Jun 27 2024
WordPress Plugins Compromised At The Source via @sejournal, @martinibuster

WordPress.org and Wordfence have published warnings about hackers adding malicious code to plugins at the source, leading to widespread infections via updates.

Five Compromised Plugins… To Date

Typically what happens is that a plugin contains a weakness (a vulnerability) that allows an attacker to compromise individual sites that use that version of a plugin. But these compromises are different because the plugins themselves don’t contain a vulnerability. The attackers are directly injecting malicious code at directly at the source of the plugin, forcing an update which then spreads to all sites that use the plugin.

Wordfence first noticed one plugin that contained malicious code. When they uploaded the details to their database they then discovered four other plugins that were compromised with a similar kind of malicious code. Wordfence immediately notified WordPress about their findings.

Wordfence shared details of the affected plugins:

“Social Warfare 4.4.6.4 – 4.4.7.1
Patched Version: 4.4.7.3

Blaze Widget 2.2.5 – 2.5.2
Patched Version: None

Wrapper Link Element 1.0.2 – 1.0.3
Patched Version: It appears that someone removed the malicious code, however, the latest version is tagged as 1.0.0 which is lower than the infected versions. This means it may be difficult to update to the latest version, so we recommend removing the plugin until a properly tagged version is released.

Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5
Patched Version: None

Simply Show Hooks 1.2.1
Patched Version None”

WordPress shut down all five plugins directly at the official plugin repository and published a notification at each of the plugin pages that they are closed and unavailable.

Screenshot Of A Delisted WordPress Plugin

The infected plugins generate rogue admin accounts that phones home to a server. The attacked websites are altered with SEO spam links that are added to the footer. Sophisticated malware can be hard to catch because the hackers actively try to hide their code so that, for example, the code looks like a string of numbers, the malicious code is obfuscated. Wordfence noted that this specific malware was not sophisticated and was easy to identify and track.

Wordfence made an observation about this curious quality of the malware:

“The injected malicious code is not very sophisticated or heavily obfuscated and contains comments throughout making it easy to follow. The earliest injection appears to date back to June 21st, 2024, and the threat actor was still actively making updates to plugins as recently as 5 hours ago.”

WordPress Issues Advisory On Compromised Plugins

The WordPress advisory states that attackers are identifying plugin developers that have “committer access” (meaning that they can commit code to the plugin) and then in the next step they used credentials from other data breaches that match with those developers. The hackers use those credentials to directly access the plugin at the code level and inject their malicious code.

WordPress explained:

“On June 23 and 24, 2024, five WordPress.org user accounts were compromised by an attacker trying username and password combinations that had been previously compromised in data breaches on other websites. The attacker used access to these 5 accounts to issue malicious updates to 5 plugins those users had committer access to.

…The affected plugins have had security updates issued by the Plugins Team to protect user security.”

The fault of these compromises apparently lies with the plugin developer security practices. WordPress’ official announcement reminded plugin developers of best practices to use in order to prevent these kinds of compromises from happening.

How To Know If Your Site Is Compromised?

At this point in time there are only five plugins known to be compromised with this specific malicious code. Wordfence said that the hackers create admins with the user names of “Options” or “PluginAuth” so one way to double check if a site is compromised might be to look for any new admin accounts, especially ones with those user names.

Wordfence recommended that affected sites that use any of the five plugins to delete rogue administrator level user accounts and to run a malware scan with the Wordfence plugin and remove the malicious code.

Someone in the comments asked if they should be worried even if they don’t use any of the five plugins”

“Do you think we need to be worried about other plug-in updates? Or was this limited to these 5 plug-ins.”

Chloe Chamberland, the Threat Intelligence Lead at Wordfence responded:

“Hi Elizabeth, at this point it appears to be isolated to just those 5 plugins so I wouldn’t worry too much about other plugin updates. However, out of extra caution, I would recommend reviewing the change-sets of any plugin updates prior to updating them on any sites you run to make sure no malicious code is present.”

Two other commenters noted that they had at least one of the rogue admin accounts on sites that didn’t use any of the five known affected plugins. At this time it’s not known if any other plugins are affected.

Read Wordfence’s advisory and explanation of what is going on:

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

Read the official WordPress.org announcement:

Keeping Your Plugin Committer Accounts Secure

Featured Image by Shutterstock/Algonga

Ecommerce MGMT 0 Comments
Jun 27 2024
Which Metrics Matter In PPC? via @sejournal, @navahf

Pay-per-click (PPC) advertising has evolved quite a bit since it first began in the early days of the internet.

Metrics like cost per click (CPC) remain an important part of the conversation, while others (like average position) have retired.

Understanding the history of each major metric, as well as how they relate to each other, is critical to determining which metrics to focus on.

This guide will attempt to be as agnostic as possible on account structure strategy (though a certain amount of subjectivity is unavoidable).

Here’s what we’ll be covering:

  • The major metrics in PPC: In this case, we define PPC as any channel where you pay per click. This means there will be some video/social metrics.
  • Relationships between metrics.
  • Which metrics matter today and likely will matter in the future?

Major Metrics In PPC

Given that Google is a dominant player, we’ll focus mostly on those metrics. However, we’ll call out additional network metrics where needed.

Additionally, we’re not separating YouTube from Google Ads. We will only cover “go do” metrics vs. informational ones (i.e., the setup metrics).

By the way, this section is a bit beginner-friendly. So, if you’re already familiar with PPC metrics, skip ahead to the next section.

