Home Tags Toronto

Tag: Toronto

Britain’s new engineering university NMiTE names first Chief Executive and calls...

NMiTE, Britainrsquo;s new engineering university, has appointed Professor Janusz Kozinski as its inaugural President and Chief Executive.Kozinski, who will take up his post in Hereford on 1 July 2017, has wide experience as an international academic leader and entrepreneur. Most recently he orchestrated the creation of the Lassonde School of Engineering in Toronto, Canada.“This is perhaps the brightest and the boldest academic start up in recent times in the UK or anywhere else,” said Kozinski.“The... Source: RealWire

Report: Ban on laptops in planes may expand to Europe

A no-laptops rule might be imposed on flights from Europe to the US.

Colossal review: Everyone has a monster, most aren’t this fun

Anne Hathaway + kaiju monster = awesome film (though in ways you may not expect).

Northplains announces integration with ShotFlow One

Streamlining workflow from photo studio to creative teams.TORONTO, ON, April 6, 2017 – Northplains has announced an integration partnership with Shotflow One from Capture Integration, to accelerate campaign creative processes.

The result of this application-level integration, says Northplains, is a seamless workflow that delivers what the company calls “smart” images from the studio into the hands of creatives. Northplains describes these as images already containing rich descriptive information with the asset file itself, in the... Source: RealWire

Coders and librarians team up to save scientific data

On a windy, snowy night in Dover, N.H., about 15 people gathered in an old converted mill, staring at computer screens and furiously tapping at their keyboards.The group – some students, some programmers, and at least one part-time dishwasher and data entry clerk – were braving the snowstorm and volunteering their time to try to keep scientific data from being lost.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]It was one of dozens of data rescue events spread out in cities from Toronto to Los Angeles, and Houston to Chicago.

These events, many on university campuses, have been going on since December, bringing together software programmers, librarians and other volunteers who are trying to safely archive scientific data from government websites.To read this article in full or to leave a comment, please click here

Northplains introduces NorthplainsNEXT

Cloud-based next generation platform is a new way to manage the lifecycle of visual brand assets.TORONTO, ON, March 15, 2017 – Northplains has announced the launch of NorthplainsNEXT, a cloud-based content engagement platform which the company believes sets a new benchmark in managing visual assets. It delivers a complete, integrated solution for managing all interactions with content at every stage from ideation to distribution, overcoming the challenges of handling vast amounts of visual content in... Source: RealWire

The official Tor browser for iOS is free to use

EnlargeTechno Fishy reader comments 26 Share this story When Mike Tigas first created the Onion Browser app for iOS in 2012, he never expected it to become popular. He was working as a newsroom Web developer at The Spokesman-Review in Spokane, Washington, at the time, and wanted a Tor browser app for himself and his colleagues.

Expecting little interest, he then put Onion Browser on the Apple App Store at just $0.99/£0.69, the lowest non-zero price that Apple allows. Fast forward to 2016, and Tigas found himself living in New York City, working as a developer and investigative journalist at ProPublica, while earning upwards of $2,000 a month from the app—and worrying that charging for it was keeping anonymous browsing out of the hands of people who needed it. So a few weeks ago, he made the app free.
Since then, its popularity has exploded, with thousands of downloads recorded every day.

The results of the recent US presidential election might have had something to do with this decision, and its impressive results, Tigas told Ars. "Given recent events, many believe it's more important than ever to exercise and support freedom of speech, privacy rights, and digital security," he wrote in a blog post. "I think now is as good a time as ever to make Onion Browser more accessible to everyone." Global concerns also influenced his decision. "Iran is not technically a country where you can get an iPhone, but on the grey market you can," he told Ars. "People over there can't get apps you have to pay for, because you have to have a credit card that Apple actually accepts," he added, noting that economic sanctions forbid Apple from selling to Iranian iOS users. Onion Browser is the official Tor Project-endorsed Web browser for iOS.

But it lacks some of the features available for Tor Browser (Linux, MacOS, Windows) and OrFox (Android), due to technical roadblocks peculiar to iOS. Onion Browser for iOS. In order to gain control over the browser's network settings, and route web traffic over Tor, Tigas has to use the older WebKit API (UIWebView) instead of the newer version (WKWebView).

