Posted on in Writing, Review

Book Review: Blockchain Chicken Farm And Other Stories of Tech in China’s Countryside (2020) ⭐️⭐️⭐️

Xiaowei Wang’s book, Blockchain Chicken Farm And Other Stories of Tech in China’s Countryside, presents a nuanced and detailed account of the lives reality of many people in China through the lenses of history, culture, and emerging technologies. She makes clear through her writing that China is undergoing a massive shift through efforts to digitize the economy and society (and especially rural economies and societies) while also effectively communicating why so many of these initiatives are being undertaken. 

From exploring the relationship between a fraught cold chain and organic chicken, to attempts to revitalize rural villages by turning them into platform manufacturing towns, to thinking through and reflecting on the state of contemporary capitalistic performativity in rural China and the USA alike, we see how technologies are being used to try and ‘solve’ challenges while often simultaneously undermining and endangering the societies within which they are embedded. Wang is careful to ensure that a reader leaves with an understanding of the positive attributes of how technologies are applied while, at the same time, making clear how they do not remedy—and, in fact, often reify or extenuate—unequal power relationships. Indeed, many of the positive elements of technologies, from the perspective of empowering rural citizens or improving their earning powers, are either being negatively impacted by larger capitalistic actors or the technology companies whose platforms many of these so-called improvements operate upon. 

Wang’s book, in its conclusion, recognizes that we need to enhance and improve upon the cultural spaces we operate and live within if we are to create a new or reformed politics that is more responsive to the specific needs of individuals and their communities. Put differently, we must tend to the dynamism of the Lifeworld if we are to modify the conditions of the System that surrounds, and unrelentingly colonizes, the Lifeworld. 

Her wistful ending—that such efforts of (re)generation are all that we can do—speaks both to a hope but also an almost resignation that (re)forming the systems we operate in can only take place if we manage to avoid being distracted by the bauble or technology that is dangled in front of us, to distract us from the existential crises facing our societies and humanity writ large. As such, it concludes very much in the spirit of our times: with hope for the future but a fearful resignation that despite our best efforts, we may be too late to succeed. But, what else can we do?

Posted on in Solved

Solved: Set A Default Email Address in Apple Contacts

I figured out how to set a default email address for a contact in Apple Contacts, where the contact has multiple email addresses associated with them.

The Problem

Apple support claims that Siri is capable of learning which email address to use when someone you are contacting has multiple email addresses associated with them in your contact book. In my experience this is hit and miss. The result is that you need to check, each time, to ensure that an email is being sent to the correct email address.

The Solution

For the contact in question you must ensure that the email you want to most regularly contact them is the first email in the list of emails. Thus, if you had a set of emails ordered as such:

  • example1@email.me
  • example2@email.me
  • example3@email.me

and wanted ‘example 3@email.me’ to be the default email that you send message to, you would:

  1. Open Contacts and the individual’s card, and then click ‘Edit’
  2. Copy the email that you want to remove as the current default (e.g., example1@email.me)
  3. Create a new email record by clicking the field beside ‘Other’ at the bottom of the list and paste the email address you copied at 2
  4. In the top email field (i.e., example1@email.me) replace it with the preferred default email (e.g. example3@email.me)
  5. Delete the now-duplicated example3@email.me
  6. Click ‘done’

At the conclusion of this reordering, your email order list would appear as:

  • example3@email.me
  • example2@email.me
  • example1@email.me

The result of the reordering is that you should, by default, now send email to the contact’s example3@email.me. I hope this helps anyone else who’s running into this problem!

Quote
Posted on in Quotations

The information superhighway is being promoted as a powerful means to even out disparities and inequalities that afflict people inside the United States and throughout the world economy … a privately owned and managed information superhighway will be turned toward the interest and needs and income of the most advantaged sectors of the society. Significant modification of this systemic tendency requires the pressure of a strong political movement.

Herbert I. Schiller. (1995). “The Global Information Highways: Project for an ungovernable world.”

