Steven's Journal

Now on Twitter

2008-12-26T16:35:15Z

I'm been experimenting with microblogging. You can now see what I'm up to by following my Twitter feed.

Media coverage of Chip & PIN vulnerabilities

2008-02-26T20:39:30Z

Saar Drimer, Ross Anderson, and I have been investigating the security of Chip & PIN terminals. We found significant failings almost everywhere we looked.

Our results are now public, and will be featured on BBC Newsnight, 10:30pm, tonight, BBC2. We have summarized our findings in a brief press release and FAQ. The full details are in our academic paper.

The press is starting to pick up our story, and it is discussed on ZDNet and the BBC wesbite. More media coverage is expected.

Ely cathedral

2007-11-05T11:32:13Z

See all photos from the Ely set
Originally uploaded by sjmurdoch

As well as my digital compact, I also have a Nikon F65 film SLR, although I use it less often nowadays. This set is from Summer 2004, from when me and my parents visited Ely, taken on Kodak T400 CN B/W film. I used a variety of colour filters for contrast enhancement, for example the one on the right was taken with a deep red or orange filter to emphasise the clouds.

I spent most of my time photographing the cathedral, which is of an interesting design. It's a mixture of styles, since conventions changed over its construction, and bits that collapsed were replaced with new ones more in keeping with the current fashions. One of the later additions was the octagon tower, which you can see close up by climbing onto the roof. There is also a good view of the surrounding countryside, or by looking down into the cathedral.

One advantage of the SLR is that it performs much better in low-light conditions. The T400 film is also quite forgiving of under-exposure. So I was able to take a few shots of the interior, without needing a tripod. The alter turned out quite nicely, as did the photo of the nave with choir in the background (these were with the 28mm wide-angle lens). Within the choir itself, you can see the light coming in from the lantern tower.

Two of the photos, of the octagon tower and West tower are being considered for use in a book (this is what caused me to dig out the CD). It's only a self-published novel, but I'll enjoy seeing them in print.

Finally, I took some photos of a duckling family, in a park near the cathedral. They were surprisingly not bothered with me, and in fact I got more attention from the people nearby, who were wondering why I was slowly crawling around on the grass with a 300mm telephoto lens and filter pack :-)

Copenhagen

2007-10-26T22:42:41Z

Copenhagen
Originally uploaded by sjmurdoch

My second set of photos from Denmark are in Copenhagen where EuroBSDCon was held.

The flights were fine, after I made it past airport security with my dangerous bottle of water and the waiting. From the plane, I got a good view of the impressive bridges linking the Danish islands. I would later see them again on the way to Legoland, which I posted about last week. The airport was good, unless you are a smoker, in which case you get stuck in a small box, while I got the train to the center of town.

I was staying with many of the other speakers at the city youth hostel. It was very good as youth hostels go, and I used Hugin to make a panorama from the great view. Later I tried taking a few night shots. Were my room on the other side, I'd have had a view of Tivoli gardens, and the funfair.

The conference itself was fun and my talk went down well (it won second prize). The (generally friendly) Linux/BSD competition amused me. In fact, Copenhagen was a generally happy placed, the graffiti made me laugh and even the power sockets were happy. :-) Things there were a little different, for example I thought this device was a card skimmer, but I am assured it is entirely legitimate. The street furniture was quite neat, such as the crossing marking to help blind people.

I spent my last day in some of the city gardens, especially the botanic gardens, filled with exotic plants, fascinating ironwork, and statues. Then I went to the Trinity Church, which is complete with pipe organs, both old and new. Finally, at the airport, I noticed an Avro RGJ85. This reminded me of my Manchester trip, where the Avro company was founded. Although this wasn't the plane I took back, I believe this Avro would be much more comfortable than some of their previous museum pieces I saw.

Legoland Denmark

2007-10-18T12:53:27Z

Legoland Denmark
Originally uploaded by sjmurdoch

As part of my trip to Denmark in September for EuroBSDCon, many of the attendees visited Legoland in Billund, about 4 hours away by coach from Copenhagen. It was a fascinating place and I took lots of photos, a few of which are now online.

The majority of Legoland consisted of models of famous buildings and places from around the world, such as America, Japan and Africa. There were also rides, such as being flung around on the end of an industrial robot arm, or a more relaxing revolving tower to get a good view of the park. Some however decided to make activities a bit more challenging.

