Evangelical Christianity has Become Alien to me

Woe to those who call evil good and good evil, who put darkness for light and light for darkness, who put bitter for sweet and sweet for bitter.

Isaiah 5:20

It’s very rare for me to have such big feelings about something, but also at the same time to be almost entirely speechless in my ability to articulate them. Here’s a shot. I’ve been a Christian for the vast majority of my life, but what Christianity has become to people in this country is completely alien to me. I don’t recognize the church in the midst of the overt bigotry, racism, hatred, and lies that Christians proliferate in the name of politics. I’m quite frankly ashamed and embarrassed.

While the evangelical church has always had its problems, the past six months has brought out the worst I’ve ever seen in this generation of Christians. I’m not talking about some fringe group either; it’s easy to dismiss groups like Westboro Baptist as an example of what Christianity is not. I’m talking about the mainstream evangelical church – relatives, friends, and people I’ve even grown up with – who were once a much needed example of Christianity to me – have severely disappointed me in the way they’ve conducted themselves, causing me to question if I ever truly understood what they believed for the nearly 30 years I’ve been a Christian.

Christianity celebrates a meek savior who saw the intrinsic value in people regardless of their race, their past, or their status. He called for the lifting up of those who were downcast and mistreated by society. He called for sacrificial love of the disenfranchised. To reflect compassion. Generosity. Selflessness. He thought that we were valuable enough to give his own life for. Christianity should be, by definition, a mirror image of Christ’s love for humanity, and an example of integrity and truth, even to one’s own detriment. I don’t see this character of Jesus Christ in today’s American Christians anymore.

God also made no bones about hating evil, and having nothing to do with the wicked. Jesus literally turned tables over on people whose agenda didn’t align with his own. Both the old and new testaments are chock full of lessons about the dangers of aligning one’s self with wicked people, supporting agendas that bear the fruit of the wicked, and condoning values that are contrary to God’s own. Christianity teaches of a savior who repeatedly demonstrated his disinterest in the irrelevance of politics, from the moment he said “Render to Caesar the things that are Caesar’s; and to God the things that are God’s” to his markedly uninterested appearance before an irrelevant Pontius Pilate; yet it’s the laziness of Christians to impact society that has led the church to use politics to make up for their complacency. Christians today have become obsessed with installing judges and other political saviors to legislate morality for them, even if that means aligning themselves with white nationalist groups, vigilante groups that condone hate and murder, and expressing blind, cultic loyalty to immoral demagogues in exchange for influence. Christians are in turn proliferating hate, violence, racism, and division through their choice of allies and leaders, and by trafficking in misinformation to lie about it to, if at the very least, themselves. The net effect of this is the very wickedness God hates; the antithesis of the virtues that Christianity teaches. The church cannot condone immorality, lies and hate, yet expect the world to see Christians as the arbiters of morality. This has destroyed the church’s reputation, and rightfully so.

Continue reading “Evangelical Christianity has Become Alien to me”

On the Psychological Demands of Working From Home

As the angst and stir-craziness start to set in from the world suddenly being forced into lockdown, I’ve seen a lot of articles about working from home, by people in all walks of life, from programmers to astronauts. Most of them offer practical beginner advice, like go outside, plan a schedule, etc. etc. That’s all good advice to take in, but after a few weeks, you’re probably realizing there’s a lot more to making this work well. As the reality of our predicament is starting to sink in, it’s important to start thinking about the psychological demands of working from home. I’ve spent the better part of my 25 year career working from home, and when I started thinking about what, if any, wisdom I could share on how to make it work well, found that I’d come up with a lot of the same things I’d already shared in a post two years ago, Living With Depression in Tech. Working at home has some fantastic benefits, but also challenges that go far beyond basic discipline development. Being productive and successful at home comes down to changing your perspective – focusing on the impacts you’re having, believing in what you’re doing, and finding ways to grow and thrive on your own so that you can maintain your drive over the long haul.

Continue reading “On the Psychological Demands of Working From Home”

Presidential Policy Directive 19

Is anyone surprised the Obama-era whistleblower directive put into place actually worked? I bet Edward Snowden is. Not only did it work, but Congress wouldn’t have given it such weight had the information been otherwise leaked in a Snowden or Manning-esque style, nor would the IG have had the chance to acknowledge the information as “credible and urgent”. Historical treatment of whistleblowers has been deplorable, but we also didn’t have these protections in the 70s, when Ellsberg or others could have used them, so the comparison is also irrelevant. Congress, the IC, and the press are taking “extreme measures” to protect the anonymity (and safety) of the whistleblower, and most acknowledge how crucial it is to do so in order to keep a democracy. This is a very different outcome than what Snowden predicted would happen if he’d made an attempt at the proper channels first. While the jury is still out on the hero vs. traitor debate, the fact that these whistleblower procedures undeniably succeeded in bringing things to light can’t be helping Snowden’s image.

Reclassifying Semi-Automatic Rifles under the National Firearms Act

I originally wrote this post in 2016, and dust it off every time there’s a mass shooting in the news. This has been far too often.

I’ve been a long time responsible gun owner, by the old definition of what that used to mean. Like a majority of them, I’ve wanted more controls on semi-automatic rifles – particularly, assault rifles, for a long time. There’s idiocy on both sides of this debate, and both have some questionable notions about them. The extreme left seems to have developed an irrational fear and hatred of all guns and the extreme right believes the only solution to guns are more guns. Consider this more realistic perspective from someone who spent over a decade shooting and working on guns, held NRA certifications to supervise ranges and carry concealed weapons, and up until some years ago – when I sold the rights to it – produced the #1 ballistics calculator in the App Store.

What much of the nation does not know is that there is already a system in place to perform strict checks of individuals looking to own firearms categorized as highly lethal. Introduced in the National Firearms Act, this system applies to machine guns, short barrel rifles, silencers, sawed off shotguns, and other types of firearms that individuals can still legally own today, but with more than the casual regulation of AR-15s and other such firearms. It could be changed to include semi-automatic rifles.

Continue reading “Reclassifying Semi-Automatic Rifles under the National Firearms Act”

Christianity and the Cult Phenomenon

Joshua Harris, the author of “I Kissed Dating Goodbye”, recently renounced his faith and apologized for his awful book. I remember when it came out in the late 90’s, and still see the lasting damage it inflicted on two generations of young men and women. Harris ended up creating a toxic culture inside the mainstream church that would take two generations of Christian men back into the dark ages of devaluing women based on their level of sexual indiscretion, and helped fan the flames of homophobia and exclusion. His “sexual prosperity gospel”, as it’s been called, led to a life of guilt and shame for many, and created lasting scars that caused some to abandon their faith or their marriages later on in life.

Christianity teaches that a person’s worth has nothing to do with their sexual history (or orientation), but from Jesus, who was willing to die to reconcile humanity to God. We’re not defined by our sins, and we’re not defined by our past; we are defined by Christ. This is a far cry from the cultish fundamentalist legalism that Harris’s church taught for decades; the purity movement amounted to nothing more than a way for Christians to measure themselves and others up. It’s no surprise that Harris renounced his faith; if the faith he was practicing was grounded in such a flawed understanding of grace and intrinsic human worth, then by any measurement it was not Christianity. The truly sad part is that he convinced millions of Christians to adopt this same world view for more than 20 years, allowing it to hurt a lot of people before it became popular for leaders to finally speak out against it. Sorry, Josh, but an apology doesn’t let you off the hook.

