Google Drive is Finally Adding Shortcuts

By | News | No Comments

Shortcuts to files within your own Drive or a shared Drive. This is a game changer!

Google Drive will introduce long-asked-for file shortcuts feature

NYT launches ‘The 1619 Project’ to examine the legacy of slavery in America

By | News | No Comments

NYT launches ‘The 1619 Project’ to examine the legacy of slavery in America originally published on

In August 1619, as colonist John Rolfe wrote at the time, “twenty and odd Negroes” who were captured and taken from Angola arrived on the Virginia coast; they were promptly sold to wealthy English landowners, setting the stage for slavery in America for centuries to come.

To recognize the 400th anniversary of the arrival of those first enslaved Africans in what would become the United States of America, The New York Times is launching what it’s calling The 1619 Project, a three-month editorial series anchored by a special issue of The New York Times Magazine, out Aug. 18, devoted to slavery’s history and legacy in America. The 1619 Project will also include a five-part audio series, recurring stories in the Times itself and a handful of live events in New York and Washington, D.C.—the sum total of which will be adapted for an educational curriculum designed in collaboration with the Pulitzer Center to be distributed to high schools and universities in the coming months.

Spearheaded by investigative journalist Nikole Hannah-Jones, who covers racial injustice for the Times, the project has enlisted prominent black writers and artists to contribute, tackling topics including slavery’s impact on modern labor practices and the influence of race on medical care.

In advance of the launch of The 1619 Project, Ad Age sat down with Hannah-Jones at The New York Times headquarters in Manhattan along with NYT Mag Labs Editorial Director Caitlin Roper, who has been involved in helping the endeavor manifest across multimedia and educational platforms.

This interview has been lightly edited for brevity and clarity.

Tell us how The 1619 Project came about.

Nikole Hannah-Jones: Back in 1992, I read this book called  “Before the Mayflower,” and it starts in the year 1619, because that’s the year the first Africans were sold into Virginia. And I’ve literally been obsessed with that date since then. I knew the anniversary was coming up, and I just kept thinking that I really wanted the Times to mark this anniversary in a really substantial way. Four-hundred years seemed like this could be the time where we could finally talk about slavery and its legacy in a way that we just simply haven’t as a nation. 

The 1619 Project involves journalists, academics, artists, poets, etc. Can you talk about the scope of the project in terms of manpower and how it grew?

Hannah-Jones: We believe that part of telling this story is picking some of the most laureled and talented black writers and artists to tell it, because we’re here because of slavery. Initially, I gathered a group of historians, some of the people I most admire, and I called them into a brainstorming meeting and asked, “What should we be covering? How would you cover this?” Because I certainly didn’t want the weight of deciding how we cover 400 years of history on my shoulders.

Then Jake Silverstein [the editor-in-chief of The New York Times Magazine] had this idea that for so many of the moments over the last 400 years, there’s no written record of them and we can’t actually picture what happened. So he thought it would be great to ask writers and poets to reimagine narratives or write original poems around these points in history. 

And let me be the first to say that I am surprised at how big the project has gotten and how much internal support there has been to do something about a very hard subject. I certainly did not expect that people would be so excited to tell this story. 

Caitlin Roper: It has grown and grown since then, and it’s still growing!

So how did it go from a special issue of the Times Magazine to encompassing an audio series, live events, digital elements and so on?

Roper: If we believe we’ve been poorly educated about slavery in this country, which we do, what could we offer people that would be a response to that? A palliative measure in some form of education about the basics of the history of slavery. And so we decided that would be our goal. But we realized we needed to span a larger time than just the release window of the [magazine] issue, because there was so much we wanted to tell and other ways to manifest this project. 

Hannah-Jones: Because of this particular moment that we’re in, in our country, there’s actually a tremendous thirst for understanding, of trying to grapple with what we’re seeing right now. I also think the beauty of the stories that we’re trying to tell is, this is a history that everyone thinks they know, and they really don’t. We hope to inform people and educate people and maybe transform people.

I mean, we’re the paper of record, and I think all of us have felt the weight of that, and the weight of what an institution like this can do if we really choose to tackle looking at this original sin. So we’re printing more than 200,000 additional copies [of the Aug. 18 issue of The New York Times Magazine] that we are distributing for free. It was really important that not just people who would be your typical New York Times subscribers will get access to what we’re trying to do.

Given the current political and racial climate in America, what do you think is important for readers to take away from The 1619 Project?

Hannah-Jones: Why is it so hard for people to talk across their political, social and cultural lines? I would argue that it goes back to being a country that was founded on a paradox—or, one could say, founded on a lie. And if people really want to understand not just this moment, but how we got here, I think this project will provide a very good roadmap.

On a personal level, what does this project mean to you?

Hannah-Jones: I’m the descendant of people who were enslaved in this country. This history is extremely personal to me, and I’ve spent my career writing about the black communities that have suffered the brunt of this history. And while I hope that we will educate a lot of white people about this history, I also hope that this will give black Americans a much stronger sense of themselves. America would not be America without us. 

So yes, it’s a great journalistic endeavor, but it is also something that I feel like I was born to do. My grandmother cleaned houses for a living, she was never able to live out any of her dreams, but everything that she went through, and everything that her parents went through, and her grandparents went through, created this moment for me to be here and do this project at the time. I think about that every day. 

Roper: Amen.

Hannah-Jones: I think we cannot move forward unless we actually acknowledge the truth of our history, as so much time has been spent trying to obscure the truth. We have to admit what we have done, and we have to admit the harm that’s been done. And then once you acknowledge the harm that’s been done, you actually have to take steps to undo the harm. This project is not about making white people feel ashamed. But you have to acknowledge that we still are living under that legacy, and while we can’t do anything about what happened in the past, there is an obligation to correct it now.

Roper: We hope people read it. We hope they listen to the podcast. We hope they engage with it. We hope that the project lives; that we launch it, and then it lives on beyond what we have started here. 

Hannah-Jones: I just hope people understand this story we’re telling is an American story. This is not black history. This is the story of America, and so I think it is a story that everyone should learn.