For the more competitive minded, there were suitable activities. One that excited the various operating system hackers present was to build a downhill racing car. We were very proud that with our combined knowledge and experience we could design a marginally faster model than a group of 5 or so year old children. I did at times wonder who were the bigger kids :-)

We were lucky with the weather and it was a fun experience, though the exhibits were not without occasional technical problems, even ignoring the invasion of monster ducks :-)

Charlotte and Stephen's wedding

2007-10-10T22:10:50Z

Charlotte and Stephen's wedding
Originally uploaded by sjmurdoch

This set is one from the archives, the wedding of my friends Charlotte Goodburn and Stephen John, in July 2007, but I only just got around to uploading it (I'm still behind, but catching up).

I know the couple through the bride, Charlotte (aka Camille) Goodburn, when we were on the committee of the China Forum. Amazingly she both managed to organize a wedding and a conference at the same time, but apparently the conference was the easier of the two :-)

The wedding was held in St Catherine's college, Cambridge. Following the ceremony we went outside to the garden, then back into the hall for speeches and dinner.

Much dancing happened, and silliness ensued. Overall I think everyone had a good time. By the time people were leaving, it was dark, but fortunately it wasn't far to get home.

Poland

2007-09-27T13:09:23Z

Kazimierz Dolny
Originally uploaded by sjmurdoch

Last month I visited Kazimierz Dolny, a small town near Warsaw, Poland. I've put a few of my photos online.

I flew from Luton to Warsaw with the pink themed WizzAir (a Hungarian budget airline) which was generally OK. There was a short delay on the return flight, which was unfortunate as I had to spend more time in the cramped "Etudia" terminal. The main terminal was fine though.

The town is situated on the banks of the Vistula, and is now frequented both by tourists and artists, having some fine examples of Renaissance architecture such as the house pictured above and church. It is also popular for weddings (we saw several), and I noted that one of the brides sensibly chose appropriate footwear for the cobbled streets :-)

Finally, despite the beautiful surroundings, I was was still able to find time for a little geekiness, when I saw a jukebox reboot into SuSE Linux.

Museum of Science and Industry, Manchester

2007-09-09T17:57:50Z

Museum of Science and Industry
Originally uploaded by sjmurdoch

When I visited Manchester, for Claire and Mark's wedding, I had a spare day during which I did a bit of geek tourism, by visiting the Museum of Science and Industry. This was among the best of the science museums I've visited, and is free admission, so well worth checking out if you are nearby. I've finally got around to uploading a selection of my photos.

I was staying at the Days Hotel, which was a reasonable hotel, but one of the neat features was the Foucault pendulum in the lobby, mounted on the top floor (Wikipedia describes the operation).

My favourite exhibit at the MoSI was the steam section. In other museums, the engines are either static, or wired up to a slow-running electric motor. In the Manchester museum, they're driven by real steam and, as far as I can tell, at full speed. This makes the experience far more realistic and much easier to appreciate the power behind these machines.

I also liked the computing exhibits, including the Pegasus and a reconstruction of the Manchester Baby. The latter is demonstrated once a week by the enthusiasts who built it, but when I visited the exhibit was closed. However, one of the museum staff was kind enough to allow me and a few other interested visitors to look at it.

Finally, I went to the Air and Space hall, which contained many interesting artifacts, probably the most impressive being the Avro Shackleton bomber. I was also amused at the bright-orange "black-box" (which incidentally is the code-name of a project I was working on at the time).

USENIX Security 2007, Boston

2007-08-31T12:48:45Z

USENIX Security 2007
Originally uploaded by sjmurdoch

In early August, I visited Boston, MA, USA for a week, mainly to attend the USENIX security symposium, where my paper was to be presented. I also attended a couple of meetings, visit MIT and had enough time for a quick look around Boston. I've published a selection of the photos I took.

The trip started in Cambridge, and from there me and Robert travelled to Heathrow. Then we flew into Boston Logan.

Our hotel claimed that we would be staying in a "VIP room", but other than the view, was fairly unexceptional. At MIT I took some photos of the Stata Center. The taxi driver didn't know how to find it, until I explained that it was the "really weird building". I could relax about my USENIX paper, since Saar was presenting it, and we even won the best student paper award.