What Schiller wrote in 1995 could as easily be written, today, as it pertains to the new technologies which are regularly promoted as evening out disparities and inequities. It remains unclear to me that there has been any significant change in the systemic tendencies that are baked into the contemporary internet, nor that there is sufficient contemporary political pressure to reform existing inequalities let alone ensure that next-generation technologies will not reproduce them.

Posted on in Photography, Writing

Glass in 2022

GlassProfile

I’ve been primarily posting my photos to Glass for about three months now. There have been several quality of life improvements1 but, on the whole, the app has been pretty true to its original DNA.

That’s been a bit frustrating for some folks, such as Matt Birchler. He notes that Glass seems to be populated by professional photographers and lacks the life and diversity that you can sometimes find on Instagram or other photography sites. I was particularly struck by his comment that, “I used to enjoy the feed because it was high quality stuff, but now I scroll and everyone is making photos that look like every else’s.”

I don’t discount that Matt’s experience has been seeing a lot of professionals making photos but have to admit that his experiences don’t really parallel my own. To be clear, the photographers that I follow are doing neat work and some are definitely serious amateurs or professionals. But perhaps because I’m more focused on street photography it’s rarely self-apparent to me that I’m following professionals versus amateurs, nor that everyone’s work looks the same.

That being said, I definitely do follow a lot fewer people on Glass. If I have a problem with the app it’s that discovering active photographers on the platform is difficult; a lot of people signed up for the trial period but aren’t regularly posting. The result is that it’s hard to develop an active stream of photos and a photographic community. At the same time, however, I don’t browse the Glass app like I would Instagram: I pop in once or twice a day, and try to set aside some time every day or three (or four…) to leave comments on others photographers’ work. I treat Glass more seriously than free photography applications, if only because I have (thus far) only has positive experiences with the other active photographers posting their work there.

The only other problem I have with Glass—annoyance really!—is that I think that you actually can see/display photographers’ profiles in a much more beautiful way on non-phone devices. The image for this post was a screen capture from my iPad which attractively lays out photos. In contrast, you just get a flat waterfall of images if you visit my profile in the Glass app itself. That’s a shame and hopefully something that is improved upon in 2022.

To date I’m happy with Glass and incredibly pleased to no longer posting my photos to a Facebook platform. I really hope that Glass’s developers are able to maintain the app going forward, which will almost certainly depend in part on building the community and enhancing discoverability.

I’m currently planning to continue posting my work to Glass regularly. Even if the service doesn’t explode (which would be fine for me, though probably not great for its long term survival!) I find that the comments that I receive are far more valuable than anything I tended to receive on Instagram or other social sites, and the actual process of posting is also a comparative breeze and joy. If you’re looking for a neat photography site to try out, I heartily recommend that you give Glass a shot!

  1. Specifically, the developers have added some photography categories and public profiles, as well as the ability to ‘appreciate’ photos and comments ↩︎
Posted on in Writing

Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack

Bloomberg has an article that discusses how Chinese spies were allegedly involved in deploying implants on Huawei equipment which was operated in Australia and the United States. The key parts of the story include:

At the core of the case, those officials said, was a software update from Huawei that was installed on the network of a major Australian telecommunications company. The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, they said. After a few days, that code deleted itself, the result of a clever self-destruct mechanism embedded in the update, they said. Ultimately, Australia’s intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems. 

Guided by Australia’s tip, American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the U.S., six of the former officials said, declining to provide further detail.

The details from the story are all circa 2012. The fact that Huawei equipment was successfully being targeted by these operations, in combination with the large volume of serious vulnerabilities in Huawei equipment, contributed to the United States’ efforts to bar Huawei equipment from American networks and the networks of their closest allies.1

Analysis

We can derive a number of conclusions from the Bloomberg article, as well as see links between activities allegedly undertaken by the Chinese government and those of Western intelligence agencies.

To begin, it’s worth noting that the very premise of the article–that the Chinese government needed to infiltrate the ranks of Huawei technicians–suggests that circa 2012 Huawei was not controlled by, operated by, or necessarily unduly influenced by the Chinese government. Why? Because if the government needed to impersonate technicians to deploy implants, and do so without the knowledge of Huawei’s executive staff, then it’s very challenging to say that the company writ large (or its executive staff) were complicit in intelligence operations.