Major PPC Metrics
Impressions The users could see the ad. (Note: It’s possible to have more than one impression for the same user if the ad appears multiple times on the page.)
View The user sees the ad. (This is a video-oriented metric.)
Click The user clicks the ad.
Interaction Any interaction the user completes with the ad. (It can include clicks, but is not limited to that.)
Click-through rate (CTR) The number of clicks received divided by impressions.
Interaction rate (IR) The number of interactions received divided by impressions.
Impression share Of all available impressions for a given target, how many are you receiving?
Spend The amount spent in a given period.
Average cost per click (CPC) The average amount spent in each auction per click.
Average cost per mille (CPM) The average amount spent per thousand impressions.
Top of page impression share Of all available impressions, how many of them are serving in the top-of-page ad model?
Absolute top of page impression share
 Of all available impressions, how many are serving in the No. 1 position in the top-of-page model?
Any impression share lost due to rank
 The percentage of impressions you lose due to bidding or structural issues.
Any impression share lost due to budget The percentage of impressions you lose due to budget issues.
Frequency The number of times the same person sees the same ad.
Reach How many people did the ad actually reach?
Overlapping share The amount of times you and a competitor serve for the same target.
Engagement A non-click interaction. (An example is watching a video for at least 10 seconds.)
Conversions A profitable action that you’ve designated as useful.
All conversions
 A mix of conversion actions you’ve told Google to factor into bidding/reporting and ones you’ve told it to observe only. (Note: There is an all-conversion variant for all other conversion metrics, but in the interest of efficiency, we’ll just spell out the counted conversion metrics.)
Conversion value The monetary value assigned to a given conversion action.
Conversion rate The number of conversions divided by the interactions.
Cost per acquisition (CPA) The spend of a given entity divided by the count of conversions. (Note: An entity can be anything from a search term all the way to the account level.)
Return on ad spend (ROAS) The total conversion value divided by the total amount of spend generated by the entity.
Quality Score A three-pronged valuation system looking at expected CTR, ad relevance, and landing page quality.
Ad Strength A non-weighted critique of ad assets in responsive search, display, and Performance Max campaigns.
Optimization score A score provided by Google to review your campaign. In order to maintain Google Partner status, you need to achieve an average of 70%.

Relationship Between Metrics

There’s a lot of interconnectivity between PPC metrics, and it can be a bit daunting to know which relationships to build strategy around.

While there’s a case to be made for every metric playing a role in your account choices, these are the top relationships to focus on.

CTR And Conversion Rate

The most critical relationship to focus on is CTR vs. conversion rate.

This is because these two metrics help hold your ad account and website accountable for their respective roles in winning customers.

If your CTR is really good and your conversion rate is not, there are a few potential paths you can explore:

  • Is the landing page letting you down? This could be a design issue or a technical one (conversion tracking isn’t configured correctly).
  • The ads are engaging, but they target people who aren’t quite ready to purchase. Adding more prequalifying language into the ads can solve this.
  • Targeting is outright incorrect, and the clicks are accidental. This can be caused by search partners with display expansion or misconfigured Performance Max campaigns.

When CTR is low but the conversion rate is good, the fixes will be a little different:

  • The ad creative may not be enticing enough. You may want to be more direct in asking folks to contact you or order now.
  • Your budget may not support prime-time bidding, so you end up serving a lot during off-hours when folks are less likely to engage. You can correct this with an ad schedule to force budgets to only spend during peak hours.
  • There may be a double or triple counting issue, where you’re getting more than one conversion count per click. Use the “conversion action” segment to identify any false positives. This is critical to catch because double-counting conversions will influence smart bidding and reporting.

When both are good or bad, it can be a little tougher to know where to focus optimization or scale efforts.

The best starting point will always be your customers and the quality of your leads.

Average CPC And Search Terms/Placement Type

It can be very tempting to overoptimize for cheap clicks, but if you only focus on CPC, you may price yourself out of the auction.

While we don’t have full search term access, leveraging what we do have is critical to making informed choices around which ideas we budget for.

If your average CPCs are low for your industry, here is what you should check for:

  • Branded queries sneaking into non-branded campaigns. This can happen if you’re using broad match, as well as if you don’t use negatives to sequester branded traffic.
  • Non-search placements are using search budget. These placements aren’t inherently bad, but if you’re bidding for search, you will overbid on other placements.
  • If you’re losing more than 50% impression share due to rank, you are likely choking volume too much to be profitable.

When the average CPC is high for your industry, here is what to check for:

  • Accidental duplicates that might be causing you to bid against yourself (and potentially cause serving issues). While search terms will be the best source of truth for this, you also can check a keyword’s status. If you get the “another eligible keyword was chosen” status more than 25% of the time, you likely need to clean up close variant duplicates.
  • The bidding strategy may be forcing you to bid too high because there isn’t enough conversion data to inform smart bidding. Consider switching back to manual or using target impression share/max clicks with a bid cap. The bid cap should be no more than 10% of your daily budget.

CPA And ROAS’s Influence On Volume/Value

One reason Smart Bidding (Max Conversions and Max Conversion Value) catches a lot of heat is that people don’t fully understand how to help them learn profitable budget allocation.

It is very normal for a brand-new account using Smart Bidding to have a bad experience if they don’t have enough conversions (30+) in a 30-day period.

When you need volume, CPAs and ROAS have to be more conservative. For example, you might be willing to take a $100 CPA on a $300 product/service. The ROAS goal would be 300% (we spent $100 to achieve $300).

This mindset is really important for product/company launches, as well as if you are facing a shortage of leads.

Conversely, if you’re under scrutiny for marketing costs, you may set more aggressive goals, so each customer is worth more (even if you get fewer of them).

For example, I might only be willing to pay $30 for that $300 product/service.

This inherently means that I will get fewer leads than when I was willing to pay $100 to acquire them, but that might also provide needed operational filters (not overloading sales/customer success teams with leads).

The ROAS equation is a little tougher because you still want to factor in lifetime value. Most industries do well somewhere between a two-time and five-time ROAS goal.

It’s also worth noting that your CPC will be directly impacted by which school of thought you adopt. Absolutely use bid floors and caps to make sure you bid enough to enter the auction, as well as balance how much of your budget goes to a single click.

As a general rule, you don’t want more than 10% of a daily budget going to one click because a 10% conversion rate is really good for non-branded.

