Planet NYLUG

Combinatory puzzle

2012-02-05T18:12:10+00:00

While working on explaining the Enigma machine to a group of students, I needed to do some math to figure out in how many ways 6 pairs of characters can be selected from the alphabet (a-z). Normally this would be fairly straightforward, but there are some complexities:

- The order within each pair does matter, but the order of the pairs does not.

- Once a character has been chosen as the first character in a pair, it cannot be the same character in any of the other 5 pairs.

- Once a character has been chosen for the second character in a pair, it cannot be chosen as the second character in anyh of the other 5 pairs.

These restrictions are most easily illustrated by an example:

(a,b) is not the same as (b,a)

(a, a) is allowed

( (a, b) (c, d) ) is the same as ( (c,d) (a,b) )

( (a, b) (a, c) ) is not allowed

( (a, b) (c, b) ) is not allowed

how many different ways to select pairs are possible?

Sessions: Diana at Lankester Gardens

2012-01-26T15:31:00+00:00

Recently took a trip to Lankester Gardens to take photos of Diana

I really love the photo above. The following photos were taken on film.

-LM

Permalink | Leave a comment »

Sessions: Karol at Lankester Gardens

2012-01-24T17:38:00+00:00

Recently had a session with a couple of friends and we took the trip to the Lankester Gardens in Cartago

Karol has been featured before on this blog and it's always awesome to take photos of her and her interesting clothing designs

First two photos were taken digitally and the following photos were taken on film

Really like the Lankester Gardens as they offer quite a lot of different places where photos can be taken

More photos will be posted later this week.

-LM

Permalink | Leave a comment »

TED, SOPA, PIPA

2012-01-23T17:42:41+00:00

In this blog, I usually do not get involved in politics. This time, I'll make an exception.

If you do not know what SOPA and/or PIPA are, or if you haven't made up your mind yet, please head over to ted.com and watch Clay Shirky's presentation. Alternatively, look at the video here:

Photos of Karla

2012-01-17T21:42:00+00:00

Karla is my wife and we've been married for a little more than 2 years as I write this and I've been able to capture a couple of portraits of her...mostly because she isn't the type that will sit for a couple of minutes while I take the photo

Interesting to look back at all of these photos and remember what we've been through. All of the photos in this post were taken with my 3 film cameras throughout various points in our life. Like the one that was taken at our friend's wedding

Or the one where she's sitting at my parent's house's stairs whilst pregnant with our first daughter

Some I can't simply remember when they were taken...

And then there are these two which are the most recent ones and when she told me that I never post the photos I take of her :)

-LM

Permalink | Leave a comment »

Jay Emerson on A Serious Talk About Having Fun and Being Productive with the R Language

2012-01-13T22:20:07+00:00

Jay Emerson
- on -
A Serious Talk About Having Fun and Being Productive with the R Language
Thursday, February 9, 2012 @ 6:30 -8:00 PM
Please note important information about this meeting

This talk will provide a quick but intense introduction to the R Language: a free software environment for statistical computing and graphics. It is open-source (mostly GPL-2), available for several platforms, and thrives in Linux. The talk will be largely example-driven, with plenty of takeaway material and code examples. I’ll argue that it’s simply the right language for data exploration and statistical analysis, and is particularly fantastic for graphics and code development. I’ll conclude by introducing the package management system (and the Comprehensive R Archive Network — CRAN) and the C/C++ interface.

More Information:

R Project

About Jay Emerson:

Jay Emerson is Associate Professor of Statistics, Yale University. Jay teaches both graduate and undergraduate courses and often includes timely real-world problems and examples in his lectures, an intersection of teaching and research. For example, he collaborated with the Wall Street Journal in uncovering the infamous stock option backdating scandal, and he demonstrated a design flaw in the new scoring system used for international figure skating competitions. He has worked on Bayesian change point analyses and created the “generalized pairs plot” for the R Statistical Programming Environment. He has worked towards a scalable solution for statistical computing with massive data, extending support for the management, analysis, and exploration of massive data sets in R.

After the meeting … Join us around 8:30 PM or so at
House of Brews
After the meeting … You may wish to join up with other NYLUGgers
for drinks and pub food. This month we’ll be over at House of Brews
(302 West 51st St. – 8th Ave), but we are also evaluating other
options for the future and welcome your suggestions.

http://www.houseofbrewsny.com/

Directions from IBM: http://goo.gl/VUdO1

Spaceport America on OpenStreetMap

2012-01-12T01:29:08+00:00

Spaceport America is “the world’s first purpose-built commercial spaceport”. Wonder what it looks like? You can now find it on OpenStreetMap, one of the many things I’ve been mapping in New Mexico’s barren & isolated Jornada del Muerto. I’ve indicated various Spaceport America structures, like the state-of-the-art Terminal Hangar Building and Spaceport Operations Center. I’ve yet to accurately locate Spaceport America’s vertical launch pad, which has been in use since 2007.

No, it’s on Bing Maps, Google Maps, or any of the other Web mapping competitors—just in case you needed a reason why crowd-sourced geodata (or VGI) can’t be beat.

Want an aerial photo of Spaceport America? Over on Flickr I’ve a screencap from the USDA’s public-domain NAIP 2011 release, pretty much the only source for high-resolution imagery of the middle of nowhere.

See Spaceport America on OpenStreetMap

OWASP meeting

2012-01-09T20:24:50+00:00

I will be hosting a meeting of OWASP Long Island on Thursday, February 16th, at Adelphi University. We will continue with the hands-on lab exercises that we started in December.

Seating is limited, so be sure to sign up soon after the announcement goes out on the OWASP-LI site. More information regarding time and place will be made available on that site also.

Sean OMeara on Introduction to Chef

2011-12-23T06:05:11+00:00

Sean OMeara
- on -
Introduction to Chef
Thursday, January 12, 2012 @ 6:30 -8:00 PM
Please note important information about this meeting

Chef is a platform for building automated application infrastructure.
This talk examines infrastructure as code, the evolution of a typical
application’s infrastructure over time, and how Chef’s strategy to
configuration management makes it easy to develop, scale and change.
Example code will be examined showing how to achieve emergent
topology, and contrasts Chef with other CM strategies such as golden
image cloning.

More Information:

About Sean OMeara :
Sean OMeara is Technical Evangelist for Opscode, and worked as a
Systems Administrator for over 13 years.

http://www.houseofbrewsny.com/

Directions from IBM: http://goo.gl/VUdO1

Sessions: Car photos

2011-12-14T02:52:00+00:00

Not the first session I do where the main subject is a car...or cars as was the case on this session

First we have the Audi which belongs to a coworker. Gotta say that this is one of my favorite photos from this session.

Then we have the BMW which belongs to the friend of the coworker. This was taken on Fuji Superia 400 and then converted to B&W on post-process.

For this session I took out my Mamiya RZ67 camera and used a roll of Kodak Portra 400. And finally a shot of Julio.

-LM

Permalink | Leave a comment »

RISE FROM YOUR GRAVE

2011-11-22T19:10:17+00:00

Yes, I haven't updated my blog in over a year. Yes, I've neglected it. Very wrong of me. No, I'm not dead! One thing is for certain... like the legendary Phoenix, this blog is rising from the ashes! There's a new layout, and new articles related to even more subjects will be coming in! Over the course of a year, new subjects and old have come into my life, and now I've got THAT MUCH MORE

Last night's OWASP Long Island Meeting

2011-11-18T14:34:03+00:00

I hosted the local Long Island chapter of OWASP last night at my place of work for a hands-on evening of playing around in a bring-your-own-laptop lab environment. I had set up an virtual infrastructure that was so vulnerable to attack that it almost looked like a real work place.

For this session, the OWASP guys provided bootable BackTrack 5 RC1 DVDs, and I provided the virtual machines, a switch, power, networking cables, etc. After a brief introduction, we got started right away.

We went through a number of hands-on exercises, ranging from quick exercises with the Metasploit Framework and the w3af to arp poisining and dsniff. After having identified some credentials on the wire, we did some hands-on exploitation of a SQL injection flaw, and we mucked around a bit more with other "features" in this custom-developed web app. All in all, we managed to covered about 6 examples of the OWASP top-10. Around 10:30pm, we called it quits and wrapped up for the night, but not after having agreed to a to-be-continued sessions some time in January.

As a firm believer in hands-on learning (in addition to studying texts), it was very satisfying to see how quickly participants who may have never even used a Linux distribution, took to getting into "breaking stuff". As everything was running on a virtual infrastructure, participants did not have to be afraid to cause accidental damage, and that showed ;)

All-in-all, I think we had a good time. Next time, I'll make a few more tweaks and bring a slightly more powerful server for the VM infrastructure, but that's about all that needs to happen to take this show on the road.

A street without rules, a safer street?

2011-11-16T04:48:31+00:00

A few weeks ago, I started listening to another podcast: WHY? Philosophical Discussions About Everyday Life, hosted by philosopher Jack Russell Weinstein.

Listening through the backlog, I found an excellent show, Episode 28: “On Liberty and Libertarianism” with guest James Otteson. In it, Jack and James philosophize about so-called “Libertarianism”, talking about how government should relate (or not relate) to both social and moral issues.

One of James’ fantastic talking points was on traffic. In short, all the rules and regulations that both drivers and pedestrians must follow are dehumanizing. Destroying the human connection between driver and pedestrian takes the social issue of road sharing and turns it into… well, something else, where drivers and pedestrians no longer need to think—it becomes a matter of just reading signs, staying within lines, and blindly following the guidance of blinking lights.

In the show, they discuss a Finnish town with a high number of traffic accidents. The town removed traffic lights, stops signs, and other regulatory sundries and traffic accidents went down.

They’re beginning to do the same on London’s Exhibition Road in the UK:

The idea is that when driving zones are heavily delineated, drivers tend to be on autopilot, focusing on other cars rather than pedestrians or cyclists. That’s why London has so many guard rails on either side of pedestrian crossings, preventing pedestrians from straying into the road where they’re not supposed to. But 10 years ago, Kensington and Chelsea experimented with removing the railings from Kensington High Street and found that the number of pedestrian accidents dropped by 60%. It seems that when drivers are forced to be more aware and pedestrians are forced to take more responsibility for themselves, everyone is safer. Rules, it seems, were counterproductive.

