52 Cameras: #191 – Polaroid Super Colorpack


I forgot to add it has the standard lighten/darken control around the light sensor.



Only seven images including the ones in the video. I used three testing another camera.

Part of it is in focus but the wind was whipping the bush.

Part of it is in focus but the wind was whipping the bush.


Nice colors on a gloomy day.

Nice colors on a gloomy day.


Hungry kitty.

Hungry kitty.

Mercury Transiting the Sun 11 November 2019

It was super windy and the old 400mm definitely does not have image stabilization. I got lucky during a short lull.

Sony A7, Aperture Priority, 1/60 second, Fotodiox FD-E adapter, Prospec 400mm (FD) @ f8, Vivitar 2X Teleconverter

Sony A7, Aperture Priority, 1/60 second, Fotodiox FD-E adapter, Prospec 400mm (FD) @ f8, Vivitar 2X Teleconverter


The teleconverter loses 2 stops plus the filter material I had left over from the eclipse. Mercury is at about 1:00. Not great but comparable to the live stream from the Griffith Observatory. I may be alive the next time it’s visible from North America but who knows? Best to grab it while I can.

52 Cameras: #189 – Minolta A5




We were going to go up Truchas Peak but all of the land grant entrances were locked. One of us had been trying to get a hold of the president for over two weeks. The ranger said it had been open all summer but I guess we were too late in the season. We started going on a hike-for-the-heck-of-it from Santa Barbara Campground and tried Trampas Peak on a lark. We didn’t summit but did OK considering how late we got to the campground after trying every way to Truchas we could find on the map.

I’ll try some exposure stacking – bracketing gave me some good sky-dark mountains and the reverse.

It had been windy - some big trees down.

It had been windy – some big trees down.


I have another version focused at infinity - I'll try focus stacking and post results.

I have another version focused at infinity – I’ll try focus stacking and post results.


I had a smudge on the lens.

I had a smudge on the lens.


Another shot of Jem.

Another shot of Jem.

52 Cameras: #187 – Canon PowerShot G10

Things I missed or glossed over in the video:

Canon still has the manual.

Scene modes: Portrait – “soft effect”, Landscape – deep DoF, Night Scene – slow shutter + flash, Sports – continuous shooting with AF, Night Snapshot – reduces camera shake (boosts ISO & shutter?), Kids & Pets, Indoor, Sunset, Foliage, Snow, Beach, Fireworks, Aquarium, Underwater, ISO 3200 (2X normal highest), and Color Swap.

Metering modes: Evaluative, Center weighted average, Spot AE Point/Center – spot metering is whatever is in the center of the LCD, and Spot AE Point/AF Point – AE point follows AF point (only works with FlexiZone AF selected).



No exposure modifications except the bird photo.
Some crops. For a P&S, it tolerates crops pretty well.

Jem doing what cats do.

Jem doing what cats do.


Open house at New Mexico Wildlife Center was awesome. It’s not on their web site yet but they have a “photographer’s day” coming up in November.
Lightened a little to bring the bird's face out of shadow.

Lightened a little to bring the bird’s face out of shadow.


Another shot of Joni. She touches a tennis ball on a stick & gets a treat.

Another shot of Joni. She touches a tennis ball on a stick & gets a treat.


Sunflowers at the co-op in Santa Fe.

Sunflowers at the co-op in Santa Fe.


I compost most things but goatheads get the flame.

I compost most things but goatheads get the flame.


An example of the exposure compensation. This is 0.

An example of the exposure compensation. This is 0.


This one is - 1/3 stop.

This one is – 1/3 stop.

52 Cameras: # 186 – Olympus Infinity 76 AF (SuperZoom 76S)




First, some found images. Fujicolor Superia 800.
Someone graduated.

Someone graduated.


Chillin' on the boat.

Chillin’ on the boat.


If you know these people or are these people, get a hold of me through the YouTube comments and I’ll get some images to you.

Goober again. If you want a cat to move, try to take its picture.

Goober again. If you want a cat to move, try to take its picture.


Kodak TMAX-100. The images were a little soft but I think that was mostly my development.
They didn't use the ratchet on the press.  More fun to run in circles.

