Mary Branscombe
@marypcbuk.bsky.social
Omnivorous technology journalist. girl with the USB earring; author of the Cassidy At Large technomysteries. Like my writing? Buy me a ☕ https://ko-fi.com/marybranscombe. she/her. Warning: contains opinions. signal marypcbuk.44
Pinned
Mary Writes
Conveniently collecting together the different articles I write in various places
marybranscombe.leaflet.pub
at the moment I'm writing for CIO, The Stack, the New Stack and AskWoody (and this year's State of the Edge report for the Linux Foundation). I'm very slowly linking my threads about my articles on a Leaflet but it's not at all complete!
Reposted by Mary Branscombe
Very smart.
Let's start by shutting down Visitor Relationship Managers (VRMs) e.g. Admiral that block access to people using privacy shields, falsely accusing them of blocking ads. Let's put pressure on publishers (I say this as a former publisher) to stay with an ad model and not a data model.
Let's start by shutting down Visitor Relationship Managers (VRMs) e.g. Admiral that block access to people using privacy shields, falsely accusing them of blocking ads. Let's put pressure on publishers (I say this as a former publisher) to stay with an ad model and not a data model.
November 25, 2025 at 4:33 PM
Very smart.
Let's start by shutting down Visitor Relationship Managers (VRMs) e.g. Admiral that block access to people using privacy shields, falsely accusing them of blocking ads. Let's put pressure on publishers (I say this as a former publisher) to stay with an ad model and not a data model.
Let's start by shutting down Visitor Relationship Managers (VRMs) e.g. Admiral that block access to people using privacy shields, falsely accusing them of blocking ads. Let's put pressure on publishers (I say this as a former publisher) to stay with an ad model and not a data model.
Reposted by Mary Branscombe
The threats to digital civil liberties aren’t secret rooms in AT&T buildings anymore. They’re AI systems, data brokers, and privatized surveillance sold as products.
The EFF has spent 35 years fighting for rights and freedoms. Here’s my take on how it should evolve to fight back.
The EFF has spent 35 years fighting for rights and freedoms. Here’s my take on how it should evolve to fight back.
The EFF we need now
Why the next era of digital civil liberties requires a tighter mission, a bolder strategy, and a clearer view of how power works.
werd.io
November 25, 2025 at 3:52 PM
The threats to digital civil liberties aren’t secret rooms in AT&T buildings anymore. They’re AI systems, data brokers, and privatized surveillance sold as products.
The EFF has spent 35 years fighting for rights and freedoms. Here’s my take on how it should evolve to fight back.
The EFF has spent 35 years fighting for rights and freedoms. Here’s my take on how it should evolve to fight back.
Reposted by Mary Branscombe
Today we celebrated 100 million free school meals provided to children in London’s state primary schools 🎉
November 25, 2025 at 4:18 PM
Today we celebrated 100 million free school meals provided to children in London’s state primary schools 🎉
Reposted by Mary Branscombe
Need something to watch this week? In this keynote I discuss:
1. The thinking behind passkeys; _why_ my team at Apple worked with others to evolve FIDO authentication
2. Using passkeys to replace passwords + traditional 2FA
3. Passkey data export/interoperability (putting "vendor lock-in" to rest)
1. The thinking behind passkeys; _why_ my team at Apple worked with others to evolve FIDO authentication
2. Using passkeys to replace passwords + traditional 2FA
3. Passkey data export/interoperability (putting "vendor lock-in" to rest)
📹 [Video] Watch this #Authenticate2025 Keynote “Get the Most out of Passkeys” with @rmondello.com, Apple
→ youtu.be/otObbUSxcqs
#passkeys
→ youtu.be/otObbUSxcqs
#passkeys
Authenticate 2025 Keynote | Ricky Mondello, Apple | Get the Most Out of Passkeys
YouTube video by FIDO Alliance
youtu.be
November 25, 2025 at 3:45 PM
Need something to watch this week? In this keynote I discuss:
1. The thinking behind passkeys; _why_ my team at Apple worked with others to evolve FIDO authentication
2. Using passkeys to replace passwords + traditional 2FA
3. Passkey data export/interoperability (putting "vendor lock-in" to rest)
1. The thinking behind passkeys; _why_ my team at Apple worked with others to evolve FIDO authentication
2. Using passkeys to replace passwords + traditional 2FA
3. Passkey data export/interoperability (putting "vendor lock-in" to rest)
Reposted by Mary Branscombe
This is a scary trend. If crypto prices don’t rebound, DATCOs could be forced to sell their crypto, dragging the market down even further. Galaxy Digital researchers have compared the model, and its potential unwind, to the 1920s investment trust boom and bust.
