Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Links

How do young people afford a house? They find roommates.

How do young people afford a house? They find roommates:

“When you look at the home market for first-time buyers, to get in can seem like an insurmountable task,” says Aaron Zifkin, Airbnb’s country director for Canada. “In a lot of our host community meet-ups, we’re seeing a lot of people who are really excited being able to bridge that pay point by earning a little extra income from a nanny suite.” Or, if no nanny suite exists, the pullout couch in the living room might do.

In Vancouver, for example, more than half of the money taken in by the 4,200 Airbnb hosts went to pay for necessities like the rent, mortgage or groceries, according to a company report released in July. With the typical host earning $6,500 each year, more than half of them said the extra cash was a reason they could afford to stay in their home. Seven per cent said the money helped them avoid foreclosure.

But don’t worry: there isn’t really a housing crisis in major metropolitan areas when people have to rent (parts of) their home in order to avoid forclosure. And the fact that roommates are a requirement for many 30-somethings to purchase 850ft condos in Toronto is entirely appropriate.

Categories
Links

Waiting for Android’s inevitable security Armageddon

Waiting for Android’s inevitable security Armageddon:

Android has around 75-80 percent of the worldwide smartphone market—making it not just the world’s most popular mobile operating system but arguably the most popular operating system, period. As such, security has become a big issue. Android still uses a software update chain-of-command designed back when the Android ecosystem had zero devices to update, and it just doesn’t work. There are just too many cooks in the kitchen: Google releases Android to OEMs, OEMs can change things and release code to carriers, carriers can change things and release code to consumers. It’s been broken for years.

This editorial was written over a year ago. And it’s as true, today, as it was the day it was written. Imagine if car companies just kept releasing the same dangerous, flawed, and fixable devices despite rampant car crashes, accidents, and other mishaps.

That’s Google today, as it continues to push flawed versions of Andrew, and today’s OEMs (e.g. Samsung, HTC) and carriers (e.g. Rogers, AT&T, Vodafone). The insecurity of Android constitutes a basic safety and human rights issue at this point given how states exploit Android vulnerabilities to target dissidents, journalists, academics, writers, and the public more generally. And yet none of the core parties reponsible for these major security failures are making genuine efforts to actually fix the problem because they don’t think they have to care.

Categories
Links

Copperhead OS: The startup that wants to solve Android’s woeful security

Copperhead OS: The startup that wants to solve Android’s woeful security:

Linux device drivers have been the operating system’s Achilles heel since day one, and the Android platform is no exception. Android phones ship with kernels frozen to ensure driver compatibility—which usually means that a new Android device comes with a kernel that’s already a year or two old.

“It’s like if you have a printer and the last printer driver made was for Windows 95, you can never upgrade your computer to a newer version,” Soghoian explains. “Android is bigger than just Google, and when Google’s partners drag their feet it undermines the security of the entire ecosystem.”

As an Android device ages, the kernel may get backported security patches, depending on the OEM’s willingness to push updates, but the handset will miss out on the latest security advances, since upgrading the kernel would break hardware compatibility with the drivers.

There are a lot of great things about Android. Device and data security just aren’t amongst them.

Categories
Links

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open:

Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called “golden key”—which allows users to unlock any device that’s supposedly protected by Secure Boot, such as phones and tablets.

The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.

And while this means that enterprising users will be able to install any operating system—Linux, for instance—on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.

There’s a lot that can be said about this absolute debacle. I’ll restrain myself to two things:

  1. This is the exact kind of problem that crops up when you include backdoors in software: eventually the information required to exploit the backdoors emerge.
  2. Microsoft’s own leakage of the key is one of the most amazing ‘own goals’ in recent security history. It’s going to be one for the history books.

Also: remember when Apple said they didn’t, and would vigorously fight, any effort to backdoor their operating systems? Microsoft’s absolutely failure to secure the cryptographic material is just one rationale behind Apple’s security posture.

Categories
Links

Netflix Adopts Efficient HTTPS Encryption For Its Video Streams

Netflix Adopts Efficient HTTPS Encryption For Its Video Streams:

Netflix has been reluctant to adopt HTTPS for its video streams so far because delivering video is already a bandwidth-heavy task, and adding encryption on top of that risked adding too much overhead. To solve this problem, the company searched for the ideal cipher and its fastest implementation.