However, the floor is a bit trickier to set. If you don’t have the data for your industry CPCs, consider starting with 3% of your daily budget.

Which Metrics Matter

Ultimately, the metrics that matter are the ones enabling you to “go do” off of the analysis, as well as the ones weighted in the auction.

These metrics are weighted in the auction:

  • Conversions.
  • CTR.
  • CPC.
  • Quality score*: While this is not officially weighted in the auction anymore, the core signals informing it still are.

These metrics are your “go do’s:”

  • CPA/ROAS: Are you making enough money off of your ads? If not, adjust targets.
  • Impression share: Based on what, if any, is lost to, make structural, bidding, or budgeting changes
  • Conversion rate/CTR: Are the account and website supporting each other in winning business, and do you trust the reporting of both?

Metrics like Ad Strength and optimization score are friendly suggestions but don’t actually impact your account performance.

Final Takeaways

It can be tough to know where to focus on your ad account.

Hopefully, this review of the metrics and their relationships to each other helps you prioritize what to focus on, report on, and act on.

More resources:

Featured Image: kenchiro168/Shutterstock

Ecommerce MGMT 0 Comments
Jun 27 2024
Job title of the future: Space debris engineer

Stijn Lemmens has a cleanup job like few others. A senior space debris mitigation analyst at the European Space Agency (ESA), Lemmens works on counteracting space pollution by collaborating with spacecraft designers and the wider industry to create missions less likely to clutter the orbital environment. 

Although significant attention has been devoted to launching spacecraft into space, the idea of what to do with their remains has been largely ignored. Many previous missions did not have an exit strategy. Instead of being pushed into orbits where they could reenter Earth’s atmosphere and burn up, satellites were simply left in orbit at the ends of their lives, creating debris that must be monitored and, if possible, maneuvered around to avoid a collision. “For the last 60 years, we’ve been using [space] as if it were an infinite resource,” Lemmens says. “But particularly in the last 10 years, it has become rather clear that this is not the case.” 

Engineering the ins and outs: Step one in reducing orbital clutter—or, colloquially, space trash—is designing spacecraft that safely leave space when their missions are complete. “I thought naïvely, as a student, ‘How hard can that be?’” says Lemmens. The answer turned out to be more complicated than he expected. 

At ESA, he works with scientists and engineers on specific missions to devise good approaches. Some incorporate propulsion that works reliably even decades after launch; others involve designing systems that can move spacecraft to keep them from colliding with other satellites and with space debris. They also work on plans to get the remains through the atmosphere without large risks to aviation and infrastructure.

Standardizing space: Earth’s atmosphere exerts a drag on satellites that will eventually pull them out of orbit. National and international guidelines recommend that satellites lower their altitude at the end of their operational lives so that they will reenter the atmosphere and make this possible. Previously the goal was for this to take 25 years at most; Lemmens and his peers now suggest five years or less, a time frame that would have to be taken into account from the start of mission planning and design. 

Explaining the need for this change in policy can feel a bit like preaching, Lemmens says, and it’s his least favorite part of the job. It’s a challenge, he says, to persuade people not to think of the vastness of space as “an infinite amount of orbits.” Without change, the amount of space debris may create a serious problem in the coming decades, cluttering orbits and increasing the number of collisions.  

Shaping the future: Lemmens says his wish is for his job to become unnecessary in the future, but with around 11,500 satellites and over 35,000 debris objects being tracked, and more launches planned, that seems unlikely to happen. 

Researchers are looking into more drastic changes to the way space missions are run. We might one day, for instance, be able to dismantle satellites and find ways to recycle their components in orbit. Such an approach isn’t likely to be used anytime soon, Lemmens says. But he is encouraged that more spacecraft designers are thinking about sustainability: “Ideally, this becomes the normal in the sense that this becomes a standard engineering practice that you just think of when you’re designing your spacecraft.”

Ecommerce MGMT 0 Comments
Jun 27 2024
Inside the US government’s brilliantly boring websites

The United States has an official web design system and a custom typeface. This public design system aims to make government websites not only good-looking but accessible and functional for all.

Before the internet, Americans may have interacted with the federal government by stepping into grand buildings adorned with impressive stone columns and gleaming marble floors. Today, the neoclassical architecture of those physical spaces has been (at least partially) replaced by the digital architecture of website design—HTML code, tables, forms, and buttons. 

While people visiting a government website to apply for student loans, research veterans’ benefits, or enroll in Medicare might not notice these digital elements, they play a crucial role. If a website is buggy or doesn’t work on a phone, taxpayers may not be able to access the services they have paid for—which can create a negative impression of the government itself.  

There are about 26,000 federal websites in the US. Early on, each site had its own designs, fonts, and log-in systems, creating frustration for the public and wasting government resources. The troubled launch of Healthcare.gov in 2013 highlighted the need for a better way to build government digital services. In 2014, President Obama created two new teams to help improve government tech.

Within the General Services Administration (GSA), a new team called 18F (named for its office at 1800 F Street in Washington, DC) was created to “collaborate with other agencies to fix technical problems, build products, and improve public service through technology.” The team was built to move at the speed of tech startups rather than lumbering bureaucratic agencies. 

The US Digital Service (USDS) was set up “to deliver better government services to the American people through technology and design.” In 2015, the two teams collaborated to build the US Web Design System (USWDS), a style guide and collection of user interface components and design patterns intended to ensure accessibility and a consistent user experience across government websites. “Inconsistency is felt, even if not always precisely articulated in usability research findings,” Dan Williams, the USWDS program lead, said in an email. 

Today, the system defines 47 user interface components such as buttons, alerts, search boxes, and forms, each with design examples, sample code, and guidelines such as “Be polite” and “Don’t overdo it.” Now in its third iteration, it is used in 160 government websites. “As of September 2023, 94 agencies use USWDS code, and it powers about 1.1 billion page views on federal websites,” says Williams.

