Link

VPN and Security Friction

Troy Hunt spent some time over the weekend writing on the relative insecurity of the Internet and how VPNs reduce threats without obviating those threats entirely. The kicker is:

To be clear, using a VPN doesn’t magically solve all these issues, it mitigates them. For example, if a site lacks sufficient HTTPS then there’s still the network segment between the VPN exit node and the site in question to contend with. It’s arguably the least risky segment of the network, but it’s still there. The effectiveness of black-holing DNS queries to known bad domains depends on the domain first being known to be bad. CyberSec is still going to do a much better job of that than your ISP, but it won’t be perfect. And privacy wise, a VPN doesn’t remove DNS or the ability to inspect SNI traffic, it simply removes that ability from your ISP and grants it to NordVPN instead. But then again, I’ve always said I’d much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that’s been independently audited to that effect.

Something that security professionals are still not great at communicating—because we’re not asked to and because it’s harder for regular users to use the information—is that security is about adding friction that prevents adversaries from successfully exploiting whomever or whatever they’re targeting. Any such friction, however, can be overcome in the face of a sufficiently well-resourced attacker. But when you read most articles that talk about any given threat mitigation tool what is apparent is that the problems that are faced are systemic; while individuals can undertake some efforts to increase friction the crux of the problem is that individuals are operating in an almost inherently insecure environment.

Security is a community good and, as such, individuals can only do so much to protect themselves. But what’s more is that their individual efforts functionally represent a failing of the security community, and reveals the need for group efforts to reduce the threats faced by individuals everyday when they use the Internet or Internet-connected systems. Sure, some VPNs are a good thing to help individuals but, ideally, these are technologies to be discarded in some distant future after groups of actors successfully have worked to mitigate the threats that lurk all around us. Until then, though, adopting a trusted VPN can be a very good idea if you can afford the costs linked to them.

Aside

2020.9.17

I’m preparing to run a very small Japanese whiskey tasting, and it only now occurs to me that I have to cut off a bunch of whiskeys from the entirety of my Japanese collection (most of my tastings max out at 6-7 different bottles, carefully organized so as to experience and compare across varietals). It’s hard because I want to showcase lovely examples of the nation’s whiskey while, at the same time, exposing my guests to a range of distilleries and the sheer variety of styles that are available. I can almost certainly predict this means some of my Nikka bottles will need to be excluded, as well as at least one of Suntory’s, though it should mean that I ultimately showcase 5-6 different distilleries and the different characteristics of each.

Link

WatchOS’s Basic Failure

Elizabeth Lopatto, in January 2018 for The Verge, writes:

The Move goal is adjustable — I can lower it at any time — but there’s no way to program the Watch to consistently honor my rest days. I just have to manually lower the goal for that day, and then raise it for the next one. Unfortunately, this requires too much of my attention. I have actual things to do that are more important than manually telling my fitness app to let me rest, so mostly I forget to do it until it’s too late. Even when I remember, I wind up with a different problem: I forget to reset the Watch to a higher Move goal the next day. I spent one week being psyched that I hit my goal only to discover that I had only hit the lowered goal.

It’s two years later, and several versions of WatchOS have come and gone, with another is forthcoming. And yet Apple hasn’t fixed this very common and very basic problem with their wearable line of products.

Apple has repeatedly stated that it recognizes that the Apple Watch is a super popular device for fitness tracking, and I can attest that it’s about the best wearable that’s currently on the market. But when the world’s richest company can’t even get the basics of their product right it raises questions about what it’s really focusing on, and why; pushing people to exercise each day, and forego rest days, is harmful to health and fitness alike. Sadly, it doesn’t look like the current Watch betas fix this problem, though maybe Apple will surprise people with some extra promise when they reveal their new devices in the coming days.

Developing a Remote Work System

I have the privilege of working at a place where remote work has been a fact of life for some of our employees and fellows, whereas the bulk of us have worked out of a beautiful workspace. Obviously, the pandemic has forced everyone out of the office and into their homes and, with that, has come a forced realization that its important to get a lot better at handling remote work situations.