On my final day, I walked to Boston Common, and took a few photos of the wildlife, scenery, and random people. Finally I visited the Museum of Science, taking photos mainly of butterflies but one or two of the other exhibits.

My trip back to the UK was pleasantly uneventful, and I was there for almost two weeks before I travelled to Poland (photos to follow).

Claire and Mark's wedding, Manchester

2007-07-25T21:35:42Z

Claire and Mark
Originally uploaded by sjmurdoch

Earlier this month I attended the wedding of my friend Claire, who I know from our time at Girton College. This was held in Manchester, and was my first time visiting the town. A good time was had by all, and I've published a selection of the photos, mainly from the reception held in Manchester town hall.

Privacy Enhancing Technologies 2007, Ottawa, Canada

2007-07-18T11:31:31Z

PET 2007
Originally uploaded by sjmurdoch

In June I attended the 2007 PET Symposium, held in Ottawa, Canada. I've uploaded a selection of my photos, from the conference itself, the traditional PET hike, and my own travels around Ottawa.

Leuven and Brussels

2007-06-28T10:33:45Z

Leuven and Brussels
Originally uploaded by sjmurdoch

Earlier this month, I visited the COSIC group at K.U. Leuven to present a talk. While I was there I had some spare time, so was able to look around Leuven and Brussels and take a few photos.

New blog: Light Blue Touchpaper

2006-02-23T17:19:54Z

My research group has a new blog – Light Blue Touchpaper. From now on, I will be posting my technical-related entries there instead of my LJ. It has a RSS feed as well as a syndicated LJ. I expect the other posts will be of interest, but if for some reason you only want my ones, there is also a restricted feed.

My first post there has now been published, discussing website registration regulations in China.

End of 22C3

2006-01-01T22:14:36Z

The 22nd CCC has finished and I greatly enjoyed it. I think my talk went reasonably well and I had some good feedback. The slides (878 KB PDF) and video (77 MB WMV) are now online, with other versions of the video expected soon.

Talk at the 22nd Chaos Communication Congress

2005-12-23T16:52:16Z

I am giving a talk at 22C3: The 22nd Chaos Communication Congress, on covert channels in TCP/IP. I got interested in the field after hearing (and breaking) a scheme presented by Joanna Rutkowska at the previous CCC, although I was already quite familiar with covert channels in general.

This led onto me writing a paper, which was accepted at the 7th Information Hiding Workshop, but now I am coming back to the CCC to present my results in a slightly less academic context.

For more details on the talk, see the full description. It is scheduled for day 1 (December 27th) at 10pm, but hopefully some people will still be there. Joanna's talk was one of the most popular at 21C3, although based on some comments (english), I wonder whether more people where there to see the speaker rather than hear the speech.

Now I should return to preparing my slides.

More MySpace redecoration

2005-12-20T18:45:59Z

There have been a few more updates on my last hotlinking re-education attempts. A few have noticed, and one even retaliated. See my old post for the details.

I found a new person using my background. This time a Rock/Metal/Post Hardcore band called "Five & a Half Hours". Based on their current page, I am not sure if a shock image would be out of place. So instead I give you Julie Andrews.

Update 20 Dec 2005:
Less than 2 hours and 14 hits later, they have noticed and removed the background image.

Update 20 Dec 2005:
It's back. They have switched to a smaller version of my desktop background (1024x768), which if they opened in a new window would look fine. However now that they hotlink to it, other visitors will see Julie. Due to caching, it probably looked normal to them the first time. I now know their IP addresses, so have added them to a exclusion list, so it will keep on looking fine to them, but not to the rest of the world.

Drawing programs (for Linux)

2005-12-19T22:22:11Z

I am making some diagrams for my thesis and have not been able to find a drawing tool I like. The main lack seems to be versatile alignment functions, does anyone have suggestions for something that might do what I like?

Dia is probably the closest to what I want, but it is buggy and unstable. It still can't do everything I need, for example I couldn't make it vertically centre text in an ellipse. Inkscape doesn't appear to do lines connected to objects well, so I would have to manually make sure that arrows join up with what they should. Xfig is my usual diagram tool, but it is very limited. Finally, MetaPost can do what I want, but is quite laborious to use

What do other people use, is there anything better? Linux would be preferred, but I would consider using Windows if needed. I had a quick try at Adobe Illustrator, but I can't see how to make it do something like automatic connectors. Can it?