Editor’s note: The event component of The 1619 Project launched Tuesday at TheTimesCenter in Manhattan with an evening of conversation and performance featuring Nikole Hannah-Jones, Jamelle Bouie, Mary Elliot, Eve Ewing, Tyehimba Jess, Yusef Komunyakaa, Wesley Morris, Jake Silverstein and Linda Villarosa. An archived video of the livestreamed event is embedded here:

The US Navy says no to touchscreens—maybe automakers should, too

By | News | No Comments

The US Navy says no to touchscreens—maybe automakers should, too originally published on Ars Technica

Seaman Timothy North stands watch as the helmsman on the bridge of the Arleigh Burke-class guided-missile destroyer USS Forrest Sherman (DDG 98). Forrest Sherman is participating in a sustainment exercise with the Harry S. Truman Carrier Strike Group, an integrated, comprehensive exercise designed to ensure the strike group is ready to meet all mission sets and carry out sustained combat operations from the sea. (U.S. Navy photo by Mass Communication Specialist 3rd Class Raymond Maddocks/Released)
Enlarge / Seaman Timothy North stands watch as the helmsman on the bridge of the Arleigh Burke-class guided-missile destroyer USS Forrest Sherman (DDG 98). Forrest Sherman is participating in a sustainment exercise with the Harry S. Truman Carrier Strike Group, an integrated, comprehensive exercise designed to ensure the strike group is ready to meet all mission sets and carry out sustained combat operations from the sea. (U.S. Navy photo by Mass Communication Specialist 3rd Class Raymond Maddocks/Released)

Specialist 3rd Class Raymond Maddocks | US Navy

The US Navy has had enough of touchscreens and is going back to physical controls for its destroyers, according to a report last week in USNI News. Starting next summer the Navy will refit its DDG-51 destroyer fleet with a physical throttle and helm control system. The effort is a response to feedback the Navy solicited in the wake of a pair of fatal crashes involving that class of ship during 2017.

In June of that year, seven sailors were killed when the USS Fitzgerald collided with the MV ACX Crystal, a container ship. In August, 10 US sailors were killed when the USS John S McCain hit another container ship, the Alnic MC.

On August 5, the National Transportation Safety Board published its report into the USS John S McCain incident. Although the agency found that the probable cause was “a lack of effective operational oversight of the destroyer by the US Navy,” it also criticized the ship’s complex throttle and steering touchscreen controls.

As we reported in 2017

, when a sailor was instructed to transfer the throttle control to a different workstation, they also transferred the ship’s steering control at the same time. Unfortunately, the Integrated Bridge and Navigation System was being run in a backup mode that did not safeguard against this happening.

“[I]t goes into the, in my mind, ‘just because you can doesn’t mean you should’ category. We really made the helm control system, specifically on the [DDG] 51 class, just overly complex, with the touch screens under glass and all this kind of stuff,” said Rear Admiral Bill Galinis during a recent speech quoted by USNI News.

It’s a warning that the auto industry could do well to listen to. Touchscreens continue to proliferate into car infotainment systems, a trend fueled by the plaudits given to Tesla for its huge touchscreens as well as a general belief that CES-primed customers are asking for more and more consumer tech in their vehicles. But there’s mounting evidence that touch interfaces are an awful idea for a driver who is supposed to be—literally—focusing on the road ahead, not hunting for an icon or slider on a screen.

Exclusive: Automattic CEO Matt Mullenweg on what’s next for Tumblr

By | News | No Comments

Exclusive: Automattic CEO Matt Mullenweg on what’s next for Tumblr originally published on The Verge

It’s been a long and winding road for Tumblr, the blogging site that launched a thousand writing careers. It sold to Yahoo for $1.1 billion dollars in 2013, then withered as Yahoo sold itself to AOL, AOL sold itself to Verizon, and Verizon realized it was a phone company after all. Through all that, the site’s fierce community hung on: it’s still Taylor Swift’s go-to social media platform, and fandoms of all kinds have a home there.

Verizon sold Tumblr for a reported $3 million this week, a far cry from the billion-dollar valuation it once had. But to Verizon’s credit, it chose to sell Tumblr to Automattic, the company behind WordPress, the publishing platform that runs some 34 percent of the world’s websites. And Automattic CEO Matt Mullenweg thinks the future of Tumblr is bright — he wants the platform to bring back the best of old-school blogging, reinvented for mobile and connected to Tumblr’s still-vibrant community. And he’s retaining all 200 Tumblr employees to build that future. It’s the most exciting vision for Tumblr in years.

Matt joined Verge reporter Julia Alexander and me on a special Vergecast interview episode to chat about the deal, how it came together, what Automattic’s plans for Tumblr look like, and whether Tumblr might become an open-source project, like WordPress itself. (“That would be pretty cool,” said Matt.)

Oh, and that porn ban.

Interview transcript condensed and edited for clarity.

Nilay Patel: How did this deal happen? Did Verizon call you? Did they send you a 5G Samsung phone with a note on the screen?

That would’ve been awesome.

I’ve long been a fan of Tumblr, I’ve been using it pretty much since it started. There’s been some features on WordPress certainly inspired by Tumblr over the years, and I was bummed when it sold to Yahoo, which was 2013 now.

For $1.1 billion dollars.

$1.1 billion dollars. And I was very happy for the team. And I was a little relieved as a competitor, because Tumblr was so cool, and at the time Yahoo was not cool. But around this [deal], you know, I believe Verizon reached out to a number of folks, and also had a ton of folks incoming, because the news of Tumblr being for sale did leak to the Wall Street Journal a few months ago.

So I know that there was a lot of incoming, a lot of good bidders. I’m really glad that they chose Automattic to be the home for it, because I do believe that we’re the best place that Tumblr could be in terms of what we do, what we’re passionate about, what the teams already do. There’s a lot of overlap between and Tumblr. I’m really glad that this is how it ended up. It was a difficult process.

I want to talk about the future of Tumblr, but the purchase price was reportedly three million dollars. Can you can you confirm that?

I like how y’all just ask the same questions.

It’s the question, so A, I think I’m obligated. And B, it’s a pretty precipitous drop in value. So I’m curious if you can discuss that.

Sure. We’re deferring to Verizon on all the details there. It’s really up to them what to disclose or not.

I can talk more generally. I just did a blog post about this. Verizon is a company that does over $120 billion dollars in revenue. They got Tumblr through Yahoo, which then merged with AOL, became Oath, got bought, became Verizon Media. It’s something they inherited a few levels down.

Their top priority was not trying to maximize the purchase price — there might even be a corporate reason for the purchase price to be lower, for taxes or something. They were really looking for where the best home was going to be. That was really where we tried to optimize the deal, especially in terms of bringing over close to 200 people. We’re taking them all on. I am aware of some of the details of some of the bidders — you know they were not planning to keep much, if any, of the team going.

We did more of a Berkshire Hathaway approach: we really want to bring over the management team, take what was working well, which is Tumblr’s engagement,and grow from there.

