A while ago I cataloged my photo's in
iView Media Pro (now property of
Microsoft). It took me hours to do this, and it still needed some finetuning.
Somewhere along the line, I decided to switch to
Adobe Lightroom for some weird reason. The actual importing of the photo's was quite easy, but somehow I wasn't able to import the metadata I had attached to the photo's. So this meant that I had to do this all over again. This time it took me hours without a couple of minutes. I did it a bit faster because of the more intuitive interface. Man, tagging sucks. I must remind myself to do this everytime I add new images.
Next time when I have an epiphany about changing image catalog/management tools I might want to read this as a discouragement.
B.t.w. the reason for changing from iView to Adobe was the better collaboration between the OSX and Windows versions. Somehow iView lacked this, even though it was available on both platforms. iView used absolute path to the images in the catalogs. As far as I can see, Adobe uses relative paths if you exchange catalogs. Anyway I exported, and imported several catalogs between the platforms and so far everything worked.
BorderMaker is a tool for creating borders, watermarks etc on digital images. The nice part is that it comes in a Windows version (written in Java) and a cross-platform version (JAR file). It's a pretty versatile tool and it's for free :).
The cross-platform version works on Apple OSX, but has the limitation that the EXIF information gets lost. On Windows the supplied
jhead.exe program works without any problems. On OSX, the .exe file (obviously) won't work. Thankfully, there is a
OSX compiled version available. The program (jhead) itself works like a charm, but won't work from the BorderMaker interface (under OSX).
./jhead -te "${src_file}" "${dest_file}"
The parameters ${src_file} and ${dest_file} generate errors. When the command is executed from the command line, everything works (with the variables substituted with the real filenames).
Currently I use a workaround on OSX by executing jhead after I have created the 'bordered' images wit the command
explained on the jhead website;
jhead -te "originals\&i" *.jpg
Wordpress.org release version 2.3 of their blogging software. Lot's of improvements, so time to upgrade.
The upgrade itself was pretty straight forward. First backup everthing. Second, upload the new files and run the upgrade script. After that it was business as usual.... Well not quite.
I needed to alter my theme to allow widgets etc., and that wasn't that easy. Especially since I'm not that familiar with PHP. Finally I got most of my plugins up and running.
The only thing that won't work is the Rich Editor. When I want to create a link the 'window' doesn't appear. Only a white placeholder appears.
UPDATE: Oke, I found the cause of the white placeholder after some deliberation on things I did the last hours. Apart from the upgrade on wordpress I didn't do much. I did however play with OpenID for a couple of minutes, and installed the VeriSign OpenID SeatBelt extension for FireFox. After disabling the extension everything worked just fine.
I wonder if this is an extension, TinyMCE, or a FireFox problem?
A while back, I was asked if it's possible to fake a VeriSign issued SSL certificate. In theory, this is possible (if you have like unlimited resources), but on the practical side, it's impossible. It is possible however to create a CA which resembles the VeriSign root up to some level.
Everything, apart to some 'details', can be forged. Name, serial number, timestamps, additional fields etc., can be created by OpenSSL and a special crafted config file. It's just finding out how to do it. The tough (and this is a definite understatement) part is the thumbprint, and the public key.
The public key is generated by cryptographic algorithme (along with the private key), and it's impossible to 'regenerate' this. But for the casual user, this is not a problem. For a normal user it's pretty hard to tell the original from the fake CA certificate, since only details are different. Also, these differences are unreadable pieces of hexadecimal strings.
So all you have to do is to persuade the user to trust the new (and improved) VeriSign CA, and every site he visits may be fraudulent (and probably is).
The following sections contain the real certificate from VeriSign, and the fake one. Now you figure out which one is the real one.
