The most promising targets for campaigns are employers large and multifarious enough to implicate workers of many different kinds, as well as the broader community. Hospitals, school systems, and universities leap out as potential targets. These are the institutions where the RN, the custodian, and the fast-food worker are under the same roof. They might actually know one another. The meaning of their alliance might cut across lines of race, gender, and status.
Such institutions tend to have major footprints in their local labor markets. In New York City, the Department of Education is the largest single employer of all agencies of the city government, itself the largest overall employer; health-care providers and universities make up eight of the top ten in the private sector. What’s more, the students, families, and patients who are served by the institution often have interests that can be aligned with those of workers: Do you want enough nurses on the hospital floor? What is all this debt for if the money’s not going to the professors? Do you want your children tested to death and jammed into overcrowded classrooms? Here the classic case is the Chicago Teachers Union, which has successfully positioned itself at the head of a popular majority against mayor Rahm Emanuel.
These institutions are also susceptible to public pressure. Hospitals, school systems, and universities all depend on the public — its opinion, its dollars. If a significant number of people who work at these institutions can be mustered to volunteer in local elections, that group can persuade an even larger group of workers, students, and patients to vote for the same candidates. Then you have a shot at building real, substantive unity between different sections of the working class.
tl;dr: I’m pulling my hair out about this terrible email security service that is ruining my work email, so I blogged about it.
My employer uses Microsoft Exchange for university email. It recently purchased and implemented the “Advanced Threat Protection” package, primarily to combat phishing. The “Safe Links” feature, in particular, is a disaster. Pitt’s webpage explaining this service is here. Microsoft’s is here.
So the “Safe Links” feature replaces all links in incoming emails from outside servers with links that begin with “https://na01.safelinks.protection.outlook.com ” and are followed by several lines of complex code. This is a solution of sorts to phishing scams, but seems to have exactly the opposite effect as it should. For example, I now regularly receive emails with links such as this:
In emails formatted with HTML that would be embedded as a link. In plain text emails the whole link is included in the text.
This is bonkers for several reasons:
My normal approach to potential phishing emails is to check whether the links go to the expected servers or not. If I look closely at the above link I can see that it may resolve to a site on the domain http://www.tandfonline.com, but there is no way to actually confirm that without actually clicking the link. That, then, requires me to trust that the Advanced Threat Protection service will in fact catch every potentially malicious link and will never go down. But, predictably, this service has already had major vulnerabilities that let malicious links through and apparently lasted for months.
This trains users to blindly trust long, complex links in general. One of the ironies here is that Pitt’s IT office recently implemented a “Phishing Awareness” program, to train and encourage email users to be more careful about phishing emails. That campaign tells us:
You can identify a phishing scam by looking for email messages that:
- Create a sense of urgency
- Invoke strong emotions, like greed or fear
- Request sensitive data
- Contain links that do not appear to match legitimate resources for the organization that is contacting you
So when you receive an email that seems to create a sense of urgency, invoke strong emotions, or request sensitive data, before you click you should check the links to make sure they go to expected servers.
The Safe Links program makes this impossible. Now when you receive an email that seems to create a sense of urgency, invoke strong emotions, or request sensitive data, you can’t confirm that the link goes to the expected server, because all links go to https://na01.safelinks.protection.outlook.com!
That domain itself is much more complex than normal. I can look at
and confirm that it ends in “outlook.com” as the top-level domain. But it is a lot of work to parse. And it is so complex that it would be relatively easy to imitate and confuse even sophisticated users with small changes, like one more top-level domain.
With the Safe Links program, users now have no choice but to trust that the service never goes down and that it never misses a malicious link. Except that the service already has gone down and missed malicious links!
I’m sure it is difficult to train a large number of users at a large institution to be sophisticated, skeptical email users. But Safe Links trains users in exactly the opposite direction, to be passive, trusting email users. And then when Pitt students and faculty use their personal email accounts (very possibly on Pitt machines!) they will be even more susceptible to scams because we are teaching them the wrong habits.
