Blog | page 8

2007 HDR Year in Review

Here is a short movie I put together of my HDR photos from this past year:

Note that the images aren't actually in order. If you're interested, the full resolution Quicktime movie can be found here [~100MB].

Update: My friend Steve Kesler asked me how I put this movie together. It was actually pretty straight forward. I just exported the images from my photo management application (LightRoom) and then in Quicktime I selected File > Open Image Sequence. I then selected the first image in that folder. It takes a few minutes to process the images and then I saved and uploaded in to

Monday, December 31st, 2007 -

links for 2007-12-29

Saturday, December 29th, 2007 -

links for 2007-12-28

Friday, December 28th, 2007 -

links for 2007-12-27

(tags: solar renewable nanotech nanosolar) Photoskin : 5mm Thick LCD Display I need one of these. (tags: photoskin thin.lcd lcd wishlist) Tiger Team : Hacker TV Show Some of my friends have been working on this TV show for Court TV for a few years now. The show is coming out in January on both TV and the web. I'm looking forward to it. (tags: hackers tv defcon LOLCat of the Day Ouch! (tags: lolcat)

Thursday, December 27th, 2007 -

links for 2007-12-27

(tags: solar renewable nanotech nanosolar) Photoskin : 5mm Thick LCD Display I need one of these. (tags: photoskin thin.lcd lcd wishlist) Tiger Team : Hacker TV Show Some of my friends have been working on this TV show for Court TV for a few years now. The show is coming out in January on both TV and the web. I'm looking forward to it. (tags: hackers tv defcon LOLCat of the Day Ouch! (tags: lolcat)

Wednesday, December 26th, 2007 -

links for 2007-12-26

Wednesday, December 26th, 2007 -

Merry Christmas!

I just wanted to wish you a Merry Christmas (or a Happy Holiday if you don't celebrate Christmas) and a Happy New Year. I hope you have had a great year and I wish you the best for 2008. Enjoy your holiday and don't forget to send joy and best wishes to your friends and family.

Monday, December 24th, 2007 -

links for 2007-12-24

Monday, December 24th, 2007 -

DV Expo 2007 on WIRED

DV Expo : WIRED News Gallery

Two weeks ago I shot the DV Expo in Downtown Los Angeles for WIRED News. The gallery went live on the front door of today. This is the first time I've had two pieces on the front door of WIRED News at the same time. I'm really really really looking forward to my first magazine assignment, if I ever get one!

Wednesday, December 12th, 2007 -

Writing and Being Edited

Like most people, I've been writing since I was a kid. Unlike most professional writers I never went to college. I guess that makes me somewhat of a hack. I have been blogging for roughly 5 years now. In that time I've gone from writing on my personal blog, to writing for LAist, to writing for, to blogdowntown and now to WIRED News.

When I first started writing for LAist, I was excited. For some reason I thought my stories were going to be edited by an editor. As it turns out, the editors at LAist, don't actually do any editing. At, the editorial policy is clear: there is no editorial policy. When I started writing for Eric Richardson on blogdowntown, he did edit my work, which I found helpful.

When I first approached WIRED about running some of my photo galleries, they turned down my pitches by said they would keep me in mind. At DEFCON this year they contacted me and paired me with their reporter, Kim Zetter. The next time WIRED got in touch with me was to cover their NextFest show.

I ended up writing captions on a little over half of the photos that ended up in the NextFest gallery. After Nextfest I covered the ASTRO show and that time I wrote the intro as well as the captions for the entire gallery. Since then I've been doing roughly 1 or 2 galleries a week for WIRED.

Being edited is a great learning experience for me. I like to compare what I wrote to what the editor and the copy-editor end up posting as the final piece. I haven't had any humorous interaction with the copy-editors like Siel had, but I'm guessing that the WIRED copy-editors are a little more hip than the folks editing the LA Times blog.

The more I write, the easier it becomes. I've also been reading Daily Writing Tips. Today's post was a collaborative piece consisting of 34 tips from various writers. I found many of them very helpful and I hope you do too.

Tuesday, December 11th, 2007 -

Holiday Wish List

So a few people have asked me if there is anything in particular that I want for the Holidays. If you want to buy me a present and can't think of anything, check out my Amazon Wishlist. Thanks in advance!

Thursday, December 6th, 2007 -

LAFD Twitter == Awesome

UPDATE: 545 W 127th St Unknown liquid leak from cargo container in vacant lot; @ 50 gallons on ground; NFD - Brian Humphrey###

LA Fire Department (LAFD) via TwitterMail at 21:11

Hazardous Material Investigation 545 W 127th St; TG 734-B1; FS 64, No injury; No evacuation; No further details; Ch:7,13 @8:39 PM -Bri ...

You can read more on the LAFD Twitter Page. My SAR Team also has a Cave Rescue Twitter Page as does the San Bernardino SAR team.

Wednesday, December 5th, 2007 -

HDR Photography Talk @ Machine Project : Dorkbot Socal #25

[6th Street Bridge and Downtown Los Angeles]( "6th Street Bridge and Downtown Los Angeles by eecue, on Flickr")

I'm giving a talk on HDR Photography this Saturday at Machine Project for Dorkbot Socal #25.

Today's digital cameras have a limited dynamic range compared to film. If you shoot a photo of a landscape with a beautiful cloudy sky, your landscape will be properly exposed, but your clouds will be washed out or vice-versa. High-Dynamic Range photography allows you to circumvent your sensor's limitations by taking multiple photos with different exposures and combining them on your computer. All you need is a camera capable of manual exposure settings, a tripod and a computer and you'll be on your way to HDR mastery. Presented by Dave Bullock.

I'll be showing (for the first time) the individual RAW files that I combine to create some of my favorite HDR shots.

Wednesday, November 28th, 2007 -

Mister Jalopy : Dorkbot Socal Shop Tour

Dorkbot Socal, an eclectic group of nerds, geeks, hackers, makers, builders and breakers, arranged a tour of Mister Jalopy's secret laboratory / garage / headquarters: Hooptyrides, Inc. Mister Jalopy is featured on the cover of the current Make magazine, sitting atop his "Urban Guerrilla Movie House". His Giant iPod, a wooden entertainment console containing a Mac Mini and utilizing the original controls of the console, previously appeared in Make.

Hoopytyrides HQ is located in an old, dual-bay auto shop, with many of the original accouterments still intact, including the pinups that adorn the walls of the basement machine shop, old-school hydraulic lifts and a Clayton dynamometer. Mister Jalopy describes himself as more of an assembler than a engineer, pointing out that he simply takes apart existing technology and puts it back together to better suit his needs. Either way about it, Mister Jalopy's creations are fun, functional and attainable by interested makers who want to create their own repurposed entertainment equipment.

Mr. Jalopy on his projector bike

Mister Jalopy perched on his Urban Guerrilla Movie House, a mobile pedal powered projector build from a mixture of old furniture, vintage cans, salvaged optics, an LCD monitor and a bicycle.

You can check out the rest of the photos after the jump.

Wednesday, November 21st, 2007 -

AT&T Opt-Out Insanity

A few months ago, before the iPhone was released, I put my email address into an AT&T/Cingular form so I could be notified when it was available for purchase. I later decided that AT&T's horribly privacy (NSA) track record was enough reason not to switch to their service so I'm sticking with T-Mobile for now. I just got an email from them, trying to get me to buy some random crap, and I decided to click on the "Remove Me" link at the bottom of the page. That link brought me to the following page:

att opt out insanity

It appears that they want your address, cell phone number, landline number, name and email address to remove you from their email list. It turns out that they just want your first and last name and your email address for the removal to work, but the form is certainly not clear about that and I'm sure plenty of folks fill out the whole thing. I didn't put my actual name into the fields, but added something a bit more colorful that I'm sure nobody will actually read. Anyhow, the mass email should really just have a link that removes you, instead of taking you to this horrid form.

Monday, November 19th, 2007 -

WIRED News Photos

Here are a few links / screengrabs of recent photos I've shot for WIRED News:

wired sc07

wired living home

wire norton sales

wired autopia bling

wired autopia gtr

Keep an eye out for my out-takes coming soon!

Monday, November 19th, 2007 -

SC07 : Super Computing '07

I just landed in Reno, NV for the Super Computing '07 (SC07) conference. I am here on assignment for WIRED News. Keep an eye out here and on for photos of clusters, supercomputers and various other cool and interesting toys from assorted government and industry nerderies.

