Nikon – Jupiter Broadcasting

Linux Photography in Focus | LAS 372

chris — Sun, 05 Jul 2015 16:25:42 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

From total beginner to photo pro, we’ll share workflow tips, tools, tricks & backup techniques to super-charge your photography workflow under Linux.

Plus the Pinos project promises to bring PulseAudio to video, how DirectX11 is coming to Linux, the Yotaphone upset, OwnCloud dreams & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Perfect Photo Workflow with Linux

Brought to you by: O’REILLY OSCON

Prepare your Monitor:

Color management

Getting the photos into Linux:

Rapid Photo Downloader

Rapid Photo Downloader for Linux is written by a photographer for professional and amateur photographers. Its goal is to be the best photo and video downloader for the Linux Desktop. It is free software, released under the GNU GPL license.

Quick Sorting of Photos:

gthumb

gThumb is an image viewer and browser for the GNOME Desktop. It also includes an importer tool for transferring photos from cameras.

Tweaking your RAW Pictures:

RawTherapee Features

HDR Photo Editing:

LuminanceHDR

Luminance HDR is a graphical user interface (based on the Qt5 toolkit) that provides a complete workflow for HDR imaging.

HDR Photography on Linux | LAS s30e06

Photo Organization

darktable | the photo workflow software

darktable is an open source photography workflow application and RAW developer. A virtual lighttable and darkroom for photographers. It manages your digital negatives in a database, lets you view them through a zoomable lighttable and enables you to develop raw images and enhance them.

Corel AfterShot Pro

Say hello to the world’s fastest RAW photo-editing software. Corel AfterShot Pro 2 is changing the way the world works with RAW, with 64-bit performance that’s 30% faster than AfterShot Pro 1 and up to 4x faster than the competition. AfterShot Pro 2 is the best way to unlock the freedom and flexibility of shooting RAW. With unparalleled speed and power, and a sleek new interface, AfterShot Pro 2 is a RAW converter, non-destructive photo editor and complete high-speed photo manager in one. Whether you’re batch processing thousands of RAW images, or making detailed adjustments to your latest prize-winning shot, AfterShot Pro 2 gives you the tools to quickly take complete control over every aspect of your photo workflow.

Photo Backup Under Linux:

SpiderOak

SpiderOak ONE is the leading private backup solution and is 100% Zero Knowledge. Get a ton of space for only $12 a month. Plans starting at $7 a month for 30GB and up to 5TB.
Pay monthly or annually. Upgrade, downgrade or cancel at any time.

Grsync rsync GUI interface frontend for Linux, Windows and Mac OS X

Grsync is a rsync GUI (Graphical User Interface). Rsync is the well-known and powerful command line directory and file synchronization tool.

— PICKS —

Runs Linux

The NSA XKEYSCORE, Runs Linux

This global Internet surveillance network is powered by a somewhat clunky piece of software running on clusters of Linux servers. Analysts access XKEYSCORE’s web interface to search its wealth of private information, similar to how ordinary people can search Google for public information.

Desktop App Pick

digiKam

digiKam is an advanced digital photo management application for Linux, Windows, and Mac-OSX.

The people who inspired digiKam’s design are the photographers like you who want to view, manage, edit, enhance, organize, tag, and share photographs under Linux systems.

You can take a look into the digiKam Overview page to take a tour or the Features page to see more advanced information about.

Weekly Spotlight

OpenMediaVault 2.1

Using Sencha ExtJS 5.1.1 framework for the WebGUI

Add a new dashboard and widgets

Many internal improvements and bugfixes

Improved the internal network interface backend

Add Wi-Fi support. Only WPA & WPA2 is supported

Add VLAN support

The network interface configuration page has been modified. Now only the configuration values are displayed. Use the dashboard widget to show the state of all network interfaces.

The public key of the user must now be specified in the RFC 4716 SSH public key file format. It is possible to add multiple keys.

Option to turn off the collection of system performance statistics.

Use the browser local storage to store the WebGUI state (e.g. displayed grid columns, column width, …) instead of cookies.

The whole changelog for 2.1 can be viewed here.

