Start Up No.1711: coding supply chain undermined, the unheard Facebook chief, bitcoin miners seized in Kosovo, and more

Podcasting hasn’t had a big hit for years, and new ones attract smaller audiences than old ones. Is there a solution?CC-licensed photo by nrkbeta on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Not funged. I’m @charlesarthur on Twitter. Observations and links welcome.

Developer sabotages his own apps, then claims Aaron Swartz was murdered • Ars Technica

Dan Goodin:


The developer who sabotaged two of his own open source code libraries, causing disruptions for thousands of apps that used them, has a colorful past that includes embracing a QAnon theory involving Aaron Swartz, the well-known hacktivist and programmer who died by suicide in 2013.

Marak Squires, the author of two JavaScript libraries with more than 21,000 dependent apps and more than 22 million weekly downloads, updated his projects late last week after they remained unchanged for more than a year. The updates contained code to produce an infinite loop that caused dependent apps to spew gibberish, prefaced by the words “Liberty Liberty Liberty.” The update sent developers scrambling as they attempted to fix their malfunctioning apps.

…There’s also evidence that Squires may have been charged two years ago with reckless endangerment after allegedly starting a fire in his Queens, New York, apartment. According to news articles, a then-37-year-old man named Marak Squires was arrested after being taken to the hospital after authorities allegedly observed him acting erratically as they responded to the fire.

The articles said Squires was a software developer and early bitcoin investor. A month after the fire, Squires reported on Twitter having “lost all my stuff in an apartment fire” and asked for financial support.

…Last week’s sabotage raises concerns about the safety of the software supply chain that is crucial to large numbers of organizations—including Fortune 500 companies. The two sabotaged libraries—Faker.js and Colors.js—created problems for people using Amazon’s Cloud Development Kit. Big companies, critics have long said, benefit from open source ecosystems without adequately compensating developers for their time. In turn, developers responsible for the software are unfairly strained.

Indeed, Squires in 2020 said he would no longer support large companies with work he does for free. “Take this as an opportunity to send me a six-figure yearly contract or fork the project and have someone else work on it,” he wrote.

The ability of a single developer to throw a wrench into such a large base of apps underscores a fundamental weakness of the current free and open source software structure.


So I guess now we also have to check not only for bugs, but for the mental health of developers whose work we rely on. Fun!
unique link to this extract

Facebook’s former elections boss now questions social media’s impact on politics • WSJ

Jeff Horwitz:


[Katie Harbath] eventually oversaw a staff of as many as 60 employees that trained political parties in how to best use the platform and helped design the company’s election policy. She says there was a working assumption throughout the company that more Facebook usage would make governments more transparent and expand people’s ability to engage in public discourse.

Ms. Harbath says her doubts about the premise originated in 2016, when elections in the Philippines and the US and the Brexit campaign in the UK were awash in misinformation spread on Facebook.

After that, Ms. Harbath says, her role shifted from primarily trying to promote Facebook as a positive force to more often trying to prevent foreign governments, criminals, troll farms and other bad actors from abusing it.

As public criticism of Facebook mounted, she says, executives put a heavy focus on what internally was called defensibility—forming policies based in part on whether the company would face external attacks or criticism. She says her job became consumed by “escalations”—an internal term for potential public-relations crises and high-profile complaints.

“Eighty% of my time was spent doing escalations,” she says.

A restructuring in her department stripped her of much of her authority over election policy heading into 2020, she said, and the company rejected her proposal to refocus her work on heading off electoral threats before 2024, when a number of major global elections are scheduled. On Jan. 6, she watched the riot at the Capitol unfold on television.

“That was a key day in terms of deciding to leave,” she said. “If I wasn’t going to be able to have impact internally, I needed to go somewhere where I could actually do something.”


Harbath features in Social Warming, because she was so blithe about the misinformation that disrupted first the Philippines, and then the Brexit referendum, and then the US elections. It’s telling that the insurrection was the final straw for her. But note what she says: Facebook wasn’t listening to her, one of the most senior people inside the company.
unique link to this extract

The paperback of Social Warming, my latest book, is coming out soon. Or you could just follow the link and have a wonderful hardback.

