Sunday, September 25, 2011

Getting pictures in focus with a DSLR (digital SLR) in a nutshell.

Higher-end cameras have a number demarcated by the letter "F" that one can set to change the size of the opening (called the iris) that lets light onto the sensor. High numbers make the iris smaller. Optical physics aside, the higher the number, the more of the picture will be in focus and the more light you will need. Likewise, the higher the shutter speed, the more will be frozen in time and the more light you will need as well. So, if you want to capture something that moves fast and have it completely in focus, you need a ton of light, a high F number and a high shutter speed number. Note that a particular lens only supports a particular range of F numbers (called F-stops). You don't have a huge amount of light usually. So you have to find ways to compromise and/or cheat. One way to do this is to use a flash, but that can scare butterflies. Another way is to set the camera to do more processing. This number is demarcated by "ISO". My SLR goes from 200 ISO to 1600 ISO, if I recall correctly. New ones go to 12500! The higher the number, the less light you need, and the more you rely on the camera processor and the quality of the light sensor. Thus to get a nervous butterfly on a cloudy evening, you need to higher-end camera so that you can set the shutter speed, F-stop, and ISO numbers really high, and still get a photo that's not grainy.

Wednesday, September 14, 2011

A note of caution: Password Checking Sites.

  Recently, several people have sent me links to check the strength of my password like this: https://www.grc.com/haystack.htm. There is a saying today that if you are not paying for a product, you are the product. Since I haven't seen any independent organization that has audited the code of these sites to prove that they are not also collecting passwords, we must trust that they do not keep copies the entered passwords or their hashes. Either these sites all have a large amount of altruism, or they are creating the most precise rainbow tables [1] available on the market.  There's nothing like doing statistical analysis on a general rainbow table with real passwords to hone its accuracy. Placing blind trust in a 3rd party with one's passwords is never a good idea. I don't think any bank representative would recommend typing one's account password into an un-audited website to check its strength.
  If you run one of these sites and have had such an audit, please let send me a link to the audit and a link to the organization that did the audit. I will include them here.


[1] Rainbow tables are conveniently structured databases of known password information used for efficiently cracking passwords. http://en.wikipedia.org/wiki/Rainbow_table


keywords: hacking, cracking, passwords, security