[Plura-list] Problems with Pepp-Pt, Disney publishes an official Dole Whip recipe, Reset Everything, Usage stats from the National Emergency Library

Cory Doctorow doctorow at craphound.com
Fri Apr 10 11:11:03 EDT 2020

Today's links

* Problems with Pepp-Pt: Privacy-preserving contact tracing is really hard.

* Disney publishes an official Dole Whip recipe: Orange whip? Orange
whip? Three orange whips.

* Reset Everything: Crisis means crossroads.

* Usage stats from the National Emergency Library: Most of the checkouts
are of books more than a decade old and last less than 30 minutes.

* RPG hagaddah: The Role-Player, what does he say?

* Managing UI claim surges: Hundreds of phone calls, day after day,
without ever reaching a person.

* Realtime wildcat strike map: Coronavirus is leverage for low-waged

* 501 Developer Manifesto: Free time over free snacks.

* Privacy Redirect: Nitter > Twitter.

* This day in history: 2005, 2010, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🐌 Problems with Pepp-Pt

A week ago, I wrote about Pepp-Pt, a European consortium of
universities, telcos and others that had devised a "privacy preserving"
form of contact tracing.


The system kept almost all the data on users' own devices, and employed
a set of random, unique identifiers that participants broadcasted and
collected from the devices of people they were close to.

If someone tested positive, the system would broadcast warnings saying
"If you have identifier, A, B or C, you should get tested, because
person with identifier X just came up positive."

In that way, you could manage your contagion risk without allowing the
state to aggregate huge databases of location and contact data. At the
time, I wrote that this seemed promising, assuming a robust
implementation, but that it also needed expert analysis.

French cryptographer Serge Vaudenay has performed a deep analysis of the
plan and has published a preprint that goes over multiple attack vectors
with potential mitigations.


Vaudenay is pretty pessimistic about the plan: "It is actually
surprising that decentralization creates more privacy threats than it

* Deanonymization

* Revealing private encounters

* Requires a TPM

* Always-on Bluetooth privacy threats.


🐌 Disney publishes an official Dole Whip recipe

For decades, Disnephiles and themepunks have tried to reverse-engineer
the recipe for Dole Whips, the Tiki Room delicacy. Now, Disney has
published a recipe for all of us in lockdown, and it's remarkably simple.


* 1 big scoop of ice cream

* 4 oz of pineapple juice

* 2 cups of frozen pineapple

Add all ingredients to a blender until it's a thick drink, swirl through
a piping bag.

Note that numerous commentators have noted that actual Dole Whip is a
powder that you pour into a machine and add water to, so this is merely
*a* recipe, certainly not *the* recipe.


🐌 Reset Everything

On April 29, I'm speaking at the Reset Everything conference, a free
event to "explore the impact of the current crisis on old paradigms in
the areas of work, healthcare, finance, privacy, environmental policy,
and culture."


RSVP here:



🐌 Usage stats from the National Emergency Library

A lot of my writer friends have been alarmed by the Internet Archive's
National Emergency Library, an electronic lending library.


The Archive has long acquired and scanned books and made them available
as DRM-locked PDFs that one person at a time could check out, building
on firm copyright precedent, notably the Hathi Trust decision.

The vast majority of "checkouts" from the Archive have always been
fleeting — literally minutes long. Basically, it's a quick way to
double-check a reference or look up a passage (a lot of checkouts are
generated by people following references from Wikipedia).

The NEL works like the Archive's existing e-lending program, but it
lifts its one-reader-at-a-time restriction. The Archive's basis for this
is that the books in their holdings – the vast majority of which have no
official electronic edition – are otherwise inaccessible.

The Archive's announcement raised many cheers and also provided aid to
many people, but it also made a lot of people who were already in
precarious and frightening situations very angry.

I get that. I have three books out in 2020 and was planning 6 tours in
four countries for them. I don't know if any of those will happen nor
whether there will be any bookstores to carry my books. This year was to
be very important to my family's finances.

It's not a good year for anyone, and there's never a good time for a
pandemic (obvs), but this timing is really anxiety-provoking for me.

