There’s nothing quite as magical as seeing a bright green and pink Aurora Borealis dancing in the sky. One of the best things about Aurora photography is that it’s always changing; there’s always a new dance to capture, and plenty of foregrounds to shoot from. My wife and I have been Aurora chasing for a few years now, and have captured her in Norway, Iceland, and back at home in New England. Along the way, we’ve picked up a few tricks, and gotten some practice in taking astrophotography in between.
Solar experts are saying that 2016 will be the last year we see the Aurora this intense for another decade, as the solar cycle is trending toward a less active stage. If you’re planning on chasing the Aurora, now is the time to do it.
Zeiss 15mm, f/2.8, 15+30s, ISO 1600
A new company going by the name NiSi / Fomito is selling what looks to be an appealing lens filter system for popular lenses including the Nikon 14-24mm and Zeiss 15mm. I decided to order one and check it out. Unfortunately, what I had hoped to be a nice review of the system has turned into a warning to other photographers, and I’ll explain why here. I was initially very excited to receive this unit, as it’s not easy finding a filter holder for the Zeiss 15mm f/2.8. Lee does not currently have a SW 150 that natively fits it, and the filter system I use now (ProGrey USA) does not currently have a Zeiss collar either. NiSi is relatively new to the game, and most of their equipment is still sold through eBay or Amazon.
The filter system itself looks quite nice out of the box and is all aluminum, also with a rotating cylinder. It includes three clips for holding up to three filters simultaneously. The instructions are very minimal, and the typical convoluted type of instructions you’d expect from a Chinese company, but it’s a simple filter holder, so there’s not a need for much other than a diagram on how to piece it together. The unit itself was delivered straight from China, and took two to three weeks to arrive after ordering it on Amazon.
After removing the unit from the box, it became quite apparent that the entire system was one piece; I had been looking for a collar or clamp, however none was provided in the box. After reading the instructions a few times, the reason for this became clear. Continue reading
Dusting off my night photography skills for an upcoming trip to Iceland, with beautiful Newry Maine as a subject. The Milky Way makes an appearance in the late autumn between 8:30 and 10:30. Due to the lack of light pollution in the area, you can see it with the naked eye, but even more so on the sub-freezing nights in October this year.
Screw Auger Falls, Newry Maine
Night photography requires two things: multiple exposures, and a lot of patience. Typically, you want to fill 2/3 of the frame with the sky and find an interesting background, then expose separately for each. The sky is a simple formula, typically f/2.8, ISO 3200, 25-30s. You really don’t want a longer exposure than that or your stars will get blurry from the Earth’s rotation. The background requires a lot more time. In environments with no lights at all, you can be exposing anywhere from 10-20 minutes. In addition to the sky and an interesting background, some of the great nightscapes also have a strong and interesting foreground. Because you are shooting your lens wide open (to allow in the most light), your depth of field is going to require you to re-focus on the foreground to snap a third exposure. All three exposures then need to be blended in Photoshop, either using Edit > Auto-Blend Layers, or (in most cases) by hand using masks. Each layer can be processed separately, then joined at the end.
One of the treasures of traveling with my wife for the past few years has been the framed photos we’ve hung around the house. Many of them are the edited landscape photos I feature in my galleries, with some expensive glass and frame wrapped around them. They’re a lot more than that to us, though; they hold special memories and secrets. I’m still growing as a photographer, and have a lot to learn still. In addition to what’s on our wall, I’ve edited just over 200 photos that I consider part of my overall gallery portfolio, some of which are featured on my website and others I feature on occasion in art galleries. Here are my best ten photos from our travels for you to enjoy, and some background on each of them. The photos are fun to look at, but hopefully you’ll be inspired to get out and visit one of these special places.