Second, the Bloomberg article makes clear that a human intelligence (HUMINT) operation had to be conducted in order to deploy the implants in telecommunications networks, with data then being sent back to servers that were presumably operated by Chinese intelligence and security agencies. These kinds of HUMINT operations can be high-risk insofar because if operatives are caught then the whole operation (and its surrounding infrastructure) can be detected and burned down. Building legends for assets is never easy, nor is developing assets if they are being run from a distance as opposed to spies themselves deploying implants.2

Third, the United States’ National Security Agency (NSA) has conducted similar if not identical operations when its staff interdicted equipment while it was being shipped, in order to implant the equipment before sending it along to its final destination. Similarly, the CIA worked for decades to deliberately provide cryptographically-sabotaged equipment to diplomatic facilities around the world. All of which is to say that multiple agencies have been involved in using spies or assets to deliberately compromise hardware, including Western agencies.

Fourth, the Canadian Communications Security Establish Act (‘CSE Act’), which was passed into law in 2019, includes language which authorizes the CSE to do, “anything that is reasonably necessary to maintain the covert nature of the [foreign intelligence] activity” (26(2)(c)). The language in the CSE Act, at a minimum, raises the prospect that the CSE could undertake operations which parallel those of the NSA and, in theory, the Chinese government and its intelligence and security services.3

Of course, the fact that the NSA and other Western agencies have historically tampered with telecommunications hardware to facilitate intelligence collection doesn’t take away from the seriousness of the allegations that the Chinese government targeted Huawei equipment so as to carry out intelligence operations in Australia and the United States. Moreover, the reporting in Bloomberg covers a time around 2012 and it remains unclear whether the relationship(s) between the Chinese government and Huawei have changed since then; it is possible, though credible open source evidence is not forthcoming to date, that Huawei has since been captured by the Chinese state.

Takeaway

The Bloomberg article strongly suggests that Huawei, as of 2012, didn’t appear captured by the Chinese government given the government’s reliance on HUMINT operations. Moreover, and separate from the article itself, it’s important that readers keep in mind that the activities which were allegedly carried out by the Chinese government were (and remain) similar to those also carried out by Western governments and their own security and intelligence agencies. I don’t raise this latter point as a kind of ‘whataboutism‘ but, instead, to underscore that these kinds of operations are both serious and conducted by ‘friendly’ and adversarial intelligence services alike. As such, it behooves citizens to ask whether these are the kinds of activities we want our governments to be conducting on our behalves. Furthermore, we need to keep these kinds of facts in mind and, ideally, see them in news reporting to better contextualize the operations which are undertaken by domestic and foreign intelligence agencies alike.

  1. While it’s several years past 2012, the 2021 UK HCSEC report found that it continued “to uncover issues that indicate there has been no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC.” (boldface in original) ↩︎
  2. It is worth noting that, post-2012, the Chinese government has passed national security legislation which may make it easier to compel Chinese nationals to operate as intelligence assets, inclusive of technicians who have privileged access to telecommunications equipment that is being maintained outside China. That having been said, and as helpfully pointed out by Graham Webster, this case demonstrates that the national security laws were not needed in order to use human agents or assets to deploy implants. ↩︎
  3. There is a baseline question of whether the CSE Act created new powers for the CSE in this regard or if, instead, it merely codified existing secret policies or legal interpretations which had previously authorized the CSE to undertake covert activities in carrying out its foreign signals intelligence operations. ↩︎
Posted on in Solved

Solved: Connected Meross Smartplug to Eero 6 Pro

I helped set up some Meross smartplugs that were being used to automate home functions. What follows is how I was ultimately able to connect them to an Eero 6 Pro router.

The Problem

When opening the Home application on an iPhone or iPad, and scanning the QR code that was on the smartplug, I received errors that the process could not be completed. I tried resetting the phone, letting the Apple iOS devices linger for up to 5 minutes to complete the connection, and resetting the home hub to see if that would help. In no case were these measures successful.