To ensure clear and consistent typography, the free and open-source typeface Public Sans was created for the US government in 2019. “It started as a design experiment,” says Williams, who designed the typeface. “We were interested in trying to establish an open-source solution space for a typeface, just like we had for the other design elements in the design system.”

The teams behind Public Sans and the USWDS embrace transparency and collaboration with government agencies and the public.

And to ensure that the hard-learned lessons aren’t forgotten, the projects embrace continuous improvement. One of the design principles behind Public Sans offers key guidance in this area: “Strive to be better, not necessarily perfect.”

Jon Keegan writes Beautiful Public Data, a newsletter that curates visually interesting data sets collected by local, state, and federal government agencies
(beautifulpublicdata.com).

Ecommerce MGMT 0 Comments
Jun 27 2024
Learning from catastrophe

The philosopher Karl Popper once argued that there are two kinds of problems in the world: clock problems and cloud problems. As the metaphor suggests, clock problems obey a certain logic. They are orderly and can be broken down and analyzed piece by piece. When a clock stops working, you’re able to take it apart, look for what’s wrong, and fix it. The fix may not be easy, but it’s achievable. Crucially, you know when you’ve solved the issue because the clock starts telling the time again. 

Wicked Problems: How to Engineer a Better World
Guru Madhavan
W.W. NORTON, 2024

Cloud problems offer no such assurances. They are inherently complex and unpredictable, and they usually have social, psychological, or political dimensions. Because of their dynamic, shape-shifting nature, trying to “fix” a cloud problem often ends up creating several new problems. For this reason, they don’t have a definitive “solved” state—only good and bad (or better and worse) outcomes. Trying to repair a broken-down car is a clock problem. Trying to solve traffic is a cloud problem.  

Engineers are renowned clock-problem solvers. They’re also notorious for treating every problem like a clock. Increasing specialization and cultural expectations play a role in this tendency. But so do engineers themselves, who are typically the ones who get to frame the problems they’re trying to solve in the first place. 

In his latest book, Wicked Problems, Guru Madhavan argues that the growing number of cloudy problems in our world demands a broader, more civic-minded approach to engineering. “Wickedness” is Madhavan’s way of characterizing what he calls “the cloudiest of problems.” It’s a nod to a now-famous coinage by Horst Rittel and Melvin Webber, professors at the University of California, Berkeley, who used the term “wicked” to describe complex social problems that resisted the rote scientific and engineering-based (i.e., clock-like) approaches that were invading their fields of design and urban planning back in the 1970s. 

Madhavan, who’s the senior director of programs at the National Academy of Engineering, is no stranger to wicked problems himself. He’s tackled such daunting examples as trying to make prescription drugs more affordable in the US and prioritizing development of new vaccines. But the book isn’t about his own work. Instead, Wicked Problems weaves together the story of a largely forgotten aviation engineer and inventor, Edwin A. Link, with case studies of man-made and natural disasters that Madhavan uses to explain how wicked problems take shape in society and how they might be tamed.

Link’s story, for those who don’t know it, is fascinating—he was responsible for building the first mechanical flight trainer, using parts from his family’s organ factory—and Madhavan gives a rich and detailed accounting. The challenges this inventor faced in the 1920s and ’30s—which included figuring out how tens of thousands of pilots could quickly and effectively be trained to fly without putting all of them up in the air (and in danger), as well as how to instill trust in “instrument flying” when pilots’ instincts frequently told them their instruments were wrong—were among the quintessential wicked problems of his time. 

To address a world full of wicked problems, we’re going to need a more expansive and inclusive idea of what engineering is and who gets to participate in it.

Unfortunately, while Link’s biography and many of the interstitial chapters on disasters, like Boston’s Great Molasses Flood of 1919, are interesting and deeply researched, Wicked Problems suffers from some wicked structural choices. 

The book’s elaborate conceptual framework and hodgepodge of narratives feel both fussy and unnecessary, making a complex and nuanced topic even more difficult to grasp at times. In the prologue alone, readers must bounce from the concept of cloud problems to that of wicked problems, which get broken down into hard, soft, and messy problems, which are then reconstituted in different ways and linked to six attributes—efficiency, vagueness, vulnerability, safety, maintenance, and resilience—that, together, form what Madhavan calls a “concept of operations,” which is the primary organizational tool he uses to examine wicked problems.

It’s a lot—or at least enough to make you wonder whether a “systems engineering” approach was the correct lens through which to examine wickedness. It’s also unfortunate because Madhavan’s ultimate argument is an important one, particularly in an age of rampant solutionism and “one neat trick” approaches to complex problems. To effectively address a world full of wicked problems, he says, we’re going to need a more expansive and inclusive idea of what engineering is and who gets to participate in it.  

Rational Accidents: Reckoning with Catastrophic Technologies
John Downer
MIT PRESS, 2024

While John Downer would likely agree with that sentiment, his new book, Rational Accidents, makes a strong argument that there are hard limits to even the best and broadest engineering approaches. Similarly set in the world of aviation, Downer’s book explores a fundamental paradox at the heart of today’s civil aviation industry: the fact that flying is safer and more reliable than should technically be possible.

Jetliners are an example of what Downer calls a “catastrophic technology.” These are “complex technological systems that require extraordinary, and historically unprecedented, failure rates—of the order of hundreds of millions, or even billions, of operational hours between catastrophic failures.”

Take the average modern jetliner, with its 7 million components and 170 miles’ worth of wiring—an immensely complex system in and of itself. There were over 25,000 jetliners in regular service in 2014, according to Downer. Together, they averaged 100,000 flights every single day. Now consider that in 2017, no passenger-carrying commercial jetliner was involved in a fatal accident. Zero. That year, passenger totals reached 4 billion on close to 37 million flights. Yes, it was a record-setting year for the airline industry, safety-wise, but flying remains an almost unfathomably safe and reliable mode of transportation—even with Boeing’s deadly 737 Max crashes in 2018 and 2019 and the company’s ongoing troubles

Downer, a professor of science and technology studies at the University of Bristol, does an excellent job in the first half of the book dismantling the idea that we can objectively recognize, understand, and therefore control all risk involved in such complex technologies. Using examples from well-known jetliner crashes, as well as from the Fukushima nuclear plant meltdown, he shows why there are simply too many scenarios and permutations of failure for us to assess or foresee such risks, even with today’s sophisticated modeling techniques and algorithmic assistance.

