After letting it languish for far too long (a year or two, I think!) I’ve updated my Podcasts page to include the podcasts that I either listen to regularly, or that have come to a conclusion but that I enjoyed.
Author: Christopher Parsons
Policy wonk. Torontonian. Photographer. Not necessarily in that order.
Categories
Glass in 2022
I’ve been primarily posting my photos to Glass for about three months now. There have been several quality of life improvements1 but, on the whole, the app has been pretty true to its original DNA.
That’s been a bit frustrating for some folks, such as Matt Birchler. He notes that Glass seems to be populated by professional photographers and lacks the life and diversity that you can sometimes find on Instagram or other photography sites. I was particularly struck by his comment that, “I used to enjoy the feed because it was high quality stuff, but now I scroll and everyone is making photos that look like every else’s.”
I don’t discount that Matt’s experience has been seeing a lot of professionals making photos but have to admit that his experiences don’t really parallel my own. To be clear, the photographers that I follow are doing neat work and some are definitely serious amateurs or professionals. But perhaps because I’m more focused on street photography it’s rarely self-apparent to me that I’m following professionals versus amateurs, nor that everyone’s work looks the same.
That being said, I definitely do follow a lot fewer people on Glass. If I have a problem with the app it’s that discovering active photographers on the platform is difficult; a lot of people signed up for the trial period but aren’t regularly posting. The result is that it’s hard to develop an active stream of photos and a photographic community. At the same time, however, I don’t browse the Glass app like I would Instagram: I pop in once or twice a day, and try to set aside some time every day or three (or four…) to leave comments on others photographers’ work. I treat Glass more seriously than free photography applications, if only because I have (thus far) only has positive experiences with the other active photographers posting their work there.
The only other problem I have with Glass—annoyance really!—is that I think that you actually can see/display photographers’ profiles in a much more beautiful way on non-phone devices. The image for this post was a screen capture from my iPad which attractively lays out photos. In contrast, you just get a flat waterfall of images if you visit my profile in the Glass app itself. That’s a shame and hopefully something that is improved upon in 2022.
To date I’m happy with Glass and incredibly pleased to no longer posting my photos to a Facebook platform. I really hope that Glass’s developers are able to maintain the app going forward, which will almost certainly depend in part on building the community and enhancing discoverability.
I’m currently planning to continue posting my work to Glass regularly. Even if the service doesn’t explode (which would be fine for me, though probably not great for its long term survival!) I find that the comments that I receive are far more valuable than anything I tended to receive on Instagram or other social sites, and the actual process of posting is also a comparative breeze and joy. If you’re looking for a neat photography site to try out, I heartily recommend that you give Glass a shot!
- Specifically, the developers have added some photography categories and public profiles, as well as the ability to ‘appreciate’ photos and comments ↩︎
Bloomberg has an article that discusses how Chinese spies were allegedly involved in deploying implants on Huawei equipment which was operated in Australia and the United States. The key parts of the story include:
At the core of the case, those officials said, was a software update from Huawei that was installed on the network of a major Australian telecommunications company. The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, they said. After a few days, that code deleted itself, the result of a clever self-destruct mechanism embedded in the update, they said. Ultimately, Australia’s intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems.
Guided by Australia’s tip, American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the U.S., six of the former officials said, declining to provide further detail.
The details from the story are all circa 2012. The fact that Huawei equipment was successfully being targeted by these operations, in combination with the large volume of serious vulnerabilities in Huawei equipment, contributed to the United States’ efforts to bar Huawei equipment from American networks and the networks of their closest allies.1
Analysis
We can derive a number of conclusions from the Bloomberg article, as well as see links between activities allegedly undertaken by the Chinese government and those of Western intelligence agencies.