The Solution

I connected the smartplugs to the Eero 6 Pro network (and Apple Home app) by modifying some of the router’s settings as well as not using the QR code to set up the device.

Specifically I:

  1. Opened the Eero app and temporarily disabled the 5Ghz radio and turned off the WPA3 experimental feature.
  2. Activated airplane mode on the iOS device I was using to connect the Meross plugs to the Home app.
  3. Performed a hard reset on the Meross plugs (this involved holding the power button for 15 seconds. I heard a ‘click’ sound when it reset). I checked to ensure that that the LEDs were blinking between amber and green colours.
  4. Reconnected the iOS device to the Eero 6 Pro router. This ensured that it would establish a 2.4Ghz connection.
  5. Opened the Home app on the iOS device. I then selected ‘Add Accessory’ and, then, the ‘More options…’ link.
  6. In the new options, I saw one that read as a smart plug, and another that had Meross in its name. I choose the one with Meross and then entered in the 8 digit code above the QR code on the smartplug when prompted. I did not connect using the QR code/camera.

The Meross smartplug subsequently connected to the network. As a note, I had to wait up to 30 seconds before it finished its setup.

Meross Smartplug Firmware Update

With the Meross smartplugs connected to the network I updated their firmware. To do so, I:

  1. Downloaded the Meross app and create an account.
  2. Linked the plugs to the account by tapping the ‘ ’ icon in the Home panel in the Meross app, granted the application permission to scan your local network, and then added the switches.
  3. Once they were added, I navigated to the ‘Account’ panel and selected ‘Firmware update’ under ‘System’. I then followed the on-screen instructions to update the plugs.

By the conclusion of this I managed to join the Meross smartplugs to the Eero 6 Pro network, as well as updated their firmware. Hope that this helps to solve any problems you’re encountering with them!

Link
Posted on in Links

‘Efficiency’ and Basic Rights

Rest of the World has published a terrific piece on the state of surveillance in Singapore, where governmental efficiency drives technologies that are increasingly placing citizens and residents under excessive and untoward kinds of surveillance. The whole piece is worth reading, but I was particularly caught by a comment made by the deputy chief executive of the Cyber Security Agency of Singapore:

“In the U.S., there’s a very strong sense of building technology to hold the government accountable,” he said. “Maybe I’m naive … but I just didn’t think that was necessary in Singapore.

Better.sg, which has around 1,000 members, works in areas where the government can’t or won’t, Keerthi said. “We don’t talk about who’s responsible for the problem. We don’t talk about who is responsible for solving the problem. We just talk about: Can we pivot this whole situation? Can we flip it around? Can we fundamentally shift human behaviour to be better?” he said. 

… one app that had been under development was a ‘catch-a-predator’ chatbot, which parents would install on their childrens’ [sic] phones to monitor conversations. The concept of the software was to goad potential groomers into incriminating themselves, and report their activity to the police. 

“The government’s not going to build this. … It is hostile, it is almost borderline entrapment,” Keerthi said, matter-of-factly. “Are we solving a real social problem? Yeah. Are parents really thrilled about it? Yeah.”

It’s almost breathtaking to see a government official admit they want to develop tools that the government, itself, couldn’t create for legal reasons but that he hopes will be attractive to citizens and residents. While I’m clearly not condoning the social problem that he is seeking to solve, the solution to such problems should be within the four corners of law as opposed to outside of them. When government officials deliberately move outside of the legal strictures binding them they demonstrate a dismissal of basic rights and due process with regards to criminal matters.

While such efforts might be ‘efficient’ and normal within Singapore they cannot be said to conform with basic rights nor, ultimately, with a political structure that is inclusive and responsive to the needs of its population. Western politicians and policy wonks routinely, and wistfully, talk about how they wish they were as free to undertake policy experiments and deployments as their colleagues in Asia. Hopefully more of them will read pieces like this one to understand that the efficiencies they are so fond of would almost certainly herald the end of the very democratic systems they operate within and are meant to protect.

