Pluralistic: 07 Mar 2020

Today's links

  1. Audio from last night's Canada Reads event in Kelowna: Thanks to Sarah Penton for being such a great interviewer!
  2. Gig economy drivers won't get sick-pay if they have covid-19 symptoms: Your Instacart driver is being incentivized to handle your food through his fever-sweats.
  3. Compromise threatens Intel's chip-within-a-chip: A bug in the Management Engine threatens five years' worth of Intel systems.
  4. The savior of Waterstones will turn every B&N into an indie: James Daunt has opened 60 profitable stores in his career.
  5. This day in history: 2015, 2019
  6. Colophon: Recent publications, current writing projects, upcoming appearances, current reading



Audio from last night's Canada Reads event in Kelowna (permalink)

Last night I sat down for an interview and lively Q&A at the Kelowna Public Library with the CBC's Sarah Penton as part of the Canada Reads national book prize, for which my book Radicalized is a finalist. Courtney Dickson was kind enough to send me raw audio from the board and to give me permission to post it. It was a genuinely wonderful night, with great and thoughtful questions, and I’m really glad that I get to share it with you!

https://archive.org/download/canadareadskelownadoctorowpenton/Canada_Reads_Kelowna_Doctorow_Penton.mp3



Gig economy drivers won't get sick-pay if they have covid-19 symptoms (permalink)

The gig economy workers who deliver your @amazon packages are not entitled to sick pay if they think they have covid-19 and want to stay home, rather than delivering contaminated boxes to you.

https://onezero.medium.com/keep-your-car-clean-gig-companies-offer-little-support-during-coronavirus-outbreak-cf6c55cca8a8

It's not just Amazon Flex drivers who are being tacitly incentivized by rapacious, giant corporations to show up for work sick. Your Lyft and Instacart drivers are all being given a stark choice: work sick or go broke.

As Sarah Emerson speculates in her One Zero piece, this depraved indifference is likely an epiphenomenon of gig economy companies' urge to preserve the fiction that their workers are contractors, not employees. Contractors don't get sick leave, after all.

“[Amazon is ] basically threatening that I’ll be out of work if I have any symptoms of being sick, coronavirus or not, but no protections and no offers for help in the event it happens" – Jeff Perry, Amazon Flex/Uber driver, Sacramento

Lyft's advice to drivers: "disinfect your car" and avoid passengers who appear sick.

As outrage over this policy went viral, Uber reversed its earlier stance and announced that it would offer up to 14 days of "compensation" for some drivers.

https://twitter.com/MikeIsaac/status/1236126626028507136



Compromise threatens Intel's chip-within-a-chip (permalink)

A new showstopper Intel bug compromises the Converged Security and Management Engine, the computer-within-a-computer that Intel uses for a variety of purposes, some beneficial (detecting malware), some terrible (shutting out free software).

https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html

The Management Engine has long been controversial. It's designed to reach into your RAM and tinker with it in a way that, by design, the CPU can't detect or prevent. This is deliberate: it lets the management engine monitor and disrupt malware.

https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html

But of course, if your Management Engine itself is compromised, then – by design – the part of the computer that you control can neither monitor it, nor prevent it from doing malicious work. In 2017, a ghastly ME bug showed how risky this was.

https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it

It's especially bad because ME security is, in part, security through obscurity: Intel barely documents ME function and doesn't permit outside auditing. To make everything worse, there's no way to fully disable it. So ME bugs keep on surfacing, each worse than the last. Here's 2018's:

https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/

Which brings me to the new vuln: PT Security shows an early stage attack on the boot ROM, that allows for recovery of a master key that is used to generate all the other keys in the system. It's a deep bug that could potentially compromise all the downstream operations. It's only a partial attack (so far). The key needs to be decrypted to be usable, but the researchers say it's only a matter of time – and they point out that the key is shared across years' worth of Intel processors.

This compromise (when it comes) has profound implications for DRM, which is intrinsically brittle in that it's "break once, break everywhere." Once content is extracted from a DRM wrapper on a compromised system, it can be shared and played back on intact ones. DRM system designers try to address this with tactics like "renewability" and "selectable output control" that allows DRM systems to detect which systems they're running on and refuse to operate if they believe they might be compromised.

This is a thermonuclear option that could make DRM unviable forever. It means that if you had the misfortune to buy an Intel system during the five years that they were manufactured with this defect, you could lose the ability to play content you've already paid for.

Not because you hacked your system, but because you could. DRM is and always has been a timebomb, ticking down to the moment that execs in a distant boardroom decide to nerf or brick your property. The temptation to downgrade your customers' property to up your profits is irresistible.

https://www.eff.org/deeplinks/2016/09/what-hp-must-do-make-amends-its-self-destructing-printers

But customers don't like getting punished for "doing the right thing." If media companies cancel playback for purchased content on affected Intel systems, they won't be targeting pirates (who get their media DRM-free), but people who deliberately chose to pay.

"Fool me once, shame on you. Fool me twice, we don't get fooled again." -GWB

Punishing legit customers to get at pirates is a surefire way to make more pirates.

"Might as well be hanged for a sheep as for a lamb."



