Category: Writing

Categories
Links Writing

Why Great Leaders Never Stop Learning

A recently published podcast by Harvard Business Review focused on the importance for leaders to never stop learning. The interview with David Novak — formerly of Yum! Foods — had a range of insights but the ones that stuck with me included:

  • If your job has become rote — it may be busy but you know how to solve for all the challenges that arise — then it’s likely time to find a new challenge
  • If you’re looking for a way of inspiring yourself to improve your organization or team, ask yourself “what would be the first priorities of someone who assumed my role after I left?” And then work to address those priorities!
  • Find people in surrounding fields that are different from your own and learn from them. If another organization is doing great things learn from them and how the underlying intentions or principles guiding their success can be adapted into your own organization.

Highly recommend this episode if you’re looking for a bit of inspiration in how you can develop yourself and your professional organization.

Categories
Links Writing

The Effects of Reduced Trust Amongst Cybercriminals

A new article on Binding Hook, by Jason R.C. Nurse and William Lyne, provides an insightful assessment of how the ransomware ecosystem is evolving.

Specifically, they note that:

  • Centralized platforms are giving way to decentralized means of exchanging information (e.g. credentials now disclosed or distributed over Telegram and not a singular website or forum)
  • There is a wider, and more dispersed, group of threat actors with the effect of enabling more flexible organizational structures
  • Fragmentation around ransomware groups and operations is not translating into fragmentation of other criminal activities (e.g., social engineering or romance scams)
  • Takedowns of centralized platforms enabling Ransomware as a Service, along with exit scams, is resulting in operators avoiding locations that depend on social trust

It’s not stated but, also, as there is a more diverse set of ransomware operators — and especially if some are less ‘professional’ than others — this may make it more challenging to assess statements they make towards victims (e.g., pay us and this all goes away). It may also make it more challenging to assess or confirm whether operators will destroy or delete data upon payment. In effect, the reduction of trust in the ransomware ‘marketplace’ may have knock-on effects that affect the valuation of ransomware operations and ability to extract payments from victims.

Categories
Links Writing

AI-Assisted Vulnerability Hunting is Here

Aisle’s recent blog, “What AI Security Research Looks Like When It Works,” does a nice job in explaining the utility of LLM-enabled security research. Properly scoped and resourced, researchers can identify serious vulnerabilities that make communities much safer after patches are applied.

However, there is a distinction between high-quality reports and slop-quality reports. Some groups, such as those operating open source projects, are seeing increasing amounts of low-quality reports that are overwhelming their ability to triage incoming reports.

Aisle highlights several emergent challenges associated with LLM-enabled security research:

  1. If vulnerability reporting increases while maintainer numbers remain flat, there is a question of whether this will cause burnout among maintainers and thus impair both security- and feature-related development.
  2. Whether the 90-day responsible disclosure window remains appropriate, or needs to be tightened, in the current era of LLM-assisted discovery. At the same time, how can or should vulnerability reports be deduplicated?
  3. Whether the ability to identify and patch vulnerabilities will ultimately favour defenders or attackers.
  4. The community’s response to a substantial shift in vulnerability discovery remains uncertain.

There are a few other considerations not taken up in Aisle’s blog:

  1. To what extent will the increased ability of attackers to find vulnerabilities shift who is identified as an ‘advanced’ threat actor? While persistence is currently still linked to resourcing to maintain operations, if serious vulnerabilities (and their chains) become more widely discoverable, what effect will this have on a broader subset of actors being able to conduct cyber operations?
  2. In what ways will the organizations producing foundational models need to build in user identity or verification functionalities or access controls to potentially restrict who can (and cannot) use the models to undertake cybersecurity research?
  3. What might occur if adversaries attempt to poison training data or model weights in order to impede specific forms of LLM-enabled cybersecurity research, either now or in the future?
Categories
Links Writing

Canadian AI Sovereignty: The Interplay Between Technical and Regulatory Pressures

Khan and Jancik’s recent article, “Canadian AI sovereignty: A dose of realism” offers a structured way of assessing sovereignty claims and subsequently undertaking actions that might reasonably follow from this assessment. They set out a spectrum wherein some applications of AI systems may require heightened sovereign ownership or localization, and others where sovereign requirements might be applied more narrowly to establish reliability and control over facets of AI systems.

They offer a series of analytic questions that organizations (and governments) can ask in assessing whether a given investment will advance Canada’s sovereignty interests:

  1. Is there a compelling policy rationale or public interest objective?
  2. Is the sovereign solution competitive?
  3. Is it viable at Canadian scale?

They assert that bringing AI sovereignty policies to life, at scale, requires state capacity to be developed (e.g., technical experts must be hired to guide decision-making), there must be coordinated AI strategies across levels of government, and business ecosystems must be developed amongst Canadian businesses.