For the past few months I’ve been trying to collect and read resources to ensure that remote-based work, works. To date the most helpful resources have definitely been the huge set of resources that Doist has published, and their ‘book’ on leading distributed work forces in particular, as well as some of the publications by Steph Yiu based on her own remote work experiences at Atomattic. I’m also slowly working through some of the work that’s come out of Basecamp, and I’m keen to dig into Remote: Office Not Required over the fall.

Some of the most valuable stuff I’ve picked up has been around re-thinking which communications systems make sense, and which don’t, and how to develop or maintain a team culture with new and old colleagues. And some of these things are really basic: when someone joins an organization, as an example, rather than just saying ‘hi’ or ‘welcome!’ over chat, all members of a team can instead state who they are, their position, some of their areas of responsibility, and one or two personal things. By providing more information the new team members start to get a feeling for what the rest of their team does and, through the personal attributes, a sense of who they are working with.

Given that many of us are likely to be working from our homes for the foreseeable future—and some of us permanently, even after the pandemic—it seems important for employers, managers, and employees alike to think through what they want to change, and how, so that we can not just enjoy the fact that we’re still employed but, also, that we’re working in ways that provide dignity and respect, and which are designed to best help us succeed in our jobs. We’re all 5-6+ months into the pandemic and we should be very seriously asking what kind of world we want to inhabit both throughout the rest of the pandemic, as well as afterwards, and we can’t keep saying that things are ‘unprecedented’ to excuse not trying to make our work environments better suited to the current and future realities we’re within.

Link

Election Nightmare Scenarios

The New York Times has a selection of experts’ ‘nightmare scenarios’ for the forthcoming USA election. You can pick and choose which gives you colder sweats—I tend to worry about domestic disinformation, a Bush v. Gore situation, or uncounted votes—but, really, few of these nightmares strike to the heart of the worst of the worst.

American institutions have suffered significantly under Trump and, moreover, public polarization and the movement of parts of the USA electorate (and, to different extents, global electorates) into alternate reality bubbles mean that the supports which are meant to facilitate peaceful transitions of power such that the loser can believe in the outcomes of elections are badly wounded. Democracies don’t die in darkness, per se, but through neglect and an unwillingness of the electorate to engage because change tends to be hard, slow, and incremental. There are solutions to democratic decline, and focusing on the next electoral cycles matters, but we can’t focus on elections to the detriment of understanding how to rejuvenate democratic systems of governance more generally.

Link

The State of News

Tom Ley, over at Defector, wrote:

Everything’s fucked now. Newspapers have been destroyed by raiding private equity firms, alt-weeklies and blogs are financially unsustainable relics, and Google and Facebook have spent the last decade or so hollowing out the digital ad market. What survives among all this wreckage are websites and publications that are mostly bad. There’s plenty to read, the trouble is that so much of it is undergirded by a growing disregard (and in some cases even disdain) for the people doing the actual reading.

What readers are being served when a sports blog leverages its technological innovations in order to create a legion of untrained and unpaid writers? Who benefits when a media company cripples its own user experience and launches a campaign to drive away some of its best writers and editors? Whose interests are being served when a magazine masthead is gutted and replaced by a loose collection of amateurish contractors? Who ultimately wins when publications start acting less like purpose-driven institutions and more like profit drivers, primarily tasked with achieving exponential scale at any cost? What material good is produced when private equity goons go on cashing their checks while simultaneously slashing payroll throughout their newsrooms? Things have gotten so bad that even publications that get away with defining themselves as anti-establishment are in fact servile to authority in all forms, and exist for the sole purpose of turning their readers into a captive source of profit extraction.

The truth is that nobody who matters—the readers—ever asked for any of this shit. Every bad decision that has diminished media—every pivot to video, every injection of venture capital funds, every round of layoffs, every outright destruction of a publication—was only deemed necessary by the constraints of capitalism and dull minds. This is an industry being run by people who, having been betrayed by the promise of exponential scale and IPOs, now see cheapening and eventually destroying their own products as the only way to escape with whatever money there is left to grab.