To begin, it’s worth noting that the very premise of the article–that the Chinese government needed to infiltrate the ranks of Huawei technicians–suggests that circa 2012 Huawei was not controlled by, operated by, or necessarily unduly influenced by the Chinese government. Why? Because if the government needed to impersonate technicians to deploy implants, and do so without the knowledge of Huawei’s executive staff, then it’s very challenging to say that the company writ large (or its executive staff) were complicit in intelligence operations.
Second, the Bloomberg article makes clear that a human intelligence (HUMINT) operation had to be conducted in order to deploy the implants in telecommunications networks, with data then being sent back to servers that were presumably operated by Chinese intelligence and security agencies. These kinds of HUMINT operations can be high-risk insofar because if operatives are caught then the whole operation (and its surrounding infrastructure) can be detected and burned down. Building legends for assets is never easy, nor is developing assets if they are being run from a distance as opposed to spies themselves deploying implants.2
Third, the United States’ National Security Agency (NSA) has conducted similar if not identical operations when its staff interdicted equipment while it was being shipped, in order to implant the equipment before sending it along to its final destination. Similarly, the CIA worked for decades to deliberately provide cryptographically-sabotaged equipment to diplomatic facilities around the world. All of which is to say that multiple agencies have been involved in using spies or assets to deliberately compromise hardware, including Western agencies.
Fourth, the Canadian Communications Security Establish Act (‘CSE Act’), which was passed into law in 2019, includes language which authorizes the CSE to do, “anything that is reasonably necessary to maintain the covert nature of the [foreign intelligence] activity” (26(2)(c)). The language in the CSE Act, at a minimum, raises the prospect that the CSE could undertake operations which parallel those of the NSA and, in theory, the Chinese government and its intelligence and security services.3
Of course, the fact that the NSA and other Western agencies have historically tampered with telecommunications hardware to facilitate intelligence collection doesn’t take away from the seriousness of the allegations that the Chinese government targeted Huawei equipment so as to carry out intelligence operations in Australia and the United States. Moreover, the reporting in Bloomberg covers a time around 2012 and it remains unclear whether the relationship(s) between the Chinese government and Huawei have changed since then; it is possible, though credible open source evidence is not forthcoming to date, that Huawei has since been captured by the Chinese state.
Takeaway
The Bloomberg article strongly suggests that Huawei, as of 2012, didn’t appear captured by the Chinese government given the government’s reliance on HUMINT operations. Moreover, and separate from the article itself, it’s important that readers keep in mind that the activities which were allegedly carried out by the Chinese government were (and remain) similar to those also carried out by Western governments and their own security and intelligence agencies. I don’t raise this latter point as a kind of ‘whataboutism‘ but, instead, to underscore that these kinds of operations are both serious and conducted by ‘friendly’ and adversarial intelligence services alike. As such, it behooves citizens to ask whether these are the kinds of activities we want our governments to be conducting on our behalves. Furthermore, we need to keep these kinds of facts in mind and, ideally, see them in news reporting to better contextualize the operations which are undertaken by domestic and foreign intelligence agencies alike.
- While it’s several years past 2012, the 2021 UK HCSEC report found that it continued “to uncover issues that indicate there has been no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC.” (boldface in original) ↩︎
- It is worth noting that, post-2012, the Chinese government has passed national security legislation which may make it easier to compel Chinese nationals to operate as intelligence assets, inclusive of technicians who have privileged access to telecommunications equipment that is being maintained outside China. That having been said, and as helpfully pointed out by Graham Webster, this case demonstrates that the national security laws were not needed in order to use human agents or assets to deploy implants. ↩︎
- There is a baseline question of whether the CSE Act created new powers for the CSE in this regard or if, instead, it merely codified existing secret policies or legal interpretations which had previously authorized the CSE to undertake covert activities in carrying out its foreign signals intelligence operations. ↩︎
I helped set up some Meross smartplugs that were being used to automate home functions. What follows is how I was ultimately able to connect them to an Eero 6 Pro router.
The Problem
When opening the Home application on an iPhone or iPad, and scanning the QR code that was on the smartplug, I received errors that the process could not be completed. I tried resetting the phone, letting the Apple iOS devices linger for up to 5 minutes to complete the connection, and resetting the home hub to see if that would help. In no case were these measures successful.