Sunday, November 11th, 2007 -

My First BASIC Stamp Project

So I won a Basic Stamp kit from ebay last week. Last night I had a chance to play with it. I went through the included book, and got through most of it. In the end I built the following:

BasicStamp2 Servo Control

That is a servo on the left, the basic stamp has some code in it that detects the position of the potentiometer in the lower center of the breadboard using capacitor discharge timing and then moves the servo to match the pot's position. The 7 segment display lists a number between 1 and 10 depending upon the servo's position. The white colored LED actually flashes either red or green depending on if you're rotating the pot clockwise our counter-clockwise. It was fun to build and actually not that hard.

I am really excited about programming microcontrollers and I'm looking forward to my next projects. At some point soon I feel like I'll be able to finally hack the Furby. You can check out the code I wrote here.

**Update for Riyad:**I made the thing on the left spin when I turned the little white knob on the right. I did this using magic.

Friday, November 9th, 2007 -

Vanity Callsign : N3CUE

I was just getting used to my randomly assigned callsign: KI6LZK, and I just noticed that my vanity call has been approved: N3CUE. It's sort of a play on eecue, obviously. I guess it won't matter in a few weeks when I pass my Extra exam and I can get a 2x1 or 2x2 call. =]

Wednesday, October 31st, 2007 -

My Adventures with Leopard : /home, Epson 3800, ATSServer

I'm an early adopter. When the OS X Beta came out in 1999 I jumped right on it, being a FreeBSD user I was right at home with the BSD subsystem and command line. When Leopard arrived via FedEx at my office yesterday I hesitated only slightly before installing it.

I asked some of my other nerd friends if they had encountered any problems, and I took at look at Apple's discussion forums, paying particular notice to this issue, which currently has over 350 replies and 25,000 views. One of my friends said that if I ran the disk utility from the Leopard install disk before I upgraded it would solve that problem. I ran disk utility, it found a problem and fixed it and I had no trouble upgrading.

Once my system booted up I went through all my applications and checked to see if they functioned properly, and everything did until I got to Zend Development Engine, which opened up fine, but my project had no files in it! I try to add them back to the project, but when I went to /home I noticed that it was totally empty! I thought that the upgrade had delete my web development files, and I was pissed, but luckily I had a backup that wasn't too old, and most all of my projects are in CVS, SVN or git repositories. I posted this thread on the Apple discussion forums and the next day I got the following response which restored my /home directory and all its contents!:

The good news is that your files are still on the drive. This is because 10.5 is now a real, certified Unix OS. However, I think that the default setting should have been to preserve the /home as a local directory. See the explanation here.

That worked, my files in /home were unharmed, Apple's new "real UNIX" features caused an invisible volume to be mounted using /home as the mount point.

My next problem came when I tried to print to my Epson 3800, I downloaded the new drivers from Epson's website (they have a 10.5 driver) and installed it. Now when I tried to print to the 3800 the printer was auto-detected but I still couldn't print. I'm sure this will be fixed shortly and it's not an emergency for me.

The third issue I noticed this morning was that ATSServer was using 185% of my processing power (I have a Core Duo MacBook Pro). Right now it's not a huge deal as I'm about to go out to take some photos anyhow, but this could put a damper on activities that do require my processors full attention like working with RAW files in Lightroom.

All in all, I'm very happy with Leopard's new features. The system is actually faster, if you can believe that! Moving around windows, loading websites and opening applications seem to work much more smoothly than before. This is a great update from Apple, I'm sure they'll work out the kinks soon. They did just release a Software Update to fix the login problems and the 802.11 issues, none of which affected me.

Update: I forgot to mention, I check my mail through an ssh tunnel to my IMAP server and I've been getting server timeout warnings. My server isn't actually timing out though, and this was never an issue in Tiger... I'm guessing Leopard's is just more sensitive. It actually hasn't been a problem this weekend, only on Friday.

Sunday, October 28th, 2007 -

SAR : Grass Valley Fire Looter Patrol

As I mentioned on Tuesday, my Search and Rescue team got called out. I am a member of the San Bernardino Sheriff's Cave Rescue Team, although we don't put out fires we have assisted with evacuations and security during fires in the past, notably the large fires 4 years ago, a year before I joined the team.

Yesterday at about 0400 I hit the road and drove out to the shipping container that is our gear storage shed, where I met Sonny Lawerence. We picked up the Sheriff's vehicle and headed up to the operation center in Twin Peaks where we were briefed and given our mission.

Our assigned task was to patrol the commercial districts of Crestline and Rim Forest looking for looters. If we saw anything odd happening we were instructed to call in to the command post on the 800MHz radio. We were issued Nomex shirts and rubber goggles, along with an 800MHz HT to compliment our 800MHz mobile in the truck.

We began our mission after a eating a county-catered breakfast. I spent the day driving around slowly between the two tiny commercial strips of Crestline and Rim Forest. In Rim Forest we saw a guy with his pickup trucked backed up to a hardware store and another guy inside. We called it in, and as we were waiting for the Sheriff's Deputies to come the guy in the pickup took off. One of the Deputies knew that guy inside who was the owner. Other than that our day was uneventful, although I did get some cool shots of Tanker Helicopters sucking up water from Lake Gregory:

Tanker Helicopter

Tanker Helicopter

Tanker Helicopters Refilling

We didn't get too close to the fire, here is a photo of the Grass Valley fire:

Grass Valley Fire

And here is a photo of the Slide Fire:

Slide Fire For more information about the fires near Lake Arrowhead, check out the Rim of the World website as does the SB SAR website.

Thursday, October 25th, 2007 -

SAR : San Bernardino Fire Callout

I just got paged. Tomorrow at 0600 I'll be at the Twin Peaks Sheriff's Station. I'm not a firefighter, I do Search and Rescue, so obviously I won't be putting out any fires. I will most likely be doing evacuations. I'll post an update tomorrow when I get back, and I may also be twittering. I'm also going to try and get some photos of the action.

Tuesday, October 23rd, 2007 -

Congratulations Penelope!!!!

I just want to congratulate my beautiful, sweet, wonderful, caring, intelligent, inspiring, empathetic, hot and sexy wife, Penelope, on passing her Nursing 200 final today with flying colors. You did a great job baby, and now you just have a little over a year to go! You're going to be the best nurse ever! You are the world to me sweetie pie. I love you!

Penelope and Dave

Photo of us atop the Rio Grande Gorge Bridge near Taos, from our recent trip to New Mexico.

Thursday, October 18th, 2007 -

Ham Radio Licensed : Technician + General Class = Yay!

When I was 10 years old, my Dad bought me a used ham radio. It was consisted of two large stereo console sized boxes, one being a receiver and the other a transmitter. I used to love listening to the conversations in far off places on the HF bands. I never did get to use the transmitter, as I never learned Morse code or took the Ham test.

Half a decade later I read an article in Phrack about the Yaesu FT-50R, and I knew I had to get one. Once again I used it for listening, as without a license, transmitting was illegal.

Last week I was at my Father-in-law's house installing some skid plates on my FJ Cruiser. He was showing off some cool electron tubes to me and offhandedly mentioned that he would probably never fire up the radios in his ham shack again. I didn't tell him about it, but this inspired me to get my license. I looked up the next testing location and found one last Saturday at the Northrop Grumman complex in Redondo Beach, which also happens to have an awesome electronics swap meet which I need to go back and photograph.

After studying the material for a few days and taking a bunch of practice exams, I felt I was ready for the test. I passed the Tech Class test on the first try, and since I had already paid my $14, I went ahead and took the General Class test as well. I ended up failing the General by 1 question.

After failing the General Class test, I made myself a study guide, and learned all the material. Last night I went to a Ham test in Torrance and this time I passed the General Class! It takes up to 10 days for the FCC to assign you a call-sign and put you in their license database, and I'm still not showing up yet.

I can't wait to work the HF bands, I'm planning on picking up my first HF radio in a few days. I really want the ICOM IC-7000, it's an amazing radio in a compact package. The IC-7000 fits what once filled a whole work bench into a tiny package roughly 6.5" x 2.25" x 7" and has a removable faceplate for remote mounting in a vehicle. Now if only I can convince Yay, my lovely, beautiful, wonderful, hardworking, intelligent, sweet wife to let is letting me drop $1500 on this amazing radio! Maybe if I remind her that And it could save our lives in an emergency.

UPDATE: My callsign now shows up in the FCC's database: KI6LZK.