Without a doubt, this is one of the most direct and forceful assessments of how the news media has become what it is, today. Rather than having reporters and editors working to produce high-quality products which are designed to serve the interests of their readers they are, increasingly, forced to capitulate to managerial actions that are designed to temporarily gin up sales numbers at the expense of the very readers who should be being served. It’s no wonder that the state of political discourse, and public discourse write large, has become so degraded when that degradation is actually chased after if it means a few more ads or advertorials can be placed for a short-term increase in numbers.

Link

Safe Streets and Systemic Racism

Sabat Ismail, writing at Spacing Toronto, interrogates who safe streets are meant to be safe for. North American calls for adopting Nordic models of urban cityscapes are often focused on redesigning streets for cycling whilst ignoring that Nordic safety models are borne out of broader conceptions of social equity. Given the broader (white) recognition of the violent threat that police can represent to Black Canadians, cycling organizations which are principally advocating for safe streets must carefully think through how to make them safe, and appreciate why calls for greater law enforcement to protect non-automobile users may run counter to an equitable sense of safety. To this point, Ismail writes:

I recognize the ways that the safety of marginalized communities and particularly Black and Indigenous people is disregarded at every turn and that, in turn, we are often provided policing and enforcement as the only option to keep us safe. The options for “safety” presented provide a false choice – because we do not have the power to determine safety or to be imagined within its folds.

Redesigning streets without considering how the design of urban environments are rife with broader sets of values runs the very real risk of further systematizing racism while espousing values of freedom and equality. The values undergirding the concept of safe streets must be assessed by a diverse set of residents to understand what might equitably provide safety for all people; doing anything less will likely re-embed existing systems of power in urban design and law, to the ongoing detriment and harm of non-white inhabitants of North American cities.

Aside

2020.9.06

For the past many months it’s been hard to write here; the very idea of sitting to write was just too hard given the world as it is today. To try and publish here, and get past some of the difficulty writing here, I’m going to experiment with fewer roundups and more independent posts.

Let’s see how this goes.

Productivity and the iPad Pro: A Policy Wonk’s Review

Tools by Christopher Parsons
Every time Apple announces a new iPad, a slew of technology reviewers and YouTube personalities ask whether the newest iPad can finally replace a laptop. And, in almost every situation, they argue that the device can mostly, but not quite, serve as a replacement. But reviewers’ workflows—often involving film production, audio editing, and other marginally esoteric requirements—tend to be pretty different from those of non-AV professionals.

I don’t make videos for a living, nor do I engage in audio engineering. I’m a professional policy wonk and amateur photographer, which means that I do a lot of national video and audio interviews, a lot of writing and text-based communication, some image editing, and depressing amounts of media consumption. I also read a crazy numbers of PDFs and have to annotate them. And for the past two weeks I was consigned to work off my iPad Pro (2018) and iPhone Pro because my MacBook Air was getting its keyboard repaired.

So how successfully did I continue to work just from my non-laptop devices? Spoiler: it was pretty great and mostly convinced me I can lead a (mostly) iPad Pro work life.

The Tools

As mentioned, the hardware that I principally relied on included my iPad Pro 11” (2018) and iPhone Pro.

For the iPad I also had a Logitech Bluetooth keyboard and a Magic Trackpad, as well as a cheap stand. For importing my photos, I have an old USB-C hub that has a SD card reader. For the iPhone, I routinely used a knock-off Gorilla Pod tripod, Manfroto head, and AirPods.

On the software side of things, I used Mail, Pages, Wire, GoodNotes, Mendeley, Reeder, Photos and Darkroom, Safari, Google Drive and Docs, Tweetbot, and Apple Notes to get my daily work done on the iPad Pro.