Interestingly enough, The Guardian publishes this in the Arts & Design section and describes the movement as liberal. In my opinion, it’s anything but. Leave it to the Europeans to re-pioneer freedom & common sense.

Applied Cryptography

2011-11-15T01:14:17+00:00

It is not a secret that I enjoy teaching tremendously. Over the last few decades, I have taught at several universities, as well as for the SANS Institute. As a matter of fact, I have a new SANS Mentor class coming up in December (see: http://www.sans.org/mentor/details.php?nid=26489 for more details)

For some reason (which isn't entire clear to me quite yet), I have agreed to teach a full-semester undergraduate Applied Cryptography course. I have pretty much settled on the materials that I will be using, and the topics that I will be covering. Most crypto courses are driven by the Math department, and math isn't my greatest hobby, to put it mildly.

However much I would like it, math is unavoidable when talking about cryptography. However, for my purposes, having some knowledge about the mathematical underpinnings of ciphers and methods of cryptanalysis is enough; full formal proofs and in-depth coverage of theory are not required. Given that situation, this course could actually be fun.

I plan on having students implement basic cryptography, and work on some cryptanalysis. If I can get the message across that it is pretty much ALWAYS a bad plan to invent and/or implement your own ciphers, and give them a good feeling for what strengths and weaknesses of existing ciphers are so that they can make informed choices, I'll be a happy camper.

Structuring the course like that will also allow me to play with recent events ("BEAST"), as well as given them a better understanding why --insecure and --no-check-certificate are options that aren't always the most appropriate.

I would love to hear from people with an interest in applied cryptography what they would like to see undergrad Computer Science students and Information Systems students be exposed to.

Network forensics exercise

2011-11-15T01:13:15+00:00

In September, I was asked to deliver a guest lecture on network forensics to a group of undergraduate criminal justice students with very few format computer science of networking training. This one ranked fairly high in my list of interesting challenges, so I decided to pick up the gauntlet.

The class took place last week and went fairly well. The group was relatively small, but I was able to connect with them and get some interaction going. I started out by asking the people there what "the network" looked like; for illustration purposes, I had brought a patch cable and a switch. At this point, students started to realize that it may be a little problematic to acquire a network patch cable ;)

I proceeded by explaining that a typical network infrastructure has very little persistent data, and that the technology must be prepared ahead of time to capture useful data data is forensically sound. We spoke briefly, and at a very high level, about networking, IP addresses and ports, which flowed into the concept of a "Pen Register and Trap & Trace devices for the network" Enter: netflow".

At this point, it was time for an exercise and I provided the students with two Excel files. One file contained an excerpt from an inventory database, and the other contained 15 minutes of (actual) netflow data from a single sensor. The 15 minute window amounted to a spreadsheet with about 650,000 lines. The assignment was to identify which computers in a specific lab were interacting with Gmail at a specific time. My objective was to show the level of detail that we can obtain by just looking at flow data, AND the sheer size of the data set that we have to deal with.

After netflow, we went on to full packet capture. It was evident very quickly that the students would be wholly unable to deal with that by themselves (remember: these were criminal justice students without much computer science and/or networking experience!). Instead, I demonstrated the solution to a scenario for them that revolved around the theft of a company's intellectual property. The file that was leaked was called 'ProductDesign.zip'.

While preparing for class, I had set up a hypothetical workgroup network with one server and three employees. The server was an email hub (webmail, imap, pop), a secure file storage, and a department directory.

The employees were John- a senior engineer, about to retire on a very small pension, Mary, who just married somebody from the Ukraine, and Janice, an intern pursuing a marketing degree.

The first step towards the solution was inspection of the web server logs. They revealed that exact time that John downloaded the file in question. Further scrutiny revealed that the file was downloaded from Mary's PC.

At this point, I asked for hypothesis. We got some very interesting ones!

However, looking more closely, we can see that Janice's PC might have had a remote desktop connection open to Mary's computer. At this point, we have all three employees as possible suspects.

Going back further in time, we identified that Janice phished Mary and John under the pretense of assisting the IT department with collecting preferred usernames/passwords that would be set after weekend maintenance.

Janice is now prime suspect.

Looking at what happened after ProductDesign.zip was downloaded, we see that less than 10 minutes after one of the downloads, Janice sent an email from her work account to an anon23@evil.local that listed "it is done. I have a copy on my USB disk".

From a network forensics perspective, we have now identified a possible suspect, and pointed out two machines for forensics analysis (Mary's PC and Janice's PC).

The session took about 2 hours and included a tour to a networking closet ;)

All in all, I think the students picked up a few things.

I did save the virtual machines and the packet capture, so if you are interesting in doing something like this, feel free to let me know and I'll see what I can do to get the artifacts to you.

About certification and certifying bodies

2011-11-10T01:14:28+00:00

Although I admit that I am not entirely sure why, I am one of those people who enjoys obtaining professional certifications. I am brave enough to admit that ego might have something to do with it ;)

At the time of writing the post, I hold CISSP, GCIH, GCFA, CISM, CISA, and OSCP certifications and all of them are in good standing. That means that I have paid the annual dues, maintain my continuing professional education, and live up to audit standards.

However, staying in good standing takes efforts, and the more time I spend thinking about it, the more I am considering dropping the CISM and the CISA. The CISM was helpful when I took responsibility for a complete information security program, but now that I have a few years under my belt, I don't think it adds much value anymore. The same is more or less true for the CISA certification. While studying for the certification has been tremendously helpful to better understand how audit processes work, I don't ever expect to be an auditor.

So, at this point, CISM and CISA do not add much value to me, and I believe that I am at a point in my career that I don't need to distinguish myself by maintaining a laundry list of professional certifications. While ISACA (the certifying body for CISM and CISA) organizes local chapter meetings, I don't really feel drawn to them.

SANS certifications appeal to my inner geek; they demonstrate a level of technical understanding and, in some cases, may demonstrate some hands-on skills. The SANS certs also allow me to teach, which is one of my passions. Keeping them active is pricey, but I guess all hobbies have their cost.

That leaves the CISSP. The one thing that I have benefited from with the CISSP was that it helped me to develop an understanding of the width of the information security field. And, as sad as it is, CISSP certifications are too often a prerequisite to make it past HR filters. As the certifying body, (ISC)2 has never delivered anything of value to me.

Will dropping my CISSP make it harder for me to transition to another job, if I would ever want to do so? I don't know, but I am afraid it might.

Could (ISC)2 be doing a better job? You bet! But, in order to do so, it will need to change. Change is hard, and often needs new blood. Maybe it is time for (ISC)2 to shake things up a bit and appoint a new generation of leadership. Not coincidentally, (ISC)2 is currently in the process of electing their new board, and I believe that one candidate especially would be a very good choice to play an important role in that change.

It is for that reason that I endorse Wim Remes to run as candidate for the (ISC)2 board of directors. Please check out Wim's platorm at http://blog.remes-it.be/petition.html. If you are a CISSP in good standing, and if you also believe that (ISC)2 could do a better job at serving the community, please head over and consider Wim's platform.

When students grow up...

2011-11-10T01:14:00+00:00

As a mentor and a teacher, it is great to see your students grow up and do something useful with their lives.

Well done, Matt! How cool is it to see your name in the BlackHat speaker list? I look forward to seeing Hacking Chrome OS.

Information Security Leadership

2011-10-19T19:23:18+00:00

In most professional organizations, decisions are made by compromise, rather than by explicit directive.

As information security professionals, this is a frustrating reality in which we must function. Only when we are able to convince a large (and relevant) enough group of stakeholders, our recommendations will have a change of being implemented successfully.

The ability to influence those stakeholders, and to get a large part of our agenda realized, is the realm of information security leadership (as opposed to security management). While there are many different definitions of leadership, most revolve around the notion that leadership is about providing direction and guidance in a way that is consistent with the leader's goals.

From that, it follows that in order for information security leaders to be successful, we need to be able to lead our technical staff and direct them to do what we feel is the best for the organization we work for, but it also means that we need to lead our non-technical organizational counterparts on a path that involves decisions that we believe are the right ones.

In order to achieve convincing those non-technical entities, I believe that a good security leader should have an excellent rapport with key constituents. That is a skill in itself; it requires an understanding of the environment in which we function (so that we can identify those key players), but it also means understanding their motivators. Some tricks that come in handy are: doing favors for others without asking for something in return, be polite and understanding, actively listen to their concerns and respect them, and to never say no.

Especially the last one is something that we are generally poor at. Unfortunately, the information security professional is too often known as the person who always says no. In reality, there is really no reason for saying no very often, while the effect is still that objections are addressed.

A simple choice of words is often a make-or-break factor. For example, rather than attempting to implement a policy to block specific "stuff", we can phrase it in such a way that "stuff" is only allowed under certain circumstances. It may seem like a subtle difference, but in the mind of a reader, that is much more acceptable that simply saying no.

So, next time somebody decides to implement your in-house app in a popular (often buggy) toolkit, don't say just no, but say "Okay, but let's see how we can make this happen the best". You should not make your requirements impossible to meet, but there is nothing wrong with asking some tough questions. Next, schedule a lunch meeting with somebody who matters, and try to figure out why they came to asking for this toolkit in the first place. You'll be pleasantly surprised how often the problem simply disappears after a good lunch.

Black Hat and Defcon approaching rapidly

2011-10-19T10:24:14+00:00

Time flies when you are having fun. Before you know it, another year has passed and Black Hat USA and Defcon are here again.

Like previous years, I will (attempt to) fly to Las Vegas to attend all of the Black Hat Briefings and some of Defcon. Ceasar's Palace is probably going to be awesome, and if the Rio improves the Defcon experience enough that I don't feel like I'm in a meat locker, I might try to attend the whole thing again next year.

As always, the programs for both conferences look fantastic. There will be some great speakers, and I'm sure there are going to be some not-so-great ones too. That's ok; that's part of the charm of both cons.

This year, I really don't have a strong agenda of what talks I want to see, and who I really need to meet up with. If you're around and feel like hanging out for a bit, feel free to shoot me an email, or catch me on Twitter. Right now, my plans are to arrive Tuesday morning and leave Friday afternoon.