They didn’t use the ratchet on the press. More fun to run in circles.


The proprietor of Wildharber Farm.

The proprietor of Wildharber Farm.


I mentioned organic in the video. I don’t know if the farm is certified but the practices are in line with it. Organic certification can take a long time and it can be pricey to get and maintain it.

Be Careful With Google Backup Codes

I use two-factor authentication. It’s a lot more secure but it’s also a little scary if something happens to your phone. Because of that, I set up backup codes and downloaded a set of ten (you can only get 10 at a time). When it works, it’s nice – you click Try another way and enter the one-time-use code from the stash of ten instead of having a code texted to you.

What Google doesn’t tell you is, if you turn two-factor off and then back on, the backup code setup goes away. It’s not just that the codes you downloaded are invalid, it’s as if you never set up to use backup codes(1). You have to go into your security settings, select two-factor authentication, set up to use backup codes again, and generate new codes. I did not know this. I searched for documentation (“help” files are the only documentation) and I didn’t find it anywhere(2).

An analogy:

My car uses two-factor to start. It has a smart fob – detecting the fob and pressing the Start button starts the car. If the fob battery goes dead and I use the key, the car doesn’t forget how to start normally when I put a new battery in the fob.

I tested before a trip and tried to use a backup code. I didn’t see the backup codes option under Try another way, got frustrated, and pasted the backup code into the field where you normally enter the texted code. It recognized that it was an 8-digit backup code rather than a 6-digit text code and told me to go to Try another way(3). Nice infinite loop there.

When I got in using a texted code, I set up backup codes again and downloaded a new set. I logged out, cleared everything, and closed the browser. When I got back in using a backup code, the email notifying me that a backup code was used told me I had ten codes remaining. I had just used one of the ten one-time-use codes to log in which generated the email notification(4).

    The takeaway

  1. There’s no polite way to put it – the code dealing with the use-case of 2-factor on-off-on is lazy and sloppy. Everything, from your microwave to your TV, remembers a functions settings even if the function is turned off and then back on. If I set my camera’s LCD back light to 3 and turn it off, it’s at 3 when I turn it on.
  2. The documentation is incomplete. In this case, incomplete=inaccurate. The program behaves in a way that is not documented and is counter-intuitive.
  3. The dialog you get if you paste a backup code into the text code field instructs you to do something that does not work. I’m all for re-using code but dialogs need to be tailored to the actual state. A quick check (the program already has the account information) of the state of backup codes could generate a meaningful message without compromising security: If (backup code set up) then (tell the user to use Try another way) else (tell them to use an available option).
  4. This is toddlers using Logo level programming. Seriously: x=10; x=x-1; email x.

Rod Serling voice: Picture this. A man on a deserted island has almost no power left in a satellite phone. Does he gamble on a phone number he’s not sure he remembers correctly or does he try to email to an address he knows is correct? The last time he emailed, it told him he had one code remaining so he tries email. No, he had no codes remaining. His email fails. He dies.

I haven’t tried it but I think the on-off-on scenario might also break the code generation app. It would depend on whether the app generates 6-digit codes like the ones you receive as a text or 8-digit backup codes.



This isn’t saying much, but Apple is worse. It doesn’t tell you while you’re setting it up but Apple’s 2-factor is a one way street. From the Apple support page:

Can I turn off two-factor authentication after I’ve turned it on?

If you already use two-factor authentication, you can no longer turn it off. Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information. If you recently updated your account, you can unenroll for two weeks. Just open your enrollment confirmation email and click the link to return to your previous security settings. Keep in mind, this makes your account less secure and means that you can’t use features that require higher security.

52 Cameras: # 185 — Polaroid ProPack




A lot of duplication with what is in the video. 10 frames in the pack & the first one jammed. Another, I had a dud bulb in a flash cube and it was black.

This is frame 2. Frame 1 jammed & I exposed this one getting it out.

This is frame 2. Frame 1 jammed & I exposed this one getting it out.


You can tell the bellows pinholes are small because the ghosts have diffraction effects.

You can tell the bellows pinholes are small because the ghosts have diffraction effects.


Looking for an article about diffraction, I discovered digital bellows leak filters are a thing.

Asters in the yard.