The newer version uses the device's system settings for network and proxy settings and cannot be modified by an app. Onion Browser settings The two biggest challenges Tor developers on iOS face, as Tigas outlined in this blog post on the Tor Project website, are Apple's requirement that all browsers use the iOS WebKit rendering engine, and the inability to run Tor as a system-wide service or daemon on iOS. Developers have found workarounds to both problems, and iOS users can soon expect to see a new, improved Onion Browser, as well as a Tor VPN that routes all device traffic over Tor—probably in the first quarter of 2017. Not quite as secure Unlike the Tor or OrFox, Onion Browser is not based on the Firefox Gecko rendering engine.

This is good—Onion Browser is not vulnerable to Firefox exploits—but also bad, because code cannot be reused. A further challenge, Tigas said, is that Apple’s WebKit APIs "don’t allow a lot of control over the rendering and execution of Web pages, making a Tor Browser-style security slider very difficult to implement." Many of iOS's multimedia features don't use the browser's network stack, making it difficult to ensure the native video player does not leak traffic outside of Tor. "Onion Browser tries to provide some functionality to block JavaScript and multimedia, but these features aren’t yet as robust as on other platforms," Tigas wrote. Moreover, it doesn't support tabbed browsing, and the UX is pretty basic, but Tigas is working on a rewrite based on Endless. "It adds a lot of important features over the existing Onion Browser,” he said, “like a nicer user-interface with tabbed browsing, HTTPS Everywhere, and HSTS Preloading.

There’s a new version of Onion Browser in the works that’s based on Endless that will hopefully enter beta testing this month." Welcome to the sandbox The biggest challenge to getting Tor working seamlessly on iOS, though, is the inability to run Tor as a system-wide service or daemon, something which is trivial to accomplish with most other operating systems, but unavailable to iOS app developers.

To prevent misbehaving apps from getting up to their usual mischief, Apple sandboxes apps from each other, and from the underlying OS.

This means you can't install Tor on iOS, let it run in the background, and route all your device traffic over Tor. “In iOS the moment you leave an app, the app goes to sleep,” Tigas told Ars. “With Tor Browser Bundle or OrBot on Android, other apps can use the Tor in Tor Browser Bundle, other apps can use OrBot's connection on Android.” In fact, to get Onion Browser to work, he has to compile Tor into the app itself—as does any other iOS app developer who wishes to offer a Tor connection.

But that's about to change, thanks to iCepa. A Tor VPN for iOS Enlarge / OrBot, the official Tor routing service for Android. iCepa—from the Latin cepa for onion, and pronounced i-KAY-puh—is a Tor VPN for iOS currently under development that will enable iOS users to route all their traffic over Tor. "A lot of us had the idea simultaneously after Apple released iOS 9, which added some APIs that allowed you to talk to network traffic," iCepa developer Conrad Kramer told Ars. "It was intended for companies like OpenVPN or Cisco to build their own VPN solutions for iOS, but we realised we could build a version of Tor using this API." "It's similar to how OrBot works," he added, "which also uses a VPN approach." Apple-imposed memory limits had prevented Kramer from finishing work on iCepa until recently.

The memory limit for packet-tunnel extensions, he explained, was 5MB—and Tor needs around 10MB to run. Kramer said he was able to continue development work on a jailbroken iOS 9 device, but with little motivation since a jailbroken solution would not scale.

