Aside

A Hard Day

Received news that a friend has been diagnosed with (very treatable!) cancer. It’s brought back a wave of pretty negative emotions as I recall the diagnoses that were given to my step-sister and step-mother alike, both of whom passed away due to their illnesses.

The Roundup – December 9-15, 2017 Edition

Winter Boardwalk by Christopher Parsons 

I have a whole host of things that I need to do in order to keep a chronic (very non-life threatening!) health condition at bay. Part of that is maintaining a pretty strict work-life balance. When I was doing my doctorate I absolutely failed to conceptualize of, let alone maintain, a real balance and as a result I suffered from a pretty problematic health condition for years and years. And because I didn’t have work-life balance (and ignored advice from those who maintained such a balance) a lot of unpleasant things happened in my life that didn’t necessarily have to and I prioritized the wrong things as being of importance.

I mismanaged relationships. I failed to take advantage of living in one of the most beautiful cities in Canada, if not the world. I didn’t develop, let alone maintain, many friendships at a time where I probably most needed them.

And in reaction to how my life didn’t work during that time, and with the privilege of having a full-time job where I’m not expected to be constantly on the clock, I’ve worked to maintain a balance in my professional and personal activities. The medical result has been that the condition I deal with has become an occasional inconvenience instead of a serious issue in daily life.

This week my carefully maintained work-life balance entirely fell apart. It’s still apart, right now, and that condition is on top of me once again. I cannot wait until the holiday break and the chance to hit the reset button and return to balance. I can only hope that things haven’t gotten bad enough to need to return to visiting my doctors…


A few weeks ago, Ming Thien wrote about the relative importance of the shooting experience that you have with your camera of choice. One of the key things he mentioned was:

… if a camera does not enable us to either translate an idea, preserve a moment or present something otherwise unseen: it isn’t very useful as a tool, no matter how pretty or expensive or high-resolving it might be.

This point really resonated with me. It brought me back to when I was trying to decide which mirrorless camera to purchase. I’d been using (and still do use!) a Sony RX100ii and, temporarily, a Fuji X100. I loved the Fuji but I couldn’t really explain why until after I’d relied almost entirely on the RX100ii for a full year.

While in part I missed the viewfinder, what I was really missing was the ability to rapidly change settings to get the shot that I wanted and, also, to learn what I had to do, to get the shot I wanted. Let me explain.

The Sony is a great little camera. I’ve taken photos with it that I’ve gotten blown up to be pretty large (36 inches by 24 inches) and which now hang on my walls. I have a series of photos I took while in Iceland, Hong Kong, Australia, and other places that I absolutely love. But the shooting experience has always been subpar. The inability to just turn this knob or that one to get exactly what I want, in a second or two, means that shooting with the Sony is often really frustrating. If I can plan a shot it’s great. If it’s in the moment? The shot is missed more than caught.

So when I was looking at different mirrorless cameras to purchase and supplement the RX100ii I was drawn to the Sony a6100, which had amazing specifications. But when I actually held and touched and shot with it I just wasn’t taken by it. It’s an amazing camera but just felt cold. The Fuji line was pretty great – I really wanted to get an X-T10! – but I found the glass to be expensive, especially when I started thinking about buying image stabilized lenses.

So I ended up getting an Olympus EM10ii, instead, and was initially sorta scared of it. There were a lot of knobs to turn and, while I wanted that, it was also intimidating. But as I’ve used the Olympus I’ve come to realize that it is definitely the right camera for me, now. It’s light enough and small enough that I almost always have it with me. It performs pretty well with prime lenses in mixed settings. And while I can lust over other mirrorless systems when they come out I don’t see anything that they do which I absolutely need given my abilities, shooting preferences, and devotion to the hobby right now.

Most importantly, the Olympus feels right in my hands. I’ve used it enough that I’m comfortable with most of the settings that I use1 while it still provides me with a lot of room to learn and grow. I’m pretty comfortable with my 50mm equivalent lens after exclusively shooting with it for several months straight, and reasonably comfortable with the 35mm equivalent that I use.2 In terms of the shooting experience the EM10ii is pretty great for someone who is interested in photography but certainly never expects to do much more than travel the world, shoot, and then make prints for personal or family use. I know it’s not the ‘best’ camera out there but, for me, the shooting experience is pretty close to perfect.


