Jerod Santo: Yeah, yeah. An idea theft. Copyright. Okay, so good attempt… We missed the layup on that one. It was my fault. But that’s it. That’s our 12 voicemails and remixes. Thank you, BMC, thank you to all of our listeners… But now it’s our turn to talk.

Jerod Santo: Right. As a retired creator of some viral memes, I absolutely understand what it feels like. It’s a compliment. You have to take it that way. But it’s also maddening, because you’re like “Just cite your source, dude. Come on.” But it is the sincerest form, as they say, of flattery… It just doesn’t feel like that, for some reason. It feels like theft. It feels like theft. So understood.

[00:15:52.27] There’s a – first of all, I mean, when the site gets copied, it’s because… And our listeners should just go check it out. If you’re driving, pull over, check out all these references and stuff, so that you know what it is that we’re fawning over, as we’re not going to probably stop at any time soon. But it has this feel of the past, but also the future, too. Or at least the present. And it kind of hits on something that I’ve talked a lot about with Adam, which I think is a really cool style, which I don’t have a term for, but I actually stole a term… Here’s me citing my source. I stole it from Dua Lipa, who named one of her albums Retro Futurism.

Jerod here in post, with a fact check… It is not called Retro Futurism. That was definitely the vibe I was describing, but her album’s name is Future Nostalgia.

Adam Stacoviak: I’m not sure what to call this… I wanted to call it – I almost brought it in the show. I was like “You know what? It’s a deviation from the main task.” And I was like “I don’t want to call it a rug theft.” Maybe it’s a rug misappropriation. But then I think about this conversation we had with JJ. Jerod, you remember this. And Shay, you don’t, because you probably weren’t there, and you may have not listened to the show. But I asked JJ - what is his full name?

Jerod Santo: You bring up something interesting that I was not thinking of, and I was pretty much ignorant of… It’s that Minecraft proper, the game Minecraft is very much a moving target, right? It’s not done; there’s continuing to work on it, add stuff, roll out new things… I tend to look at it as a casual player, who doesn’t keep up with the new stuff, as a finished product, for the most part, like Tetris is, for instance; like Grand Theft Auto 5 is. It’s done, right? And rolled out. And then you could make it scriptable and moddable. But Minecraft is living, breathing, changing, being worked on by a bunch of people at all times. That definitely makes it harder for you guys, right?

Robert Ross: Yeah, I think it’s a game of trade-offs, and that’s a hard thing to feel now. You know, flights got canceled, hospital surgeries got canceled… It’s a big deal. But at the end of the day, it’s easy to say “This was the worst thing that could happen”, instead of the sum of the parts of all the things that were maybe prevented in the past. And we just have no idea – I don’t even think that CrowdStrike would probably know, but how many things were via CrowdStrike or another locking system, security system running, have prevented mass credit card theft, or identity theft, or other things going on. It’s hard to say. No one’s gonna buy that now though, because no one’s gonna look at the trade-off right now. They’re gonna be like “My flight got canceled. I don’t care what my trade-offs were in the past right now.”

[16:11] The other thing that I think that is gonna be - we’re just going to have to see if CrowdStrike posts a public retrospective. But this code could have been – this code that is the crime scene of this codebase, that could be in there (we don’t know) for 10 years. We have no idea.

Ramin Mohammadi: Sure. I can do that. So first to give the introduction, what’s the PHI, or personal health identifiables… So based on the HIPAA rule, they are 18 identifiable, which can lead to identify an entity or a person within healthcare organizations. And these informations are valuable, and being targeted by hackers. One of the reasons is that they have a high value, because they contain your sensitive personal information, such as your medical history, social security number and insurance details, which makes it very valuable on the black market. They also use this for monetary gains. So a hacker can sell this stolen PHI to criminals who use it for identity theft, insurance fraud, or other legal activities.

They also use it for exploitation and extortion, basically. They use this stolen health information to use for blackmailing individuals or organizations. So 133 millions healthcare data was breached in 2023, which means one out of three Americans’ life was affected. This means about 160% increase compared to 2022, and about 240% increase since 2018.

