[Plura-list] The right's theories about human behavior are bankrupt; Adjacent, similar NYC neighborhoods with wildly different outcomes; Honey in a glue dispenser

Cory Doctorow doctorow at craphound.com
Tue May 12 14:49:59 EDT 2020

Today's links

* The right's theories about human behavior are bankrupt: Immortan Joe
is a shitty behavioral economist.

* Adjacent, similar NYC neighborhoods with wildly different outcomes:
Early warning saved Flushing, Queens.

* Honey in a glue dispenser: Easy spreading ahoy.

* Iceland's world-beating coronavirus app didn't help much: Shoe-leather
contact tracing beats automated exposure notification.

* Thunderspy: a devastating attack on Thunderbolt: Evil Maid, 2020 edition.

* Talking Canada Reads and Radicalized: My chat with Canada Reads
American Style.

* Plane ticket refunds (without airline cooperation): Call your credit
card issuer.

* This day in history: 2005, 2010, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🔥 The right's theories about human behavior are bankrupt

During the Blitz, the UK government was terrified of civil unrest among
the underclass and ordered Londoners to shelter from air raids at home,
rather than going down into the tube tunnels. Londoners refused and took
shelter in the London Underground.


It's a story that's beautifully detailed with lots of primary sources in
Rebecca Solnit's crucial "A Paradise Built in Hell" (one of the major
inspirations for my 2017 novel "Walkaway"):


As Peter McColl writes in Open Democracy, British elites feared that
sheltering in the tube tunnels would make the proles lazy: "[It will be
impossible to] maintain the productive capacity in a troglodyte
existence deep underground."


Flash forward to the pandemic, and Boris Johnson and his ministers
warning that British workers will become "addicted" to idleness if
economic support isn't withdrawn, forcing them to seek jobs that don't
exist (and if they did, couldn't be safely performed).

"The Daily Telegraph makes ever more shrill demands that lockdown end
and people’s lives be sacrificed. But the assumptions that delayed the
lockdown were wrong: most people think their health is their wealth.
Polling consistently shows people want lockdown to last longer. "

"Right-wing newspapers project an unbreakable confidence that they know
what people think. That confidence is often misplaced. "


🔥 Adjacent, similar NYC neighborhoods with wildly different outcomes

Flushing and Corona are two adjacent neighborhoods in Queens, NY. They
are both working-class immigrant neighborhoods whose residents
experience high degrees of covid comorbidities like hypertension.

Both neighborhoods are full of people who work similar jobs in food
service, cleaning, construction and transportation. Most lack health
insurance and half of the residents in each neighborhood share a room
with at least one other person.

Despite these similarities, their pandemic outcomes are wildly
different. Corona is the epicenter of the NYC outbreak; Flushing has one
of the city's lowest rates of infection.


Writing in The City, Ann Choi and Josefa Velasquez propose an intriguing
and plausible explanation for the difference: Flushing's residents are
mostly immigrants from Asia whose families warned them early of the
pandemic's seriousness, so they took precautions earlier.

Infectious disease spread is an exponential phenomenon; that means that
once it starts, it spreads *fast*. But the merciful flipside of that is
that even small reductions in the spread early on have huge downstream
preventative effects.

Which means that the large numbers of Flushing residents who got a jump
on working from home and wearing masks made a huge difference. What's
more, there were enough people who were reluctant to shop or work that
shopkeepers were forced to shut down early, sparing others.

Asian-Americans in NYC have the lowest rate of pandemic hospitalization.
Kezhen Fei, a biostatistician quoted in the piece, says "A lot of
Chinese people in New York City were probably more aware of the
situation earlier."

Meanwhile, across a highway in Corona, the residents weren't hearing the
same warnings, so they were later to take precautions. And, since being
poor in America means no social safety net or health care, they got more
sick, more quickly. Many died.

Corona is predominantly Latinx. Latinx people are disproportionately
likely to become infected, to sicken and to die from coronavirus. They
are among the poorest people in America, so they are more likely to have
untreated chronic illness.

They're more likely to be in economic precarity, which means both more
crowded living circumstances and greater likelihood of working the kind
of front-line job that puts them at risk and offers inadequate protection.

Naturally, people who work these jobs don't have an economic cushion
that would let them quit to protect themselves.

This is true of the people of Flushing, too - the early warnings they
got from family abroad made a gigantic difference to their outcomes.