Five hundred million Avira Antivirus users silently introduced to cryptomining • Krebs on Security

Brian Krebs:


Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor: Avira antivirus — which has built a base of 500 million users worldwide largely by making the product free — was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc., the same company that now owns Norton 360.

In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor.

Like Norton 360, Avira comes with a cryptominer already installed, but customers have to opt in to using the service that powers it. Avira’s FAQ on its cryptomining service is somewhat sparse. For example, it doesn’t specify how much NortonLifeLock gets out of the deal (NortonLifeLock keeps 15% of any cryptocurrency mined by Norton Crypto).


I mean, the difference in effect on your machine of running third-party antivirus and a cryptominer is pretty minimal. They’re both going to bring it to its knees. So you might as well let them fight it out by running both at once.
unique link to this extract

Kosovo seizes hundreds of cryptocurrency mining devices; one person arrested • AFP


Kosovo police on Saturday seized hundreds of cryptocurrency mining machines and arrested one person in the tense ethnic-Serb majority north as the country suffered an energy crisis.

Cryptocurrencies such as bitcoin are created through solving complex equations – an endeavour that consumes enormous amounts of energy.

Tensions between the Serb-majority area and the ethnic Albanian majority government are running high and Kosovo’s government on Tuesday brought in a temporary ban on cryptocurrency mining in an effort to bring down electricity consumption.

During the operation police “confiscated 272 different anti-miner devices used for the production of bitcoin”, a police statement said. One person was arrested, it said.

“The whole action took place and ended without incidents,” Interior Minister Xhelal Svecla said on Facebook.

The confiscated equipment uses as much electricity as 500 homes a month or between €60,000 and €120,000 (US$68,000 and US$136,000), said Finance Minister Hekuran Murati on Facebook.

“We cannot allow the illegal enrichment of some, at the expense of taxpayers,” Murati said.


Not sure about “anti-miner devices”, but after the tensions in Kazakhstan (where a lot of cryptominers moved after being booted out of China) this is quite a signal.
unique link to this extract

IBM tries to sell Watson Health (again) • Axios

Sarah Pringle:


IBM has resurrected its sale process for IBM Watson Health, with hopes of fetching more than $1bn, people familiar with the situation tell Axios.

Big Blue wants out of health care, after spending billions to stake its claim, just as rival Oracle is moving big into the sector via its $28bn bet for Cerner.

IBM spent more than $4bn to build Watson Health via a series of acquisitions. The business now includes health care data and analytics business Truven Health Analytics, population health company Phytel, and medical imaging business Merge Healthcare.

IBM first explored a sale of the division in early 2021, with Morgan Stanley leading the process.

The WSJ reported at the time that the unit was generating roughly $1 billion in annual revenue, but was unprofitable. Sources say it continues to lose money.

IBM in late 2021 engaged BofA Securities to find a buyer for Watson Health.

Bids were due Jan 4, according to one source who says IBM hopes to select the winner by month’s end. One strategic buyer and several private equity firms are said to be in the mix.


Despite winning Jeopardy, Watson has proved to be a total nothingburger when it comes to real applications.
unique link to this extract

Wordle mania and the remixable web • Glitch Blog

Anil Dash:


as the New York Times documented, Wordle is just as interesting for the context in which it was made. Josh made it as a gift for his puzzle-loving partner, Palak Shah, and the Times rightly described it as “an act of love”. Being a community of people who make the web, our perspective at Glitch also found a lot of romance in the idea that this is a fast, simple, well-implemented web app. Wordle is a PWA that can install instantly on any device, doesn’t have a ton of extraneous junk loading on the page, and it’s really speedy (a Lighthouse performance score of 95!).

No surprise, then, that Wordle has inspired a host of other creators in the Glitch community and elsewhere to make their own riffs on the idea, all of which bring fun and interesting innovations to the game:


Dash (who wrote the seminal “The Web We Lost” post in 2012, about how the promise of Web 2.0 had been squandered – alway worth an occasional re-read) points to all the interesting remixes of the idea of Wordle, just in case you’re sick of the original version, or need something more challenging.
unique link to this extract

Podcasting hasn’t produced a new hit in years • Bloomberg

Lucas Shaw:


Dawn Ostroff wants to find more hits. The chief content officer of Spotify is upset that her company isn’t producing enough new popular podcasts, and has been putting pressure on her in-house studios to deliver. I’ve now heard the same message from every corner of the Spotify universe, though no one wanted to talk about it on the record.