While Tor officially recommends using their Tor-hardened version of Firefox, it doesn’t come without its share of problems, including forensic artifacts, as well as other potential vulnerabilities. As the Tor browser is not often updated as quickly as Firefox itself, one may find benefit in using tor with the latest version of firefox…
Running tor apart from the browser isn’t difficult, and the Tor command-line client can be easily installed on most operating systems either through package managers (such as Macports) or by compiling from sources. With Tor running in a terminal window, Firefox can be easily made to proxy through it. For example:
network.proxy.socks = “127.0.0.1”
network.proxy.socks_port = 9050
network.proxy.socks_remote_dns = true
network.proxy.type = 1
One of the benefits to running Tor yourself are the ability to use other applications (other than a browser) with it, by using a popular tool named torsocks, which can proxy many applications through Tor easily.
Back to Firefox, if you’re going to use the official version of the browser, there are a number of configuration fixes you’ll want to make to protect your privacy. In addition to hardening Firefox, it’s always a good idea to install a local firewall such as Little Snitch, and create a profile that blocks all outgoing traffic on your machine, except for Tor traffic. Alternatively, there is also a personal onion router project to create a dedicated router.
Of course, you don’t need to be running Tor to want to harden Firefox. There are a number of other benefits to hardening Firefox as well: to reduce the exposure of your personal information as you browse, to reduce the forensic artifacts left behind on your machine, and to reduce your attack surface, to name a few.
Here is a good list to start of features in Firefox that should be changed that will help improve privacy. NOTE: Use at your own risk. I make no warranties about any of this.
Someone sent me a link yesterday, that one of my photos had been featured in National Geographic’s weekly gallery for their 2015 photo contest (I had no idea). Aurora Over Kirkjufell is a photo I took while in Iceland with my wife last year. Crazy hail storms plagued us every five minutes that evening, but being on our own Northern Lights chase, we were determined to see the Aurora for the first time. The weather in Iceland can be so harsh that you can have hail storms bearing down on you, and then five minutes later be saying to each other, “hey it looks like it’s going to be a nice evening!” (five minutes after that, another hail storm).
You can see the featured entry and download the wallpaper on NatGeo’s website here: Aurora Over Kirkjufell
NatGeoTravel also posted it on Facebook here: NatGeoTravel Facebook Post
The Aurora made a grand appearance over Kirkjufell mountain, and we managed to get off only a handful of shots before the next storm hit. Unfortunately, there was no time to hike to the waterfalls or to the river, but I am quite happy with how this photo turned out.
Photography tours and workshops sound exciting and even romantic to amateur photographers looking to get away and come home with some fantastic pictures. The concept is appealing: travel around with a pro photographer who can show you all the great places to shoot. Tours can certainly be beneficial, fun, and provide good instruction, but one other option you may consider is planning your own photography tour and saving possibly ten thousand dollars or more.
My wife and I are planning our second Iceland tour, have been to different parts of Norway three times, Hawaii, London, and many other common workshop destinations. Planning these trips was not as difficult as you might think, and from a cost perspective, night and day. We also found many great benefits to doing it this way.
One of the biggest thorns in the side of photographers is getting photos to print with resemblance to what they look like on-screen. Calibrating your screen when you process photos is, of course, the first step in ensuring that the colors match between screen and print. Many labs also provide proofing profiles that can be loaded into Photoshop to further fine tune how the colors will look on paper. One of my biggest peeves, however, has been adjusting the luminosity (brightness) of photos to look good on paper.
Most lab prints will turn out about 3x darker on paper than they look on a screen at full brightness, which is why calibration tools like ColorMunki Display tell you when your screen is too bright. For example, my MacBook Pro’s screen matches print when the brightness is turned down exactly six notches from max. The problem is, you can’t simply just jack up the brightness of your photo, or you end up blowing out the highlights (such as your sky), or wrecking beautifully delicate mid-tones, such as dimly lit buildings. Assuming you’ve failed at this just like everyone else has, you’ve probably tried using CRA or masks to localize your adjustments, which leaves you with a photo that looks very uneven compared to the original. Fret no more, this is where luminosity masks can really come in and save your tail.
In this tutorial, I’ll show you how to create your own luminosity masks by hand (you can turn this into an action in Photoshop), and use them as a much simplified means of making targeted adjustments. It’s by far the most genuine technique to the original photo that I’ve used. These don’t have to just be used for brightness control; you can apply these masks to contrast, saturation, or any other adjustments you might need while processing your image.
