Archive for the 'software' Category

Not again… but maybe “never” again?

‍‍א׳ אדר ב' ה׳ תשע״ב - Friday, February 24th, 2012

Really handy tool for cleaning up (another) WordPress base64 injection attack.  It’s not perfect:  I found more junk code, or perhaps the source of my problems, lurking in a directory in my main WordPress directory.  On the other hand, it did a great job of clearing all those damn php junk headers.

This time I have done some hardening of the install beyond new .htaccess files, plus checked my database (but disturbingly didn’t find anything), and added an IDS and some other stuff.  Yeah, should have done that ages ago.  Well, here’s hoping I don’t have to deal with this again… which will require me paying more attention.

photo album down time

‍‍כ״ג חשון ה׳ תשע״ב - Sunday, November 20th, 2011

Sorry. Zenphoto had a gaping security hole and got hijacked. Working on it now.

[3:02am EDIT: fixed. WordPress might have a similar hole. need to check.]

social pimpin’ myself. it ain’t easy.

‍‍כ״ג חשון ה׳ תשע״ב - Saturday, November 19th, 2011

For various reasons, I’m doing the social media thing. It’s a bit of a long game, but I know one girl who’s already worried. And this is just to test that wp autotwits. The other direction, as you may have noticed, works just fine.

but Adam, how do I fix white balance?

‍‍י״ג אייר ה׳ תש״ע - Tuesday, April 27th, 2010

A simple tutorial for a girl I know who asked me the question above – and I didn’t have time to answer cause there was so much to say and she was tired and overloaded and everything.   Time to answer.

I never have enough of that one.

Ok, so you get back from your photo shoot… and all your pictures look orange.


In the old days, you bought film and made choices.  You would choose film speed (ASA/ISO, and perhaps DIN if you were a Nazi or are collecting Social Security), film size (35mm, 120, etc.) negative or slide, color or black and white.  If you chose color you had another choice – what type of light would you be shooting under?

Our brain makes things we know to be white look white under a range of lighting situations.  Film doesn’t have a brain. See, if you were outdoors, there was a film to make a pure white subject look white when lit by (midday) sunlight (5600K); if you were indoors, you could choose film balanced for Tungsten B lights (3200K) and even, and rarely, Tungsten A (3400K).  In an ideal world, our indoor lighting would be at the same color temperature-

-wait. I’m not going to get into the physics here, but you do need to know something about “color temperature” – and this is all you need to know, at least to start.  Those numbers above are in Kelvin (absolute temp= Celsius + 273.15). What heat has to do with any of this is not important.  You just need to remember the following five things:

  1. Sun = 5600K
  2. Cheap, powerful inefficient lights (Photofloods) = 3200K
  3. Expensive, powerful efficient lights (HMI) = 5600K
  4. The lower the number (temperature), the redder, and yes, confusingly, “warmer” the color
  5. The higher the number (temperature), the bluer, and yes, “cooler” the color

Now digital is awesome, because the sensor doesn’t actually see color, so we can make it up as we go along.  We can tell the sensor what to consider white, and then it figures out the rest of the palette from there.  Not only do we not have to worry about having the wrong, uncool film (pun mildly intended) in the camera, but we actually can balance for any temperature light source – not just the three options from the film days (and don’t ask about multiple light sources with different temps in the same shot.  That’s for later.)


This is all well and good – important stuff to know – but your model still looks like a tangerine.  In all your shots.  And she’s already gone home or out to party with the band and do blow.  There is no reshoot.  You accidentally set the camera to shoot for something like daylight, but you were using cheap continuous bulbs from the hardware store and don’t even know what color temperature they are.
You are fucked.

Maybe not.

Now, the following steps will work with JPEG and RAW images, but it is far better to do this with RAW images.  There is no quality loss, and if you have to fix the exposure (because of human vision relating certain colors to luminosity) there is much more latitude and shadow detail to bring back.  For our workflow, we’re going to be using Adobe Lightroom (version 2.7 here), because we want to fix an entire photo shoot’s worth of images.  Photoshop is better suited for in depth correction of a single picture.  We’re going to fix all the shots perfectly – no estimation or guessing – in about one minute – assuming we took one simple precaution.

We’ll get to that.

Let’s have a look at our orange model.

Tangerine, Tangerine

Pretty, ain’t she?  But even she would agree that while warming filters are flattering, she is plenty orange enough without the help.  In fact, not only was this shot screwed, so was this:

This one too.

Hell, the prima donna  won’t even look at us until we have this taken care of.

Not looking at you.

So, let’s fix this.  See, we were careful and using a color balancing card in one test shot.  A 18% gray card would be fine, and another method could use a white card.  (Yes, I was going to do both as you might notice from the Lightroom screenshots, but it’s 3am now [edit: 4:50am])  Gray cards are traditionally used for establishing a exposure level for a section of the image with a reflective (often a spot) meter, however, as they are color neutral and fairly standardized (there are other mixes of gray, but 18% is the traditional choice),  you can use them as the basis for color balancing.