But this failure wasn’t just of Harris’s own making: It was the complete failure of church leaders everywhere in elevating Harris’s status to a Christian leader. Harris was a mere 21 years old, and hadn’t even been to seminary yet when he wrote the book. Rather than rightfully dismissing his book as yet more of the trash writing of that era, the inexperienced youth leaders of that time (many of whom also lacked formal training) saw a way to get kids to act responsibly, without considering the consequences of his legalism. From piecing together accounts online, Harris’s own church reeked of a world of deep-seated problems, including sexual abuse coverup, leadership abuses of power, control and manipulation of their congregation, and overt legalism running rampant. The church had become so damaging, much of his congregation ended up leaving, and there’s an entire blog dedicated to victims trying to recover from Harris and the rest of his church’s leaders. Indeed, it’s very telling to see the kind of culture his book came out of, and the horrifying fruits of it. When you read that Josh Harris has departed Christianity, this appears by all accounts to be a very good thing for Christianity.

Continue reading “Christianity and the Cult Phenomenon”

Iceland’s Over-Tourism is Changing The Country

There’s a long held belief in the concept of “leave no trace” when visiting a place, but there’s one very noticeable artifact western tourists have been leaving on Iceland that you unfortunately can’t simply pick up and throw away. With tourism growing 500% in Iceland over the past decade, western tourists have placed higher demands on the country than it’s been capable of adsorbing without affecting the country’s foundations. While the economy in Reykjavik has no doubt experienced a boost, this has come at the expense of cultural and geographical changes that are not necessarily welcome by many Icelanders.

In 2010, the number of international visitors to Iceland was 488,600. As of 2017, that number swelled to 2,224,600. As a result, Iceland built out infrastructure. Significant infrastructure including large excavation efforts to build attractions, tour bus companies, and expansion of roads and bridges. During this period, local economies also adapted by building out their own tourist infrastructure within previously rural, untouched cities. The end result has been a very large tourist industry that has both changed the culture and the face of Iceland to conform more closely to western tourist ideals. Much of this change has been driven from the western sense of tourist entitlement which has changed local economies in many ways that are foreign to Icelanders. Money is a powerful thing, and because the economy has become so dependent on tourism, rather than the fishing and farming industry that Iceland used to depend on, it’s become easy to manipulate a country into change that many otherwise wouldn’t want.

Continue reading “Iceland’s Over-Tourism is Changing The Country”

Astrophotography Tutorial: Northern Lights Chasing in Iceland

There’s nothing quite as magical as seeing a bright green and pink Aurora Borealis dancing in the sky. One of the world’s most dazzling natural light displays, the Aurora is produced when charged particles from solar winds encounter our atmosphere, penetrating the Earth’s magnetic field, exciting Oxygen and Nitrogen to produce green and pink Auroras, respectively. It’s not only amazing to look at, but occasionally you can even hear it’s static-like pulses. There’s nothing quite like observing the Northern Lights in person, so of course you’re going to want to capture some amazing memories of it. One of the neat things about Aurora photography is that it’s always changing; there’s always a new dance to capture, and plenty of foregrounds to shoot from. My wife and I have been Aurora chasing for several years now, and have captured her over many trips to Norway, Iceland, and New England, with trips to Labrador, Finland, and more of the world on our short list. Along the way, we’ve picked up a few tricks, and gotten some practice in taking astrophotography in between.

We’ve spent the past two years raising our little girl, Lily, so we hadn’t been traveling internationally for while. This past October, we got back out chasing again (with a junior explorer), so I’ve been brushing up on my skills including my skills at developing these photos, which I’ve updated.


For Beginners: Night Exposure Primer

If you’re new to night photography, you need to be able to get a few things out of your camera in order to shoot the Aurora successfully. Shooting the Aurora requires manual mode camera settings, primarily because the computer inside of the camera isn’t smart enough to expose properly for the Northern Lights in any of its auto modes. You can probably play around with exposure control to get “something” out of it, but manual mode really gives you the flexibility to adjust the shot as you please.

The Aurora varies in brightness, and so the game is to let the camera sit on a tripod and let in enough light so that the Aurora shows up in your photo, but also finding a good exposure for your foreground in the dark. You can then pull out shadows and make other adjustments in Lightroom to develop a single shot, or merge a foreground and background shot together.

Exposure is a “recipe” with three main ingredients:

Shutter Speed: This is how long you let light into your camera. To shoot the Aurora, you’ll leave the shutter open for several seconds to let enough light in. Cosmos took 13 seconds of exposure with a very bright presentation of the Aurora. Most Northern Lights shots take 20-30 seconds with a wide open aperture to get a good frame.

Aperture: This is how wide your lens’s iris opens; the wider it opens, the more light it’s going to let in. A smaller f-number gives you the wider aperture. Typically, you want a lens that can shoot at f/2.8. If you go any wider (such as f/2 or f/1.4), then your depth of field will be so shallow that either your foreground or your background may be blurry – like opening your eyes really wide does. Really wide f-stops can also cause a lot of coma in some lenses, causing tiny pinpoints of light, like stars, to show up as flares. On the other side of the dial, the narrower f-stops are like squinting your eyes, giving you less light for your exposure. While f/2.8 seems to be the sweet spot, I’ve seen pictures turn out well at f/4, you’ll just have to boost your ISO or use a longer shutter speed. Other photos at f/2 can similarly turn out well, but your focus must be impeccable.

ISO: This is how sensitive you set the camera’s sensor to be to light. The higher the ISO, the grainier your picture, so you want this to be as low as you can get away with. Typically, Aurora shots require around ISO 1600 or even 3200, although if it’s really bright, I’ve turned my ISO as low as 200 and gotten good results. That is atypical, though. Most of my shots are ISO 1250 or 1600. Generally, the higher ISOs tend to give you better definition of the Aurora, due in part to the sensor being more sensitive, but also due to the faster shutter speed it gives you. So if you’re watching some amazing shapes take form in the sky, you might try ISOs 2000-3200 to capture some of that definition; you’ll just end up needing to be more aggressive with your noise reduction.

These three ingredients (shutter speed, f-stop, and ISO) affect how much light your camera takes in during a single shot. If it takes too much light in, your shot can be overexposed. Too little, and the Aurora will be too dark, or the foreground could turn out a dark silhouette (which may be desirable). Lightroom, Photoshop, and DxO are all great at pulling out shadows or adjusting your highlights to develop the frame. If you have a camera with good dynamic range, you can pull a lot of detail out of your image, even if it isn’t perfect. You’re also in a race against time. As the Earth rotates, stars move, and so to get a really clear shot of the sky, the typical rule of thumb is to expose for 30 seconds or less. Your foreground shots, however, can take as long as you like.

Most cameras, when put in auto mode, try and expose for the entire scene, and aren’t smart enough to know that you’re trying to shoot the sky. If you leave your camera on auto, you’re likely to just shoot a black sky. Manual mode lets you boost the amount of light coming in by manually changing these three things.



I can’t tell you how many times we’ve run into someone back at the hotel who saw a beautiful Aurora and came back with photos of darkness because their mobile phone (or tablet, yeesh) didn’t pick it up. While the Aurora can be quite bright to the naked eye, typical mobile devices just don’t have the ISO range to pick it up well. Most mobile sensors can only stretch to about ISO 640, and don’t have a long exposure setting by default. You can’t just take an Instagram of the Aurora, unfortunately – at least a good one. I’ve heard some people, with use of a long exposure app, have been able to get their camera phone to shoot “something”, but I wouldn’t recommend trusting such a unique and fleeting moment to a cellphone. There’s nothing more depressing than spending all that money on an amazing vacation, being surrounded by a gorgeous Aurora, then getting home and having terrible photos. I advise spending the money on a good camera system.

