- Al Jaffee has retired: MAD's tribute to a 99-year-old legend.
- Raffi on radical politics: The more we get together the happier we'll be.
- Podcast: Part 6 of "Someone Comes to Town, Someone Leaves Town": Young love, strange love.
- Force Multiplier: Free Little Brother story for Attack Surface pre-orders, UK edition.
- Socializing with spreadsheets: Party in a shared doc.
- Red state pandemic rising: Pools can't have pissing and non-pissing ends.
- US cyberdefense is AWOL: US "cyber" spending is all offense, no defense.
- Scraping traffic-cams to capture police violence: NY activists are archiving public camera footage.
- Huge trove of unprotected dating-app data: 845GB of pics, chat and PII hanging out in unprotected Amazon buckets.
- This day in history: 2010, 2015
- Colophon: Recent publications, upcoming appearances, current writing projects, current reading
Al Jaffee has retired (permalink)
Al Jaffee is the longest-working comics artist in history, responsible for two of MAD Magazine's canonical gags: "Snappy Answers to Stupid Questions" and the back-page fold-in. He's 99 years old, and he's just retired.
MAD Magazine largely stopped publishing new material in 2016, but they've produced a special tribute issue celebrating Jaffee's career that has just hit stands. It includes Jaffee's last-ever fold-in (after nearly 500 in total!).
Also in the issue: Sergio Argones's tribute to Jaffee.
The first-ever "Snappy Answers" column.
And much more.
Jaffee led a pretty amazing life, having been born in the US but raised in a rural shtetl in Lithuania with his mother, subsisting on the comics his father sent him from the USA until he returned at the age of 12.
He's credited his Fold-Ins to this dual life of his:
They really are remarkable works.
As great as they are, they're not the only experimental form that Jaffee pioneered: his syndicated "Tall Tales" strips (long, skinny comics that have some kind of amazing sight gag) are fantastic:
Raffi on radical politics (permalink)
Like most Canadian kids in the 70s, I was raised on Raffi Cavoukian's music – I even went to see him in concert with my folks at Seneca College, near suburban Toronto neighbourhood.
And like most Canadian kids, Raffi kinda fell off my radar as I aged out of his audience.
Years later, I learned he was the brother of AnnC avoukian, then Ontario privacy commissioner – a visionary and principled fighter who pioneered the idea of "privacy by design." I thought, "How odd that one sib is a fighter, and the other a gentle kids' entertainer."
And then I discovered Raffi on Twitter, and learned they're both fighters. Raffi's Twitter is a brilliant, fiery, impassioned, hilarious running commentary on progressive politics, the climate emergency, and the terrors of the far-right resurgence.
Raffi is profiled in Jacobin for International Children's Day, in an interview in which he explains the – now obvious – connection between caring for kids and caring about justice overall.
Here are some choice quotes:
"I was full of admiration for who I call humanity’s 'primary learners' who, at the time of their life when evolution has seen fit to give them play as their essential mode of being, they’re learning the most sophisticated human tasks of speech and language acquisition."
"Not caring about people is not an option, because we are human. It is our nature to care. So when we envision a society, it ought to work for everyone. Because the opposite is untenable. Whose child would you leave out?"
"We find these joys to be self evident, that all children are created whole, endowed with innate intelligence, with dignity and wonder, worthy of respect."
Raffi has a nonprofit foundation devoted to spreading his philosophy of "Child Honoring" and even offers an online course in the subject:
Podcast: Part 6 of "Someone Comes to Town, Someone Leaves Town" (permalink)
This week on my podcast, part 6 of my novel "Someone Comes to Town, Someone Leaves Town," a book that Gene Wolfe called "a glorious book unlike any book you've ever read."
This week's installment is all about young love in a small town for a strange lad.
Here's the MP3:
And here's my podcast feed:
Force Multiplier (permalink)
My next novel is Attack Surface, the third Little Brother book, which comes out in October. To celebrate, I've written a new Marcus Yallow story, "Force Multiplier," about stalkerware, power, and revenge, as a free bonus ebook and audiobook for people who pre-order the novel.