The savior of Waterstones will turn every B&N into an indie (permalink)

A great hero of British bookselling is James Daunt, the founder of Daunt Books, whose flagship store is literally the most beautiful bookstore I've ever been to.

https://dauntbooks.co.uk/shops/marylebone/

Daunt took over Waterstones in 2011 and rescued it. The chain now runs as a string of indies, with no co-op promotion – instead, the booksellers in each shop choose which books they promote based on local taste. Corporate HQ chooses a book of the month and a book every year for chainwide promotion, but they do so on the basis of their enjoyment of the book – not because a publisher pays them for promo.

The new Waterstones stores are spectacular. There were always some great ones (the Waterstones in Bradford rivals the main Daunt books for beauty), but the vibe and experience of shopping at a post-Daunt Waterstones is a million times better than before. And new shops like the one in Tottenham Court Road really embody what a bookstore can be. The event I did there in 2017 with Laurie Penny was one of the best I've ever done in the UK.

https://www.waterstones.com/events/cory-doctorow-in-conversation-with-laurie-penny/london-tottenham-court-road

The good news is that Daunt is now running Barnes & Noble, which has been struggling and worse – pulling desperate moves like laying off all their most experienced booksellers to lower payroll costs, which is obviously a catastrophic mistake. And Daunt's public plan for BN – America's last major chain bookstore – is to replicate what he did with Waterstones. Let the stores run like indies, with local control by experienced booksellers who know and care about their customers' tastes.

https://www.bloomberg.com/news/features/2020-03-04/barnes-noble-wants-to-be-more-like-an-indie-bookseller

He's ending co-op promotion, featuring books that the booksellers choose, not books that publishers pay to promote. He's reversing the focus on non-bookstore SKUs (sunglasses, puzzles and scented candles) in favor of, you know…books. They're shrinking CDs and DVDs and expanding kids' books, laying the ground for a new generation of readers, and they're cleaning up, repainting, and generally repairing years of neglect that have given some of the stores the vibe of an abandoned K-Mart.

They're also opening new stores, targeting places that don't have any bookstores (as opposed to places where indie stores have kept the faith and continued to serve their communities). He's shooting for 1,500 stores nationwide. It's superb news for a nation where bookselling has been imperilled for decades. On every tour stop, I always insist that my media escort take me to every B&N in town to sign stock and meet the booksellers. As a recovering bookseller myself, it's one of the great pleasures of the tours. Bookstores are community hubs, and were key to my own literary upbringing. This is just delightful news.

(Image: RachelH_, CC BY-NC)



This day in history (permalink)

#5yrsago Improving the estimate of US police killings https://fivethirtyeight.com/features/a-new-estimate-of-killings-by-police-is-way-higher-and-still-too-low/

#1yrago Ajit Pai has been touting new broadband investment after he murdered Net Neutrality, but he's been relying on impossible data from a company called Barrierfree https://arstechnica.com/tech-policy/2019/03/ajit-pais-rosy-broadband-deployment-claim-may-be-based-on-gigantic-error/

#1yrago The EU hired a company that had been lobbying for the Copyright Directive to make a (completely batshit) video to sell the Copyright Directive https://twitter.com/Senficon/status/1103582295523553280?ref_src=twsrc%5Etfw

#1yrago The "Tragedy of the Commons" was invented by a white supremacist based on a false history, and it's toxic bullshit https://twitter.com/mmildenberger/status/1102604887223750657

#1yrago It's on: House Democrats introduce their promised Net Neutrality legislation https://www.cnet.com/news/democrats-introduce-save-the-internet-act-to-restore-net-neutrality/



Colophon (permalink)

Today's top sources: The Verge (https://www.theverge.com), Wired (https://wired.com), Slashdot (https://slashdot.org).

Hugo nominators! My story "Unauthorized Bread" is eligible in the Novella category and you can read it free on Ars Technica: https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

Upcoming appearances:

Currently writing: I'm rewriting a short story, "The Canadian Miracle," for MIT Tech Review. It's a story set in the world of my next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. I'm also working on "Baby Twitter," a piece of design fiction also set in The Lost Cause's prehistory, for a British think-tank. I'm getting geared up to start work on the novel afterwards.

Currently reading: Just started Lauren Beukes's forthcoming Afterland: it's Y the Last Man plus plus, and two chapters in, it's amazeballs. Last month, I finished Andrea Bernstein's "American Oligarchs"; it's a magnificent history of the Kushner and Trump families, showing how they cheated, stole and lied their way into power. I'm getting really into Anna Weiner's memoir about tech, "Uncanny Valley." I just loaded Matt Stoller's "Goliath" onto my underwater MP3 player and I'm listening to it as I swim laps.

Latest podcast: Disasters Don’t Have to End in Dystopias: https://craphound.com/podcast/2020/03/01/disasters-dont-have-to-end-in-dystopias/

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627?utm_source=socialmedia&utm_medium=socialpost&utm_term=na-poesycorypreorder&utm_content=na-preorder-buynow&utm_campaign=9781626723627

(we're having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a very special, s00per s33kr1t intro.