[Plura-list] Sci-Fi Genre; Saudi Aramco is gushing debt; Emailifaction is digital carcinization
Cory Doctorow
doctorow at craphound.com
Tue Nov 24 13:05:17 EST 2020
Today's links
* Sci-Fi Genre: Sarah Gailey and Chuck Wendig on the Attack Surface
Lectures.
* Saudi Aramco is gushing debt: Vision 2030 strikes again.
* Emailifaction is digital carcinization: Every program attempts to
expand until it can read mail.
* Cheap Chinese routers riddled with backdoors: Actively exploited by Mirai.
* Talking interop on EFF's podcast: We call it competitive compatibility.
* This day in history: 2010, 2015, 2019
* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ Sci-Fi Genre
Today on the Attack Surface Lectures (8 panels exploring themes from the
third Little Brother book, hosted by Tor Books and 8 indie bookstores):
Sci-Fi Genre with Sarah Gailey and Chuck Wendig, recorded on Oct 16 by
Fountain Books.
https://www.youtube.com/watch?v=_GecqbDNbTI
You can watch it without Youtube's surveillance courtesy of the Internet
Archive:
https://archive.org/details/asl-opsec
Or get the audio as an MP3:
https://archive.org/download/asl-opsec/Opsec%20with%20Runa%20Sandvik%20and%20Window%20Snyder.mp3
Earlier instalments in the series:
I. Politics and Protest (Eva Galperin and Ron Deibert, hosted by The
Strand):
https://craphound.com/attacksurface/2020/11/16/the-attack-surface-lectures-politics-and-protest-fixed/
II. Cross-Media Sci-Fi (Amber Benson and John Rogers, hosted by the
Brookline Booksmith):
https://craphound.com/attacksurface/2020/11/17/the-attack-surface-lectures-cross-media-sci-fi/
III. Race, surveillance and tech (Meredith Whittaker and Malkia
Devich-Cyril, hosted by The Booksmith):
https://craphound.com/attacksurface/2020/11/18/the-attack-surface-lectures-intersectionality-race-surveillance-and-tech-and-its-history/
IV. Cyberpunk & Post-Cyberpunk (Christopher Brown and Bruce Sterling,
hosted by Anderson's Bookshop)
https://craphound.com/attacksurface/2020/11/19/the-attack-surface-lectures-cyberpunk-and-post-cyberpunk/
V. Little Revolutions (Tochi Onyebuchi and Bethany C Morrow, hosted by
Skylight Books)
https://craphound.com/news/2020/11/20/the-attack-surface-lectures-little-revolutions/
VI. Opsec and Personal Cybersecurity (Window Snyder and Runa Sandvik,
hosted by Third Place Books)
https://craphound.com/attacksurface/2020/11/23/the-attack-surface-lectures-opsec-and-personal-cyber-security/
Here's a master post with all the media as it is goes live:
https://craphound.com/news/2020/11/16/attack-surface-lectures-master-post/
And you can also get this as it's posted on my podcast feed – search for
"Cory Doctorow podcast" in your podcatcher or use the RSS:
https://feeds.feedburner.com/doctorow_podcast
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ Saudi Aramco is gushing debt
Under the leadership of the murderer Mohammad bin Salman, the Saudi
royal family (and the Saudi state it controls) have embarked on "Vision
2030," a plan to shift the country's economy from oil to not-oil.
Extraction-based states are always dysfunctional. All you need to run an
extraction economy is a hole in the ground surrounded by guns. Being a
leader of such a state requires merely that you be able to judge which
mercenaries and diggers to hire.
When these leaders are called upon to do anything more sophisticated -
particularly anything that requires forbearance, tolerance, and a degree
of personal discomfort - they fail, badly.
Sure, MBS was up to the task of going to NYC to drink Starbucks with
Bloomberg.
But when he was faced with a routine leadership challenge - tolerating a
critical journalist rather than dismembering him and dissolving his
remains in acid - he totally failed.
Vision 2030 is proceeding as you might expect from a program named under
the misconception that 20/30 vision is like 20/20 vision, only better.
(It's worse)
Take the IPO for Saudi Aramco, the state-owned oil company.