Of note, their assessment is guided by an assertion that AI sovereignty will depend on technical decisions, first, and not regulatory conclusions or rule making. They make this based on their perception that regulation has (generally) had limited effects to date.

While certainly true that regulation moves at a different pace than technological innovation, the early efforts of a range of governments to coordinate on core values, principles, and expectations have laid the groundwork for contemporary regulatory efforts. The effects of such groundwork are being increasingly seen in various jurisdictions as regulators issue guidance, decisions, and undertake policymaking activities under their own responsibilities.

Such activities are being seen at national as well as state and provincial levels. One of the notable developments has been that privacy regulators have often been the first to move given the ways in which AI systems may rely on personal information throughout the data lifecycle. That could change as AI safety and consumer protection organizations increasingly focus on risks and challenges linked to AI systems’ applications but, to date, such regulators are often behind those of data protection bodies.

Categories
Writing

Dromology in the Age of Synthetic Cognition

Paul Virilio was a French cultural theorist well known for his theory of dromology. Dromology explores the logics and impacts of speed in the modern era. At its core, it theorizes how the velocity of action or decision-making enables actors to accrue wealth and power over others. Virilio often approached this concept through the lens of martial power, contemplating how new means of movement — the horse, the automobile, telemetric control — created new capacities to overcome the frictions of time and space, and to overcome adversaries through heightened sensing and accelerated decision-making.

We exist in an era of digital intensification. Cybernetic systems are now core to many people’s daily realities, including systems over which they have little meaningful influence or control.1 Earlier digital modernity was often described as an “attention economy.” Today, we may be entering what I’ll call a “velocity economy,” which is increasingly grappling with the implications of a faster-moving world.

Continue reading “Dromology in the Age of Synthetic Cognition”
Categories
Links Writing

Trusted Content Calls for Trusted Identities

Adam Mosseri recently posted about how Instagram is evolving to arbitrate what is, or is not, truthful in a generative AI era. Om Malik’s analysis of said post is well worth the time to read and, in particular, his framing of Instagram’s movement into what he calls a ‘trust graph’ era:

[Instagram] has moved from the social graph era, when you saw posts from people you knew, to the interest graph era, when you saw what algorithms though [sic] you will like. It is now entering a trust graph era, in which platforms arbitrate authenticity. And it is being dragged into this new era. [^ Emphasis added.]

AI is flooding the system, and feeds are filling with fakes. Visual cues are no longer reliable. Platforms will verify identities, trace media provenance, and rank by credibility and originality, not just engagement.

Malik’s framing is useful not simply because it captures a product evolution, but because it gestures toward a deeper shift, and one whose implications extend well beyond Instagram as a platform. Namely, platforms are positioning themselves as arbiters of authenticity and credibility in an environment where traditional signals of truth are increasingly unstable.

There are some efforts to try and assert that certain content has not been made using generative systems. Notwithstanding the visibility that Meta possesses to try to address problems at scale, what is becoming more salient is not merely a technical response to synthetic media, but a broader epistemic and ontological shift that increasingly resembles Jean Baudrillard’s account account of simulacra and life lived in a state of simulation:

Simulacra are copies that depict things that either had no original, or that no longer have an original. Simulation is the imitation of the operation of a real-world process or system over time.

This framing matters because efforts to ground authenticity and truth are predicated on the existence of an original, authentic referent that can be recovered, verified, or attested to.

Generative AI content can, arguably, be said to largely be divorced from the ‘original’ following the vectorization and statistical weighting of content; at most, the ‘original’ may persist only as a normalized residue within a lossy generative process derived from the world. Critically, generative systems do not simply remix content; they dissolve the very reference points on which provenance and authenticity regimes depend. And as generative LLMs (and Large World Models) are increasingly taken up, and used to operate the world in semi-autonomous ways, rather than to simply represent it, will they not constitute an imitation of the operation of real-world processes or systems themselves?

This level of heightened abstraction will, to some extent, be resisted. People will seek out more conservative, more grounded, and perceptibly more ‘truthful’ representations of the world. Some companies, in turn, may conclude that it is in their financial interest to meet this market need by establishing what is, and is not, a ‘truthful’ constitutive aspect of reality for their users.

How will companies, at least initially, try to exhibit the real? To some extent, they will almost certainly turn to identity monitoring and verification. In practice, this means shifting trust away from content itself and toward the identities, credentials, and attestations attached to published content. In this turn, they will likely be joined by some jurisdictions’ politicians and regulators; already, we see calls for identity and age verification regimes as tools to ameliorate online harms. In effect, epistemic uncertainty about content may be displaced onto confidence in identities attached to content.