Any good SLR (and some mirrorless cameras), with a manual exposure mode, should be sufficient to capture a good Aurora. The only reason I say “some” mirrorless cameras is because many of them are unable to focus or show anything in live view in the dark, whereas a DSLR allows you to see through the lens to focus rather than on a screen. So if you’re looking at a mirrorless, make sure it can focus in the dark, and that you can actually see stars on your viewfinder.

I presently travel with a Nikon D850. It is the camera with, in my opinion, the best dynamic range available today (even over above the Sony a7R, the Canon 5DS, and most others). Dynamic range is very important when doing any kind of night shooting, as exposure is often a game of guesswork. Having good dynamic range means the ability to pull out shadows from underexposed photos, and recovering highlights from overexposed ones. For this, high end Nikons are king. Dynamic range suffers as you approach the higher ISOs as well, so squeezing every bit of DR that you can out of your camera can really come in handy. This isn’t a must – my wife shoots with a Canon 5D3, which has a very nice color rendering, but she’s also more limited in post processing capabilities and so takes a wider range of exposures to be confident in the results. The Canons tend to develop more color noise when pulling out shadows, while the Nikons are generally more uniform. At worst, I’ve seen the older D810s develop a slight magenta cast when pulling out extreme shadows, however this can be much more easily corrected than random color noise. It also seems to be gone in Nikon’s newer D850. If you have the perfect recipe, you can get a good exposure out of almost any camera, but the key is having the perfect recipe. When you’re out in the cold, with the wind whipping around, and have only a few minutes to make decisions, you’re almost never going to have the perfect recipe – even if you’re experienced. Good dynamic range covers over a multitude of sins.

One other thing you’ll need is a good tripod. I use a carbon fiber Gitzo tripod and Really Right Stuff pano head – in Iceland, we are subject to heavy gusts of wind, strong tides, and black sand whipping around and getting into all the things, so having a good solid tripod with steel spikes and good quality parts can really help to produce sharp photos and prevent equipment failures. When I say equipment failures, I mean my old Benro that literally snapped in half in the extreme cold. You’re going to be doing long exposures, anywhere from a few seconds to a few minutes, possibly exposed to wind, ocean tides, snow and ice, and so a sturdy and reliable tripod is a must to avoid irreparably blurry photos. It’s worth the coin.

While most shots don’t need to exceed the camera’s maximum 30 second timer to shoot the Aurora itself, you may choose to shoot a second frame at lower ISO to get a less grainy foreground. The shot Elemental isn’t a Northern Lights shot, it’s a Milky Way shot, but the same technique can be used. I took one shot of the Milky Way at 30s, and then exposed for the foreground at a much lower ISO for 8 minutes.

I did the same thing again with The Raven’s Nest a few years later. A 30-second exposure for the sky, followed by a 10-minute exposure @ ISO 800 for the foreground gave me good light, rich colors, and exceptional detail.

Shooting at f/2.8, ISO 3200 for 30s is also a good go-to setting for capturing the beams of light shooting from lighthouses. I used this setting in Illuminate, and then dropped the ISO to 320 to capture the lighthouse in better quality. I then applied a green filter to reduce the amount of red in the photo, and further desaturated the red in the lighthouse layer. A lot of people think the beams are faked in photos like this, but the camera, in fact, captured them superbly with this recipe. A lighthouse with a red lamp also gives you a beautiful purplish rendering of the sky.

I used the same technique in Piercing the Darkness. This time, the white lamp of the lighthouse allowed the colors of the Milky Way to be more pronounced. The residual light from the station allows you to drop your ISO without needing to increase your exposure time.

If I’m shooting something with a more defined foreground like this, I’ll typically shoot a second, longer exposure to capture it in a separate frame (I’ll explain merging later in this post), and that can take several minutes of shutter time. For this, you may need a remote timer for your camera. Some cameras (such as the D850) have a manual mode that can do >30s long exposures without a timer (on the D850, it’s designated as “–” past bulb mode), however having a timer will give you less arbitrary exposure times. Alternatively, you can just pull out shadows, however you may get slightly grainier results. This is what I did with Where the Wild Things Are. It looks fine on the screen, but I also have a large print of Elemental sitting on my wall, whereas this shot will probably not make a great gallery size print.

Lastly, a good lens makes all the difference. I shoot at night primarily with a Zeiss 15mm f/2.8 Distagon Classic. Another superb lens I’ve used is the Nikon 14-24mm. The Distagon is not a cheap lens, but has many benefits to night photography. A wide open prime at f/2.8, it is sharp from corner to corner and has very low coma. This is very important when you want the pin points of the stars in the sky to look sharp, where other lenses will show stars as blobs in the corners (although even the best lens can’t stop the stars from moving on you). The original Distagon 15mm “Classic” lens is now discontinued, but you can often find them $1,000 cheaper than the new Milvus lenses, and uses the same exact formula. The only differences between the two are the new, sleeker design, the rubber focus ring (I like my steel ring better), and weather sealing. I’ve shot my “Classic” since before it was called a classic, gotten it soaked at the bottom of several waterfalls, and not once did the lack of weather sealing present an issue. According to some reviews, the Milvus version of the lens delivers degraded optical quality for unknown reasons. With identical optical formulas, this could be attributed to production line quality, or more likely issues with the new anti-flare coatings. If you’re shooting astrophotography, you don’t need an anti-flare coating, so I kept my Classic to get a slight edge on image quality.

The 15mm and 21mm Zeiss Distagon ultra-wide angle lenses have a manual focus with a hard stop at infinity that do a good job stopping where they’re supposed to, at least in cold fall weather. A hard stop at infinity is really helpful at night, when everything looks pitch black through the lens. Infinity can be a tricky business, and depending on the materials used in the lens, true “infinity” focus can even vary with temperature. This is true of the Nikon and Canon lenses (and others) made with plastic or fluorite components. Zeiss lenses are all metal, and to my knowledge do not use fluorite elements (which can thermally expand, shifting focus). My other three Distagon lenses (25mm Milvus, 35mm Milvus, and 55mm Otus) go well past infinity, likely for reasons including defocusing, infrared, etc.

It’s always best to manually focus by eye when you can, but the Zeiss hard infinity stop is really helpful when you’re groping around in the dark, and can’t see a thing through your viewfinder; it’s reassuring to know that (with these two lenses, at least) you don’t have to mess around with your focus – you just turn the focus ring until it stops. I’ve heard some people in forums claim that it isn’t true infinity, but I’ve had very good results using it with these two Distagons. Much of it may still depend on environmental factors – the crisp cold night air certainly helps to prevent any lens elements from expanding or causing refraction problems, but I suppose shooting the same lens in tropical climates could potentially give you different results. At the very least, Zeiss’ stop should get you good results as narrow as 2.8 in cold temperatures. I’m sure someone could argue that a tiny bit of fine tuning is still necessary to get the ideally perfect focus, and this may be more noticeable in daylight. For low-light, however, the infinity at least works “well enough” for the many gallery photos I’ve printed, and I’m more likely to have issues with star trails or the tide shifting the sand under my tripod than I am focus.