In Lightroom, this is very easy.  Below is a color calibration card set; there is also a pure gray only card, but this is fine – the colors are printed on a 18% gray background.  That’s all we’ll need.  This is a fancy card with at least four ways to do color balance.  Forget that.  This method will work on a $2.49 card.  (In other words, you need this and cost is no excuse.)

An ounce of prevention…

Ok, great you took this shot.  So you can fix this picture because you have a neutral tone that you know. “Wonderful,” you say, “but I need to fix all the shots.  Even the ones with different exposures, lighting angles, and with no pretty calibration card sitting the frame.  What now?” Well, here’s the thing.  Your camera was set to 5400K (warm daylight type fluorescent bulbs).  There was only one source of light in the room – an incandescent light of unknown color temperature.

Since there is only one type of light source, the difference between what your camera expected and what was there is exactly the same in every shot lit by the lamp.  If you needed to drop the color balance by 2,550K (which you will in this example), then all the shots need the same correction, regardless of how much light actually was reflected in the scene and regardless of the color of what reflected it (sorta, but again, that’s for later).

So to clarify – if your camera thinks the white is cool (a high number) and it’s warm (a low number), we’re going to be subtracting.  How did I know that I was subtracting 2,550?  And isn’t this is taking way longer than a minute to explain?

Well.  Now that you know the problem and you have taken the one precaution YOU WILL ALWAYS TAKE IN EVERY SHOOT, that is, YOU WILL ALWAYS HAVE A SHOT WITH THE MODEL HOLDING (AT LEAST) A GRAY CARD WITH EVERY LIGHTING COLOR CHANGE, the rest is very quick.

We’ve imported our shots into Lightroom and from the Library, we see the problem in all it’s ginger glory:

Red Read Red

Ok, so we see we have the important shot right there – a card with our preferred neutral color, 18% gray.  We click on it, and then go to Develop in the top right corner.  This will open up that image alone and give us more and finer tools to use.  When the mouse hovers over the image, it turns into a magnifying glass. We click on the part of the picture with the card to zoom in.  Now, on the right, you’ll see the Basic (very top) panel is open, set to Color (default), and there is a circle with an eyedropper.

Click on the eyedropper.

The tool we need

Now, that the mouse has turned into an eyedropper, we can move around and see the effects of picking various tones as the white balance point in the preview in the top left corner. We just want things “normal.” So, find the most even sample of the gray in the card that you can:

The place we need

And just click… and:

If it ain’t white, it ain’t right…

Now, that looks right.  But I said we would fix all of them in a minute, and even if you went slow, I should have 30 seconds left. More than I need.

While still in the Develop section on the picture we just fixed, right click on the picture (either the big one you just worked on or the small one in the filmstrip), and find Develop Settings/Copy Settings and click…

Where do we go…

Now we are going to take the important development change we made here (the white balance) and copy it.  Hit Check None at the bottom and then check the White Balance box (not suprisingly, the very first option, from an English reader’s perspective).  Click Copy.

Oh where do we go now…

Now that we have the change that we want, the rest is pretty obvious.  Go back to the Library View (top right corner) and select all the pictures that were from the late night photo shoot.  Don’t worry if you have the “fixed” picture in the selection.  We are going to paste a calibration number, not just “subtract” a number from all of the images (but that is the practical effect).

Where do we go…

Now we just do what we did to copy, but instead choose paste –  right click on any of the selected images and find Develop Settings/Paste Settings and click…

Oh where do we go now…

And just like that-

Sweet Child / Sweet Child O’Mine

Our model has her fluffy white hair back in every photograph… and is now ready for you to mess with her colors, but as you choose.

Addendum:  This is the most basic and simple method to get a decent working white balance after the fact.  There is always a gray card around, but it might not be perfectly neutral (though this is more common with the rise of digital cameras).  Color panels and white/gray/black card sets exist for a reason.  I use one of these. I have that with me at all times.  If I know I’m going to really be doing complicated color work with time to set up, this bigger and more versatile card is a lot more flexible (and my colormeter might come along).

Only half the threat – and most of the answer.

‍‍ה׳ חשון ה׳ תש״ע - Thursday, October 22nd, 2009

Today, Slashdot posted a story to the front page regarding a widespread SMC 8014 router/modem vulnerability, allowing access to administrative functions. I would link to the original blog post, but it seems to be slashdotted. (Edit: no longer. I also indulged myself with a comment on the slashdot story and the blog post, both came late in the game. No, I’m not selling anything nor do I get ad revenue.) In any case, this is nothing new. These and similar SMC routers are common in New York and are identifiable in their use of a four digit hex SSID. Naturally, all APs broadcast their Wifi adapters’ MAC address in the clear, allowing for identification of the manufacturer (barring spoofing).

