Link
Posted on in Links

‘Efficiency’ and Basic Rights

Rest of the World has published a terrific piece on the state of surveillance in Singapore, where governmental efficiency drives technologies that are increasingly placing citizens and residents under excessive and untoward kinds of surveillance. The whole piece is worth reading, but I was particularly caught by a comment made by the deputy chief executive of the Cyber Security Agency of Singapore:

“In the U.S., there’s a very strong sense of building technology to hold the government accountable,” he said. “Maybe I’m naive … but I just didn’t think that was necessary in Singapore.

Better.sg, which has around 1,000 members, works in areas where the government can’t or won’t, Keerthi said. “We don’t talk about who’s responsible for the problem. We don’t talk about who is responsible for solving the problem. We just talk about: Can we pivot this whole situation? Can we flip it around? Can we fundamentally shift human behaviour to be better?” he said. 

… one app that had been under development was a ‘catch-a-predator’ chatbot, which parents would install on their childrens’ [sic] phones to monitor conversations. The concept of the software was to goad potential groomers into incriminating themselves, and report their activity to the police. 

“The government’s not going to build this. … It is hostile, it is almost borderline entrapment,” Keerthi said, matter-of-factly. “Are we solving a real social problem? Yeah. Are parents really thrilled about it? Yeah.”

It’s almost breathtaking to see a government official admit they want to develop tools that the government, itself, couldn’t create for legal reasons but that he hopes will be attractive to citizens and residents. While I’m clearly not condoning the social problem that he is seeking to solve, the solution to such problems should be within the four corners of law as opposed to outside of them. When government officials deliberately move outside of the legal strictures binding them they demonstrate a dismissal of basic rights and due process with regards to criminal matters.

While such efforts might be ‘efficient’ and normal within Singapore they cannot be said to conform with basic rights nor, ultimately, with a political structure that is inclusive and responsive to the needs of its population. Western politicians and policy wonks routinely, and wistfully, talk about how they wish they were as free to undertake policy experiments and deployments as their colleagues in Asia. Hopefully more of them will read pieces like this one to understand that the efficiencies they are so fond of would almost certainly herald the end of the very democratic systems they operate within and are meant to protect.

Link
Posted on in Links, Photography

Medical Photography is Failing Patients With Darker Skin

Georgina Gonzalez, reporting for the Verge:

Most clinical photos are taken by well-intentioned doctors who haven’t been trained in the nuances of photographing patients of different races. There are fundamental differences in the physics of how light interacts with different skin tones that can make documenting conditions on skin of color more difficult, says Chrystye Sisson, associate professor and chair of the photographic science program at Rochester Institute of Technology, the only such program in the nation. 

Interactions between light, objects, and our eyes allow us to perceive color. For instance, a red object absorbs every wavelength of light except red, which it reflects back into our eyes. The more melanin there is in the skin, the more light it absorbs, and the less light it reflects back.

But standard photographic setups don’t account for those differences.

One of the things that I routinely experience shooting street photography in a multicultural city is just how screwy camera defaults treat individuals of different racial backgrounds. And I’ve yet to find a single default that captures darker skin accurately despite shooting for many years.

Posted on in Links, Writing

Mandatory Patching of Serious Vulnerabilities in Government Systems

Photo by Mati Mango on Pexels.com

The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for building national capacity to defend American infrastructure and cybersecurity assets. In the past year they have been tasked with receiving information about American government agencies’ progress (or lack thereof) in implementing elements of Executive Order 14028: Improving the Nation’s Cybersecurity and have been involved in responses to a number of events, including Solar Winds, the Colonial Pipeline ransomware attack, and others. The Executive Order required that CISA first collect a large volume of information from government agencies and vendors alike to assess the threats towards government infrastructure and, subsequently, to provide guidance concerning cloud services, track the adoption of multi factor authentication and seek ways of facilitating its implementation, establish a framework to respond to security incidents, enhance CISA’s threat hunting abilities in government networks, and more.1

Today, CISA promulgated a binding operational directive that will require American government agencies to adopt more aggressive patch tempos for vulnerabilities. In addition to requiring agencies to develop formal policies for remediating vulnerabilities it establishes a requirement that vulnerabilities with a common vulnerabilities and exposure ID be remediated within 6 months, and all others with two weeks. Vulnerabilities to be patched/remediated are found in CISA’s “Known Exploited Vulnerabilities Catalogue.”