This all sounds like a lot of expensive gear, and if you’re just a tourist type of person, this section on equipment has probably overwhelmed you and your wallet. If you’re just looking for touristy type memories that make good screensavers (nothing wrong with this), you can get away with an inexpensive DSLR and tripod, and spend less than $1,000. If you’re looking to produce gallery quality prints, obviously you get what you pay for in terms of equipment. If there is a law of diminished returns in photography, it’s buying expensive gear that you don’t know how to push to its limits… I recommend getting whatever gear complements your skill level, maybe with a little room to grow.


Tracking the Aurora

The Aurora is most active in the fall and winter months. People often say that it has to be cold, but I’ve found this to be only because the cold seems to drive away the clouds to create a crisper sky… I quite prefer some clouds in my astrophotography. The Aurora has shown up for us on evenings when it was as warm as 50F. Even the weather guys can’t consistently predict the Aurora (come to think of it, he can’t predict the weather very well either), so I wouldn’t put much weight on such advice. The slightly more reliable way to track the Aurora is to check these websites:

Space Weather Live Aurora Forecast http://www.spaceweatherlive.com/en/auroral-activity/aurora-forecast

University of Alaska Geophysical Institute http://gi.alaska.edu/AuroraForecast/NorthAmerica

NOAA 3-Day Auroral Forecast http://www.swpc.noaa.gov/products/aurora-3-day-forecast

NOAA Real-Time Aurora Map http://services.swpc.noaa.gov/images/aurora-forecast-northern-hemisphere.png

The forecasts can sometimes be hit or miss, but they’re a reasonable guide. It’s always good to keep an eye on the real-time map, as sometimes unexpected spikes in Auroral activity take place, and they will be visible only on the real-time map. Like I said, they still can’t predict it well.

Checking the weather forecast is important too, of course. If it’s going to rain, you likely won’t see much of the Aurora. In Iceland, the rain can let up for short periods of time (unless you’re in freaking Vik), and give you clear skies long enough to see the lights. The shot Aurora Over Kirkjufell was taken in between hail storms, in which our car was getting bombarded with wind, hail, and rain… then five minutes later the skies were clear and it looked like it was going to be a nice night. We got off maybe five photos before the hail storms started again. What an amazing night!

The most important tip I can give you when dealing with the weather is to never give up the evening. Storms unexpectedly clear, pockets of clear sky can creep by, and if you’ve given up and are lounging in the hot tub, you’re going to miss your chance. The hot tub will be much more satisfying if you know you’ve nailed your shots from earlier in the night. The earlier shot Where the Wild Things Are was one frame amongst 50 others that I discarded due to heavy clouds, car headlights from oncoming traffic, and tourists being idiots with their flashlights, wrecking half my shots. That one frame was worth the trouble.


Hotel Planning

If you’re planning on shooting the Aurora over a specific feature (such as a waterfall or near water), it’s a good idea to stay at a hotel close to your spot. Even on a bad night, the Aurora may still appear for 10-20 minutes, before being covered by clouds. We stayed at Hotel Gullfoss for one evening, which is a two minute drive from the massive Gullfoss waterfall. Geysir Hestar is a horse farm only a few minutes further away that also rents cute cottages. Both stays, we were able to hike out to the waterfall and shoot for an hour before cloud cover and rain set in. A clear sky was not on the forecast anywhere for those nights.

While in your hotel room, you can periodically check for the Aurora with your camera. You probably won’t see it with the naked eye from the inside, since they’re not adjusted. Instead, aim your camera out the window and shoot at f/2.8, ISO 3200, 10s. Just rest it on the window sill or hold it – it doesn’t really matter if it gets blurry. If you see any green, then you know the Aurora is getting charged up outside, and you can make your way to your shooting location. You could also just be a normal person and go outside to watch for it.


Another good place to stay if you’re in the area is Hotel Höfn; this hotel is at the end of a peninsula, with a nice rocky beach shore just across the street and down a short path. The water here is nice and calm, and makes for some great reflections with a strong, rocky shoreline. It’s only 15 minutes away from the Vestrahorn at Stokksnes, as well, which makes for some fantastic sunrise photography.

Composing the Shot

When shooting the Northern Lights, having a strong foreground can really make for a great shot. Watching her dance above the water, or a mountain, or something discernible, really adds a sense of scale to the photo.There is no short supply of bad Aurora photos with no foreground on Facebook, but my wife seems to create stunning artwork breaking all the rules, such as with A Little Magic… so take this advice with a grain of salt.


A Little Magic
Canon 24mm, f/2.8, 15s, ISO 3200

Some of my favorite places to shoot the Aurora are:

  • Over still water, from the shore of a lake, pond, or lagoon
  • Over a waterfall where you’ll get a nice sheen on the water
  • Using the silhouette of trees or a mountain as a backdrop
  • Any landscape you’d normally shoot during the day, that has high enough contrast to see some texture in the terrain.
  • Any foreground with lines leading into the Aurora.

Most compositions I see are typically 2/3 sky, 1/3 foreground, or 50/50, however as with everything else, it all comes down to what you like. Some of my favorite shots are 2/3 foreground, 1/3 sky, but it works with the reflection.

When you’re near still water, look for the reflection of the Aurora. Especially when she’s dancing, you’ll find that shooting at just the right angle can make the reflection a fantastic leading line into the rest of the shot. When composing your shot, you can use Nikon’s live view to view the scene at a higher ISO, which may be better than looking through the eyepiece in some cases.

Turning your camera vertical will give you more sky to work with, or can also help you to bring the foreground in more dramatically when using a wide angle.



Focusing can be tricky; the goal is to focus out to infinity. If you have an auto-focus lens, it’s likely going to be too dark for the auto-focus to kick in, and so it will end up hunting, which will leave you out of focus. My wife shoots with a Canon 24-70mm, and so we’ve had a lot of practice focusing her lens. Unless you’re willing to spend the money on a Zeiss, I recommend one of the following methods, they’ve worked well for us in the past:

  • Stars Approach. Turn the lens to manual focus, compose your shot, then turn the focus ring until the stars become tiny pinpoints. Take a test shot, then zoom in at 100% on your screen to ensure that you are really in focus.
  • Flashlight Approach. Figure out what the maximum focusing distance of your lens is. If you’re shooting a wide angle, it’s probably around 15 feet. Now use a bright flashlight to shine light on a tree, rock, or anything past that range, and use your camera’s auto-focus to lock focus. Once you’ve done this, immediately switch the lens to manual focus, otherwise it will hunt again. Take a test shot of the sky, then zoom in at 100% on your screen to ensure that you have a solid focus.
  • Find Anything Behind You Approach. As long as you exceed the maximum focusing distance of your lens, you can focus on anything you want off in the distance. If there’s a lit building behind you, that works, or if your car keys will work from where you are (and the car exceeds your focus distance), you can click the lights on for a minute to focus on it with auto-focus…. then switch to manual focus, take a test shot of the sky, and zoom in at 100% on your screen to ensure you have solid focus.

Be sure to frequently check your focus to make sure it’s still good. If you wipe some water off of your lens, you could easily throw it out of focus. Even on a dry evening, you’re going to likely be shooting at f/2.8 (to let the most light in), and so your depth of field will be quite shallow. If your focus gets knocked off of infinity, you could end up with blurry photos. What looks in focus on a 2 inch screen may be incredibly blurry, so zoom to 100% often. On one trip that was a family trip for us, my son lost an entire string of shots because they looked crisp until later on when he zoomed in.