These SMC routers were ordered in bulk with a custom firmware, with some “features” that were put in place to (presumably) assist in over the phone tech support. The firmware enables WEP encryption with a preset key on the network and uses Javascript to disable more advanced features, including choosing WPA. If that wasn’t problematic enough, the WEP key is derivable from the MAC address. Let me repeat that point as clearly as I can.

The preset WEP key is derivable from the MAC address that is broadcast in the clear.

That last part is trivial, and I’m not going to give out (what I hesitate to call) the algorithm.

But wait, there’s more. One of the advanced features disabled by the Javascript hack is the ability to change the WEP key. I was not vulnerable to this (I use a different service with my own hardware), but a friend was -which allowed me to do a bit of work on these routers and their deployment. We were told (July 2008) by a customer service rep that changing the WEP key was not supported for the end user – even after I asked my friend to claim that she thought someone had her “network password” (which was technically true).

Ironically, the vulnerability mentioned in the Slashdot article is the means to secure the router: by using various techniques (disabling Javascript, Greasemonkey, etc.) you can restore these functions: changing the mode of encryption, the key, and the administrative values.

SMC is not the only company to have sold these gelded all-in-one routers to bulk telecom customers; nor is Time Warner the only customer to deploy them. In a private discussion sharing these findings with some westcoasters at Defcon in Aug 2008, I was told there was an L.A. telecom doing exactly the same things – mass deployed routers with predictable keys and a broken firmware that prevented a fix.

15 minutos de fama : the odd consequences and burdens of educated speech.

‍‍י״ב תמוז ה׳ תשס״ט - Saturday, July 4th, 2009

It is a curious effect of copy and paste, of quote and translation.  Today, one can easily find fifteen minutes of fame, in the most literal of senses.  This is not news.

The oddity is that you can find that you were famous months after the fact.

Back in February, when Facebook was considering some controversial TOS changes, I was (apparently) early in joining one of the the Facebook protest groups.  Now admittedly, I did care about the TOS issue: I posted items and used my status message to try and raise awareness.  I made one or two wall posts in said protest group.  Mostly, I wanted to clarify that the TOS wasn’t seizing copyright ownership, but the distribution license had onerous consequences.  I then said that in response, I deleted my uploaded photographs, save a profile picture or two.

Now, mind you, I have no precise idea what I said : after Facebook abandoned the proposed terms, I quit the group.  With many such Facebook groups having been formed, and hundreds of thousands of users joining them, and in turn, generating thousands of posts and threads, my original is sufficiently misplaced.

None of this would be of any interest to me – or to any right thinking individual – but for the curious addendum.  A couple of weeks ago, I googled variants of my name to see where this site was showing up.  Lo and behold, by page three, nearly all the links were in Spanish.  This was of particular curiosity to me, as my Spanish aptitude never progressed beyond some Fs and Ds in high school classes.  (Immersion methods do not work well with me, unfortunately, it took me years to figure this out and learn what does.  Another story for another time.)  Apparently, some tech writer for the EFE news service needed a quote for his piece on the TOS changes – and the user response – and quoted me.  In turn, this article was reposted and quoted by aggregators and blogs across the Latinternet.  This happens, nothing special.  However, since the original quoting was translated into a language I don’t speak or read, I had no idea until May, despite the EFE being the fourth largest news agency in the world.

Now, I cannot be certain why the original author quoted me (and I should point out, that while I don’t recall the precise wording, the translation entirely correlates with  my recollection of what I wrote) but I suspect it is because:

  • I wrote with a reserved, educated tone.
  • I separated my understanding of the situation from my response.
  • I sounded like I knew what I was talking about.
  • I am from New York.

To invoke a bit of Cialdini, the first two strike me as social liking through identification.  The first point results in a tone similar to modern journalism, and not only garners the sympathy of a writer accustomed to the style, but in using a similar style, it fits smoothly into a newspaper piece.  Similarly, the second is akin to an editorial response or, more liberally, the conclusions of a reporter.

Coupled with the a writing style, (I’m glad the reporter kept the “permissive and perpetual” bit in Spanish – I liked it enough to remember) simply sounding like I had read the new TOS and was capable of calmly correcting others probably secured me a air of authority.  Finally simply being from New York (my primary Facebook network), which the reporter did specify in the quote attribution, is both identifiable and desirable from a global perspective.  This is certainly liking and authority at play – a well spoken, informed, urbane “expert” from an international city says… – but also maintains a smooth flow for the reader who already has some idea where New York is, as opposed to stopping to wonder what or where Buffalo is.

Still, this story is just a an anecdote, a curiosity of a google search, and the subsequent analysis somewhat facile and obvious.  The lesson is not:  if you choose to write with a certain style, you will “speak” louder than others in a written medium.  Make sure that you want those words repeated: if you write well-formed drivel or masterful and erroneous prose, you may find the echo much louder than expected and the ringing criticism deafening.

This is the burden of educated speech, whether educated in fact or in tone: if you write with care, have a care with what you write.