Ironically, this works directly at cross purposes to Pitt’s own phishing awareness campaign. A significant element of that campaign is that Pitt is sending out fake phishing emails (so fake fake messages), which have phishing awareness sites on the other end of their apparently malicious links. So I received this message:
Hilariously, that link at “Manage Order” goes to this page:
Which includes this (excellent) advice:
You should always be suspicious of links in email. Before you click, you should verify that you recognize the web address that is used in the link.
But if you look at the original fake phishing scam, the link that is supposed to go to “http://orders.discontcomputers.com ” (a site I would know I did not have any recent orders with, and therefore would be suspicious of), instead goes to:
This makes no sense.
Replacing simple direct links in email with links that are almost 300 characters long (!) seriously impacts the readability of plain text messages. Most of the email lists for professional/disciplinary organizations that I subscribe to require messages be formatted in plain text, so I get a lot of these. For example:
I can’t even.
Now when someone’s email signature includes a link to their homepage, it is four lines long, and can’t be understood as links to an individual’s homepage. To learn where that person’s website is, you have to actually click the link and load the page! Paragraphs and sentences are broken up to the point of unreadability.
Unembedded URLs are good for email security, because they ensure that readers see where links are going, and we should encourage them. Instead this change further encourages email senders to embed URLs as hyperlinks in email, which makes it much harder for users to recognize and decipher the links they are clicking on, which is bad.
Of course this will also create serious “linkrot” problems in the future. I keep an archive of my work emails going back over a decade, and email is an important form of record-keeping (this is especially true for public institutions like the one where I work). This service relies on Microsoft servers continuously running to scan and translate clicked URLs. If Microsoft ever discontinues this service (and why wouldn’t they if it stopped being profitable? Google killed Reader, after all), all of these links will become completely unusable. The links themselves may not even contain all the information in the original URL, so the original destination may not even be able to be decipherable in the future. (They do seem to include all the original link information in some form, but I haven’t looked at enough of them to confirm that it is all in the new safelink URL and not stored online in a database, say. And even if the information is all there it is very heavily processed.) This means that we are relying on Microsoft to continue an active link analysis service in perpetuity to maintain the basic usefulness of our own email archives in the future. If Pitt ever decided, say, to switch from Exchange to Google’s Apps for Education, or even if Microsoft discontinued the Exchange service altogether, we would not lose our archives hosted on our own machines. But if this new service were discontinued we would lose access to basic information in messages in our email archives. That does not make sense to me as an approach to record-keeping either for academics or for a public institution.
On Microsoft’s webpage explaining this service, they advertise this feature:
Get rich reporting and track links in messages
Gain critical insights into who is being targeted in your organization and the category of attacks you are facing. Reporting and message trace allow you to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows you to track individual malicious links in the messages that have been clicked.
They include this image:
This appears to suggest that institutional IT administrators will receive reports with individually identifying information about every link clicked by every email user. Surely there is some tradeoff between privacy and security, but this seems, at least, like a significant movement away from the norms of privacy that university employees currently expect. My understanding is that Pitt’s IT administrators do not, for example, see the text of all my emails, or even their metadata, though that may be possible in extreme cases. But here Microsoft is suggesting that they will produce and make available reports detailing every link clicked on by individually identifiable email users. That seems like a bad thing.
I suppose there is some logic here, which is that if you ruin email as a useful tool for scholarly communication, then people will stop using email, and then you won’t have to worry about users clicking on malicious links in phishing scams.
An essay I wrote about the strange ways the Disney Channel show Hannah Montana adapts the “having it all” problematic from postfeminist women’s TV to a 21st century tween sitcom came out this month in a brilliant issue of WSQ: Women’s Studies Quarterly on the theme CHILD. The special issue also includes articles my new colleague at Pitt Julian Gill-Peterson and amazing people like Natalia Cecire and Nicholas Sammond. It is already a thrill to contribute something to WSQ, and to be part of this incredible issue is even better.