The IPO was "omni-toxic." Aramco doesn't own its wells; it's a royal
piggybank that funds a stream of multibillion-dollar royal boondoggles,
it has discovered no new oil sources in decades, oil itself is
unsustainable, etc.
https://oilprice.com/Energy/Energy-General/Forget-The-Hype-Aramco-Shares-May-be-Valued-At-Zero-Next-Year.html
The Saudis pulled every trick to make the IPO a success: offering
preferential loans to investors so they could buy the stock, threatening
local power-brokers to coerce them into buying in, and guaranteeing
sky-high dividends ($75b/year!).
And then covid hit, and MBS started an oil-price war. Profits fell 50%
in H1-2020. The company is still making those massive dividend payments,
though.
https://oilprice.com/Energy/Energy-General/Saudi-Aramcos-Landmark-IPO-Is-Costing-The-Kingdom-Billions.html
Those payments are coming from somewhere: capital expenditures and free
cash flow. The company is suspending both projects that would help it
increase its output and projects that might help it wean itself off of oil.
What's more, the cupboard is bare everywhere else. Other arms of the
Saudi state have been starved by the price-war, and can't make up the
difference. Instead, Aramco is digging itself into debt, with a $48B
bond issuance.
Obviously, the shut-down of the oil industry is great news. But
collapses are messy. As the world's hydrocarbon barons thrash around
looking for their future, they're inflicting a lot of collateral damage.
Uber (and many other exploitative, money-losing gig businesses funded)
is just an extrusion of Saudi oil money, via the Saudis' massive
investment in Softbank, which allowed it to run predatory, money-losing,
business-destroying grifts for years.
The people who grew unimaginably wealthy and powerful presiding over a
hole in the ground surrounded by guns are not going to throw themselves
into their holes and pull the dirt in on top of themselves. They are
armed, rich, and psychotic.
At least they're not very bright.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ Emailifaction is digital carcinization
During the first dotcom bubble, Jamie "JWZ" Zawinski coined Zawinski's
Law: "Every program attempts to expand until it can read mail. Those
programs which cannot so expand are replaced by ones which can." It's
all three kinds of funny: funny ha-ha, funny strange, and funny serious.
It's the software equivalent of carcinization, the tendency of every
animal to eventually evolve into a crab. Crab's aren't the best animal,
but they're the most versatile.
https://academic.oup.com/biolinnean/article/121/1/200/3089703
Today in XKCD, Randall Munroe updates Zawinski's Law with a strip called
"Unread," in the way that mounting unread message counts eventually turn
every instant messaging platform into email.
https://xkcd.com/2389/
Switching from email to instant messaging can feel hugely liberating.
There's the first-order effect, that most of the people whose email is a
chore - mass-forwarders, bulk-CCers, favor beggers and
passive-aggressive schmendricks - don't know how to reach you.
Instead, your initial correspondents on a new service are apt to be
close friends you give your new address to, along with a smattering of
interesting strangers of the sort you've been unable to engage with
thanks to the time-vampires who'd colonized your email inbox.
That giddy moment quickly fades though, because you have stuff to do,
and to do stuff, you have to engage with people. And then they'll engage
with you. And you'll want to answer them, but sometimes you'll need to
get other people in on the discussion to move things forward.
You'll get messages on the go - during the honeymoon period, you can
even turn on notifications again! - and then need to come back to them
later (because you're on the go, and the messages are important).
Then, one of two things happens: either you fall back to email or the IM
tool gets CC, BCC, mark unread, search and bulk messaging.
Except that it's shitty email. It's email that's locked inside a social
media company's walled garden, with only one client, not federated.
This is why I do everything important by email. Not because I like
email. I hate email. I, too, have experienced the giddy new relationship
energy that comes from switching to an IM-based service!
But I've also lived through the disastrous consequences of zawinskiian
carcination enough times that I have learned my lesson. Much as I hate
email, I can't quit it.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ Cheap Chinese routers riddled with backdoors
Jetstream is the Walmart brand name for a line of cheap Chinese wifi
base-station/routers; other popular, cheap brands like Wavlink and
Winstars appear to come from the same manufacturer and they all share a
grave security vulnerability: a powerful back-door.