This convergence between platform governance and regulatory activity may produce efforts to stabilize conservative notions of truth in response to emergent media creation and manipulation capabilities. Yet such stabilization may demand heightened digital surveillance systems to govern and police identity, age, and the generation and propagation of content. The mechanics of trust, in other words, risk becoming the mechanics of oversight and inviting heightened intrusions into private life along with continued erosion of privacy in digital settings.

Regardless of whether there is a popping of the AI bubble, the generative AI systems that are further throwing considerations of truth into relief are here to stay. What remains unsettled is not whether platforms will respond, but how different jurisdictions, companies, and regulators will choose to define authenticity, credibility, and trust in a world increasingly composed of simulacra and simulations. Whether the so-called trust-graph era ultimately serves users—or primarily reasserts institutional authority under conditions of ontological and epistemic uncertainty—will remain one of the more intriguing technology policy issues as we move into 2026 and beyond.

Categories
Photography Writing

The Beauty of the Everyday

I really liked Robin Wong’s reflection on why he keeps returning to the same streets to make his images.

the beauty of doing the same routines, walking the same paths is the familiarity of the location, and you know every turn and corner, you know the details inside out, so you can be prepared for the unexpected. That is also the exciting part of shooting on the streets, you will find something unusual, something you will not know will happen beforehand, and the surprise is worth the redundant process of walking the same streets all over again. […] It isn’t about finding something completely new or extra-ordinary to shoot but finding beauty in the most ordinary settings and make it worth clicking your shutter button for.[^ Emphasis added.]

Like Wong, I’ve found that familiarity can sharpen my eye. Because I walk the same places regularly, I’m able to find the images I do. Having seen the same scene hundreds of times, I can tell when something has changed or that there’s some novelty in the scene that’s before me.

To some extent I think of regularly seeing the same scenes a little like drinking whiskey. At first, whiskey just tastes hot and spicy; any differences seem more theoretical than real. But over time you notice subtle nuances and also detect rarified variances between what you’re enjoying. And you can get excited over little things that really aren’t apparent or distinguishable to someone that hasn’t built up the same kind of palate.

When you walk the same streets over and over, you develop your own sense of what should and shouldn’t be there. You can detect what’s normal or novel. By training your eye on these common spaces, you develop your style. If you need to find something novel in the same place over and over, you’ll develop a unique way of seeing the world, whereas if you’re always seeing a new place you don’t need to stretch in quite the same way — you don’t need to push yourself to develop your sense of what is visually interesting to you.

All of which is to say: from afar, street photography can look pretty dull or boring because there’s a lot of repetition. It’s exactly this repetition, however, that helps you discover the kind of photographer you are.

Categories
Photography Writing

Supporting Artistic Creativity

Back in February 2022, I made a commitment to myself. I set out to add a bit more positivity to the internet by reaching out to writers whose work inspired me, or photographers whose images resonated with me. I wanted to thank them for their efforts and let them know their work was appreciated.

Recognizing People Matters

It is all too common for people to move through life without peers, friends, or family recognizing the importance of their work or the ways they’ve shaped others’ lives. In my personal life, it was only after my father died that many of the kids he’d mentored reached out to me to share how he had positively affected the course of their lives. His Facebook feed was filled with comments from people who had benefitted from his generosity and kindness. But I was left wondering: had they ever told him directly about his impact? And if they had, might he have avoided his death of despair?

And I’ve seen the power of professional recognition–and felt the cost of its absence. Years ago, after a major project wrapped up, I realized I had forgotten to recognize the exemplary contribution of a junior staff member. I went back into the room to point out how critical their work had been. That small moment of recognition, as it turned out, had a profound impact on their career trajectory. And it was only after I left my last professional job that people contacted me from around Canada about how the work I produced had influenced them, their practice, and their thinking. I’ll be honest: when I left that job, I felt like I’d been writing into a void. Almost no one ever directly recognized the work I was producing or the value they placed in it.

Recognizing Creatives

On Glass, I try to leave a couple of comments on other photographers’ work each month. Sometimes those comments are short, like “Love the composition!👏👏👏 ,” or “Great use of tonality across the frame! 👏👏👏” Other times, when I have more bandwidth, I write longer, more substantive reflections on what I see in their images.

I think this kind of recognition matters. Too often, we wait until it’s too late to share it. Positive, explicit recognition can motivate people who may not have received much encouragement otherwise. It’s one of the many reasons why I support Neale James’ Photowalk Podcast and the community of kindness that he fosters with every single episode.