Link
Posted on in Links, Photography

Medical Photography is Failing Patients With Darker Skin

Georgina Gonzalez, reporting for the Verge:

Most clinical photos are taken by well-intentioned doctors who haven’t been trained in the nuances of photographing patients of different races. There are fundamental differences in the physics of how light interacts with different skin tones that can make documenting conditions on skin of color more difficult, says Chrystye Sisson, associate professor and chair of the photographic science program at Rochester Institute of Technology, the only such program in the nation. 

Interactions between light, objects, and our eyes allow us to perceive color. For instance, a red object absorbs every wavelength of light except red, which it reflects back into our eyes. The more melanin there is in the skin, the more light it absorbs, and the less light it reflects back.

But standard photographic setups don’t account for those differences.

One of the things that I routinely experience shooting street photography in a multicultural city is just how screwy camera defaults treat individuals of different racial backgrounds. And I’ve yet to find a single default that captures darker skin accurately despite shooting for many years.

Posted on in Links, Writing

Mandatory Patching of Serious Vulnerabilities in Government Systems

Photo by Mati Mango on Pexels.com

The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for building national capacity to defend American infrastructure and cybersecurity assets. In the past year they have been tasked with receiving information about American government agencies’ progress (or lack thereof) in implementing elements of Executive Order 14028: Improving the Nation’s Cybersecurity and have been involved in responses to a number of events, including Solar Winds, the Colonial Pipeline ransomware attack, and others. The Executive Order required that CISA first collect a large volume of information from government agencies and vendors alike to assess the threats towards government infrastructure and, subsequently, to provide guidance concerning cloud services, track the adoption of multi factor authentication and seek ways of facilitating its implementation, establish a framework to respond to security incidents, enhance CISA’s threat hunting abilities in government networks, and more.1

Today, CISA promulgated a binding operational directive that will require American government agencies to adopt more aggressive patch tempos for vulnerabilities. In addition to requiring agencies to develop formal policies for remediating vulnerabilities it establishes a requirement that vulnerabilities with a common vulnerabilities and exposure ID be remediated within 6 months, and all others with two weeks. Vulnerabilities to be patched/remediated are found in CISA’s “Known Exploited Vulnerabilities Catalogue.”

It’s notable that while patching is obviously preferred, the CISA directive doesn’t mandate patching but that ‘remediation’ take place.2 As such, organizations may be authorized to deploy defensive measures that will prevent the vulnerability from being exploited but not actually patch the underlying vulnerability, so as to avoid a patch having unintended consequences for either the application in question or for other applications/services that currently rely on either outdated or bespoke programming interfaces.

In the Canadian context, there aren’t equivalent levels of requirements that can be placed on Canadian federal departments. While Shared Services Canada can strongly encourage departments to patch, and the Treasury Board Secretariat has published a “Patch Management Guidance” document, and Canada’s Canadian Centre for Cyber Security has a suggested patch deployment schedule,3 final decisions are still made by individual departments by their respective deputy minister under the Financial Administration Act.

The Biden administration is moving quickly to accelerate its ability to identify and remediate vulnerabilities while simultaneously lettings its threat intelligence staff track adversaries in American networks. That last element is less of an issue in the Canadian context but the first two remain pressing and serious challenges.

While its positive to see the Americans moving quickly to improve their security positions I can only hope that the Canadian federal, and provincial, governments similarly clear long-standing logjams that delegate security decisions to parties who may be ill-suited to make optimal decisions, either out of ignorance or because patching systems is seen as secondary to fulfilling a given department’s primary service mandate.

  1. For a discussion of the Executive Order, see: “Initial Thoughts on Biden’s Executive Order on Improving the Nation’s Cybersecurity” or “Everything You Need to Know About the New Executive Order on Cybersecurity.” ↩︎
  2. For more, see CISA’s “Vulnerability Remediation Requirements“. ↩︎
  3. “CCCS’s deployment schedule only suggests timelines for deployment. In actuality, an organization should take into consideration risk tolerance and exposure to a given vulnerability and associated attack vector(s) as part of a risk‑based approach to patching, while also fully considering their individual threat profile. Patch management tools continue to improve the efficiency of the process and enable organizations to hasten the deployment schedule.” Source: “Patch Management Guidance↩︎