Adam Jacob: Exactly. HashiCorp wants to put a horse head in OpenTofu’s bed… I kind of get it. From a business point of view, I get it. Like, you need to send the ol’ hot and juicy. Fine. The part that really crawled up my nose was the part where we pretended that it was like a magical discovery. You know what I mean? And you know, it’s one thing for HashiCorp to send the ol’ hot and juicy, it’s another thing for anyone to never think about that person’s career. Like, there was a human being on the other end of that PR, and you accused them of theft. And you never even talked to them. You didn’t ask a single question of anyone involved. And journalist or no journalist, it just felt – it’s just gross. It’s gross. Like, you should have at least asked a question. And you didn’t. And that’s a bummer.

Gregg Tavares: That’s a hard question. There’s something called Play Canvas; I’ve never used… It’s one of the few full web-based, web-first engines, but I haven’t actually built anything in it. Unity is obviously very popular, and you can just click the button, export, and you’ll get something. It just comes back to that thinking about the web when you’re designing for the web, as opposed to just like throwing in all of Grand Theft Auto assets level in there and saying “Hey, you’ve got to wait six hours while you download this before you can start playing.”

Jerod Santo: Not the music from Grand Theft Auto. The vibe, BMC. Capture the vibe. You wanted a challenge, didn’t you?

Cory Doctorow: Oh, there’s a ton of them. So I’ll talk a little about interop – and as I say, I’ve got this other book coming out, “The internet con”, from Verso, in September, that’s just about interop. But audiences and artists get locked into platforms because platforms use the law and technology to block interoperability. Systems are intrinsically interoperable. Turing-completeness just seems to be like a thing we can’t get away from. I go to DevCon, Hope, or CCC, and there’s inevitably some presentation from someone who’s like “Hey, guess what? It turns out PostScript is Turing-complete, and I wrote a printer virus”, right? “It turns out that the scripting language for MySpace that lets you do animated GIFs is Turing-complete, and I wrote that MySpace virus”, right? You just can’t get away from it.

[54:03] You can always make interoperable things. The problem is that the normal interoperable things that we do - reverse-engineering bots, scraping, whatever - have become increasingly prohibited behind a wall of copyright, patent, trademark, trade secrecy, contract law, Terms of Service, and so on. We’ve created what Jay Freeman from the Cydia Project, he calls it “felony contempt of business model”, right? Like, when Apple wants to solve the fact that everyone who uses Windows uses Office, and Office for the Mac sucks, and so people are just throwing away their Macs because they can’t talk to Windows computers - they don’t like beg Bill Gates to make a better Mac Office, right? What they do is they reverse-engineer those Office file formats, and they make Pages, Numbers and Keynote. And they’re just like “Yeah, now it just works. You can switch from the Mac to the PC, PC to the Mac, you can send files back and forth…” And they even ran this ad campaign, this Switch campaign, about how you can just switch from one to the other.

So if you were to make a runtime, like an iOS runtime that let you leave your iPhone behind, or your iPad, and go to another platform, Apple would say that you’re a pirate, right? When they did it, it was progress. When you do it, it’s theft. They would nuke you until the rubble glowed. They would come after you with Computer Fraud and Abuse claim for violating their terms of service, they would say that you’re engaged in tortuous interference with contract, they would say that you violated Section 12.1 of the Digital Millennium Copyright Act by reverse-engineering, whatever.

As a practical matter, engineers can figure out how to do this. Engineers can figure out how to add extra app stores to platforms. We’ve got legislation pending in the US now about to be reintroduced, that came up in the last session, to create what’s called the link tax, where we’re going to say “If you talk about the news on social media, the media company gets a piece of it”, which is crazy. Talking about the news is like not a copyright violation. If you’re not allowed to talk about the news, it’s not the news. It’s a secret. But there are a couple of ways that tech platforms seriously steal for media companies. For one thing, every app has a 30% commission on every sale, to process a transaction.

Do you want to increase the subscriber revenue of every media company in America? Write a law that lets people install alternative app stores. And then there will be a race to the bottom for payment commissions. It won’t go to zero. It might go to 2%. So 28% increase on revenue for every subscriber, with one law. That’s more than you would get from a link tax. And that’s an interoperability measure, right? Letting people choose other software.