November 25, 2025 at 4:21 PM
This is a scary trend. If crypto prices don’t rebound, DATCOs could be forced to sell their crypto, dragging the market down even further. Galaxy Digital researchers have compared the model, and its potential unwind, to the 1920s investment trust boom and bust.
Reposted by Mary Branscombe
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
🚨 Meet “HashJack” – a new AI browser assistant exploit discovered by Cato CTRL.
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
Hidden prompts after the “#” in URLs can hijack top industry trusted AI browser assistants to conduct malicious activities (see use cases below👇)
Read more: www.catonetworks.com/blog/cato-ct...
November 25, 2025 at 4:21 PM
We're proud to highlight the outstanding work of Cato and the partnership with Microsoft that made this research possible. Together, we've strengthened security for everyone, showing how collaboration leads to real-world impact.
evergreen identity skeet!
i now understand why people pay so much to make oauth someone elses problem
November 25, 2025 at 4:35 PM
evergreen identity skeet!
alt text a network diagram of retweets with known Russian and Iranian accounts as two bright and active centres over two larger blue networks with roughly globular shapes
Here it is, the most damning academic figure in the history of all figures: Russian IRA accounts deeply embedded in both sides of the 2016 Twitter BLM "discussion" (by @katestarbird.bsky.social & team, 2018).
THIS is what our information ecosystem supports. Twitter just made it 1% more visible.
THIS is what our information ecosystem supports. Twitter just made it 1% more visible.
November 25, 2025 at 4:33 PM
alt text a network diagram of retweets with known Russian and Iranian accounts as two bright and active centres over two larger blue networks with roughly globular shapes
Reposted by Mary Branscombe
turning a big dial taht says "selling out ukraine to the russians" on it and constantly looking back at the audience for approval like a contestant on the price is right
what is going on
November 23, 2025 at 1:32 AM
turning a big dial taht says "selling out ukraine to the russians" on it and constantly looking back at the audience for approval like a contestant on the price is right
Reposted by Mary Branscombe
Hey y'all, we just released a new SDK for working with Lexicons in TypeScript! 🥳
It focuses on improving DX and some of the pain points of the current tooling (see my previous post below).
It's currently in beta and we'd love to get your feedback 🙇♂️
www.npmjs.com/package/@atp...
It focuses on improving DX and some of the pain points of the current tooling (see my previous post below).
It's currently in beta and we'd love to get your feedback 🙇♂️
www.npmjs.com/package/@atp...
November 24, 2025 at 10:35 PM
Hey y'all, we just released a new SDK for working with Lexicons in TypeScript! 🥳
It focuses on improving DX and some of the pain points of the current tooling (see my previous post below).
It's currently in beta and we'd love to get your feedback 🙇♂️
www.npmjs.com/package/@atp...
It focuses on improving DX and some of the pain points of the current tooling (see my previous post below).
It's currently in beta and we'd love to get your feedback 🙇♂️
www.npmjs.com/package/@atp...
Reposted by Mary Branscombe
whether it's a bit or a mental illness, be kind and block for sanity (theirs or yours)
This person has had a BlueSky account for literally 6 hours and has spent that time replying this way to posts about literally every subject including people mad about football and gay thirst trap photos I honestly think its just Nathan Fielder doing a social experiment
November 25, 2025 at 12:04 AM
whether it's a bit or a mental illness, be kind and block for sanity (theirs or yours)
modernization; like when you take all the distinctive features off a San Francisco painted lady house and paint it sludge grey
DOGE isn't over so much as dispersed... www.nextgov.com/digital-gove... "But the longstanding White House technology team that President Donald Trump used to house DOGE continues to work on technology modernization projects throughout federal agencies."