Some important takeaways.

* NYC is incredibly ethnically segregated

* Official reluctance to take decisive action early killed many people,
especially poor people

* A widespread, vivid picture of the costs of pandemic is an important
and effective prophylaxis

"De Blasio and city Health Commissioner Oxiris Barbot spent crucial days
in March attempting to reassure New Yorkers to carry on with activities."


🔥 Honey in a glue dispenser

Arabic is a popular brand of Japanese glue, famous for its sponge-tipped
applicators that ensures an even spread of glue without drips or spills.


Now they're selling a special edition version of their signature
glue-dispensing system, but this one is filled with Canadian honey.

"You can evenly apply honey directly to the bread, like you're painting
it, so you can keep your hands clean."


It's a novelty product (the honey and the glue packaging are identical,
except for the word "HONEY" in small letters on the label), but if it
works, I'd love to see honey packaged this way.


🔥 Iceland's world-beating coronavirus app didn't help much

Iceland has the highest exposure-notification ("contact tracing") app
penetration in the world, with nearly 40% of the population running the
Rakning C-19 app, and it is a world leader in containing the outbreak of


But the public health officials who ran the country's pandemic response
say that the app wasn't very important to the success. Instead, they
credit actual contact tracing, in which humans called and visited other
humans and gathered data from them.

Iceland's app gathers more data than the apps most other countries are
using and contemplating (notably, it collects users' location data).
Despite this, Gestur Pálmason, who oversees contact tracing for the
Icelandic Police Service, says it "wasn't a game changer."

As Pálmason points out, apps are things you can buy. That means there's
a lobby of people who want to sell you apps, and they're unreliable,
self-interested sources of the utility of exposure notification in
public health context, and they have money to spend on messaging.

"There have been instances where the data was useful, but that the
impact of automated tracing has been exaggerated by people eager to find
technological solutions to the pandemic."

Meanwhile, Iceland has one of the most socially cohesive cultures on the
planet, with high levels of trust in government -- and they didn't quite
manage 40% penetration for their app.

Exposure notification is not the same as contact tracing, though
automated tools can help with manual contact tracing.


Done badly, exposure notification actually undermines contact tracing by
flooding users with false alarms that weaken their trust in the public
health system.


Meanwhile, US public health authorities are increasingly skeptical of
apps and turning to armies of shoe-leather contact tracers:



🔥 Thunderspy: a devastating attack on Thunderbolt

Thunderspy is a new, dramatic exploit for Thunderbolt 3, a
high-bandwidth standard for connecting external devices to laptops. It
allows attackers to bypass the login screen and disk encryption on a
locked computer.


A caveat: to execute the attack, the attacker needs extensive access to
the computer sufficient to remove the computer's case in order to
reprogram the Thunderbolt controller's firmware.


This constraint may make the attack seem trivial and remote, but there's
a there, there. First, Thunderbolt is specifically designed to prevent
this attack.


Second, while there are other hardware attacks that could compromise a
computer (like connecting a hardware keylogger), these leave behind
physical evidence. This attack leaves the hardware unaltered, and only
invisible changes the software on the controller.

Finally, there's no software fix for this. Björn Ruytenberg, who
discovered the vuln, offers a tool to check whether your system is


If you run it and your system is vulnerable, as mine is, you're directed
to  for protect yourself:

* Connect only your own Thunderbolt peripherals. Never lend them to anybody

* Avoid leaving your system unattended while powered on, even when

* Avoid leaving your Thunderbolt peripherals unattended.

tldr: You're hosed.


This isn't the first showstopper bug in Thunderbolt, indeed, much of the
work in TB3 was designed to fix vulns in earlier versions.

A recent addition, Kernel DMA Protection, offers some mitigation, but
it's only in post-2019 systems and most devices don't support it.

There's a related attack that poisons a Thunderbolt peripheral that can
then be used for system takeovers.

Intel had 90 days' notice of the bug. Here's their mitigation advice:
"use only trusted peripherals and prevent unauthorized physical access
to computers."

If you're unsatisfied with that answer, you might turn to other
mitigations for "evil maid" attacks (these are attacks whose threat
model is someone gaining physical access to your computer in your
absence, such as a hotel chambermaid).

I really like Eric Michaud and Ryan Lackey's 2013 suggestion to cover
your laptop screws with glitter nail-polish and take a picture of the
glitter in the blobs, and then verify the glitter position if your
computer is out of your control.


