, invoicing, preferences, usage, etc) and a totally separate set of editorial data (photos, articles, revision history, etc). I’m thinking it might be really nice to separate the two distinct functions out since they don’t need to do anything together. Then I can scale each piece of the pie independently. We’ll see.

Anyways, congrats to the Rails team. This is a great release.

I thought this was interesting. A roundup of how president-elect Biden consumes his media, written by Daniel Lippman:

Biden is a devoted fan of the Apple News app on his iPhone, and frequently scrolls through it when he’s in a car, on a plane or just has some down time. (Playing chess and solitaire on his phone are also favorite activities.) He has the New York Times app on his phone, and a former Biden staffer said that when he was in the White House last time, Biden had the POLITICO app and checked it regularly.

He has the phone’s push notifications turned on: On the campaign trail, another Biden aide said, Biden would take meetings with his iPhone on the table in front of him and would get alerts from news apps. (The Biden aide declined to comment when asked if Biden still has his iPhone or if it’s having its security upgraded given that he’s about to become president.)

The Markup:

People build scrapers that can find every Applebee’s on the planet or collect congressional legislation and votes or track fancy watches for sale on fan websites. Businesses use scrapers to manage their online retail inventory and monitor competitors’ prices. Lots of well-known sites use scrapers to do things like track airline ticket prices and job listings. Google is essentially a giant, crawling web scraper.

Scrapers are also the tools of watchdogs and journalists, which is why The Markup filed an amicus brief in a case before the U.S. Supreme Court this week that threatens to make scraping illegal.

I’ve become quite a fan of The Markup’s work over the past year or so. They are fighting for important causes in the modern tech world, especially user and data privacy. They created the Blacklight, a really cool service that inspects web pages and reports on trackers.

This piece on scraping really hits home for me too. A few years ago, I co-founded and then sold a startup almost entirely based on scraping tech that I created. It was really fun and would have never been possible without web scrapers like Google.

The big news this week is that Slack has been acquired by Salesforce, as has been rumored recently. It’s a big deal: $27.7 billion.

Since I first saw it years ago, I’ve really loved Slack. We were using HipChat at the time and it was totally fine. Campfire was also around and doing very well in the space too. But Slack was such a breath of fresh air in the group chat market. It was well designed, fussy about typography, and has always been fast and feature-rich. I still wish that they would make a truly native Mac app so we weren’t stuck with the web UI, but it’s not the end of the world.

I’ve seen quite the consternation around the web about how Salesforce is bad and this is bad news for Slack. I think quite the opposite. Slack is currently running up against Microsoft Teams, a product that Microsoft is giving away for basically free with its Office 365 services. It’s the same reason so many companies have turned to SharePoint and other garbage Microsoft products over the years that have snuffed out great competition: it comes with Office for free. This is a bad thing for the industry and we need companies like Slack around. (Nothing against Microsoft Teams, by the way. It seems like it has its fans.) Salesforce buying Slack gives it the long-term support it will need. It’s not just a small player anymore, it’s part of a much bigger ecosystem.

Salesforce also acquired Heroku nearly a decade ago and there was much of the same concern then as there is now with Slack. I think Salesforce has done a fine job managing Heroku. Like Slack, I use Heroku every single day and it’s a great service. It could be better, of course. But that has nothing to do with Salesforce’s ownership.

Call me optimistic about Slack’s future. I’m excited to see how this goes.

The NFL has a serious scheduling problem on its hands. The Ravens and Steelers were scheduled to play on Thanksgiving night on NBC in primetime and are now tentatively scheduled for tomorrow at 3:40pm. This, after rescheduling the game previously to Sunday, then Monday, then Tuesday, and finally (for now) Wednesday. The game would have likely been the most watched game of the week and now surely will be the least.

Elsewhere in the league, the Broncos played a game this Sunday in which they had no quarterbacks on the roster to play. None! They even tried to get a coach to come off the bench and play but the league wouldn’t allow it. Of course, the Broncos lost in brilliant fashion.

This is a mess on so many levels, and the NFL has no one to blame but itself.

Every other major sports league had already restarted its mid-pandemic play this year before the NFL even kicked off. The NFL had time to sit back and learn from the other leagues’ mistakes and plan around the reality of a season in 2020. It doesn’t seem like they learned from anything that happened previously this year and marched on like nothing was going on. There were no extra breaks than normal in the schedule. There is seemingly no plan if one or more teams has an outbreak. The only plan so far it seems is to keep the owners making money from the TV contracts above all else. Not a good look.

