Friday, August 16, 2013

Conspiracy Theory

I don't live in the best part of town, or the best town, let's say. So after a string of thefts over the last several years, I decided to install a security camera. I didn't think about it too much (I was still being driven by anger for having been ripped off). I drove to Best Buy and looked at what they carried in IP cameras. I came home with this-


It's the D-Link-942L IP camera and it's a good one. It was a little expensive (more than $100.00) and produces okay quality, standard definition video (640 by 480 pixels). It has motion sensing and records video to an (optional) built-in microSD card. It's by D-Link and I've been a fan of their products for years.

After I got the hardware and software set up, I found I could make an account at D-Link to watch video from my camera anywhere and anytime over the Internet. So I went to mydlink.com and made an account. Right away I was a little peeved to get a message that my browser (Opera, a good browser) was unsupported. So to access my camera over the Internet here I would have to use Firefox, or God forbid, Internet Explorer. 

When I was done I could indeed look at my front porch anywhere on the Internet. That was cool.

But fifteen minutes later I discovered a better way to do this. It was a simple matter of opening a port on my router's outside interface and forwarding requests received there directly to my IP camera. This was a simpler and better way. This is the way I use now. 

I had a moment of pause then but it took awhile for me to realize consciously something was wrong. How was mydlink.com connecting with my camera?

My router is set up (like many I believe) to allow all outbound requests (from my network to the Internet) and to block all inbound requests (from the Internet to my network). This is a good and simple way to keep from being exploited by strangers on the Internet. After all most people get an Internet account and pay for it to serve their needs. They want the Web, they want email, they want peer-to-peer, etc. You can reasonably expect then that normally requests will originate from the network and travel to the Internet. Anything coming the other way is likely to be trouble and is blocked. So if somehow D-Link tried to access my system from afar it would be blocked by my router. 

I thought about it and eventually came to the fact that my new IP camera was making a connection to D-Link without my knowledge. It was on my network, on "my" side of the router, so it was trusted. I logged onto my router and discovered the truth-



My camera was making a secure connection to somewhere. 192.168.0.161 is the IP address of my camera. You can see it was making a secured connection to the IP address "54.215.3.237". I pinged this and found-


So it was connecting to Amazon. I'll buy that.

This could be a security problem. You might assume this connection is used only by D-Link to give you access to your camera output to check up on what's going on at home, when you are away. That's reasonable. But there is potential to abuse this. What if some dishonest person or group hacks D-Link? What if D-Link agrees to channel the feed from your camera, from anyone's camera, to the headquarters of some TLA (three letter agency) like the NSA, the FBI, etc.? I knew I had to do something about this. 

I was never able to stop the camera from trying to make a connection to D-Link. I eventually found a way to block its attempts at the router. But it never stops trying. Day and night, night and day, it tries (unsuccessfully) to connect to D-Link. Here's a screenshot of my router's logs, showing the connection attempts:


And I confirmed the blocking by trying to log on to mydlink.com:


It's like a slow-motion, endless DOS (denial of service) attack on my router. I feel better now but I'd really like to stop the camera from doing this.

Here's a bigger question- how many other D-Link security cameras are in use out there, and are engaging in this behavior, without their owners even knowing it? Thousands? Millions? Let's say thousands. If D-Link cameras (and other IP cameras) are doing this it represents a huge potential problem. I guess that's my concern- that the security and privacy of peoples' homes and lives is being compromised by IP cameras that "phone home" without the owners' knowledge.  

I guess that's all I have to say for now. Any comments? Questions?










Thursday, November 4, 2010

Digital Photography- Depth Of Field and Aperture

This entry refers to what is possibly my favorite tech gadget- my Fujifilm Finepix S-700. After the loss of my first digital camera in late 2008, I finally entered Wal-Mart about a year ago to purchase a cheapy point-and-shoot little box I could slip into a shirt pocket for impromptu snaps. My budget was $100 or less. The plan was to later purchase a much better camera after saving for it. But, I happened upon this one and was impressed with the features it packed at such a modest price. I could see immediately it was an older model but I still liked it. It was about $130 so I revised my budget upward on the spot and bought it.

Depth of Field describes the range in a photo which is in good focus. The more narrow aperture used, the greater the depth of field. The wider the aperture, the less the depth of field. The tradeoff is that a narrow aperture limits the amount of light allowed in, thus darkening the image.

Here's a good description of the depth of field concept at Wikipedia:

Depth of Field

The aperture is the hole through which light is shined upon a piece of film (in a conventional camera) or the sensor (in a digital camera). The camera can automatically set this as it sees fit to get proper exposure, and many digital cameras let you adjust this for different effects. I put my camera to its absolute narrowest setting for a wider range of clearly focused objects in the image.

Here's a good description of the aperture concept at Wikipedia:

Aperture

Cameras use a contrary numbering system for designating aperture settings, thus 3.5 is the widest my camera supports, and 13.5 is the narrowest.

Note in picture 1 (settings: f 13.5, 1/10s, ISO 100) the range of clearly focused objects as indicated by the arrows. I used the narrowest aperture and the range of focused objects is pretty wide:


Note in picture 2 (settings: f 3.5, 1/32s, ISO 100) I did the opposite and put the camera to its widest aperture setting to lessen this focusing range. Note the placement of the arrows and the much smaller range of focus. Also note how much brighter the second image is; this is another effect of a wide aperture:


Note that I used this camera's macro mode for photographing small objects very close to the camera. This mode limits depth of field very much to begin with, and I narrowed it further with a wide aperture.

Some folks use a narrow aperture to make sure all objects in the frame are in focus, and some use a wide aperture to keep only one item in focus, to emphasize that object. You might want to highlight a person's face this way. I tend not to shoot this way; I usually adjust shutter speed and aperture to get good exposure. If I had to choose I would adjust for a more narrow aperture so everything is in focus. This is probably because I shoot scenes and landscapes frequently, where there is no subject and anything in the frame could be of interest.

This is relevant because, if you are curious, at some point you may want to switch your digital camera from Auto to Manual and make the photography decisions yourself.

Wednesday, October 27, 2010

First Post

This is the first post to what is my new tech blog I will call Tech Wonder. I suppose I chose this name because I have a love of technology and I enjoy collecting and using gadgets. I hope this blog is useful and educational to its readers, because I know it'll be a joy to write. It will feature technical topics, including articles on many electronic items I own or wish to own. I have been collecting, using and sometimes just lusting after electronic gadgets for all of my adult life. This blog is an outlet for my love of these things. Your comments are welcome.