Policy wonk. Torontonian. Photographer. Not necessarily in that order.
One of the long(er) term goals of this site is to host my personal thoughts. But it’s meant consolidating stuff from medium-personal (as opposed to journal-like) sites. Today marked when I migrated + published more than 600 items. Only multiple hundred left!
Abstract:
In the aftermath of the Snowden revelations, the National Security Agency (NSA) responded to fears about warrantless domestic surveillance programs by emphasizing that it was collecting only the metadata, and not the content, of communications. When justifying its activities, the NSA offered the following rationale: because data involves content and metadata does not, a reasonable expectation of privacy extends only to the former but not the latter. Our paper questions the soundness of this argument. More specifically, we argue that privacy is defined not only by the types of information at hand, but also by the context in which the information is collected. This context has changed dramatically. Defining privacy as contextual integrity we are able, in the first place, to explain why the bulk telephony metadata collection program violated expectations of privacy and, in the second, to evaluate whether the benefits to national security provided by the program can be justified in light of the program’s material costs, on the one hand, and its infringements on civil liberties, on the other hand.
A terrific paper from Paula Kift and Helen Nissenbaum.
Every year, around February or March, the World Health Organization provides its recommendations on the composition of influenza vaccines for the northern hemisphere for the next flu season, based on its projections of what viruses are likely to be in circulation. But it’s hard to predict just how effective the vaccines will be.
In general, flu vaccines are around 50 per cent effective. But for the 2014-15 season, the vaccine effectiveness against H3N2 was less than 10 per cent. Flu shots are by no means perfect, but they’re still considered the best way of protecting people from getting sick.
The trivalent flu vaccine given this year, which contains three components, is comprised of an H1N1 vaccine component, an H3N2 component, and an influenza B component.
While the H1N1 component in this year’s flu shot has been updated for the coming season, the other two components have remained unchanged from last year’s flu vaccine, Skowronski says. Depending on which is the dominant strain this year, this could spell trouble.
“If it turns out to be a H3N2 season, then that means the vaccine effectiveness is likely to be suboptimal,” she says. That’s because last year, with the identical component, the vaccine effectiveness for H3N2 was around 35 to 40 per cent. And since the viruses are constantly changing and mutating, Skowronski says it’s unlikely the effectiveness of the same vaccine component will be any higher for the coming season. “That’s one of the unfortunate, concerning factors, frankly, from my perspective: that the H3N2 component is unchanged, yet we know the virus is changing.”
Even so, just because this year’s flu shot contains two out of three of the same components as last year’s, don’t think you won’t need to get vaccinated again if you got the shot last year. The updated influenza A component may help protect you in an influenza A outbreak, Warshawsky says. Plus, she adds, “We also know that the duration of protection doesn’t necessarily last well from one year to another. So relying on last year’s vaccine will not necessarily carry over protection to this year.”
The amount of information covered in the Globe and Mail’s article is really, really impressive. I learned a lot about the flu, vaccination, and how different vaccines interact with flu. Highly recommended.
New research from Google:
In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Using this dataset, we explore to what degree the stolen passwords—which originate from thousands of online services—enable an attacker to obtain a victim’s valid email credentials—and thus complete control of their online identity due to transitive trust. Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account. For these accounts, we show how hardening authentication mechanisms to include additional risk signals such as a user’s historical geolocations and device profiles helps to mitigate the risk of hijacking. Beyond these risk metrics, we delve into the global reach of the miscreants involved in credential theft and the blackhat tools they rely on. We observe a remarkable lack of external pressure on bad actors, with phishing kit playbooks and keylogger capabilities remaining largely unchanged since the mid-2000s.
From Cloudflare:
As the capacity of networks like Cloudflare continue to grow, attackers move from attempting DDoS attacks at the network layer to performing DDoS attacks targeted at applications themselves.
For applications to be resilient to DDoS attacks, it is no longer enough to use a large network. A large network must be complemented with tooling that is able to filter malicious Application Layer attack traffic, even when attackers are able to make such attacks look near-legitimate.
The pace of change in how DDOS attacks are being conducted, and efforts to use best and worst security practices alike to threaten Internet-connected resources, is a serious and generally under appreciated problem.
It’s another week closer to the end of the year, and another where high profile men have been identified as having engaged in absolutely horrible and inappropriate behaviours towards women. And rather than the most powerful man in the world — himself having self-confessed to engaging in these kinds of behaviour — exhibiting an ounce of shame, he’s instead supporting an accused man and failing to account for his past activities.