The clock is ticking. Those 16-year-old girls are coming at you like spider monkeys, and everyone else is going to feel left out. —Angelo Sotira, “Never Forget that 16-year-old Girls Run the Internet“
I have read this weird advice/app review column by the deviantART founder/CEO so many times, and I can’t for the life of me figure out what the 16-year-old girls that bookend (and headline) the article have to do with the body, about new “secret-sharing” web apps. Is the advice about keeping 16-year-old girls out? Why does the advice not also apply to 16-year-old girl users? Will 16-year-old girls adopt any platform regardless of its merit? Will they destroy a perfectly good tool? There isn’t even a coherent passage to quote!
And don’t plenty of 16-year-old girls use deviantART? Is this column expressing Sotira’s resentment of his own client base? Is his the cautionary tale? When he writes, “Imagine that you’re in your apartment, scrolling through the latest confession/messaging/social app, and it’s full of woes of teenage heartbreak. You realize that this app doesn’t speak to you.” is he complaining about his own site? Because, um, go look at the stuff on the front page of deviantART (which is an amazing website—truly no disrespect or criticism there is intended, but the point is obvious I hope).
And if teenage girls run the internet, why WOULDN’T you want them on your site?
I guess I know it’s obvious that everyone hates teenage girls, but is it THAT obvious? Are they such a pure symbol of abjection?
cf, I guess. sigh
This new special issue of Differences, “In the Shadows of the Digital Humanities,” is great. David Golumbia’s article “Death of a Discipline,” in particular, is spectacular. It certainly confirms many of my biases so it’s a joy to read. But it is also really a pleasure to read after Matthew Kirschenbaum’s complaint in the same issue that critiques of digital humanities commonly refuse to address the actual works produced by scholars who identify as doing digital humanities. Kirschenbaum goes to some lengths to argue that DH scholars are just doing something different from “traditional” literary scholars, and the terms of its evaluation should be participation and membership in its own networks:
So it is with digital humanities: you are a digital humanist if you are listened to by those who are already listened to as digital humanists, and they themselves got to be digital humanists by being listened to by others. Jobs, grant funding, fellowships, publishing contracts, speaking invitations—these things do not make one a digital humanist, though they clearly have a material impact on the circumstances of the work one does to get listened to. Put more plainly, if my university hires me as a digital humanist and if I receive a federal grant (say) to do such and such a thing that is described as digital humanities and if I am then rewarded by my department with promotion for having done it (not least because outside evaluators whom my department is enlisting to listen to as digital humanists have attested to its value to the digital humanities), then, well, yes, I am a digital humanist. Can you be a digital humanist without doing those things? Yes, if you want to be, though you may find yourself being listened to less unless and until you do some thing that is sufficiently noteworthy that reasonable people who themselves do similar things must account for your work, your thing, as part of the progression of a shared field of interest. (55)
Which is to say that Kirschenbaum effectively defines DH as a separate field from “traditional” literary studies, to argue against ideological critiques of it from outsiders like theory-minded literary scholars. Which is an effective defense as far as it goes, but it is almost completely unresponsive to the concern that DH may be threatening or encroaching on or trying to replace the existing practices and disciplinary formations of literary studies. In fact it seems to bolster those concerns. Kirschenbaum is also just weirdly dismissive of critics focus on the “discursive construct” of DH, as though that “construct” weren’t the thing that is making it possible for these people who apparently have entirely different professional networks and constitutive practices to claim the humanities and literary studies as their own.
The question, as Golumbia puts it, is “why professionals who are not humanists should be engaged in setting standards for professional humanists” (157). If practitioners of a field should be primarily responsible for defining their field and evaluating the work it produces, as Kirschenbaum says, and if DH is really a separate field, as Kirschenbaum says, then the terms of Kirschenbaum’s defense of DH ipso facto justify the skepticism that “traditional” literary scholars might have toward of its encroachment and claim of authority in their disciplinary and institutional settings.
In any event, Golumbia’s essay is fantastic for many more reasons than this.
[update: to be clear the goal here isn’t to add to a pissing contest but to point out that the same terms, and even apparently the same analysis, of disciplinarity, professional networks, etc, are being used to support pretty much opposite positions here, and that Kirschenbaum seems to be conceding Golumbia’s argument, and I wish he would actually engage with his implication that DH scholars really do represent an entirely separate professional network/discipline.]