It’s notable that while patching is obviously preferred, the CISA directive doesn’t mandate patching but that ‘remediation’ take place.2 As such, organizations may be authorized to deploy defensive measures that will prevent the vulnerability from being exploited but not actually patch the underlying vulnerability, so as to avoid a patch having unintended consequences for either the application in question or for other applications/services that currently rely on either outdated or bespoke programming interfaces.

In the Canadian context, there aren’t equivalent levels of requirements that can be placed on Canadian federal departments. While Shared Services Canada can strongly encourage departments to patch, and the Treasury Board Secretariat has published a “Patch Management Guidance” document, and Canada’s Canadian Centre for Cyber Security has a suggested patch deployment schedule,3 final decisions are still made by individual departments by their respective deputy minister under the Financial Administration Act.

The Biden administration is moving quickly to accelerate its ability to identify and remediate vulnerabilities while simultaneously lettings its threat intelligence staff track adversaries in American networks. That last element is less of an issue in the Canadian context but the first two remain pressing and serious challenges.

While its positive to see the Americans moving quickly to improve their security positions I can only hope that the Canadian federal, and provincial, governments similarly clear long-standing logjams that delegate security decisions to parties who may be ill-suited to make optimal decisions, either out of ignorance or because patching systems is seen as secondary to fulfilling a given department’s primary service mandate.

  1. For a discussion of the Executive Order, see: “Initial Thoughts on Biden’s Executive Order on Improving the Nation’s Cybersecurity” or “Everything You Need to Know About the New Executive Order on Cybersecurity.” ↩︎
  2. For more, see CISA’s “Vulnerability Remediation Requirements“. ↩︎
  3. “CCCS’s deployment schedule only suggests timelines for deployment. In actuality, an organization should take into consideration risk tolerance and exposure to a given vulnerability and associated attack vector(s) as part of a risk‑based approach to patching, while also fully considering their individual threat profile. Patch management tools continue to improve the efficiency of the process and enable organizations to hasten the deployment schedule.” Source: “Patch Management Guidance↩︎
Posted on in Writing

Solved: “A Server With This Hostname Cannot Be Found” In iOS

For the past few days whenever I’ve been using my iPhone on a cellular connection I’ve been unable to play podcasts or stream music, or do anything else that requires an Internet connection. The title of this post refers to the error I was receiving in Apple Music whenever I tried to play something.

After spending a bit of time diagnosing the issue it became apparent that the problem originated in the VPN service that I use to scan for, and block, trackers and malicious content. Specifically, the 1Blocker application currently has a problem when it uses DNS Proxy-based scanning for its firewall.

While one solution involves disabling 1Blocker’s VPN functionality entirely1 you can also switch to HTTP Proxy-based scanning in 1Blocker to resolve the issue. To do so:

  1. Open the 1Blocker application
  2. Open the Firewall tab
  3. Click the ‘…’ in the upper right corner
  4. Select ‘HTTP Proxy’

At the moment the company is asserting that the problem originates from “an ongoing connectivity issue that affects some mobile network operators.” No further information has been provided.

It’s possible that this will be resolved if carriers fix whatever is wrong on their end, though there isn’t a public ETA for this occurring at the moment.

  1. Settings > VPN > the (i) button beside 1Blocker > Turn off ‘Connect on Demand’ > return to VPN and set status to ‘Disconnected’ ↩︎
Posted on in Photography

My Glass Public Profile

I’ve recently written about the concerns that I have about Instagram, and my assessment of whether I wanted to port my online photo sharing to either Flickr or Glass. As of October 27, Glass has enabled public profiles so non-members can view the work that photographers have published on the service. You can check mine out!

I…really like how the profiles look on Glass at the moment. I’ve been posting with some frequency (all black and whites, with a focus on street photography) and the flow model to capture and then post photographs has been simple and seamless.

I also really like the experience of having to comment on other photographs instead of ‘liking’ them. This engagement strategy means that when I interact with other photographers’ pieces I need to leave at least some kind of meaningful comment. As a result, I need to slow down and think a bit more about a photograph and I think that’s a good thing for me–the viewer–and the photographer who hopefully gets more meaningful (if less frequent) engagement.

I like Glass enough that I’ve ponied up for a one year subscription. The developers are pushing out significant quality of life updates to the application and, on the whole, it’s currently pretty fun to use and is clearly intended to be used by photographers, as well as other individuals who are interested in photography and just don’t want to deal with the grossness of Instagram and want something a little fresher than Flickr.