Teaching SANS Security 504: Hacker Techniques, Exploits, and Incident Handling

2011-10-18T23:37:01+00:00

If you are interested in getting trained in Hacker Techniques, Exploits, and Incident Handling by me, please take a look at this announcement. Once again, I have teamed up with SANS to bring their Security 504 course to Long Island. We will start classes on December 8, and will continue for a good 10 weeks on Thursday night from 7:00 p.m. - 9:00 p.m.

SEC504 is a class that will benefit any experienced system administrator, network administrator, developer, or information security professional who has a responsibility to protect their organization's computers, networks, or intellectual property. I will take you through the process that a cyber criminal follows, we will discuss and use(!) a large number of tools to illustrate cyber attacks, and we are going to learn about the incident handling process.

Let me know if you have any questions or comments.

Cyber Protect

2011-10-18T23:36:07+00:00

The United States Defense Information Systems Agency (DISA) puts out quite a bit of reasonable information. Some of it is even entertaining!

In particular, I am referring to an unclassified project called Cyber Protect. Cyber Protect is a flash-based network security simulation game in which you take the seat of a cyber security architect and you have to work within a budget to purchase components to defend your network against evil hackers.

While there is a lot of talk about the fact that perimeters are fading, clouds are great (and secure?), and we need to enable ubiquitous computing, the simulation is based on the more traditional network security concept of defense in-depth.

Players get to chose from a wide range of tools to purchase and implement, ranging from firewalls, intrusion detection, access control, antivirus, and encryption products to end-user training, backup and system redundancy.

The game is amusing to play, and it does a decent job of making the point that "stuff" needs to be maintained after it is purchased.

It took me two tries to make it to a 100% score. If you have 20 minutes to kill, check out the product. You can find it at http://iase.disa.mil/eta/cyber-protect/launchpage.htm

High-impact initiatives

2011-10-18T23:35:20+00:00

As information security officers, it is our job to walk the thin line of implementing (and operating) controls, and enabling our business to do what they are there for in the first place. Often we do so by implementing technical controls that somehow claim that they make us more secure. I am talking about things like intrusion prevention, log management, etc.

While it sometimes may be necessary to have an IPS, a SIEM, and all kinds of other cool technologies in place, the real value that these tools provide is gained when they are handed to a person who has the skill and time to operate them, and who is able to extract meaning from all the different alerts, warning, notifications, and traffic lights that these devices produce and the mere push of a button.

I am a firm believer two of the most important processes that an ISO should take ownership of is creating a network situational awareness process and a good incident response process. In some (most?) environment, these detective/compensating processes might even be more important than preventative processes.

When looking at the preventative side, we all do things like implementing firewall policies, building antivirus capabilities into the fabric of our desktops (and servers), conducting regular vulnerability scans, building a patch management infrastructure and conducting occasional penetration tests. And, as much as these processes are important, they are expensive, slow and painful initiatives to start.

A few months ago, I have started taking a slightly different approach, which I believe will be very successful in the long run. I have started several working groups and some tasks forces. In my thinking, I generally distinguish three main governance structures:

Committees: involve (too) many people who meet in a formal setting on a not too-frequent regular schedule. Committees have broad mandates, are not time-bound, and provide recommendations. A committee does not make decisions, but they provide recommendations.

Working groups: have a clearly defined mandate and address concrete problems. Working groups are typically focused on a large problem that may require smaller task forces to address parts of the overall problem. Working groups meet somewhat frequently in a semi-formal setting. A working group has the potential to continue for a long time, but don't necessarily have to.

Task forces: are similar to working groups, but are more focused. Being on a task force is real work. You are expected to deliver your part of the work, do it well, and do it fast. A task force will have a single objective and work towards that objective without distraction. Once the objective has been met, the task force is dissolved.

The working group of which I am expecting a lot is the desktop management working group. Desktop management is one area in which we (as security professionals) can make major gains very quickly. The mandate of the of working group spans just about any desktop issue, ranging from changing to gold images to new software requests, software deployment strategies, antivirus selection, group policies, process changes, etc.

In the few weeks that the desktop management group has been in existence, we have identified several parties who are directly affected and who did not have a real voice up to this point. Now that they are part of the working group, we have seen several improvements already.

The turn-around time to our clients has improved, as has the consistency of the response that they are getting. Internal communications have improved.

By making some simple changes, I believe that we have already reduced our exposure. In the long run, my role as information security officer will decrease to that of a participant, and a more logical role will take the lead.

However, the fact that we have this group now is something that I feel has improved our security. And that is what this job is all about.

Waseem Daher on Ksplice: Updating the Linux kernel without rebooting

2011-10-14T22:30:11+00:00

Waseem Daher
- on -
Ksplice: Updating the Linux kernel without rebooting
Wednesday, October 19, 2011 @ 6:30 -8:00 PM
Please note important information about this meeting

Today, every OS in the world requires regular reboots in order to be up to date and secure. Since reboots cause downtime and disruption, sysadmins are forced to choose between security and convenience.

Until Ksplice. Ksplice can patch a kernel while the system is running, with no disruption whatsoever. We use this technology to provide Ksplice Uptrack, a service that delivers important security and bugfix updates to your systems. (It’s free for Ubuntu Desktop and Fedora, and is also a free feature of Oracle Linux Premier support.)

In this talk, we’ll provide a detailed look into how the Ksplice technology works and how the Ksplice Uptrack service works, at a technical level primarily targeted at system administrators and developers, but largely accessible to the average user as well.

More Information:

About Waseem Daher:
Waseem Daher is a Senior Director of Software Development at Oracle. He joined Oracle through the acquisition of Ksplice, where he was cofounder and COO. He received both his BS and MEng at MIT, and he lives and works in Cambridge, Mass.

http://www.houseofbrewsny.com/

Directions from IBM: http://goo.gl/VUdO1

Mamiya RZ67 Pro II

2011-09-23T00:10:03+00:00

My latest camera purchase was a Mamiya RZ67 Pro II that I got through eBay. After I had purchased the Kiev 88CM I fell in love with waist level viewfinders and big ground glass.

Before purchasing the Mamiya RZ67 Pro II, I did a bit of research on this camera and other options I had, specially since there are two versions of the RZ67. I've always wanted the Nikon F5 but I have a hate/love relationship with 35mm so I decided that I would keep with medium format for this purchase.

One of the features that I love about the RZ67 camera is the bellows focusing system, it's simply amazing and quite useful, and I had read in several places that with the bellows every lens would be able to do macro but after using it I found that it's not really the case, well at least to what I find that macro should be. A bit disappointed on that part or maybe it's just me not knowing how to use it well, either way I'm not that into macro photography anyways.

Because this camera uses a bellows system for focusing, instead of moving a ring on the lens there is a knob on each side of the camera that are used to focus by moving the lens further or closer to the body.

Like the Kiev 88CM, this camera has a knob on one side where the shutter speed is set, unlike the Kiev 88CM this knob only has that function. The fastest shutter speed on this camera is 1/400th of a second and that's due to the fact that the Mamiya RZ67 uses leaf shutters, meaning that the shutter is on the lens and not on the body, this is another feature I loved about this camera simply because it can sync with the flash at all speeds and it's quite cool if you ask me.

The difference between the Mamiya RZ67 Pro and Pro II is that the Pro II has half step shutter speeds and also a fine focusing knob.

This one came as a surprise really, the Kiev 88CM also has a small magnifier that is used to assist in focusing, the difference with that one and the one on the RZ67 is that the RZ67's magnifier allows you to view the whole image in the ground glass so no need to close it after you have focused the scene to compose the shot. This also prevents ambient light from hitting the ground glass and making it difficult to see the image.

Everything I read mentioned that this was a heavy and big camera but that was also said about the Kiev 88CM so I didn't expect it to be incredibly heavy and big but what a surprise...this camera is bigger and heavier than the Kiev 88CM, in fact it makes the Kiev 88CM look like a toy. This camera wasn't made to be used handheld and one of the reasons for this is the fact that the focusing system that is used shifts the center of gravity depending on how far out the lens is and how heavy the lens is thus making it difficult to hand hold the camera and try to focus and then shoot. There's a L grip that was made for this camera which assists on hand holding the camera...sadly I don't have one.

I've managed to shoot with it handheld though it's not easy.

This camera is a medium format film camera, though digital backs exist for it, thus it uses 120 and 220 film, in this case I only have a 120 back. The difference with the Kiev 88CM is that the frame size of this camera is 6x7 instead of 6x6. Here are a few samples that came out of the first roll I ran through this camera

That is the first photo I took with the camera on a tripod of course. I used Kodak Portra 400.

Since the RZ67 has a revolving back, meaning with a turn of the back I can shoot horizontal or vertical photos

I really like how sharp the photos come out and having a negative this size renders big photos when scanned.

The above photo was taken in color, Kodak Portra 400, but was converted to B&W in post as it looks way better this way.

-LM

Permalink | Leave a comment »

Upload multiple photos to Meetup without Flash

2011-09-22T08:09:11+00:00

Do you use Meetup and upload multiple photos regularly, but hate doing it?

Meetup has an multiple-photo feature that uses Adobe Flash, but as you can expect of Flash it’s not particularly reliable or stable. There no reason to put up with Flash’s nonsense—HTML5 includes a multiple-file upload control, well-supported by the latest Web browsers. Unfortunately, despite my posting a wishlist item (please vote!), Meetup has done nothing to support it.

So I did it myself: if you use Chrome or Greasemonkey/Scriptish for Firefox, install this user script: Meetup: HTML5 multiple-file upload for photos.

Once installed:

Go to the “Old Upload Form” for your Meetup group or album. This can be tricky to get to, but the URL looks like: http://www.meetup.com/GROUPNAME/photos/upload/
Make sure you’ve selected the right album.
You should only see one file upload widget (the “Old Upload Form”, before this script, had 10).
Click it, and you’ll notice you can select multiple photos you want to upload. Go ahead and do so.
After you’re done selecting and dismiss the widget, the page will now tell you which photos you’ll be uploading.
Click upload to start uploading photos.

Enjoy uploading your photos without Flash’s crashing, errors, or mayhem!