Exposure and White Balance

Depending on the brightness of the Northern Lights, you’ll be anywhere from a few to 30 seconds. The shorter your exposure is, the more defined the Aurora will likely be (unless it’s behind clouds, in which case you’ll just have green clouds). Longer periods of time will get you a creamier Aurora. I recommend starting out with f/2.8, ISO 1600, 15s, and then fine-tune from there to get the right exposure. It is possible to blow out the Aurora highlights, so make sure to turn on your blinkies.

A note on ISO: The higher the ISO, obviously the grainier the photo. High ISO also reduces dynamic range, which you’ll want to pull out shadows in processing. On very bright nights, you may be able to drop your ISO by a lot and shoot longer exposures. One night, the Aurora was so bright, I was able to shoot her at ISO 200! You’re going to get the cleanest photos with the lowest ISO; the trade-off is that you’ll be shooting longer, so you’ll end up with a creamier Aurora. Take several shots at different settings, and figure out what you prefer.Another benefit to shooting at low ISO, when possible, is that you increase your dynamic range, making it easier to pull out shadows without grain. This is one reason I recommend taking a longer exposure specifically for the foreground, and blending it.

As for white balance, I strongly advise shooting in raw. Even with the proper white balance, you’re going to want to tweak it when you get it into Camera Raw or Lightroom. Developing Aurora shots will give you a bit of a monotonous green cast unless you adjust your white balance. Even if you nail the greens, there is so much green surrounding you that the true colors of the foreground tend to get bleached out. I tend to slide the tint up toward magenta (the opposite of green) or drop the color temperature a bit to reign in the greens and bring back the rich crystal blues of the icebergs, for example. There’s often a dissonance between what your eyes perceive and what your camera records, so minor correction is often necessary.

It’s important to shoot a gray card so you can calibrate in processing. I find auto-calibrating on a glacier or other white-gray object will get you in the ballpark, but a gray card is so much more useful in post processing. When the lights come out and you’re so excited to take some photos, just remember not to leave the gray card sitting in your bag.


Exposing for the Foreground

As I’ve mentioned, while shooting the Aurora, expose some longer frames of the same scene for the foreground. For shots with a very dark foreground, try a second longer exposure at lower ISO (around 800 or below), and then blend them together using Edit | Auto-Blend Layers in Photoshop, or a simple mask with some reasonable, but not overbearing level of opacity. As a personal ethos, I don’t believe in light painting. (I’ve tried it. It feels artificial. Maybe useful for very limited effects). So some exposures may take as little as 30s to get the foreground, while others may leave me standing there for 5-10 minutes. In my opinion, it’s worth it, and lets me render the frame honestly, but without the limitations of the technology I’m using. You can use a lot of noise reduction on the Aurora, but notsomuch on the foreground. Lately, more and more of my photos are done in a single shot, using a double exposure (calibrating for the sky, then re-opening the same photo calibrated for the foreground, and blending them), adjusting the noise reduction I use for each. You can try it a number of different ways until you find the process that works for that particular frame.

In manual mode on the Nikon D810, you can move the shutter speed past bulb to get “–” on the display. If you haven’t read your manual, this is actually a really cool feature. You can press (and release) the shutter once to begin the exposure, then press it again when you’re ready to end it. You can sit there as long as you want exposing in the mean-time, without a timer. While I wouldn’t recommend this with a telephoto shot, you’re not going to notice any camera shake doing this with a wide angle over a long exposure. It’s especially harmless if you set a timer and exposure delay mode to start the exposure, as you should be doing anyway.


Focus Stacking

One night, when the Aurora was very strong, we drove out to the black sand beaches across from Jokulsarlon glacier lagoon, and took some shots of the Aurora lighting up the ice. Getting such a strong foreground required some focus stacking. This is where you take two or three shots: one for the Aurora, and one or two for the foreground, then change the focus of the latter shots so that different parts of the icebergs are in focus. You can then use Edit | Auto-Blend Layers to stack them in Photoshop.

Light Pollution

Just as you’d need to overexpose a shot to capture the foreground, you may find that you need to underexpose a shot in order to tone down surrounding lights in the area. I’ve seen several professional photos where the photographer forgot to underexpose a frame for this; the lights always seem to draw the eye away from the real feature of the shot.

Cutting your shutter time (or better, your ISO) in half should get you somewhere in the ballpark; be sure to review your images to see what it takes to take the edge off of any background lights. You can then blend this with your Aurora shot to get a well balanced final.


Demo photos in tutorials rarely show what the photographer is actually getting straight out of the camera, so I thought I would cover that here. If you’re doing it right, you should already have a decent shot to work with straight out of camera, perhaps needing some white balance adjustment. If you’re having to do a heavy amount of post processing just to get here, review your camera settings and make sure your exposure is correct. Note: the exif tags are still intact if you want to visit the exact point I got this shot.



At this point, most of your processing will likely consist of camera raw tweaks: adjusting the white balance / tint to bring in the colors of the foreground, whites (to raise or lower the intensity of the Aurora), shadows (to bring out the foreground), tone curve adjustments, noise reduction, and perhaps a touch of clarity or dehaze, to add definition.

A few other things you’ll want to consider in processing are to turn sharpening to around 25-50%; now option+click+drag the Masking slider until only the stars and some of the foreground are masked in white. This will sharpen these things, but leave the Aurora alone. Of course, if you’re shooting ice or some other strong foreground, you’ll want to selectively sharpen for that. Ice sharpens well with a strong unsharp mask too (also have a look at “Smart Sharpen”).

For noise reduction, I recommend processing the foreground and the Aurora separately, even if you’re using the same image file. Reason being, you can be more aggressive with the Aurora than you can with the foreground. You may also want to have a darker and contrastier sky, without the shadows or blacks turned up. Grainy foreground shots can benefit from a high color noise NR (“Color”), with minimal luminosity NR (“Luminosity”). Aurora shots are the exact opposite.

To merge two images together, copy one photo’s background as a new layer into the other. You can then try the Edit > Auto-Blend Layers tool, although that only works well some of the time. I quite prefer doing it by hand using masks. Simply click the mask icon to create a mask, then paint black or white onto it in parts you want to either reveal or conceal. I often also mask using luminosity channels.

If you haven’t learned how to create luminosity channels yet, I use this technique to make targeted adjustments to various levels of shadows, midtones, and highlights, allowing me to fine-tune the photo’s balance. It’s also a subtle blending technique when using a particular channel as a mask. For example, if you have a photo with a developed foreground and one with a  developed sky, you  can use the highlights as a mask in this fashion.

To create luminosity channels, click the Channels tab in Photoshop. Command-click the RGB channel. This will select highlights. Create a new channel named Highlights 1 using this selection as a mask. Next, bisect the  channel with itself using Shift-Option-Command and clicking on the Highlights 1 channel you just created. This will create an even deeper highlights selection.  Name this channel Highlights 2. Repeat until you get three to five different highlights channels. 

Once you’ve created the highlights, you can create channels for shadows by selecting the highlights again (Command-click the RGB channel), then invert the selection and bisect it in the same way to create multiple shadow channels. Lastly, to create mid-tones, simply subtract the shadows and highlights channels from each other. By the time you’re finished, you should have three to five channels for each. This works best by creating an action, or you could simply download the free TK-Panel to create them for you.