It’s hard for new shows to find an audience. Every new show has a smaller audience than its predecessors.

This is not specific to Spotify. Executives at studios large and small echoed the sentiment. While the overall audience for podcasting expands, the audience for individual new shows is shrinking across the board.

None of the 10 most popular podcasts in the U.S. last year debuted in the last couple years, according to Edison Research. They are an average of more than seven years old, and three of the top five are more than a decade old. (“The Joe Rogan Experience,” “This American Life” and “Stuff You Should Know.”)  Only a few podcasts in the top 50 (“SmartLess,” “The Michelle Obama Podcast,” “Frenemies”) are less than two years old. And none of them are in the top 25.

This trend vexes executives and producers across the podcasting industry, who worry they are wasting a lot of money on new shows. Spotify, Amazon, SiriusXM, iHeartMedia and outside investors have plowed billions of dollars into production companies. Spotify has spent more than anyone, paying about $500 million for three studios. Where is all this money going if these companies aren’t producing new hits?

Pretty much everyone agrees on the reason. There are more podcasts than ever before. Spotify hosts more than 3 million podcasts, up from a few hundred thousand just a few years ago. While the vast majority of those new shows are either defunct or have minuscule audiences, there are still way more podcasts than there were just a few years ago.


How lovely for the thirsty podcast producers to discover the power law, and especially that later entrants never have the attractive power of early ones. Exactly the same thing happened with blogs. I described the mechanics in Social Warming; it’s part of why people defected to social media.
unique link to this extract

Microsoft hit by defections as tech giants battle for talent to build the metaverse • WSJ

Aaron Tilley:


Competitors have been snapping up people with experience developing Microsoft’s HoloLens augmented-reality headsets, sometimes offering to double their salaries, said former Microsoft employees. The Microsoft augmented-reality group employs around 1,500 people, they said.

The LinkedIn profiles of more than 70 former employees on the HoloLens team show they have left Microsoft in the past year. More than 40 joined Meta, formerly known as Facebook, which is making a big push into alternate-reality tech, the LinkedIn profiles show. [Around 100 are reckoned to have left Microsoft’s HoloLens team.]

The departed staffers include some longtime leaders of the team. Charlie Han, who was responsible for taking customer feedback for HoloLens, left over the summer to join Meta. Josh Miller, who worked in the display team, became the display director at Meta in recent months. Mr. Han and Mr. Miller didn’t respond to requests for comment about the moves.

A Microsoft spokesman said the company has been at the forefront of innovation in metaverse technology for years and “will keep advancing state of the art hardware that is more immersive, affordable and in various form factors.”


Cortana: too late after Alexa and Google Home. Windows Phone: too late after iOS and Android. (Yes yes Windows Mobile came earlier, but it couldn’t handle the touchscreen world.) HoloLens: too early. Timing counts for so much.

(Style note: the metaverse, not the Metaverse.)
unique link to this extract

Tech startup wants to gamify suing people using crypto tokens • Vice

Maxwell Strachan:


Kyle Roche, a trial lawyer and one of the startup’s founders, says: “What I want to do is make the federal court system more accessible for all.”

Roche believes the US federal court system is one of the best in the world, but that navigating it is cost prohibitive for the average American. As a result, he believes, potential whistleblowers are too often hesitant to defy “well-resourced” corporations and other entities due to the potential cost of legal action. Through [startup company] Ryval, Roche wants to “make lawsuits happen that maybe might not have happened.”

However, on its website, Ryval focuses all of its attention on the potential return for investors. “Buy and sell tokens that represent shares in a litigation and access a multi-billion dollar investment class previously unavailable to the public,” the company states. Ryval also promises “50%+ Annual Returns,” though Roche admitted the figure “may be a little high” when Motherboard asked him about it.