Most people listening to a show like this are not in your shoes very often, where you go out and buy a legendary internet property. Describe what it was like going through that process.

Actually, people send us stuff all the time, so we look at at least a few acquisitions a week. Most are not a good fit.

There was a deck they had. We went over and met the management team and a few folks who work on the Verizon Media and Verizon side of things. I had some contacts at Verizon that I pinged separately. Then there was a diligence process to try to find out as much information as you can about the business. You talk about possible outcomes. You just kind of figure out what works best for both sides. We always approach deals from kind of a win-win. What I like to do is understand what motivates the other side, and what’s most important to them and then know try to find the intersection, the Venn diagram overlap of of what you’re able to do and what’s important to you.

So were you most engaged with Verizon or with Tumblr folks?

That’s actually a good question. Both. We both interacted with the Tumblr folks and it is kind of Verizon running the process. They have some extremely experienced corporate development and lawyers and everything.

Verizon? Lawyers? I don’t believe it.

I’ll say their lawyers are super good. Some of the agreements that came over were like whoa!

The team at Automattic is very tiny but powerful and we worked really really hard to make this happen. There was an exclusive period and then the deadline, and we got everything signed up on Sunday.

So the deal’s closed? Tumblr is an Automattic property now?

We are all signed. I believe that terminology is the deal is “subject to customary closing conditions.” So it’s going to take, call it a few months to actually transfer everything over. But now we’re all signed and agreed, so it’s basically 99 percent of the way there.

So that’s the deal. What do you want to do with it?

One of the things that really surprised me is I thought —as probably many do — that Tumblr had kind of died under under its variety of corporate parents. And then actually being able to see some of the numbers, including some the numbers post-when they changed the adult content policy. I was like, “wow, this has still got a ton going on.”

We’ll be able to talk about more of those numbers after the close, because I think they’re really really interesting. But like I said, it actually hasn’t transferred over yet, so I don’t want to speak out of turn. But there’s huge engagement. The people who love, love Tumblr use it every day. They have more daily active users than has monthly active users. They’ve really cracked a lot of the social side of it.

In terms of what we want to do, one thing that also impressed me was just the team, the people who are still there and working on Tumblr are really passionate about their community, about what this offer could do. I know that they have a lot of things that they want to launch and do — some that are even already fully built that — that while this process was going on, it didn’t really make sense to add new things that change your service.

It’s a very innovative team as well. Tumblr pioneered a lot of what later would show up on Twitter, Instagram, WordPress, all sorts of other places. So it’s always been a very creative team, and I really am looking forward to seeing that just unleashed.

I guess we’re still a corporate parent but we’re very friendly one, and we’re all about blogging, innovation, publishing communities. So I would love for Tumblr to become a social alternative. That’s in line with Automattic’s values around privacy, and freedom of speech, and publishing, but has the fun and friendliness of some of the other networks we use, but without that democracy destroying… oh, I don’t know what you want to call it.

I think you want to call it Facebook. Is that your goal, to go right at Facebook and Twitter with Tumblr?

No, not at all, because I think that we’ve always had some different models. Advertising is definitely something we’re going to explore, we do definitely want to grow Tumblr’s revenue. Right now they’re burning a lot of money. But long-term I would say I’m also super interested in experimenting with upgrades. has always been an upgrade-centric model. It’s freemium: use it for free and then you can buy plans anywhere from 40 dollars to 450 dollars per year to get added functionality. I’m curious about turning on things like some of the e-commerce functionality we’ve been developing with Woocommerce, memberships., those things I think would be very, very interesting to the Tumblr community. So there’s just so much to unlock there.

Julia Alexander: The Tumblr community has watched as executives from Yahoo and Verizon came in and tried to grow something that they really didn’t understand. Famously in 2016, a Yahoo executive reportedly said Tumblr is the next PDF. It’s now a major joke in the community.

You’re coming in, you’re the new corporate overlord, how you’re going to prove that you know what Tumblr is and should be, in a way that doesn’t make them feel more alienated than they already are?

If anyone had nervousness now, I would just say look at Automattic’s 14-year history or WordPress’s 16-year history. We have a long track record with these things, including building a lot of trust in an open-source community, which, by the way, is usually also very skeptical of any company at all.

But really I would love for people to judge us by our actions over the next 18 months. Call it two months to close, it’s going to be a few months of integration and the migrating data and servers and everything like that. But then after that really look at what happens and ultimately, that’s all I always want to be judged: by our actions.

Nilay Patel: Obviously Verizon decided that adult content was going away. You tweeted last night, “If people want big policy changes here, put pressure on the app stores of Apple and Google, no one else has any leverage.” What did you mean by that?

This is a very nuanced issue.

Every layer of tech policy is implicated in that conversation.

Yeah. And some people say, well do you need to be in the app store? Just have a web version. But apps really are it, and I believe Tumblr is one of the top 30 or 40 apps in the social networking category. It’s usually top couple hundred globally. So their app is a big part of how people interact with it.

And I don’t know if you’ve ever been through an app review process; we’ve even run into this on WordPress. They’ll search for porn. It’s not like it needs to be on the homepage or on the sign-up, they really look for it. And if they find something you can be taken down.

And, by the way, it’s arbitrary. Maybe they something you launched a year ago now they’re saying it’s not allowed. App stores can be kind of fickle. Not capricious, but it sometimes feels a little arbitrary. Honestly, I think if you’re going to be there, if you’re going be on the app store, you want to try to play by what they what they support.

The more nuanced and broader issue, which I think is affecting every place that has user-generated content, is that pretty much everyone has moved beyond saying, “hey, if it’s First Amendment, if it’s not illegal, if we don’t get a legal order to take it down we’re happy to host and promote it.” And now everyone is realizing, well, there’s a lot of stuff that’s not legal that you maybe don’t want to spread everywhere else.

When you talk about the adult content on Tumblr and the changes that they made, it’s really like four or five issues mixed in there. There was definitely spam. I was more active Tumblr user eight or nine years ago, and when I logged back to check it out, my feed was full of nude pictures that were linking to a spam site. This wasn’t had it wasn’t something I had subscribed to, but it was a tumblog that had been taken over by spammers and they were posting five times an hour with ads for some sort of chat site. Spam, essentially.

There is lots and lots of shades of grey in between, and I do definitely want to learn more. There’s been a lot of different communities on Tumblr and some of the baby might have been thrown out with the bathwater, so with any sort of policy or algorithm or AI or whatever that’s doing the filtering, you want to evolve it and make sure that you’re blocking what you say you want to block, and not catching legit content as well.