Asters in the yard.


Jem & Goober. No sunlight but I was right under the kitchen lights.

Jem & Goober. No sunlight but I was right under the kitchen lights.


Tried spreading developer with a bottle while it processed.

Tried spreading developer with a bottle while it processed.


The manual dev-goo spreading worked a little. The lighter area at middle left would have been blank. Not keeping tight control of pressure, I also lifted some developer – the white areas in the print – and spread it too thin – the light area to the right of Goober. I’d only seen the fern pattern with integral film before. Maybe I can tweak roller pressure and get better results out of Polaroid Originals/Impossible film.

Borrowed the rollers from a Color SuperPack and got proper developing.

Borrowed the rollers from a Color SuperPack and got proper developing.


The picture of Trinity above is a bit overexposed. I was too close and forgot to turn down the ProFlash power setting.

Looking closer, this isn't missing development, it's the bathroom wall. Dev problem would be on the left.

Looking closer, this isn’t missing development, it’s the bathroom wall. Dev problem would be on the left.


Cropped square and auto white balance in GIMP.

Cropped square and auto white balance in GIMP.


I couldn’t figure out why I was getting the beach-ball-of-death while resizing images in Preview. I’d opened the images stored on the iMac from the laptop. Apparently, I was closing Preview before the saves were complete and it did strange things.
The only interesting strange thing.

The only interesting strange thing.

Data Breach – CafePress

Just the Facts

Timeline:

20 February 2019 – CafePress is hacked and over 23 million account are compromised.

13 July 2019 – According to this Forbes article, We Leak Info adds the CafePress breach to their database.

5 August 2019 – The author of the Forbes article receives an email from have i been pwned about the CafePress breach.

20 September 2019 – I receive an email from CafePress about the “Data Security Incident”.

My Take

It’s been 7 months since the data was stolen. If it hadn’t been found in the wild by third parties, they still might not know.

It’s been at least 2 months since they found out and they just now got around to telling their customers.

I didn’t have a CafePress account. Just to be sure, I tried to log in:

Whew!

Whew!


I’ve only purchased from them maybe twice in my life and not for years. That means the hackers only got my name, email, phone number, and physical address. That also means that CafePress kept (I hope it really is past tense) purchase and account records in an internet-facing database for a long time.

A non-apology worthy of a politician caught red-handed:

"...sincerely regret any concern it may cause you"

“…sincerely regret any concern it may cause you”


So they’re not sorry. They just regret that I may have concerns. Concerns that may keep me from giving them my money in the future? That’s like saying something awful to someone and then saying “I regret that your feelings are hurt.”

“…And other information.” I learned about physical address from haveibeenpwned.com.

Later in the email is this:

“What We Are Doing

We have been diligently investigating this incident with the assistance of outside experts. We also have contacted and are cooperating with federal law enforcement authorities. In addition, we have taken various steps to further enhance the security of our systems and your information, and the affected database has been moved to a different environment.”

Not much and pretty vague. The part where the customer has to do things is so long it refers to another section:

“What You Can Do

As described in the “Additional Resources” section below, we recommend you remain vigilant and take steps to protect against identity theft or fraud, including monitoring your accounts and free credit reports for signs of suspicious activity.

We also recommend that you visit the CafePress website at www.cafepress.com and log in to any online account you may have, which should prompt you to change your account password, if you have not done so recently.”

They go on to say:

“In general, you should always ensure that you are not using the same password across multiple accounts, and that you are using strong passwords that are not easy to guess.”

There, there [pat on the head]. That’s trivial, deflecting, and condescending. A user account didn’t cause this, CafePress’s incompetent security did. How about I take investment advice from Bernie Madoff?

One more bit and I’ll stop ranting. About this. For a while.

All of the links in the email, including the big 3 credit reporting agencies, go through CafePress’s email list provider.

I know, let's make the incident email look like spear phishing!

I know, let’s make the incident email look like spear phishing!

I mean, why wouldn’t I trust a link with

…krmpkhgftlhjtmbmjrsbzjfgrpjltskzppmktwzhsrfp_vjjjfrrrrkynfhgmmfmmrr.html

as much as I trust one that goes to

https://consumer.ftc.gov?