A collaboration between Cybernews, Mantas Sasnauskas and James Clee and
Roni Carta documents the back-door, attempts to connect multiple
corporate identities to a common owner, and presents (very) rough
estimate of the number of devices that share this defect.
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/
The researchers say that the back-door allows remote parties to "monitor
and control all traffic coming through" affected devices, using an
undocumented web-form that accepts commands and runs them as root.
This form has only the crudest security, checking to see if there's ANY
user activity on the network before allowing access. The researchers
claim this as evidence that this is a deliberate back-door and not a
forgotten testing feature or error.
They also document a hidden feature that causes routers to enumerate
nearby routers. While they say there's no reason for this to exist, I
can think of at least two: first, for dynamic frequency selection to
avoid interference, and second, to set up relaying services.
However, I agree with their contention that such a feature would be
useful to the spread of malicious software that exploits the same
back-door.
I'm more dubious of their implied claim that all of this represents some
kind of Chinese state intervention in product design in order to
facilitate surveillance and/or cyberwarfare.
It's true that China (and other world powers, notably the USA) have
covertly and overtly weakened device security as part of their
cyberoffense efforts. But it's also true that vendors make this kind of
stupid mistake all the time, without government encouragement.
Remember when Chrysler shipped millions of internet-connected Jeeps
whose main security was that the connectivity came from Sprint and since
no one uses Sprint, no one would be on the same network as the Jeeps?
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Chinese white-label firms are notorious for building idiotically
insecure devices that are sold under multiple brand names, in ways that
lead to real harms to their owners, and there's no indication that this
was malice - rather, it was indifference.
http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html
Which is not to say that Chinese cyberwarriors wouldn't exploit these
defects - as would their US and other foreign counterparts. Indeed, a
major impediment to the passage of good cybersecurity regulation is the
extent to which spy agencies rely on insecure IoT devices.
And of course, that's just one form of blowback. Vulnerabilities are
also useful to cybercriminals, and that's why both China and the US are
under continuous, nation-scale, punishing ransomeware and Mirai attacks.
It seems like there's at least one Mirai version that targets the
Jetstream back-door. But then again, Mirai is an aggressive little
fucker that also targets high-end, Sony equipment.
https://krebsonsecurity.com/2016/12/researchers-find-fresh-fodder-for-iot-attack-cannons/
I think the geopolitics of this thing isn't "Chinese spies coerced a
manufacturer into riddling its products with vulnerabilities." It's: "In
the absence of regulation and liability, companies make insecure products."
And also: "Spies do what they can to prevent regulation because they
like insecure products."
And finally: "Criminals love the insecurities that reckless companies
create and governments fail to punish."
Oh, and "Walmart's procurements process is garbage and you should throw
away your Walmart router."
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ Talking interop on EFF's podcast
How to Fix the Internet is EFF's amazing new podcast: nuanced
discussions of tech law and ethics with incredible experts, interviewed
and contextualized by EFF executive director Cindy Cohn and strategy
director Danny O'Brien.
https://pluralistic.net/2020/11/13/said-no-one-ever/#fix-it
I devoured the first three episodes. I mean, I started working with EFF
nearly 19 years ago (!) but I was learning SO MUCH from them.
Today, the episode I recorded dropped. I've never been in such august
company.
https://www.eff.org/deeplinks/2020/11/podcast-episode-control-over-users-competitors-and-critics
Our discussion is about the role interoperability plays in helping
technology users exercise self-determination, giving them alternatives
to bad moderation, abusive lock-in, and poor security choices.
And about how companies love interop when they're trying to eat another
company's lunch, but then they love to take it away once they win,
because without interop, companies can control their customers, critics
and competitors.