You could do that stuff on the web, you could evolve the content policy and make it maybe less restrictive there. But in the app you’d still be stuck inside of whatever Apple and Google want?

That’s my understanding.

You know another thing people ask is well, how do Reddit and Twitter or get away with it? Because both have tons of adult content. I don’t know. I’m actually curious.

I believe Reddit has a setting you do on the web, but then if you turn that off you can get more adult stuff in the app? But I wonder if that just works because Apple hasn’t noticed it yet, or if it’s actually something that is allowed within their policies. I don’t know.

I will say that overall, a really thriving home for adult content is probably best for a company or a website which is totally dedicated to it. I know a bunch of sites popped up after the policy change in December, so I mean that might be a better future versus someplace where there might be a gray line or an evolving policy.

WordPress is a huge platform for all kinds of creators. It has obviously different monetization models as you said. Entire massive media publications are hosted on WordPress and individuals use WordPress. Do you expect that kind of scale for Tumblr or do you expect it to be more of a social network?

The primary user experience is going to be that social network. But there’s no reason that VIP or really high-end users of WordPress can’t tap into that social network and a really native beautiful integration.

One of the things that Facebook did after Cambridge analytics is they actually removed all their posting APIs. So you used to be able to post to WordPress and we would auto- post to Tumblr, Twitter, LinkedIn, Facebook etc., and they turned off those API is after Cambridge Analytica. No one really objected or talked about it too much, but effectively they turned off the part that allowed you to put external content into the Facebook news feed and everything.

That was actually a big change in how the open web worked because previously all of the social networks had had some sort of way to get things in and out. Tumblr for example used to have RSS feeds so you could follow things that weren’t actually hosted on Tumblr. I would love to bring features like that back because I would love for Tumblr to be a better part of the open web.

It really sounds like you want to be a competitor to the big social networks in terms of user attention, openness, politeness, strength of community. Is that what you’re aiming for?

I want to create a place on the web which is fun and supportive and substantial. You’re an old-school web user — at one point blogging had a real magic to it. A frisson. You’d have blog rolls and links and people would follow and comment and you’d keep up with things and it was a really, really nice social network. But it also was totally distributed and people had their own designs, and all those sorts of things. I think we can bring some of that back and reimagine it in the mobile world which is where Tumblr is also super strong.

Julia Alexander: Tumblr also has a bunch of major issues. It’s seen a huge rise in extreme ideology on the platform, it has seen major issues around mass shootings and the way [some users] glorify shooters that [Tumblr has] had to address. It’s become a huge issue. I just feel like it doesn’t it talk about as much because it’s not as big as Twitter. Do you plan to actively go in and try to clean this up, or are you just going to leave it be in the way that Verizon has?

These are these are very very difficult problems. so I do not want to trivialize or say that anything, even if you work really hard on it, will be 100 percent. But at one of the things that excites me is that Tumblr has a great trust and safety team, and so does the rest of Automattic that works on These teams have a lot of overlap, and I’m looking forward to them working together. One of probably the first things that we’ll try to harmonize across acquisition is just say, “Hey, we’re doing 99 percent similar work. Let’s make sure our policies are consistent.”

Tumblr has some really amazing automated tools that we don’t have on that work really well. And what have we navigated with the nuance of content that people host on WordPress, and how can we use that to inform and really encourage a healthy community on Tumblr as well.

Nilay Patel: Do you see these platforms coming together? I get the sense that you intend to keep them apart, which makes sense: one is that a very user-centric social network, the other is a publishing platform. But do you do you envision them coming ever closer together, or just more on the policies, procedures, backend stuff?

I think there’s a lot of overlap in what both do. I would love for them to interoperate. I do believe that long-term there’s an opportunity to merge backend technology so that Tumblr is actually powered by WordPress. WordPress, we think of as the open web operating system — it powers 34 percent of web sites now. It should be able to power everything that Tumblr does, but what I would call the Tumblr app, the user experience, the dashboard, that will always be its own unique thing and evolve in its own way because it is something distinct from everything else on the web. That’s what I think is the most interesting thing about Tumblr: it’s a unique, iconic brand that I’m looking forward to being around for decades to come. It has something that’s just a bit different.

It’s funny because almost every social network evolved to incorporate forms of blogging. There was microblogging, photo blogging, audio blogging which is podcasting. These are all kind of forms of things that were originally pioneered on blogging. Yet all of these things have become so balkanized. I think it’s very, very interesting to see if you can bring them together a bit, as Tumblr post formats do.

What kind of experience people can create for themselves, and really make it something where they choose what they follow? They’re not just being algorithmically pushed whatever is the most incendiary thing that might be in their feed.

I’m getting some like strong Google Reader vibes from you. Not that you’re going to build an RSS reader. But it’s still lamented that it’s gone; it was the application that brought together an entire ecosystem of blogs. Is that role something you can fill?

There’s something super valuable there. When you think of time well spent online, when you think about people getting more control over how they put their attention and their time. Think about their data: are they investing their data into a place where it can come back out? Where it benefits them as much if not more as it benefits whoever is hosting them or whatever software they’re using? Do they have true ownership?

These are all things that never go out of style. We have peaks and troughs of openness on the web. I think we are exiting a trough. If you think 2016 was the peak of the closed social networks and proprietary software, we are seeing incredible growth of open source, of distributed systems, whether that’s in information, whether that’s in blogging, with money, with crypto and everything related to that. These are powerful revolutions that are going to play out over the next 15 to 20 years, but it’s only going to go up from here.

This is also my life’s work. I’ve worked on this for 16 years. I hope to work on these issues literally the rest of my life. So I want to keep working to create the kind of web that if I ever have children that I want them to grow up with.

Julia Alexander: You said you wanted to introduce more advertising to Tumblr.

I don’t know if “more” is the best word. But I do think that the advertising they did do is significantly lower than what you would expect. It makes it significantly less than what you would expect for the amount of traffic and audience.

Tumblr is such a niche audience — it gets away with being so weird. That’s why people still love it. It’s weird whether it’s fandom, or it’s just weirdness in general. Do you worry that bringing in ads will affect the community?

I think there is an opportunity there. My understanding is right now most of the ads are programmatic, which means network ads.

It’s not where, say, movie studio or a specific advertiser who really understands the Tumblr audience is saying “this is who we want to reach with a message we want to target to them specifically.” So, that’s an experiment, of course. But I have high hopes that the weirdness —what I would describe as the beauty of the Tumblr community — is actually really, really appealing. And we should do a good job with advertising. Now I will also couch that by saying Automattic is not an advertising company. We’re a subscription and upgrades company. So perhaps the advertising thing doesn’t work out, and it’s all more subscription-based. I think that can be really healthy and really positive as well.