If you're in the UK, Australia, NZ, South Africa, Eire, and other parts of the Anglosphere (excluding US/Canada), send your pre-order receipt to Head of Zeus, the UK publisher:
In the US, Canada, and non-English-speaking countries, send your pre-order receipt to Tor Books, the US publisher:
Attack Surface is a standalone novel for adults that stars Masha, the young woman who both gets Marcus into and out of trouble at the start and end of the first two Little Brother books. After the terrorist attack that radicalizes Marcus, Masha joins the DHS.
She wants to hunt terrorists but instead finds herself embroiled in a junk-science scheme to algorithmically attribute guilt to Muslims and other disfavored minorities that the DHS has already decided to blame for the attacks (Little Brother).
From there, Masha ends up in the private sector, working in the cyber division of a mercenary outfit loosely based on Blackwater, where her life outside of the US intelligence services' command structure makes her a mother confessor for US spooks' guilty leaks (Homeland).
By the time we meet Masha in Attack Surface, she's working for a cyber arms dealers similar to the NSO Group, helping ex-Soviet dictators put down color revolutions while secretly helping the radicals evade the spyware she spends her working days installing.
Disillusioned, Masha ends up back in Oakland, helping childhood friends in a successor to the Movement for Black Lives who are being targeted by the same cyberweapons she's spent her career developing and servicing.
It's a book about the limits of self-knowledge, about how smart people can talk themselves into doing the worst things imaginable and then excuse it by telling themselves that anyone else would do the same thing, given the chance.
And it's a book about allyship, and the problems of appointing yourself the cyber-defense force of someone else's political struggle.
(And yes, Marcus is in it too, as is Ange!).
It got a fabulous review from Publishers Weekly: "The high stakes and believable world keep the pages turning. Doctorow’s fans will be pleased."
PS: Thanks to Eva Galperin for help with Force Multiplier!
Socializing with spreadsheets (permalink)
Socializing via videoconference can be exhausting (especially if you're spending your working days also in videoconferences): the panopticon nature of not knowing whether someone is looking at you can make it hard to relax.
Here's Marie Foulston's solution: a party in a spreadsheet.
Foulston's spreadsheet opens with a picture of a door pasted into a cell; it has a "coat-room" tab and then, as guests arrive and start adding tabs, it sprouts a "hallway" and a "kitchen."
People come with animal avatars, and "A flurry of coloured cursors dart from cell to cell announcing names, and guests attempt to decipher their anonymous animal alter egos."
People cut-and-paste coat images into the coatroom tab. A guest paints all the cells in one tab blue, and it becomes the "blue room." Party snacks are pasted into cells. There's an animated dance-floor (GIFs? Scripts? she doesn't say).
Bonfires appear in the garden tab, and above them, s'mores. Someone pastes a police-car into the "front drive" tab and everyone gets briefly quiet until the cops leave.
The tabs each have their own lingering conversations to pop into and scroll back through.
At the end of the night, the action moves to "paint by numbers" tabs where tired stragglers' cursors move between cells, coloring them in to make crude images.
Finally, to end the festivities, Foulston creates a sunrise tab and colors it from dark blue to warm orange.
Foulston's delightful description reminds me of the glory days of MUDs and MOOs and MUSHes, a collaborative, playful form of mostly textual storytelling and pretend.
You can visit the remains of her party here:
Red state pandemic rising (permalink)
There's a reason the GOP politicized the pandemic and started urging businesses in their states to reopen: they saw the numbers that showed that the dead were disproportionately Black and brown, and so deaths from the virus became a feature, not a bug.
But humanity has a shared microbial destiny. It's impossible to be safe while dooming the people who pack your meat, ring up your groceries, clean your house, paint your nails, cut your hair and serve your meals to die of a highly contagious virus.
That's like denying the use of the pool bathrooms to those who can't afford an entry fee, then saying it'll work out because the pool has a "pissing" and "no-pissing" end and people can choose which end to swim in.
"Red states" that rushed to re-open are seeing surging numbers of coronavirus infections, particularly in "vulnerable, rural populations" – that is, in the GOP's voter strongholds.
