[Plura-list] Unpacking covid uncertainty, Chelsea Manning's fines paid off, The Onion on covid-19, the CIA sucks at infosec
Cory Doctorow
doctorow at craphound.com
Sun Mar 15 11:40:14 EDT 2020
Today's links
* HRDAG analyzes the best covid-19 studies: Ninja statisticians FTW.
* Chelsea Manning's supporters pay off her $256,000 fine in a day: She
had our back so we have hers.
* The Onion is there for us: Doing for pandemic what they did for 9/11.
* The CIA's information security is really terrible: Root password was
"123ABCdef".
* Euroleaks: exposing the secret workings of the Eurogroup: Where they
decided to strangle Greece.
* Things to do with kids during lockdowns: A crowdsourced list.
* Covered Dish: A site for stories of mutual aid during a crisis.
* How to pull your business out of China: A guide for the anxious.
* This day in history: 2005, 2015, 2019
* Colophon: Recent publications, current writing projects, upcoming
appearances, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 HRDAG analyzes the best covid-19 studies
The statistician I trust most in this world is Patrick Ball, founder of
the incredible the Human Rights Data Analysis Group, a human rights NGO
that uses statistically rigorous methods to produce evidence for war
crimes and genocide tribunals.
https://hrdag.org/
HRDAG's methodologies have been used to provide an empirical critique of
US predictive policing, to compile the first-ever national statistics on
civilian shootings by police, and to investigate the bail system.
https://hrdag.org/usa/
In Mexico, HRDAG's methods were used to predict – and then unearth –
mass graves all over the country, attributed to narco gangs who operate
with impunity thanks to corrupt and/or frightened local officials.
https://hrdag.org/mexico/
HRDAG's work on refugees and war-crimes in Syria are among the best
pictures we have of what's going on in that ghastly war:
https://hrdag.org/syria/
So when I found out that the HRDAG team had been digesting and
validating the best Covid 19 stats, I was fascinated and eager to read
their conclusions.
https://granta.com/how-many-people-are-going-to-die-from-covid-19/
In particular, I'm interested because HRDAG's work is twofold:
1. Do the best statistical work possible, with incredible thoroughness
2. Explain the conclusions of that work to nontechnical people making
life-or-death decisions
The two best studies we have on coronavirus come to very different
conclusions on mortality: the first (Li et al) concludes that the death
rate will average out to 0.24-0.48%; the other (Riou et al) puts the
rate at 1.6%.
This is a massive discrepancy. As the HRDAG team explains, the most
important difference is in the assumptions each paper's authors' make
about how many undocumented cases there are (mortality=deaths/cases, so
the denominator makes a big difference!).
Basically, the problem is we're not able to test enough well-seeming
people to get a sense of how many undocumented cases there are, and
until that starts happening, the infectiousness and mortality just can't
be reliably computed.
But as the team points out, there is near-total certainty about what we
should do now: social distancing and handwashing. Everything else might
be unknown, but that is a take-to-the-bank certainty.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 Chelsea Manning's supporters pay off her $256,000 fine in a day
Yesterday, Chelsea Manning was freed from prison; having been jailed for
nearly a year for refusing to testify to a Grand Jury, spending much of
that time in solitary confinement, a form of torture (Manning attempted
suicide the day before her release).
https://pluralistic.net/2020/03/13/go-katie-go/#chelseafree
The judge fined Manning $256,000 for her noncompliance.
A day later, her supporters have raised the cash to pay her fine, and
then some.
https://www.gofundme.com/f/help-chelsea-pay-her-court-fines/
They're still seeking funds to help Manning pay her living expenses
while she reestablishes herself.
https://www.gofundme.com/f/help-fund-chelseas-living-expenses/donate
She had our back, so we've got hers.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 The Onion is there for us
I remember 9/11, hunkering down on IRC and blogs, not even knowing what
to call it – I called it "The Current Situation," which Jason Kottke and
others picked up.
And I remember when The Onion did its first post-911 issue, the
scathing, brutally funny, uncompromising tonic of it.
The Onion has suffered many changes since, including a humiliating turn
in the barrel of private equity ownership, but that old bite is still
there, and it still has the lycanthropic capacity of turning us all into
ha-ha-only-serious types who are laughing at *and* with fear.
Just for openers, we've got "Health Experts Worry Coronavirus Will
Overwhelm America's GoFundMe System." I mean, what a fucking bullseye.
https://www.theonion.com/health-experts-worry-coronavirus-will-overwhelm-america-1842314132
"Research director Dr. Monica White, who stressed that if the pandemic
were to grow any worse, there simply would not be enough $5 and $10
donations from sympathetic strangers to go around."