If you want to go even further, follow through on this law that we’ve got pending that forces the platforms to disaggregate their ad tech stacks, right? Google, or Facebook, they both operate a marketplace, a demand side platform and a sell side platform. It’s like the NASDAQ also owning the companies and the brokerages. Right? It’s like the referee owning the team. And so it’s no surprise that their share of income from the platforms for ads went from like 7% to 50%.

You want to increase the amount that ad supported media gets? Break up and make interoperable and disaggregated these ad tech stacks, so that they have to compete, so that they can’t just command these ridiculous shares of every dollar brought in in advertising.

So those are remedies that actually are about distributional outcomes, right? They change the amount of money being made by different entities. Not only that, but where we’ve had link taxes, like in Australia, where we created a link tax, the Murdoch Press took the link tax, gave it to its shareholders, and fired its reporters. Meanwhile, the smaller papers didn’t get the share of the link tax that the Murdoch papers did.

[58:09] So if we get rid of the app tax and the ad tax, then people starting small, independent publications are going to be able to get 100% of the revenue that they’re entitled to. It wouldn’t just be a gift to large media companies that could bargain for these rights. It would be a gift to everyone who makes media, including small, local, crowdfund-supported media platforms that are doing the shoe leather work of going into school meetings, and the waterboard meetings, and whatever. It’s not just a way to transfer money to private equity companies that have bought and strip-mined newspapers up and down the country.

So these are ways that technologists building interoperable layers like abstraction layers on top of things, or shims that sit between two different platforms, can actually help entertainers and media brands make more money by building something that audiences like better, while taking money out of the pockets of the big tech platforms that once promised you “Hey, this is a place that you can come and work for three years until you do your own startup”, and then said, “Oh, you’re not really going to be able to do your own startup, but I’ll tell you what - come work for us and we’ll give you massages and kombucha”, and are now like “Hey, guess what?”

Simon Willison: It really is, right? It’s absolutely a holodeck kind of thing. And honestly, it’s so close… I’ve seen people start to experiment with Minecraft already for this, because Minecraft at least it’s like meter-cubed blocks, so it’s easier… It’s so inevitable that this is gonna happen.

What I find interesting is - we’ve talked about compression before; if you can fit all of Stable Diffusion on a DVD, imagine a Grand Theft Auto game, where the textures and the buildings and so forth are all generated using a Stable Diffusion style model. You could fit the entire world on a DVD at that point, and have incredibly varied environments. And then the game designers become prompt engineers, right? A lot of what they’re doing is coming up with the prompts that will set up this area of this level, so that it works in these ways. And you’ll have potentially much higher-quality graphics because of that ridiculous levels of compression that you get out of this. So I feel the game side of this feels to me it’s going to be really fascinating.

Carl Johnson: Yes, that’s right. I’m the star of Grand Theft Auto 3 San Andreas. I don’t think I’m ever going to displace Carl Johnson of GTA. But at least for Golang Carl, I’m number one.

Jerod Santo: “The Verge has obtained an internal email from Apple’s CEO, Tim Cook, in which he reacts to numerous complaints from Apple employees about the Cupertino-based organization’s return to office strategy. Cook urges people to be patient, and says that plans are underway to take the company remote as soon as it makes sense.”

I feel like that was a pretty good description by me… Okay, next one. Good job. It’s not Jerod 3, Kball 2. So we’ve got a game.

“Woman arrested for car theft drove another stolen car to court appearance, according to Dublin police.”

Jerod Santo: Yeah, Mission Impossible is more theft.

Carl Johnson: It is CJ from Grand Theft Auto 3 San Andreas.

L Körbes: Oh, so I have a favorite – so there’s one that I learned playing Grand Theft Auto San Andreas, and it’s like “Does the Pope poop in the woods?” And it took me years to figure out what the hell that meant.

Mireille B. Reece, Psy.D: So it’s going to be painful at whatever time. But if I can learn to practice putting on gratitude, and I have had to practice this with my kids especially, because I love them; I’m so grateful for them, they were wanted… So every time a thought pops up of imagining something happening to them, or whatever it could be, that I have to go “Thank you. Thank you”, as long and as much as it takes in order to change that channel, because this is how I’m building a new neural network.