Hotlinking punishment

2005-12-06T11:13:46Z

I used to have a website, murdomedia.net, which I designed in 1997. With the white text on black background, neon-effect buttons and spinning animated GIFs, it truly was a site of the nineties and that is where it should stay. I decommissioned the site last week, but arranged for it to record which URLs which were requested. As expected for an essentially dead site, other than robots, there were practically no hits, with the exception of one set of files.

In 2001, I made a desktop background, called Eye of the Code, which I submitted to themes.org. It has been reasonably popular, and someone even based a Fluxbox theme on it. What I didn't know was that 9 blogs and homepages were hotlinking to this image, so I was getting several hits per hour, downloading the 500kB image.

Now, tradition dictates replacing it with a suitable shock images, which due to captain_aj's valiant efforts I am very familiar with. However, I thought something more creative was called for.

On reading these pages, the impression I get from all of them is people screaming for attention. My desktop background was designed to be sedate and non-distracting (although it doesn't go well with text). I thus went for something more appropriate, of course including a photo of the centre of attention.

For example with Tabatha's MySpace page:

Using mod_rewrite I serve up the appropriate image based on the HTTP referrer. For example, here is the result for Yuppie Killer:

Before

After

In the interest of international relations, for the German page, I used "Guck mal ... ich bin TOLL!!", which translates to "Look ... I'm GREAT!!".

The full list of sites is below. If the background doesn't load correctly, hit Shift+Reload; browsers don't expect images to change on the basis of referrer, so often cache the wrong one.

Tabatha aka devilsangel891 – Website that plays music; stabby, stab
avril13<>s knuddelige HP – In German, big page, she likes Avril Lavigne and eyes apparently
Marie aka freak_taleen – "I felt like drawing a sheep." But you didn't; why not just hotlink to someone else's sheep?
Yuppie Killer aka fuckyourcar – Angry. Latest blog entry: "Am I missing something?...do I have a sign on me that says: "I'm a complete fucking moron?". No, but your new web page background should send a similar message
M.I.L.F. – How can someone be a self described MILF? (NSFW)
h_e_x_o_n – He has a <marquee> that displays an insult; classy
Jocelyn aka strangeoid – " I am a very artsy-fartsy type person. I draw, write, paint, sing, act, sew, make my own jewlery". For a writer your spelling leaves something to be desired, and if you think blue text on a red background is aesthetically pleasing, I have doubts about the painting.
clompy – Wow, it makes my mouse pointer turn into a crosshair, how can I do that? (no photo unfortunately)
youlaugh_ibleed &ndash I think her keyboard is broken (again, no photo). And her page turns the cursor into a crosshair; I wonder if these two know each other?

I hope you will agree that this is a significant improvement. I will wait and see if the web page owners concur.

Update 6 Dec 2005:
Yuppie Killer is the first one to spot the change. As predicted by captain_aj, Yuppie Killer says:

To whoever hacked my account and changed my background picture....You are a fucking piece of shit

He has changed his user page to be white text on a white background, but if you highlight it then you can read his ranting.

Update 7 Dec 2005:
Yuppie Killer has updated his message:

To whoever hacked my account and changed my background picture, is that all you got?....You fucking piece of shit

Myself and captain_aj are working on the answer.

Update 7 Dec 2005:
Tabatha has updated her page (still has music). She now hotlinks to a painting called "Mushroom People". She hasn't made any comments about the change, and doesn't have a blog.

Update 8 Dec 2005:
Avril 13 has changed her background. This time not hotlinking &ndash perhaps she is learning.
Clompy has taken her journal offline. Perhaps she thinks it has been hacked and will bring it back later.

Update 10 Dec 2005:
h_e_x_o_n has noticed. In his blog post, he says:

who made the new background for me :P i really like that......

It is still set to my image. Any suggestions on what I should do?

Update 11 Dec 2005:
A fine suggestion from captain_aj was to make h_e_x_o_n's background a screamer, albeit without the scream. You need to wait for 8 seconds.

Update 12 Dec 2005:
h_e_x_o_n doesn't like the screamer as much as the previous image. He now hotlinks to a 1275×1753 JPEG from Barb's Bunker. Tasteful, but makes the text unreadable. Probably for the best.

Update 15 Dec 2005:
h_e_x_o_n has found my journal, thanks to his (anti-)stalking script, and retaliated.