So how does the airline industry achieve its seemingly unachievable record of safety and reliability? It’s not regulation, Downer says. Instead, he points to three unique factors. First is the massive service experience the industry has amassed. Over the course of 70 years, manufacturers have built tens of thousands of jetliners, which have failed (and continue to fail) in all sorts of unpredictable ways. 

This deep and constantly growing data set, combined with the industry’s commitment to thoroughly investigating each and every failure, lets it generalize the lessons learned across the entire industry—the second key to understanding jetliner reliability. 

Finally is what might be the most interesting and counterintuitive factor: Downer argues that the lack of innovation in jetliner design is an essential but overlooked part of the reliability record. The fact that the industry has been building what are essentially iterations of the same jetliner for 70 years ensures that lessons learned from failures are perpetually relevant as well as generalizable, he says. 

That extremely cautious relationship to change flies in the face of the innovate-or-die ethos that drives most technology companies today. And yet it allows the airline industry to learn from decades of failures and continue to chip away at the future “failure performance” of jetliners.

The bad news is that the lessons in jetliner reliability aren’t transferable to other catastrophic technologies. “It is an irony of modernity that the only catastrophic technology with which we have real experience, the jetliner, is highly unrepresentative, and yet it reifies a misleading perception of mastery over catastrophic technologies in general,” writes Downer.

For instance, to make nuclear reactors as reliable as jetliners, that industry would need to commit to one common reactor design, build tens of thousands of reactors, operate them for decades, suffer through thousands of catastrophes, slowly accumulate lessons and insights from those catastrophes, and then use them to refine that common reactor design.  

This obviously won’t happen. And yet “because we remain entranced by the promise of implausible reliability, and implausible certainty about that reliability, our appetite for innovation has outpaced our insight and humility,” writes Downer. With the age of catastrophic technologies still in its infancy, our continued survival may very well hinge not on innovating our way out of cloudy or wicked problems, but rather on recognizing, and respecting, what we don’t know and can probably never understand.  

If Wicked Problems and Rational Accidents are about the challenges and limits of trying to understand complex systems using objective science- and engineering-based methods, Georgina Voss’s new book, Systems Ultra, provides a refreshing alternative. Rather than dispassionately trying to map out or make sense of complex systems from the outside, Voss—a writer, artist, and researcher—uses her book to grapple with what they feel like, and ultimately what they mean, from the inside.

Systems Ultra: Making Sense of Technology in a Complex World
Georgina Voss
VERSO, 2024

“There is something rather wonderful about simply feeling our way through these enormous structures,” she writes before taking readers on a whirlwind tour of systems visible and unseen, corrupt and benign, ancient and new. Stops include the halls of hype at Las Vegas’s annual Consumer Electronics Show (“a hot mess of a Friday casual hellscape”), the “memetic gold mine” that was the container ship Ever Given and the global supply chain it broke when it got stuck in the Suez Canal, and the payment systems that undergird the porn industry. 

For Voss, systems are both structure and behavior. They are relational technologies that are “defined by their ability to scale and, perhaps more importantly, their peculiar relationship to scale.” She’s also keenly aware of the pitfalls of using an “experiential” approach to make sense of these large-scale systems. “Verbal attempts to neatly encapsulate what a system is can feel like a stoner monologue with pointed hand gestures (‘Have you ever thought about how electricity is, like, really big?’),” she writes. 

Nevertheless, her written attempts are a delight to read. Voss manages to skillfully unpack the power structures that make up, and reinforce, the large-scale systems we live in. Along the way, she also dispels many of the stories we’re told about their inscrutability and inevitability. That she does all this with humor, intelligence, and a boundless sense of curiosity makes Systems Ultra both a shining example of the “civic engagement as engineering” approach that Madhavan argues for in Wicked Problems, and proof that his argument is spot on. 

Bryan Gardiner is a writer based in Oakland, California.

Ecommerce MGMT 0 Comments
Jun 27 2024
Toys can change your life

In a November 1984 story for Technology Review, Carolyn Sumners, curator of astronomy at the Houston Museum of Natural Science, described how toys, games, and even amusement park rides could change how young minds view science and math. “The Slinky,” Sumners noted, “has long served teachers as a medium for demonstrating longitudinal (soundlike) waves and transverse (lightlike) waves.” A yo-yo can be used as a gauge (a “yo-yo meter”) to observe the forces on a roller coaster. Marbles employ mass and velocity. Even a simple ball offers insights into the laws of gravity.

While Sumners focused on physics, she was onto something bigger. Over the last several decades, evidence has emerged that childhood play can shape our future selves: the skills we develop, the professions we choose, our sense of self-worth, and even our relationships.

That doesn’t mean we should foist “educational” toys like telescopes or tiny toolboxes on kids to turn them into astronomers or carpenters. As Sumners explained, even “fun” toys offer opportunities to discover the basic principles of physics. 

According to Jacqueline Harding, a child development expert and author of The Brain That Loves to Play, “If you invest time in play, which helps with executive functioning, decision-making, resilience—all those things—then it’s going to propel you into a much more safe, secure space in the future.”

Sumners was focused mostly on hard skills, the scientific knowledge that toys and games can foster. But there are soft skills, too, like creativity, problem-­solving, teamwork, and empathy. According to Harding, the less structure there is to such play—the fewer rules and goals—the more these soft skills emerge.