The Solution
I connected the smartplugs to the Eero 6 Pro network (and Apple Home app) by modifying some of the router’s settings as well as not using the QR code to set up the device.
Specifically I:
- Opened the Eero app and temporarily disabled the 5Ghz radio and turned off the WPA3 experimental feature.
- Activated airplane mode on the iOS device I was using to connect the Meross plugs to the Home app.
- Performed a hard reset on the Meross plugs (this involved holding the power button for 15 seconds. I heard a ‘click’ sound when it reset). I checked to ensure that that the LEDs were blinking between amber and green colours.
- Reconnected the iOS device to the Eero 6 Pro router. This ensured that it would establish a 2.4Ghz connection.
- Opened the Home app on the iOS device. I then selected ‘Add Accessory’ and, then, the ‘More options…’ link.
- In the new options, I saw one that read as a smart plug, and another that had Meross in its name. I choose the one with Meross and then entered in the 8 digit code above the QR code on the smartplug when prompted. I did not connect using the QR code/camera.
The Meross smartplug subsequently connected to the network. As a note, I had to wait up to 30 seconds before it finished its setup.
Meross Smartplug Firmware Update
With the Meross smartplugs connected to the network I updated their firmware. To do so, I:
- Downloaded the Meross app and create an account.
- Linked the plugs to the account by tapping the ‘ ’ icon in the Home panel in the Meross app, granted the application permission to scan your local network, and then added the switches.
- Once they were added, I navigated to the ‘Account’ panel and selected ‘Firmware update’ under ‘System’. I then followed the on-screen instructions to update the plugs.
By the conclusion of this I managed to join the Meross smartplugs to the Eero 6 Pro network, as well as updated their firmware. Hope that this helps to solve any problems you’re encountering with them!
Categories
‘Efficiency’ and Basic Rights
Rest of the World has published a terrific piece on the state of surveillance in Singapore, where governmental efficiency drives technologies that are increasingly placing citizens and residents under excessive and untoward kinds of surveillance. The whole piece is worth reading, but I was particularly caught by a comment made by the deputy chief executive of the Cyber Security Agency of Singapore:
“In the U.S., there’s a very strong sense of building technology to hold the government accountable,” he said. “Maybe I’m naive … but I just didn’t think that was necessary in Singapore.
Better.sg, which has around 1,000 members, works in areas where the government can’t or won’t, Keerthi said. “We don’t talk about who’s responsible for the problem. We don’t talk about who is responsible for solving the problem. We just talk about: Can we pivot this whole situation? Can we flip it around? Can we fundamentally shift human behaviour to be better?” he said.
…
… one app that had been under development was a ‘catch-a-predator’ chatbot, which parents would install on their childrens’ [sic] phones to monitor conversations. The concept of the software was to goad potential groomers into incriminating themselves, and report their activity to the police.
“The government’s not going to build this. … It is hostile, it is almost borderline entrapment,” Keerthi said, matter-of-factly. “Are we solving a real social problem? Yeah. Are parents really thrilled about it? Yeah.”
It’s almost breathtaking to see a government official admit they want to develop tools that the government, itself, couldn’t create for legal reasons but that he hopes will be attractive to citizens and residents. While I’m clearly not condoning the social problem that he is seeking to solve, the solution to such problems should be within the four corners of law as opposed to outside of them. When government officials deliberately move outside of the legal strictures binding them they demonstrate a dismissal of basic rights and due process with regards to criminal matters.
While such efforts might be ‘efficient’ and normal within Singapore they cannot be said to conform with basic rights nor, ultimately, with a political structure that is inclusive and responsive to the needs of its population. Western politicians and policy wonks routinely, and wistfully, talk about how they wish they were as free to undertake policy experiments and deployments as their colleagues in Asia. Hopefully more of them will read pieces like this one to understand that the efficiencies they are so fond of would almost certainly herald the end of the very democratic systems they operate within and are meant to protect.