I’ve been circulating my piece about kids sharing earbuds since 2009. I’m very pleased to say the volume it was slated to appear in has finally been published: The Oxford Handbook of Mobile Music Studies. The whole volume (two volumes, in fact!) is excellent. At $150 it’s much too expensive for individual purchase, but you might encourage your library to purchase it, if you have such influence. My understanding is that a cheaper paperback version should come out in a year.
Here’s the abstract:
“Earbuds Are Good for Sharing: Children’s Headphones as Social Media at a Vermont School.” In The Oxford Handbook of Mobile Music Studies, vol. 1, edited by Jason Stanyek and Sumanth Gopinath, pp. 335–55. New York: Oxford University Press, 2014.
Working from ethnographic research with K–8 schoolchildren at a small public school in Vermont, this chapter examines one of the central practices of music listening of contemporary U.S. children: splitting the cheap earbuds that lately accessorize many consumer devices in order to share them and listen jointly with friends. At Heartsboro Central School, students used their portable music players to move through space, tuck into clothes, and link friends from ear to ear. MP3 players bundled with headphone cables circulated among lockers, desks, pockets, and backpacks. Wires threaded under clothing and tangled across crowded lunchroom tables. Hanging from a shoulder or shirt collar, maxed-out earbuds strained to liven up group spaces with portable, lo-fi background music. In class, students listened surreptitiously to earbuds concealed in sleeves and under the hoods of sweatshirts. Most often two friends would share a pair of earbuds—one for me, one for you—listening together with one ear as they participated in the dense overlap of talk, touch, and gesture that characterized their unmonitored peer interactions. By sharing earbuds kids activated and delineated relationships, and they solidified certain types of social bonds. With the same actions they enforced and regulated status hierarchies, excluding certain children from listening even while expanding access for others who might be limited by parental resources or restrictions. While a complex logic of genre, celebrity, and consumerism informed HCS children’s musical tastes and habits, most prominent was the intimate embedding of earbuds as social anchors among the complex networks and hierarchies of these elementary- and middle-school children. This chapter argues that through their listening practices children’s upset the rationalizing logics of privatization and isolation that accrue to headphones and portable music, as they creatively reimagined their music devices to fit within the persistent and densely sociable cultures of childhood, as tangible technologies for interaction and intimacy that traced out bonds and tethered friends together in joint activity.
In the interest of sharing practical information, here are some notes on my experiences over the last several years getting changes to the language in contracts for individual chapters in edited volumes from Oxford University Press. I have two pieces in Oxford Handbooks, for which I had similar objections to the contracts Jonathan Sterne discusses here, in particular that the agreements were “work for hire” rather than simple copyright transfer (see here for a good explanation of the difference). Like Sterne I was able to get them to add this language:
Notwithstanding the foregoing and subject to the Publisher’s prior written approval, provided that full acknowledgment of the Volume (including bibliographic details) is given and that such use does not affect prejudicially the sales or other exploitation by the Publisher of the Volume, the Contributor may rework some (but not the whole or a substantial part) of his or her contribution to the Volume as the basis for articles in professional journals, conference papers, training materials, newsletters and similar materials, as well as for chapters in books by the Contributor.
I’m not sure that really helps much, but I also was assured by email that this paragraph allowed me to include the chapter in my dissertation (something I specifically requested). In fact I find assurances outside of the contract itself to be pretty frustrating, since the standard contracts always include a clause that says something like “This Agreement sets forth the entire agreement between the parties regarding its subject matter and supersedes and replaces all prior discussions, arrangements, and agreements (whether written or oral) relating thereto.” Which has the effect of disavowing any email assurances!
In addition I was able to have the following clause added, which more or less replicates “moral rights” (or the author’s right to be identified):
It is hereby acknowledged and agreed that such likeness and biographical information shall be subject to the Contributor’s approval, such approval not to be unreasonably conditioned, withheld or delayed. It is further acknowledged and agreed that the Contribution shall be attributed to the Contributor in each instance.