The concept of luminosity masks have been around for a while, but I’m not sure if anyone has ever thought about using them to adjust for print. It works amazingly well.
Our third trip to Norway this past summer took us from Oslo to Loftus (Ullensvang), Fjærland, and then up to Ålesund (then later, Trondheim and finally Namsos to meet family). It was a breathtaking drive up the countryside. Ferries, small towns, amazing photography opportunities, local food, and lots of chit-chatting in Norwegian with the locals (my wife and I spend last year learning the language). Ålesund is the Norwegian city that Frozen was purportedly based on, and Disney apparently makes frequent cruise stops in this town as part of their Frozen excursion. Naturally, we had to stop for a few days and check it out. The Sigma 35mm f/1.4 “Art” Lens came with me to the Fjellstua Observatory for an evening of night shooting… and boy did it perform!
Nikon D810, 35mm, f/5.6, 20s.
I took the FireCrest IRND 3.0 to Hawaii, and here are the results!
Camera: Nikon D800E Lens: Sigma 35mm f/1.4 DG HSM "Art" Filter System: ProGrey G-150X w/77mm Adapter, 67mm Step-up Filter: Formatt-Hitech FireCrest IRND 3.0 Exposure Time: 30 seconds
The filter itself is definitely a slight bit cooler at long exposures, and so the first thing you may notice is that I had to warm up the color temperature from 6500K to 8000K for the comparison photo. This is to be expected to some degree among such strong neutral density filters, and in spite of Formatt-Hitech’s advertising, there is still some degree of that going on here. This is, of course, why shooting RAW is so important when doing long exposure. Once the color temperature was adjusted, however, you can see that the color channels proved to be almost completely neutral – that is, there was no shift in the reds (or blue, or green for that matter). This is where the FireCrest IRNDs really shine. By blocking the infrared spectrum (the IR in IRND), Formatt-Hitech was able to keep the photo from warming up too much in some areas, causing the color balance to fall apart. This can be a pain to correct in Photoshop.
The verdict for me is this: FireCrest isn’t a magic unicorn; you’re still going to have to adjust for the cooler color temperature that NDs experience when shooting long exposures. FireCrest did do a great job, however, preventing color shift, which is pretty hard to get right, and could easily ruin your shot if you’re using an economy filter.
My wife and I drove up through Canada on the 4th of July weekend, for a pleasant time in Montreal and Niagara Falls. The falls, Niagara on the Lake, a wine trial you can get lost in, and a romantic French town made for a wonderful time. On the way in, however, the Canadian border crossing proved gloriously ignorant of American gun crime when they searched our vehicle on the sole premise that I own a concealed carry permit in my state. The whole experience got me thinking quite a bit about the pitfalls of profiling, and in Canada’s too-liberal-to-use-common-sense case, their poor profiling practices have likely left them in a position of being even less secure.
Canada has been attempting to crack down on gun violence over the past few years by profiling individuals with conceal carry permits, and/or admit to owning guns at home. Some states are rumored to share this information with Canada; no doubt they likely at least flag passports based on intel from prior trips. The border patrol agents are quite intrusive, asking how many guns you own, what kind, and etcetera. Even if your visit shows a number of good indicators (such as traveling with a companion that you are related to), merely owning a firearms is enough to bump you to the top of their suspect list. Canada claims that they’ve confiscated around 1,400 firearms from visiting Americans every year, and of course that is the metric they use to quantify their profiling efforts. In a nutshell, having a carry permit makes you a violent felon in Canada’s eyes. Not surprisingly, Canada’s inexplicable fear of guns has left them more vulnerable to gun violence by senselessly tainting their profiling capabilities.
“Theocracy has been rightly abolished not because it is bad that learned priests should govern ignorant laymen, but because priests are wicked men like the rest of us.”
– C.S. Lewis
After a week of listening to fellow Christians groan on about gay marriage, our government, and morality, whether it’s in church on Sundays or the pundits on Fox News, one thing has become quite apparent to me: even if you disagree with gay marriage, we (as Christians) are in no moral position to defend the sanctity of marriage. The church can’t even hold its own marriages together, so what makes us think we have any grounds to dictate standards for marriage to anyone else?
