[Plura-list] Boundless Realms; Student data breaches vastly underreported; UK corporate registrar bans code-injection
Cory Doctorow
doctorow at craphound.com
Mon Nov 9 11:21:51 EST 2020
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
I'm giving a talk today at the Reboot Conference at 12PM Pacific:
How to Fix the Internet
https://www.rebootconference.org/day-two
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Today's links
* Boundless Realms: The definitive guide to the Haunted Mansion.
* Student data breaches vastly underreported: When monopolism meets ed-tech.
* UK corporate registrar bans code-injection: But you can still register
+++ATH, Inc.
* Someone Comes to Town Part 22: My latest podcast episode.
* This day in history: 2005, 2010
* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
⛅️ Boundless Realms
There's a lot of fascinating writing about Disney theme parks and theme
park design more generally on the internet, but no one thinks and writes
like Foxx Nolte, who is always brilliant, but never moreso than when she
is writing about the Haunted Mansion.
Nolte has just published her first book on the subject: Boundless Realm,
and - speaking as someone who's read dozens of books on theme parks and
the Mansion - I can say that it is the very best book on the subject
ever written.
https://passport2dreams.blogspot.com/2020/10/now-available-boundless-realm-deep.html
There are multiple explanations for the popularity of the Mansion, and
Nolte manages to synthesize all of them into a beautiful, unitary whole.
One major strand of Mansionology claims that the ride's virtuosity is in
its coherence, the stories that run through it.
The competing view is that the Mansion's popularity is down to its
incompleteness, its incoherence. Famously, the ride went through many
conceptual overhauls, driven in part by Walt Disney's ambivalence about
the idea of a rotting mansion in his spotless park.
From the idea of a scary house at the end of Main Street to Rolly
Crump's psychedelic walk-through "Museum of the Weird," to the
Davis/Coats/Gracey/Atencio rides built in Anaheim and Orlando, the
Mansion is a collage of elements that survived multiple
reconceptualizations.
The theory goes that the mismatched elements included in the opening-day
design (and the layers of removals and additions since) created a kind
of rich, surprising stew, a salmagundi whose lack of coherence engages
our imagination to connect the unconnectable dots.
And Nolte synthesizes these two views - brilliantly. Having worked as a
Mansion castmember, interviewed many former "butlers" and "maids" as
well as Imagineers; having examined the vast trove of material surviving
about the Mansion's design process and the source materials online
sleuths uncovered, Nolte squares the circle.
Yes, it's brilliant because it collects the very best elements from
several strong (and narratively irreconcilable) concepts.
But it's also brilliant because it's *thematically* coherent: it tells a
story less about the Mansion's inhabitants than it is about you, the rider.
Nolte brings to bear her incredible design sense and her ability to
articulate the way that design elements - sightlines, lighting, music
and SFX - tell a tale that is multisensory, subliminal and that reaches
far deeper into our imaginations than mere words.
The Mansion's tricks - Pepper's Ghost effects, scrolling paintings,
crossfading reverse-projections, etc - are easy enough to understand and
even to replicate in a home Hallowe'en haunt.
But the *real* tricks - the way that the designers immerse you in an
atmosphere that has a real, narrative arc that is both unmissable and
nearly impossible to pin down - are far harder to detect, let alone
describe or replicate.
That is the real genius of Nolte's work, the reason I so faithfully read
her blog. Her ability to make those design decisions legible and
comprehensible to someone who has a severe deficit in that department
(me), is like a magic trick every time.
Like noticing the ghostly face in the abstract wallpaper or spotting the
eyes on a tombstone open for just a flicker, Nolte's work never fails to
give me a surprising, even shocking moment of satisfying revelation.
At book length, she's even better. This is a remarkable achievement -
and a definitive one.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
⛅️ Student data breaches vastly underreported
Even before lockdown, ed-tech had taken over America's public schools,
with students increasingly completing assignments, accessing course
materials and messaging each other and teachers through monolithic
ed-tech platforms .And where you have IT, you have breaches.
Ed-tech breaches are particularly ghastly - they've leaked teachers'
databases of which kids are being bullied; students' medical and
mental-health records; and information needed to steal millions from
classroom funds.
But as the K-12 Cybersecurity Resource Center reports, the extent of
these breaches has been vastly underreported, because breach-reports
count compromised VENDORS, not compromised SCHOOLS.
https://hechingerreport.org/proof-points-what-happens-when-private-student-information-leaks/
So when Pearson - one of the monopolistic giants of the ed-tech world -
experienced a breach in 2018, that was counted as a single incident,
even though it affected 135 school districts, each with many schools.