UPDATE 2 Yay, my wife has given me the go-ahead to go and purchase the IC-7000... I'm excited. Heading to pick it up in a bit and then off to the Mojave to hang out with my father-in-law.

Thursday, October 4th, 2007 -

Hypocritical Flickr

I've been putting my photos on flickr for several years now. I joined flickr well before they were absorbed by yahoo. I have a "Pro" account which means I have actually paid money to flickr/yahoo for their services. Until recently I have been very happy with my experiences with flickr.

Earlier this year one of my photos from Coachella made it onto this official flickr blog post. The photo is no longer on that post, and it's not because I asked them to take it down, but because I asked them to credit me properly. I had previously asked the original blog poster several times to update the credit to say my name (Dave Bullock, not eecue) and to link that credit to my website ( not After several attempts at contact, I never heard back from the original poster, mbaratz, so I sent in a message to both flickr help and abuse. Here is the response I got:

Hi Dave,

FlickrBlog is part of Flickr and this our standard for accreditation.

If you would prefer, we can remove your content from the post in question.



Hmm, interesting, so basically their policy violates my BY-NC-SA Creative Commons license. Instead of bringing that up I politely responded:

Ok, I understand. I'd really rather not have you delete it, wouldn't it be just as easy to credit me as it would be to delete it? How about you change the accreditation and then everyone is happy. You can keep the photo linking to the flickr page.



So I was hoping to get a reasonable and polite response, be it yes or no, but instead Heather responded with this passive aggressive missive:


I've removed your content from the post. I think that this is the easiest way to make everybody happy.



I was flabbergasted, I couldn't believe that they would just delete my photo instead of working with me and changing a single link in a blog post. Flickr is a huge champion of Creative Commons, I find it ludicrous that they would refuse to practice what they preach. Apart from Creative Commons, flickr requires you to link back whenever you post one of your photos on your site, but now they're refusing to link to me? They even insert rel="nofollow" on any links you put in your photo descriptions, but we're forced to link back when we post those same photos?

I am seriously considering removing all my content (5,976 photos which have received 277,092 views) from flickr. I don't really want to do this, but I feel totally insulted by this interaction I had with Heather.

Here is the photo in question:

Cauac Twins Tesla Coils

UPDATE Not specifically related to this post, but I am no longer using flickr to host photos on this site. I will soon be removing all my photos from flickr once I have fully backed up all comments and data from said images.

Thursday, September 27th, 2007 -

Different Sides of Downtown Los Angeles

Los Angeles has been dry and cloudless all summer. I really love the way clouds look in an HDR photo, and as I'm working on the last few shots I need for my first solo show which is coming up either in November or January, I couldn't resist spending a few hours driving around LA and getting some shots. Here are some photos of LA from a few vantage points I found throughout the city, including Boyle Heights, Lincoln Heights and Baldwin Hills Estates:

Downtown LA and Truck Yard

Dowtown LA From Lincoln Heights

Downtown LA from Baldwin Hills Estates

You can check out the rest in my Downtown from the Hills gallery.

Sunday, September 23rd, 2007 -

And the Rain Falls

Our vast arid-wasteland-cum-metropolis has been parched past the point of desiccation after our lowest annual rainfall on record this year. Finally our city is breathing a collective, rain-drenched, sigh of relief. The rain is falling right now, the streets are wet and glimmering, if I was outside my nostrils would be filled with the smell of soaked pavement. The thing I miss most about growing up in the Bay Area is the rain... the rain that fell more often than it does here in the desert that Mulholland converted.

Hopefully this next year will be a wet one, like it was in 2005. That was the year the Mojave was carpeted with wildflowers, many of which hadn't bloomed in centuries.

Saturday, September 22nd, 2007 -

South of Los Angeles, an HDR Excursion

Today the sky in Los Angeles was filled with the most beautiful clouds that we've had in some time now. I couldn't resist driving around my favorite industrial areas South of Los Angeles and shooting some photos. I even got a chance to try out my new Gobi Stealth roof rack, which has a mesh top and can support 300lbs, making it a perfect photographic platform. Here are the results from my excursion:

Bridge Over Los Angeles River


Railroad Bridge Over River

Trains Below the 710

All photos were taken with a Canon EOS 5D, through a Canon 24-70 EF f/2.8 L atop my trusty Bogen Manfrotto 3021BN connected to a Arca Swiss B1 Monoball Head triggered using a wired remote. Each photo you see here is a combination of 3 bracketed shots: 0,-,+ 2 EV which were combined with Photomatix. More photos after the jump.

Friday, September 21st, 2007 -

Photo Credit, Creative Commons and Those Who Ignore It

Scott Beale just posted about ZingFu ignoring his CC license and using one of his photos for a promotional card without either asking (which is required for commercial use) or crediting him. This happens to me rather frequently, which is why I've borrowed (with permission) the wording that Scott uses on all his photo on flickr:

This photo is licensed under a Creative Commons license. If you use this photo, please list the photo credit as "Scott Beale (Laughing Squid)" and link credit to

Of course, I've replaced his name and website with mine, but I am guessing from his results, this will still not be enough.

The last two entities to refuse to properly credit my photos, and thus violate my creative commons license, were NPR and the Flickr Blog. I have also recently been contacted by an editor on Wikipedia, who has asked me to change my license to allow for commercial usage, which I will not do by any means. I find it very unfortunate that Wikipedia forbids -NC CC photos, but here is a page in support of their reasoning.

Tuesday, September 18th, 2007 -

ISO: Ultimate Ultra-Compact Camera

Over the years I've made my way through various Ultra-Compact digital cameras, the latest being the Canon Powershot SD550. I don't especially like the SD500 for a number of reasons which I don't feel like listing here. What I am going to list, is what I do want in an Ultra-Compact Digital Camera:

Required: Somewhere Between 5 and 10 Megapixels RAW Mode Full Manual Mode Tripod Mount Excellent Low-light Performance Quick or Instant Startup Time ≥ 3" LCD ≥ 2x Optical Zoom At Least 24-50mm Equivalent Zoom Fits Easily in Pocket Macro Mode Video Mode Doesn't Use Obscure Memory Format USB 2.0

Would be Nice: Water-Resistent of Water-Proof Image Stabilization Bluetooth / 802.11x Face Recognition Standard Sized Batteries

Obviously there is currently no camera that meets my required specs, but I'm hoping there will be some time soon. I was considering the Leica D-Lux 3, but because of its poor low-light performance and protruding lens won't work for me. If my SD550 dies before a camera with my required specs comes along, I'll probably go with the Nikon Coolpix S51, although it doesn't have a RAW nor manual modes.... ok so maybe that won't work. For now I'll just make it a point to lug around my 5D as much as possible.

Btw, this post was inspired by Scott Beale's post about his new Fuji Finepix F50.

UPDATE I have created a handy little size guide so you can get a real life idea of the size of the various Ultra-Compact cameras out there. So far I have only done Canon and Nikon, but I plan on adding other manufacturers. You can download the Ultra-Compact Camera Size Comparison Chart [66k PDF].

UPDATE 2 Hmm, I think this might be the perfect camera for me: Canon SD870 IS.

Monday, September 17th, 2007 -

Bidding Adieu To

It's been a good run for me over at, but I have decided that I no longer have the time to contribute quality, unique content. I have been mulling over this decision for some time now, and I decided to stop putting if off and admit to myself that I'm just too busy to handle all the blogging on my plate. I will now be focusing on writing for and blogdowntown. If you're interested you can read through my 283 posts from the 2 years and 2 months I wrote for

Monday, September 17th, 2007 -

Yahoo Mash Invites

Thanks to Scott Beale I now have a Yahoo! Mash profile. I also have invites if you need one. It would be helpful if mash included a way to invite from a vcard file, but otherwise it seems pretty cool.

UPDATE Ok so I know this is still in beta, but the fact that Yahoo's own service flickr's module has now broken my RSS feed link is somehow pleasantly ironic:

Invalid URL:

I should point out that it did work this morning.

UPDATE 2 I have added a few friends and none of them show up in my friends list, although I show up in theirs. Odd.

UPDATE 3 Ok I get it, the friends don't show up until they've claimed and set up their profiles. There are some pretty cool little modules, I like the twitter feed.

Monday, September 17th, 2007 -

WIRED Nextfest Multimedia Gallery

I'm excited. My first WIRED gallery just went online! So far there are 11 images in the gallery, but soon there should be around 20. Checkout my photos in the WIRED Nextfest Gallery. =]

Update The rest of my images, totaling 22, are now up on the gallery. I ended up writing the captions for the remaining 11 images. Unfortunately,'s gallery doesn't allow two bylines for a gallery, but Kristen Philipkoski was nice enough to allow my to have the byline even though she wrote the captions on the original 11 images. Thanks Kristen!