A note: if you use Firefox, you won’t be able to know how much you’ve uploaded (unlike Chrome, Firefox has no built-in upload progress meter). Try the Upload Progress add-on to keep tabs on your uploads.

Making Firefox's Web Console readable

2011-08-25T09:38:10+00:00

Are you blind (like me), but you still want to use Firefox’s new Web Console? Yeah, maybe you’ve noticed that the Web Console has abnormally small fonts with no obvious way to adjust them.

I’ve created a new user style that makes Firefox use your configured monospace font (I use Inconsolata), and also lets you configure font size.

Get it at Userstyles

Changing Drupal 7's built-in jQuery UI theme

2011-08-23T05:08:45+00:00

jQuery UI, a Javascript widget framework built upon jQuery, comes built-in Drupal 7 core. One of jQuery UI’s nicer features is that you can switch themes by changing out a CSS file.

There are some nice jQuery UI themes out there (unfortunately, not enough!), like Tait Brown’s port of Aristo to jQuery UI (see demo).

But since jQuery UI is in Drupal core, which internally keeps track of CSS files, how do you switch the jQuery UI theme in use?

The Seven theme, including with Drupal core, provides inspiration on the “one true Drupal way” of doing this, by providing hook_css_alter(). Place into your theme’s template.php:

function MYTHEME_css_alter(&$css) {
  if (isset($css['misc/ui/jquery.ui.theme.css'])) {
    $css['misc/ui/jquery.ui.theme.css']['data'] = drupal_get_path('theme', 'MYTHEME') . '/jquery.ui.theme.css';
  }
}

Replace “MYTHEME” with the name of your theme, and adjust the path to your jQuery UI theme’s CSS file accordingly (the above assumes you place jquery.ui.theme.css in the root folder of your theme).

With this magic in hand, I now have the Aristo jQuery UI theme running on this blog. Looks quite a bit better!

This post was inspired by an answer I posted on StackExchange.

Prusia Forest

2011-08-22T17:10:00+00:00

Besides visiting the Ujarras Ruins a couple of weeks ago we also paid a visit to the Prusia Forest that's part of the Irazu Volcano park. The photo above was taken near the Carlos Duran Sanatorium while we waited for a friend that was also going on the photowalk with us.

A view of the abandoned sanatorium which isn't regularly seen, unlike the rest of the place which has been photographed hundreds of times. Would have liked to have taken the photo from a lower angle but the gate prevented that.

On our way to the forest we stoped to take a couple of landscape photos.

We finally arrived at the forest and decided to ditch the trails that were layed out and instead photograph an area of the forest which seemed more interesting.

Quite excellent example of nature taking back what it belongs to it

And a final frame from the forest

-LM

Permalink | Leave a comment »

Trip to the amusement park

2011-08-19T16:21:00+00:00

Recently took a trip to the local amusement park with some co-workers and decided to take my Nikon FM10 along with a roll of Kodak Color Plus 200 film

I wasn't going to simply spend my whole day taking photos of my co-workers but simply snapshots of day mostly because I wanted to have fun and relax

We did make a stop for some coffee since it was somewhat early that we arrived at the park. These two photos were also taken in the color film but were later converted to B&W because the light was too low in this area and they simply looked way better in B&W

We did stop for a couple of portraits along the way

Before going to another ride and for two co-workers to get their face painted, I actually took this chance to document the process of one of my friends getting her face painted

The lady that did the makeup told us that the style that my friend choose was a bit more complex than what my friend wanted, mostly because it involved having her whole face painted orange but my friend decided that it was best not to and simply go with a more basic version

Really love the photo above and I feel that making it B&W really makes it more timeless. And this is the finished product

She of course had to convince another friend to get half her face painted

-LM

Permalink | Leave a comment »

Sessions: Marielos

2011-08-17T18:31:00+00:00

Marielos is a friend photographer that I met on a photowalk that I had organized a while back. For this session we decided to visit a street of abandoned buildings which have graffiti all over them and while we were walking around we found an entrance to one of the buildings.

Karol then explained to us that this used to be a bar several years ago that she would visit and told us some stories and where some of the entertainment and other things were. The photo above was taken behind the bar, I was actually stading on the part of the bar where everyone would ask for the drinks.

Really love the above photo and it's mix of nature taking over and the cement of the place.

These photos were a mix of ISO 200 and ISO 3200 only to be reminded that I was shooting Kodak Portra 800 and not Kodak Portra 400 but despite that I really love the results that I got out of that roll. Shooting it at ISO 3200 and developing it at ISO 800 doesn't over saturate the colors but instead gives awesome colors.

-LM

Permalink | Leave a comment »

Sessions: Marisol

2011-08-15T16:17:00+00:00

Took a bit of convincing but finally manage to get Marisol to pose infront of the lens of my Kiev 88CM for a couple of photos. While we waited for Karol to arrive we took a stroll through a park in San Jose and captured these two photos.

Marisol is a friend from work that I met a couple of years ago when I started getting into taking photos of activites at the office.

-LM

Permalink | Leave a comment »

BrowserID session API support for Drupal

2011-08-15T12:55:47+00:00

Late last week, Mozilla’s Identity team made available a Firefox extension for BrowserID, a new browser-oriented single-sign on mechanism. Click a button in your address bar and automagically login into a website.

Along with it they made available a browser session API—that is, the browser can now keep track and show whether you’re logged in, logged out, etc, also displayed in your address bar.

Drupal had a BrowserID module less than 24 hours after BrowserID’s initial announcement (thanks Isaac Sukin!). Likewise, in the weekend after the session API announcement I helped out and wrote a patch adding support for the new API.

If you’re familiar with Drupal development, install the Drupal module, ~~apply the patch,~~ install the Firefox add-on, and get browser-integrated, one-click login to your Drupal-powered website.

The patched module is running live on this site right now, so please play with it (myfavoritebeer.org does get boring).

At the moment, Drupal’s BrowserID module does not create an account on my blog, so you must do that first, separately. Create an account here, or if you’ve an OpenID, logon with your OpenID directly to also create an account (funny how complicated this has gotten already). Make sure to set and use the same e-mail address as the one you use for your BrowserID. After creating an account, logout, and then log back in using your BrowserID. If you’ve problems/find a bug, please leave comments on the Drupal bug or this blog post—thanks!

[UPDATE: 16 Aug 2010]: Drupal’s BrowserID module now includes my patch; you don’t need to download and apply the patch separately.

Casa 927

2011-08-13T14:00:00+00:00

Planned a day of shooting portraits with a couple of friends and Karol suggested that we pay a visit to this place that she had heard of in Facebook called Casa 927 and how it's all about national artists. Lucky for us they allowed us to spend an hour taking photos anywhere in the house that we wanted which is awesome because this is an old house that has been converted into a cafe and also a place where local artists can display and sell their work.

Pictured above is Marisol in the bathtub of the women's bathroom. Because this used to be a house the bathrooms have a bathtub, no longer used of course, and we found it quite excellent to use it to take photos. Really love the photo above.

Because of the low light situation in the bathroom we decided to break out the flash to continue taking photos. The bathroom also doubled as the dressing room for the girls.

There are some resident artists in the house who sell their art which is made, in some cases, out of recycled materials. Anything from jewelery to knit hats to scarfs to paintings to sculptures can be found there and they also have a cafe and restaurant. Often times they host events at nights such as having local chefs come in and cook for the night or other events relating to local artists.

We then went outside the house to take a couple more portraits. Above is Karol, who suggested the place, posing with one of her designs. She took some courses in clothing design and has been making several pieces of clothing.

The Casa 927, located in San Jose, is open to photographers coming into the house and taking photos, like we did, but it's required to be mindful of other guests that are there to eat at the cafe, or purchase anything from the various stores in the house as well as those just visiting the house to see the paitings on the walls.

The owners of the Casa 927 are warm and welcome all local artists to visit them and have a chat with them. I know we did talk to them about the house and the initiative. Will definitely pay them another visit sometime.

Be sure to visit the Casa 927 Facebook Page for more information about their initiative and activities being held there.

-LM

Permalink | Leave a comment »

Ujarras ruins

2011-08-11T20:50:00+00:00

Recently I went along with a couple of friends to do a photowalk in Cartago visiting key points. First we payed a visit to the Prusia forest, photos of which will be posted when I get the Fuji Velvia 100 roll developed, and then we visited the ruins of Ujarras. The above photo is of the bridge that's located in the site of the ruins and a tree near the river that goes under the bridge.

The ruins are of a church built many years ago, back in 1560, in the city of Ujarras and it was damaged by several earthquakes and floods from a nearby lake. Because of this only the four main walls of the main building exist today and have been reinforced so they will last longer. Because there is no roof water will acumulate in certain parts of the floor in the area.

There isn't much to this place really, it's just the ruins of the church and the green areas around the church so it's more for a picnic or the like.

-LM

Permalink | Leave a comment »

I'm Flattr'ed!

2011-07-20T04:06:51+00:00

2011 Flattr widget

I conducted an experiment back when I wrote my HP N36L review: I added affiliate links to both Amazon and Newegg, hopefully to get some revenue without polluting my site with advertisements.

It was successful; I earned enough to pay for a few cups of espresso, at least.

Many authors have PayPal-powered “tip jars” or links to their Amazon wishlist. I’ve now setup the same, but I think it’s unrealistic visitors spend the requisite time or money to use them.

Enter Flattr, a new “social micropayments” platform, a tip jar evolved to work on Web scale. Flattr is a quick and easy way to give back to content creators—including myself. Rather than trying to explain it, watch Flattr’s introductory video. I love the cake analogy.

If you want to get an item from my Amazon wish list, please do! But what if you wanted to contribute less? And why would anyone else want to use Flattr over PayPal?

Well, one, it’s simpler. Users need only click a single button (the Flattr widget) to Flattr me. Also, users don’t need to worry about figuring out how much to give me—Flattr’s “cake cutting” algorithm does it for you. Nothing stops you from donating more, of course.

Second, Flattr’s rates are better. Say you’ve decided to add $10/month to your Flattr account, and you’ve Flattr’ed 10 people, including me. Each of those people will be entitled to $1. With Flattr’s 10% commission, I’d get 90¢; with PayPal’s default fee schedule, I’d get 67.1¢ ($1-($1×2.9%+$0.30)). Big difference. Flattr works well when you’re dealing with small amounts (called micropayments), exactly the niche market they’re trying to fill.