Some GOP officials haven't gotten the memo yet: Ohio GOP Senator Steve Huffman, offered this explanation for disproportionate Black mortality: "Could it just be that African Americans, the colored population, do not wash their hands as well as other groups?"
Meanwhile, cases and hospitalizations are spiking in Arizona, Florida, South Carolina, Arkansas and Texas – states whose GOP leadership refused Medicare expansion in an effort to sabotage the Affordable Care Act, leaving their people with a brittle, underfunded health system.
The GOP is trapped in a prison of its own making. To keep the fortunes of the 1% intact, they need to restart American commerce. But doing so will not just murder racialized people who don't typically vote Republican, but also the GOP's base: elderly and rural people.
US cyberdefense is AWOL (permalink)
In security, attackers have an easier job than defenders: an attacker has to find a single mistake that a defender has made; a defender has to make no mistakes.
But the best defense is not a good offense. Neglecting defense means abandoning the people you're defending.
So guess how the US apportions its "cyber" budget.
It's all "deterrence" (i.e. offensive capability) and virtually no actual defense. As Jason Healey writes in Lawfare, this leaves Americans as "prey," not "predators."
Healey is writing about the Cyberspace Solarium Commission's report "on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences."
The report shows that the vast majority of information security spending in the US is though the military, not through defensive organizations like the DHS, a trend that began with Clinton and has been continued by every president since, with massive acceleration under Trump.
Ironically, Trump has criticized previous admins for neglecting defense and pledged to increase it as a priority, but all he did was redefine "defense" to mean "punishing those who use cyber tools for malicious purposes" and attaining "peace through strength."
Which is why the DoD's cyber budget is 25% higher than the total infosec budget of all defensive agencies, with US Cybercommand HQ getting 33% more to cover program administration than the entire State Dept cyber budget, including operations.
The DoD's cyber ops budget is 250% of the budget for then entire Cybersecurity and Infrastructure Security Agency, and 1000% of the budget for the National Cybersecurity and Communications Integration Center.
And that's just the part of the budget we know about; most of the DoD's budget is a secret. It's part of the trend Rosa Brooks spoke of: "everything became war and the military became everything."
Healey: "There are tremendous risks when a fearsome offense is paired with a weak defense," because "a more fearsome cyber offense makes it more likely they will get in a sucker punch on the U.S. before Cyber Command can bring its big guns to bear."
He's focused on the geopolitics, but we must attend to human costs. When computer criminals steal trade secrets or kompromat, steal identities or clean out your bank account, they get away clean because your government has prioritized attacking rivals over defending YOU.
To take just one example: the NSA found a vulnerability in Windows that they codenamed "Eternalblue." Rather than report that bug to Microsoft so it could be fixed and everyone relying on Windows could be safer, the NSA kept the bug a secret so it could attack its enemies.
Then Eternalblue leaked. It got picked up by dumdums and spliced into some not-very-effective ransomware, supercharging in and giving birth to the Wannacry epidemic. Wannacry went on to shut down numerous businesses and hospitals around the world, including in the US.
But it did worse than that: Wannacry was used to shut down entire US cities. For months. Including, for example, Baltimore, a city that serves as a commuter town for Beltway Bandits, perhaps including some who decided not to fix Eternalblue.
It would be one thing if the only people who suffered as a result of this ghastly blunder was DoD personnel and their overpaid contractors – but the collateral damage here is staggering.
An offensive posture means you can make your enemy's rubble bounce after they slaughter your people. Only a general hoping for a consulting job with a defense contractor could view this as a good tradeoff for the casualties experienced by the people they've sworn to protect.
Scraping traffic-cams to capture police violence (permalink)
Back in 2017, NYC community activists teamed up with Motherboard to collaborate on expanding their NYC Mesh open mesh wireless network.
And because providing communications infrastructure is a radical act, NYC Mesh is a radical political group.
Their latest activist move: bulk-archiving the freely available NYC traffic-cam footage streaming online and using it as evidence of police brutality against Black Lives Matter protesters.
NYC Mesh volunteer Aakash Patel explains, "The NYC Mesh colocation facility allows us to plug a server directly into the backbone with low latency and high bandwidth. This allows the tool to pull over 200 GB of footage per day and make it available."