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
Signature Algorithm: md2WithRSAEncryption
Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Validity
Not Before: Nov 9 01:00:00 1994 GMT
Not After : Jan 8 01:00:00 2010 GMT
Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1000 bit)
Modulus (1000 bit):
00:b8:93:ae:c9:5e:c7:8a:9e:97:c7:c3:32:00:73:
45:54:03:db:29:e2:13:4b:7b:78:6e:57:69:b3:c8:
77:a4:a7:48:40:51:99:1b:86:9f:f2:e7:8d:34:40:
fc:99:91:ac:ed:2e:07:7b:da:f6:97:b3:e7:63:2c:
7c:14:c4:8a:61:8f:e4:96:02:40:40:e4:ba:9a:bb:
6a:cb:d9:75:78:00:b7:5f:b3:ca:1b:a8:1f:6b:5b:
44:e3:65:04:72:98:55:5c:fb:e2:2d:bc:46:eb:c7:
44:78:5c:bf:9a:b4:a3:19:a5:d9:17:47:87:bb:73:
12:60:b9:77:18:59
Exponent: 65537 (0x10001)
Signature Algorithm: md2WithRSAEncryption
61:29:b8:7b:55:3b:c6:c7:7c:ed:86:73:b8:30:4a:02:c0:93:
79:06:83:39:f2:9c:9e:40:ca:42:e6:7f:12:e2:7c:22:d3:2b:
d6:8f:a7:d9:a4:93:20:09:9a:6b:26:71:65:bb:ff:dc:70:fb:
d9:5c:a2:34:c6:88:00:ec:51:8a:65:75:53:d4:18:a3:38:f5:
d3:61:14:7b:8f:e4:d2:b3:fe:39:45:7a:4d:ec:f5:35:61:d7:
22:9a:2c:1a:c8:d2:f7:d1:55:4d:02:83:cc:f0:fc:5c:32:a9:
49:d3:d2:2c:5a:c9:b8:9f:b5:d7:7f:3a:9a:b5:d8:55:9d
And the second CA certificate
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
Signature Algorithm: md2WithRSAEncryption
Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Validity
Not Before: Nov 9 00:00:00 1994 GMT
Not After : Jan 7 23:59:59 2010 GMT
Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1000 bit)
Modulus (1000 bit):
00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
dd:2d:d6:c8:1e:7b
Exponent: 65537 (0x10001)
Signature Algorithm: md2WithRSAEncryption
65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
After creating the CA, I made the SSL certificate (some data has been obscured).
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:b6:68:61:a3:c7:c5:ca:a0:b8:4f:09:c1:97:0e:f4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
Validity
Not Before: Apr 18 15:17:43 2007 GMT
Not After : Apr 17 15:17:43 2008 GMT
Subject: C=NL, ST=Noord-Holland, L=Amsterdam, O=###########., OU=#####, OU=Terms of use at www.verisign.com/rpa (c)00, CN=www.#######.nl
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b5:b7:78:80:6f:a9:3d:d0:d8:99:8e:0c:d3:34:
f2:95:d5:1b:a4:30:44:45:6c:11:71:9b:dc:ae:b7:
3c:1e:0a:5b:81:2d:bd:e6:be:34:cb:7c:e2:de:5f:
20:1f:df:0d:36:ad:83:74:64:b7:52:34:10:f0:bd:
72:09:cf:31:84:77:81:c1:01:16:1d:a5:e9:58:27:
8f:f6:ea:20:15:04:e6:b9:40:d0:16:3f:b9:f3:cb:
06:75:9c:2c:93:d1:55:6e:04:f0:e1:43:6b:53:16:
39:ee:b3:84:62:02:eb:f8:f0:df:74:f4:da:6e:3a:
8a:6b:4a:ab:be:c1:16:9e:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
URI:http://crl.verisign.com/RSASecureServer.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa;
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
1.3.6.1.5.5.7.1.12:
0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif
Signature Algorithm: sha1WithRSAEncryption
87:d1:47:c7:ea:59:18:9c:8d:e6:17:53:9c:76:d4:fb:bb:ce:
ab:ab:3f:8a:a6:74:98:67:86:53:39:79:98:62:89:e5:07:27:
73:db:65:9f:10:8c:51:6e:ca:bc:cb:25:46:49:49:8f:0c:b4:
2c:f8:3b:47:95:c2:ba:8c:5e:d8:54:52:83:d5:4d:ed:b2:95:
0b:62:13:1e:9a:61:7c:97:b7:f9:02:52:7a:4f:7a:c6:19:f3:
80:3a:99:6e:27:5b:b2:b8:80:c1:43:d1:b9:0b:9f:02:26:9c:
50:39:a1:18:82:cd:cd:89:dd:ca:5e:e1:52:02:ab:bf:b1
The second CA is the real thing. The first one is the fake CA.