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 The CIA's information security is really terrible
Joshua Schulte is the alleged leaker behind Vault 7, a release of CIA
cyberweapons that exposed the recklessness of hoarding vulnerabilities
in widely used software (as opposed to fixing them), and contributed to
the ransomware epidemic. Part of Schulte's defense is that the CIA's
information security was incredibly lax, so the leaks needn't have
originated with him. To that end, his lawyer has revealed some
incredible, stupid mistakes the CIA made on the cybersecurity front.
https://www.theregister.co.uk/2020/03/05/cia_leak_trial/
For example, the stolen hacking tools were taken from a Confluence VM
whose password was "123ABCdef." And the Devlan server's root password
was "mysweetsummer." Both were shared teamwide and available on the
intranet. The justification for this lax security was that the intranet
was only accessible to the CIA's elite hacking unit, the Operational
Support Branch.
The Snowden leaks revealed the existence of the NOBUS doctrine, the idea
that No One But Us is smart enough to do what we do. That doctrine
justifies discovering and hoarding bugs in code that Americans rely
upon, because it presumes that America's enemies just aren't smart
enough to replicate the feat and attack the people who rely on US spooks
for safety.
But NOBUS has been a dead letter since day one. Not only are the "good
guys" prone to self-deception and stupidity, but the "bad guys" are
every bit as smart as them.
The other part of Schulte's defense is also noteworthy: that he is such
a colossal asshole to work with that his co-workers scapegoated him
because they all justifiably hate his guts. From his lawyer's close to
the jury: "They proved to you that you can call him Voldemort or Vault
Asshole or Asshole or John Galt. But one thing that you cannot call him,
after four full weeks, because the evidence isn't there, you cannot call
him guilty. Please acquit."
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 Euroleaks: exposing the secret workings of the Eurogroup
Diem25 is the Democracy in Europe Movement, founded by Yanis Varoufakis
and Srećko Horvat, a populist-left movement founded in response to
austerity, looter capitalism, the rise of neofascist and nationalist
movements, and the betrayal of Greece by Syriza.
Diem25's latest project is Euroleaks, a portal for leaked confidential
information about European establishment schemes to impose austerity and
preserve the wealth of plutocrats. It's a joint project with Mera25, the
Greek arm of Diem25.
https://euroleaks.diem25.org/
The site launched with a huge tranche of leaks from the 2015 Eurogroup
meeting, an "outrageously opaque" affair characterized by extreme
secrecy, at which appointed bureaucrats doomed millions to privation.
https://euroleaks.diem25.org/leaks/
If you're trying to make sense of all this (secretive and complex)
stuff, the explainers page is a good place to start:
https://euroleaks.diem25.org/explainers/
Here's a petition to move these meetings into the public eye:
https://i.diem25.org/en/petitions/38
And here's how to donate to support Diem25. I gave.
https://i.diem25.org/donations/to/euroleaks
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 Things to do with kids during lockdowns
The community from Princess Awesome and Boy Wonder have been busily
compiling a smashing list of activities to do with your kids while
you're all at home together.
https://docs.google.com/document/d/1o6kEgCKLn3cyIm2hehhhSTIk7yRTd0C3zx49JS4wwCI/preview
My favorites:
* Have each kid pick a topic they'd like to learn about and spend 30
mins each day on that topic
* Have each kid write a letter and/or emails to a different friend or
family member each day
* Facetime grandparents a lot
* inventory the plants & wildlife (from bugs on up) in your yard.
* Working on learning to sew using stuff we have on hand.
* Learn how to make a stuffed animal
* Visit online learning resources that have dropped their paywalls
http://www.amazingeducationalresources.com/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 Covered Dish
There's a passage in my novel Walkaway about disaster response:
Do you go over to your neighbor's house with: a) a covered dish or b) a
shotgun? It's game theory. If you believe your neighbor is coming over
with a shotgun, you'd be an idiot to pick a). If she believes the same
thing about you, she's not going to choose a) either. The way to get to
a) is to do a) even if you think your neighbor will pick b). Sometimes
she'll point her gun at you and tell you to get off her land. But if she
was only holding the gun because she thought you'd have one, then she'll
put on the safety and you can have a potluck.
https://craphound.com/category/walkaway/
The point of this is to decide if you're a "covered dish" person or a
"shotgun" person.
Geoff MacDougall took this to heart and created covereddish.org as a
place to chronicle "Stories of beauty, kindness, and hope during the
Coronavirus crisis."
https://coverddish.org
Some of the current highlights:
Portland distillery turns their alcohol waste into free hand sanitizer:
https://thechive.com/2020/03/12/portland-distillery-turns-their-alcohol-waste-into-free-hand-sanitizer-9-photos
NY ISP offers free internet to students who need to study from home:
https://cnycentral.com/news/local/spectrum-to-offer-free-internet-access-for-students-due-to-coronavirus
Scottish cornershop owners distribute free care-packages to elderly people:
https://twitter.com/SJPeace/status/1238496042154369024
Open source hardware ventilators:
https://www.gofundme.com/f/open-source-pandemic-ventilator/
Go add your own!
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 How to pull your business out of China
Reading the China Law Blog offers a window into the minutiae of western
companies doing business in China that fascinating under normal times,
but even more compelling during the crisis.
Today's entry recapitulates the site's longstanding advice on pitfalls
from bad partnerships (basically, they might steal your idea,
counterfeit your stuff, put a lien on your assets, and even kidnap you
if you try to visit in person).
https://www.chinalawblog.com/2020/03/would-the-last-company-manufacturing-in-china-please-turn-off-the-lights-part-5.html
But, tellingly, it also recapitulates the site's advice for terminating
your relationship with a Chinese manufacturer without getting ripped off
(or kidnapped, I guess?). Like not discussing the matter until it's a
fait accompli, double-checking your trademark registrations, having a
your next manufacturing contract in hand, and thoroughly understanding
the true costs of doing business elsewhere.
The author, Dan Harris, describes why he posted this today: five years
ago, they'd get 100 companies seeking advice on setting up in China for
every company that was leaving. Today, the ratio is 1:1 (and would be
worse if everyone who needed legal advice sought it out).
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 This day in history
#15yrsago ETECH notes: Rules for Remixing (Rael Dornfest)
https://craphound.com/etcon2005-rulesforremixing.txt
#15yrsago ETECH Notes: Web Services as a Strategy for Startups (Stewart
Butterfield) https://craphound.com/etcon2005-webservicesforstartups.txt
#15yrsago ETECH Notes: Danny Hillis and Applied Minds
https://craphound.com/etcon2005-appliedminds.txt
#15yrsago ETECH Notes: Bezos on vertical search and A9
https://craphound.com/etcon2005-bezos.txt
#5yrsago Sending Terry Pratchett home with HTTP headers
http://www.gnuterrypratchett.com/
#5yrsago Constituent silenced by spammer-turned-UK Tory party chairman
was telling the truth
https://www.theguardian.com/politics/2015/mar/15/grant-shapps-admits-he-had-second-job-as-millioniare-web-marketer-while-mp
#1yrago Self-insurer Walmart flies its sick employees to out-of-state
specialists to avoid local price-gougers
https://www.cnbc.com/2019/03/14/walmart-sends-employees-to-top-hospitals-out-of-state-for-treatment.html
#1yrago Letterlocking: the long-lost art of using paper-folding to foil
snoops
https://www.atlasobscura.com/articles/what-did-people-do-before-envelopes-letterlocking
#1yrago Security researchers reveal defects that allow wireless
hijacking of giant construction cranes, scrapers and excavators
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
#1yrago Beto O'Rourke was in the Cult of the Dead Cow and his t-files
are still online
https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/
#1yrago Big Chemical says higher pollution levels are safe in West
Virginia because residents don't drink water, and are so fat that
poisons are diluted in their bodies
https://washingtonmonthly.com/2019/03/14/the-real-elitists-looking-down-on-trump-voters/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🧷 Colophon
Today's top sources: Alice Taylor (https://twitter.com/wonderlandblog/),
Bruce Schneier (https://www.schneier.com/blog/), Huby Cuijpers, Kottke
(https://kottke.org).
Currently writing: I've just finished rewrites on a short story, "The
Canadian Miracle," for MIT Tech Review. It's a story set in the world of
my next novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. I've also just completed "Baby Twitter," a piece of
design fiction also set in The Lost Cause's prehistory, for a British
think-tank. I'm getting geared up to start work on the novel next.
Currently reading: Just started Lauren Beukes's forthcoming Afterland:
it's Y the Last Man plus plus, and two chapters in, it's amazeballs.
Last month, I finished Andrea Bernstein's "American Oligarchs"; it's a
magnificent history of the Kushner and Trump families, showing how they
cheated, stole and lied their way into power. I'm getting really into
Anna Weiner's memoir about tech, "Uncanny Valley." I just loaded Matt
Stoller's "Goliath" onto my underwater MP3 player and I'm listening to
it as I swim laps.
Latest podcast: When Sysadmins Ruled the Earth
https://craphound.com/podcast/2020/03/13/when-sysadmins-ruled-the-earth-2/
Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:
https://us.macmillan.com/books/9781626723627?utm_source=socialmedia&utm_medium=socialpost&utm_term=na-poesycorypreorder&utm_content=na-preorder-buynow&utm_campaign=9781626723627
(we're having a launch for it in Burbank on July 11 at Dark Delicacies
and you can get me AND Poesy to sign it and Dark Del will ship it to the
monster kids in your life in time for the release date).
"Attack Surface": The third Little Brother book, Oct 20, 2020.
https://us.macmillan.com/books/9781250757531
"Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200315/1b472097/attachment.sig>
More information about the Plura-list
mailing list