It appears that the NYC DOT is now throttling the tool, and they have not responded to Patel's requests for collaboration.
The project is seeking technical volunteers to help manage the video they can get.
They have an open call for sysadmins, UI designers, and ML specialists to help improve the tool, and they're actively seeking connections in the NYC DOT and with activists in other cities to expand the tool's reach.
Huge trove of unprotected dating-app data (permalink)
Back in May, security researchers Noam Rotem and Ran Locar discovered a massive collection of unprotected Amazon Web Services data repositories belonging to "niche dating sites" like "3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt."
In a new report published today with VPN Mentor, the researchers detail the scale of the breach: 845GB of data for 2.5m accounts, including sexual photos, audio recordings, and personally identifying info, along with financial information.
There's no indication that the data was ever breached, but it could have been – there's nothing stopping anyone from scraping that data and using it for kompromat, nonconsensual porn, or just to grief people and destroy their lives.
The apps seem to all be run by the same company, possibly "Cheng Du New Tech Zone," which is listed as the proprietor on several of the apps.
As Lily Hay Newman writes in Wired, "If you use one of the affected apps there's not a lot you can do to protect against the possibility that the data was stolen before the researchers found it."
The researchers report that after they disclosed the vulnerability to the administrators of 3somes, ALL the services were fixed, suggesting that they do have a common owner.
The report makes a series of commonsense recommendations for securing sites, but misses one very important one: don't save data. The kinds of data that the services kept on their servers should never have been retained indefinitely, if at all.
This day in history (permalink)
#10yrsago HOWTO silence vuvuzela drone on your TV https://lifehacker.com/how-to-silence-vuvuzela-horns-in-world-cup-broadcasts-5564085
#10yrsago Shortest-possible Monopoly game https://scatter.wordpress.com/2010/05/30/the-shortest-possible-game-of-monopoly-21-seconds/
#5yrsago Anti-corruption journalist immolated by cops, allegedly under orders from minister https://www.bbc.com/news/world-asia-india-33090032
#5yrsago The Internet may not be the question, but it's the answer https://www.theguardian.com/technology/2015/jun/15/internet-answer-questions-of-our-time
#5yrsago Industry Minister defends the Canadian DMCA https://web.archive.org/web/20100618022053/https://www.tvo.org/cfmx/tvoorg/searchengine/index.cfm?page_id=613&action;=blog&subaction;=viewPost&post;_id=12824&blog;_id=485
#5yrsago "Reporter" who wrote ridiculous story about Snowden leaks in China admits he was just acting as a government stenographer https://www.techdirt.com/articles/20150615/11565531344/reporter-who-wrote-sunday-times-snowden-propaganda-admits-that-hes-just-writing-what-uk-govt-told-him.shtml
#5yrsago Sunday Times sends copyright threat to The Intercept over critical article https://www.documentcloud.org/documents/2101948-news-uk-dmca-notification-first-look-productions.html
Today's top sources: Spider Robinson, Interconnected (http://interconnected.org/), Naked Capitalism (https://nakedcapitalism.com/), Schneier (https://schneier.com/), Riles (https://twitter.com/raaleh).
- My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 505 words (26982 total).
- A short story, "Making Hay," for MIT Tech Review. Friday's progress: 334 words (657 total)
Currently reading: Adventures of a Dwergish Girl, Daniel Pinkwater
Latest podcast: Part 6 of "Someone Comes to Town, Someone Leaves Town" https://craphound.com/podcast/2020/06/14/someone-comes-to-town-someone-leaves-town-part-06/
- Keynote, Transparency By Design, Jun 17, https://www.eventbrite.co.uk/e/transparency-by-design-tickets-103925443800#
- Discussion with Nnedi Okorafor, Torcon, June 14 https://www.torforgeblog.com/torcon-2020/
- In Conversation with Hank Green, Jul 10, https://www.magersandquinn.com/product_info?isbn_id=26578312&products;_id=163359157
Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.
"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
Mastodon (no ads, tracking, or data-collection):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla