Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Solved

Solved: Connected Meross Smartplug to Eero 6 Pro

I helped set up some Meross smartplugs that were being used to automate home functions. What follows is how I was ultimately able to connect them to an Eero 6 Pro router.

The Problem

When opening the Home application on an iPhone or iPad, and scanning the QR code that was on the smartplug, I received errors that the process could not be completed. I tried resetting the phone, letting the Apple iOS devices linger for up to 5 minutes to complete the connection, and resetting the home hub to see if that would help. In no case were these measures successful.

The Solution

I connected the smartplugs to the Eero 6 Pro network (and Apple Home app) by modifying some of the router’s settings as well as not using the QR code to set up the device.

Specifically I:

  1. Opened the Eero app and temporarily disabled the 5Ghz radio and turned off the WPA3 experimental feature.
  2. Activated airplane mode on the iOS device I was using to connect the Meross plugs to the Home app.
  3. Performed a hard reset on the Meross plugs (this involved holding the power button for 15 seconds. I heard a ‘click’ sound when it reset). I checked to ensure that that the LEDs were blinking between amber and green colours.
  4. Reconnected the iOS device to the Eero 6 Pro router. This ensured that it would establish a 2.4Ghz connection.
  5. Opened the Home app on the iOS device. I then selected ‘Add Accessory’ and, then, the ‘More options…’ link.
  6. In the new options, I saw one that read as a smart plug, and another that had Meross in its name. I choose the one with Meross and then entered in the 8 digit code above the QR code on the smartplug when prompted. I did not connect using the QR code/camera.

The Meross smartplug subsequently connected to the network. As a note, I had to wait up to 30 seconds before it finished its setup.

Meross Smartplug Firmware Update

With the Meross smartplugs connected to the network I updated their firmware. To do so, I:

  1. Downloaded the Meross app and create an account.
  2. Linked the plugs to the account by tapping the ‘ ’ icon in the Home panel in the Meross app, granted the application permission to scan your local network, and then added the switches.
  3. Once they were added, I navigated to the ‘Account’ panel and selected ‘Firmware update’ under ‘System’. I then followed the on-screen instructions to update the plugs.

By the conclusion of this I managed to join the Meross smartplugs to the Eero 6 Pro network, as well as updated their firmware. Hope that this helps to solve any problems you’re encountering with them!

Categories
Links

‘Efficiency’ and Basic Rights

Rest of the World has published a terrific piece on the state of surveillance in Singapore, where governmental efficiency drives technologies that are increasingly placing citizens and residents under excessive and untoward kinds of surveillance. The whole piece is worth reading, but I was particularly caught by a comment made by the deputy chief executive of the Cyber Security Agency of Singapore:

“In the U.S., there’s a very strong sense of building technology to hold the government accountable,” he said. “Maybe I’m naive … but I just didn’t think that was necessary in Singapore.

Better.sg, which has around 1,000 members, works in areas where the government can’t or won’t, Keerthi said. “We don’t talk about who’s responsible for the problem. We don’t talk about who is responsible for solving the problem. We just talk about: Can we pivot this whole situation? Can we flip it around? Can we fundamentally shift human behaviour to be better?” he said. 

… one app that had been under development was a ‘catch-a-predator’ chatbot, which parents would install on their childrens’ [sic] phones to monitor conversations. The concept of the software was to goad potential groomers into incriminating themselves, and report their activity to the police. 

“The government’s not going to build this. … It is hostile, it is almost borderline entrapment,” Keerthi said, matter-of-factly. “Are we solving a real social problem? Yeah. Are parents really thrilled about it? Yeah.”

It’s almost breathtaking to see a government official admit they want to develop tools that the government, itself, couldn’t create for legal reasons but that he hopes will be attractive to citizens and residents. While I’m clearly not condoning the social problem that he is seeking to solve, the solution to such problems should be within the four corners of law as opposed to outside of them. When government officials deliberately move outside of the legal strictures binding them they demonstrate a dismissal of basic rights and due process with regards to criminal matters.

While such efforts might be ‘efficient’ and normal within Singapore they cannot be said to conform with basic rights nor, ultimately, with a political structure that is inclusive and responsive to the needs of its population. Western politicians and policy wonks routinely, and wistfully, talk about how they wish they were as free to undertake policy experiments and deployments as their colleagues in Asia. Hopefully more of them will read pieces like this one to understand that the efficiencies they are so fond of would almost certainly herald the end of the very democratic systems they operate within and are meant to protect.

Categories
Links Photography

Medical Photography is Failing Patients With Darker Skin

Georgina Gonzalez, reporting for the Verge:

Most clinical photos are taken by well-intentioned doctors who haven’t been trained in the nuances of photographing patients of different races. There are fundamental differences in the physics of how light interacts with different skin tones that can make documenting conditions on skin of color more difficult, says Chrystye Sisson, associate professor and chair of the photographic science program at Rochester Institute of Technology, the only such program in the nation. 

Interactions between light, objects, and our eyes allow us to perceive color. For instance, a red object absorbs every wavelength of light except red, which it reflects back into our eyes. The more melanin there is in the skin, the more light it absorbs, and the less light it reflects back.

But standard photographic setups don’t account for those differences.

One of the things that I routinely experience shooting street photography in a multicultural city is just how screwy camera defaults treat individuals of different racial backgrounds. And I’ve yet to find a single default that captures darker skin accurately despite shooting for many years.

Categories
Links Writing

Mandatory Patching of Serious Vulnerabilities in Government Systems

Photo by Mati Mango on Pexels.com

The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for building national capacity to defend American infrastructure and cybersecurity assets. In the past year they have been tasked with receiving information about American government agencies’ progress (or lack thereof) in implementing elements of Executive Order 14028: Improving the Nation’s Cybersecurity and have been involved in responses to a number of events, including Solar Winds, the Colonial Pipeline ransomware attack, and others. The Executive Order required that CISA first collect a large volume of information from government agencies and vendors alike to assess the threats towards government infrastructure and, subsequently, to provide guidance concerning cloud services, track the adoption of multi factor authentication and seek ways of facilitating its implementation, establish a framework to respond to security incidents, enhance CISA’s threat hunting abilities in government networks, and more.1

Today, CISA promulgated a binding operational directive that will require American government agencies to adopt more aggressive patch tempos for vulnerabilities. In addition to requiring agencies to develop formal policies for remediating vulnerabilities it establishes a requirement that vulnerabilities with a common vulnerabilities and exposure ID be remediated within 6 months, and all others with two weeks. Vulnerabilities to be patched/remediated are found in CISA’s “Known Exploited Vulnerabilities Catalogue.”

It’s notable that while patching is obviously preferred, the CISA directive doesn’t mandate patching but that ‘remediation’ take place.2 As such, organizations may be authorized to deploy defensive measures that will prevent the vulnerability from being exploited but not actually patch the underlying vulnerability, so as to avoid a patch having unintended consequences for either the application in question or for other applications/services that currently rely on either outdated or bespoke programming interfaces.

In the Canadian context, there aren’t equivalent levels of requirements that can be placed on Canadian federal departments. While Shared Services Canada can strongly encourage departments to patch, and the Treasury Board Secretariat has published a “Patch Management Guidance” document, and Canada’s Canadian Centre for Cyber Security has a suggested patch deployment schedule,3 final decisions are still made by individual departments by their respective deputy minister under the Financial Administration Act.

The Biden administration is moving quickly to accelerate its ability to identify and remediate vulnerabilities while simultaneously lettings its threat intelligence staff track adversaries in American networks. That last element is less of an issue in the Canadian context but the first two remain pressing and serious challenges.

While its positive to see the Americans moving quickly to improve their security positions I can only hope that the Canadian federal, and provincial, governments similarly clear long-standing logjams that delegate security decisions to parties who may be ill-suited to make optimal decisions, either out of ignorance or because patching systems is seen as secondary to fulfilling a given department’s primary service mandate.

  1. For a discussion of the Executive Order, see: “Initial Thoughts on Biden’s Executive Order on Improving the Nation’s Cybersecurity” or “Everything You Need to Know About the New Executive Order on Cybersecurity.” ↩︎
  2. For more, see CISA’s “Vulnerability Remediation Requirements“. ↩︎
  3. “CCCS’s deployment schedule only suggests timelines for deployment. In actuality, an organization should take into consideration risk tolerance and exposure to a given vulnerability and associated attack vector(s) as part of a risk‑based approach to patching, while also fully considering their individual threat profile. Patch management tools continue to improve the efficiency of the process and enable organizations to hasten the deployment schedule.” Source: “Patch Management Guidance↩︎
Categories
Solved

Solved: “A Server With This Hostname Cannot Be Found” In iOS

For the past few days whenever I’ve been using my iPhone on a cellular connection I’ve been unable to play podcasts or stream music, or do anything else that requires an Internet connection. The title of this post refers to the error I was receiving in Apple Music whenever I tried to play something.