Monday, September 17th, 2007 -

WIRED Nextfest Photo Preview

I am covering the WIRED Nextfest for Here are some of the photos they aren't using on their site:

Brainball: Jay Lauf vs. Buzz Aldring

Human-Carrying Biped Waling Bot

Buzz Aldrin announing Google XPrize

Humankind: Albert Einstein

Power-Aware Cord


Tomotaka Takahashi and his Robots

Keepon Robots

Here are the Nextfest stories that are using my photos: Buzz Aldrin Beats WIRED Mag Publisher at BrainBall Buzz Aldrin Hearts NextFest, X Prize Lunar Rover Makes Appearance at NextFest Larry Page: Science Has a Serious Marketing Problem Lunar Legacy Program: Send Your Photos to the Moon SpaceX Will Sell Launch Vehicles at Cost to Lunar X-Prize Competitors

More of my photos can be found in my gallery.

Friday, September 14th, 2007 -

Getting Fresh with Keepon @ Nextfest

Last night I got a chance to get up close and personal with Keepon, the friendly dancing robot, at the WIRED Nextfest Creative Commons Benefit. I was hoping to see him perform live with Spoon, although honestly I'm more of a Keepon fan than a Spoon fan, but Keepon's performance was in the lobby, not on stage:


I had a chance to chat with Marek Michalowski and Hideki Kozima a bit about their robot and they even took off Keepon's pants/dress so I could get a shot of his guts which consist of 4 geared DC motors and a RISC processor to control the motors:

Keepon Lower Guts

They didn't take off his skin, but they said they would for me during the press preview on Thursday. The did let me peak behind the curtain at the beautiful rats nest of cables, interfaces and two MacBooks being used to control the quartet of Keepons.

Keepon Brains

Marek Michalowski and Hideki Kozima showed off their robots to an interested crowd:

Marek Michalowski
and Hideki Kozima demo

Evidently girls really, really, really like dancing squishy robots (I mean really):

Keepon Gets Kissed

You can see more in my Nextfest Creative Commons Benefit gallery.

Tuesday, September 11th, 2007 -

Tabletop Electron Microscope... Do Want!

Hitachi TM-1000 Electron Microscope

Dear Santa Claus,

I have been a relatively good boy this year and I would like a shiny new Hitachi TM-100 Tabletop Scanning Electron Microscope. I know what you're going to say, "Dave, you already have a microscope and it can easily fit on a tabletop." Yes, that is true, but I have an old optical microscope and if I had an electron microscope just think of the photos I could take! They would by much cooler than these I took last year.

The TM-100 will be on display (hopefully a hands on display!) at the 2007 WIRED Nextfest.

Friday, September 7th, 2007 -

Nextfest Robot Roundup

The WIRED Nextfest is coming up next week here in Downtown Los Angeles. I am really excited about many of the exhibitions. It's one thing to read about a cool robot online, but to actually see one in real life is even better, as long as it doesn't try and chop off your arm with its sword. I have compiled a list of what I think will be some of the more interesting robots at Nextfest:

Wired Nextfest takes place September 13th through the 16th in the South Hall of the LA Convention Center. Tickets will run you $20 if you're and adult, $15 with a student ID, and kids 2-12 are $5.

UPDATE I have added photos of the robots I saw at Nextfest. You can check out the rest of my photos here: Nextfest Day 1 and Nextfest Day 2.

Friday, September 7th, 2007 -

DLANC CERT Training Session 1 of 3 : This Saturday: September 8th!

The time has come for the first of the three Downtown Los Angeles Neighborhood Council's (DLANC) Community Emergency Response Team (CERT) training sessions! The training will begin this Saturday, September 8th, starting at 8:30am and running to 4:30pm at the Los Angeles Theatre, located at 615 S Broadway in Downtown Los Angeles. DLANC is sponsoring the training and is providing delicious lunches from the Corner Bakery.

There is no charge for the training or the meals, the only thing you need to bring is your thinking cap and note-taking supplies.

Please be sure to RSVP to [email protected] with your full name and phone number if you are planning on coming.

Wednesday, September 5th, 2007 -

The Black Hole : Los Alamos Laboratory Salvage Yard

The Black Hole

Every teenager dreams of working in a giant warehouse full of discarded nuclear test equipment, well used high-pressure vacuum fittings and an endless assortment of puzzling devices which may or may not have any value in the modern era. Ok, so maybe not every teenager has this dream, I was and still am somewhat of a strange person, but in High School in New Mexico, this particular dream of mine came true.

After tooling around the Los Alamos National Laboratory (LANL) Library and the Bradbury Museum for the better part of a day, my father took a break from coding the labs IBM AS/400 systems he was responsible for and took me to The Black Hole, also known as the Los Alamos Sales Company. He introduced me to Ed Grothus (photo below), an eccentric old fellow who had worked for the lab (what the locals call LANL) until being let go after marching in a peace protest in the '60s.Ed offered me a job, which paid minimum wage, which I believe was about $4.25 in New Mexico. He didn't really tell me what the job would entail, and honestly I didn't care. I had fallen in love with the endless piles of mysterious equipment that filled the former supermarket that had become The Black Hole. As it turned out my job description was quite eclectic and covered everything from taking apart electronic assemblies to recover whatever was valuable inside to helping customers find that centrifuge they were looking for to tearing old lockers out of High Schools.

I worked for Ed for 3 or 4 summers and I really enjoyed my time there. It was an amazing experience and I learned about all types of scientific laboratory equipment, how it worked, and what it was worth second hand. I had been meaning to visit the Black Hole and Ed for almost a decade, and I did just that on my recent vacation to New Mexico. Here are some photos with short captions covering what I saw:

Ed Grothus shows off his Peace Obelisk, one of two identical 3 ton marble obelisks. Ed traveled to China to have the massive monuments hewn from quarried marble and then polished and inscribed. The obelisks will have a message in fifteen languages inscribed in the hematite spheres that the obelisks will rest on. He is still searching for a location to place the monuments, I recommended the Trinity Site.

Ed Grothus and his Peace Obelisks

Except for the rusted sculptures and the "Military Surplus" sign, the front entrance to the Black Hole hasn't changed much in the decade and a half since I worked there. The former supermarket, it's parking lot and the church next door no longer sell groceries or facilitate worship, but instead provide cover to millions of salvaged scientific apparatuses. His frequent customers include LANL employees who are ironically buying back the same equipment the lab sold to salvage for pennies on the dollar over the years.

High Vacuum Equipment

Ultra High vacuum equipment is some of the most high-tech looking hardware in the world. Comprised of thick walled stainless steel and machined with great precision for even greater amounts of money, HVac or UHV fittings are designed to withstand extremely high levels of vacuum. They are used for thin-film and spectroscopy research applications which require insane levels of negative pressure.

Marley High Speed Camera

This large device is a Marley High Speed Camera built in England in 1944. The camera is capable of taking 100,000 photos per second. It was most likely used to photograph nuclear or other explosions.

The Yard

To the left of the parking lot in the photo above you can see the A-frame church. When I worked at the Black Hole, it was filled with especially old, and possibly valuable equipment. The parking lot has been a source of trouble for Ed through the years, after neighbors complained the city of Los Alamos ordered Ed to clean up the lot. He ended up refusing to do so, being arrested, and while he was in jail the city hired a private firm to clean up the Black Hole. Instead of cleaning the parking lot out, they sold most all of Ed's most valuable items and pocketed the profit. As you can clearly see, the yard is still not clean.

More after the jump, and the whole archive can be found in my gallery

Tuesday, September 4th, 2007 -

Defcon 15 : Photo Essay

As I mentioned in my previous blog posts, I attended my 6th Defcon this year. I had a great time and actually ended up getting hired by Wired Blog to shoot photos of the event, many of which can be found here. A few of them also made it onto the main Wired website. Of course I took hundreds of photos and only a handful were used by Wired, so here are some highlights from my collection:

Glowing DC Badges

Hacked Badge


Uncle Ira Junk

Black Badges

More after the jump, and the whole archive can be found in my Defcon 15 gallery.