Nilay Patel: How do you think about the relationship to creators? Is there a way to empower and compensate the creators? Tumblr is such a force of culture. Is there a way to give back to it in a way that isn’t just a transfer of value to BuzzFeed?

Let me talk about what we do for that on So one, we have upgrades you can buy and get additional customizability. And yes, it’s a cost, but you can get so much more power and control over your site, including things like your own domain name. It’s not bad, you know, it’s a week worth of Starbucks or something. It’s not a huge investment for your complete online presence.

We have a program called WordAds that allows people to run ads. We essentially bundle everyone together, we can do really advanced things like header bidding and other things to ensure quality and do a revenue share. So you can have your own ads on the site and make money from that traffic. We’ve also been launching features around monetization or e-commerce. So there’s a simple payments button, there’s some membership stuff that’s launching soon, all the way up to full e-commerce. There’s store’s that do over $100 million a year in annual revenue built on Woocommerce.

So from the simple PayPal-like pay me now button, all the way up to sophisticated stores, are things that you can do on WordPress. And we see literally north of 10 billion of transactions a year ago through that, and growing fast, so I would love to open some of that up to the Tumblr community. These are things we’ve built already.

How it fits or works for Tumblr is really going to be up to that team. You know they understand that user base and that community better than anyone else in the world. So I’m very curious to see how some of the raw materials and the technical things that we’ve already built inside the rest of Automattic, how they think that will fit best with the Tumblr community. I personally would be really excited about memberships or some sort of recurring payment.

Are you going try to integrate your engineering teams or are you going to leave them alone at first?

We’ve done a few acquisitions like this before. You want to integrate gently: look at where things make sense and do that first, show success, and then start to expand.

Long term, like I said, there’s a lot of overlap between and Tumblr. There’s also a lot of things that are totally different, and I could see being independent forever. But especially from an engineering point of view I am excited to build more things using React and APIs that might actually be reusable across them. So even though we could have some some code sharing across apps. As you know WordPress. com including Calypso, which is our front-end, is a hundred percent open source. So that’s all there and we can see what kind of code sharing, or maybe what we can open source on the Tumblr side.

You going to open-source Tumblr?

That would be pretty cool.

How soon until Verizon’s weird ad-tracking pixels are gone from Tumblr?

That’s a good question. I would say, for all of those things expect things to be kind of the same until we do the close. Think of that being October. We’ll really start to look at our systems. So Automattic has an approach to GDPR, an approach to tracking pixels, we’re very privacy-focused company. We’ll really start to try to integrate what Tumblr does with what we found works really well on, Longreads, Simplenote, our other products.

You’ve spoken to the employees of Tumblr. This is an opportunity to talk to the people who use Tumblr, the community. What is the thing that you want them to know the most?

First, I’ll say thank you for using Tumblr and sticking with it. Second, I would say that I hope and believe that Tumblr’s best days are actually ahead of it. That as an independent company again, as part of an independent company, it has the opportunity to be responsive, agile, and creator-centric in a way it might have been constrained in some ways since 2013. So stick around. Try it out, and keep an eye out especially over the next six to 12 months for some of the new stuff that’s coming.

Microplastics Are Blowing Into the Pristine Arctic

By | News | No Comments

Microplastics Are Blowing Into the Pristine Arctic originally published on Wired

Welcome to the year of the plastic menace, a nonstop flow of terrible news about how the ocean and its organisms are choking on macroplastic, while microplastic particles—bits less than 5 millimeters long—are wafting their way to supposedly pristine mountaintops in Europe. It seems nowhere is safe from microplastic pollution, not even Monterey Bay in California, which otherwise is one of the greatest conservation success stories in history.

Now there’s yet another reckoning over humanity’s hopeless addiction to plastic. Researchers and citizen scientists collected snow from two dozen locations, ranging from remote Arctic ice floes (floating chunks of ice, essentially) and the Norwegian archipelago Svalbard to northern Germany and the Bavarian Alps. The results are devastating: In its highest concentrations in Bavarian snow, microplastic particles numbered 150,000 per liter. In Arctic snow, the highest sampling was less at 14,000 per liter, but perhaps even more horrifying in its context, given the northern remoteness of the location.

Matt Simon covers cannabis, robots, and climate science for WIRED.

The big question is, where are these microplastic particles coming from? The researchers couldn’t nail down an exact location, but they reckon the particles are blowing in from the cities of Europe. “Snow ‘scavenges’ the particles in the air and brings them down,” says marine ecologist Melanie Bergmann of the Alfred Wegener Institute for Polar and Marine Research, lead author of a new paper in Science Advances. There’s precedent here too: Previous work has shown that pollen, which is about the same size as these microplastic particles, also travels great distances north into the Arctic.

The types of plastics Bergmann and her colleagues found may lend some clues as to their origins—a lot of rubber and polymer varnish in particular. “That kind of surprised us, because how do varnish particles make it into the air and so far north?” Bergmann asks. Ships are coated with varnish to ward off fouling organisms, but if was coming from them, you’d expect the particles to show up in water, not in snow samples. “But then on land you have all the cars basically painted with varnish, which often contains polymer. Many buildings nowadays are also painted with varnish. Offshore platforms have these, so it’s actually quite a widespread thing.”

Also, nearly all of the plastic that researchers think enters the environment goes missing. “At the moment, that’s a big question in this field of research,” says Bergmann. “Where’s all the plastic? Because it’s estimated 8 million tons of plastic is being carried into the ocean every year, and we’ve only found about 1 percent of it.”

A bit of caution with this research: The scientists found quite a bit of variability in the concentrations of microplastic particles they found in the snow samples. So that sample from Bavaria that tallied 150,000 particles, they took near a road—the other two Bavarian samples were closer to 5,000 particles. And the ice floe sample of 14,000 particles stands in contrast to the other ice floe samples, which tallied very few or even zero particles. This raises the specter of contamination by their sampling equipment—though the researchers argue that none of this equipment contained varnish, the main polymer they found in the snow samples.

The complicating factor here may not be methodological, but temporal. The researchers can’t know when these particles landed in the snow, so some areas may be cursed with certain wind events that deposit a plethora of microplastic. “We have a lot of uncertainties with atmospheric plastics because we don’t know how it behaves in the atmosphere,” says Steve Allen, an environmental pollution scientist at the University of Strathclyde, who wasn’t involved in this new work. “It could be flux coming from a particular weather pattern and it wasn’t noted. So it’s entirely possible that they’re quite correct, that those numbers are right.”

In addition, the paper didn’t focus on the color of the particles. This is important from a toxicological point of view, says University of Aveiro analytical chemist João Pinto da Costa, because some organisms ingest microplastics due to their color, mistaking them for prey. But there’s also a potential climatological impact here. “If white snow becomes contaminated with colorful materials, it could affect the degree of light reflection and, in the long-term, could contribute to climate change as well,” he adds.

This work builds on troubling research from University of Strathclyde environmental pollution scientist Deonie Allen (the spouse of Steve Allen), who found microplastics in the French Pyrenees. “If it’s meant to get to the Arctic, then there isn’t anywhere in the Northern Hemisphere that you could logically say, ‘Well, I highly doubt it’s going to be here,’” says Deonie Allen. “There’s no logical reason why it wouldn’t have got there.”

What effect all this plastic is having is largely unknown. There’s very little data on how microplastics might be affecting organisms and even whole ecosystems. It’s hard to do controlled microplastic studies in the ocean—you can’t just dump the material in the sea and watch what happens. Even if that were ethical, you’d be hard-pressed to find a bit of ocean that isn’t already dosed with microplastic to act as your control.

“It’s estimated 8 million tons of plastic is being carried into the ocean every year, and we’ve only found about 1 percent of it.” —marine ecologist Melanie Bergmann

In the lab, researchers can expose organisms to microplastic, sure, and show for instance how chemicals leaching from plastic might inhibit the growth of the bacteria that sequester CO2 and pump oxygen into the atmosphere. “But they use really high concentrations to be able to show mechanisms where things accumulate in organisms,” says Bergmann, the lead author on the new paper. “Luckily we haven’t reached these really high concentrations in the Arctic so far.” It’s worth noting, though, that up in Canada, researchers may soon start using remote lakes to do microplastic pollution studies, which could yield pivotal insights into how the stuff might be affecting ecosystems.

We need that data, and we need it fast. Half the plastics ever produced have been made in the last 15 years, and that plastic mania shows no sign of abating. That could have serious implications for human health (we are, after all, readily breathing and ingesting the particles), not to mention the health of an entire planet that’s been poisoned with microplastic.

“We’re madly trying to find out what is safe, how much the environment can handle,” says Steve Allen. “But in reality, we’re probably going to reach that well before we know what it is.”

More Great WIRED Stories

Marvel and Stitcher announce a new podcast based on the Marvels comic miniseries

By | News | No Comments

Marvel and Stitcher announce a new podcast based on the Marvels comic miniseries originally published on The Verge

Marvel and Stitcher have announced their next superhero podcast partnership: a radio drama adaptation of Kurt Busiek and Alex Ross’ limited Marvels series, which sees news photographer Phil Sheldon trying to get by in the chaos of a superhero world. The podcast marks the third collaboration between Marvel and Stitcher, following Wolverine: The Long Night and its sequel Wolverine: The Lost Trail.

The scripted Marvels series is meant to coincide with the 25th anniversary of the comics series, and it will largely follow the same story, seeing Sheldon (and other ordinary, non-superpowered people) deal with the aftermath of an attempted invasion by the world-devouring Galactus and his battle with the Fantastic Four.

According to the announcement, the Marvels podcast will see these ordinary people “embark on an investigation to confirm or debunk one of the most super-powered conspiracy theories of all time.” It sounds like the show will be offering a more grounded, personal take on the superhero genre, much like the two Wolverine series, which looked to emulate modern podcasts like S-Town and Serial.

Much like the Wolverine shows, which starred The Hobbit’s Richard Armitage, Marvels will also feature a star-studded cast, with Clifford “Method Man” Smith as Ben Urich, AnnaSophia Robb as Marcia Hardesty, Ethan Peck as Mr. Fantastic, and Seth Barrish as Phil Sheldon. The podcast will launch this fall, and it will be exclusively available on Stitcher Premium until 2020.

The Folio Society’s next book brings Marvel’s Golden Age back to life

By | News | No Comments

The Folio Society’s next book brings Marvel’s Golden Age back to life originally published on The Verge

Image: Folio Society
The Folio Society has released a number of high-end editions of classic science fiction and fantasy novels over the years, including books by Ursula K. Le Guin, Robert Heinlein, Isaac Asimov, Philip K. Dick, George R.R. Martin, and more. Now, it’s taking on a new medium: comic books. This September, it’ll release Marvel: The Golden Age, 1939-1949, a compilation of the company’s classic comics.

The book is designed to celebrate the 80th anniversary of Marvel Comics #1. It’s now available for preorder, and it will retail for $225 when it’s released on September 25th. It’ll also come with a 64-page replica of that original comic.

The Folio Society’s books are aimed toward collectors and serious readers: its offerings aren’t paperbacks or hardcovers that you’ll find on the shelves of your local bookstore. They’re volumes that often come with special slipcovers and contain introductions from the authors or their contemporaries, as well as original artwork, all on high-quality paper. I’ve long been impressed with its offerings (and have bought a bunch over the years) because of the effort that’s put in and the art that the publisher includes with each one.

Folio Society editorial director Tom Walker tells The Verge that moving into comics is a “really thrilling new enterprise for us,” but he notes that “it doesn’t feel like virgin territory. Marvel Comics have been one of the great literary influences of the past century, and as I started to explore that world, I found the comic form had inspired so many of my own favorite writers, from Neil Gaiman to Margaret Atwood.”

Walker explains that the Folio Society wanted to anthologize the major Marvel eras, and its “aim was to allow readers to get closer to the Golden Age of Marvel Comics than they’ve ever been.” To assemble the book, the society partnered with Roy Thomas, the writer and editor who succeeded Stan Lee at Marvel Comics. He helped with the selection process for the book, which includes characters like Captain America, The Human Torch, and Namor, The Sub-Mariner.

Walker says that he’s most proud of the reproduction of Marvel Comics #1, which was based on an original copy from 1939 that it was able to track down. “We spent hours perfecting this, choosing the right grade of paper and finding ways to recreate the experience kids would have had picking this up from the newsstand for the first time.” The other comics included in the main volume are reproduced from “first-edition comics both from the Marvel archives and from major private collectors, in order to find the most pristine copies to offset,” Walker says.

The Folio Society says that the volume is the first in an ongoing partnership with Marvel Comics, and the next volume is set to come out sometime in the first half of 2020.

This Tesla Mod Turns a Model S Into a Mobile ‘Surveillance Station’

By | News | No Comments

This Tesla Mod Turns a Model S Into a Mobile ‘Surveillance Station’ originally published on Wired

Automatic license plate reader cameras are controversial enough when law enforcement deploys them, given that they can create a panopticon of transit throughout a city. Now, one hacker has found a way to put a sample of that power—for safety, he says, and for surveillance—into the hands of anyone with a Tesla and a few hundred dollars to spare.

At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras—the same dash and rearview cameras providing a 360-degree view used for Tesla’s Autopilot and Sentry features—into a system that spots, tracks, and stores license plates and faces over time. The tool uses open-source image recognition software to automatically put an alert on the Tesla’s display and the user’s phone if it repeatedly sees the same license plate. When the car is parked, it can track nearby faces to see which ones repeatedly appear. Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver’s nearby home.

Despite the obvious privacy concerns, Kain pitches his invention primarily as a helpful tool for Tesla owners who rate above average on the paranoia spectrum. “It turns your Tesla into an AI-powered surveillance station,” Kain says. “It’s meant to be another set of eyes, to help out and tell you it’s seen a license plate following you over multiple days, or even multiple turns of a single trip.”

Kain, a consultant for the security firm Tevora, also isn’t oblivious to his creation’s creep factor. He says the Surveillance Detection Scout also demonstrates of the kind of surveillance the data that self-driving cars already collect could enable. If a large group of Surveillance Detection Scout users were to combine their license plate recognition data—a feature that Kain has purposefully left out of the software—the system could create a crowdsourced version of the same powerful surveillance provided by commercial automatic license plate reader systems, whose use by police has been banned in some states. “I’d be able to see everyone across the US, thousands of cars on this Surveillance Scout network,” Kain says. “So I think there’s a real ethical issue there.”

A Panopticon in Your Console

Roger Kisby/Redux

The Surveillance Detection Scout prototype, whose software Kain has made available on Github, works by capturing and analyzing the video from a Tesla’s three cameras—two on its sideview-mirrors and one forward-facing—on a $700 Nvidia Jetson Xavier mini-computer. It uses an open-source neural network framework called Darknet as its machine learning engine, along with ALPR Unconstrained for recognizing license plates and Facenet for tracking faces. Both of those programs are available for free on Github. The system also uses Google’s Open Images Dataset as training data.

“I’m not doing any cutting-edge AI,” Kain says. “I’m just applying what’s already freely available, off the shelf.” The software even identifies the make and model of cars it sees based on license plate lookups on the service (Kain says it’s far harder to link license plates to actual names, and he doesn’t intend to include that data in his tool.)

Kain says he came up with the idea for his follower detection mechanism last year after he attended a talk on counter-surveillance at last year’s Defcon. He’d been thinking since he first bought his Tesla Model 3 about the gigabytes of video it collected and deleted, overwriting its video logs every hour. “I had a little bit of FOMO, thinking about how all this video is gone if I don’t do something with it,” Kain says.

“It’s essentially a surveillance camera on wheels, not providing anyone notice of that fact, mapping pieces of people’s paths through the cities they live in.”

Joesph Lorenzo Hall, CDT

After learning about a tool available on Github called Tesla USB that allows Tesla owners to store their video to an external drive indefinitely, Kain came up with the idea of combining that storage capability with image recognition to give his car features similar to the Nest camera in his home, which includes so-called “familiar face detection.” Beyond tracking license plates, the face detection element of his tool also functions as what he describes as an upgrade to Tesla’s existing Sentry security system, which starts recording when someone touches your car, and sets off an alarm if they attempt to break into it.

By stitching together a patchwork of public code, Kain’s 4-inch-cubed box can recognize license plate numbers and faces from the car’s video stream and alert the car’s owner if it spots repeated plates or faces in that data. It uses the software integration tool If This Then That to send alerts. By default, the system will notify the driver if it sees the same car following for every minute over a five-minute span, though Kain says the settings can be adjusted to the driver’s preference. The notifications have about a one-minute delay, Kain says, because of the time a Tesla’s cameras take to record a video file. And for now, users have to set up their own web server for it to work, though Kain says he may offer simpler web-based logins on his own server in the future.

“A Surveillance Camera on Wheels”

Kain proposes some scenarios where his system could do some good: confidential sources meeting with a journalist, or anyone else who has reason to believe they’re being followed or targeted by snoops. “If it helps keeps someone safe, that’s great,” Kain says. “If it lets me know that someone’s sneaking around my car, that’s also great.”

The Surveillance Detection Scout, however, faces not just ethical issues but also legal ones, says Joseph Lorenzo Hall, the chief technologist with the Center for Democracy and Technology. State laws against automatic license place readers, even for private use, would likely make it illegal in Alaska, Georgia, Maine and New Hampshire. Its facial recognition features make it illegal in Illinois.

“Is it a slippery slope? Potentially.”

Surveillance Detection Scout Creator Truman Kain

Laws aside, Hall argues that Kain’s invention could have unintended consequences and serious privacy implications. Confrontations could result from false positives, he says, if a driver mistakenly believes they’re being followed by someone who happens to have the same commute. “I’m worried about the subjective judgment a human would make from this technological system,” says Hall. “That could result in people pulling guns on each other when there’s really nothing to worry about.”

Hall also worries more broadly worry about the widespread form of AI-enabled surveillance that the system represents, particularly if its users tweaked Kain’s code to share their data with each other. “You’re going to have very rich records of people’s movements,” Hall says. “It’s essentially a surveillance camera on wheels, not providing anyone notice of that fact, mapping pieces of people’s paths through the cities they live in.”

Even more troubling, Hall says, would be the potential for law enforcement to gain access to the data, either through some sort of incentive to drivers—just as local police in some cities have subsidized Amazon’s Ring home surveillance cameras as a way to access their data—or by compelling users to share it with subpoenas.

Kain says he’s aware of those concerns, and built his system in part to demonstrate the possibilities of self-driving cars’ video surveillance before a shady commercial startup could do it first—one that might aggregate the data between users rather than keep it separated. A new era of ubiquitous self-driving car video data collection is coming, he says, and that much of it may end up on centralized repositories.

But he also admits that someone could easily tweak his code to enable data sharing between users, taking a big step toward the very future he warns about. “It would be trivial for someone to build that in if they have any development experience,” Kain says. “Is it a slippery slope? Potentially.”

More Great WIRED Stories

A Teen Hacker Found Bugs in School Software That Affects Millions

By | News | No Comments

A Teen Hacker Found Bugs in School Software That Affects Millions originally published on Wired

A few short decades ago, the archetypal hacker was a bored teenager breaking into his school’s network to change grades, à la Ferris Bueller. So today, when cybersecurity has become the domain of state-sponsored spy agencies and multibillion dollar companies, it may be refreshing to know that the high school hacker lives on—as do the glaring vulnerabilities in school software.

At the Defcon hacker conference in Las Vegas today, 18-year-old Bill Demirkapi presented his findings from three years of after-school hacking that began when he was a high school freshman. Demirkapi would poke around the web interfaces of two common pieces of software, sold by tech firms Blackboard and Follett and used by his own school. In both cases, he found serious bugs that would allow a hacker to gain deep access to student data. In Blackboard’s case in particular, Demirkapi found 5 million vulnerable records for students and teachers, including student grades, immunization records, cafeteria balance, schedules, cryptographically hashed passwords, and photos.

Demirkapi points out that if he, then a bored 16-year-old motivated only by his own curiosity, could so easily access these corporate databases, his story doesn’t reflect well on the broader security of the companies holding millions of students’ personal information.”The access I had was pretty much anything the school had,” Demirkapi says. “The state of cybersecurity in education software is really bad, and not enough people are paying attention to it.”

5,000 Schools, 5 Million Records

Demirkapi found a series of common web bugs in Blackboard’s Community Engagement software and Follett’s Student Information System, including so-called SQL-injection and cross-site-scripting vulnerabilities. For Blackboard, those bugs ultimately allowed access to a database that contained 24 categories of data, everything from phone numbers to discipline records, bus routes, and attendance records—though not every school seemed to store data in every field. Only 34,000 of the records included immunization history, for instance. More than 5,000 schools appeared to be included in the data, with roughly 5 million individual records in total, including students, teachers, and other staff.

In Follett’s software, Demirkapi says he found bugs that would have given a hacker access to student data like grade point average, special education status, number of suspensions, and passwords. Unlike in Blackboard’s software, those passwords were stored unencrypted, in fully readable form. By the time Demirkapi had gained that level of access to Follett’s software, however, he was two years into his hacking escapades and slightly better informed about legal dangers like the Computer Fraud and Abuse Act, which forbids gaining unauthorized access to a company’s network. So while he says he checked the data about himself and a friend who gave him permission, to verify that the bugs led to access, he didn’t explore further or enumerate the total number of vulnerable records, as he had with Blackboard. “I was a little stupider in the 10th grade,” he says of his earlier explorations.

When WIRED reached out to Blackboard and Follett, Follett’s senior vice president of technology George Gatsis expressed his thanks to Demirkapi for helping the company identify its bugs, which he says were fixed by July of 2018. “We were happy to work with Bill and grateful he was wiling to work through those things with us,” Gatsis says. But Gatsis also claimed that even with the security flaws he exploited, Demirkapi could never have accessed Follett data other than his own. Demirkapi counters that he “100 percent had access to other people’s data,” and says he even showed Follett’s engineers the password of the friend who had let him access his information.

Blackboard also thanked Demirkapi, but argued that based on its analysis no one else had accessed those records through the vulnerability he exposed. “We commend Bill Demirkapi for bringing these vulnerabilities to our attention and for striving to be part of a solution to improve our products’ security and protect our client’s personal information,” reads a statement from a Blackboard spokesperson. “We have addressed several issues that were brought to our attention by Mr. Demirkapi and have no indication that these vulnerabilities were exploited or that any clients’ personal information was accessed by Mr. Demirkapi or any other unauthorized party.

Advanced Persistent Teen

Demirkapi says he started digging up the two companies’ security flaws out of a combination of teenage boredom and an ambition to learn more about cybersecurity and web-based hacking. “I have a passion to, I guess, break things,” Demirkapi says. “I really wanted to learn about web application testing, so I thought, well, how cool would it be to test on my own school’s grading system?”

Demirkapi notes that, unlike Ferris Bueller, he never actually tried to change students’ grades. which would have required a deeper level of access to Blackboard’s network. He did, in a separate incident, exploit flaws in a college admission software to change his admission status to “accepted” in the database of Worcester Polytechnic Institute, a college he had applied to. A spokesperson for the college said that change alone wouldn’t have been enough to admit him.

“These companies say they’re secure, that they do audits, but don’t take the necessary steps to protect themselves from threats.”

Teen Hacker Bill Demirkapi

After Demirkapi began to find bugs in Blackboard and Follett’s software, he says he struggled to get the companies to take him seriously. In the winter of 2016, he initially tried to contact Follett by asking his school’s director of technology to contact the company on his behalf. But as Demirkapi remembers it, she told him the company had dismissed his concerns. He says he later sent messages himself to Blackboard and Follett via email and Follette’s contact page. Blackboard initially thanked him for his note and said it would investigate, but didn’t follow up. Follett ignored him altogether.

So a few months later, Demirkapi took a more typical approach for a juvenile hacker. Among Follett’s bugs, he found that could add a “group resource” to his school’s account, a file that would be available to all users and, more importantly for Demirkapi, that would trigger a push notification with the resource’s name to everyone in his school district who had Follett’s Aspen app installed. Demirkapi sent a message reading “Hello from Bill Demirkapi :)” out to thousands of parents, teachers, and students.

That stunt got him suspended from school for two days. “It was really immature of me to do that, but I didn’t know any other way to get in touch with a company that wasn’t open to contact,” Demirkapi says.

If It Weren’t for That Meddling Kid

Over the course 2018, after Demirkapi enlisted the help of his school district’s director of technology and Carnegie Mellon’s CERT Coordination Center, he says the companies finally began to listen. With Blackboard, whose sensitive data he had accessed in the process of testing the software’s security, he worked out a contract that stated the company wouldn’t sue him, and in return he’d keep the company’s vulnerabilities secret until they were fixed—after refusing an initial draft in which Blackboard tried to prevent him from telling anyone even after the patches went through.

Even now that both companies have fixed the software flaws Demirkapi found, he says that his work should worry anyone who cares about the security of student data. “It doesn’t seem like there’s any interest in this from the security field, because the incentives just aren’t very high,” he says, pointing out that neither Blackboard nor Follett has a bug bounty program for rewarding security researchers who find and their vulnerabilities. “These companies say they’re secure, that they do audits, but don’t take the necessary steps to protect themselves from threats.”

Some months after his Blackboard vulnerability disclosures, Demirkapi noticed that Blackboard had posted a job opening for a new chief information security officer. Demirkapi jokes that he briefly considered applying. Instead, he’s going to try college.

More Great WIRED Stories