An encounter with Apple engineers at the WWDC conference gave him the chance to lobby Apple engineers to raise the limit—which they did, in iOS 10, to 15MB, more than enough to get a Tor VPN working in iOS. Kramer told Ars he had just gotten iCepa working on his test device in mid-December, and plans to share the working code in a private alpha with other Tor developers before the end of the year. He hopes to release iCepa to the public through the App Store at the end of the first quarter of 2017. "The timeline is still uncertain," he emphasised, "but I do want to get it out as soon as possible.” Paying for Tor development Since making Onion Browser free in early December, Tigas says the number of downloads has jumped from around 3,000 paid downloads per month to thousands per day. He is at peace with his decision, though, convinced he has done the right thing, but worries about the loss of income. "[The extra money] helped keep me doing investigative journalism by day," he told Ars. "If I can get to even 15 percent of where it was before, I would be really happy and amazed.
I think I have like five people on Patreon right now." Tigas has received some financial support from the Guardian Project to continue work on Onion Browser, but, he says, the money does not come close to replacing the income lost from the App Store. “I'm still a little terrified that I've made this change,” he wrote in his blog post, “but I'm happy this day has come—and judging from the responses I've already received, so have many of you.

Thanks for your support.” J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK

Energy Department says it won’t give Trump team list of climate...

Department of Energy in Washington, DC.Begemot reader comments 138 Share this story The US Department of Energy said it will not provide a list of names of staffers who worked on climate change issues to the Trump transition team on Tuesday, despite the team’s demand for that information. On Friday, Bloomberg leaked a 75-question memo sent from the Trump transition team to the DOE, asking the department to provide information about the kinds of work it’s doing and the legal and procedural basis for certain programs. While such a questionnaire is not uncommon for transition teams to send federal agencies, the questionnaire also included demands that the DOE provide a list of names of staffers who worked on climate change issues.

Those demands came across as deeply concerning and highly unusual to career staffers and contractors, some of whom worked at the DOE not only during the Obama administration but under the Bush and Clinton administrations as well. Trump has publicly called climate change a hoax, and just this weekend, he told the Fox Sunday host that “nobody really knows” about climate change.

These are blatant lies from Trump, as climate scientists have decades of research showing that climate change is happening.

The most recent Intergovernmental Panel on Climate Change report showed 95 percent statistical confidence that humans are the primary cause for this undeniable warming trend. The Trump transition team’s request for the names of all staffers who attended meetings about the social cost of carbon, as well as any Conference of the Parties hosted by the United Nations Framework Convention on Climate Change, suggested to DOE staffers that the team could be looking to fire staffers for their work on climate change or to marginalize their role at the department. According to the Washington Post, DOE officials sent an e-mail to employees this morning assuring them that no individual names will be provided to the Trump transition team: The Department of Energy received significant feedback from our workforce throughout the department, including the National Labs, following the release of the transition team’s questions.
Some of the questions asked left many in our workforce unsettled. Our career workforce, including our contractors and employees at our labs, comprise the backbone of DOE and the important work our department does to benefit the American people. We are going to respect the professional and scientific integrity and independence of our employees at our labs and across our department. We will be forthcoming with all publicly-available information with the transition team. We will not be providing any individual names to the transition team. The boldface in the final sentence was present in the e-mail sent by DOE spokesperson Eben Burnham-Snyder, according to the Post. This morning, the Trump transition team announced its nomination of Rick Perry, former Texas governor with ties to the fossil fuel industry who has rejected climate science, to head the DOE. His appointment will need to be approved by the Senate to become official. Amid this uncertainty about the future of climate science under the new administration, the Washington Post also reported this morning that “scientists have begun a feverish attempt to copy reams of government data onto independent servers in hopes of safeguarding it from any political interference,” including efforts to copy irreplaceable data from the Environmental Protection Agency (EPA) at a “guerrilla archiving” event in Toronto, as well as efforts to compile online portals for scientific information. Meteorologist Eric Holthaus tweeted this weekend asking scientists to use a Google spreadsheet to list links to .gov databases they don’t want to see disappear, prompting dozens of entries from scientists, as well as offers from investors, lawyers, and database managers to help protect and store the data. While it's unclear that a Trump administration would necessarily spell destruction for these databases, many scientists aren't waiting around to find out.
In addition, this week at the American Geophysical Union in San Francisco, lawyers from the Climate Science Legal Defense Fund will be holding one-on-one consultations with researchers who feel they might need help protecting their data.

Body cams too fragile for Canadian Mounties – so they won’t...