“The kinds of playthings, or play activities, that really produce creative thought,” she says, “are natural materials, with no defined end to them—like clay, paint, water, and mud—so that there is no right or wrong way of playing with it.” 

Playing is by definition voluntary, spontaneous, and goal-free; it involves taking risks, testing boundaries, and experimenting. The best kind of play results in joyful discovery, and along the way, the building blocks of innovation and personal development take shape. But in the decades since Sumners wrote her story, the landscape of play has shifted considerably. Recent research by the American Academy of Pediatrics’ Council on Early Childhood suggests that digital games and virtual play don’t appear to confer the same developmental benefits as physical games and outdoor play

“The brain loves the rewards that are coming from digital media,” says Harding. But in screen-based play, “you’re not getting that autonomy.” The lack of physical interaction also concerns her: “It is the quality of human face-to-face interaction, body proximity, eye-to-eye gaze, and mutual engagement in a play activity that really makes a difference.”

Bill Gourgey is a science writer based in Washington, DC.

Ecommerce MGMT 0 Comments
Jun 27 2024
Do you want to play a game?

For children, play comes so naturally. They don’t have to be encouraged to play. They don’t need equipment, or the latest graphics processors, or the perfect conditions—they just do it. What’s more, study after study has found that play has a crucial role in childhood growth and development. If you want to witness the absolute rapture of creative expression, just observe the unstructured play of children.

So what happens to us as we grow older? Children begin to compete with each other by age four or five. Play begins to transform from something we do purely for fun into something we use to achieve status and rank ourselves against other people. We play to score points. We play to win. 

And with that, play starts to become something different. Not that it can’t still be fun and joyful! Even watching other people play will bring us joy. We enjoy watching other people play so much and get so much joy by proxy from watching their achievements that we spend massive amounts of money to do so. According to StubHub, the average price of a ticket to the Super Bowl this year was $8,600. The average price for a Super Bowl ad was a cool $7 million this year, according to Ad Age

This kind of interest doesn’t just apply to physical games. Video-game streaming has long been a mainstay on YouTube, and entire industries have risen up around it. Top streamers on Twitch—Amazon’s livestreaming service, which is heavily gaming focused—earn upwards of $100,000 per month. And the global market for video games themselves is projected to bring in some $282 billion in revenue this year

Simply put, play is serious business. 

There are fortunes to be had in making our play more appealing, more accessible, more fun. All of the features in this issue dig in on the enormous amount of research and development that goes into making play “better.”  

On our cover this month is executive editor Niall Firth’s feature on the ways AI is going to upend game development. As you will read, we are about to enter the Wild West—Red Dead or not—of game character development. How will games change when they become less predictable and more fully interactive, thanks to AI-driven nonplayer characters who can not only go off script but even continue to play with each other when we’re not there? Will these even be games anymore, or will we simply be playing around in experiences? What kinds of parasocial relationships will we develop in these new worlds? It’s a fascinating read. 

There is no sport more intimately connected to the ocean, and to water, than surfing. It’s pure play on top of the waves. And when you hear surfers talk about entering the flow state, this is very much the same kind of state children experience at play—intensely focused, losing all sense of time and the world around them. Finding that flow no longer means living by the water’s edge, Eileen Guo reports. At surf pools all over the world, we’re piping water into (or out of) deserts to create perfect waves hundreds of miles from the ocean. How will that change the sport, and at what environmental cost? 

Just as we can make games more interesting, or bring the ocean to the desert, we have long pushed the limits of how we can make our bodies better, faster, stronger. Among the most recent ways we have done this is with the advent of so-called supershoes—running shoes with rigid carbon-fiber plates and bouncy proprietary foams. The late Kelvin Kiptum utterly destroyed the men’s world record for the marathon last year wearing a pair of supershoes made by Nike, clocking in at a blisteringly hot 2:00:35. Jonathan W. Rosen explores the science and technology behind these shoes and how they are changing the sport, especially in Kenya. 

There’s plenty more, too. So I hope you enjoy the Play issue. We certainly put a lot of work into it. But of course, what fun is play if you don’t put in the work?

Thanks for reading,

Mat Honan

Ecommerce MGMT 0 Comments
Jun 27 2024
Why China’s dominance in commercial drones has become a global security matter

This story first appeared in China Report, MIT Technology Review’s newsletter about technology in China. Sign up to receive it in your inbox every Tuesday.

Whether you’ve flown a drone before or not, you’ve probably heard of DJI, or at least seen its logo. With more than a 90% share of the global consumer market, this Shenzhen-based company’s drones are used by hobbyists and businesses alike for photography and surveillance, as well as for spraying pesticides, moving parcels, and many other purposes around the world.  

But on June 14, the US House of Representatives passed a bill that would completely ban DJI’s drones from being sold in the US. The bill is now being discussed in the Senate as part of the annual defense budget negotiations. 

The reason? While its market dominance has attracted scrutiny for years, it’s increasingly clear that DJI’s commercial products are so good and affordable they are also being used on active battlefields to scout out the enemy or carry bombs. As the US worries about the potential for conflict between China and Taiwan, the military implications of DJI’s commercial drones are becoming a top policy concern.

DJI has managed to set the gold standard for commercial drones because it is built on decades of electronic manufacturing prowess and policy support in Shenzhen. It is an example of how China’s manufacturing advantage can turn into a technological one.

“I’ve been to the DJI factory many times … and mainly, China’s industrial base is so deep that every component ends up being a fraction of the cost,” Sam Schmitz, the mechanical engineering lead at Neuralink, wrote on X. Shenzhen and surrounding towns have had a robust factory scene for decades, providing an indispensable supply chain for a hardware industry like drones. “This factory made almost everything, and it’s surrounded by thousands of factories that make everything else … nowhere else in the world can you run out of some weird screw and just walk down the street until you find someone selling thousands of them,” he wrote.