— NEWS —

Introducing Pinos

So what is Pinos? One of the original goals of Pinos was to provide the same level of advanced hardware handling for Video that PulseAudio provides for Audio. For those of you who has been around for a while you might remember how you once upon a time could only have one application using the sound card at the same time until PulseAudio properly fixed that. Well Pinos will allow you to share your video camera between multiple applications and also provide an easy to use API to do so.

ownCloud 8.1 Coming Soon

The first release candidate of ownCloud 8.1 is ready for testing. This release will bring many performance improvements, Encryption 2.0 and much more. If you’re an avid ownCloud user, this is the time to test the upcoming release and make sure it can deal with your specific installation. Get the release on the ownCloud website.

Yotaphone Adopts Sailfish – Drops Android

Today the news has it for us as Yota Phone, the recently famous Russian [Android] phone manufacturer with their revolutionary “two-faced” phone has dropped their near-stock Android OS in favor of our beloved Sailfish OS which has raised a fair bit of keyboard warriors to attack the comments section on some websites saying things like “Why dumping the most popular OS in the world for the least popular?” Uh, excuse me as your most popular OS (Which I admit I am an Android user alongside Sailfish) does not care about user’s privacy and wants to send everything directly to that famous and most hated agency in the world! (NSA)

No, the Yotaphone Isn’t Switching From Android to Sailfish | Ink, Bits, & Pixels

Codeweavers On DX11 in WINE, Steam Machines & Porting

The recent news of WINE/Crossover supporting DX11 is significant, because up until now there were no FOSS solutions to get such support. Sure, the eON wrapper from Virtual Programming was one commercial option for game companies to develop ports for Linux, but it was not available for end users. With WINE supporting DX11, this opens up a whole new library of recent Windows games for the Linux platform.

Feedback:

https://slexy.org/view/s20WLp24uc
https://slexy.org/view/s20m3WT5Ht
https://slexy.org/view/s2id0khdx7

+https://slexy.org/view/s200YWzDGL

Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post Linux Photography in Focus | LAS 372 first appeared on Jupiter Broadcasting.

A Simple Mistake | TechSNAP 4

chris — Sun, 08 May 2011 22:23:52 +0000

The guys focus on the recent major network compromises, and outages – and what was at the core of their failure. Like Sony’s PSN and SOE attacks, and the recent Amazon EC2 outages. What do these very separate events have in common?

Find out what simple mistakes snowballed into full-on network meltdowns. Plus the EU’s nutty plans to convince websites to prompt every user to sign a EULA for their cookies!

[ad#shownotes]

Show Notes:

Topic: SOE Breached as well, 24 million records stolen

https://www.soe.com/securityupdate/
https://www.joystiq.com/2011/05/02/sony-hit-with-second-attack-loses-12-700-credit-card-nu/
https://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html

Old database from 2007 compromised, 12,700 credit cards with expiry dates and 10,700 direct debit accounts
- Old data was not destroyed, why?
- Was this data not encrypted, as sony claims the PSN credit card database was?
- most of these cards are likely expired, but some banks use extended expiration dates
- direct debit accounts are likely more at risk, although harder to exploit
Sony says that PSN and SOE are isolated systems, but it seems the attacks are related
Data was stolen as part of the original compromise on April 16-17th (earlier than previously reported), not a separate compromise
If the data is separate, how were both databases compromised?
If the data is not isolated, why were SOE customers not notified weeks ago when the breech was discovered? More attempted cover-up by Sony.
SOE passwords are hashed (no specifics on algorithm or if they were salted)
Data includes: name. address, e-mail, birthdate, gender, phone number, username name, and hashed password
Unconfirmed rumours that the credit card lists have been offered for sales or to Sony
Sony offering customers from Massachusetts free identity theft protection service, as required by state law in the event of such a breech
It later came to light in congressional hearings in the US (which Sony declined to attend) that Sony was using outdated, known vulnerable software, and that this fact had been reported to them by security researches months before these attacks
Sony says that it has added automated monitoring and encryption to its systems in the wake of the recent attacks.