Kit dumped after fears over battery life and durability The Royal Canadian Mounted Police (RCMP) says it will not be equipping its officers with body cameras after the units were found to be not rugged enough for field use. The Mounties say that a three-year trial run of the body-worn camera (BWC) gear has concluded and will not be adopted because the units have neither the battery life nor the durability to withstand day-to-day activity. "The potential implementation of BWC would require that the RCMP purchase thousands of units to be distributed in over 750 detachments," said RCMP Deputy Commissioner Kevin Brosseau. "The RCMP needs to have confidence in the product and ensure that the choice of technology justifies the investment at this time." The announcement comes as the Canadian government finds itself re-examining a number of its policies on surveillance and the balance that the nation should strike between security and personal privacy. Though the Mounties will not be wearing the body cameras, local police in a number of Canadian cities are moving forward with their own BWC plans.

As the CBC notes, both Ottawa and Toronto are looking to trial the use of body cameras. A recent study on police forces in the US and UK found that when body cameras were worn, complaints against officers dropped drastically. The Mounties have not ruled out the use of cameras completely.

Brosseau says that if and when the technology is able to better withstand field use, they will reconsider their decision. "As a modern police force, the RCMP recognizes the importance of constantly researching new equipment to be used in operational settings," Brosseau said, "and we will continue to assess new BWC technologies as they become available." ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub

Tor phone is antidote to Google “hostility” over Android, says developer

EnlargeMission Impossible reader comments 36 Share this story The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone—an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." It’s about the software backdoors, stupid! Apple's iOS is famously more secure than the Android security garbage fire, right? But Android security will eventually improve, and when that happens, Perry told Ars in an e-mail, "then the next measure will be the ability of the platform to resist backdoors of various kinds." A closed source platform, such as Apple's mobile operating system, is at much greater risk of being compelled to deploy software backdoors, he added. Enlarge Tim Ellis "I think the best argument against backdoors is that they are technically impossible to deploy at all, due to the security properties of the system and people's ability to remove or avoid the backdoor.

That argument is stronger for open source than it is for closed source." Perry also worried aloud about targeted backdoors delivered to specific users. "The iOS App Store is at a significant disadvantage there even compared to Google Play," he told us. "Each iOS app is re-encrypted specifically for the user with Apple's DRM, making it technically impossible to verify that the package you installed matches the official one." He said that Apple has "created the perfect platform for delivering targeted backdoors to specific users.
I don't like banking on iOS for those reasons." Google hostile to freedom In order to solve the Android security mess, Google is taking steps that hurt user freedom, and make Android vulnerable to compelled backdoors, Perry argued. The fragmentation of the Android ecosystem into multiple OEMs, who distribute their own versions of the operating system, has resulted in rampant insecurity. Without financial incentives to push security updates to users' phones, OEMs by and large abandon users to their fate. Under pressure from many quarters to solve this problem, Google is working to improve Android security, but Perry criticised Google's release and development process as increasingly opaque. Android platform is effectively moving to a 'Look but don't touch' Shared Source model that Microsoft tried in the early 2000s," Perry wrote in his blog post. "However, instead of being explicit about this, Google appears to be doing it surreptitiously. "It is a very deeply disturbing trend." Copperhead to the rescue Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." Daniel Micay, Copperhead's lead developer, welcomed Perry's prototype. "It will be nice to have somewhere to direct technical users that cannot live without Google Play," he told Ars in an e-mail. By default, Copperhead eschews Google Play, and Micay himself refuses to use any Google Apps. Enlarge / A general outline of Copperhead's main features. "Mike Perry is interested in doing things properly which is why [the prototype] goes through the effort of not breaking verified boot or depending on leaving an insecure recovery image," Micay said. "The rough edges can be smoothed out over time." Mission Improbable, but useable today The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router. The prototype is the second of its kind.

Back in April, 2014, Perry proposed his first Android device optimised for privacy and security—then nicknamed Mission Impossible.

