Pluralistic: 12 May 2020

Today's links

The right's theories about human behavior are bankrupt (permalink)

During the Blitz, the UK government was terrified of civil unrest among the underclass and ordered Londoners to shelter from air raids at home, rather than going down into the tube tunnels. Londoners refused and took shelter in the London Underground.

It's a story that's beautifully detailed with lots of primary sources in Rebecca Solnit's crucial "A Paradise Built in Hell" (one of the major inspirations for my 2017 novel "Walkaway"):

As Peter McColl writes in Open Democracy, British elites feared that sheltering in the tube tunnels would make the proles lazy: "[It will be impossible to] maintain the productive capacity in a troglodyte existence deep underground."

Flash forward to the pandemic, and Boris Johnson and his ministers warning that British workers will become "addicted" to idleness if economic support isn't withdrawn, forcing them to seek jobs that don't exist (and if they did, couldn't be safely performed).

"The Daily Telegraph makes ever more shrill demands that lockdown end and people’s lives be sacrificed. But the assumptions that delayed the lockdown were wrong: most people think their health is their wealth. Polling consistently shows people want lockdown to last longer. "

"Right-wing newspapers project an unbreakable confidence that they know what people think. That confidence is often misplaced. "

Adjacent, similar NYC neighborhoods with wildly different outcomes (permalink)

Flushing and Corona are two adjacent neighborhoods in Queens, NY. They are both working-class immigrant neighborhoods whose residents experience high degrees of covid comorbidities like hypertension.

Both neighborhoods are full of people who work similar jobs in food service, cleaning, construction and transportation. Most lack health insurance and half of the residents in each neighborhood share a room with at least one other person.

Despite these similarities, their pandemic outcomes are wildly different. Corona is the epicenter of the NYC outbreak; Flushing has one of the city's lowest rates of infection.

Writing in The City, Ann Choi and Josefa Velasquez propose an intriguing and plausible explanation for the difference: Flushing's residents are mostly immigrants from Asia whose families warned them early of the pandemic's seriousness, so they took precautions earlier.

Infectious disease spread is an exponential phenomenon; that means that once it starts, it spreads fast. But the merciful flipside of that is that even small reductions in the spread early on have huge downstream preventative effects.

Which means that the large numbers of Flushing residents who got a jump on working from home and wearing masks made a huge difference. What's more, there were enough people who were reluctant to shop or work that shopkeepers were forced to shut down early, sparing others.

Asian-Americans in NYC have the lowest rate of pandemic hospitalization. Kezhen Fei, a biostatistician quoted in the piece, says "A lot of Chinese people in New York City were probably more aware of the situation earlier."

Meanwhile, across a highway in Corona, the residents weren't hearing the same warnings, so they were later to take precautions. And, since being poor in America means no social safety net or health care, they got more sick, more quickly. Many died.

Corona is predominantly Latinx. Latinx people are disproportionately likely to become infected, to sicken and to die from coronavirus. They are among the poorest people in America, so they are more likely to have untreated chronic illness.

They're more likely to be in economic precarity, which means both more crowded living circumstances and greater likelihood of working the kind of front-line job that puts them at risk and offers inadequate protection.

Naturally, people who work these jobs don't have an economic cushion that would let them quit to protect themselves.

This is true of the people of Flushing, too – the early warnings they got from family abroad made a gigantic difference to their outcomes.

Some important takeaways.

  • NYC is incredibly ethnically segregated

  • Official reluctance to take decisive action early killed many people, especially poor people

  • A widespread, vivid picture of the costs of pandemic is an important and effective prophylaxis

"De Blasio and city Health Commissioner Oxiris Barbot spent crucial days in March attempting to reassure New Yorkers to carry on with activities."

(Image: New York Times)

Honey in a glue dispenser (permalink)

Arabic is a popular brand of Japanese glue, famous for its sponge-tipped applicators that ensures an even spread of glue without drips or spills.

Now they're selling a special edition version of their signature glue-dispensing system, but this one is filled with Canadian honey.