I keep going back and forth as to whether I want to buy a new Apple Watch; I have zero need for one with cellular functionality and, really, just want an upgrade to take advantage of some more advanced heart monitoring features. The initial reviews of the Apple Watch Series 3 were…not inspiring. But Dan Seifert’s review of the Apple Watch Series 3 (non-LTE) is more heartening: on the whole, it’s fast and if you already have a very old Apple Watch and like it, it’s an obviously good purchase. I just keep struggling, though, to spend $600 for a device that I know would be useful but isn’t self-evidently necessary. Maybe I’ll just wait until Apple Canada starts selling some of the refurbished Series 3 models…
While photographers deal with Gear Acquisition Syndrome (GAS), which is usually fuelled by the prayer that better stuff will mean better photos, I think that writers deal with the related Software Acquisition Syndrome (SAS). SAS entails buying new authoring programs, finding new places to write, or new apps that will make writing easier, faster, and more enjoyable. But the truth is that the time spent learning the new software, getting a voice in the new writing space, or new apps tend to just take away from time that would otherwise be spent writing. But if you’re feeling a SAS-driven urge to purchase either Ulysses or iA Writer, you should check out Marius Masalar’s comprehensive review of the two writing tools. (As a small disclosure, I paid for Ulysses and use it personally to update this website.)
If tapeworms are your thing then there’s some terrific shots of them included as part of an interview with tapeworm experts. A few gems include:
As much as I love the intimacy of a stable, healthy romantic partnership, I’ve always been wary of my need for loneliness and private time. I brandish my introvert badge with chutzpah. But, deep inside, whenever I got with someone and I needed to take time off to replenish, I always felt guilty. I felt like I wasn’t ready . That if I really, really wanted a relationship, I would not have this need to be by myself.
Tchassa Kamga, Before I Could Date Anyone, I had to Date Myself.
From The Canadian Press:
Doctors at Royal Columbian Hospital in New Westminster have complained that local police and RCMP officers are routinely recording conversations without consent between doctors and patients who are considered a suspect in a crime.
“They will be present when we are trying to question the patients and trying to obtain a history of what happened,” said Tony Taylor, an emergency physician who practises at the hospital.
“They have now recently started recording these conversations and often they will do that unannounced, which has a number of implications around confidentiality and consent.”
…
As far as doctors at Royal Columbian are concerned, the police are getting in the way of patient care.
Patients tend to clam up when police officers are present, Dr. Taylor said. “That makes it difficult to get those kind of history details that are critically important,” he said.
The idea that the police are present, and recording interactions between a doctor and patient, is patently problematic from a procedural fairness perspective. In the past the authorities have lost Charter challenges based on their attempts to exploit Canada’s one-person consent doctrine; I’d be very curious to know the legal basis for their recording persons who may be accused of a crime, in a setting clearly designated as deserving heightened privacy protections, and the extent to which that legal theory holds up under scrutiny.
Per Wired:
Woods, a 30-year-old with neatly floppy hair, is dressed tonight in a black button-down shirt and jeans. His DM performances—and being a dungeon master is a kind of performance—are often marked by excitable narration and winkingly melodramatic theatrics; at one point during tonight’s game, he gleefully pounds a hand into a fist, mimicking an arrow’s impact on an opponent.
He’s spent nearly three months preparing for this showdown, even hand-building a few model towers out of scrap wood and dowels. It’s one of the most elaborate adventures he’s crafted in his four-year career as a professional DM at schools and homes in Manhattan and Brooklyn. Sometimes, like tonight, the games are run in his apartment, where the bookshelves reach high with graphic novels and board games, and where the walls are decorated with full-color maps from D&D classics like Greyhawk and Isle of Dread.
…
But while Woods is one of several DMs-for-hire out there, this isn’t his hobby or a side gig; it’s a living, and a pretty good one at that, with Woods charging anywhere from $250 to $350 for a one-off three-hour session (though he works on a sliding scale). For that price, Woods will not only research and plan out your game but also, if you become a regular, answer your occasional random text queries about wizard spells. “He’s worth the money,” says Kevin Papa, a New York City educator (and occasional DM) who’s been part of this Friday-night game for more than a year. “Being a DM requires a lot of brainshare. I don’t know how Timm absorbs it all.”
When I was in high-school or my undergrad, I can see this as the type of job that I’d have loved. Though I think that the idea of a campaign’s length and narrative being based on sessions clients are willing to pay would create some challenging conditions for planning long-term stories; it’d definitely lend itself to a serialized type of play, where each session was like a mini-TV episode, as opposed to early sessions functioning as the opening scenes of a feature film.
A great, and as always helpful, reminder that what matters most isn’t the equipment you carry but your creativity and desire to use it on a regular basis.
Excited Pixels