Remember when we talked earlier about “neurons that fire together, wire together”, so the more that I think a thought, the more that I’m running that play, my brain automates to that. So I wanna practice automating around the positive, that I can just see it.

There is a psychologist who wrote this book some years go called The Happiness Advantage. His name is Shawn Achor. He studied at Harvard, and he had this experience which prompted a research study around thoughts. He’d been playing Grand Theft Auto all night long, and he went out the next morning to go to class, and he saw the Cambridge Police, and he is like “Oh my gosh, I would get the max amount of points if I stole that police car right now.”

Adam Stacoviak: Like, if you were deep enough into credit card theft hackerism, could you get my card if you were skilled enough and extract information from the chip?

Jerod Santo: Very cool. Well, I will finish up swiftly here… I will just say – a little background on me: I grew up alongside the Nintendo Entertainment System, born in ‘82, grew up playing the original NES; specifically Legend of Zelda was my jam. I was obsessed with it as a young boy. In fact, I even had Zelda dreams, leading my parents to take it away from me for a while… I mean, I was into Zelda back in the day. Now that my kids are getting to the age where they like video games, I’ve just gotten back into my love of all things Nintendo. The Switch has brought me back, and so I started thinking… The cool thing about CodePen - there’s so much stuff on there that you can just go searching for stuff and you will find something amazing.

Now, I just typed the word “nintendo” in the search box to see what’s out there… What I’m really impressed with and I love on CodePen is all the pure CSS things, so this amazing thing made was nothing but CSS… It just continually blows my mind how skilled and knowledgeable these people are, and creative, in order to bend and twist the sometimes obscure CSS rules in order to create things that are amazing. So I grabbed a few, I will put them in the show notes.

I’ll just highlight one, since we’re getting short on time… There’s an 8-bit gaming room with a Nintendo and GTA(Grand Theft Auto). I’m placing this in the chat, so you all can look at it… It’s downright awe-inspiring. I’m not gonna describe it, because we’re on an audio podcast; click through, check it out… The stuff that people do, playable games in CSS only - very cool, very cool. That’s what I wanna highlight. I’ll put a couple more Nintendo-related pens in the show notes; I just won’t mention them here for time, but definitely check those out. Amazing stuff.

Chris, let’s close here… Well, first of all, did you get that number? Could you get the SQL query type data as we were talking, or you forgot about it?

Erik Kennedy: [01:03:56.01] Yeah, yeah… All apologies – I think Austen Kleon is the name of the author. But yeah, the whole point with that was - especially when I was just beginning with design, it just really struck me how much going and looking at what the best designers were doing, and then trying to imitate that, how much that helped. That was huge.

I’m certainly not in favor of lifting a design wholesale, but at some point, when you steal from enough places… Like, when you steal from ten sites that you love, that’s no longer called theft, it’s just creativity. That’s how creativity works. And at this point I’m sure I’m “stealing” so to speak from other sites and things that I’ve seen, and that I may not even remember seeing… I just remember tucking it away in my memory as that being some good idea, “How I could use this font to do this”, or “Hm, maybe if I do this with the color, it would work out nicely.”

So I just really encourage beginners, to the point of like – it’s called copywork, and I wrote a piece for Smashing Magazine on it; if you just search for “Smashing Magazine copywork” it’ll probably be the first thing that comes up… But it’s just going and recreating a design that you really like and admire, pixel for pixel. So you just open up Sketch, or Figma, or Photoshop, or whatever you’re using, and you just recreate that design in total, and that will teach you so many things if you try and imitate it perfect. If you try and use exactly the same fonts, and exactly the same positions, with exactly the same letter spacing and sizing and whatever, you’re gonna learn all these things that the designer is doing that you never would have thought of… And I give some examples in the article, too.