Publicity about my "Laser-printed PIN Mailer Vulnerability Report"

2005-08-26T14:18:45Z

Since October 2004 I have been investigating the security of tamper evident laser-printer PIN mailers. These are sheets of paper with a special patch where you print the PIN using a normal laser printer. The intention is that you can't read the PIN until you peel off a bit of plastic or scratch off a coating, depending on the technology. For example, probably the most widespread type is Hydalam. Then you shouldn't be able to put patch back to its previous state, without leaving some evidence of tampering. This is so someone can't intercept your PIN in the mail, read it and put it back, without the legitimate recipient noticing.

The project started when Mike Bond noticed that he could read one of his PINs without tampering it, just by looking carefully. Later Jolyon Clulow and myself got involved and found new ways to reveal the PIN, ranging from shining a bright light at the PIN from an angle to scanning the PIN mailer and using the GIMP to enhance the image.

When we realised this was a problem, we contacted the manufacturers and users of these products and helped them develop new PIN mailers which were resistant the these attacks. We sent them a vulnerability report in November 2004 which was privately circulated in the banking community. We planned to publicly release information about the vulnerability 6 months later, but by this stage it was clear that manufacturers were still working on fixing this problem, so we delayed the release another 3 months.

On the 31 July 2005 we put the report on our websites, but not much happened for a while. Then SA Mathieson picked the story up and wrote an article for Infosecurity Today on 24 August 2005. Soon after, the BBC picked it up, followed by The Register and PC Pro. Today some other journalists have been phoning Mike and he was interviewed on the Simon Mayo show on Radio Five Live at about 2pm.

Laser-printed PIN Mailer Vulnerability Report (PDF 676Kb)
: The original report which sparked it all off – released on 31 July 2005; Also mentioned in the author's blog
Infosecurity Today: UK banks sent out vulnerable PIN mailers: First news article – 24 August 2005
BBC News online: Poor print exposing Pin numbers: More information on the vulnerability, including a response from APACS, the banking industry trade association – 25 August 2005; Also published in Turkish Weekly and The News (Pakistan); Commented on by Digital Silence, Addict3ed and Schneier on Security; There was a post to the cryptography mailing list about this article and while our report does not deal with lottery-style scratchcards (where the data is covered by a coating over the toner, rather than being disguised by a coating on the other side of the toner), a followup post describes a fairly high-tech but apparently feasible attack on these too.
The Register: The GIMP threatens PIN number security: Article with a slightly different spin – 25 August 2005; Also published in IT Observer, SecurityFocus and NewsForge
PC Pro: Cambridge team reveals PIN vulnerability: Brief summary of the vulnerability – 26 August 2005; Also published in Computer Shopper
Slashdot: Graphics Programs Uncover Secret PINs: Brief summary along with many comments, much of which are of dubious value
The Sydney Morning Herald Technology: Razor - Is your PIN secure?: Comparison with Australian practices

Update: (26 August 2005) Slashdot added.

Update: (27 August 2005) Turkish Weekly, Digital Silence, IT Observer, SecurityFocus, NewsForge, Addict3ed and Sydney Morning Herald added from Google News.

Update: (28 August 2005) Computer Shopper and The News added..

Update: (30 August 2005) Schneier on Security added.

Update: (31 August 2005) Cryptography mailing list added.

Black helicopters

2005-08-15T14:00:23Z

I sometimes wonder if the black helicopters are coming to take me away. While I was browsing logs of people who have looked at my web pages, I noticed these entries. If the black helicopters ever do come - they may have been sent by these people:


cifagb01.cifa.mil - - [21/Jul/2005:18:04:28 +0100] "GET /users/sjm217/talks/ccc04_counterfeiting.pdf HTTP/1.1" 200 21759
cifagb01.cifa.mil - - [21/Jul/2005:18:04:28 +0100] "GET /users/sjm217/talks/ccc04_counterfeiting.pdf HTTP/1.1" 206 21703
cifagb01.cifa.mil - - [21/Jul/2005:18:04:32 +0100] "GET /users/sjm217/talks/ccc04_counterfeiting.pdf HTTP/1.1" 206 1969151

CIFA (Department of Defense Counterintelligence
Field Activity) was established in February 19, 2002. They don't appear to have a web page, but there is some information about them on military.com:

Quietly created post-September 11, CIFA has a broad charter to provide counterintelligence and security support to the Defense Department around the world and within the United States.