For interviews I was at the mercy of whatever the interviewers wanted me to use on my iPhone Pro, which was usually either FaceTime, Skype, Signal, WhatsApp, or Zoom, and I used Google Meet for non-broadcast communications.

Successes

The Setup by Christopher Parsons
On the whole I was able to do everything using my iPad Pro and iPhone Pro that I was doing when I was relying on my MacBook Air and iPhone Pro. My reading and writing were largely unimpaired, and my communications with colleagues were not noticeably affected.

Specifically, I was able to continue importing and editing photos, and worked in Google Docs and Drive to leave comments and contribute to documents that were in progress. Email continued to be dealt with using the native client, and I kept on working on Word documents using Pages. Apple’s cloud storage meant I had access to all my files on my iPad, just as on my MacBook Air.

Working with PDFs was simple and easy: I imported them to GoodNotes and shared them into Mendeley after I’d annotated them. I then deleted them from GoodNotes to avoid having multiple iterations of a document in different apps.

All of my communications were easy to maintain, though it was admittedly annoying to have to pick up my phone whenever I received or needed to send a message in WhatsApp. It’d be great if Facebook committed to the service, and made it available on all iOS devices like Signal has already done.

Minor Annoyances

There were one or two things that were annoying. I had to take a photo with government identification, and then strip away some of the more sensitive information. It took me a bit of time to figure out that I could move the photo into Notes, scratch out the offending information, and then output the edited photo to Files to then be uploaded. But it was annoying, not impossible.

I also continue to struggle with a good blogging process on iOS devices. I used Ulysses for years but the lack of new updates for non-subscription users was grating. Other non-subscription-based apps, however, don’t really support images as well nor upload as nicely to this blog. So I’ve actually started using the (mediocre) WordPress client. It’s not impressive, but neither are any of the other clients.

Major Pain Points

First, Google Docs is a terrible application that doesn’t work well. Period. In documents where there are a lot of tracked changes and comments it becomes basically non-functional. It got so bad that I’d write text in Apple Notes and then just copy it into Google Docs, or else I’d be stuck waiting for minutes for a sentence to finally be input. Google Docs is generally a dumpster fire, though, and it’s a shame that Google hasn’t properly developed their app or service in all the years that Google has operated it. (In my MacBook Air, editing in Safari is only a marginally better experience. Google really needs to get its act together.)

Second, Slide Over is incredibly confusing to get working. I’ve owned an iPad for years and it was only in the last two weeks that I finally figured out how to control it, and doing so required watching an instructional video. It is bonkers that this feature is so unintuitive to use and yet so easy to trigger. That said, once I figured it out, it was a very positive and transformative productivity enhancement.

Third, I absolutely needed my iPhone for actual video conferencing. The iPad can do conferencing, but it’s form factor sucks for this kind of activity. That’s fine, and I’d be doing the same if I was doing interviews or video chats with a working MacBook Air in my possession. Still, you’re going to want another camera (and a headset with microphones) if you need to so high(ish) quality calls when you’re working purely from an iPad Pro.

And that’s really it. Beyond the Google Docs app being a trash fire (and, I would point out, it is also just a less-bad trashfire when accessed using Safari on a MacBook Air), the inane complexity of Slideover, and need for a separate device for video calls, the iPad Pro pretty nicely replaced my workflow on the Air. I missed the slightly larger screen, but not so much that it was a real issue.

Concluding Thoughts

I really appreciated and liked using my iPad Pro and iPhone Pro full time. It was easy to set up and tear down. It let me get my work done with fewer distractions than on my MacBook Air. And the screen is noticeably higher quality than the Air.

So if you have a relatively writing- and speaking-focused job, and are doing neither a lot of video or audio editing (or, I suspect, spreadsheet work) then the iPad Pro could be a good fit for your workflow. Does that mean that it’s better than working off a laptop? Nope! But also that what a lot of reviewers consider to be ‘normal’ and what authors and policy folks think are ‘normal’ are very different, with the latter category being pretty well supported on iPad Pros.