Color Correction

If the Aurora is particularly bright, the green may drown out the colors from the rest of the photo. Adjusting the white balance and tint when loading your raw into ACR will certainly help to subtly bring back some of the original colors. Additionally, you can use Photoshop’s Color Balance tool as well as ACR’s brush adjustment tool to make deeper corrections, if necessary.

One of the most useful tools I’ve applied has been using Threshold combined with Levels to reset the black and white points of the image. Brent Paull has a great tutorial on using Threshold. This typically restores the depth of the original colors, but can initially make the photo extremely grainy because it’s too brightened up. Further adjustments to levels can help to bring the photo back to its native brightness levels, while leaving the richness of the colors.

Another thing I’ve noticed is that the magentas can sometimes creep into your photo by using this method, turning blues to purple. You can use channel mixer to remove some of the reds and restore a blue sky, instead of a purple one (although purple and green does look pretty cool together).


Noise Reduction

Too much noise reduction can cause pixelation and banding. This is true of Photoshop’s NR, as well as many other software packages. Much of the time, what you really want is the opposite of noise reduction: introducing noise. Adding noise to a grainy spot on your photo (e.g. a cloud, fog, etc) can smooth out the area, reduce banding, and accomplish what you thought you could do with noise reduction. After you’ve performed modest NR on your photo and are finished with any other touch-ups, make a copy of the layer. In Photoshop, go to Filter | Filter Gallery and find the Spatter filter. Turn it all the way up to 25, with a smoothness of 1 and hit OK. Your layer will turn to mush. Now hit Option-Mask to create an all black mask, and choose a white brush with 20-35% opacity. Paint over the problem area with the brush and watch the noise you introduce smooth it out. You’ll want to be particularly careful around edges, as they can get lost if you simply paint over them. Dark edges can also cause the spatter to start appearing dark in some areas, so you’ll need to be careful to just add noise to the parts you need.

If you don’t want to go through all the hassle, I recommend Topaz DeNoise AI. It is by far the most superior NR plug-in I have seen, and outperforms Photoshop, Nik Dfine, and many others.

Orton Lights

Another technique I’ve recently learned, that’s helped in a way I hadn’t anticipated, is the use of Orton lights. Orton lights have been long overused in photography to create the dreamy, soft-focus effect in photos. It has such an effect on Aurora photography as well, but because of the way that gaussian blur is used, it can also help to soften noise in waterfalls or other noisy areas in night shots.

To add an Orton layer to your photo, create a composite layer containing all of your current changes (e.g. Shift-Option-Command-E). Now use Filter->Blur->Gaussian Blur. Set the strength to them megapixel size of your photo (e.g. Nikon D810 is 36MP, so you’d use 36). The layer will become mush. Now add a generous amount of contrast and a small amount of brightness. Blend the layer on Soft Light at about 8-10%. You’ll see the dreamy effect show up pretty nicely. You may also choose to mask out the shadows using a luminosity channel so that the effect only applies to the highlights and midtones.


Lights Over Fláajökull by Jonathan Zdziarski on 500px.com

Using an Orton layer also helps to make the Milky Way look more, well, milky. By blurring the highlights a bit, you get away from those overly-sharp, and often sterile, looking star shots, and instead convey a really nice warm rendering.


So you’ve got a nice photo perfectly balanced, with the colors and contrast the way you like them, but it still looks somewhat incomplete. One trick I use to add a nice satin looking finish to my screen photos is to adjust the offset and gamma to add a nice cast over the photo. You can do this with the exposure adjustment layer in Photoshop.

Fine adjustments are all that’s needed. In the photo below, the left half is how the photo looks in post, the right half is after adding this finishing adjustments.


I’ve tried several different inkjet processes through various labs and photo finishing companies – none of them have been able to retain the green and blue highlights to my satisfaction. The Epson printer and paper did a halfway “decent” job on the greens, however completely clipped the blue highlights. Other labs would clip the greens, leaving the Aurora like a blob.   Neither were suitable for gallery or customer prints. I tried calling Epson several times, but was unable to even reach someone who spoke English well enough to understand my questions.

The best process I was able to find was using a lab’s chromogenic process on darkroom paper (Fuji Crystal Archive). The Chromira prints offered by West Coast Imaging filled the bill here, and they were able to run all of my Aurora shots flawlessly and quickly for an upcoming gallery. It’s been argued that inkjets have a wider gamut than chromogenic, and that may or may not be true, but when it comes to these specific highlights, it seems that all inkjets I’ve tried fall short. Here’s the proof copy from WCI; you can’t see the intricate details I’m talking about, but this should give you a general idea of what you’re looking for.

When adjusting your Aurora photos for print, be sure to use your printer (or lab) color profile and soft proof it in Photoshop. Also be sure to turn on the Gamut Warnings option so that you can see all the areas (highlighted in gray) where your highlights are likely to clip. This can really help to get a decent looking image for print, even if you don’t want to pay top dollar for c-prints.


Be careful, and always carry a bright flashlight with extra batteries. If you’re in unfamiliar territory, bring a hiking stick with you. Even if there’s no snow on the ground, I strongly advise cramp-ons or ice bugs. Just hiking around the Flaajokul glacier left a lot of slippery frost on the rocks in the evenings.

Be especially careful to watch the tides when shooting on a beach. The tides in Iceland can be downright deadly, and if they don’t kill you the current will. The beach we shot on had eaten a car the year prior, and they never found the car. I always recommend unpacking the gear you’re going to use, then wearing the rest on your back, so you’re ready to run if need be – this has saved my gear (and my rear) a few times.

If you happen to shoot icebergs, like we did, be especially careful around them as they may still launch afloat when the tide breaks. These chunks weigh thousands of pounds, and one nasty wave can throw one on you.

Always do this with someone else, and consider bringing a guide with you who knows the area.

Other Tips

Do a lens check with your flashlight every ten minutes or so, to make sure that mist from waterfalls / waves / etc has not misted up your lens. Otherwise, you stand to lose your entire evening’s worth of photos from water spots.

Once you get back to the hotel, let your lens and camera dry off and come up to temperature before attempting to remove the lens. Otherwise, you run the risk of leaving sensor spots either from condensation or from direct contact with water. This is especially true if your camera has been near waterfalls.

Always bring lens and sensor cleaning supplies with you on a trip.

We haven’t had any problems with our lenses fogging up, but some other night photographers have discussed this in their own blog. I think the trick is to buy good quality glass, firstly, but also to give your camera and lens a chance to acclimate to the outdoor temperatures before removing the lens cap. If you’re keeping your hotel room a tropical rainforest, you’re most likely going to experience fogging when you go into the cold. Give your cameras just a little bit of time to get used to the cold weather. If you do fog up, just wipe it off and keep shooting – eventually it will adapt. I suppose defective lenses (or really cheap lenses) might have this problem more often… if you run into this, one photographer I know of apparently used hand warmers to keep the lens warm. This seems counter-productive to me, as you want the lens to cool down to ambient temperature so that it doesn’t fog up… this seemed to work for him at least.

Always bring extra cloths, as they become useless should they get wet after wiping down a misted lens a few times.

Be a Good Tourist

Please read this essay I wrote about how tourism has changed Iceland, and remember to be a good tourist. Remember that you’re a guest on other people’s land.

Have Fun!

Having some great photos to take home is awesome – but don’t forget to take some time to just sit with your honey and watch the Aurora dance. It’s quite a spectacle!


