[Plura-list] Audio from Canada Reads Kelowna, gig economy spreads Covid-19, Intel's security chip is insecure, Barnes and Noble gets a savior

Cory Doctorow doctorow at craphound.com
Sat Mar 7 11:50:44 EST 2020

Today's links

* Audio from last night's Canada Reads event in Kelowna: Thanks to Sarah
Penton for being such a great interviewer!

* Gig economy drivers won't get sick-pay if they have covid-19 symptoms:
Your Instacart driver is being incentivized to handle your food through
his fever-sweats.

* Compromise threatens Intel's chip-within-a-chip: A bug in the
Management Engine threatens five years' worth of Intel systems.

* The savior of Waterstones will turn every B&N into an indie: James
Daunt has opened 60 profitable stores in his career.

* This day in history: 2015, 2019

* Colophon: Recent publications, current writing projects, upcoming
appearances, current reading


✴️ Audio from last night's Canada Reads event in Kelowna

Last night I sat down for an interview and lively Q&A at the Kelowna
Public Library with the CBC's Sarah Penton as part of the Canada Reads
national book prize, for which my book Radicalized is a finalist.
Courtney Dickson was kind enough to send me raw audio from the board and
to give me permission to post it. It was a genuinely wonderful night,
with great and thoughtful questions, and I'm really glad that I get to
share it with you!



✴️ Gig economy drivers won't get sick-pay if they have covid-19 symptoms

The gig economy workers who deliver your @amazon packages are not
entitled to sick pay if they think they have covid-19 and want to stay
home, rather than delivering contaminated boxes to you.


It's not just Amazon Flex drivers who are being tacitly incentivized by
rapacious, giant corporations to show up for work sick. Your Lyft and
Instacart drivers are all being given a stark choice: work sick or go broke.

As Sarah Emerson speculates in her One Zero piece, this depraved
indifference is likely an epiphenomenon of gig economy companies' urge
to preserve the fiction that their workers are contractors, not
employees. Contractors don't get sick leave, after all.

"[Amazon is ] basically threatening that I'll be out of work if I have
any symptoms of being sick, coronavirus or not, but no protections and
no offers for help in the event it happens" – Jeff Perry, Amazon
Flex/Uber driver, Sacramento

Lyft's advice to drivers: "disinfect your car" and avoid passengers who
appear sick.

As outrage over this policy went viral, Uber reversed its earlier stance
and announced that it would offer up to 14 days of "compensation" for
some drivers.



✴️ Compromise threatens Intel's chip-within-a-chip

A new showstopper Intel bug compromises the Converged Security and
Management Engine, the computer-within-a-computer that Intel uses for a
variety of purposes, some beneficial (detecting malware), some terrible
(shutting out free software).


The Management Engine has long been controversial. It's designed to
reach into your RAM and tinker with it in a way that, by design, the CPU
can't detect or prevent. This is deliberate: it lets the management
engine monitor and disrupt malware.


But of course, if your Management Engine itself is compromised, then –
by design – the part of the computer that you control can neither
monitor it, nor prevent it from doing malicious work. In 2017, a ghastly
ME bug showed how risky this was.


It's especially bad because ME security is, in part, security through
obscurity: Intel barely documents ME function and doesn't permit outside
auditing. To make everything worse, there's no way to fully disable it.
So ME bugs keep on surfacing, each worse than the last. Here's 2018's:


Which brings me to the new vuln: PT Security shows an early stage attack
on the boot ROM, that allows for recovery of a master key that is used
to generate all the other keys in the system. It's a deep bug that could
potentially compromise all the downstream operations. It's only a
partial attack (so far). The key needs to be decrypted to be usable, but
the researchers say it's only a matter of time – and they point out that
the key is shared across years' worth of Intel processors.

This compromise (when it comes) has profound implications for DRM, which
is intrinsically brittle in that it's "break once, break everywhere."
Once content is extracted from a DRM wrapper on a compromised system, it
can be shared and played back on intact ones. DRM system designers try
to address this with tactics like "renewability" and "selectable output
control" that allows DRM systems to detect which systems they're running
on and refuse to operate if they believe they might be compromised.

This is a thermonuclear option that could make DRM unviable forever. It
means that if you had the misfortune to buy an Intel system during the
five years that they were manufactured with this defect, you could lose
the ability to play content you've already paid for.

Not because you hacked your system, but because you *could*. DRM is and
always has been a timebomb, ticking down to the moment that execs in a
distant boardroom decide to nerf or brick your property. The temptation
to downgrade your customers' property to up your profits is irresistible.


But customers don't like getting punished for "doing the right thing."
If media companies cancel playback for purchased content on affected
Intel systems, they won't be targeting pirates (who get their media
DRM-free), but people who deliberately chose to pay.