After spending a bit of time diagnosing the issue it became apparent that the problem originated in the VPN service that I use to scan for, and block, trackers and malicious content. Specifically, the 1Blocker application currently has a problem when it uses DNS Proxy-based scanning for its firewall.

While one solution involves disabling 1Blocker’s VPN functionality entirely1 you can also switch to HTTP Proxy-based scanning in 1Blocker to resolve the issue. To do so:

  1. Open the 1Blocker application
  2. Open the Firewall tab
  3. Click the ‘…’ in the upper right corner
  4. Select ‘HTTP Proxy’

At the moment the company is asserting that the problem originates from “an ongoing connectivity issue that affects some mobile network operators.” No further information has been provided.

It’s possible that this will be resolved if carriers fix whatever is wrong on their end, though there isn’t a public ETA for this occurring at the moment.

  1. Settings > VPN > the (i) button beside 1Blocker > Turn off ‘Connect on Demand’ > return to VPN and set status to ‘Disconnected’ ↩︎
Categories
Photography

My Glass Public Profile

I’ve recently written about the concerns that I have about Instagram, and my assessment of whether I wanted to port my online photo sharing to either Flickr or Glass. As of October 27, Glass has enabled public profiles so non-members can view the work that photographers have published on the service. You can check mine out!

I…really like how the profiles look on Glass at the moment. I’ve been posting with some frequency (all black and whites, with a focus on street photography) and the flow model to capture and then post photographs has been simple and seamless.

I also really like the experience of having to comment on other photographs instead of ‘liking’ them. This engagement strategy means that when I interact with other photographers’ pieces I need to leave at least some kind of meaningful comment. As a result, I need to slow down and think a bit more about a photograph and I think that’s a good thing for me–the viewer–and the photographer who hopefully gets more meaningful (if less frequent) engagement.

I like Glass enough that I’ve ponied up for a one year subscription. The developers are pushing out significant quality of life updates to the application and, on the whole, it’s currently pretty fun to use and is clearly intended to be used by photographers, as well as other individuals who are interested in photography and just don’t want to deal with the grossness of Instagram and want something a little fresher than Flickr.

Based on my experiences thus far I’d heartily recommend that you check out the service, as well as my public profile!

Categories
Photo Essay Photography

Vacation Street Photography Challenge

(Come Towards the Light by Christopher Parsons)
(Come Towards the Light by Christopher Parsons)

This year I took a very late vacation while Toronto was returning to its new normal. I’ve been capturing the city throughout the COVID-19 pandemic and I wanted to focus in on how the streets felt.

During the pandemic we’ve all been attached to our devices, and our phones in particular, and thus decided to document the city through the lens of our ever-present screen: the smartphone. I exclusively shot with my iPhone 12 Pro using the Noir filter. This filter created a strong black and white contrast, with the effect of deepening shadows and blacks and lifting highlights and whites. I choose this, over a monotone, as I wanted to emphasize that while the city was waking up there were still stark divides between the lived experiences of the pandemic and a continuation of strong social distancing from one another.

(Between Frames by Christopher Parsons)
(Calm Decay by Christopher Parsons)
(Reflections by Christopher Parsons)
(The Guarded Groom by Christopher Parsons)

95% of my photos were captured using ProRaw with the exception of those where I wanted to utilize Apple’s long exposure functionality in the Photos application.

(Caught by Christopher Parsons)
(Just Passing by Christopher Parsons)

Darkroom Settings

In excess of the default Noir filter, I also created a secondary filter in Darkroom that adjusted what came off the iPhone just a bit to establish tones that were to my liking. My intent was to make the Noir that much punchier, while also trying to reduce a bit of the sharpness/clarity that I associate with Apple’s smartphone cameras. This adjustment reflected, I think, that digital communications themselves are often blurrier or more confused than our face-to-face interactions. Even that which seems clear, when communicated over digital systems, often carries with it a misrepresentation of meaning or intent.

Continue reading “Vacation Street Photography Challenge”
Categories
Writing

Apple Music Voice Plan- The New iPod Shuffle?

A lot of tech commentators are scratching their heads over Apple’s new Apple Music Voice Plan. The plan is half the price of a ‘normal’ Apple Music subscription. If subscribed, individuals will can ask Siri to play songs or playlists but will not have access to a text-based or icon-based way to search for or play music.

I am dubious that this will be a particularly successful music plan. Siri is the definition of a not-good (and very bad) voice assistant.

Nevertheless, Apple has released this music plan into the world. I think that it’s probably most like the old iPod Shuffle that lacked any ability to really select or manage an individual’s music. The Shuffle was a cult favourite.