Living with Depression in Tech

I’ve been trying to avoid writing about depression for a while now. Almost nobody in tech wants to talk about things like this. A stigma still very much exists around mental illness, and in tech with all its flaming, trolling, and fragile manhood egos, people have learned to be thick-skinned. It’s taken me years to realize that I never stopped struggling with depression throughout my dysfunctional childhood, and I’ve carried it through my teens and adult life with me. I was diagnosed and medicated as a teen, but didn’t fully understand that it still haunted me, playing the same old record grooves in my brain in adulthood. As my thyroid disease began accelerating, I needed to work even harder to maintain balance or the world would come crashing in. Struggling through my career and relationships, things became easier after I understood what was going on inside of me. I feel a certain responsibility to bring to light what is likely a widespread issue in the tech community.

Depression can manifest itself in various forms for different people, and my story isn’t “everyone’s” story. I can only write from my own personal experiences. Most of this has had lifelong personal struggles unrelated to work, and while one can probably deduce this, the focus of this post is handling professional challenges. You might identify with some of these issues, and that’s great if this post helps, but it also shouldn’t be used for self-diagnosis. Depression has been far worse than the details I’m willing to share publicly, and if you think you may be depressed, you should seek professional counseling.

I have no background in psychology; I’m just sharing what works for me. I have no background in medicine either, and having been on and off medication, I can’t recommend one way or the other. I do know that all medication has its limits, so learning how to cope is an important part to having a complete life plan. At the end of the day, I can’t solve your depression (or mine), but I can share how I’ve coped with it, and won some victories. This is a survival story that hopefully might have some meaningful advice for others.

Continue reading “Living with Depression in Tech”

How Social Media Changed Us

The current young generation will soon have grown up without ever knowing what it’s like to not have social media. They’re also growing up without a sense of how society was before social media came into play. Whether you use social media or not, it’s likely affected your life because it’s changed how people relate to one another – including you. While there are many good aspects of social media and the concept of bringing people together, there are also many negative changes it’s had on how we relate to one another.

I’ve spent a lot of time observing others and how social media has affected them online over time, and seen the problems it can create. For me personally, I’ve never been happier to be off of social media than the past year or so when I finally ditched Twitter for good. Twitter is a creepy and toxic place, which seems to be exactly what their CEO wants it to be. I found that I didn’t like the person I had to become in order to stay on it. Most social media is a dumpster fire, but Twitter was a particularly awful experience. It simply isn’t worth the stress and distraction in order to relate to a bunch of randos on the Internet whose only goal in life is to cause misery. Social media doesn’t deserve to have the power to change you, but they do. Getting back to the humanity of relationships is almost like waking up from a bad dream: you’d almost forgotten the goodness in what normal relationships with others (professional, friendships, etc.) feels like.

So at the risk of the next generation never knowing what it’s like to have a normal relationship with others, I’ve written down  just a few of the things that are important in building friendships and other types of relationships – things social media seems to have endangered… at least, from the perspective of this old Gen-X’er. Writing all of this makes me really miss how people were before social media existed.

Continue reading “How Social Media Changed Us”

Joining Apple

I’m pleased to announce that I’ve accepted a position with Apple’s Security Engineering and Architecture team, and am very excited to be working with a group of like minded individuals so passionate about protecting the security and privacy of others.

This decision marks the conclusion of what I feel has been a matter of conscience for me over time. Privacy is sacred; our digital lives can reveal so much about us – our interests, our deepest thoughts, and even who we love. I am thrilled to be working with such an exceptional group of people who share a passion to protect that.

Attacking the Phishing Epidemic

As long as people can be tricked, there will always be phishing (or social engineering) on some level or another, but there’s a lot more that we can do with technology to reduce the effectiveness of phishing, and the number of people falling victim to common theft. Making phishing less effective ultimately increases the cost to the criminal, and reduces the total payoff. Few will argue that our existing authentication technologies are stuck in a time warp, with some websites still using standards that date back to the 1990s. Browser design hasn’t changed very much since the Netscape days either, so it’s no wonder many people are so easily fooled by website counterfeits.

You may have heard of a term called the line of death. This is used to describe the separation between the trusted components of a web browser (such as the address bar and toolbars) and the untrusted components of a browser, namely the browser window. Phishing is easy because this is a farce. We allow untrusted elements in the trusted windows (such as a favicon, which can display a fake lock icon), tolerate financial institutions that teach users to accept any variation of their domain, and use a tiny monochrome font that can make URLs easily mistakable, even if users were paying attention to them. Worse even, it’s the untrusted space that we’re telling users to conduct the trusted operations of authentication and credit card transactions – the untrusted website portion of the web browser!.

Our browsers are so awful today that the very best advice we can offer everyday people is to try and memorize all the domains their bank uses, and get a pair of glasses to look at the address bar. We’re teaching users to perform trusted transactions in a piece of software that has no clear demarcation of trust.

The authentication systems we use these days were designed to be able to conduct secure transactions with anyone online, not knowing who they are, but most users today know exactly who they’re doing business with; they do business with the same organizations over and over; yet to the average user, a URL or an SSL certificate with a slightly different name or fingerprint means nothing. The average user relies on the one thing we have no control over: What the content looks like.

I propose we flip this on its head.

Continue reading “Attacking the Phishing Epidemic”

Protecting Your Data at a Border Crossing

With the current US administration pondering the possibility of forcing foreign travelers to give up their social media passwords at the border, a lot of recent and justifiable concern has been raised about data privacy. The first mistake you could make is presuming that such a policy won’t affect US citizens.  For decades, JTTFs (Joint Terrorism Task Forces) have engaged in intelligence sharing around the world, allowing foreign governments to spy on you on behalf of your home country, passing that information along through various databases. What few protections citizens have in their home countries end at the border, and when an ally spies on you, that data is usually fair game to share back to your home country. Think of it as a backdoor built into your constitutional rights. To underscore the significance of this, consider that the president signed an executive order just today stepping up efforts at fighting international crime, which will likely result in the strengthening of resources to a JTTFs to expand this practice of “spying on my brother’s brother for him”. With this, the president also counted the most common crimes – drugs, gangs, racketeering, etc – as matters of “national security”.

Once policies that require surrendering passwords (I’ll call them password policies from now on) are adopted, the obvious intelligence benefit will no doubt inspire other countries to establish reciprocity in order to leverage receiving better intelligence about their own citizens traveling abroad. It’s likely the US will inspire many countries, including oppressive nations, to institute the same password policies at the border. This will ultimately be used to skirt search and seizure laws by opening up your data to forensic collection. In other words, you don’t need Microsoft to service a warrant, nor will the soil your data sits on matter, because it will be a border agent connecting directly your account with special software throug the front door.

I am not a lawyer, and I can’t provide you with legal advice about your rights, or what you can do at a border crossing to protect yourself legally, but I can explain the technical implications of this, as well as provide some steps you can take to protect your data regardless of what country you’re entering. Disclaimer: You accept full responsibility and liability for taking any of this information and using it.

Continue reading “Protecting Your Data at a Border Crossing”

Slides: Crafting macOS Root Kits

Here are the slides from my talk at Dartmouth College this week; this was a basic introduction / overview of the macOS kernel and how root kits often have fun with the kernel. There’s not much new here, but the deck might be a good introduction for anyone looking to get into develop security tools or conduct security research in macOS. Note: Root kits aren’t exploits; there’s no exploit code in this deck. Sorry!