Friday, August 31st, 2007 -

Lightroom Update : Much Much Better

About a month ago I upgraded to the newest version of Adobe's Lightroom. Adobe fixed most of the problems that existed in their first version, most importantly the horrid sluggishness that occurred when browsing through the library. It's not perfect yet, but it is much better. I am looking forward to the next version and the release of a plugin SDK.

Friday, August 31st, 2007 -

Santa Fe Proper

Surprisingly enough, I only took a few photos of Santa Fe itself during our vacation there. Here they are:

El Portal and Crane with Clounds

Santa Fe Plaza Monument Topped with Pige

East Palace Avenue and Clouds

Thursday, August 16th, 2007 -

Prairie Dogs @ Jackalope

I really, really, really love Prairie Dogs. They have an extremely advanced and extensive form of verbal communication, with hundreds of distinct calls they use to describe different dangers and predators. It saddens me somewhat that the tourist trap known as Jackalope keeps over a dozen dogs in a cement lined pen which is roughly one tenth the size of the area the would inhabit in the wild. Either way about it, they're cute as can be, as evidenced by these photos:

Prairie Dog

Prairie Dog Eating

Prairie Dog Kisses

Prairie Dogs Kissing

Prairie Dog Munching

Prairie Dog

You can see the rest of the Prairie Dog photos I took in my gallery.

Thursday, August 16th, 2007 -

NF 289 and St Peter's Dome Road

Yesterday the radiantly beautiful Penelope and I took the road less traveled from Cochiti Pueblo up through Tent Rocks along National Forest road 289, with a slight detour to Saint Peter's Dome, up to Highway 4. The FJ, which we've named Blue-J, performed flawlessly, although this time 4 Wheel Low was required. Here are some photos I took, along with Penelope's first HDR photo:

Blue-J with Pen and Dave

Blue-J in Dome Wilderness

View from Dome Wilderness Lookout

View from Dome Wilderness Lookout

Cochiti Dam and Valley

Penelope's first HDR photo:

Dome Wilderness

You can check out the rest in my photo gallery.

Thursday, August 16th, 2007 -

Elk Mountain in New Mexico

Today Penelope and I drove up past Pecos to dig through some mine tailings for interesting rocks. Yeah we're rockhounds, so what? After finding some good specimens we decided to take a 4WD trail up to the top of Elk Mountain. It was a great drive, about 20 miles each way. Once again, the FJ totally kicked ass, this time getting totally covered with mud. I didn't even have to put it in to 4 low for the trail. Here are some photos from the top of Elk Mountain:

Penelope, Dave and Blue-J on Elk Mountai

FJ Cruiser atop Elk Mountain

View from Elk Mountain

FJ Cruiser and Repeater atop Elk Mountai

View from Elk Mountain

You can find the rest in my gallery.

Monday, August 13th, 2007 -

New Mexico in an FJ Cruiser

My lovely wife, Penelope, and I are vacationing in New Mexico. We just got in last night and today was our first road trip. We drove down to the former ghost town of Madrid. We took back roads most of the way, and of course the FJ Cruiser, which we have named "Blue-J", performed beautifully.

I just drove by memory from my High School days in Santa Fe, and Penelope was a bit concerned we would get lost, driving on random poorly maintained dirt roads, but we did just fine. When we got back to Santa Fe, we picked up a road and recreation atlas that has much finer detail than our AAA maps. Tomorrow I think we're going to go to Tesuque and Las Vegas... New Mexico, not Nevada!

Here are some photos from today:

Dave and Penelope with Clouds and Blue-J

New Mexico Sky

Dave and Penelope in Blue-J

New Mexico Sky and Blue-J

You can check out the rest here in my photo gallery.

Sunday, August 12th, 2007 -

Hacking the Defcon Badge

Defcon Badge with Soldered on Connector

Yesterday at Defcon I went to the vendor area to pick up the Zigbee and accelerometer chips for my awesome Defcon badge. Unfortunately they were out of both chips, but they did let me borrow their soldering iron and gave me some leads to solder onto my badge. I soldered these leads on in a minute or two and then attached my badge to their laptop which had the freescale programming software on it. I modified the source code, which is actually in C, simply changing the hard coded message from "I <3 DEFCON" to "" Changing this, meant that as soon as I powered up the badge it displayed that instead of the default message, and also changed the POV message. After modifying the code, I recompiled the firmware and flashed it to the badge.

Programming the Defcon Badge

The hack was simple and in total took me about 10 minutes. According to the guys at the booth and Joe Grand (the badge's designer) I was the first person at the con to hack a badge. Today I am planning on picking up my own Freescale programmer and the accelerometer chips which should be in stock, and hopefully I'll find some time to modify the badge in more interesting ways. This simple hack has been written up on Wired's 27bstroke6 blog (whom I have been employed by for the duration of the convention as their staff photog), Gizmodo and several other places.

Hacked Defcon Badge

Saturday, August 4th, 2007 -

EVDO and Defcon

King Tuna

As everyone in attendance should know, the Defcon network is probably the most dangerous and hostile network in the world. No network is secure, but the wireless network at Defcon is totally insecure with thousands of hackers and script kiddies sniffing traffic and actively attacking ever system they see. This is one reason why I've made it a habit to use an out of band connection for my internet needs. My out of band network of choice is EVDO, but even with that I still send all my traffic through an ssh tunnel to a trusted host.

Verizon's EVDO uses ppp to assign you system a public internet address, and I'm guessing that the IP range varies from city to city. It's no surprise that people know about this as evidenced by the logs below that show port scans bouncing off my firewall.

One of the talks coming up today is "Hacking EVDO," and I was a bit worried that someone had figured out how to sniff EVDO traffic. I happened to run in to King Tuna, who is giving the talk and asked him about what he had found. He told me that currently the protocol is still secure, but that he had found a vulnerability in one of the chipsets which he has written an exploit for. The point of his research was to inspire other people to work on the protocol and break it.

The logs from my firewall can be found after the jump.

Saturday, August 4th, 2007 -

Defcon 15 : Badge Radness

Defcon 15 Badge

I just got my wife's badge for Defcon (they're not giving out press badges 'till tomorrow) and it is totally and completely awesome. At first when I put the batteries in, the LEDs lit up and then nothing happened. I tried shorting a few pins together on the back to no avail and then by accident I figured out that the front has two buttons, which are the smiley skull and the dial. After pressing the buttons it scrolled some text about Defcon, and then I hit the buttons a few more times and saw POV, which stands for persistence of vision. I swung the badge around and saw the word defcon, just like the cool spoke POV kits. Then I pushed the buttons a few more times and it displayed: TEXT. I held both buttons at once and I was able to program in 15 characters of text using the buttons to navigate and pressing them both at once to select a letter. I choose: "EECUE[HEART]PENELOPER^" with the heart being an actual heart symbol. The badge offers a full upper and lowercase alphabet along with an assortment of symbols and punctuation. After adding the 15 characters the text began to scroll in a marquee fashion. This is the dopest badge ever. Hell yeah and way to go Defcon!

Defcon 15 Badge

Defcon 15 Badge

Thursday, August 2nd, 2007 -

Black Hat 2007 : Day 2 : Chris Paget

Chris Paget stirred up much controversy at Black Hat DC with the release of his RFID cloner. The cloner can be easily built with "a high school level of electronics" and some free time. Unfortunately, due to the threat of a massive patent lawsuit he is unable to release the schematics or source code for the cloner. He demoed his cloner and it was quite effect in cloning RFID cards that operate in the 134 kHz range. He also showed that the RFID tinfoil "shields" are completely ineffective for the 134 kHz RFID cards. Here are some photos of Paget and his cloners:

Chris Paget

Chris Paget RFID Cloner

Chris Paget

And that's it for my Black Hat 2007 live blogging... it's time to meet up with the wife and drink! More to come from Defcon. =]

Thursday, August 2nd, 2007 -

Black Hat 2007 : Day 2 : Mike Spindel, Eric Schmiedl and Charlie Miller

This is going to be a short post, but here are a few photos from today. Mike Spindel and Eric Schmiedl gave a talk about access control system, read locks, which was interesting and informative, but didn't have much ground breaking information, here are a couple of photos:

Eric Schmiedl

Mike Spindel

Charlie Miller gave a talk about hacking OS X, and talked about the recent root exploit he found on the iPhone. Luckily for the iPhone users out there, Apple released an update that fixed this problem, and it happened to come out the day before Black Hat started. Luckily for Apple, Miller is a white-hat hacker and he disclosed his findings to them several weeks before Black Hat, and let them know he would be talking about it and releasing the exploit code. Here is a photo from his talk:

Charlie Miller

Thursday, August 2nd, 2007 -

I won a 30GB iPod!