A 2008 study by The Barna Group put the numbers for divorce from 1-in-2 to down to 1-in-3, both for the entire nation as well as for Christians. According to the study, the national average appears to be about 33%, and not the 50% that everyone had long assumed. Similarly, however, Christian marriages suffered from a dismal 26-28% divorce rate; a statistically insignificant difference. The fact is that 1-in-3 of all marriages both within the church and without – end in divorce. It’s a truly heartbreaking number. It does highlight, however, the systemic problem with taking a moral position on marriage: Christians are simply not an authority, or even an example, of marriage on any level. To quote SCOTUS (out of context), “Just who do we think we are?”
The church’s failure to hold marriages together has caused her to start losing what she would view as her position of leadership in the world regarding this topic, although many would argue that the church’s original biblical view of marriage has long diverged from the state’s since the birth of our country. In fact, marriage and divorce today has more roots in the Roman system of marriage rather than Judaic historical ideals, which would have simply preferred arranged marriages at the age of 12-14 over “love”, and a good stoning in lieu of divorce. By the time the Gospels came along, Jewish executions were already outlawed under Roman rule, with the exception of explicit permission (such as that given in John 18:31). Roman rule had already dramatically changed Judaism.
From a Christian perspective, one might say that God is judging the church, or even removing her lampstand. On a more general level, morality overall in the church has fallen greatly. However you want to look at it, in this broken world, the church has not lived up to its own standards, and you can’t have leadership when you don’t even play by your own rules. There is certainly forgiveness for this, but there must first be repentance and I have yet to see very much of that in the church overall.
Here’s iOS file system / PIN encryption as I understand it. I originally pastebin’d this but folks thought it was worth keeping around. (Thanks to Andrey Belenko for his suggestions for edits).
Block 0 of the NAND is used as effaceable storage and a series of encryption “lockers” are stored on it. This is the portion that gets wiped when a device is erased, as this is the base of the key hierarchy. These lockers are encrypted with a hardware key that is derived from a unique hardware id fused into the secure space of the chip (secure enclave, etc). Only the hardware AES routines have access to this key, and there is no known way to extract it without chip deconstruction.
One specific locker, called BAGI, contains an encryption key that encrypts what’s called the system keybag. The keybag contains a number of encryption “class keys” that ultimately protect files in the file system; they’re locked and unlocked at different times, depending on user activity. This lets developers choose if files should get locked when the device is locked, or stay unlocked after they enter their PIN, and so on. Every file on the file system has its own random file key, and that key is encrypted with a class key from the keybag. The keybag keys are encrypted with a combination of the key in the BAGI locker and the user’s PIN.
There’s another locker in the NAND (what Apple calls the class 4 key, and what we call the Dkey). The Dkey is not encrypted with the user PIN, and in previous versions of iOS (<8), was used as the foundation for encryption of any files that were not specifically protected with “data protection”. Most of the file system at the time used the Dkey instead of a class key, by design. Because the PIN wasn’t involved in the crypto (like it is with the class keys in the keybag), anyone with root level access (such as Apple) could easily open that Dkey locker, and therefore decrypt the vast majority of the file system that used it for encryption. The only files that were protected with the PIN up until iOS 8 were those with data protection explicitly enabled, which did not include a majority of Apple’s files storing personal data. In iOS 8, Apple finally pulled the rest of the file system out of the Dkey locker and now virtually the entire file system is using class keys from the keybag that *are* protected with the user’s PIN. The hardware-accelerated AES crypto functions allow for very fast encryption and decryption of the entire hard disk making this technologically possible since the 3GS, however for no valid reason whatsoever (other than design decisions), Apple decided not to properly encrypt the file system until iOS 8.
To Whom it May Concern,
I am a published and respected forensics expert who pioneered the very first forensic techniques to extract data from the iPhone as early as 2008.. Since then, I have spend several years, and much of my time, assisting numerous law enforcement and military agencies around the world, including our own. I’ve trained government agencies in the US, Canada, and UK, and trained law enforcement from dozens of our allies here at home in the US. My work has been validated by the NIJ/NIST. I have invested my time in providing free assistance to many US-based federal and state agencies who have flown personnel into my small town for help in the middle of the night. Because of my research and hard work, I’ve provided the necessary information to the rest of the industry to be able to perform iOS forensics, and a vast majority of today’s forensics solutions are founded upon my techniques.