The Roundup for June 1-30, 2020 Edition

(Urban King by Christopher Parsons)

Welcome to this edition of The Roundup! Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.


I put together, and self-published, another photobook that is entitled “Pandemic Chronicles: Book I”. Each week that my city has been in (functional) lockdown, I’ve gone out once or twice and made images while just stretching my legs outside.

Over the past four months it’s often been hard to figure out how, exactly, I’ve been processing the life changes that have been imposed as a result of the pandemic. My life has, in many respects, reverted to that of my life during my PhD. So, lots of time inside and rarely leaving leaving my home, and having considerably less social contact than normal.

I think that it’s through my photos that I can best appreciate how I’ve felt, in retrospect, and understand how those images reflect how I see the world. The book that I made isn’t particularly dark: it’s just…lonely. It showcases the city that I live in, without the people that make it the city that I love. It shows people living their lives, often alone or separate from others, or while engaging in ‘safe’ behaviours. And, towards the end, it shows the light returning to Toronto, though in a format that differs from prior summers.

Photography has, and remains, a way for me to engage a creative part of my brain that otherwise would lie fallow. And, also, it’s operated as a meditative process that uncovers how I have been in the world, and how the world has been presented to me. As someone who has struggled with the idea of a ‘narrative’ in image making, I think that this book is a breakthrough because it ‘says’ something in aggregate that is more than just a presentation of visually pleasant images: it speaks to where I live, and how it has endured in the wake of the city’s closure. Is it the height of art? No. But it’s the closest I’ve come in this medium so far!


Inspiring Quotation

“Good” can be a stifling word, a word that makes you hesitate and stare at a blank page and second-guess yourself and throw stuff in the trash. What’s important is to get your hands moving and let the images come. Whether it’s good or bad is beside the point. Just make something.

Austin Kleon

Great Photography Shots

(Photos included in ‘Pandemic Chronicles: Book I’ by Christopher Parsons)

Music I’m Digging

This month has been packed with a lot of listening, with some alternative and R&B pretty tightly mixed in with hip hop. The best of what I listened to in June includes tracks from Yung Tory’s Rastar (including Mizu, Water Pt 2, and Netflix & Chill), Kali Uchis’s TO FEEL ALIVE (EP), HONNE’s no song without you (Single), and 6LACK’s 6pc Hot(EP).

Neat Podcast Episodes

I’ve been listening to a pair of new podcast shows over the past month that I’d recommend. From the CBC, there’s This Is Not A Drake Podcast, which uses Drake as a way to talk more about the history of rap and hip hop. So far I’ve really appreciated the episode on mixtapes, as well as the connotations of Nice Guy rappers.

Very differently, I’ve also been listening to the Globe and Mail’s series, Stress Test, which is about money issues facing millennials in the time of Covid. The episodes haven’t been staggering brilliant (a lot of the advice is pretty time tested) but the caution and suggestions are all helpful reminders.