Imagine you’re walking down the street and hear a great musician, to whom you’d like to donate some small change. It’s easy to do in the real world. With conventional payment systems oriented around transactions, this model doesn’t translate. With Flattr, however, the model does—it brings a donation system and ethic present within the real world onto the Web.

PayPal has its own little-known micropayments platform with a better fee schedule, but it requires the receiver to go through a manual approval process to receive a special account. It’s only available in a few countries and has been a “beta” product for years, implying PayPal does not care much about it. Why should they? PayPal, making money on high-value transactions, has little incentive to develop micropayments—not until there’s marketshare and mindshare to steal, something Flattr is building.

Third, with free culture luminaries like Peter Sunde of The Pirate Bay fame behind it, Flattr seems less likely to “censor” recipients, holding funds hostage and even confiscating them, something for which PayPal is notorious. While I’m not worried about anyone censoring my overly-politically correct blog, should I be OK with organizations unfairly censoring others? *cough* WikiLeaks *cough*

Flattr is so nascent, it’s unlikely I earn a significant amount of money. And the meager money I do earn I will probably use to Flattr others. But it’s easy to use, low-risk for myself and visitors, and most importantly I believe in its ethos—so why not?

If you like this post or my blog, please flattr it!

NYLUG on The NYLUG Summer Barbecue!

2011-07-13T21:55:07+00:00

NYLUG
- on -
The NYLUG Summer Barbecue!
Sunday, July 24, 2011 @ 12:00 -1:30 PM
Please note important information about this meeting

Join us for some fun in the sun at Morningside Park at Noon. We’re having a barbecue.

This is a pot luck event, so bring your favorite drinks, chips and dips or meats/veggies to be grilled. We’re coordinating the goodies at the wiki link below.

More Information:

http://www.houseofbrewsny.com/

Directions from IBM: http://goo.gl/VUdO1

Leticia + Adrian

2011-07-04T15:45:00+00:00

Recently went along as a second shooter with a friend of mine who had an engagement session with a really nice couple.

I took the chance to shoot some B&W Ilford film with my Nikon FM10, which I have a love/hate relationship with, and really liked these photos from that one roll I shot. First we stopped by the greenhouse they have near the entrance

And then off to the Japanese garden

We took a trip to the Lankester Botanical Garden in Cartago to take advantage of the beautiful Japanese garden scenes and my friend even got an umbrella that would function as a really nice prop. We expected a nice sunny day, like our last visit, but it wasn't the case instead we have an overcast sky with light rain through out the first part of the session.

Really like that bridge. I think I'm getting a bit better at getting the couple to do a certain pose or action though I still need to explain things a bit better.

Really like her expression on the above photo. I took that photo while my friend was setting up and explaning the scene she wanted to photograph.

There's a small river that goes around the Japanese garden and it had more water than last time mostly due to the rain.

That's Leticia. They met when they worked together a couple of years ago and are getting married this month on the 23rd. And that's Adrian on the photo below

I didn't just bring my film camera along, mostly because I only had one roll of 35mm film left...I know, my bad...so I also brought my digital Nikon D60 along

Really love this next photo which looked best in B&W

Besides the botanical garden we also paid a visit to the ruins of Ujarras

This session was a lot of fun and would definitely love to do this type of sessions again. I won't be accompanying them during their wedding but wish them best of luck on this new part of their lives.

-LM

Permalink | Leave a comment »

Lessons from Nokia's CEO: ignore your product & your customers

2011-06-26T03:39:56+00:00

So, Nokia’s paper-launched their newest flagship phone, the N9.

The N9 is based (well, sort-of, anyway—something many media outlets have gotten wrong) on Nokia’s Linux-based operating system MeeGo, which they’ve been developing in-house for several years. However, in 2010, Nokia decided to switch their flagship mobile phone OS from MeeGo to Windows Phone 7—effectively aborting all long-term plans and products in the pipeline.

This has universally been regarded as a bad move.

The N9 was apparently far enough down the pipeline, and new products based on Windows Phone 7 so far, that Nokia released the device anyway. So far, the N9 is a hit.

The move to the new OS is considered the handiwork of recently-appointed Nokia CEO Stephen Elop. However, an article in the Helsingin Sanomat paraphrases Elop:

In Elop’s words, there is no returning to MeeGo, even if the N9 turns out to be a hit.

So, it doesn’t matter if Nokia’s own products are successful? The business deal made with Microsoft is more important?

I read:

I have taken part in the conversations with the teleoperators and I have been part of the consumer test groups. The feedback has been extremely positive and I am sure that the Windows Phone system will be a great success

And think: teleoperators and consumer test groups are one thing, but what about your own customers and developers?

Lessons learned here: ignore your product, and ignore your customers, and you too can be part of a company as successful as Nokia. Maybe, as CEO, you’ll get your own social media hashtag too.

Google NYC Office tour finally happens!

2011-06-17T03:55:35+00:00

After three years of attempting to organize a Google NYC office visit -- we finally had that happen! The above picture is the Google NYC Reception area.

I must say that the Google NYC office is amazing! There are many places to eat and take breaks scattered throughout their office spaces on many floors -- one of which is Lego themed! They have the usual conference rooms, a computer museum -- with the usual vintage systems placed around. Did I mention the view from one of their kitchens is absolutely breath-taking? Well, it is -- just look for yourself!

I enjoyed the tour very much -- and I am sure that my fellow Google Summer of Code students did as well! For me, Google Summer of Code has been largely social -- meetups are a big component of this program in my opinion -- sure we have to produce code -- but why not have some fun mingling with students who were fortunate enough to get selected in this very selective program? This was a very successful meetup indeed.

Securosis research: React Faster and Better

2011-06-16T00:16:04+00:00

It is not a big secret (nor a surprise) that I am a big fan of the guys over at Securosis. Not only do I appreciate a lot of the research that they do, I also like their business model very much. They give back to the community much of what they get from it, and that is commendable.

Recently, they have been publishing a series of articles that are very much in my area of interest. The articles have a common theme: incident response. The articles describe in sufficient detail what controls to should be in place to facilitate effective response; examples range from information collection, to escalation processes, and much more.

The ability to respond to incidents, rather than to merely react to them, is something that many organizations lack, but that has the ability to drastically reduce downtime following an incident, and in some cases will prevent intellectual property from being lost and/or damaged.

The articles that they have published to date are:

React Faster and Better: Introduction

React Faster and Better: Incident Response Gaps

React Faster and Better: New Data for New Attacks, Part 1

React Faster and Better: Alerts & Triggers

React Faster and Better: Initial Incident Data

React Faster and Better: Organizing for Response

React Faster and Better: Kicking off a Response

React Faster and Better: Respond, Investigate, and Recover

As time goes on, I hope that Securosis continues its great work and continues to publish relentlessly.

June 15th: Robert Menes on Rockbox: Open Source Jukebox Firmware

2011-06-10T19:35:30+00:00

Rockbox is an open source firmware replacement for a growing number of digital audio players. It adds many new features, including playback of many more codecs (including Ogg Vorbis, FLAC, Musepack, and more), plugins, connectivity with any OS thanks to its USB stack (available on most targets), and a great many more features.

Supported targets include devices by Archos, Apple, iriver, Cowon, Philips, Samsung, Toshiba, Packard Bell, MPIO, and SanDisk. Recent development work is bringing Rockbox to Android and Maemo devices in the form of an app.

More Information:

Rockbox

About Robert Menes:
Robert Menes has been around computers since he was a wee lad, starting with a Commodore VIC-20 and LOGO. He has been a Linux user since 1994, and favors anything that runs Unix or Linux. He’s been involved with Rockbox since 2006 writing documentation and some code for plugins. In his spare time, Robert enjoys hardware hacking, movies, photography, good food and beers, urban exploration, and playing the didgeridoo and bass guitar.

Pigeons in San Jose

2011-06-06T14:00:00+00:00

I finished a roll of Kodak Ultramax that I had in my Nikon FM10 yesterday while I was in San Jose and decided to drop it off at a local lab that develops 35mm film in half and hour for less than a dollar and saw that they were selling Kodak Ultracolor film so I bought a roll and went to shoot the roll while they developed the other one

Since I finished the roll just minutes after I had purchased it I had it developed in the same lab...wasn't difficult to shoot through the whole 36 exposures in the park where a lot of people were feeding pigeons.

The pigeons here are so used to being fed pretty much anything that they aren't afraid of anyone coming close to them and will even come close to anyone sitting down anywhere in the park so every time I sat down or kneeled to take a photo I had at least one pigeon next to me waiting for me to feed it.

People don't seem to care that these pigeons aren't the most higenic animals around and will sit the children on the ground and throw corn around the kid so they're surrounded by pigeons...many cellphone pictures were taken of this kid.

Some kids even try to catch one...not exactly handled in the best way possible but some kids are seen with one in hand

Or three...I honestly think he was trying to catch a fourth...this next kid was trying to catch another one

Some pigeons will loose their feathers in the process. I think a good series can be made out of this place and kids that interact with the pigeons...

More photos can be seen on the Flickr photostream

-LM

Permalink | Leave a comment »

Following Firefox's New Development Channels with Ubuntu

2011-05-31T20:29:49+00:00

Shortly after Firefox 4’s release, Mozilla announced the move to a channel development model, à la Chrome. On Windows and Mac, builds from these channels update themselves; what about on Linux, where both self-updating software and software outside management of the package manager (i.e. manually installed) is taboo?

If you use Debian, Mike Hommey and the Debian Mozilla Team’s mozilla.debian.net provides packages for the Firefox Stable, Beta, Aurora, and Nightly channels. Be aware that these packages are still labeled Iceweasel, i.e. they lack the official Firefox branding. These packages work on Ubuntu should you want to use them.

What if you want something more Ubuntu-specific? PPAs following each of the channels exist, but they’re not obvious to find.