Crafting macOS Root Kits

Resolving Kernel Symbols Post-ASLR

There are some 21,000 symbols in the macOS kernel, but all but around 3,500 are opaque even to kernel developers. The reasoning behind this was likely twofold: first, Apple is continually making changes and improvements in the kernel, and they probably don’t want kernel developers mucking around with unstable portions of the code. Secondly, kernel dev used to be the wild wild west, especially before you needed a special code signing cert to load a kext, and there were a lot of bad devs who wrote awful code making macOS completely unstable. Customers running such software probably blamed Apple for it, instead of the developer. Apple now has tighter control over who can write kernel code, but it doesn’t mean developers have gotten any better at it. Looking at some commercial products out there, there’s unsurprisingly still terrible code to do things in the kernel that should never be done.

So most of the kernel is opaque to kernel developers for good reason, and this has reduced the amount of rope they have to hang themselves with. For some doing really advanced work though (especially in security), the kernel can sometimes feel like a Fisher Price steering wheel because of this, and so many have found ways around privatized functions by resolving these symbols and using them anyway. After all, if you’re going to combat root kits, you have to act like a root kit in many ways, and if you’re going to combat ransomware, you have to dig your claws into many of the routines that ransomware would use – some of which are privatized.

Today, there are many awful implementations of both malware and anti-malware code out there that resolve these private kernel symbols. Many of them do idiotic things like open and read the kernel from a file, scan memory looking for magic headers, and other very non-portable techniques that risk destabilizing macOS even more. So I thought I’d take a look at one of the good examples that particularly stood out to me. Some years back, Nemo and Snare wrote some good in-memory symbol resolving code that walked the LC_SYMTAB without having to read the kernel from disk, scan memory, or do any other disgusting things, and did it in a portable way that worked on whatever new versions of macOS came out. 

Continue reading “Resolving Kernel Symbols Post-ASLR”

Technical Analysis: Meitu is Junkware, but not Malicious

Last week, I live tweeted some reverse engineering of the Meitu iOS app, after it got a lot of attention on Android for some awful things, like scraping the IMEI of the phone. To summarize my own findings, the iOS version of Meitu is, in my opinion, one of thousands of types of crapware that you’ll find on any mobile platform, but does not appear to be malicious. In this context, I looked for exfiltration or destruction of personal data to be a key indicator of malicious behavior, as well as performing any kind of unauthorized code execution on the device or performing nefarious tasks… but Meitu does not appear to go beyond basic advertiser tracking. The application comes with several ad trackers and data mining packages compiled into it – which appear to be primarily responsible for the app’s suspicious behavior. While it’s unusually overloaded with tracking software, it also doesn’t seem to be performing any kind of exfiltration of personal data, with some possible exceptions to location tracking. One of the reasons the iOS app is likely less disgusting than the Android app is because it can’t get away with most of that kind of behavior on the iOS platform.

Continue reading “Technical Analysis: Meitu is Junkware, but not Malicious”

Configuring the Touch Bar for System Lockdown

The new Touch Bar is often marketed as a gimmick, but one powerful capability it has is to function as a lockdown mechanism for your machine in the event of a physical breach. By changing a few power management settings and customizing the Touch Bar, you can add a button that will instantly lock the machine’s screen and then begin a countdown (that’s configurable, e.g. 5 minutes) to lock down the entire system, which will disable the fingerprint reader, remove power to the RAM, and discard your FileVault keys, effectively locking the encryption, protecting you from cold boot attacks, and prevent the system from being unlocked by a fingerprint.

One of the reasons you may want to do this is to allow the system to remain live while you step away, answer the door, or run to the bathroom, but in the event that you don’t come back within a few minutes, lock things down. It can be ideal for the office, hotels, or anywhere you feel that you feel your system may become physically compromised. This technique offers the convenience of being able to unlock the system with your fingerprint if you come back quickly, but the safety of having the system secure itself if you don’t.

Continue reading “Configuring the Touch Bar for System Lockdown”

Backdoor: A Technical Definition

Original Date: April, 2016

A clear technical definition of the term backdoor has never reached wide consensus in the computing community. In this paper, I present a three-prong test to determine if a mechanism is a backdoor: “intent”, “consent”, and “access”; all three tests must be satisfied in order for a mechanism to meet the definition of a backdoor. This three-prong test may be applied to software, firmware, and even hardware mechanisms in any computing environment that establish a security boundary, either explicitly or implicitly. These tests, as I will explain, take more complex issues such as disclosure and authorization into account.

The technical definition I present is rigid enough to identify the taxonomy that backdoors share in common, but is also flexible enough to allow for valid arguments and discussion.

Continue reading “Backdoor: A Technical Definition”

On Christianity

I’ve often been asked why an intellectual type guy such as myself would believe in God – a figure most Americans equate to a good bedtime story, or a religious symbol for people who need that sort of thing. Quite the contrary, what I’ve discovered in my years of being a Christian is that it is highly intellectually stimulating to strive to understand God, and that my faith has been a thought-provoking and captivating journey.  I wasn’t raised in a Christian home, nor did I have any real preconceived notions about concepts such as church or the Bible. Like most, I didn’t really understand Christianity with anything other than an outside perception for the first part of my life – all I had surmised was that he was a religious symbol for religious people.

Today’s perception of Christianity is that of a hate-filled, bigoted group of racists, a title that many so-called Christians have rightfully earned for themselves. This doesn’t represent Christianity any more than the other stereotypes do, and even atheists know enough about the Bible to know that such a position is hypocritical. Since 1993, I’ve been walking in the conviction that God is more than just a story, that he’s nothing like the stereotypes, and that it takes looking outside of typical American culture to really get an idea of what God is about. In this country, I’ve seen all of the different notions of what a church should be; I think most people already know in their heart who God is, and that’s why they’re so averse to the church.

Continue reading “On Christianity”

On NCCIC/FBI Joint Report JAR-16-20296

Social media is ripe with analysis of an FBI joint report on Russian malicious cyber activity, and whether or not it provides sufficient evidence to tie Russia to election hacking. What most people are missing is that the JAR was not intended as a presentation of evidence, but rather a statement about the Russian compromises, followed by a detailed scavenger hunt for administrators to identify the possibility of a compromise on their systems. The data included indicators of compromise, not the evidentiary artifacts that tie Russia to the DNC hack.

One thing that’s been made clear by recent statements by James Clapper and Admiral Rogers is that they don’t know how deep inside American computing infrastructure Russia has been able to get a foothold. Rogers cited his biggest fear as the possibility of Russian interference by injection of false data into existing computer systems. Imagine the financial systems that drive the stock market, criminal databases, driver’s license databases, and other infrastructure being subject to malicious records injection (or deletion) by a nation state. The FBI is clearly scared that Russia has penetrated more systems than we know about, and has put out pages of information to help admins go on the equivalent of a bug bounty.

Continue reading “On NCCIC/FBI Joint Report JAR-16-20296”

San Bernardino: Behind the Scenes

I wasn’t originally going to dig into some of the ugly details about San Bernardino, but with FBI Director Comey’s latest actions to publicly embarrass Hillary Clinton (who I don’t support), or to possibly tip the election towards Donald Trump (who I also don’t support), I am getting to learn more about James Comey and from what I’ve learned, a pattern of pushing a private agenda seems to be emerging. This is relevant because the San Bernardino iPhone matter saw numerous accusations of pushing a private agenda by Comey as well; that it was a power grab for the bureau and an attempt to get a court precedent to force private business to backdoor encryption, while lying to the public and possibly misleading the courts under the guise of terrorism.

Continue reading “San Bernardino: Behind the Scenes”