Topic: Wikileaks may have forced the US Government’s Hand

https://www.guardian.co.uk/world/2011/may/03/osama-bin-laden-abbottabad-hideout
https://www.documentcloud.org/documents/87933-interrogation-file-of-abu-faraj-al-libi.html#document/p5/a17091

US knew that someone was hiding in the compound since at least last summer
US was unsure who was in the compound, believed it was UBL but were unsure, and unwilling to risk disclosing the depth of their penetration of the oppositions security
Classic Intelligence Paradox, what use is having the information if you cannot use it, but using it will expose your sources and methods.
The wikileaks release of Guantanamo documents exposed the US’s penetration of UBL’s courier network
US likely decided to move immediately to avoid squandering the opportunity

Topic: Stupid EU law of the week

https://www.bbc.co.uk/news/technology-12668552
https://translate.google.com/translate?sl=sv&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.idg.se%2F2.1085%2F1.382570%2Fexpertpanelen-ny-lag-om-hanteringen-av-cookies

Basically will result in users being met with mini-EULA asking you to opt in to cookies in order to enter every site on the internet
Law has a specific provision to allow cookies to be used to track the contents of your shopping cart
Cookies are an important part of web applications. HTTP is stateless, and cookies are the easiest and most convenient way to maintain state
Controls for cookies are best left to the browser, which decides and enforces policies on cookies
There already exists the ‘same-domain’ policy in all browsers, cookies can only be read by the site that set them
There exists a better alternative already supported by Google and Mozilla, the DNT (Do Not Track) opt-out system asks advertisers to not use or not collect behavioural data. Google’s system works slightly differently but accomplishes the same goal.
This is yet another example of governments passing laws without considering the technical implications of their implementation. Governments seem to purposefully avoid consulting actual experts and instead hire consultants that will agree with their position.

Topic: Image authentication system cracked

https://blog.crackpassword.com/2011/04/nikon-image-authentication-system-compromised/

https://www.nikonusa.com/Nikon-Products/Product/Imaging-Software/25738/Image-Authentication-Software.html#tab-ProductDetail.ProductTabs.Overview

https://www.elcomsoft.com/canon.html

Digital SLR camera technology that signs photos with a private key when they are taken to allow their originality to be verified.
The image and the meta data are both hashed with SHA-1 (this is possibly insufficient, SHA-256 or better should be used for cryptographic security and future proofing)
The two hash values are then encrypted separately using a 1024-bit RSA key (again, insufficient key size, even SSL requires 2048 bit keys now) and stored in the EXIF data
The verification software then validates the signature and compares the hashes
Very similar system with similar flaw found in the Canon Original Data Security system. Neither Canon or Nikon have responded nor indicated they will address the issues
ElcomSoft managed to extract the private key and sign forged images that then passed verification
It seems all Nikon cameras use the SAME key, not separate keys per camera, so once the key is exposed, the entire system is compromised, not just the single camera

Topic: Amazon Post Mortem, some data loss

https://www.businessinsider.com/amazon-lost-data-2011-4
https://aws.amazon.com/message/65648/

Original failure was caused by network operator error
Failure caused some data loss, a small portion but still significant
- Online cloud services such as Chartbeat lost data
Replica system had no rate limiting, so when a large number of EBS volumes failed, the creation of replicas to replace them overloaded the centralized management system (the only shared part of the EBS infrastructure)
All Availability zones ran out of capacity, new replicas of data could not be created
EBS nodes that needed to create replicas as well as EC2 and RDS nodes backed by them became ‘stuck’ waiting for capacity to store replicas. Effected about 13% of all nodes in the availability zone.
Create Volume API calls have a long timeout, caused thread starvation as the requests continued to back up on the shared centralized management system (EBS Control Plane)
The overload of the control plane caused all EBS nodes in US-EAST to experience latency and higher error rates
To combat this, amazon disabled all ‘Create Volume’ API calls to restore service to the unaffected Availability zones
EBS control plane again became overwhelmed with other API calls caused by the degradation of the effected availability zone, all communications between the broken EBS volumes the control plane were disabled to restore service to other customers
Lessons going forward:
- Rate limiting on all API calls
- Limit any one availability zone from dominating the control plane
- Move some operations into separate control planes in each availability zone
- Increase stand-by capacity to better accommodate growth and failure scenarios
- Increase automation in network configuration to prevent human error
- Additional intelligence to prevent and detect ‘re-mirroring storms’
- Increase back off timers more aggressively in a failure scenario
- Focus on re-establishing connections with existing replicas instead of making new ones
- Educate customers about using multiple-AZ (Availability Zone) setups to reduce the impact of partial failures of the cloud
- Improve communications and Service Health Monitoring tools

Download:

The post A Simple Mistake | TechSNAP 4 first appeared on Jupiter Broadcasting.