But Shenzhen’s municipal government has also significantly contributed to the industry. For example, it has granted companies more permission for potentially risky experiments and set up subsidies and policy support. Last year, I visited Shenzhen to experience how it’s already incorporating drones in everyday food delivery, but the city is also working with companies to use drones for bigger and bigger jobs—carrying everything from packages to passengers. All of these go into a plan to build up the “low-altitude economy” in Shenzhen that keeps the city on the leading edge of drone technology.

As a result, the supply chain in Shenzhen has become so competitive that the world can’t really use drones without it. Chinese drones are simply the most accessible and affordable out there. 

Most recently, DJI’s drones have been used by both sides in the Ukraine-Russia conflict for reconnaissance and bombing. Some American companies tried to replace DJI’s role, but their drones were more expensive and their performance unsatisfactory. And even as DJI publicly suspended its businesses in Russia and Ukraine and said it would terminate any reseller relationship if its products were found to be used for military purposes, the Ukrainian army is still assembling its own drones with parts sourced from China.

This reliance on one Chinese company and the supply chain behind it is what worries US politicians, but the danger would be more pronounced in any conflict between China and Taiwan, a prospect that is a huge security concern in the US and globally.

Last week, my colleague James O’Donnell wrote about a report by the think tank Center for a New American Security (CNAS) that analyzed the role of drones in a potential war in the Taiwan Strait. Right now, both Ukraine and Russia are still finding ways to source drones or drone parts from Chinese companies, but it’d be much harder for Taiwan to do so, since it would be in China’s interest to block its opponent’s supply. “So Taiwan is effectively cut off from the world’s foremost commercial drone supplier and must either make its own drones or find alternative manufacturers, likely in the US,” James wrote.

If the ban on DJI sales in the US is eventually passed, it will hit the company hard for sure, as the US drone market is currently worth an estimated $6 billion, the majority of which is going to DJI. But undercutting DJI’s advantage won’t magically grow an alternative drone industry outside China. 

“The actions taken against DJI suggest protectionism and undermine the principles of fair competition and an open market. The Countering CCP Drones Act risks setting a dangerous precedent, where unfounded allegations dictate public policy, potentially jeopardizing the economic well-being of the US,” DJI told MIT Technology Review in an emailed statement.

The Taiwanese government is aware of the risks of relying too much on China’s drone industry, and it’s looking to change. In March, Taiwan’s newly elected president, Lai Ching-te, said that Taiwan wants to become the “Asian center for the democratic drone supply chain.” 

Already the hub of global semiconductor production, Taiwan seems well positioned to grow another hardware industry like drones, but it will probably still take years or even decades to build the economies of scale seen in Shenzhen. With support from the US, can Taiwanese companies really grow fast enough to meaningfully sway China’s control of the industry? That’s a very open question.

A housekeeping note: I’m currently visiting London, and the newsletter will take a break next week. If you are based in the UK and would like to meet up, let me know by writing to zeyi@technologyreview.com.

Now read the rest of China Report

Catch up with China

1. ByteDance is working with the US chip design company Broadcom to develop a five-nanometer AI chip. This US-China collaboration, which should be compliant with US export restrictions, is rare these days given the political climate. (Reuters $)

2. After both the European Union and China announced new tariffs against each other, the two sides agreed to chat about how to resolve the dispute. (New York Times $)

  • Canada is preparing to announce its own tariffs on Chinese-made electric vehicles. (Bloomberg $)

3. A NASA leader says the US is “on schedule” to send astronauts to the moon within a few years. There’s currently a heated race between the US and China on moon exploration. (Washington Post $)

4. A new cybersecurity report says RedJuliett, a China-backed hacker group, has intensified attacks on Taiwanese organizations this year. (Al Jazeera $)

5. The Canadian government is blocking a rare earth mine from being sold to a Chinese company. Instead, the government will buy the stockpiled rare earth materials for $2.2 million. (Bloomberg $)

6. Economic hardship at home has pushed some Chinese small investors to enter the US marijuana industry. They have been buying lands in the States, setting up marijuana farms, and hiring other new Chinese immigrants. (NPR)

Lost in translation

In the past week, the most talked-about person in China has been a 17-year-old girl named Jiang Ping, according to the Chinese publication Southern Metropolis Daily. Every year since 2018, the Chinese company Alibaba has been hosting a global mathematics contest that attracts students from prestigious universities around the world to compete for a generous prize. But to everyone’s surprise, Jiang, who’s studying fashion design at a vocational high school in a poor town in eastern China, ended up ranking 12th in the qualifying round this year, beating scores of college undergraduate or even master’s students. Other than reading college mathematics textbooks under her math teacher’s guidance, Jiang has received no professional training, as many of her competitors have.

Jiang’s story, highlighted by Alibaba following the announcement of the first-round results, immediately went viral in China. While some saw it as a tale of buried talents and how personal endeavor can overcome unfavorable circumstances, others questioned the legitimacy of her results. She became so famous that people, including social media influencers, kept visiting her home, turning her hometown into an unlikely tourist destination. The town had to hide Jiang from public attention while she prepared for the final round of the competition.

One more thing

After I wrote about the new Chinese generative video model Kling last week, the AI tool added a new feature that can turn a static photo into a short video clip. Well, what better way to test its performance than feeding it the iconic “distracted boyfriend” meme and watching what the model predicts will happen after that moment?

Update: The story has been updated to include a statement from DJI.

Ecommerce MGMT 0 Comments
Jun 27 2024
The Download: Introducing the Play issue

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.

Supershoes are reshaping distance running

Since 2016, when Nike introduced the Vaporfly, a paradigm-­shifting shoe that helped athletes run more efficiently (and therefore faster), the elite running world has muddled through a period of soul-searching over the impact of high-tech footwear on the sport.

“Supershoes” —which combine a lightweight, energy-­returning foam with a carbon-fiber plate for stiffness—have been behind every broken world record in distances from 5,000 meters to the marathon since 2020.