After some early season moves, in which games were rescheduled and bye weeks were moved around, there is now no wiggle room left in the schedule for the remainder of the season. The league seems uninterested in cancelling or forfeiting games: they’ve threatened to not pay the players and coaches if such a situation arises. They’re bending over backwards for one team (my beloved Ravens, alas) and throwing another team into the fire with no quarterback. Not to mention the half dozen or so other teams affected by the Ravens and Steelers schedule moves.

I’m not sure where the league goes from here. It seems like it’s only going to get worse. Like many things in 2020, we all just need to deal with it. They’re just doing what we’re all doing: winging it one day at a time.

How about if there’s an outbreak on a team, they forfeit their next game? Pay the players. Pay the coaches. Move other games into primetime slots. Get the team healthy and protect everyone involved from spending this virus. Deal with it, and get ready for the next week. Have some make-goods for the TV networks in future seasons or future weeks. Do something other than just hoping this will go away.

There’s so much to be thankful for this year. Every year, in fact. But especially this year.

It’s easy for me to go through each day without thinking of all of the good in my life. It’s easy to complain about minor details here and there and wish certain things would be better.

This year has been something. But I’m still aware of how blessed I am, and am thankful for it.

I’m thankful to have been spared (so far, knock on wood) from this virus that’s ravaging the world. I’m thankful for a healthy family that is taking this pandemic seriously and keeping themselves and those around them safe.

I’m thankful this year, more than ever before, to have a neighborhood full of good people. And especially for a neighborhood of kids for mine to play with outside.

I’m thankful for steady, challenging, and interesting work to do during this time. There has been abundance of good things to focus on and the blessing of that is not lost on me.

I’m thankful for so many little things. I hope you are too.

Happy Thanksgiving.

Sebastiaan de With, maker of Halide, with another excellent review of the latest iPhone camera system. This time it’s the iPhone 12 Pro Max. (This big one!)

Imagine a camera sensor as a collection of lots of smaller sensors. Each collect red, green, or blue light. These sensors are packed together to get an image that measures 3024 by 4032 pixels. (Technically each pixel on that sensor is called a ‘photosite,’ as they collect, yes, photons)

You’d think a bigger sensor means more pixels — and indeed, a bigger sensor could allow you to pack in more pixels. But we’re at a point of diminishing returns in megapixel wars.

Instead, Apple decided to make the the photo sites bigger, because one most important aspects of image quality images (and really, life in general) is signal to noise.

An important note on the difference between the Max and non-Max:

Here’s why we’re seeing stories that the camera is a minor difference at best: Most people who aren’t seeing the dramatic difference are shooting in daylight, with a fast ƒ/1.6 lens. On top of that, Apple’s intelligent image processing combines multiple shots together, which makes it harder to look into the hardware.

The visuals and diagrams here, especially of the sensors, are really cool. This is great work.

I still don’t want the huge phone, but it sure does look amazing.

Yesterday Apple announced some great news for small businesses on the App Store: it is reducing its standard fee on App Store transactions from 30% to 15%.

Developers that make less than $1 million per year on the App Store will receive the new commission rate automatically starting next year. If a developer goes over the $1 million threshold within the year, they’ll be charged the standard 30% for the remainder of the year. There are details to come, but this seems very straight forward and fair.

This is an excellent strategy. It likely helps the vast majority of developers on the store, and encourages new apps to be developed that maybe couldn’t have been earlier. A 30% commission is a very high fee to pay for a small business selling software. 15% is significantly better. It’s still very high compared to normal payment processing vendors at around 3%, but this is still a big deal. (Especially since the other app stores will likely follow along soon.)

The incentives are well aligned here for Apple and developers. This encourages new apps and new developers which should have a positive impact on the number of great apps on the store for users. Apple likely is giving up very little in the long run here, because App Store revenue is very clearly tied to the big players.

This is a great first step in the direction of a better App Store economy for developers. Great move here, Apple.

Nick Heer, with an excellent breakdown of last week’s drama regarding the MacOS signature verification process that caused my Thursday panic attack:

For a few hours on Big Sur’s launch day, Apple’s overwhelmed servers prevented a MacOS process called trustd from quickly verifying signatures using the Online Certificate Status Protocol, or OCSP. This affected many versions of MacOS and manifested as applications taking forever to launch, and some general slowness.