I have a hard time imagining a Siri-based interface developing a cult following like the iPods of yore, but the same thing was thought about the old Shuffle, too.

Categories
RPG

Playlist for Gloomhaven- Jaws of the Lion

  • (Adventure Ho! by Christopher Parsons)

For the past several months a group of us have been playing Gloomhaven: Jaws of the Lion. Jaws of the Lion is meant to be the ‘intro to Gloomhaven’ boxed set, though we’ve experienced a relatively steep learning curve and I’ve spent a lot of time trying to figure out some of the more confusing or unclear rules.

Anyhow! I built a playlist for Jaws of the Lion, just as I did for the Dungeons and Dragons campaigns we’ve played.1 I’ll continue to update it periodically, though not regularly.

If you’re interested in using the playlist for Gloomhaven: Jaws of the Lion we’re using, you can find it at Apple Music.

  1. I’ve previously published a consolidated listing of the playlists we’ve used for D&D’s Lost Mines of Phandelver ↩︎

Categories
Writing

Detecting Academic National Security Threats

Photo by Pixabay on Pexels.com

The Canadian government is following in the footsteps of it’s American counterpart and has introduced national security assessments for recipients of government natural science (NSERC) funding. Such assessments will occur when proposed research projects are deemed sensitive and where private funding is also used to facilitate the research in question. Social science (SSHRC) and health (CIHR) funding will be subject to these assessments in the near future.

I’ve written, elsewhere, about why such assessments are likely fatally flawed. In short, they will inhibit student training, will cast suspicion upon researchers of non-Canadian nationalities (and especially upon researchers who hold citizenship with ‘competitor nations’ such as China, Russia, and Iran), and may encourage researchers to hide their sources of funding to be able to perform their required academic duties while also avoiding national security scrutiny.

To be clear, such scrutiny often carries explicit racist overtones, has led to many charges but few convictions in the United States, and presupposes that academic units or government agencies can detect a human-based espionage agent. Further, it presupposes that HUMINT-based espionage is a more serious, or equivalent, threat to research productivity as compared to cyber-espionage. As of today, there is no evidence in the public record in Canada that indicates that the threat facing Canadian academics is equivalent to the invasiveness of the assessments, nor that human-based espionage is a greater risk than cyber-based means.

To the best of my knowledge, while HUMINT-based espionage does generate some concerns they pale in comparison to the risk of espionage linked to cyber-operations.

However, these points are not the principal focus of this post. I recently re-read some older work by Bruce Schneier that I think nicely casts why asking scholars to engage in national security assessments of their own, and their colleagues’, research is bound to fail. Schneier wrote the following in 2007, when discussing the US government’s “see something, say something” campaign:

[t]he problem is that ordinary citizens don’t know what a real terrorist threat looks like. They can’t tell the difference between a bomb and a tape dispenser, electronic name badge, CD player, bat detector, or trash sculpture; or the difference between terrorist plotters and imams, musicians, or architects. All they know is that something makes them uneasy, usually based on fear, media hype, or just something being different.

Replace “terrorist” with “national security” threat and we get to approximately the same conclusions. Individuals—even those trained to detect and investigate human intelligence driven espionage—can find it incredibly difficult to detect human agent-enabled espionage. Expecting academics, who are motivated to develop international and collegial relationships, who may be unable to assess the national security implications of their research, and who are being told to abandon funding while the government fails to supplement that which is abandoned, guarantees that this measure will fail.

What will that failure mean, specifically? It will involve incorrect assessments and suspicion being aimed at scholars from ‘competitor’ and adversary nations. Scholars will question whether they should work with a Chinese, Russian, or Iranian scholar even when they are employed in a Western university let alone when they are in a non-Western institution. I doubt these same scholars will similarly question whether they should work with Finish, French, or British scholars. Nationality and ethnicity lenses will be used to assess who are the ‘right’ people with whom to collaborate.

Failure will not just affect professors. It will also extend to affect undergraduate and graduate students, as well as post-doctoral fellows and university staff. Already, students are questioning what they must do in order to prove that they are not considered national security threats. Lab staff and other employees who have access to university research environments will similarly be placed under an aura of suspicion. We should not, we must not, create an academy where these are the kinds of questions with which our students and colleagues and staff must grapple.

Espionage is, it must be recognized, a serious issue that faces universities and Canadian businesses more broadly. The solution cannot be to ignore it and hope that the activity goes away. However, the response to such threats must demonstrate necessity and proportionality and demonstrably involve evidence-based and inclusive policy making. The current program that is being rolled out by the Government of Canada does not meet this set of conditions and, as such, needs to be repealed.