"Fool me once, shame on you. Fool me twice, we don't get fooled again." -GWB

Punishing legit customers to get at pirates is a surefire way to make
more pirates.

"Might as well be hanged for a sheep as for a lamb."


✴️ The savior of Waterstones will turn every B&N into an indie

A great hero of British bookselling is James Daunt, the founder of Daunt
Books, whose flagship store is literally the most beautiful bookstore
I've ever been to.


Daunt took over Waterstones in 2011 and rescued it. The chain now runs
as a string of indies, with no co-op promotion – instead, the
booksellers in each shop choose which books they promote based on local
taste. Corporate HQ chooses a book of the month and a book every year
for chainwide promotion, but they do so on the basis of their enjoyment
of the book – not because a publisher pays them for promo.

The new Waterstones stores are spectacular. There were always some great
ones (the Waterstones in Bradford rivals the main Daunt books for
beauty), but the vibe and experience of shopping at a post-Daunt
Waterstones is a million times better than before. And new shops like
the one in Tottenham Court Road really embody what a bookstore can be.
The event I did there in 2017 with Laurie Penny was one of the best I've
ever done in the UK.


The good news is that Daunt is now running Barnes & Noble, which has
been struggling and worse – pulling desperate moves like laying off all
their most experienced booksellers to lower payroll costs, which is
obviously a catastrophic mistake. And Daunt's public plan for BN –
America's last major chain bookstore – is to replicate what he did with
Waterstones. Let the stores run like indies, with local control by
experienced booksellers who know and care about their customers' tastes.


He's ending co-op promotion, featuring books that the booksellers
choose, not books that publishers pay to promote. He's reversing the
focus on non-bookstore SKUs (sunglasses, puzzles and scented candles) in
favor of, you know…books. They're shrinking CDs and DVDs and expanding
kids' books, laying the ground for a new generation of readers, and
they're cleaning up, repainting, and generally repairing years of
neglect that have given some of the stores the vibe of an abandoned K-Mart.

They're also opening new stores, targeting places that don't have any
bookstores (as opposed to places where indie stores have kept the faith
and continued to serve their communities). He's shooting for 1,500
stores nationwide. It's superb news for a nation where bookselling has
been imperilled for decades. On every tour stop, I always insist that my
media escort take me to every B&N in town to sign stock and meet the
booksellers. As a recovering bookseller myself, it's one of the great
pleasures of the tours. Bookstores are community hubs, and were key to
my own literary upbringing. This is just delightful news.

(Image: RachelH_, CC BY-NC)


✴️ This day in history

#5yrsago Improving the estimate of US police killings

#1yrago Ajit Pai has been touting new broadband investment after he
murdered Net Neutrality, but he's been relying on impossible data from a
company called Barrierfree

#1yrago The EU hired a company that had been lobbying for the Copyright
Directive to make a (completely batshit) video to sell the Copyright

#1yrago The "Tragedy of the Commons" was invented by a white supremacist
based on a false history, and it's toxic bullshit

#1yrago It's on: House Democrats introduce their promised Net Neutrality


✴️ Colophon

Today's top sources: The Verge (https://www.theverge.com), Wired
(https://wired.com), Slashdot (https://slashdot.org).

Hugo nominators! My story "Unauthorized Bread" is eligible in the
Novella category and you can read it free on Ars Technica:

Upcoming appearances:

* Museums and the Web: March 31-April 4 2020, Los Angeles.

* LA Times Festival of Books: 18 April 2020, Los Angeles.

Currently writing: I'm rewriting a short story, "The Canadian Miracle,"
for MIT Tech Review. It's a story set in the world of my next novel,
"The Lost Cause," a post-GND novel about truth and reconciliation. I'm
also working on "Baby Twitter," a piece of design fiction also set in
The Lost Cause's prehistory, for a British think-tank. I'm getting
geared up to start work on the novel afterwards.

Currently reading: Just started Lauren Beukes's forthcoming Afterland:
it's Y the Last Man plus plus, and two chapters in, it's amazeballs.
Last month, I finished Andrea Bernstein's "American Oligarchs"; it's a
magnificent history of the Kushner and Trump families, showing how they
cheated, stole and lied their way into power. I'm getting really into
Anna Weiner's memoir about tech, "Uncanny Valley." I just loaded Matt
Stoller's "Goliath" onto my underwater MP3 player and I'm listening to
it as I swim laps.

Latest podcast: Disasters Don't Have to End in Dystopias:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we're having a launch for it in Burbank on July 11 at Dark Delicacies
and you can get me AND Poesy to sign it and Dark Del will ship it to the
monster kids in your life in time for the release date).

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a very
special, s00per s33kr1t intro.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200307/3435551d/attachment-0001.sig>

More information about the Plura-list mailing list