Good Reads

  • Reflections from an “Accidental” Mentor // Prof. McNamara’s discussion of what it means to be a mentor— first and foremost modelling who we are, as individuals, rather than fitting within a particular narrow category of who we are normatively expected to be—is good advice, and important if we are to expand what is ‘normal’ within academia. She also focuses on celebrating the commonality across scholars; we’re all nerds, at heart, and so should focus on those attributes to create community. I agree, but for myself it’s more than that: it’s also about ensuring that the structures of professional environments are re-articulated to enable more junior persons to experience their jobs and professions in ways that weren’t possible, previously. It’s not just about focusing on commonality but, also, assessing baseline principles and values and ensuring that they conform in theory and practice with welcoming, creative, equitable, and inclusive environments. And, finally, it’s about accepting and making clear that as mentors we are fallible and human, and creating workspaces where others can also betray these inherently human (and humanizing) characteristics.
  • Jon Stewart Is Back to Weigh In // Jon Stewart’s comments throughout this interview are worth the read; his assessment of the problems of contemporary political media—centred around the ‘need’ for content to fuel a 24/7 media environment—as well as for the media to engage in structural assessment of practices, are on point. Similarly, his discussion of the nature of racism in American society (but, also, Canada) strikes to the heart of things: even if someone isn’t deliberately malicious in deed or thought, they are conditioned by the structures of society and power in which they live their lives. And those very structures are, themselves, racist in their origin and contemporary design.
  • Hacking Security // Goerzen and Coleman do a terrific job in unpacking the history of what is secured by computer security experts, and why certain things are within or outside of bounds for securing. Critically, while experts may be involved in protecting ‘assets’ or combatting ‘abuse’, where threats to assets or abuse arise from the underlying profit mechanisms associated with large technology companies, those mechanisms are seen as outside of bounds for security teams to engage with. Similarly, the failure of security teams to consider, or address, ‘political’ issues such as abusive speech, harmful video content, or propagation of racist or white supremacist content all showcase the need to critically interrogate what is, and isn’t, made secure, and to expand security teams by adding social scientists and humanities scholars: technology is political, and we need security teams to have members who are trained and competent to consider those politics.
  • Once Safer Than Gold, Canadian Real Estate Braces for Reckoning // Canadians have been doubling down on their debt-loads for over a decade to the point, today, that on average Canadians owe north of $1.76 per $1.00 of income, with that number rising in the country’s largest cities. Housing is particularly vulnerable and, if it is destabilized, can be devastating to the Canadian economy more broadly given that it accounts for around %15 of GDP; slowdowns in housing will delay the revival of the Canadian economy, while simultaneously threatening the ability of Canadians to stay in their homes—now—or retain their savings to invest for their retirements—in the future. If anything good comes of this, maybe it will be a reminder that allocating the majority of your savings into a single asset is, indeed, not a good long-term investment solution which could have knock on effects if investors decide they want to move to their next bubble, and let the housing bubble deflate as gracefully as possible.
  • Sure, The Velociraptors Are Still On The Loose, But That’s No Reason Not To Reopen Jurassic Park // McSweeney’s, once more, showcases the merits of satire in the vein of Swift’s A Modest Proposal, this time in the era of government failures in the face of pandemic.
  • You Want a Confederate Monument? My Body Is a Confederate Monument // “I have rape-coloured skin.” Not only is this perhaps the most poignant lede I’ve come across in an opinion piece in years, it also sets the stakes for the Williams’ article; the very skin of many Americans (and Canadians) is a testament to violent and racist actions taken against women who were forced from their homes to live as slaves. That testament continues, today, and not just in the monuments that were established in the Jim Crow era to deliberately attempt to continue subjugating Black persons, but in the very skin inhabited by the grandchildren and great-grandchildren of enslaved people.
  • Vladimir Putin’s war of fog: How the Russian President used deceit, propaganda and violence to reshape global politics // I take issue with some of MacKinnon’s choice of language in the first ¼ of the article—he suggests that truth is substantively confused and that Putin’s tactics are more successful that I think are appropriate to concede—but beyond that he’s done a masterful job in creating an overview of who Putin is, what he’s done, and how he’s come to (and held onto) power. If you’re a long-time Russia watcher you may dispute where MacKinnon puts some of his emphasis, or in his assessment of some events, but I don’t think that you can deny that this is a helpful article that provide the broad contours of Putin’s life and career. And, after having read it, it will hopefully inspire people to learning more of the financial, military, or other scandals that have happened throughout Putin’s leadership of Russia.

Cool Things

  • iPad OS + Magic Trackpad 2 // Lots of people already have figured this out but…the new version of iPad OS + a Magic Trackpad 2 and a keyboard is a really, really compelling combination. I’ve using this as my writing and work system for a little while and it continues to prove to me how robust the iPad actually is, and how many of the pain points have been, or are being, ground away with each version of the operating system. That said, some of the gestures are very, very opaque—in particular those associated with the slide over window—and so you may want to review how, exactly, those gestures really work to get the most out of the process (and not get frustrated when certain windows just won’t go away!)