“What we do is: tell the story, vet the legal claim, and then allow the public to invest and give you the funds to go and litigate your case,” Roche explained. “And what does the public get in return? The public gets an interest in the outcome of your suit.”

The way it works is a little like a crypto-infused and lawsuit-focused GoFundMe, if the crowd stood to profit from their investment. The company takes advantage of a rule created through former President Barack Obama’s JOBS Act, which allowed a private company to crowdfund up to $5 million from Americans, regardless of their wealth.

…(A caveat: While wealthy and sophisticated “accredited investors” will be able to trade lawsuit tokens immediately, the non-rich will be legally required to agree to a year-long lockup period, according to Insider.)


Sure, because what the US really needs is both more people filing lawsuits and more people buying digital nothings.
unique link to this extract

How politics got so polarised • The New Yorker

Elizabeth Kolbert:


On June 19, 1954, eleven boys from Oklahoma City boarded a bus bound for Robbers Cave State Park, about a hundred and fifty miles to the southeast. The boys had never met before, but all had just completed fifth grade and came from middle-income families. All were white and Protestant. When they reached the park, the boys were assigned to a cabin at an empty Boy Scout camp. They dubbed themselves the Rattlers.

The following day, a second group of boys—also all white, Protestant, and middle class—arrived at the camp. They were assigned to a cabin that could not be seen from the first. They decided to call themselves the Eagles.

For a week, the two groups went about their activities—swimming, tossing a baseball, sitting around a campfire—unaware of the other. The groups had separate swimming holes, and their meal hours were staggered, so they didn’t meet at the mess hall. As they ate, played, and tussled, each band developed its own social hierarchy and, hence, its own mores. The Rattlers, for instance, took to cursing. The Eagles frowned on profanity.

Toward the end of the week, the two groups learned about each other. The reaction was swift. Each group wanted to challenge the other to a contest, and their counsellors [running the camp] scheduled a tournament.


It’s not exactly the Hunger Games, but it’s not that far off either. Even just the rest of the introduction to this book review (for that’s what it is) is riveting.
unique link to this extract

Errata, corrigenda and ai no corrida: none notified

1 thought on “Start Up No.1711: coding supply chain undermined, the unheard Facebook chief, bitcoin miners seized in Kosovo, and more

  1. That book review has an extremely misleading summary of the Robber’s Cave experiment, leaving out all the contradictory information and downplaying the manipulation. Compare:

    “All it took for them to come to loathe one another was a different totem animal and a contest for some penknives.”

    With the much more critical account here:

    “Each moment of confrontation, however, was subtly manipulated by the research team. They egged the boys on, providing them with the means to provoke one another – who else, asks Perry in her book, could have supplied the matches for the flag-burning?”

    Now, I fully understand that nowadays writing about the Satanic Algorithms and the Devil Facebook and all that demonology is, not a cottage industry, but a boom-town. However, it would be really nice sometimes in these woe-is-politics pieces to see more acknowledgment that there are real issues simmering, such as globalization and the hollowing-out of US manufacturing, the shredding of social safety nets, the immense increase of income inequality, and so on. And many issues are overall not really amenable to compromise in a core sense, e.g. abortion, gun rights, segregation, etc. It may be possible to understand the other’s sides point of view on these matters, and to be charitable towards them personally, but the issue is going to be resolved one way or the other.

    This is almost a parody:

    “My grandfather, a refugee from Nazi Germany, was all too aware of the hazards of us-versus-them thinking. And yet, upon arriving in New York, midway through F.D.R.’s second term, he became a passionate partisan.”

    It’s almost – my grandfather escaped a group which wanted to kill him, but he wasn’t kind and charitable to a group which wanted to impoverish him, rather he hated them both – oh, how could this be, didn’t he see that’s us-vs-them thinking?

    People seem to forget that the “Nazis” were a popular *political* *Party*. They weren’t only a bunch of goosestepping SS officers who spewed slurs. Many completely ordinary citizens were registered Party members and voted for them in elections (at the time when there were elections …).

    Of course, going too far with this leads to endless bloody factional war. But sometimes everyone is not your potential friend either.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.