Nightly builds of Firefox trunk, formerly known as “Minefield” builds, are available in the Ubuntu Mozilla Daily PPA. Remember, Nightly builds receive little testing (e.g. can they build without errors?) and thus may crash frequently. Start using these builds by pasting the following into your terminal:

sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa
sudo apt-get update && sudo apt-get install firefox-trunk

Firefox’s new build channel, Aurora, has builds that have had more testing than those from Nightly. Builds from the Aurora channel are available from the firefox-aurora PPA, which you can use with:

sudo add-apt-repository ppa:ubuntu-mozilla-daily/firefox-aurora
sudo apt-get update && sudo apt-get install firefox

The Beta channel, containing builds that received more testing than Aurora and are (mostly) ready to be released, is available in the firefox-next PPA:

sudo add-apt-repository ppa:mozillateam/firefox-next
sudo apt-get update && sudo apt-get install firefox

Lastly, if you want to follow the Stable channel, consider sticking with what’s available in Ubuntu’s normal repositories. Ubuntu has a (new) policy to bring stable Firefox updates to Ubuntu releases more quickly. If you really want to be testing the next Firefox release, try the Beta channel above. If you still want the “bleeding edge” of stable, there’s the firefox-stable PPA, which will go away soon, and Ubuntu’s Mozilla Security Team PPA, within which packages only remain until they are moved into the main archive.

Notice that the Aurora, Beta, and Stable channels contain packages of the same name: “firefox”; this means:

You can only install Firefox from one channel at a time.
They all will use the same profile and profile registry. You’ll need to manually switch profiles or alter shortcuts to launch the desired profile if you desire different.

Packages in the Nightly channel, however, are named firefox-trunk and can be co-installed alongside builds from another channel.

To switch to another channel, disable the source with Ubuntu’s Software Properties or delete the appropriate file in /etc/apt/sources.list.d/:

sudo rm /etc/apt/sources.list.d/ubuntu-mozilla-team-firefox-aurora*list
sudo rm /etc/apt/sources.list.d/mozillateam*list

Then re-add the appropriate repository to switch to a desired channel.

Hopefully, with easy-to-use PPAs available for each of Firefox’s build channels, more people, including you, will test these builds. Go forth and test!

Sessions: Nathaly

2011-05-30T16:00:00+00:00

Long time friend that I met several years ago during one of my tech visits to the high school where I studied at. I talked to her recently and asked her if she'd like to model for me and she accepted.

We didn't really go anywhere special for this session as nothing huge was planned so I took the photos around my apartment. I asked her to come over during the afternoon as the light would be much softer.

She liked this photo because she loves watching TV while sitting that way...or so she told me

The above photo took me a while and a lot of work to get it to a point which I liked it. At first I thought it would only work in B&W but took my time to make it work in color as that was the original idea. Lit by ambient light that was coming in through the window in the room and underexposing the film about a stop or two because the meter was reading 1/60th and my Kiev 88CM doesn't close the second curtain at that speed. I like the photo a lot though I believe it would really benifit with the use of fill flash on the right side.

-LM

Permalink | Leave a comment »

Sessions: Georgeanela with the black dress

2011-05-23T14:00:00+00:00

This is the second part of the session that we had on the bus, which can be seen here, and it involved a quick trip to a nearby entrance which had several trees which looked great.

This was the same place where Karol's session was done. She liked the hat that I had hanging on a wall so we brought it along for the session.

Also a couple of photos from the bus session

And this next one if my favorite from these two, really love the angle on this one

-LM

Permalink | Leave a comment »

Why I use Firefox 4 Mobile

2011-05-19T23:16:29+00:00

A couple weeks ago, Mozilla released Firefox 4 Mobile (née Fennec) for both Android and Maemo.

I’ve had an Android phone since 2008 and honestly, I’ve never browsed the web on my phone as much as I have in the past few months when I started using Firefox 4 Mobile. It really is that much better! Here are my thoughts (focused on the Android version) on why.

Sync

Firefox 4 Mobile’s number 1 killer feature is Sync, which syncs tabs, logins, browser history, and bookmarks across multiple devices. The most useful of these are logins and browser history.

It’s a complete pain to type user names and passwords on mobile keyboards, exacerbated personally since I practice good security and use a different password for each site on the web. Because Firefox Sync makes available on my phone all the passwords I’ve saved on my desktop, I never need fumble entering or remember anything anymore.

I use the web quite a bit (who doesn’t?), proof of which is my 15 MiB history file. Sync makes available that same browsing history, everywhere. Having your browser history available to do simple things like coloring visited links purple really makes a difference (e.g., think about looking through apartment listings on Craigslist).

Having history available also powers Firefox 4 Mobile’s Awesome Bar. I don’t need to remember exact URLs anymore, or rely on a search engine—I can just start typing a keyword and Firefox’s Awesome Bar automatically searches URLs and page titles of pages I’ve visited, just like it does on the desktop.

As a freedom-loving, free and libre open source software advocate, another bit about Sync I love is that it is an autonomous web service. That is, you can download the server-side component of Sync and run it yourself, should you not trust Mozilla.

Google has a Sync-like feature in Android 3.0 for its built-in web browser and Chrome for your desktop, but so far nothing is available for anyone stuck on older versions of Android. It also isn’t autonomous—you’re locked into trusting Google.

HTML5

Firefox 4 Mobile has much better HTML5 support, in the sense it supports more New & Exciting Web Technologies (NEWT), such as CSS3, SVG, and new Javascript APIs.

Firefox has dropped vendor-specific prefixes for many CSS3 properties, including border-radius, box-shadow, text-shadow, etc. All in all, it makes your CSS that much more clean.

There’s support for SVG, only recently supported in Android 3.0.

There’s support for notifications via a proprietary API. Recently landed in Chrome 10, it’s still missing (AFAIK?) in Android 3.0, even with 3.0’s rich notifications support.

The iPhone has had multi-touch Javascript events (think pinch-to-zoom, essential for mapping widgets) since its debut, but multi-touch support and support for such events is missing from Android, even though Android was introduced much later. Firefox 4 Mobile has had multi-touch support since last year, though it does not support gestures, like the pinch-to-zoom event (patent concerns?). Even without gestures, nothing stops you from implementing gestures yourself. Firefox Mobile also is leading the way in supporting the (draft) W3C TouchEvents specification.

A good overview of the other HTML5 features Firefox 4 Mobile supports is Mozilla’s HTML5 & Friends demo

Other stuff

Firefox 4 Mobile also supports add-ons. While I haven’t found the need for any, there are some neat ports, like Adblock Plus Mobile. Expect the list of add-ons to grow quickly.

When Firefox 4 Mobile was in beta, Mozilla didn’t do a very good job alerting people to its high system requirements. However, on release, a supported platforms and systems requirements page is first and foremost. A summary: you need a phone with at least 512 MiB RAM. The official builds require an ARMv7-generation processor (or more specifically, one that supports ARM’s Thumb instruction set), ~~but there are unsupported builds for older ARMv6 devices that have enough RAM (e.g. T-Mobile’s MyTouch Slide, aka the HTC Espresso).~~ Not to gloat, but Firefox 4 Mobile for Android works great on my T-Mobile G2.

Firefox 4 Mobile’s previous name was Fennec 2.0, a name I much prefer. But somewhere along the way, Mozilla decided to take a page from Microsoft’s marketing playbook—home of atrocities like Microsoft Windows Live Mesh and Microsoft Windows Server Base Operating Systems Management Pack for Microsoft Operations Manager 2005. What makes it worse is disambiguating Firefox 4 Mobile for Android and Firefox 4 Mobile for Maemo means you’re using 5 words for a product title. For web developers, fortunately, Firefox 4 Mobile still keeps the keyword “fennec” in its user agent screen for easy detection.

In my opinion, the best software keyboard for Android is Swiftkey (proprietary software, unfortunately). SwiftKey crashes when used with Firefox 4 Mobile… SwiftKey hasn’t been very helpful diagnosing the problem (it is SwiftKey doing the crashing!) but Mozilla has fixed the SwiftKey crash on their own, available by Firefox 5 Mobile, if not 4.02.

So, go download Firefox 4 Mobile now from Mozilla’s landing page if you’ve not done so already. You can also get it from the Android Market, or, if you don’t or can’t use the Android Market, get the latest Firefox 4 Mobile release from Mozilla’s FTP site instead. If release versions are not bleeding edge enough for you, consider the Nightly or Aurora build channels instead.

Also, if you’re playing Mozilla’s Spark, please tag me!

UPDATE MAY 20: I forgot one of Firefox 4 Mobile’s most unique features: Electrolysis. One of Google Chrome’s best features (conspicuously missing from Android’s browser) is its multi-process architecture that keeps each tab in a separate process. If a tab crashes, that’s all that crashes — your browser stays running!

SOURCE Boston 2011: Higher Education's ability to conduct relevant research and to effectively teach information security

2011-05-16T23:38:53+00:00

I was very pleased when the organizers of SOURCE Boston notified me that my proposal for a panel presentation had been accepted. The topic of my panel is Higher Education's ability to conduct relevant research and to effectively teach information security.

Looking at the rest of the speaker lineup, I am getting really excited to go!

For ages, society has relied on institutes of higher education to conduct state-of-the art research, and to teach the highest level of knowledge and skills to its students. However, in the present, that expectation, that may no longer be a realistic expectation.

Some information security practitioners believe that the field changes so rapidly that even those who live and breathe its fabric daily have a hard time keeping up with current affairs, and that academia is falling behind and that it is at risk of becoming irrelevant and/or obsolete. Others believe that an excessive focus on developing skills that can be applied immediately is irrelevant, and that higher education should instead focus on developing and fostering knowledge and inquisitiveness.

This panel brings together people who both have extensive experience in the field, as well as clear opinions as to what the information security field should expect from higher education. Represented on the panel are people who are in a variety of roles: CISO, Security practitioner, Application specialist, and Academia.

If YOU have any questions that you would like the panel to discuss, please submit them below.

Photowalk: Lankester Garden - The greenhouse

2011-05-16T16:39:00+00:00

These are other photos from the photowalk we had several months back. First the greenhouse they have at the entrance of the park which is mostly dedicated to the orchid flowers and it's mostly maintained by the Universidad de Costa Rica (UCR).

I guess it wasn't the right time as most orchids weren't in bloom. There are other flowers and plants being grown and kept in this greenhouse such as the one pictured above.