I never win anything. I was over at the google booth, and after letting them scan my badge, I decided to enter into their drawing for a free iPod. I didn't actually have a business card, so I put in the extra card that comes with the Black Hat badge. This card had my name on it and a checksum. After calling two names of people who weren't there they pulled a bright orange card, and it was mine. Rock on, I won a 30GB iPod. Thanks Google!

30GB iPod I won in a google giveaway

Thursday, August 2nd, 2007 -

Black Hat 2007 : Day 2 : Adam Laurie

During the first part of his talk, Adam Laurie demonstrated some of his new research on hotel safes in which he opened a hotel safe using only a paperclip and multi tool in under a minute. He had a member from the audience read the marketing hype from the safe manufacturer while he opened the safe and recovered his previously "safe" beer.

Adam Laurie

His talk was actually about RFID chips, which are Radio Frequency IDentification systems. They are passive chips that are activated by a radio signal. There are two types of chips, smart and dumb, the smart ones have circuitry that processes input and return a signal. Dumb chips just respond with a code when lit up with radio frequency. The dumb chips are used in everything from hotel keys to car keys to pet implants. RFID plants are also being implanted in humans for military access control, mental patient tracking, and even as a digital wallet for beach-goers.

The point that the manufactures always drives home is that the chips are unique and can't be duplicated. In actuality, RFID chips can be easily cloned with a device that costs under $20, which you can get plans and parts to build here. There are numerous other kits available to clone RFIDs. The RFID industry's response to the ability to clone chips was they they aren't true clones because they don't have "the same form factor." Laurie took this as a challenge and decided to to clone an RFID chip using the same form factor.

Assorted RFID Cards / Readers / Writers

He researched RFID tag types, and found two that are multi-format configurable and that can be loaded with user selectable data. He happened to be in possession of a Q5 [pdf download] reprogrammable tag from the office where he works. Using a simple keyboard wedge he read the ID of the chip he wanted to clone. He then used a program he wrote in python, called rfidiot, to reprogram the chip with the cloned ID. He demoed the whole thing in about 1 minute and it work as designed, good show.

He then demoed a clone of the animal implant chip, and rewrote the chip in his wrist (watch) to the same chip ID. Verichip uses the same type of chip for identification, but the difference is that they use a 4 digit country code instead of a 3 digit code and being that no commercial software can write a 4 digit country code. Luckily Laurie wrote software that can write any code, no matter how long, to the card, thus defeating the "security" of the Verichip.

Adam Laurie

The next part of his talk focused on "smart" RFID cards, which most notably are being used in passports, including those from the US and UK. These chips can use a combination of a psuedo-random UID, strong authentication (3DES) and content encryption. So far no countries are using encrypted content, mostly because there is no published standard as of yet.

The key happens to be printed on the passport, which to me anyway, defeats most of the benefit of having strong auth. Although the passports have the shared key printed inside the front cover, it is still possibly to brute force the key, as there is no brute force prevention built in to the passport RFID.

Adam Laurie

Although cloning the passport is trivial and just a matter of copying the files, modifying the data should not be possible because of the use of a Certificate Authority and public key infrastructure. The possibility of signing the passport with your own key has recently been avoided due to a public repository of keys, but this only came out in April, so until then it has been possible to modify passports.

The amount of systems that are implementing RFID for "secure" purposes is growing everyday. Clearly this technology has many vulnerabilities and major changes are needed to ensure the security of these systems. I'm glad I recently got a passport last year, and that it doesn't have an RFID chip in it.

Thursday, August 2nd, 2007 -

Black Hat 2007 : Day 2 : Andrea Barisani &amp; Daniele Bianco

Many modern cars have built in navigation / traffic systems. In North America data is transmitted over FM radio using the Radio Data System (RDS). The system can display station names, time, program type, and news override. The signal piggybacks on standard FM radio signals. RDS Traffic Message Channel (RDS-TMC) transmits traffic data over RDS and was introduced in Germany in 1997. Although it is a 10 year old protocol, it is just now being implemented in modern satellite navigation systems. TMC can also be transmitted over digital radio like DAB and Satellite radio.

Daniele Bianco

RDS is a very simple protocol with each packet consisting of 104 bits. The security issue with RDS is that it has no data authentication built in, which makes is easy to sniff and send fake messages using off the shelf components. The components to make a sniffer cost under $20 and can be easily made with very little technical skill according to the speakers. The specs and code for the PIC can be downloaded from the Inverse Path development website if you want to make your own RDS sniffer / injector.

Andrea Barisani

The injection code is still quite crude, as you have to edit the source and recompile every time you want to change what you are injecting. What's important is that it works, although it does happen to look somewhat like a bomb. When they brought their setup through TSA checkpoint, the TSA officer upon inspecting it, flipped a switch and said "boom". Barsiani said "apparently TSA officers are allowed to make jokes about bombs, which would get anyone else arrested."

RDS-TMC Injector / Sniffer

One of the features of RDS-TMS is the news override which forces your tuner to change stations to a different frequency. Barisani said they tested their system during a Saturday soccer match, which potentially enraged numerous Italians when their match was overridden by their radios tuning to a station with a carrier tone.

Some of the fun things you can do by injecting RDS-TMC messages is show fake road closures, traffic slow downs, dangerous weather, road work. You can also close roads and tunnels. The wacky stuff you can do is to display codes like: Terrorist Incident, Air raid danger, Air Crash, Bomb Alert, and a more generic Security Alert. The best one they showed though was "Bull Fight".

According to Barisani, his father was never impressed with his software and kernel hacking research, but when he showed him the RDS-TMC hacking his father said, "Wow, you have a cool job."

You can download Andrea Barisani and Daniele Bianco's CanSecWest 2007 presentation here [13mb PDF] and all the supporting files and schematics to make your own sniffer / injector here. Their website is [A complete list of the codes you can send can be found after the jump.]

Thursday, August 2nd, 2007 -

Black Hat 2007 : Day 2 : John Heasman

BIOS is the system in your computer that initializes hardware, memory and loads basic user settings then finally loads a bootloader which will start your operating system. For years there have been methods of loading malicious code into a compromised host's BIOS, although physical access may be required.

John Heasman

One popular method of compromising a host through a BIOS is an option ROM rootkit. A rootkit prevents the user of a compromised system from being able to tell their system has been hacked by hiding traces of the malicious code, and thus gives full control of the compromised system to the attacker. A BIOS rootkit has multiple interrupts available to hook to including video, disk, and memory. Detection of this type of rootkit is fairly easy and is just a matter of dumping the content of the BIOS ROM.

Another method of of BIOS rootkitting is through ACPI, which is the hardware that controls power management of your system as well as provides temperature information to your operating system. ACPI has the ability to modify system memory and allow the attacker to deploy a rootkit. ACPI rootkits are independent of the operating system so will work on multiple platforms. ACPI is written in a high level language called AML that makes writing both malicious and non-malicious code easy. Not all operating systems have ACPI device drivers, and some prevent AML from accessing system memory by sandboxing it.

The Extensible Firmware Interface (EFI) is the replacement for the legacy BIOS system. EFI reuses existing systems including FAT filesystem and ACPI. EFI is a much more robust system than BIOS and is also backwards compatible with BIOS. The implementation that Intel uses is called "The Framework," it is partially open source and it what is inside the new Intel based Apple OS X systems.

There are many ways to get code into the EFI environment. An attacker can modify the bootlader directly, modify bootloader varibles in NVRAM, modify and reflash firmware or exploit an implementation flaw in the driver. Once the attacher is in, they can shim a boot service, modify an ACPI table like in the tradition BIOS attack, load an SMM driver, or hook interrup handlers. Modifying the boot loader is actually quite simple in Mac OSX as the bootloader binary is located in user disk space: /System/Library/CoreSerbvice.boot.efi. This isn't very stealthy as you are modifying a file on disk which could easily be detected by verifying checksums with an application like tripwire.

System Management Mode (SMM) is a "get out of jail free bard" for system designers. It allows an attacker to execute code that is hidden from the operating system like virtualization rootkits. EFI provides various protocols and a set of services for accessing SMM. SMM is normally used for error logging, enabling/disabling ACPI, power button spport when not using ACPI and various other system workarounds. SMM may be triggered on external events, I/O events, and timed events. SMM has been used in the past to disable BSD securelevel by Loic Duflot [PDF Download].