The GAO's official breach figures count only 25% of the known breaches -
and no one is counting the un-reported breaches, which the project
believes could raise the figure by a factor of 10 or 20.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
⛅️ UK corporate registrar bans code-injection
Companies House, the British registrar of newly formed companies, has
forced a firm to rename itself from
""><SCRIPT SRC=HTTPS://MJT.XSS.HT> LTD
On the grounds that merely including the name of the company on a
web-page (including the Companies House website) could trigger
cross-site scripting attacks.
https://www.theguardian.com/uk-news/2020/nov/06/companies-house-forces-business-name-change-to-prevent-security-risk
The company - run by a self-described "playful" IT consultant - has
changed its name to:
THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD
The company joins other nerd humor business names that Companies House
has rejected, including the XKCD-inspired
; DROP TABLE "COMPANIES";-- LTD
I remain slightly disappointed that my wife refused to allow me to put
curly-braces in my daughter's middle name, or even an old school "+++ATH".
While the UK continues its crackdown on code-injection attacks in
official names, Ireland remains a free-fire zone full of people with
surnames like O\'\'\'\'\'\'\'\'\'Brien and O'Malley.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
⛅️ Someone Comes to Town Part 22
This week on my podcast: part 22 of my serial reading of my 2006 novel
"Someone Comes to Town, Someone Leaves Town," a book that Gene Wolfe
called "a glorious book unlike any book you’ve ever read."
https://craphound.com/podcast/2020/11/08/someone-comes-to-town-someone-leaves-town-part-22/
You can catch up on the other installments here:
https://craphound.com/podcast/?s=%22someone%20comes%22
and subscribe to my podcast feed here:
https://feeds.feedburner.com/doctorow_podcast
Here's a direct link to the MP3 (hosting courtesy of the Internet
Archive; they'll host your stuff for free, forever, too!):
https://ia601405.us.archive.org/2/items/Cory_Doctorow_Podcast_367/Cory_Doctorow_Podcast_367_-_Someone_Comes_to_Town_Someone_Leaves_Town_022.mp3
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
⛅️ This day in history
#15yrsago Sony’s EULA is worse than their rootkit
https://web.archive.org/web/20051113134044/https://www.eff.org/deeplinks/archives/004145.php
#15yrsago List of CDs infected with Sony’s rootkit DRM
https://www.eff.org/deeplinks/2005/11/are-you-infected-sony-bmgs-rootkit
#10yrsago RIP, Robbins Barstow, godfather of the home movie revival
https://amateurism.wordpress.com/2010/11/09/robbins-barstow-1919-2010/
#5yrsago Chelsea Manning’s statement for Aaron Swartz Day 2015
https://www.aaronswartzday.org/chelsea-manning-2015/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
⛅️ Colophon
Today's top sources: Slashdot (https://slashdot.org/), Doug Levin
(https://twitter.com/douglevin).
Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation. Friday's progress: 525 words (79380 total).
Currently reading: The Ministry for the Future, Kim Stanley Robinson
Latest podcast: Someone Comes to Town, Someone Leaves Town (part 22)
https://craphound.com/podcast/2020/11/08/someone-comes-to-town-someone-leaves-town-part-22/
Upcoming appearances:
* How to Fix the Internet/Reboot 2020, Nov 9,
https://www.rebootconference.org/day-two
* Cyberterrorists, Post-Apocalyptic Landscapes, and
Were-Pomeranians/Texas Book Festival, Nov 12,
https://www.texasbookfestival.org/events/cyberterrorists-post-apocalyptic-landscapes-and-were-pomeranians-new-in-speculative-fiction/
* Let's Talk About Influence/Designthinkers, Nov 16,
https://www.designthinkers.com/week-2/strategy-lets-talk-about-influence
* Shaping the Digital Future Summit/Kaspersky, Nov 17, details TBD
* Misinformation and Disinformation in Science Fiction and Fantasy/LITA,
Nov 17, details TBD
* Keynote, Data Natives, Nov 18, https://datanatives.io/tickets/
* Keynote, Cologne Futures, Nov 20, details TBD
* Keynote, Cybersummit 2020, Nov 26 https://www.cybera.ca/cyber-summit-2020/
* Beaverbrook Lecture: How to Destroy Surveillance Capitalism, Nov 30,
https://www.mcgill.ca/maxbellschool/channels/event/2020-beaverbrook-annual-lecture-part-ii-cory-doctorow-325538
* Keynote, NISO Plus, Feb 22-25,
https://niso.plus/cory-doctorow-to-keynote-at-niso-plus-2021/
Recent appearances:
* Author Stories Podcast
https://www.youtube.com/watch?v=yxSPZn8EGTE
* The Gould Standard:
https://www.glenngould.ca/thegouldstandard/#cory-doctorow
* Attack Surface: A Reckoning
https://draxfiles.com/2020/10/26/show-278-attack-surface-a-reckoning/
Latest book:
* "Attack Surface": The third Little Brother novel, a standalone
technothriller for adults. The *Washington Post* called it "a political
cyberthriller, vigorous, bold and savvy about the limits of revolution
and resistance." Order signed, personalized copies from Dark Delicacies
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet
analyzing the true harms of surveillance capitalism and proposing a
solution.
https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59
* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies
here:
https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:
https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.
This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and
advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy"
DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20201109/ba3b9feb/attachment.sig>
More information about the Plura-list
mailing list