"Worldwide, more than 400 civilian and military employees work for CIFA with the ultimate goal of detecting and neutralizing the many different forms of espionage regularly conducted against the United States by terrorists, foreign intelligence services and other covert and clandestine groups," according to the Defense Security Service.

"The threats posed by these adversaries include actions to kill or harm U.S. citizens; to steal critical information or assets (military or civilian); or destroy critical infrastructures."

They appear to got someone else's tinfoil hat rattling by showing up in their web logs. And there are a few more people with similar stories.

The PDF they looked at was my slides from the talk I gave at 21C3 on The Convergence of Anti-Counterfeiting and Computer Security (PDF 1.4Mb). I suppose it could be mildly controversial but I don't quite see the link between it and the CIFA mission.

Of course, it could just be an CIFA employee who was curious about anti-counterfeiting measures (that was how I came about to write the talk), or perhaps someone unconnected who is spoofing their reverse DNS. The latter is quite easy to do as the I believe the Computer Lab web server does not do double reverse-DNS lookups.

If it really is from CIFA, perhaps someone should tell them about Tor.

While I am at it, someone who appears to be from the US Air Force Kirkuk Airbase looked at my Area 51 satellite photo, which I linked to from my Shadowconflict blog comment.


krab-n.krab.aorcentaf.af.mil - - [09/Aug/2005:07:45:43 +0100] "GET /users/sjm217/volatile/area51col.jpg HTTP/1.0" 200 70118

So if I ever disappear in mysterious circumstances one day, you know who to ask.

Low-Cost Traffic Analysis of Tor

2005-05-17T10:45:36Z

Last week I attended the IEEE Symposium on Security and Privacy (known as "Oakland"), where I had a paper accepted – "Low-Cost Traffic Analysis of Tor". Tor is an tool for enhancing privacy on the Internet by allowing people to access websites/IRC/IM/etc. without giving away their identity. Along with George Danezis, we found a way to reduce the anonymity provided, although not allowing the user to be traced.

The conference went well; there were several interesting papers and I received useful feedback on my submission. I made some contacts, both at the conference and other events, such as the BayFF Tor event.

The EFF, who currently fund the development of Tor, have picked up on the paper and posted a comment on their blog.

The Convergence of Anti-Counterfeiting and Computer Security

2005-02-15T11:25:57Z

I'm giving a talk today. If anyone is interested, feel free to come along.

Speaker: Steven J. Murdoch, University of Cambridge
Date: Tuesday, 15 February 2005, 16:15
Place: Lecture Theatre 2 in William Gates Building

Abstract:
Since January 2004, many major graphics software and hardware manufacturers have included anti-counterfeiting measures in their products (including Adobe Photoshop, JASC Paint Shop Pro, HP Printers and Canon scanners). The feature operates by detecting characteristics of banknotes and preventing a suspicious image from being processed. The software is developed by the G10 Central Bank Counterfeit Deterrence Group and provided to manufacturers as a compiled library. No details of the what features the system detects are publicly available, and it has been established that it does not use the same counterfeit-deterrence technique used in colour photocopiers.

Firstly the lecture will include background information on existing counterfeit deterrence systems, designed to prevent currency being copied on conventional printing equipment. This will move on to the more modern techniques, developed in reaction to the widespread deployment of high-quality digital printing hardware. Also the field of digital watermarking will be introduced and its relationship to counterfeit deterrence discussed. The lecture will cover the progress of a project to understand the currency detection feature, and reverse engineer it. This includes conventional reverse-engineering techniques such as disassembly and dynamic code analysis, but it will also describe application specific tools, such as black box digital watermark benchmarking.

Finally, proposed EU legislation will make the inclusion of such a system mandatory, so the consequences on Free and open source software will be discussed. These are in addition to conventional DRM problems such as prevention of legal manipulation of currency images, and other problems specific to counterfeit deterrence.

Ducklings

2004-06-21T11:29:10Z

In my last post, I forgot to mention two photos of ducklings which I took in Ely:

Ely Cathedral

2004-06-19T14:09:27Z

I now have my photos developed from a trip to Ely Cathedral:

.