Great Photography Shots

I’m absolutely entranced by the photos that South-African photographer and visual artist, Elsa Bleda, has taken which emphasize the dream-like fluorescent glow from neon signs and lights. Breathtaking.

Music I’m Digging

Neat Podcast Episodes

Good Reads for the Week

Cool Products

  1. Of course, the camera is super capable at doing lots of things I’m not interested in doing. And as someone who doesn’t ever shoot video the relative limitations of the Olympus camera system over that of either Sony or Panasonic doesn’t bother me.
  2. Perhaps curiously I’m the least comfortable using the kit zoom lens that came with the camera!
Link

19 Year-Old Vulnerability Continues to Haunt the Internet

Via Ars Technical:

A surprisingly big number of top-name websites—Facebook and PayPal among them—recently tested positive for a critical, 19-year-old vulnerability that allowed attackers to decrypt encrypted data and sign communications using the sites’ secret encryption key.

The vulnerability in the transport layer security protocol for Web encryption was disclosed in 1998 when researcher Daniel Bleichenbacher found it in the TLS predecessor known as secure sockets layer. A flaw in the algorithm that handles RSA encryption keys responded to certain types of errors in a way that divulged potentially sensitive information. With enough specially formed queries, attackers could exploit the weakness in a way that allowed them to decrypt ciphertext even when they didn’t have the secret decryption key. SSL architects responded by designing workarounds that suppressed the error messages rather than removing or rewriting the faulty RSA algorithm.

The vulnerability of Cisco’s ACE is concerning, because Cisco stopped supporting it several years ago and the researchers said the company has no plans to patch the product line. Even worse, it’s not possible to disable RSA encryption in the product, leaving users unable to follow one of the few possible workarounds for those unable to patch. What’s more, the researchers said Cisco is currently using ACE to serve content on cisco.com.

Companies that are responsible for providing critical infrastructure technologies need to be accountable for what they develop and sell. Imagine if a car company with a known-deficient vehicle refused to fix or repair it on the basis they didn’t support it any longer – there’d be class action suits almost immediately. The technology sector need to mature, and fast.

But as an aside, these are the sorts of weaknesses and vulnerabilities that the NSA and other national security agencies, along with private signals intelligence vendors, actively exploit. The actual ways in which cryptography is implemented are often rife with issues. One has to ask why Cisco and other major companies’ products were vulnerable in the first place but, also, whether the NSA or its sister agencies knew about the weaknesses and have been exploiting them instead of trying to better secure the public’s communications.

In theory the United States of America’s government, as well as the Canadian government, has a Vulnerabilities Equities Process (VEP). If this vulnerability was discovered but not disclosed it would be a damning indictment of the adequacy of the current VEP protocols.

Video

The Star Wars: Concept Trailer

It’s pretty amazing to see what Star Wars might have looked like if George Lucas’ initial script and the original designs had been adopted (and made with contemporary computer generated images!). Imagine how much more interesting it would have been had a young woman, instead of a male, protagonist been responsible for saving everything!

Link

Security Planner by the Citizen Lab

From the Citizen Lab:1

Security Planner is an easy-to-use platform with tested, peer reviewed recommendations for staying safe online. With just a few clicks, Security Planner tailors straightforward recommendations based on someone’s digital habits and the technology they use. Recommendations are presented with clear language, making it easier to decide if they are right for someone. Our goal is to put people in a position to move from learning to action.

Our recommendations are developed by a peer review committee of experts from universities, nonprofits, and the private sector. The committee has decades of combined experience in digital security and produces recommendations that balance objectivity, accountability, and accessibility. This approach ensures that no private company can exercise influence over the products or services that we recommend. Security Planner is also overseen by an advisory board whose members include some of the world’s leading thinkers and practitioners in the digital security space.

Security Planner is a free tool that is designed to help everyone answer, and solve, their questions about online security. Check it out!

  1. In the interests of full disclosure, I’m an employee of the Citizen Lab though was only minimally involved in this particular project.