But maybe that’s a bit odd to recommend, because it seems so much like plagiarism, and obviously what I’m saying is not “Put this in your portfolio”, but instead–

Guillermo Cecchi: Yeah, that’s a very good example. We are studying actually a number of conditions using this approach, that was initially developed decades ago, to study cognitive decline. You can look it up, it’s called “the cookie theft task”, and there are variations of that. Essentially, you’re shown a picture - a hand drawing - of a typical 1940s-1950s Americana household situation; there is someone who seems to be a mother, doing the dishes, but she seems to be absent-minded. And there are two kids, a girl and a boy, and the boy is standing on his tool, trying to get a cookie from a jar. The task is just to describe that in your own words. It’s something that takes 2-3 minutes at most, it’s very natural, and variations of that can be used to be repeated very often, so you don’t get bored…

What happens is that when you analyze the content of that description of the task, what you say, what type of words you use, but also the structure - even the syntax of what you’re saying, how you’re constructing the sentences, and how flurried or how simplified your speech is, that contains a huge amount of information about your cognitive state. That has been used by manual writers, like I said, over decades, to have an estimate of your cognitive state… But now we can do that in a completely automated way, and we have shown that we can infer the clinical scales that are produced by the human evaluators with a very high accuracy, with the advantage that we can do this remotely, and like I said, we can do this at a very high frequency and without having to bring the patient to the hospital, or the clinician to the house of the patient. And it has value that goes even beyond the idea of measuring or estimating cognitive decline, because it can be applied to many other conditions… Because as I was saying, even something that on the surface looks so natural such as a picture, requires a huge amount of brain real estate, and any failure will leave an imprint in the way that you perform this task.

Perry Mitchell: Yeah, it’s identity theft, basically, and then they can use your identity, which at the base level is usually your email address - then they can use that to attack you further, or pose as you, or do whatever with that… So yeah, it’s quite damaging, of course.

Cory Doctorow: There’s a couple of these things. Back to DRM - disclosing defects in products that have DRM has led to security researchers in one case going to jail; the copyright office has heard testimony from security researchers, some of the most famous, best respected in the world, including Ed Feldman, who is now Deputy CTO of the White House, who’ve said they’ve found defects in things like voting machines and medical implants, and that they weren’t able to come forward with them because they felt that they would face too much liability under the DMCA. So that’s part of it.

The other part is though the Computer Fraud and Abuse Act. In the 1980s, we didn’t have any specific anti-hacking statutes, and it was kind of a problem because people would break into computers and raid their databases, and they’d have to be charged with the theft of one microwatt of electricity; it was kind of embarrassing, and it was not a sustainable thing. So Congress decided to make an anti-hacking law, but it’s hard to make a really effective anti-hacking law because hacking changes over time. Technology is a fast-moving target, so rather than spelling out a set of things that you were and were not allowed to do, they said that anytime you exceeded your authorization on a computer that didn’t belong to you, that you were committing a felony.

This has been a real problem, because it’s allowed companies to spell out your authorization by creating these ridiculous Terms of Service, these long, 1000 words of boilerplate, and then anytime someone does something they don’t like, they can threaten them or actually sue them, or have them arrested for violating the Computer Fraud and Abuse Act, and this also had been really problematic for security researchers, and other kinds researchers, too. Your listeners will probably know about Aaron Swartz who was this amazing open source and freedom activist who was allowed to download scientific articles using MIT’s network, but the Terms of Service said that using a script to do it was not allowed. And because he wrote a Python script to access files that he was allowed to access, he was charged with 13 felonies and facing 35 years in prison, and he hanged himself.

But you know, other researchers have fallen afoul of the Computer Fraud and Abuse Act. One researcher was looking at his AT&T customer record which had all of his financial details, and he altered the URL, he changed the number at the end of the URL link, he incremented it by one and found himself looking at someone else’s financial details, and all told he was able to look at hundreds of thousands of people’s financial details, which he then went public with; he didn’t publish their financial details, but he went public with AT&Ts sloppiness, and AT&T had him thrown in jail for changing the URL in his browser, because their user terms said you couldn’t do that. So right now, the American Civil Liberties Union is actually suing on behalf of a bunch of different kinds of researchers and news gatherers to invalidate the Computer Fraud and Abuse Act to address this question, to make sure that these true facts about the security of computers that we rely on are legal to discover and disclose, because companies are very poor trustees of their own embarrassing truths. They can’t be relied on to tell you when something that potentially could cost them a lot of money and face is true.