So all you have to do is to persuade the user to trust the new (and improved) VeriSign CA, and every site he visits may be fraudulent (and probably is). Or just infect him/her with a trojan to insert the CA for you.
The 'fun' part is that if you should replace the actual (original) VeriSign CA in your crypto store you get warnings/error messages which aren't very clear. The OS/Browser tries to 'tie' the SSL certificate to the CA, but not everything seems to add up :).
Yesterday, I bought a new piece of glass for my camera. I had two on my radar, but only enough money to get one. The contestants were:
And the winner is: the Sigma 10-20mm. A very nice ultra wide-angle lens. I guess that the Nikkor has to wait a couple of weeks.
You can see some other images I shot today on my
Flickr page.
OK... Disaster struck... Yesterday morning I had a flashing DSL LED on my DSL modem. Flashing ain't good. A stable green light is good, flashing is bad, very bad. Flashing means it tries to connect to teh Internets, but it can't.
Thankfully, I have a nice neighbor with no encryption on his wireless. Downside is that I need to sit in the hallway to use it. Hopefully the problem will be fixed tomorrow. If not you might be reading this somewhere next week (if ever).
UPDATE: Well things are improving (a very tiny little bit). Statistics show, that the website is available 15% of the time instead of 2%.
An optimist would say; 'an improvement of 750%'. My opinion is not that optimistic I might say......
UPDATE#2: No idea what's wrong with the Internets connection. Last night it downloaded three movies worked without any problems. This morning I had to switch it off and on to get it going again. I must say that the modem itself is running awfully hot. In the mean time I have two different types of modems in spare (510i and a 546i). Strange thing is that the logs show disconnections due to idle time?? Idle? The thing hasn't been idle ever since I installed it.
UPDATE#3: Well, the techies suggested a downgrade path to check if it might help. Off course, I'm against this. This means slower lines, slower downloads etc. It's like going back to the digital stone ages. Furthermore, it worked perfectly over the last 7 years.... The performance didn't degrade over time. The performance just said 'poof'.
Anyway, in the meantime I'm back to 4Mbps, and things seem to look good, but it also looked good yesterday. So until further notice this website might be online (or not, or whatever).
Back in the old days, when I was struggling on the Windows platform, I used Nikon Camera Control with my nikon D100. Great tool for experimenting. Downside was that the D100 had a USB 1.0 interface, so it took forever to download the images.
During the transition to the Mac I found the OSX version, but it was only available for the PowerPC platform.... until recently. Version 1.3.x is Intel compatible, so now I can unleash the tool on my MacBook Pro.
Note: v1.0 installs on an Intel Mac, but it DOESN'T run. You need to upgrade it before you run it.
Too bad though that the D200 doesn't have a
LiveView kinda feature.
Apple had scheduled a special event in London this Tuesday (September 18th). Rumors are that the European
iPhone is being announced.
As you might have read, I started saving money for 'my' iPhone when it's arriving here in Holland. But I'm not so sure any more.
First, my cellphone provider (
KPN) isn't mentioned (yet) among those who MIGHT sell it.
Second, the phone must be simlock free (see the first reason), because I already have a SIM, with all the goodies enabled (GPRS, UMTS, HSDPA, etc.), and it's being 'paid' for by my employer.
Third, I kinda like my
Nokia E61i. It's got a keyboard. I can surf the web, and access my (private) e-mail. And ever since I got the Nokia, I haven't watched a single movie on it, or listened to a mp3 (on the phone).
Guess I'll be saving my money for a
iPod touch. Just in case my
iPod photo (20GB) goes up in smoke.
Yesterday, Apple Launch a complete new line of music players. Every player is renewed. The biggest changes are:
As I might have mentioned my 'old' iPod Photo 20GB is acting up, so I was kinda going to buy me a new one, but which one do I want? The
iPhone touch is just gorgeous, but the iPod Classic holds ton's of music and video's...... *sigh*.
Guess I have to let fate decide....