To some, this is a sign of progress. In much of the world, elite running lacks a widespread following. Record-breaking adds a layer of excitement. And the shoes have benefits beyond the clock: most important, they help minimize wear on the body and enable faster recovery from hard workouts and races.

Still, some argue that they’ve changed the sport too quickly. Read the full story. 

—Jonathan W. Rosen

This story is from the forthcoming print issue of MIT Technology Review, which explores the theme of Play. It’s set to launch tomorrow, so if you don’t already, subscribe now to get a copy when it lands.

Why China’s dominance in commercial drones has become a global security issue

Whether you’ve flown a drone before or not, you’ve probably heard of DJI, or at least seen its logo. With more than a 90% share of the global consumer market, this Shenzhen-based company’s drones are used by hobbyists and businesses alike for everything from photography to spraying pesticides to moving parcels.

But on June 14, the US House of Representatives passed a bill that would completely ban DJI’s drones from being sold in the US. The bill is now being discussed in the Senate as part of the annual defense budget negotiations. 

To understand why, you need to consider the potential for conflict between China and Taiwan, and the fact that the military implications of DJI’s commercial drones have become a top policy concern for US lawmakers. Read the full story.

—Zeyi Yang

This story is from China Report, our weekly newsletter covering tech in China. Sign up to receive it in your inbox every Tuesday.

The must-reads

I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology.

1 The EU has issued antitrust charges against Microsoft 
For bundling Teams with Office—just a day after it announced similar charges against Apple. (WSJ $) 
+ It seems likely it’ll be hit with a gigantic fine. (Ars Technica)
The EU has new powers to regulate the tech sector, and it’s clearly not afraid to use them. (FT $)

2 OpenAI is delaying launching its voice assistant 
 (WP $)
It’s also planning to block access in China—but plenty of Chinese companies stand ready to fill the void. (Mashable)

3 Deepfake creators are re-victimizing sex trafficking survivors
Non-consensual deepfake porn is proliferating at a terrifying pace—but this is the grimmest example I’ve seen. (Wired $)
Three ways we can fight deepfake porn. (MIT Technology Review)

4 Chinese tech company IPOs are a rarity these days
It’s becoming very hard to avoid the risk of it all being derailed by political scrutiny, whether at home or abroad. (NYT $)
Global chip company stock prices have been on a rollercoaster ride recently, thanks to Nvidia. (CNBC)

5 Why AI is not about to replace journalism
It can crank out content, sure—but it’s incredibly boring to read. (404 Media)
After all the hype, it’s no wonder lots of us feel ever-so-slightly disappointed by AI. (WP $)
Despite a troubled launch, Google’s already extending AI Summaries to Gmail as well as Search. (CNET

6 This week of extreme weather is a sign of things to come
Summers come with a side-serving of existential dread now, as we all feel the effects of climate change. (NBC)
+ Scientists have spotted a worrying new tipping point for the loss of ice sheets in Antarctica. (The Guardian

7 Inside the fight over lithium mine expansion in Argentina 
Indigenous communities had been divided in opposition—but as the cash started flowing, cracks started appearing. (The Guardian)
Lithium battery fires are a growing concern for firefighters worldwide. (WSJ $)

8 What even is intelligent life?
We value it, but it’s a slippery concept that’s almost impossible to define. (Aeon
+ What an octopus’s mind can teach us about AI’s ultimate mystery. (MIT Technology Review)

9 Tesla is recalling most Cybertrucks… for the fourth time 
You have to laugh, really. (The Verge
Luckily, it’s not sold that many of them anyway. (Quartz $)

10 The trouble with Meta’s “smart” Ray Bans 
Well… basically they’re just not very smart. At all. (Wired $)

Quote of the day

“We’re making the biggest bet in AI. If transformers go away, we’ll die. But if they stick around, we’re the biggest company of all time.”

—Fighting talk to CNBC from Gavin Uberti, cofounder and CEO of a two-year-old startup called Etched, which believes its AI-optimized chips could take on Nvidia’s near-monopoly.

The big story

This nanoparticle could be the key to a universal covid vaccine

3D model of the mosaic nanoparticle vaccine

COURTESY OF WELLCOME LEAP, CALTECH, AND MERKIN INSTITUTE

September 2022
Long before Alexander Cohen—or anyone else—had heard of the alpha, delta, or omicron variants of covid-19, he and his graduate school advisor Pamela Bjorkman were doing the research that might soon make it possible for a single vaccine to defeat the rapidly evolving virus—along with any other covid-19 variant that might arise in the future.

The pair and their collaborators are now tantalizingly close to achieving their goal of manufacturing a vaccine that broadly triggers an immune response not just to covid and its variants but to a wider variety of coronaviruses. Read the full story.

—Adam Piore

We can still have nice things

A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or tweet ’em at me.)

+ Happy 80th Birthday to much beloved Muswell Hillbilly Ray Davies, frontman of the Kinks.
+ Need to cool your home down? Plants can help!
+ Well, uh, that’s certainly one way to cope with a long-haul flight. 
+ Glad to know I’m not the only person obsessed with Nongshim instant noodles

Ecommerce MGMT 0 Comments
Jun 27 2024
Charts: Consumer Loyalty Trends Q1 2024

Consumer loyalty is shifting as shoppers seek better value from brands and retailers. That’s according to a new McKinsey & Company study titled, “State of the Consumer 2024: What’s now and what’s next.”

In January this year, McKinsey surveyed 15,000 consumers in 18 markets comprising 90% of global GDP. Over a third of those consumers had experimented with different brands in the prior three months, and around 40% had switched retailers in pursuit of better prices and discounts.


In addition, according to the study, in emerging markets such as China, India, and the Middle East, the proportion of consumers planning to boost their spending on wellness products and services is two to three times greater than in advanced markets such as Canada and the United States.

Moreover, over one-third of consumers in China, Saudia Arabia, India, and the UAE shop directly through social media platforms, much higher than those in Europe and the United States.

Ecommerce MGMT 0 Comments