Getting Exposure Right
Norman Koren has simplified Ansel Adam’s zone system so that even amateur photographers can learn how to use zones for making good exposures. Today’s automatic light meters do a fairly good job even in under some challenging conditions, but when they fail, it is important to understand why. Norman’s article teaches you how to get exposure right using a typical spot meter. With digital cameras, this can be surprisingly important at times.
2005-03-22Pete Myers: Making Images – Not Taking Images
The Luminous Landscape again provides us with an interesting article about photography. Pete Myers shows that postproduction can really be a major part of a good photograph. Of course, he does take it to extremes. Read up on how to make images in postproduction.
2005-03-21X-bit’s Guide: Contemporary LCD Monitor Parameters and Characteristics
While considering what LCD to buy, or at least try out, I kept running into tests describing how worthless the manufacturers’ data is. Then I found an excellent article about contemporary LCD monitors on X-bit labs.
From best to worse, current LCD technolgies rank as follows. S-IPS, PVA, MVA, TN. Unfortunately TN monitors are cheap and have a very fast “apparent” response time, so they have almost taken over the market for low-end LCD’s. S-IPS are great, but a bit slow. MVA and PVA suffer from bad response times between shades of gray, and TN just sucks in color reproduction and viewing angles. If you need to work with color beyond surfing the web, avoid TN.
[/computing/hardware] permanent link
2005-03-18Eizo FlexScan L778
So it turns out that the L797 really is nice, but does cost a fortune compared to other 19" LCD’s. More than I can reasonably spend, anyway. I decided to order the FlexScan L778 instead. Color reproduction is probably much worse, but it will allow me to get rid of two CRT monitors and a pair of separate speakers. The response times for the L778 seem to be quite good, due to technology that Eizo has borrowed from LCD TVs.
If the color reproduction isn’t good enough, I can always send this one back and reconsider investing in the L797.
[/computing/hardware] permanent link
2005-03-15Unicode Security Considerations
Back in 2000, Bruce Schneier described some potential security risks related to Unicode. He was right, and several real attacks have utilized broken unicode parsers to bypass security. Now the Unicode Consortium has released a draft technical report which describes some of the risks and also offers advice to implementers.
One way to misuse Unicode is to use characters that appear virtually the same on screen if a small font is used. This has been used to spoof web site addressess using IDN, but other ways of using “visual spoofing” are also possible.
[/security/masquerading] permanent link
2005-03-13Dan's Mail Format Site
I ran into a fairly extensive site about email formats and formatting, by Dan Tobias. It will tell you everything you never wanted to know about email, but also how to avoid sending emails that some recipients may not be able to read. Higly recommended for those who have too much time and an urge to find out a bit more about email.
[/computing/internet] permanent link
2005-03-11MD5 heads for retirement
Vlastimil Klíma has alledgedly managed to create a very efficient tool for finding MD5 collisions. A slow (1 GHz) home PC was able to find collisions on average in 4 h 11 min. The attack works for any selected IV, and is a real threat to any persistent MD5 signatures.
Arjen Lenstra, Xiaoyun Wang and Benne de Weger have announced a pair of valid X.509 certificates with an identical signature. Essentially this means that any certificate chains that have MD5 signatures in them are suspicious.
[/security/crypto] permanent link
2005-03-09Discussing lockpicking
Matt Blaze has stirred up quite a discussion in the locksmith community by publishing attacks on real (physical) locks using cryptoanalytic techniques. This has brought back the discussion about disclosure of security problems to the locksmith profession. Interestingly enough, as Matt Blaze points out, the locksmith profession used to favour disclosure.
Toool has published an interesting attack on locks that use pins. It turns out that the more expensive locks are actually easier to open–provided that they are vulnerable to the “bumping” attack described.
[/security/lockpicking] permanent link
2005-03-08Eizo FlexScan L797
Every now and then I have been looking for an LCD monitor that would match my needs. I want a monitor with good color reproduction for working with digital images. Unfortunately, I also want to be able to play FPS games with it. Combining the two has not seemed to be possible sofar, because good color fidelity has meant bad response times.
Enter the Eizo FlexScan L797. According to the press release Eizo targets graphics professionals with this 48 cm (19") S-IPS LCD display. However, For applications such as 3D CAD that require frequent zooming in/out and rotating of images, the fast response time eliminates ghosting or streaking, even in detailed linear drawings. It comes with a response time that is listed as 20 ms (typical), but Eizo claims that this response time is valid for almost all transitions. That is actually better than many ordinary 12 ms displays. If the claim is correct, I believe Eizo may just have a winner on their hands.
I have not yet been able to locate a unit on display anywhere, as availability seems to be fairly poor in Finland. Prices in Germany right now are slightly above the 1.000 € mark, which unfortunately means it is going to be ridiculously over-priced in Finland at first.
[/computing/hardware] permanent link
2005-03-07Do not use weak cryptography
Yet another example of weak proprietary cryptography has recently received a fair amount of attention. This time, it is an TI RFID implementation that uses a 40-bit key. Result: Car immobilizers can be bypassed, fuel can be bought on someone elses account.