"You can evenly apply honey directly to the bread, like you're painting it, so you can keep your hands clean."

It's a novelty product (the honey and the glue packaging are identical, except for the word "HONEY" in small letters on the label), but if it works, I'd love to see honey packaged this way.

Iceland's world-beating coronavirus app didn't help much (permalink)

Iceland has the highest exposure-notification ("contact tracing") app penetration in the world, with nearly 40% of the population running the Rakning C-19 app, and it is a world leader in containing the outbreak of coronavirus.

But the public health officials who ran the country's pandemic response say that the app wasn't very important to the success. Instead, they credit actual contact tracing, in which humans called and visited other humans and gathered data from them.

Iceland's app gathers more data than the apps most other countries are using and contemplating (notably, it collects users' location data). Despite this, Gestur Pálmason, who oversees contact tracing for the Icelandic Police Service, says it "wasn't a game changer."

As Pálmason points out, apps are things you can buy. That means there's a lobby of people who want to sell you apps, and they're unreliable, self-interested sources of the utility of exposure notification in public health context, and they have money to spend on messaging.

"There have been instances where the data was useful, but that the impact of automated tracing has been exaggerated by people eager to find technological solutions to the pandemic."

Meanwhile, Iceland has one of the most socially cohesive cultures on the planet, with high levels of trust in government — and they didn't quite manage 40% penetration for their app.

Exposure notification is not the same as contact tracing, though automated tools can help with manual contact tracing.

Done badly, exposure notification actually undermines contact tracing by flooding users with false alarms that weaken their trust in the public health system.

Meanwhile, US public health authorities are increasingly skeptical of apps and turning to armies of shoe-leather contact tracers:

Thunderspy: a devastating attack on Thunderbolt (permalink)

Thunderspy is a new, dramatic exploit for Thunderbolt 3, a high-bandwidth standard for connecting external devices to laptops. It allows attackers to bypass the login screen and disk encryption on a locked computer.

A caveat: to execute the attack, the attacker needs extensive access to the computer sufficient to remove the computer's case in order to reprogram the Thunderbolt controller's firmware.

This constraint may make the attack seem trivial and remote, but there's a there, there. First, Thunderbolt is specifically designed to prevent this attack.

Second, while there are other hardware attacks that could compromise a computer (like connecting a hardware keylogger), these leave behind physical evidence. This attack leaves the hardware unaltered, and only invisible changes the software on the controller.

Finally, there's no software fix for this. Björn Ruytenberg, who discovered the vuln, offers a tool to check whether your system is vulnerable:

If you run it and your system is vulnerable, as mine is, you're directed to for protect yourself:

  • Connect only your own Thunderbolt peripherals. Never lend them to anybody

  • Avoid leaving your system unattended while powered on, even when screenlocked.

  • Avoid leaving your Thunderbolt peripherals unattended.

tldr: You're hosed.

This isn't the first showstopper bug in Thunderbolt, indeed, much of the work in TB3 was designed to fix vulns in earlier versions.

A recent addition, Kernel DMA Protection, offers some mitigation, but it's only in post-2019 systems and most devices don't support it.

There's a related attack that poisons a Thunderbolt peripheral that can then be used for system takeovers.

Intel had 90 days' notice of the bug. Here's their mitigation advice: "use only trusted peripherals and prevent unauthorized physical access to computers."

If you're unsatisfied with that answer, you might turn to other mitigations for "evil maid" attacks (these are attacks whose threat model is someone gaining physical access to your computer in your absence, such as a hotel chambermaid).

I really like Eric Michaud and Ryan Lackey's 2013 suggestion to cover your laptop screws with glitter nail-polish and take a picture of the glitter in the blobs, and then verify the glitter position if your computer is out of your control.

Indeed, I like this so much that it's in my next Little Brother book, Attack Surface, which comes out on Oct 13:

Talking Canada Reads and Radicalized (permalink)

My novel Radicalized is a finalist for #CanadaReads, the @CBC's national book prize. The debates and final vote have been (indefinitely) delayed by the pandemic, but fans of the contest are still discussing the books and their relative merits.