Also on the same film, some from this year's Stravberry Fair (including one of lusercop devil sticking):

Night photos and colour temperature

2004-02-01T15:30:21Z

One fun thing to do with a SLR is to take night photos, since typically compact cameras cannot handle the long exposure times. This is also one of the areas that film cameras still do better at than digital, since in long exposures irregularities in the detector show up very clearly. Also with the more common CCDs, as opposed to CMOS detectors, charge leaks between buckets so causes blurring.

With night photos because the light level is so low, a lot of the settings are made based on experience, or in my case — guesswork. Fortunately since I used colour negative film, rather than reversal (slide) film, I had a fair amount of leeway so most turned out fairly well. I also talk a bit about the effects of colour temperature on photos. If you would like to take a look, then...
read on.

you can click on the thumbnails to go to a full size version

This is the first night photo I have taken. It is of my house and I used the Nikon F65 with the 28-100mm lens on a fairly light tripod, but it did the job (however it isn't strong enough for the 70-300m lens). The first problem of night photography is the weird looks you get from people. Kneeling down in a front garden at around 8pm did raise a few eyebrows but nobody said anything, except a friend who was recognised me. All of the photo magazines I have read recommend wearing high-visibility clothes to avoid looking suspicious. On the other hand most people are fairly unobservant so wearing dark clothes might well mean no one will notice you. In the end I had little choice since I was wearing black trousers and a black jacket at the time, but I wasn't arrested as a terrorist so it worked out OK in the end.

The building was being lit by the headlamps of the oncoming traffic, so I metered the light level when a car went past, then divided this by the approximate proportion of the time that there was a car passing. Since I didn't have a remote release, and the maximum exposure time of the camera is 30sec, I set the aperture to make the required time 30s and set it off (the lefthand one). I knew that for long exposures a chemical property of film kicks in, namely reciprocity failure. This results in the ratio between ISO number and sensitivity to light no longer being linear so causes long exposures to be underexposed. So I took a second photo with the aperture one stop wider (the righthand one) and this turned out correctly.

Another interesting feature of these photos is the colour &mdash it looks very yellow. This isn't because of sodium street lights since their contribution is fairly negligible. It is due to the "colour temperature" of the car headlamps. Typical film is designed to represent daylight as white since this is what someone would perceive. However other lights are not the same as daylight, so if daylight calibrated film is used with other light sources there will be a colour cast. This is generally not perceived since the human eye compensates for this by observing the light reflected off objects of known colour and adjusting the perception of other objects accordingly.

For continuous spectrum light sources such as filament bulbs the measure used for colour temperature is the equivalent black body radiation temperature, quoted in Kelvin. On this scale typical daylight is 5500K (a combination of direct sunlight and light bounced off the sky) so normal film (marked "Daylight") is calibrated to this. On the other hand, the light from a powerful tungsten studio lamp is 3200K, which is more yellow than daylight, so would be represented as yellow on daylight film. A 75W household lamp is even lower at 2800K. One solution to this is to use a filter (which I didn't have at the time), so to make a 3200K light suitable for daylight film a 80A blue filter is used. However this decreases the quality, both by decreasing the light level and increasing optical aberrations. A better option is to buy "Tungsten" calibrated film, which represents light at 3200K as white. Then if household lamps are used, only a fairly light blue filter is needed to compensate, whereas to compensate fully on daylight film a filter would need be very dark so as to make it almost useless.

I am still experimenting with colour filters, so have not yet decided what to do. It is feasible to do some colour corrections digitally, but this is not always the best solution. If a tungsten light source is used on daylight film, then this will result in a yellow colour cast and so the red and green sensitive layers will be exposed to more light. Since the layers have a finite contrast, in order to make the blue show up, the red and green could become saturated and hide detail. Since information has been lost, there is no way to recover from this digitally. One possibility I will try is to use a 80A filter on the len, so I bought one of these yesterday. If used with a 3200K light source then the image will have the correct colour balance, but if I use it with a lower colour temperature light, for example a household lightbuld, then hopefully the 80A filter will be enough to stop the red and green becoming saturated. Then I can either just leave the photo as is if the cast is not too noticeable, or adjust it digitally. Using tungsten film is another possibility, but such film is harder to obtain, more expensive and requires a filter if used in daylight or flash, which is how I take most of my photos.

My other photos of this type can be seen in the night photos album.

And finally another photo which shows the different colour temperature of halogen spotlamps...

Computer Lab (where I work) at night.