One of the differences between work-for-hire and copyright transfer is that in the latter it is possible to claw back the copyright after 35 years, as I understand it. At that time horizon, who knows what will happen to these materials. You could easily imagine them being sold or repurposed or severely altered somehow, so it is nice to at least have a commitment that my authorship will always be identified.
I was also told that I was one of only two people out of 500 to question the wording of the Handbook agreements in music, and the only one to express concern over “work for hire.” If this is true it’s too bad (though Sterne also reports expressing concerns about work-for-hire, so there must have been at least two of us). But it does indicate that publishers aren’t getting much in the way of push-back from authors on their standard contracts, so the takeaway is that more people should ask for better contracts.
By contrast, I recently negotiated another contract for a chapter in an edited volume, through Oxford’s UK rather than New York offices, and I had a much easier time getting satisfactory changes made. The standard contract used normal copyright transfer rather than work-for-hire. I needed an up front commitment to be able to use the complete chapter in a future book. I was able to get the following added in an addendum:
3 Copyright and Permissions
3.1 The Contributor may reuse the following without obtaining permission:
• up to 10% of the Work providing that this does not exceed 1,000 contiguous words and up to 3 figures or tables.
3.2 The Contributor may:
• Post the Work on a personal website or in an institutional repository;
• Include the Work in derivative works, including extension of the Work into a book-length work;
• Reproduce the Work within coursepacks or e-coursepacks for teaching purposes, with the proviso that the coursepacks are not sold for more than the cost of reproduction;
• Include the Work within a thesis or dissertation.
3.3 Permission is granted on the following conditions:
• that the material reused is own work and has already been published by OUP;
• and that the intended reuse of the Work is for scholarly, non-commercial purposes;
• and that full acknowledgement is made of the original OUP publication;
• and that reuse on personal websites and institutional repositories includes a link to the OUP website.
Clause 7.6 of Schedule II of this agreement is hereby revoked.
(Clause 7.6 reads “This Agreement sets forth the entire agreement between the parties regarding the subject matter hereof and supersedes and revokes all prior discussions, arrangements and agreements written or oral relating thereto.”)
In my view this is excellent. It covers basically everything I really want from a contract, and it was easy to achieve after a bit of back and forth and clarification. And it is much better than what I could get from the Oxford Handbook contracts. This may be a difference between UK and New York, or just that the Handbooks are using a different model. But I thought I should put it out there to let other people know what can be negotiated.
On April 2 the Pitt Childhood Studies Speaker Series is hosting a talk by the sociologist Allison Pugh, titled “The Theoretical Costs of Ignoring Childhood: What Children Have to Tell Us About Inequality, Independence, and Insecurity.” I’ll be giving a brief response, along with Dr. Melissa Swauger (Indiana University of Pennsylvania, Sociology). It promises to be an interesting event. If you are in the Pittsburgh area please join us!
April 2, 4:30–5:45pm, 324 Cathedral of Learning.
As part of a larger project about the tween music industry, I have a chapter coming out in a volume on child musical prodigies from OUP about Justin Bieber. A pdf preprint is here.
“Justin Bieber, YouTube, and New Media Celebrity: The Tween Prodigy at Home and Online,” forthcoming in Musical Prodigies: Interpretations from Psychology, Musicology and Ethnomusicology, edited by Gary McPherson, Oxford University Press.
This chapter examines the cultural values of childhood and commerce that inform tween popular music star Justin Bieber’s portrayal as a musical prodigy, focusing on the 2011 concert film Never Say Never. While children’s active participation in popular culture conflicts with social norms emphasizing children’s place in the home, this chapter argues that forms of “new media”—especially home videos that both Bieber and his fans share on sites like YouTube—help to resolve those conflicts, by contextualizing popular music performance in the everyday spaces of childhood family life. The chapter explores themes of family and childhood domesticity, gender and the intersections between childhood and girlhood culture, disconnects between musical ability and commercial success, and the relationship between musical prodigies and child stars.