Based on my experiences thus far I’d heartily recommend that you check out the service, as well as my public profile!

Posted on in Photography, Photos

Vacation Street Photography Challenge

(Come Towards the Light by Christopher Parsons)

This year I took a very late vacation while Toronto was returning to its new normal. I’ve been capturing the city throughout the COVID-19 pandemic and I wanted to focus in on how the streets felt.

During the pandemic we’ve all been attached to our devices, and our phones in particular, and thus decided to document the city through the lens of our ever-present screen: the smartphone. I exclusively shot with my iPhone 12 Pro using the Noir filter. This filter created a strong black and white contrast, with the effect of deepening shadows and blacks and lifting highlights and whites. I choose this, over a monotone, as I wanted to emphasize that while the city was waking up there were still stark divides between the lived experiences of the pandemic and a continuation of strong social distancing from one another.

  • (Between Frames by Christopher Parsons)
  • (Calm Decay by Christopher Parsons)
  • (Reflections by Christopher Parsons)
  • (The Guarded Groom by Christopher Parsons)

95% of my photos were captured using ProRaw with the exception of those where I wanted to utilize Apple’s long exposure functionality in the Photos application.

  • (Caught by Christopher Parsons)
  • (Just Passing by Christopher Parsons)

Darkroom Settings

In excess of the default Noir filter, I also created a secondary filter in Darkroom that adjusted what came off the iPhone just a bit to establish tones that were to my liking. My intent was to make the Noir that much punchier, while also trying to reduce a bit of the sharpness/clarity that I associate with Apple’s smartphone cameras. This adjustment reflected, I think, that digital communications themselves are often blurrier or more confused than our face-to-face interactions. Even that which seems clear, when communicated over digital systems, often carries with it a misrepresentation of meaning or intent.

(more…)
Posted on in Writing

Apple Music Voice Plan- The New iPod Shuffle?

A lot of tech commentators are scratching their heads over Apple’s new Apple Music Voice Plan. The plan is half the price of a ‘normal’ Apple Music subscription. If subscribed, individuals will can ask Siri to play songs or playlists but will not have access to a text-based or icon-based way to search for or play music.

I am dubious that this will be a particularly successful music plan. Siri is the definition of a not-good (and very bad) voice assistant.

Nevertheless, Apple has released this music plan into the world. I think that it’s probably most like the old iPod Shuffle that lacked any ability to really select or manage an individual’s music. The Shuffle was a cult favourite.

I have a hard time imagining a Siri-based interface developing a cult following like the iPods of yore, but the same thing was thought about the old Shuffle, too.

Posted on in RPG

Playlist for Gloomhaven- Jaws of the Lion

  • (Adventure Ho! by Christopher Parsons)

For the past several months a group of us have been playing Gloomhaven: Jaws of the Lion. Jaws of the Lion is meant to be the ‘intro to Gloomhaven’ boxed set, though we’ve experienced a relatively steep learning curve and I’ve spent a lot of time trying to figure out some of the more confusing or unclear rules.

Anyhow! I built a playlist for Jaws of the Lion, just as I did for the Dungeons and Dragons campaigns we’ve played.1 I’ll continue to update it periodically, though not regularly.

If you’re interested in using the playlist for Gloomhaven: Jaws of the Lion we’re using, you can find it at Apple Music.

  1. I’ve previously published a consolidated listing of the playlists we’ve used for D&D’s Lost Mines of Phandelver ↩︎

Posted on in Writing

Detecting Academic National Security Threats

Photo by Pixabay on Pexels.com

The Canadian government is following in the footsteps of it’s American counterpart and has introduced national security assessments for recipients of government natural science (NSERC) funding. Such assessments will occur when proposed research projects are deemed sensitive and where private funding is also used to facilitate the research in question. Social science (SSHRC) and health (CIHR) funding will be subject to these assessments in the near future.

I’ve written, elsewhere, about why such assessments are likely fatally flawed. In short, they will inhibit student training, will cast suspicion upon researchers of non-Canadian nationalities (and especially upon researchers who hold citizenship with ‘competitor nations’ such as China, Russia, and Iran), and may encourage researchers to hide their sources of funding to be able to perform their required academic duties while also avoiding national security scrutiny.