A couple of trebols were groing on the ground of the greenhouse, I don't think they were planned

Some plants are hung from the roof

I like these because of the wooden box they are placed in

And some of them are hung from the other tables

-LM

Permalink | Leave a comment »

Cameron L. Fadjo on Scratch

2011-05-13T23:10:51+00:00

Cameron L. Fadjo
- on -
Construct, Program, Design: An Introduction to Scratch From the Perspective of Computing and Cognition
Wednesday, May 18, 2011 @ 6:30 -8:00 PM
Please note this meeting will be at PS9, not IBM

Scratch is a programming environment that makes it easy to create interactive media, such as games, stories, and simulations — and share those creations online. With an extensive online community of over 730,000 registered members and over 250,000 unique contributors to the vast online resource of projects to share and explore, Scratch, and its online community, is continuing to grow and thrive as programming and designing become more social.

Simultaneously, Scratch is also increasing the amount of exposure younger children have to programming. How can this increased exposure to Scratch lead to improvements in learning of core computing concepts?

This presentation will provide a general overview of Scratch; present some examples of Scratch projects; explore some of the core computing concepts; and discuss some of his findings from his research with the Institute for Learning Technologies at Teachers College, Columbia University on using Scratch to develop particular Computational Thinking Concept skills among young learners (elementary and middle school students). He will also share some insights into his newest project related to developing reading and writing skills with computer code with Scratch, called Code Literacy.

More Information:

About Cameron L. Fadjo:
Cameron L. Fadjo is a PhD student in Cognitive Studies in Education and a Research Associate with the Institute for Learning Technologies, both at Teachers College, Columbia University. He holds two master’s degrees, one in Instructional Technology and Media and the other in Educational Psychology: Cognitive, Behavioral, and Developmental Analysis, from Teachers College, Columbia University and a B.M. in Music Synthesis from Berklee College of Music. He is currently the Project Leader of the iWorld (Imaginary World) project which examines the use of grounded embodied cognition and Imaginary World Construction to teach abstract mathematical and computational concepts and the DM-S3 (Direct Manipulation of Stories, Systems, and Symbols) project which examines how gestural interfaces can be used to improve understanding of novel terminology and complex systems. His research interests include action, perception, and imagery, in particular grounded embodied cognition, gestures and Imaginary Worlds, and their implementation through technology to improve learning, memory, and understanding of abstract concepts and/or complex systems.

Meeting Location
Please note that this meeting will be held at P.S. 9 Sarah Anderson which is on West 84th Street and Columbus Avenue, and not at IBM. Please RSVP for this meeting.

Using my Creative Commons-licensed photos

2011-05-13T06:34:05+00:00

Since I’ve become a photobug and licensed those photos under the Creative Commons, I’ve been getting a lot of requests for reuse. After all, that’s what CC-licensed content is for!

The “BY” bit in CC licenses, which stands for attribution, means authors/creators must be attributed if you decide to use a work. It does not specify how a work should be attributed or cited (though, there are some guidelines in CC’s FAQ), leaving it up to the owner of the work—which is the way it should be, of course.

Flickr does a terrible job letting people know how to attribute works. If you’re reading this, I’ve probably directed you here asking how I’d like you to cite or attribute any of my photos.

If you’re just using a photo, simple add a line like this somewhere near the photo, with the appropriate hyperlinks:

Name of photo, linked to Flickr photo page © Samat Jain, used CC BY-SA 2.0.

If you’re creating a derived work (that is, you modified the photo in some way), please use:

Derived from Name of photo, linked to Flickr photo page © Samat Jain, used CC BY-SA 2.0.

Summarized in an example:

Now, a rant on why I ask all for all this. There are just two reasons:

I have a philosophical agenda to promote open source and free culture. I’m hoping the explicit wording and hyperlinks do so.
I’m putting photos I took time to take and process on the web, for your free use… asking for a little credit (in exchange for link-fu) is not much to ask! Linking to Flickr fulfills Flickr’s ToS; linking to my homepage makes me happy; and linking to the appropriate license hopefully promotes free culture, informing users of their rights. To that end, if you can, avoid creating hyperlinks with nofollow.

Lastly, if you decide to use a photo, please let me know! I like to keep track of these things, and may link back to your use of my photo. Thanks!

Monitoring Intel SSD lifetime with S.M.A.R.T.

2011-05-09T23:49:22+00:00

The Internet is abuzz with talk about solid state reliability right now (see a recent article by Jeff Atwood). Random, catastrophic failures aside, how can you know how much life you’ve eaten into your SSD?

If you’ve an Intel SSD, it’s pretty easy; they export a S.M.A.R.T. attribute “Media Wearout Indicator”. Starting at 100 (new), the attribute decreases to, well, zero. Forget how to do that on Linux? It’s easy:

sudo smartctl -a /dev/sda | grep Media_Wearout_Indicator 233 Media_Wearout_Indicator 0x0032 098 098 000 Old_age Always - 0

The SSD in my laptop is at 98, and my oldest SSD in another system (from mid-2009) is at 97. Yours?

On to the real news: the OpenStreetMap project has switched their tile rendering server to an SSD (hopefully making tile renders much, much faster). A newer, consumer-grade MLC-based Intel 320 Series 600 GB SSD, in fact. Conveniently, OpenStreetMap monitors their servers with Munin, which by default graphs all S.M.A.R.T. attributes, including Media Wearout Indicator.

Other than the initial import of the tile rendering database, OSM tile rendering does not consume many write cycles. But it definitely hammers the disk to death on reads. Keep a lookout on these graphs to see how their SSD ages over time. Don’t forget to contribute to OpenStreetMap yourself so we can see that number go down a bit quicker (I’m pretty sure OSM doesn’t mind!).

Note: Toby mentioned to me that all the values appear to be pegged at 100. Most of these attributes are dummy values—only “Media Wearout Indicator” and “Available Reserved Space” appear to change with normal use.

Sessions: Karol

2011-05-09T15:57:00+00:00

After I did the session for Georgeanela I also took the time to do a quick session for Karol, who did the make up for Georgeanela's session, and it was intended to be a look book style session

The dress she's wearing is her own design as she has gotten interested in designing clothing after she started taking a design course...or so I heard

This was a rather quick session. Though we might be having several other sessions later on.

-LM

Permalink | Leave a comment »

Sessions: Georgeanela

2011-05-02T16:53:00+00:00

A while ago I had planned a session which involved a bus and a girl in a long dress, luckily I found a neighbor that drives a bus and talked to him about allowing me to use the bus to take some photos to which he agreed.

Once I had the bus I had to get the girl that would model for the session and after a post on Facebook I got in touch with Georgeanela and she agreed to model for the session and even to get the dress.

Besides the model I spoke with another friend that agreed to do the make up for the session.

We also took the chance of getting some photos outside the bus

All of the above photos were taken with the Kiev 88CM using Kodak Portra 400 film.

Model: Georgeanela

Make-up: Karol

Photos: Luis Murillo

-LM

Permalink | Leave a comment »

Photowalk: The Lankester Gardens

2011-04-27T12:46:00+00:00

I finally got several rolls of film developed and scanned. About a month ago I took a trip to the Lankester Gardens in Cartago, Costa Rica for a photowalk with a couple of friends.

One of the main attractions of this place is the Japanese garden, I honestly think that it's the only attraction worth visiting the park for, and they have 3 main buildings in that area which are styled as traditional Japanese structures.

In the above photo we see the main entrance to the Japanese garden and also a glimpse of the first structure in the background.

Besides the traditional structures there is a bamboo forest and I have to add that it's great to listen to the sound they make when there is wind.

Besides the structures and the bamboo forest there are some really nice paths within this area. Such as the one pictured above where a fellow photographer posed for the photo.

The third structure is a tradditional Japanese house, pictured above in the background, and the visitors are asked to remove their shoes before entering the house.

A fellow photographer was taking self portraits inside this house and I also took the chance to get a portrait of him sitting in the middle of the house.

There are some nice bridges as well. I still have more photos from this photowalk that I have to scan so I'll post them when I get them scanned.

-LM

Permalink | Leave a comment »

What does the "BY" in Creative Commons' license names mean?

2011-04-15T23:27:38+00:00

Have you ever wondered what the “BY” in Creative Commons’ licenses (e.g. CC-BY, CC-BY-SA, and CC-BY-SA NC) stands for?

The other bits in the license name are obvious, for the most part:

CC – Creative Commons
NC – Non-Commercial
ND – No Derivatives
SA – Share-Alike

“BY” is confusing because it’s not an acronym, shortening of a word, or anything otherwise obvious. But buried in the Creative Commons FAQ, it’s mentioned it stands for attribution.

If all Creative Commons require attribution (except CC0), why is it included in the license names (especially the abbreviations) at all?

Increase file descriptors for Transmission on Linux

2011-04-05T23:31:11+00:00

Have you run out of file descriptors for Transmission? The torrent will be stopped (for no apparent reason), and when you examine it, you’ll see an error similar to:

$ transmission-remote -t 1 -i | grep -i 'open files'
Unable to save resume file. Too many open files.

Time to increase the number of file descriptors available. This article is tailored towards Debian and Ubuntu.

It’s unlikely you’ll need to raise your system’s global limit. Check with:

$ cat /proc/sys/fs/file-max
397460

The OS needs a couple thousand file descriptors for itself. Make sure to make space for them with whatever numbers to choose below. In my case, I’ve more than enough.

If you still need to raise your system’s limit, you can easily; to set it to a million (which will be remembered across reboots):

sudo sh -c "echo fs.file-max=$(dc -e '2 20 ^ p') > /etc/sysctl.d/file-descriptors-max.conf
sudo service procps restart

While you may not need to change your system’s global limit, you probably will need to change the limit for your users. Check that limit with:

$ ulimit -Sn
1024
$ ulimit -Hn
1024

If you’re working with hundreds of torrents (each with dozens to hundreds of files) with Transmission, this isn’t enough. To let a user have a few thousand (in the below example, 16,384, with 128 more for the hard limit), create a new file /etc/security/limits.d/debian-transmission.conf:

sudo sh -c "echo debian-transmission soft nofile $(dc -e '2 14 ^ p')" > /etc/security/limits.d/debian-transmission.conf
sudo sh -c "echo debian-transmission hard nofile  $(dc -e '2 14 ^ 2 7 ^ + p')" >> /etc/security/limits.d/debian-transmission.conf

Replace “debian-transmission” with the user that is running Transmission.