I did all of this on my own personal time, and in many cases on my own dime. The tools and techniques I have developed are by no means “intrusion” tools, however due to the excessively broad nature of the Wassenaar proposal, would fall under its regulations as they bypass security mechanisms of devices and collect information from them. As all of my research is done personally, I have no large company with lawyers to address the impossible spider web of export regulations that would be introduced by Wassenaar. The current proposal as is would harm far more than simply the information security industry, but would also greatly damage the forensics industry and ultimately limit the quality of tools available to law enforcement agencies for conducting lawful forensics. My tools, as well as many commercial solutions, employ the use of exploits to collect information from devices for purposes that serve law enforcement and the greater good. I sometimes only privately release the source code to my own tools, as many commercial forensics manufacturers have stolen it in the past, yet I continue to help the law enforcement community. Wassenaar will do little to accomplish the goals it set out to, and instead make it impossible for security researchers like myself to further expand the base of knowledge by contributing openly to the community – which goes far beyond this country’s borders.
I was recently T-boned in a high speed crash, and only walked away by a miracle. After seeing how my Dodge RAM buckled, I came to abandon Chrysler completely. The side curtain airbags failed to deploy, and in spite of the outright lies they publish on the sticker for safety ratings, my 2010 RAM actually only had a three-star rating from the independent test labs, which became dreadfully apparent in the incredible amount of damage caused to the truck.
Enter my 2015 Silverado Z71. The truck is, as the commercials say, pretty boss, and this is by far the best truck I’ve ever owned. I initially looked at it only because Silverado/Sierra presently dominates the top spots on KBB’s truck safety ratings for 2015… as soon as I saw what Chevy had done with their trucks, though, all they had to do was shut up and take my money. The new engines are more powerful and fuel efficient than the old Vortec. The suspension is a dream. The triple sealed interior is unusually quiet, not to mention wrapped in leather and completely redesigned. USB ports everywhere, Siri Eyes-Free, Pandora, and flawless BT integration make the electronics in my pocket very happy. It seems as though Chevy has reinvented everything about themselves.
In spite of the fact that they use a cheesy name like “infotainment system”, the MyLink system is very high tech. In the process of geeking out over all of its capabilities, I came across several hidden screens that are not active by default. I didn’t see these documented or discussed anywhere, so thought I’d mention them; some may exist on other Chevy models, too, so it’s worth a look.
The recent airline tragedy involving a pilot who, suffering from mental illness, crashed his plane killing about 150 passengers, has got me thinking about a mental health crisis in my family about seven years ago. Due to strict medical privacy legislation layered on top of antiquated mental health treatment laws, this tragedy has proven yet again how easy it is for the government to enable the mentally ill to isolate themselves and hide their illness – even when they are in a very high risk position that can affect hundreds of lives.
I’ve written about this in an article some seven years ago, titled How Medical Privacy Laws Destroyed My Dad’s Mental Health. Read it. You may be surprised to find how government control of who your doctor is allowed to talk to can further deteriorate a patient’s mental state and lead to harmful outcomes. This may have been similar to what happened in this recent airline tragedy. My belief is that the choice of who a doctor can talk to is best left up to their discretion, not the government, and opening that communication between family can potentially prevent such tragedies, as well as avoid a worsening overall condition. I’m speaking this from experience.
My heart and prayers go out to the victims’ families.
Since iOS 8’s release, a number of security improvements have been made since publishing my findings last July. Many services that posed a threat to user privacy have been since closed off, and are only open in beta versions of iOS. One small point I made in the paper was the threat that invisible software poses on the operating system:
“Malicious software does not require a device be jail- broken in order to run. … With the simple addition of an SBAppTags property to an application’s Info.plist (a required file containing descriptive tags iden- tifying properties of the application), a developer can build an application to be hidden from the user’s GUI (SpringBoard). This can be done to a non-jailbroken device if the attacker has purchased a valid signing certificate from Apple. While advanced tools, such as Xcode, can detect the presence of such software, the application is invisible to the end-user’s GUI, as well as in iTunes. In addition to this, the capability exists of running an application in the background by masquerading as a VoIP client (How to maintain VOIP socket connection in background) or audio player (such as Pandora) by add- ing a specific UIBackgroundModes tag to the same property list file. These two features combined make for the perfect skeleton for virtually undetectable spyware that runs in the background.”