John Heasman

Detecting an SMM rootkit would be very difficult as hardware breakpoins to SMM and SMM memory access can be blocked. There currently is no SMM malware because bugging SMM code requires a hardware analyzer and the platform may be already using SMM.

The bottom line is that with the added functionality, EFI offers an attacker many more options than BIOS for exploitation. The EFI specification is not very clear with regards to security which will result in various vendors implementing insecure versions of EFI. In the future look out for nasty rootkits based on EFI.

John Heasman

John Heasman is an employee of Next Generation Security Software. The information in this post came from his "Hacking the Extensible Firmware Interface" talk at the Black Hat 2007 Briefings in Las Vegas.

Thursday, August 2nd, 2007 -

Black Hat 2007 : Day 1 : Assorted

Ok, I'm getting tired, I didn't get much sleep last night after driving from LA to Vegas. Here are some photos I shot at the last group of sessions:

Brad Hill



Wednesday, August 1st, 2007 -

Black Hat 2007 : Day 1 : Phil Zimmermann

In case you haven't noticed I'm liveblogging Black Hat 2007. I just watched the end of Phil Zimmermann's talk about his new VoIP encryption product / SDK: ZPhone. Z-Phone is an application that allows you to make secure, encrypted phone calls over the internet using standard VoIP protocols. As with Zimmerman's other well known project PGP, the source code and software is given away for free.

During the question and answer session he talked about his disdain for software patents, but added that he had recently applied for a patent for the ZPhone protocol, with an interesting twist. He is using the patent for good, and here is how: Part of the patent states that any time a key is copied and stored (which would allow a party to monitor / wiretap the call) a flag is set on that session that designates the wiretapping. This won't prevent interested parties from not using the flag, but it will prevent them from using the free license for ZPhone and thus force them to disclose that their product is wiretap friendly.

Here are some photos from the talk:

Phil Zimmermann

Phil Zimmermann

Phil Zimmermann

I just heard this random quote in the press pen: "Our experience is to stay off the wireless network at Defcon, we actually got hacked into a few years ago." I bring my own out of band connection with me to all security conventions and even with that I still do all my surfing / blogging / emailing through an ssh tunnel to a trusted server.

Wednesday, August 1st, 2007 -

Black Hat 2007 : Day 1 : Dan Kaminsky

Dan Kaminsky just gave a talk about the nasty things that service providers are doing to your network traffic, how it relates to network neutrality and how to detect it. Basically nearly all router manufacturers are working on technology to do hostile things to your internet traffic, including slowing certain parts of it, monitoring it, modifying it in real time to do mean things like put their own ads in your web pages or worst of all, storing it and selling it.

Dan stated that this kind of trickery is going to either make web advertising obsolete, or force most if not all web traffic to be encrypted. If ISPs don't wake up and realize that what they're doing is wrong and bad the effect on the current internet ad market will be bad. I never thought of network neutrality as more than just shaping traffic or preferred routing, but Dan opened my eyes to the ugly things that vendors and ISPs are doing to our data.

Here are some photos from his talk:

Dan Kaminsky

Dan Kaminsky

His grandma is in the audience, and he was giving away some of her cookies to people who asked good questions:

Dan Kaminsky

Dan Kaminsky

Wednesday, August 1st, 2007 -

Black Hat 2007 : Day 1 : Richard Clarke + Swag Bag

I'm attending the Black Hat Briefings in Las Vegas. I just caught the tail end of Richard Clarke's keynote speech. One thing he said in a final question that I thought was really cool and spot on is that the government should be monitoring terrorists and hacking in to their computers, but should not be monitoring everyday citizens. I wish more government (or former government) officials felt this way as well.

This Black Hat is the largest ever with over 4,000 attendants. They completely streamlined the registration process and it is operating much more smoothly than last year.

Here are some photos from his talk:

Richard Clarke

Richard Clarke

Richard Clarke

And here is what came in the swag bag:

Black Hat Swag Bag

Wednesday, August 1st, 2007 -

Happy Anniversary to My Lovely Wife


My beautiful, sweet wife and I had a beautiful wedding 1 year ago today. We've had an amazing array of fun adventures since then, starting with our honeymoon in Fiji, and continuing with trips to the zoo, the desert, San Francisco, Huntington Gardens, DEFCON, Santa Barbara, San Diego and many more. Our special day every week is Sunday and we try and do something fun and different every time.

Penelope is the sweetest woman I've ever met, and her charm and charisma is readily evident to everyone who meets her. I couldn't have asked for a better person to share my life with. Thanks to her compassion and love for humanity, she will be the best nurse ever.

My only gift to her today is dinner at the Water Grill, plus some hiking / scrabble action. The real gift will come next month in the form of a vacation to Santa Fe, Taos and Sedona. Sweet sweet Penelope, you are perfect for me. I'm looking forward to the next 50+ years with you.

Monday, July 9th, 2007 -

The Edison in Downtown Los Angeles

A few weeks ago at the CPAB meeting I met one of the managers of The Edison. I asked him if I could come down during their off-hours and take some HDR photos. He agreed and here is the result:

Generator and pressure tank

Pressure Tank

Edison Furnace

The building that The Edison is in was the first building in Los Angeles with electricity. The power came from a very large oil furnace that is now a room in the lounge. As you can see from the photos above, the generators are still in the basement, although obviously they are no longer in operation.

You can see some more photos on and in the Edison Bar photo gallery here on

Tuesday, June 26th, 2007 -


I just signed up for an interesting social aggregator website called Jaiku. It has the same functionality as twitter, but it can subscribe to and display your RSS feeds. I'm not sure I'll use it as much as twitter, but it seems like a useful application. You can check out my Jaiku page here. I heard about it via a twitter from Jason DeFillippo, who was waiting to get in to the Jaiku launch party in SF, but apparently ended up leaving with Scott Beale due to the long, motionless line.

Update: As it turns out, but Scott and Jason made ended up going to the Jaiku party, as evidenced in this laughing squid blog post.

Tuesday, June 19th, 2007 -

Blackberry Pearl Trackball Failure, Part Two

My Blackberry Pearl's trackball just stopped working again. This is my second Pearl that failed for the same reason. The trackball scrolls, but does not click. According to T-Mobile, this is a known issue with the Pearl. They are sending me a replacement... again.

Monday, June 18th, 2007 -

Downtown Los Angeles Filming Maps

april through june filming in downtown

Several months ago a progression of disturbing Downtown filming events culminated with a low flying helicopter buzzing our rooftops at midnight on a Sunday. Residents and business owners in Downtown voiced their opinions against the way they were being treated by film crews. In response the Downtown Los Angeles Neighborhood Council (DLANC) formed and ad-hoc committee on filming issues. I have attended many of their meetings over the past months.

FilmLA gives us the notifications as Microsoft Word documents. There is an open source application that converts MS Word files into text called wvWare, which I had previously used for another project. I set up an special email address that I (or at some point FilmLA) can email the notifications to at which point qmail hands off the email to a php script that I wrote, which pulls out all the attachments, feeds them to wv and then parses the text wv produces. Currently I am able to parse about 90% of the notifications, but some of them are now being sent in PDF and RTF formats. In the near future I am going to enhance the parse to handle those formats as well.

After the raw data is parsed it is sent to a Ruby on Rails application that I wrote that uses YM4R to integrate with Google Maps. Using the Downtown Filming Maps application I wrote you can now search by date range and keyword to see what is going in, filming-wise, in Downtown. You can also subscribe your iCalendar compatible calendar application to see what is going on. The application is still in beta, and doesn't have 100% of the filming locations on it, nor does it show any parking or road closures from filming.

In the near future I plan to add:

  • More parsing ability
  • Different colored icons to designate upcoming, current and past productions
  • Ability to comment and upload photos for each production
  • Ability to get email notification when productions are scheduled within a user defined radius of an address

Check out the Downtown LA Filming Notification Map and tell me what you think. The screengrab above shows all the notifications in the system which goes back to the beginning of April. The map shows a week in the past and a week in the future by default.

Thursday, June 14th, 2007 -

Downtown Art Ride - The Opening Tour

I've decided to do something a little bit different with the Downtown Art Ride route this month. Being that we never make it to all the galleries, and that the route hasn't really changed much in the last few months, we will only be visiting galleries that are having openings that coincide with the Art Walk / Ride. There happens to be 9 galleries that are having openings, so that gives us a little over 20 minutes at each gallery. Here is a google map of the galleries we will be visiting which include: Art Murmur, LACDA, Regent Gallery, DLANC Outreach Center, Crewest, M.J. Higgins, Gary Leonard studio, 626 Gallery, Infusion. We'll see you today at 5pm at Art Murmur, bring your bike, a light, a lock and a helmet.

