Links, October 3, 2025
The common theme among this week’s links is threat modeling. This is obvious for the first two, but think about it a bit more broadly with the second two, and a bit more broadly with the last one.
§Digital Threat Modeling Under Authoritarianism
Bruse Schneier doesn’t beat around the bush:
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling.
§A threat model for accessibility on the web
A great if long piece about a broad and difficult topic:
Instead, what too often happens is that web standards engineers with very little understanding of accessibility develop and push a design which creates accessibility risks, and then treat pushback from accessibility specialists as a debate, rather than a dialogue.
and
Again and again, accessibility as a topic in web standards is treated as simultaneously too trivial for specialists’ technical opinions to be given weight, but also too difficult to get right without a specialist volunteering to tackle the tricky details.
I see this pattern over and over and over again in open source software as well. It’s open! the designers can just pitch in! Of course they have to show they can be trusted to hack the code as well…
§Slack is extorting us with a $195k/yr bill increase
For nearly 11 years, Hack Club - a nonprofit that provides coding education and community to teenagers worldwide - has used Slack as the tool for communication. We weren’t freeloaders. A few years ago, when Slack transitioned us from their free nonprofit plan to a $5,000/year arrangement, we happily paid. It was reasonable, and we valued the service they provided to our community.
However, two days ago, Slack reached out to us and said that if we don’t agree to pay an extra $50k this week and $200k a year, they’ll deactivate our Slack workspace and delete all of our message history.
While apparently Slack has made this right thanks to all the attention this post received, it’s a sign that maybe “customer trust” isn’t actually a priority for the people who control Slack.
§Dark patterns killed my wife’s Windows 11 installation
This tragedy of dark patterns then neatly cascaded into a catastrophic comedy of bugs, where a full root drive apparently corrupts online Microsoft accounts on Windows 11 so hard they become essentially unrecoverable. There were no warnings and no informational popups. Ominous user accounts started to appear on the login screen. Weird suggestions to use corporate-looking security USB keys pop up. Windows wrongfully tells my wife the PIN code and password she enters are incorrect. The suggestion to change the password or PIN code breaks completely. All the well-known rescue options any average user would turn to in WinRE throw up cryptic errors.
This is the sort of thing those of us who are around them too much respond to with “Computers were a mistake”. I’ve tried a few times run Windows for music production purposes but typically give up on it after a while, but never again.
§Where’s the Shovelware? Why AI Coding Claims Don’t Add Up
I wish the AI coding dream were true. I wish I could make every dumb coding idea I ever had a reality. I wish I could make a fretboard learning app on Monday, a Korean trainer on Wednesday, and a video game on Saturday. I’d release them all. I’d drown the world in a flood of shovelware like the world had never seen. Well, I would — if it worked.
It turns out, though, and I’ve collected a lot of data on this, it doesn’t just not work for me, it doesn’t work for anyone, and I’m going to prove that.
It’s almost as if this technology takes advantage of our willingness to see faces in toast.