DOGE no longer has ‘centralized leadership’ under White House tech team, personnel head says
The team that was altered to house DOGE — formerly the U.S. Digital Service — is also still doing its own technology work across agencies.
www.nextgov.com
November 24, 2025 at 11:57 PM
modernization; like when you take all the distinctive features off a San Francisco painted lady house and paint it sludge grey
Reposted by Mary Branscombe
If your immediate response is to suggest data pipes are fatter, video is to blame, images must be the highest resolution possible, font files are doing this, etc., then you might not understand who you’re actually serving and why this is a concern.
bsky.app/profile/did:...
bsky.app/profile/did:...
How broken is today's frontend culture?
A friend points out that the median *mobile* page is now larger than a copy of DOOM (2.6 MiB vs. 2.48 MiB), the 75th percentile page is more than 2 DOOMs, and the P90 mobile page is 4.5x the size of DOOM:
httparchive.org/reports/page...
A friend points out that the median *mobile* page is now larger than a copy of DOOM (2.6 MiB vs. 2.48 MiB), the 75th percentile page is more than 2 DOOMs, and the P90 mobile page is 4.5x the size of DOOM:
httparchive.org/reports/page...
HTTP Archive: Page Weight
This report tracks the size and quantity of many popular web page resources. Sizes represent the number of bytes sent over the network, which may be compressed.
httparchive.org
November 24, 2025 at 12:11 AM
If your immediate response is to suggest data pipes are fatter, video is to blame, images must be the highest resolution possible, font files are doing this, etc., then you might not understand who you’re actually serving and why this is a concern.
bsky.app/profile/did:...
bsky.app/profile/did:...
Reposted by Mary Branscombe
If you haven’t had the distinct pleasure of hearing @infrequently.org, do yourself a favor and check out the latest episode of @redmonk.com's MonkCast. We discuss web standards, JavaScript performance, PWAs, and Apple (iOS) & Google (Android). redmonk.com/blog/2025/11... youtube.com/shorts/5N_fm...
Alex Russell on web standards #developer #webdevelopment
YouTube video by RedMonk
youtube.com
November 24, 2025 at 11:55 AM
If you haven’t had the distinct pleasure of hearing @infrequently.org, do yourself a favor and check out the latest episode of @redmonk.com's MonkCast. We discuss web standards, JavaScript performance, PWAs, and Apple (iOS) & Google (Android). redmonk.com/blog/2025/11... youtube.com/shorts/5N_fm...
Reposted by Mary Branscombe
Jesus fuck. Bungie was even *a subsidiary of Sony* when I set the precedent establishing that companies have a legal obligation to protect their employees from online harassment. It's impossible for Sony Legal not to know about this.
November 24, 2025 at 10:46 PM
Jesus fuck. Bungie was even *a subsidiary of Sony* when I set the precedent establishing that companies have a legal obligation to protect their employees from online harassment. It's impossible for Sony Legal not to know about this.
strong *my* string theory is internally consistent energy
Nvidia refuted accounting questions in a memo to analysts, saying "Unlike Enron, NVIDIA does not use Special Purpose Entities to hide debt and inflate revenue" (Tae Kim/Barron's Online)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
November 24, 2025 at 11:48 PM
strong *my* string theory is internally consistent energy
Reposted by Mary Branscombe
Having been deep in this the past months, I can say with 100% certainty that a clever malicious user could compromise *every single* current CI publish I have seen in the wild.
It is always a spectrum, but there is a reason we require MFA for things that are important.
It is always a spectrum, but there is a reason we require MFA for things that are important.
November 24, 2025 at 11:41 PM
Having been deep in this the past months, I can say with 100% certainty that a clever malicious user could compromise *every single* current CI publish I have seen in the wild.
It is always a spectrum, but there is a reason we require MFA for things that are important.
It is always a spectrum, but there is a reason we require MFA for things that are important.
😬
The token is largely a footnote true. The bigger issue is CI systems with publishing rights without MFA checks.
However I believe in TinyColor's case, in the previous attack, the compromised token from the CI system had broad privileges and was used to publish packages outside of the CI system.
However I believe in TinyColor's case, in the previous attack, the compromised token from the CI system had broad privileges and was used to publish packages outside of the CI system.