(Let me pause here and mention that I've got it ten million times better
than, say, people whose economic precarity dictates they have to risk
their lives working at an Amazon warehouse during the crisis and I'm
both thankful for that and even more worried for them).

So I totally get why people would be upset if they thought that the
Archive was attacking their livelihoods at this incredibly stressful,
fearful time.

What's more the Archive doesn't really provide much by way of usage
statistics to help people understand the NEL's utility.

In part that's just a mistake the Archive made, but it's also the result
of the Archive's privacy-first stance – they've put a lot of time and
energy into ensuring that they don't log things that might compromise
users' privacy (they even sued the USG over the Patriot Act).

So it's hard for them to produce the kind of data other services
routinely provide (which, on balance, does not speak well of those other

But now, finally, they've produced some stats, and they're pretty
reassuring, IMO.


First of all, let's recall that the NEL's ebooks are not Kindle files or
Epubs, they're scanned PDFs. They are the books you get if you can't get
any other books. The text can't be flowed, it can't be copy-pasted, and
the search is based on flawed, unreliable OCR.

With that in mind:

* The majority of NEL checkouts last less than 30 minutes. That's people
checking a reference, looking up a quote, etc. The kind of thing you'd
call a reference librarian for if the libraries were open.

* The NEL only has books that are more than five years old. 90% of the
books that are checked out are more than 10 years old.

* These books typically have NO official ebook edition, such as this one:


* The Archive believes (but has not fully validated) that in 90% of
instances, the books that patrons check out are only opened once,
irrespective of whether they're held for the full two-week lending period.

I understand why this freaked people out. If you're an author like me
worried that pandemic might wipe out your publisher, your next book, the
bookstores you rely on, and your career, this could seem really scary.

But I think the actual facts in evidence show that this is an entirely
benign adjunct to libraries, delivered in timely fashion to a world of
people who rely on books (including writers!) in times of crisis. It is
not substitutive, it's not cannibalistic.

For librarians, teachers, and parents engaged in home-schooling, the NEL
is a really important resource.

I get that you might still be angry at the Archive. You can take your
books out of the NEL if you are:



🐌 RPG hagaddah

Wondering what to do for your quarantine seder? Well, if you're playing
a lot of videolinked RPGs, consider Avram Grumer's gamer's hagaddah,
inspired by Glenn F Blacow's 1980 essay "Aspects of Adventure Gaming,"
from Different Worlds #10,


Midway through the seder, the reader discusses the parable of the four
sons: "the wise, the wicked, the simple, and the one who doesn't know
how to ask."

Grumer's version is the wargamer, the roleplayer, the power-gamer and
the storyteller.

E.g.: "The Wargamer, what does he say? 'What foe do we fight, and what
is the lay of the land?' You, in turn, shall describe the battlefield,
and challenge his tactical abilities, including the morale check for his


🐌 Managing UI claim surges

New Yorkers who need to file covid-related unemployment claims are
spending multiple, consecutive days dialing in hundreds of times,
sometimes on multiple phones, rarely getting through, only to be
disconnected after a lengthy automated process.


It's obvious that for the people making the calls, this is a cruel,
anxiety-producing system that makes a terrible situation potentially
unbearable (the author of the piece above doesn't have kids – imagine
trying to homeschool or look after a sick family member as well).

But it's also obvious that dealing with an orders-of-magnitude surge in
claims to a system that itself has just undergone a massive rule-shift,
which, if misapplied, could do untold harm to claimants, is an
impossible bind.

Reading, I wondered what the situation was like for the people answering
the phone (who obviously couldn't be reached by the paper, and if they
could, they'd have likely said, "Are you kidding me? I haven't got time
for an interview, there are people I need to talk to").

What kind of absolute hell must they be in? It's likely their office was
understaffed already (thanks to decades of underprovisioning of public
services), with the median caller being a traumatized, upset person
who'd just lost their job and had to wait through a long hold.

Now, it's that times a million (or at least several thousand). The ratio
of operators to callers is far, far worse, as it the trauma and anxiety
of those callers.