Georgina Gonzalez, reporting for the Verge:
Most clinical photos are taken by well-intentioned doctors who haven’t been trained in the nuances of photographing patients of different races. There are fundamental differences in the physics of how light interacts with different skin tones that can make documenting conditions on skin of color more difficult, says Chrystye Sisson, associate professor and chair of the photographic science program at Rochester Institute of Technology, the only such program in the nation.
Interactions between light, objects, and our eyes allow us to perceive color. For instance, a red object absorbs every wavelength of light except red, which it reflects back into our eyes. The more melanin there is in the skin, the more light it absorbs, and the less light it reflects back.
…
But standard photographic setups don’t account for those differences.
One of the things that I routinely experience shooting street photography in a multicultural city is just how screwy camera defaults treat individuals of different racial backgrounds. And I’ve yet to find a single default that captures darker skin accurately despite shooting for many years.
The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for building national capacity to defend American infrastructure and cybersecurity assets. In the past year they have been tasked with receiving information about American government agencies’ progress (or lack thereof) in implementing elements of Executive Order 14028: Improving the Nation’s Cybersecurity and have been involved in responses to a number of events, including Solar Winds, the Colonial Pipeline ransomware attack, and others. The Executive Order required that CISA first collect a large volume of information from government agencies and vendors alike to assess the threats towards government infrastructure and, subsequently, to provide guidance concerning cloud services, track the adoption of multi factor authentication and seek ways of facilitating its implementation, establish a framework to respond to security incidents, enhance CISA’s threat hunting abilities in government networks, and more.1
Today, CISA promulgated a binding operational directive that will require American government agencies to adopt more aggressive patch tempos for vulnerabilities. In addition to requiring agencies to develop formal policies for remediating vulnerabilities it establishes a requirement that vulnerabilities with a common vulnerabilities and exposure ID be remediated within 6 months, and all others with two weeks. Vulnerabilities to be patched/remediated are found in CISA’s “Known Exploited Vulnerabilities Catalogue.”
It’s notable that while patching is obviously preferred, the CISA directive doesn’t mandate patching but that ‘remediation’ take place.2 As such, organizations may be authorized to deploy defensive measures that will prevent the vulnerability from being exploited but not actually patch the underlying vulnerability, so as to avoid a patch having unintended consequences for either the application in question or for other applications/services that currently rely on either outdated or bespoke programming interfaces.
In the Canadian context, there aren’t equivalent levels of requirements that can be placed on Canadian federal departments. While Shared Services Canada can strongly encourage departments to patch, and the Treasury Board Secretariat has published a “Patch Management Guidance” document, and Canada’s Canadian Centre for Cyber Security has a suggested patch deployment schedule,3 final decisions are still made by individual departments by their respective deputy minister under the Financial Administration Act.
The Biden administration is moving quickly to accelerate its ability to identify and remediate vulnerabilities while simultaneously lettings its threat intelligence staff track adversaries in American networks. That last element is less of an issue in the Canadian context but the first two remain pressing and serious challenges.
While its positive to see the Americans moving quickly to improve their security positions I can only hope that the Canadian federal, and provincial, governments similarly clear long-standing logjams that delegate security decisions to parties who may be ill-suited to make optimal decisions, either out of ignorance or because patching systems is seen as secondary to fulfilling a given department’s primary service mandate.
- For a discussion of the Executive Order, see: “Initial Thoughts on Biden’s Executive Order on Improving the Nation’s Cybersecurity” or “Everything You Need to Know About the New Executive Order on Cybersecurity.” ↩︎
- For more, see CISA’s “Vulnerability Remediation Requirements“. ↩︎
- “CCCS’s deployment schedule only suggests timelines for deployment. In actuality, an organization should take into consideration risk tolerance and exposure to a given vulnerability and associated attack vector(s) as part of a risk‑based approach to patching, while also fully considering their individual threat profile. Patch management tools continue to improve the efficiency of the process and enable organizations to hasten the deployment schedule.” Source: “Patch Management Guidance” ↩︎
For the past few days whenever I’ve been using my iPhone on a cellular connection I’ve been unable to play podcasts or stream music, or do anything else that requires an Internet connection. The title of this post refers to the error I was receiving in Apple Music whenever I tried to play something.
