Linkbait 34

Linkbait! Get yer linkbait!

Weird story about how Indian users of the Jio feature phone discovered that, while they could not install WhatsApp on their phone, they could use browser testing service Browserling as a proxy. At first the proprietor tried to close the loophole, but later he decided to go with the flow.
Academic paper on JavaScript keystroke timing attacks. Note that, as far as I can see, it has nothing to do with Meltdown or Spectre; it’s just one of those other attacks that sub-millisecond timing allows.
I hope that making coarser will solve this problem as well.
Interesting CSS feature request from about a year ago: use counters in calc(). Something like

element {
margin-left: calc(100px + counter(item));
counter-increment: item;

Problem: counter(item) is a string, and we want a number, or a way to append a unit such as px.
Still, interesting notion.
Brian Leroux feels Github stars create the wrong kind of incentive for impressionable devs, in reaction to this JavaScript Rising Stars report that is based on number of stars repositories acquired.
Brad Frost gets upset at Google’s latest robot creep. Can’t say I noticed any of this; possibly it’s US-only. In fact, I hope so.
Nice article about the Facebook news feed changes. Money quote:

Journalism that is engineered to be viral, to be liked or picked by an algorithm is not journalism, it’s marketing.

Want more? This article declares the ad-based media site dead, mentions the Google/Facebook duopoly in ads, and proposes to yield that market to them.
Interestingly, at the end the article looks toward Europe for the necessary innovation, a royalty model, that might save newsrooms and newspapers, while it rejects US “techno-utopianism.”
More in general, since the EU has no stake in the US tech giants’ continuing operation, harsh but necessary actions are more likely to occur on this side of the ocean. See also the Google fines; and the Microsoft fines of many years ago.
Slightly related: a guide to open source financial support. It strikes me that the problems and solutions are roughly the same as for website monetisation, except that open source doesn’t have an ad-driven model (and probably won’t get one either). That bodes ill for open source financial support: it doesn’t work for websites, and it won’t work for open source, either.
Unless, of course, news sites can work out their problems and their model proves relevant to open source as well.
And here’s an interesting bit of Facebook background. This November 2017 article claims a 25% decline in Facebook referrals to reputable news sources, while Google’s referrals grew. The article mentions tweaks to Facebook’s algorithms as a possible cause. Note the date; well before the current news feed discussion. No doubt Facebook was already experimenting back then, and no doubt they noticed the decline in referrals.
This could be construed as evidence that Facebook is retreating from news — or, if the 25% decline was involuntary, is being pushed out by Google.
So let’s talk about Google’s news feeds. People are starting to get worried about AMP and its potential to become a closed silo. Worse, this silo would be created in the name of web performance. The obvious solution to the performance problem is not creating new silos, but ditching tools. But web developers aren’t ready for that jump yet — and the letter does not mention the core problem.Granted, the letter takes a nuanced standpoint, and does not attack AMP the fundamental idea, but rather the locking-in that Google sprinkled on top of it.
Last week I linked to this XSS attack article that uses npm as an attack vector.
One reader claimed that the piece was actually satire. Because it was only one reader who said so I didn’t issue a correction, the more since I myself couldn’t tell. The story in itself is totally believable to me. Then again, the best satire is inherently believable.
Satire? Or serious? You decide.
Have anything for the next Linkbait? Let me know (or here).