To be clear, such scrutiny often carries explicit racist overtones, has led to many charges but few convictions in the United States, and presupposes that academic units or government agencies can detect a human-based espionage agent. Further, it presupposes that HUMINT-based espionage is a more serious, or equivalent, threat to research productivity as compared to cyber-espionage. As of today, there is no evidence in the public record in Canada that indicates that the threat facing Canadian academics is equivalent to the invasiveness of the assessments, nor that human-based espionage is a greater risk than cyber-based means.

To the best of my knowledge, while HUMINT-based espionage does generate some concerns they pale in comparison to the risk of espionage linked to cyber-operations.

However, these points are not the principal focus of this post. I recently re-read some older work by Bruce Schneier that I think nicely casts why asking scholars to engage in national security assessments of their own, and their colleagues’, research is bound to fail. Schneier wrote the following in 2007, when discussing the US government’s “see something, say something” campaign:

[t]he problem is that ordinary citizens don’t know what a real terrorist threat looks like. They can’t tell the difference between a bomb and a tape dispenser, electronic name badge, CD player, bat detector, or trash sculpture; or the difference between terrorist plotters and imams, musicians, or architects. All they know is that something makes them uneasy, usually based on fear, media hype, or just something being different.

Replace “terrorist” with “national security” threat and we get to approximately the same conclusions. Individuals—even those trained to detect and investigate human intelligence driven espionage—can find it incredibly difficult to detect human agent-enabled espionage. Expecting academics, who are motivated to develop international and collegial relationships, who may be unable to assess the national security implications of their research, and who are being told to abandon funding while the government fails to supplement that which is abandoned, guarantees that this measure will fail.

What will that failure mean, specifically? It will involve incorrect assessments and suspicion being aimed at scholars from ‘competitor’ and adversary nations. Scholars will question whether they should work with a Chinese, Russian, or Iranian scholar even when they are employed in a Western university let alone when they are in a non-Western institution. I doubt these same scholars will similarly question whether they should work with Finish, French, or British scholars. Nationality and ethnicity lenses will be used to assess who are the ‘right’ people with whom to collaborate.

Failure will not just affect professors. It will also extend to affect undergraduate and graduate students, as well as post-doctoral fellows and university staff. Already, students are questioning what they must do in order to prove that they are not considered national security threats. Lab staff and other employees who have access to university research environments will similarly be placed under an aura of suspicion. We should not, we must not, create an academy where these are the kinds of questions with which our students and colleagues and staff must grapple.

Espionage is, it must be recognized, a serious issue that faces universities and Canadian businesses more broadly. The solution cannot be to ignore it and hope that the activity goes away. However, the response to such threats must demonstrate necessity and proportionality and demonstrably involve evidence-based and inclusive policy making. The current program that is being rolled out by the Government of Canada does not meet this set of conditions and, as such, needs to be repealed.

Gallery
Posted on in Photography, Photos

Over Flow by John Notten

  • (Over Flow 4 by Christopher Parsons​)

Climate change is a reality of contemporary life and is leading to increasingly numbers of weather-related catastrophes. One of the many threats now facing humanity is severe flooding. Such threats have been, and continue to be, driven by harmful and destructive human activities that impair and change the climate, and amplified by housing councils that permit developers to build homes on floodplains along with other development pressures linked to humans moving in increasing numbers into urban environments.

With the climate emergency in mind, Toronto artist John Notten has created a series of styrofoam installations that are presently located in Ontario Place. On the one side they show the image of an iceberg and the other show homes, vehicles, and other urban architecture. As discussed in the artist statement, the installation is intended to offer:

… an opportunity for the viewer to consider connections between this provocative material, the image of floating icebergs, and those of half-submerged iconic institutions.

  • (Over Flow 9 by Christopher Parsons​)
  • (Over Flow 7 by Christopher Parsons)

It was particularly special to have a pair of kayakers visit the exhibit at the same time that I was there. Their presence—and my effort to present them as blurred subjects—helps to give a sense that climate change affects all subjects—all people—and isn’t something that is linked to any one specific subject. In essence, I wanted to convey that all humans are threatened by climate change and that focusing on individuals and their efforts does not adequately appreciate the structural and collective drivers that endanger all life on Earth.

  • (Over Flow 13 by Christopher Parsons)

Over Flow will be in Ontario Place until October 31, 2021, and will then be moved to other locations in the spring of 2021.

All images were made using an iPhone 12 Pro and the Noir filter, and then slightly edited using a filter in Darkroom.