I'm sure that someone's working on online claims processing portals, and
the lack of these is a sign of serious mismanagement. A well-managed
system would default to computers, using human operators to for people
who didn't have computers and/or people who had complex cases.

That system would need a quick back-end retooling to accommodate new
covid rules, and a bunch more capacity that could be quickly procured
from cloud providers.

Woulda shoulda coulda.

In the absence of a time-machine, what could NY (and other local
governments) do? They could do some helicopter money (say, prepaid SNAP
cards for everyone in the city). They could guarantee retroactive
benefits for when you DO get through.

The cruelty and anxiety of the system is all about uncertainty: "Will I
get benefits? Before my money runs out?"

Anything that increased that certainty would make the overstretched
system work – for claimants and for the doubtlessly miserable workers.

Here's a list of the measures the state is taking to improve the situation:



🐌 Realtime wildcat strike map

Payday Report's maintaining an interactive map of wildcat strikes across
the USA (45 in just the past month!). These include formal strikes,
sickouts, etc.


Many strikes as missing from the report, because they took place in
cities with NO labor reporters. Some union leaders try to keep it quiet
out of fear of retaliation.

Also workers have such enormous leverage over their employers (because
it's incredibly hard to source and train replacements during the
pandemic) that many of these actions are settled (in the workers'
favor!) in HOURS.


🐌 501 Developer Manifesto

The 501 Developer Manifesto was named after a pejorative term: a "501
developer" is a technologist who is out the door at 5:01PM, rather than
opting to work long, unpaid overtime hours.


We are proud to say that we value:

* Our families over the commercial goals of business owners

* Free time over free snacks

* Living our lives over maintaining our personal brands [love this one!]

* Sustainable pace over muscle-man heroics

* Personal creative projects over commercial products the world doesn't need

* Having money for stuff over getting free swag and work overtime


🐌 Privacy Redirect

Privacy Redirect is a browser extension that intercepts links to
surveilling websites and redirects them to alternative services that
ad-block or don't practice surveillance like Nitter, Invidious,
Bibliogram & OpenStreetMap.


Very excited about Nitter redirects! It's an alternative, free/open
front-end to Twitter that ad- and tracker-blocks. Here's my Nitter feed:


That's very timely, as Twitter has just unilaterally obliterated all its
users' privacy choices, announcing the change with a dialog box whose
only button is "OK." What if it's not OK?



🐌 This day in history

#15yrsago HOWTO de-obfuscate proprietary Sony Network Walkman files

#10yrsago HOWTO Make a Dalek Egg

#5yrsago EFF busts podcasting patent, invalidating key claims at Patent
Office https://www.eff.org/document/uspto-decision

#1yrago Chicago is demanding that children on bail wear private-sector
ankle-cuffs with mics that can record them without their consent

#1yrago What the rest of the world doesn't know about Chinese AI

#1yrago Victory! House of Reps passes legislation to restore Net

#1yrago Foxconn's inconsistent, chaotic behavior in Wisconsin looks
awfully grifty

#1yrago Security keys are "transformative" and "revolutionary" for
information security


🐌 Colophon

Today's top sources: François Garillot (https://garillot.net), Althea
Kontis (https://twitter.com/AletheaKontis), Naked Capitalism
(https://www.nakedcapitalism.com/), Fresh Fruit for Rotting Vegetables
(https://gominosensei.org/), Strypey (https://mastodon.nzoss.nz/@strypey/).

Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation

Currently reading: I'm getting really into Anna Weiner's memoir about
tech, "Uncanny Valley" and Jo Walton's forthcoming novel "Or What You Will."

Latest podcast: The Jubilee: Fill Your Boots

Upcoming appearances:

* Apr 22, Flatten The Curve Summit https://flattenthecurve.tech/

* Apr 23, Canada Reads Q&A

* Apr 29: Reset Everything

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we're having a launch for it in Burbank on July 11 at Dark Delicacies
and you can get me AND Poesy to sign it and Dark Del will ship it to the
monster kids in your life in time for the release date).

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200410/3308f3cd/attachment.sig>

More information about the Plura-list mailing list