November 24, 2025 at 11:46 PM
😬
Reposted by Mary Branscombe
Still a good idea to enable passkey + MFA, just that it doesn't fundamentally fix the issue of publishing to NPM via GH actions is the current vector of abuse 😅
November 24, 2025 at 11:25 PM
Still a good idea to enable passkey + MFA, just that it doesn't fundamentally fix the issue of publishing to NPM via GH actions is the current vector of abuse 😅
Reposted by Mary Branscombe
If the Dems had any fuckin’ brains, saying “the part of Epstein is trying to make laws that let them look in your kid’s pants” would be a pretty easy way to crush the Republicans
it’s also a thing where people can be convinced. the right got some people worked up about trans women in sports but possible to get people a lot more worked up about individual/parental rights, genital inspectors, etc
I think Democrats should double down on trans rights now. It's obvious that most voters don't care about it so you might as well stick with your principles and goad Republicans into focusing on it at the expense of everything else so they're the ones who look like freaks.
November 24, 2025 at 11:27 PM
If the Dems had any fuckin’ brains, saying “the part of Epstein is trying to make laws that let them look in your kid’s pants” would be a pretty easy way to crush the Republicans
is the settlement that techbros are just allowed to do what they want now?
The US DOJ settles its case against RealPage, which was accused of building algorithms that allowed landlords to illegally collude to drive up rental prices (Thomas Barrabi/New York Post)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
November 24, 2025 at 11:40 PM
is the settlement that techbros are just allowed to do what they want now?
Reposted by Mary Branscombe
Tesla claimed the Netherlands regulator committed to approving its FSD Supervised for use there. The regulator said nope, and told Tesla fans stop emailing to try to influence the agency’s decision which will be based on safety testing not vibes or pressure… www.cnbc.com/2025/11/24/t...
Tesla fans told by Dutch safety regulator to stop pressuring agency on 'FSD Supervised'
Dutch automotive safety regulator RDW said that Tesla is working to gain approval to make its "FSD Supervised" systems available in the Netherlands.
www.cnbc.com
November 24, 2025 at 8:24 PM
Tesla claimed the Netherlands regulator committed to approving its FSD Supervised for use there. The regulator said nope, and told Tesla fans stop emailing to try to influence the agency’s decision which will be based on safety testing not vibes or pressure… www.cnbc.com/2025/11/24/t...
one of the UK homes and gardens magazines has an article this month about 'you can grow saffron at home' and you get three stamens from each flower
In Macedonia, it takes the filaments of 150,000 flowers to make a kilo of the world’s most precious, unadulterated spice on.ft.com/44m7G6A
Hocus-crocus: Greece’s saffron specialists work their magic
In Macedonia, it takes the filaments of 150,000 flowers to make a kilo of the world’s most precious, unadulterated spice
on.ft.com
November 24, 2025 at 8:54 PM
one of the UK homes and gardens magazines has an article this month about 'you can grow saffron at home' and you get three stamens from each flower
Reposted by Mary Branscombe
How broken is today's frontend culture?
A friend points out that the median *mobile* page is now larger than a copy of DOOM (2.6 MiB vs. 2.48 MiB), the 75th percentile page is more than 2 DOOMs, and the P90 mobile page is 4.5x the size of DOOM:
httparchive.org/reports/page...
A friend points out that the median *mobile* page is now larger than a copy of DOOM (2.6 MiB vs. 2.48 MiB), the 75th percentile page is more than 2 DOOMs, and the P90 mobile page is 4.5x the size of DOOM:
httparchive.org/reports/page...
HTTP Archive: Page Weight
This report tracks the size and quantity of many popular web page resources. Sizes represent the number of bytes sent over the network, which may be compressed.
httparchive.org
November 23, 2025 at 10:43 PM
How broken is today's frontend culture?
A friend points out that the median *mobile* page is now larger than a copy of DOOM (2.6 MiB vs. 2.48 MiB), the 75th percentile page is more than 2 DOOMs, and the P90 mobile page is 4.5x the size of DOOM:
httparchive.org/reports/page...
A friend points out that the median *mobile* page is now larger than a copy of DOOM (2.6 MiB vs. 2.48 MiB), the 75th percentile page is more than 2 DOOMs, and the P90 mobile page is 4.5x the size of DOOM:
httparchive.org/reports/page...