After spending a bit of time diagnosing the issue it became apparent that the problem originated in the VPN service that I use to scan for, and block, trackers and malicious content. Specifically, the 1Blocker application currently has a problem when it uses DNS Proxy-based scanning for its firewall.
While one solution involves disabling 1Blocker’s VPN functionality entirely1 you can also switch to HTTP Proxy-based scanning in 1Blocker to resolve the issue. To do so:
- Open the 1Blocker application
- Open the Firewall tab
- Click the ‘…’ in the upper right corner
- Select ‘HTTP Proxy’
At the moment the company is asserting that the problem originates from “an ongoing connectivity issue that affects some mobile network operators.” No further information has been provided.
It’s possible that this will be resolved if carriers fix whatever is wrong on their end, though there isn’t a public ETA for this occurring at the moment.
- Settings > VPN > the (i) button beside 1Blocker > Turn off ‘Connect on Demand’ > return to VPN and set status to ‘Disconnected’ ↩︎
Categories
My Glass Public Profile
I’ve recently written about the concerns that I have about Instagram, and my assessment of whether I wanted to port my online photo sharing to either Flickr or Glass. As of October 27, Glass has enabled public profiles so non-members can view the work that photographers have published on the service. You can check mine out!
I…really like how the profiles look on Glass at the moment. I’ve been posting with some frequency (all black and whites, with a focus on street photography) and the flow model to capture and then post photographs has been simple and seamless.
I also really like the experience of having to comment on other photographs instead of ‘liking’ them. This engagement strategy means that when I interact with other photographers’ pieces I need to leave at least some kind of meaningful comment. As a result, I need to slow down and think a bit more about a photograph and I think that’s a good thing for me–the viewer–and the photographer who hopefully gets more meaningful (if less frequent) engagement.
I like Glass enough that I’ve ponied up for a one year subscription. The developers are pushing out significant quality of life updates to the application and, on the whole, it’s currently pretty fun to use and is clearly intended to be used by photographers, as well as other individuals who are interested in photography and just don’t want to deal with the grossness of Instagram and want something a little fresher than Flickr.
Based on my experiences thus far I’d heartily recommend that you check out the service, as well as my public profile!
This year I took a very late vacation while Toronto was returning to its new normal. I’ve been capturing the city throughout the COVID-19 pandemic and I wanted to focus in on how the streets felt.
During the pandemic we’ve all been attached to our devices, and our phones in particular, and thus decided to document the city through the lens of our ever-present screen: the smartphone. I exclusively shot with my iPhone 12 Pro using the Noir filter. This filter created a strong black and white contrast, with the effect of deepening shadows and blacks and lifting highlights and whites. I choose this, over a monotone, as I wanted to emphasize that while the city was waking up there were still stark divides between the lived experiences of the pandemic and a continuation of strong social distancing from one another.
95% of my photos were captured using ProRaw with the exception of those where I wanted to utilize Apple’s long exposure functionality in the Photos application.
Darkroom Settings
In excess of the default Noir filter, I also created a secondary filter in Darkroom that adjusted what came off the iPhone just a bit to establish tones that were to my liking. My intent was to make the Noir that much punchier, while also trying to reduce a bit of the sharpness/clarity that I associate with Apple’s smartphone cameras. This adjustment reflected, I think, that digital communications themselves are often blurrier or more confused than our face-to-face interactions. Even that which seems clear, when communicated over digital systems, often carries with it a misrepresentation of meaning or intent.
Excited Pixels 