The earlier prototype consisted of a 2013 Google Nexus tablet running Cyanogenmod. Perry emphasised that the Tor Project has no plans to get into the hardware business, but hopes the prototype will provoke discussion and innovation. He pointed to the Neo900, which bills itself as "The truly open smartphone that cares about your privacy"—a project, he said, that came about in part due to the "Mission Impossible" blog post two years ago. "What I’ve found is that posts like this one energise the Android hobbyist/free software ecosystem, and make us aware of each other and common purpose," Perry told Ars. "It also shows Google and others what gaps there are in Android for Tor support, and raises awareness about the dangers the ecosystem faces." Ars readers looking for a weekend project will find the complete Mission Improbable installation instructions on GitHub. J.M. Porup is a freelance cybersecurity reporter who lives in Toronto. When he dies his epitaph will simply read "assume breach." You can find him on Twitter at @toholdaquill. This post originated on Ars Technica UK

Bay Area: Join us tomorrow 11/16 to talk about infosec for...

Enlarge / You can always figure out a way to hide from Big Brother.reader comments 14 Share this story The eighth episode of Ars Technica Live is coming up next tomorrow, November 16, in Oakland, California, at Longitude! Join Ars Technica editors Dan Goodin and Annalee Newitz with guest Morgan Marquis-Boire for a conversation about infosec, surveillance, and digital authoritarianism. Marquis-Boire is a New Zealand-born hacker, security researcher, and journalist. He is the director of security for First Look Media and a contributing writer for The Intercept. Prior to this, he worked at Google. Marquis-Boire is a Senior Researcher at the Citizen Lab, University of Toronto, focusing on state-sponsored hacking and the global surveillance industry. He currently serves as a special advisor to the Electronic Frontier Foundation and as an advisor to the Freedom of the Press Foundation and Amnesty International. Filmed before a live audience at Oakland tiki bar Longitude, each episode of Ars Technica Live is a speculative, informal conversation between Ars Technica hosts and an invited guest.

The audience, drawn from Ars Technica’s readers, is also invited to join the conversation and ask questions.

These aren’t soundbyte setups; they are deep cuts from the frontiers of research and creativity. Doors are at 7pm, and the live filming is from 7:30 to 8:20-ish pm (be sure to get there early if you want a seat). You can stick around afterward for informal discussion at the bar, along with delicious tiki drinks and snacks.

Can't make it out to Oakland? Never fear! Episodes will be posted to Ars Technica the week after the live events. Yes, we have a Facebook invite for this event.
See you tomorrow, Bay Area Arsians!

Canadian police get cell-site data to text thousands near murder scene

EnlargeTracy Packer via Getty Images reader comments 95 Share this story The Ontario Provincial Police in Canada are planning to text about 7,500 mobile phones that were in the area where the body of a murdered man was discovered in December—all in a bid to find somebody who may have information about the crime. Welcome to the modern, digital-age version of door-to-door police canvassing. Murder victim Frederick "John" Hatch. According to local media, the authorities obtained a court order that does not include the names or any other identifying information of mobile phone users whose devices pinged a cell tower near where the body of Frederick "John" Hatch was discovered. "Texting is an evolution of this investigative technique that is unique, maybe unprecedented,” OPP Detective Inspector Andy Raffay said in a news release. “But it’s the most efficient way to contact these people quickly to either eliminate them as witnesses or learn whether they have any useful information." The victim's partially burned body was found near Erin, Ontario. Police said the Toronto man was known to hitchhike and was seen the day before his body was discovered at a local discount store in Nepean, near Ottawa, some 450 miles away. According to local media, the text messages, set to be sent Thursday, will be in English and French and will ask people to voluntarily answer questions.

They can also call a tip line at 1-844-677-5010.

The authorities are offering a $50,000 reward for information leading to a conviction. "Building on the accepted practice of the door-to-door witness canvass, texting is an evolution of this investigative technique that is unique, maybe unprecedented," Det.

Andy Raffay of the criminal investigation branch told local media. A Canadian attorney, Michael Spratt of Ottawa, told CTV News that the police may be on "constitutionally shaky ground." "This is akin to knocking on everyone’s door and then looking in their mailboxes and opening their mail to see if there is anything of use," he said. Laura Berger of the Canadian Civil Liberties Association said the text messaging is similar to door knocking, but it raises the question of "whether people will feel coerced or not."