Thursday, June 14th, 2007 -

RSS Feed / FeedBurner

I've recently started tracking my RSS feed information through FeedBurner. So far it seems pretty darn cool. If you don't know what I'm talking about, RSS is a way to keep track of your favorite sites without having to constantly visit them to see what is new. There are a bunch of different online and desktop RSS readers. I used to use NetNewsWire, but I switched over to NewsFire. I actually kind of miss NetNewsWire, so I may go back at some point. Some good online readers are Google Reader, Bloglines, Netvibes and Newsgator Online. Here is a link to the rss feed if you want to subscribe. You can also now subscribe to email updates by clicking on this link.

Tuesday, June 5th, 2007 -

New Dubstep Website :

So I've been really getting in to Dubstep in the last few months, and I've decided to start a site about it: It will be similar to, in fact it currently just forwards you to the Dubstep and Grime forum. As soon as I'm finished with my current rewrite of eecue and junglescene I will create a separate, but closely integrated site for

Friday, June 1st, 2007 -


A few months ago I signed up for twitter, but I really didn't see the point to using it. I've decided to give it another try, so I've been updating my info and I've invited a bunch of my friends and neighbors to try it out. So far it has been pretty darn cool and I can see how this could be really useful for organizing spur of the moment things. You can check out my twitter page here.

Friday, June 1st, 2007 -

blogdowntown Historical Fun

I totally failed to mention that I am now writing for blogdowntown. This is in addition to writing for I am going to continue posting content relevant to LA on and I am going to be posting Downtown history related tidbits to blogdowntown. I will also be linking to my posts on those to blogs from here and if the content is relevant to multiple outlets I will post unique versions of the content on each site.

My first post on blogdowntown was of a spoon that I bought on ebay. I posed a few questions to the readers and they were answered quickly. I am planning on doing a series where I scan historical public domain photos of Downtown from my collection of old books and post them along with a modern version of the photo's subject. I am now going to try find a way to take a photo down 3rd street from Bunker Hill, if that is even possible.

Thursday, May 31st, 2007 -

LA Downtown News : Best Downtown Blog Nomination

My website has been nominated for the Best Downtown Blog by the Los Angeles Downtown News. Unfortunately, today is the last day to vote, and the Downtown News forgot to inform me or any of the other bloggers who were nominated that we were contenders. Although I am a Downtown blogger, my blog most certainly isn't the best in Downtown LA, as I don't cover Downtown nearly as much as Eric, Don and Ed. My prediction is that blogdowntown will win, but it remains to be seen who takes the prize. Here are all the nominated blogs as they appear on the ballot:

And here is a link to where you can vote.

Thursday, May 31st, 2007 -


Tags (Alpha)

activation-functions  ai  ai-ml  album-names  alexnet  alphago  anomaly-detection  antennas  apple  apple-news  apple-photos  art-center-college-of-design  artificial-intelligence  attention-mechanisms  autoencoders  autonomous-vehicles  autonomous-weapons  backpropagation  bert  big-data  black-hat-2007  blog-series  blogging  books  california  california-academy-of-sciences  canon-r6-mark-ii  canon-rf-2470mm-f-2-8-l-is-usm-lens  caption-generation  caves  celebrity-detection  chatgpt  chemistry  cnn  cnns  communication-with-interplanetary-spacecrafts  computer-vision  convolutional-layers  convolutional-neural-networks  crowdrise  data-denoising  data-extraction  data-privacy  decision-trees  decoder  deep-learning  deep-space-network--dsn-  denoising-autoencoders  dimensionality-reduction  disneyland  drum--n--bass  eecue  embeddings  encoder  engineering-leader  ensemble-learning  ethical-dilemmas  ethics  face-detection  facial-recognition  family  family-trips  feature-extraction  feedforward-neural-networks  fireworks  fnns  food  fully-connected-layers  gans  geeks  general  generative-models  gofundme  golden-gate-park  goldstone-deep-space-communications-complex  gpt  gpt3  gpus  gradient-descent  gru  gtd  ham-radio  hardware-accelerators  health  healthcare  hidden-states  history  image-analysis  image-classification  image-generation  image-keywords  image-processing  image-recognition  imagenet  innovation  interplanetary-spacecrafts  ios  ipad  iphone  japan  koreatown  large-language-models  latent-space  layers  led  lemos-farm  links  llm  locations  los-angeles  loss-functions  lstm  machine-learning  messagepack  military  ml-keyword-detection  ml-photo-scores  mlps  multilayer-perceptrons  music  nasa-jet-propulsion-laboratory--jpl-  natural-language-processing  navwar  neural-networks  neurons  new-mexico  nuclear  object-detection  openai  osxphotos  outdoors  overfitting  parallel-computing  photo-management  photo-sharing  photography  photos  photos-app  pirates  politics  pooling-layers  pyrotechnics  python  radar-imaging  recurrent-neural-networks  reinforcement-learning  rekognition  reverse-engineering  rnn  rnns  robotics  robots  san-bernardino-cave-and-technical-rescue-team  san-francisco  sar  science  security  segmentation  selfsupervised-learning  sequential-data  snarl  space-communication  space-exploration  spawar  speech-recognition  sqlite  support-vector-machines  symbolic-ai  tags-labeling  technical-skills  technology  temporal-dependencies  tensorflow  the-vermont-on-wilshire  time-series-forecasting  tpus  ujet  vaes  variational-autoencoders  vision-transformers  wag  wired  writing  

Tags (Count)

photography  los-angeles  links  general  technology  eecue  politics  security  japan  apple  sar  food  music  science  black-hat-2007  california  outdoors  new-mexico  nuclear  caves  machine-learning  robots  deep-learning  drum--n--bass  geeks  neural-networks  snarl  ai  computer-vision  gpus  gtd  health  natural-language-processing  object-detection  artificial-intelligence  autoencoders  backpropagation  celebrity-detection  chatgpt  cnn  facial-recognition  feature-extraction  fnns  gradient-descent  ham-radio  imagenet  osxphotos  robotics  sequential-data  spawar  sqlite  tpus  writing  activation-functions  ai-ml  album-names  alexnet  alphago  anomaly-detection  antennas  apple-news  apple-photos  art-center-college-of-design  attention-mechanisms  autonomous-vehicles  autonomous-weapons  bert  big-data  blog-series  blogging  books  california-academy-of-sciences  canon-r6-mark-ii  canon-rf-2470mm-f-2-8-l-is-usm-lens  caption-generation  chemistry  cnns  communication-with-interplanetary-spacecrafts  convolutional-layers  convolutional-neural-networks  crowdrise  data-denoising  data-extraction  data-privacy  decision-trees  decoder  deep-space-network--dsn-  denoising-autoencoders  dimensionality-reduction  disneyland  embeddings  encoder  engineering-leader  ensemble-learning  ethical-dilemmas  ethics  face-detection  family  family-trips  feedforward-neural-networks  fireworks  fully-connected-layers  gans  generative-models  gofundme  golden-gate-park  goldstone-deep-space-communications-complex  gpt  gpt3  gru  hardware-accelerators  healthcare  hidden-states  history  image-analysis  image-classification  image-generation  image-keywords  image-processing  image-recognition  innovation  interplanetary-spacecrafts  ios  ipad  iphone  koreatown  large-language-models  latent-space  layers  led  lemos-farm  llm  locations  loss-functions  lstm  messagepack  military  ml-keyword-detection  ml-photo-scores  mlps  multilayer-perceptrons  nasa-jet-propulsion-laboratory--jpl-  navwar  neurons  openai  overfitting  parallel-computing  photo-management  photo-sharing  photos  photos-app  pirates  pooling-layers  pyrotechnics  python  radar-imaging  recurrent-neural-networks  reinforcement-learning  rekognition  reverse-engineering  rnn  rnns  san-bernardino-cave-and-technical-rescue-team  san-francisco  segmentation  selfsupervised-learning  space-communication  space-exploration  speech-recognition  support-vector-machines  symbolic-ai  tags-labeling  technical-skills  temporal-dependencies  tensorflow  the-vermont-on-wilshire  time-series-forecasting  ujet  vaes  variational-autoencoders  vision-transformers  wag  wired