Two of the competition's most diehard fans are Shauna and Rebecca, a pair of US-based librarians whose "Canada Reads American Style" dives deep into each of the books, and features interviews with their authors.

The current episode features a long interview with me about the book, the pandemic, and what the latter means for the former. The hosts were a delight to chat with!

Plane ticket refunds (without airline cooperation) (permalink)

I live in LA. My extended family lives in Toronto. Before the pandemic, I bought my 12 year old daughter an Air Canada plane ticket from LA to Toronto to visit her grandparents/uncles/aunts/cousins during the summer holiday.

Yesterday, I decided it was time to cancel it. The CDC is projecting 3,000 US deaths/day by Jun 1, and my parents are in their 70s. There's no way I'm sending my kid to Toronto to see them this summer. That's basically attempted murder.

I went through the AC form — which had a ton of fine-print that I skimmed — and cancelled the ticket, and then I did a double-take. At first it looked like my $520 ticket had a $55 nonrefundable portion. Then I realized that the refundable portion was only $55!

I called up and a rep told me yes, because the ticket is nonrefundable and because AC hasn't cancelled flights that far into the summer yet, I was only eligible for taxes and fees. If I'd ticked a different box, i could get a credit to use the funds on AC in the next 2 years.

What's more, it was too late. My only recourse if I wanted to get that credit was to fill in a webform that goes to a refunds department that warns that it takes at least 6 weeks to resolve issues…when there ISN'T a pandemic on.

My family has a Monday night videoconference and I was complaining about this and my sister-in-law, Tara, suggested cancelling the charge with my credit card company, which is apparently what many Canadians are doing.

I tweeted about it this morning and an AC customer service rep asked me to DM them. After some back and forth, they coughed up a few more of the fees (not, I note wryly, the money I paid Air Canada for ticket insurance!), but I'm still out more than $400.

So I called Amex, and while I'm no fan of giant financial services company, I'm here to tell you that the procedure was easy and entirely pleasant. They took all the details, decided I was in the right, and issued me a credit on the spot.

Now, AC can still dispute this, but by the time they do, I'm confident that my daughter's flight – and the route it's on — will have been cancelled. I suppose they might decide to stop doing business with me?

I've got moderately high status with the airline, as it happens, and I've previously had the top tier frequent flier status (when I lived in Canada), so maybe not.

But who's to say?

Bottom line, AC might not even exist when the pandemic is over. Rather than ask me to take a credit instead of a refund, they played a game of bureaucratic nickel-and-dime gotcha that is totally emblematic of their customer-hostile approach, even before the crisis.

I've met many wonderful AC employees, but the company is a flaming pile of garbage. So I'm not all that worried about being blackballed by them.

If you're fighting with an airline, you might wanna try your credit card company too. No guarantees, but it worked for me.

(Image: Alex SH Lin, CC BY-SA, modified)

This day in history (permalink)

#15yrsago Legal fund for French blogger being sued by for criticizing his town

#10yrsago Heinlein freaked out at "invasive" review of STRANGER IN A STRANGER LAND

#5yrsago Guard tells top senator that she can't take notes on TPP

#5yrsago Loopholes let billionaires duck NYC property tax

#5yrsago The business model of NSA apologists

#5yrsago Leetspeak, circa 1901

#5yrsago Self-sustaining botnet made out of hacked home routers

#1yrago Trump supporters astonished to learn that the man they gave $20m to "build the wall" has nothing to show for it

Colophon (permalink)

Today's top sources: Bruce Schneier (, Naked Capitalism (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 528 words (14213 total).

Currently reading: Facebook: The Inside Story, by Steven Levy.

Latest podcast: Rules for Writers (

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here:

"Attack Surface": The third Little Brother book, Oct 20, 2020.

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

2 thoughts on “Pluralistic: 12 May 2020”

  1. One detail not included in the gum-arabic-as-honey story: the honey product name is Arabikkuri, which is a portmanteau of "Arabic" and "bikkuri," which means "surprise."

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.