For the changes to go into effect, you need to logout completely (e.g. close multiplexed SSH connections, etc), and log back in again. Or to be sure, just reboot to make sure changes kick in. You’ll see you have many more file descriptors available:

$ ulimit -Sn
16384
$ ulimit -Hn
16512

Now, we need to configure Transmission to use this many. In /etc/transmission-daemon/settings.json, find the open-file-limit option and set to a larger number (e.g. 16000 or so). When done, restart transmission-daemon:

sudo service transmission-daemon restart

If you’re not running Transmission as a system user, edit the right settings.json and restart the daemon appropriately.

That’s it. Have fun!

My first planned shoot

2011-04-04T19:10:00+00:00

Well I've actually done a couple planned sessions previously but none like this, the others were more like what came up the day we went to take photos but in this case I was a more planned out session where I actually planned what most of the session was going to look like

I asked all of my Facebook followers if they wanted to pose or knew of someone who would be interested in posing for a shoot in a long dress and a friend of mine told me about one of his friends that might be up for the shoot and luckily she was. These photos were taken using my digital camera and were just meant to be tests to make sure the settings would be right, back in the film only days this was referred to as polaroiding because instead of digital cameras it was Polaroid film and cameras that were used.

The first part of the session, and this was the original idea, was in a bus that a neighbor owns and he was nice enough to let us use the bus for an hour or so so we could take a couple of photos.

The above photo is a bit of the behind the scenes during the shoot in the bus. Another friend signed up for the make up and also assisted in throwing ideas on the table about poses and styling. Not to mention that she also went in front of the camera for the second part of the session.

For the second part we did a bit of brainstorming for locations as it wasn't originally planned and we saw a couple of trees from my house so it was decided that we would make a quick trip to the place pictured above where we would carry out the second part of the session. This was after a quick change of clothes.

Had a lot of fun on this session and already have a couple of ideas for future sessions. I'll post the photos that I took with my Kiev 88CM as soon as I get them scanned.

-LM

Permalink | Leave a comment »

The park

2011-04-01T18:15:00+00:00

I recently gave a photography course at the office so my coworkers could get some nice cameras and know how to use them correctly so they could practice we did a small photowalk to a nearby park

Most of the photos I took were near the ground, I really like this perspective

It works best with trees. Quite difficult to take photos with ISO 400 film and a really sunny day, need to get a ND or polarized filter for the Kiev 88CM

I really love the next photo of the bench

Really love the fact that the shadows beneath the bench still keep their detail

The swing set does make a great place to photograph and specially close ups like the one below

I think I should make a print of that last photo.

-LM

Permalink | Leave a comment »

The Heredia Market

2011-03-30T14:15:00+00:00

I've visited this place before and have also taken some photos of this place using ISO 3200 film but this time I used a roll of Ilford HP5+ using the settings 1/30th @ f/2.8 and developed the film at ISO 400. According to my light meter I shouldn't be expecting anything to come out from this roll when using those settings...but it was wrong

I really love the resulting images specially since I used the new method that I found when scanning the film, it's not groundbreaking and it probably is what I should be doing from the start but I wasn't and I get much better results, all I'm doing different is not hitting the auto-exposure button...told you it wasn't groundbreaking

The amount of detail I'm able to obtain from each photo is just much better this way.

The market is quite full on Saturdays, the second photo on this post was taken in one of the back hallways where there's nothing much to do, and one will often find tourists visiting the place because of how different it is. I honestly believe that people think I'm a tourist because I'm taking photos in there with not your usual camera.

A lot of people enjoy eating in the different places that sell food in the market. It's not all that bad though I'm not really fond of eating there...though I did once and it was good.

Of course people also come to buy meat and other food as it tends to be cheaper than supermarkets or other specialty places.

Vegetables are also found here though it's often best to get them at the farmer's market that usually happens Saturday mornings, though in some cases it's on Sunday, as fruits and vegetables are more fresh

I'm not really fast at focusing with the Kiev 88CM so I often get caught while I'm focusing...though have not gotten in trouble I usually loose the moment and end up with a photo of people looking at me

And finally another photo of the barber shop

This time with the barber and a customer...so I got caught again and in this case I don't think he was that happy with me taking the photo or maybe he was but was wondering what exactly I was doing.

-LM

Permalink | Leave a comment »

Some street photos

2011-03-28T15:44:00+00:00

These are a couple of photos that I've taken randomly while out on the streets of Heredia using the Kiev 88CM

I usually take the shortcut through the university on my way to the bus stop where I take the bus that takes me to work, I could take another bus that takes me there but I hear that walking is good for you and it's also good to take photos along the way. This tree is inside the campus.

Sadly during the weekends the shortcut is unaccesible due to the fact that the university closes the gate which allows me to take the shortcut so I have to take the long way. The photo of the fire hydrant is near the tree above but on the other side of the gate.

This past weekend I spent the hole day scanning the film I had gotten developed earlier in the week and found that the auto-exposure option is bad and it's best to do the whole work manually, specially since I can take the time, to be able to get as much detail as possible in the resulting photos. I still need to work on it a bit more but I can honestly say that I'm quite happy with the results I'm getting with this method than using the automatic options.

One of the walls of a building from the university is quite interesting and I took the chance to take a portrait of my wife.

This wall is near where I work and I go by it everyday not to mention that I've taken a photo of this wall before. The roll of Ilford HP5 that was used to take that photo was pushed to ISO 1600.

On my way back home, which is after 6pm, I took the chance and got a photo of the fruit and vegetable store that's on the corner where I wait for the bus that takes me to Herdia. This was taken at 1/30th @ f/2.8 which is usually the settings I would use for night photos at ISO 3200 but proves to be a good setting for low light, I'll talk more about this on a future post with photos of the market.

This is a pizzeria that's across from the bus stop where I take the bus that takes me home. Local place which sells good pizza and it's relatively cheap. Also taken with the same settings as the one above.

More photos will be posted later this week.

-LM

Permalink | Leave a comment »

Planet NYLUG

Combinatory puzzle

Sessions: Diana at Lankester Gardens

Sessions: Karol at Lankester Gardens

TED, SOPA, PIPA

Photos of Karla

Jay Emerson on A Serious Talk About Having Fun and Being Productive with the R Language

Jay Emerson - on - A Serious Talk About Having Fun and Being Productive with the R Language Thursday, February 9, 2012 @ 6:30 -8:00 PM ** Please note important information about this meeting **

Spaceport America on OpenStreetMap

OWASP meeting

Sean OMeara on Introduction to Chef

Sean OMeara - on - Introduction to Chef Thursday, January 12, 2012 @ 6:30 -8:00 PM ** Please note important information about this meeting **

Sessions: Car photos

RISE FROM YOUR GRAVE

Last night's OWASP Long Island Meeting

A street without rules, a safer street?

Applied Cryptography

Network forensics exercise

About certification and certifying bodies

When students grow up...

Information Security Leadership

Black Hat and Defcon approaching rapidly

Teaching SANS Security 504: Hacker Techniques, Exploits, and Incident Handling

Cyber Protect

High-impact initiatives

Waseem Daher on Ksplice: Updating the Linux kernel without rebooting

Waseem Daher - on - Ksplice: Updating the Linux kernel without rebooting Wednesday, October 19, 2011 @ 6:30 -8:00 PM ** Please note important information about this meeting **

Mamiya RZ67 Pro II

Upload multiple photos to Meetup without Flash

Making Firefox's Web Console readable

Changing Drupal 7's built-in jQuery UI theme

Prusia Forest

Trip to the amusement park

Sessions: Marielos

Sessions: Marisol

BrowserID session API support for Drupal

Casa 927

Ujarras ruins

I'm Flattr'ed!

NYLUG on The NYLUG Summer Barbecue!

NYLUG - on - The NYLUG Summer Barbecue! Sunday, July 24, 2011 @ 12:00 -1:30 PM ** Please note important information about this meeting **

Leticia + Adrian

Lessons from Nokia's CEO: ignore your product & your customers

Google NYC Office tour finally happens!

Securosis research: React Faster and Better

June 15th: Robert Menes on Rockbox: Open Source Jukebox Firmware

Pigeons in San Jose

Following Firefox's New Development Channels with Ubuntu

Sessions: Nathaly

Sessions: Georgeanela with the black dress

Why I use Firefox 4 Mobile

Sync

HTML5

Other stuff

SOURCE Boston 2011: Higher Education's ability to conduct relevant research and to effectively teach information security

Photowalk: Lankester Garden - The greenhouse

Cameron L. Fadjo on Scratch

Cameron L. Fadjo - on - Construct, Program, Design: An Introduction to Scratch From the Perspective of Computing and Cognition Wednesday, May 18, 2011 @ 6:30 -8:00 PM ** Please note this meeting will be at PS9, not IBM **

Using my Creative Commons-licensed photos

Monitoring Intel SSD lifetime with S.M.A.R.T.

Sessions: Karol

Sessions: Georgeanela

Photowalk: The Lankester Gardens

What does the "BY" in Creative Commons' license names mean?

Increase file descriptors for Transmission on Linux

My first planned shoot

The park

The Heredia Market

Some street photos

Jay Emerson
- on -
A Serious Talk About Having Fun and Being Productive with the R Language
Thursday, February 9, 2012 @ 6:30 -8:00 PM
Please note important information about this meeting

Sean OMeara
- on -
Introduction to Chef
Thursday, January 12, 2012 @ 6:30 -8:00 PM
Please note important information about this meeting

Waseem Daher
- on -
Ksplice: Updating the Linux kernel without rebooting
Wednesday, October 19, 2011 @ 6:30 -8:00 PM
Please note important information about this meeting

NYLUG
- on -
The NYLUG Summer Barbecue!
Sunday, July 24, 2011 @ 12:00 -1:30 PM
Please note important information about this meeting

Cameron L. Fadjo
- on -
Construct, Program, Design: An Introduction to Scratch From the Perspective of Computing and Cognition
Wednesday, May 18, 2011 @ 6:30 -8:00 PM
Please note this meeting will be at PS9, not IBM