You can get How to Fix the Internet in your favorite podcatcher. Here's
the RSS:
https://efforg.libsyn.com/rss
and here's the MP3 for my episode:
https://ia601407.us.archive.org/10/items/eff-podcast-episode-4-interroperability/EFF_Podcast_Episode4_Interroperability.mp3
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ This day in history
#10yrsago Menstruating woman subjected to TSA grope because panty-liner
obscured her vulva on pornoscanner
https://blog.gladrags.com/2010/11/24/tsa-groin-searches-menstruating-woman/
#5yrsago Randall “XCKD” Munroe’s Thing Explainer: delightful exploded
diagrams labelled with simple words
https://memex.craphound.com/2015/11/24/randall-xckd-munroes-thing-explainer-delightful-exploded-diagrams-labelled-with-simple-words/
#5yrsago Shamrock shake: Pfizer’s Irish “unpatriotic loophole” ducks US
taxes
https://arstechnica.com/science/2015/11/with-160-billion-merger-pfizer-moves-to-ireland-and-dodges-taxes/
#5yrsago WTO rules against US dolphin-safe tuna labels because they’re
unfair to Mexican fisheries
https://theintercept.com/2015/11/24/wto-ruling-on-dolphin-safe-tuna-labeling-illustrates-supremacy-of-trade-agreements/
#5yrsago J Edgar Hoover was angry that the Boy Scouts didn’t thank him
effusively enough
https://www.muckrock.com/news/archives/2015/nov/24/j-edgar-hoover-insults/
#1yrago Peak billionaire: a billionaire tries to purchase a party
nomination to outflank anti-billionaires so he can run against another
billionaire
https://time.com/5735384/capitalism-reckoning-elitism-in-america-2019/
#1yrago A poor, Trump-voting Florida town opened a government grocery
store to end its food desert, but it’s “not socialism”
https://www.washingtonpost.com/nation/2019/11/22/baldwin-florida-food-desert-city-owned-grocery-store/
#1yrago I made Wil Wheaton recite the digits of Pi for four minutes,
then a fan set it to music https://soundcloud.com/nicholasland/pi-funk
#1yrago The Lincoln Library executive director got fired for renting
Glenn Beck the original Gettysburg Address
https://chicago.cbslocal.com/2019/11/22/lincoln-library-director-fired-after-renting-out-gettysburg-address-to-glenn-beck/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ Colophon
Today's top sources: Naked Capitalism
(https://www.nakedcapitalism.com/), Slashdot (https://slashdot.org/),
Deeplinks (https://www.eff.org/deeplinks/).
Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation. Yesterday's progress: 516 words (87352
total).
Currently reading: The Ministry for the Future, Kim Stanley Robinson
Latest podcast: Someone Comes to Town, Someone Leaves Town (part 24)
https://craphound.com/podcast/2020/11/23/someone-comes-to-town-someone-leaves-town-part-24/
Upcoming appearances:
* Keynote, Cybersummit 2020, Nov 26 https://www.cybera.ca/cyber-summit-2020/
* Keynote, Cologne Futures, Nov 27 http://medienpolitik.eu/
* Beaverbrook Lecture: How to Destroy Surveillance Capitalism, Nov 30,
https://www.mcgill.ca/maxbellschool/channels/event/2020-beaverbrook-annual-lecture-part-ii-cory-doctorow-325538
* Teach-In Against Surveillance, Dec 1,
https://www.eventbrite.ca/e/teach-in-against-surveillance-tickets-128926228821
* Keynote, NISO Plus, Feb 22-25,
https://niso.plus/cory-doctorow-to-keynote-at-niso-plus-2021/
Recent appearances:
* Nerdcanon Podcast:
http://nerdcanon.com/episode-25-cory-doctorow-and-attack-surface/
* Plutopia Podcast:
https://plutopia.io/2020/11/23/cory-doctorow-attack-surface/
* Talkingheadz Podcast:
https://talkingpointz.com/talkingheadz-with-cory-doctorow/
Latest book:
* "Attack Surface": The third Little Brother novel, a standalone
technothriller for adults. The *Washington Post* called it "a political
cyberthriller, vigorous, bold and savvy about the limits of revolution
and resistance." Order signed, personalized copies from Dark Delicacies
https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet
analyzing the true harms of surveillance capitalism and proposing a
solution.
https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59
* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies
here:
https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:
https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.
This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧟♂️ How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and
advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
*When life gives you SARS, you make sarsaparilla* -Joey "Accordion Guy"
DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20201124/8b198ffb/attachment.sig>
More information about the Plura-list
mailing list