This problem sucked, but it was resolved quickly. I hope a future MacOS update has a patch for whatever bug created this misbehaviour. But, this being the internet, it somehow snowballed into a crisis — MacOS is apparently spying on users, it’s worse in Big Sur, and that means Apple’s new M1 products that run nothing but Big Sur are evil surveillance devices that should not be bought by anyone. Or, at least, that’s what you would think if you read Jeffrey Paul’s article that hit the top of Techmeme and Hacker News[.]

This is another case where the first article that spreads around the web is a bit overblown and sensational, but the truth is less interesting or flashy so it doesn’t get as much coverage. The main issue in the aftermath of the event was not that the service went down, but rather the concern that Apple is sending usage information back it its servers to “keep track” of your computer usage, what apps you run, and from where.

Apple posted a support article over the weekend to clarify the security procedure:

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

• A new encrypted protocol for Developer ID certificate revocation checks
• Strong protections against server failure
• A new preference for users to opt out of these security protections

Call me naive, but I believe Apple and take their word in this instance. As probably the biggest company advocate for user privacy, it makes no senses to their business to break user trust for this use case. This incident was clearly a mistake and exposed some areas of the infrastructure that need to be improved and I’m happy to see Apple taking the opportunity to make things better in the long run.

Yesterday, mere hours after I boldly proclaimed that I would not be upgrading to Big Sur in order to keep my Macs stable and working properly: my Macs just stopped working.

First my desktop just was extremely sluggish. This isn’t the newest Mac around, so I’m used to a few delays every so often. But this was different. I couldn’t open any new apps, and the ones that I had open seemed to be locking up.

I was running late for a video call, so I quickly switched over to my MacBook Pro to hop into the meeting. But then the laptop was having the same problem! Luckily I already had a browser open and was able to join my call.. in the midst of a full on my-computers-are-being-hacked panic.

It turns out it wasn’t just me. I should have consulted Twitter more quickly, but the issue was making its rounds around the developer community. There is a process by which Apple verifies a “Developer ID” when an app launches to verify it is valid and not malware, etc. This is a perfectly valid reason, but when the service that does the verification is having an outage it’s bad news.

This was a nightmare situation for the team at Apple I’m sure, especially on the launch day for the new operating system version. But come on, this is ridiculous. There is no reason that a locally installed and valid application shouldn’t immediately run when opened without having to check with Apple.

Nice writeup about GraphQL in Rails by Dmitry Tsepelev at Evil Martians.

GraphQL can do wonders in a backend-only Rails application, giving your clients (whether a frontend framework or other API consumers) a single endpoint for fetching data in any shapes and sizes they might need.

As the list of the associations to load is always determined at the runtime, it is very hard to be smart about querying the database.

GraphQL seems like one of those things I’m going to need to get into eventually.

Interesting account in D Magazine here locally by Will Maddox, about the Pfizer Covid–19 vaccine that made news earlier this week.

The Pfizer vaccine involves two shots taken three weeks apart. Casanova says the first shot, which is merely an introduction that allows the body to get used to the messenger so the immune system can start developing antibodies, had nearly no impact. He said there was some soreness where the injection happened, but other than that, he thought he had received the placebo; he had no symptoms.

Three weeks later, when he received the second shot, he was sure that it was the vaccine. The second shot is a booster, which allows the immune system to kick into action, creating antibodies. The response was noticeable but didn’t last long. He experienced flu-like symptoms, with some chills as he went to bed. By 3 a.m., the symptoms were gone.

As announced during this week’s Apple event, macOS Big Sur will be released today. I haven’t been using the betas this year since I really don’t have a need to develop for the Mac at the moment, but everything I hear about it doesn’t sound like it’s ready.

I’m a very slow upgrader of Mac operating systems. I wait as long as I possibly can, and usually until Xcode doesn’t work any longer with the previous operating system. The past 5 or so years of Mac upgrades have been increasingly buggy and always have an interruption to my productivity. I understand that the Mac isn’t as big or important as iOS, and that the system is much older, but I really wish Apple would take the care to make things stable before releasing them.

Why do we need new operating systems each year for the Mac? I think most people would be just fine with slower, more stable releases. This is especially true for a computing system that many people rely on for their work. This is a mature platform and doesn’t need near the iterations that the phones or tablets do.

That being said, Big Sur does look very nice. I like the design refresh from the screenshots I’ve seen and I think it’ll be a nice improvement when I upgrade next year.