Indeed, I like this so much that it's in my next Little Brother book,
Attack Surface, which comes out on Oct 13:



🔥 Talking Canada Reads and Radicalized

My novel Radicalized is a finalist for #CanadaReads, the @CBC's national
book prize. The debates and final vote have been (indefinitely) delayed
by the pandemic, but fans of the contest are still discussing the books
and their relative merits.


Two of the competition's most diehard fans are Shauna and Rebecca, a
pair of US-based librarians whose "Canada Reads American Style" dives
deep into each of the books, and features interviews with their authors.


The current episode features a long interview with me about the book,
the pandemic, and what the latter means for the former. The hosts were a
delight to chat with!



🔥 Plane ticket refunds (without airline cooperation)

I live in LA. My extended family lives in Toronto. Before the pandemic,
I bought my 12 year old daughter an Air Canada plane ticket from LA to
Toronto to visit her grandparents/uncles/aunts/cousins during the summer

Yesterday, I decided it was time to cancel it. The CDC is projecting
3,000 US deaths/day by Jun 1, and my parents are in their 70s. There's
no way I'm sending my kid to Toronto to see them this summer. That's
basically attempted murder.

I went through the AC form -- which had a ton of fine-print that I
skimmed -- and cancelled the ticket, and then I did a double-take. At
first it looked like my $520 ticket had a $55 nonrefundable portion.
Then I realized that the refundable portion was only $55!

I called up and a rep told me yes, because the ticket is nonrefundable
and because AC hasn't cancelled flights that far into the summer yet, I
was only eligible for taxes and fees. If I'd ticked a different box, i
could get a credit to use the funds on AC in the next 2 years.

What's more, it was too late. My only recourse if I wanted to get that
credit was to fill in a webform that goes to a refunds department that
warns that it takes at least 6 weeks to resolve issues...when there
ISN'T a pandemic on.

My family has a Monday night videoconference and I was complaining about
this and my sister-in-law, Tara, suggested cancelling the charge with my
credit card company, which is apparently what many Canadians are doing.

I tweeted about it this morning and an AC customer service rep asked me
to DM them. After some back and forth, they coughed up a few more of the
fees (not, I note wryly, the money I paid Air Canada for ticket
insurance!), but I'm still out more than $400.

So I called Amex, and while I'm no fan of giant financial services
company, I'm here to tell you that the procedure was easy and entirely
pleasant. They took all the details, decided I was in the right, and
issued me a credit on the spot.

Now, AC can still dispute this, but by the time they do, I'm confident
that my daughter's flight - and the route it's on -- will have been
cancelled. I suppose they might decide to stop doing business with me?

I've got moderately high status with the airline, as it happens, and
I've previously had the top tier frequent flier status (when I lived in
Canada), so maybe not.

But who's to say?

Bottom line, AC might not even exist when the pandemic is over. Rather
than ask me to take a credit instead of a refund, they played a game of
bureaucratic nickel-and-dime gotcha that is totally emblematic of their
customer-hostile approach, even before the crisis.

I've met many wonderful AC employees, but the company is a flaming pile
of garbage. So I'm not all that worried about being blackballed by them.

If you're fighting with an airline, you might wanna try your credit card
company too. No guarantees, but it worked for me.


🔥 This day in history

#15yrsago Legal fund for French blogger being sued by for criticizing
his town

#10yrsago Heinlein freaked out at "invasive" review of STRANGER IN A

#5yrsago Guard tells top senator that she can't take notes on TPP

#5yrsago Loopholes let billionaires duck NYC property tax

#5yrsago The business model of NSA apologists

#5yrsago Leetspeak, circa 1901

#5yrsago Self-sustaining botnet made out of hacked home routers

#1yrago Trump supporters astonished to learn that the man they gave $20m
to "build the wall" has nothing to show for it


🔥 Colophon

Today's top sources: Bruce Schneier (https://schneier.com/), Naked
Capitalism (https://nakedcapitalism.com/)

Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation. Yesterday's progress: 528 words (14213

Currently reading: Facebook: The Inside Story, by Steven Levy.

Latest podcast: Rules for Writers

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book
about monsters, bedtime, gender, and kicking ass. Pre-order here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commerically,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.


🔥 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


*When life gives you SARS, you make sarsaparilla* -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20200512/7325d40d/attachment.sig>

More information about the Plura-list mailing list