Lately I’ve been thinking about how to take this further. For me, the next step has been to begin collecting prints or zines from photographers whose work or practice I deeply admire. I’m not buying prints from the famous names you see in galleries–no Martin Parrs for me!–but photographers working in niches that speak to me. Owning their prints feels special. It’s not just me saying “great work,” it’s me saying, to them, “I value this enough to want it in my home.”

Ownership is a Kind of Intimacy

There are practical challenges with purchasing other people’s work. As we know, shipping expenses, cost of making physical artefacts, and the economic realities facing both buyers and artists can impede purchasing other creatives’ work. We can’t all afford to purchase prints regularly. But even buying one piece every year, every few years, or even once a decade can make a meaningful difference. It’s a way of supporting creativity and giving artists recognition that lasts.

What’s powerful about this isn’t only the financial support. It’s the intimacy of having someone’s work become part of your everyday life. Unlike a gallery exhibition, which is temporary and public, a print hanging in your home or office is permanent and personal. It shapes the space you live in, and every time you see it you’re reminded of the artist and the respect you have for their work.

That, to me, is one of the most profound ways we can support and recognize each other as creators. It’s something that I continue to do, and I appreciate the works of others that I have the privilege of viewing on a regular basis.

In closing, if a creator’s work inspires you then I’d strongly encourage you to leave a comment, send a note, or even consider acquiring a print. It might mean more than you know.

Categories
Photography Reviews Writing

An Amateur Photographer’s Mid-Term Review of the Leica Q2

Black-and-white street crowd at Yonge–Dundas; older woman adjusting hood, masked pedestrians, large bank ad billboard behind.”
(Yonge & Dundas, Toronto, 2024)

I’m an amateur Toronto-based documentary and street photographer, and have been making images on the street for over a decade. In the fall of 2023 I purchased a used Leica Q2. I’d wanted the camera for a while, but it wasn’t until late 2023 that I began running into situations where I’d benefit from a full-frame sensor. Since then I’ve been going out and making images with it at least once a week for hours at a time and have made tens of thousands of frames in all kinds of weather.

In this post I discuss my experiences using the Leica Q2 in a variety of weather conditions to make monochromatic JPG images. I tend to exclusively use either single-point autofocus or zone focusing, and either multi-field or highlight-weighted exposure modes, generally while using aperture priority at 1/500s to freeze action on the street. My edits to images have, previously, used Apple Photos and now rely on the Darkroom app on my iPad Pro. You can see the kinds of images that I’ve been making on my Glass profile.

Continue reading “An Amateur Photographer’s Mid-Term Review of the Leica Q2”
Categories
Writing

Amendments in Bill C-2 Would Establish an Intelligence Role for the Canadian Coast Guard

While much of the attention around Canada’s Bill C-2: An Act respecting certain measures relating to the security of the border between Canada and the United States and respecting other related security measures has focused on its lawful access and interception aspects, one notable change has flown under the radar: amendments to the Oceans Act that quietly expand the Canadian Coast Guard’s mandate to include intelligence functions.

Specifically, the bill proposes updating the Coast Guard’s responsibilities to include:

security, including security patrols and the collection, analysis and disclosure of information or intelligence.1

This language, paired with provisions granting the Minister explicit authority to collect, analyze, and disclose intelligence,2 marks a meaningful shift. The update would echo the U.S. model, where the Coast Guard is both a maritime safety organization and an intelligence actor. The U.S. Coast Guard Intelligence (CG-2) has long played a dual role in maritime domain awareness and national security operations.

Why does this matter?

There are a few strategic implications:
1. NATO and National Security Alignment: The expanded role may help Canada meet NATO funding expectations, especially where the Coast Guard is deployed to conduct maritime surveillance and to maintain an Arctic presence.
2. Statutory Authority: These changes might establish a legal basis for intelligence collection practices that are already occurring, but until now may have lacked clear legislative grounding.
3. Redundancy and Resilience: With global intelligence sharing under strain, having a domestic maritime intelligence function could serve as a backstop if access to allied intelligence is reduced.
4. Northern Operations: Coast Guard vessels, which are not militarized like Royal Canadian Navy warships, are well-positioned to operate in the Arctic and northern waters, offering intelligence capabilities without the geopolitical weight of a military presence.

To be clear, this wouldn’t transform the Canadian Coast Guard into an intelligence agency. But it would give the institution statutory authorities that, until now, have not explicitly been within its official purview.

It’s a small clause in a big bill, but one worth watching. As researchers, journalists, and civil society take a closer look at Bill C-2, this expansion of maritime intelligence authority could (and should) draw more attention.

  1. 30(2) of C-2, amending 41(1)(f) of the Oceans Act ↩︎
  2. 30(2) of C-2, amending 41(2) of the Oceans Act ↩︎