Encrypting everything matters because third-parties can use our unique ‘tells’, be they video watching, online reading, music listening, website browsing, or other human behaviours to track us across the Internet. Some of these trackers are other companies, some of them are governments, and some are just questionable groups of hackers.

Netflix’s adoption of HTTPS for their entire service line is a good thing but, now, it’ll be important to actually test the implementations of HTTPS. Unfortunately, most implementations suffer some kind of deficiency and it’s more likely than not that Netflix’s initial deployment will be similarly flawed.

Categories
Links

Chrome starts retiring Flash in favor of HTML5

Thank god that this absolute blight on computer security is finally starting to be fully deprecated. Which means it should only continue to be a problem until the mid- to late-2020s as people gradually upgrade their devices to those which will not run Flash content by default…

Categories
Aside Quotations

2016.8.10

We have never had absolute privacy in this country. Cars, safe deposit boxes, our apartments, our houses, even the contents of our minds—any one of us, in appropriate circumstances, can be compelled to say what we saw. We have never lived with large swaths of our life off limits, where judicial authority is ineffective. That is something we need to talk about. I don’t think the FBI should tell people what to do. I don’t think tech companies should tell people what to do. The American people need to decide.

James Comey, Director of the FBI

The problem is that Comey is simply wrong: the state has never held absolute power over citizens. The 5th Amendment in the United States guarantees a right to avoid testifying against oneself. Our devices are now so personalized with our communciations, thoughts, banking, business, and life that they are functionally a self-testamonial about our lives.

Moreover, even when some evidence is unavailable – be it because authorities don’t know to look for it, or cannot find it – that doesn’t immediately mean that a case is terminated. Instead, a range of powers as well as alternate charges can be brought to bear. And the price of a democracy is that, sometimes, authorities cannot bring charges against people they suspect but cannot prove may have broken the law. This restraint on state power is a core feature of liberal democratic governance and is a restraint that needs to be maintained so that we can all enjoy our freedoms.

Categories
Links

Jawbone reportedly tried to sell itself

Jawbone reportedly tried to sell itself:

Jawbone’s hunger to sell itself is evidence of how dire the situation has become for one of leading wearable tech companies in the industry. Competitor Fitbit has managed to increase sales of its fitness trackers even with Apple participating. Jawbone, on the other hand, has seen its relevance in the market wither with time, as it’s transitioned from bluetooth audio products to wrist-worn fitness bands. Many other wearable makers, including Misfit and Basis, have sold themselves to large tech or apparel companies, and even giants like Nike have gotten out of the wearable hardware business. Jawbone’s fate may be similar, but it’s running out of time. According to The Information, Jawbone delayed payment to one of its business partners this month.

Jawbone is sitting on a lot of user information. While they sell physical things, I’m mostly interested in knowing the value of all the fitness information that will presumably be sold as part of the business.

Categories
Links

Saudi Millennials Don’t Use Their Phones Like We Do

Saudi Millennials Don’t Use Their Phones Like We Do:

… the problem lies in [the branding/marketing companies’] intent: Instead of entering new markets with an open mind, they approach with a strategy in place and then look for the people who prove their theories right. “The only thing worse than not asking the questions, is not paying attention to the answers that don’t fit into their world view, because it’s inconvenient,” says Chipchase.

Set aside the headline. This longish read does a good job of explaining why it makes sense to hire an ethnographer before developing (to say nothing of launching) a product and, simultaneously, the intense amount of work that goes into launch a new product with a unique brand identity.

Categories
Links

Major Qualcomm chip security flaws expose 900M Android users

Major Qualcomm chip security flaws expose 900M Android users:

Qualcomm makes chips for the majority of the world’s phones, holding a 65 percent share of the market. Most of the major recent Android devices are expected to be affected by the flaw, including:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6, and Nexus 6P
  • HTC One, HTC M9, and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2, and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

Three of the four holes have already been patched, with a solution for the fourth on the way. However, most users are at the mercy of their handset manufacturers if they want these patches applied. Owners of Google’s Nexus devices have already had patches pushed to their phones, but other manufacturers have historically been less interested in patching flaws found in their devices after release.

In many cases these updates will never be released, leaving people permanently vulnerable to this very, very, very serious vulnerability. But hey: at least it only affects around 12-13% of the world’s population. Maybe phone manufacturers and cellular carriers will actually promptly act to protect their users when closer to 20-35% of the world population is affected by the next Android vulnerability…