As of iOS 8, Apple has closed off the SBAppTags feature set so that applications cannot use that to hide applications, however it looks like there are still some ways to manipulate the operating system into hiding applications on the device. I have contacted Apple with the specific technical details and they have assured me that the problem has been fixed in iOS 8.3. As for now, however, it looks like iOS 8.2 and lower are still vulnerable to this attack. The attack allows for software to be loaded onto a non-jailbroken device (which typically requires a valid pairing, or physical possession of the device) that runs in the background and invisibly to the SpringBoard user interface.
The presence of a vulnerability such as this should heighten user awareness that invisible software may still be installed on a non-jailbroken device, and would be capable of gathering information that could be used to track the user over a period of time. If you suspect that malware may be running on your device, you can view software running invisibly with a copy of Xcode. Unlike the iPhone’s UI and iTunes, invisible software that is installed on the device will show up under Xcode’s device organizer.
In the previous blog post, I highlighted the latest Snowden documents, which reveal a CIA project out of Sandia National Laboratories to author a malicious version of Xcode. This Xcode malware targeted App Store developers by installing a backdoor on their computers to steal their private codesign keys.
So how do you test for a backdoor you’ve never seen before? By verifying that the security mechanisms it disables are working correctly. Based on the document, the malware apparently infects Apple’s securityd daemon to prevent it from warning the user prior to exporting developer keys:
“… which rewrites securityd so that no prompt appears when exporting a developer’s private key”
A good litmus test to see if securityd has been compromised in this way is to attempt to export your own developer keys and see if you are prompted for permission.
Early this morning, The Intercept posted several documents pertaining to CIA’s research into compromising iOS devices (along with other things) through Sandia National Laboratories, a major research and development contractor to the government. The documents outlined a number of project talks taking place at a closed government conference referred to as the Jamboree in 2012. The projects listed in the documents included the following pieces.
Rocoto, a chip-like implant that would likely be soldered to the 30-pin connector on the main board, and act like a flasher box that performs the task of jailbreaking a device using existing public techniques. Once jailbroken, a chip like Rocoto could easily install and execute code on the device for persistent monitoring or other forms of surveilance. Upon firmware restore, a chip like Rocoto could simply re-jailbreak the device. Such an implant could have likely worked persistently on older devices (like the 3G mentioned), however the wording of the document (“we will discuss efforts”) suggests the implant was not complete at the time of the talk. This may, however, have later been adopted into the DROPOUTJEEP implant, which was portrayed as an operational product in the NSA’s catalog published several months ago. The DROPOUTJEEP project, however, claimed to be software-based, where Rocoto seems to have involved a physical chip implant.
Strawhorse, a malicious implementation of Xcode, where App Store developers (likely not suspected of any crimes) would be targeted, and their dev machines backdoored to give CIA injection capabilities into compiled applications. The malicious Xcode variant was capable of stealing the developer’s private codesign keys, which would be smuggled out with compiled binaries. It would also disable securityd so that it would not warn the developer that this was happening. The stolen keys could later be used to inject and sign payloads into the developer’s own products without their permission or knowledge, which could then be widely disseminated through the App Store channels. This could include trojans or watermarks, as the document suggests. With the developer keys extracted, binary modifications could also be made at a later time, if such an injection framework existed.
In spite of what The Intercept wrote, there is no evidence that Strawhorse was slated for use en masse, or that it even reached an operational phase.
NOTE: At the time these documents were reportedly created, a vast majority of App Store developers were American citizens. Based on the wording of the document, this was still in the middle stages of development, and an injection mechanism (the complicated part) does not appear to have been developed yet, as there was no mention of it.