Yearly Archives: 2007

Reviews

Flickr tightens up image security

Given my concern with image theft, I do not like to hear about Flickr hacks. A while back, a Flickr hack circulated around that allowed people to view an image’s full size even if the photographer didn’t allow it (provided the image was uploaded at high resolution.) The hack was based on Flickr’s standard URL structure for both pages and image file names, and allowed people to get at the original sizes in two ways. It was so easy to use, and the security hole was so big, that I was shocked Flickr didn’t take care of it as soon as the hack started to make the rounds.

It’s been a few months now, and I’m glad to say the hack no longer works. I’m not sure exactly when they fixed it. Since it’s no longer functional, I might as well tell you how it worked, and how they fixed it.

D

First, let’s look at a page’s URL structure. Take this photo of mine (reproduced above). The URL for the Medium size (the same size that gets displayed on the photo page) is:

http://flickr.com/photo_zoom.gne?id=511744735&size=m

Notice the last URL parameter: size=m. The URL for the Original size is the same, except for that last parameter, which changes to size=o. That makes the URL for the original photo size:

http://flickr.com/photo_zoom.gne?id=511744735&size=o

Thankfully, that no longer works. If the photographer disallows the availability of sizes larger than Medium (500px wide), then you get an error that says something like “This page is private…”

Second, they’ve randomized the actual file names. So although that image of mine is number 511744735, and it stands to reason that I would be able to access the file by typing in something like http://farm1.static.flickr.com/231/511744735_o.jpg, that’s just not the case. Each file name is made up of that sequential number, plus a random component made up of letters and numbers, plus the size indicator. So the actual path to the medium size of the image file is:

http://farm1.static.flickr.com/231/511744735_b873d33b12_m.jpg

This may lead you to think that if you can get that random component from the URLs of the smaller sizes, you can then apply the same URL structure to get at the larger size, but this is also not the case. It turns out that Flickr randomizes that middle part again for the original size. So although it stays the same for all sizes up to 1024×768, it’s different for the original. For example, the URL for the original size of that same photo is:

http://farm1.static.flickr.com/231/511744735_d3eb0edf2d_o.jpg

This means that even if you go to the trouble of getting the file name for one of the smaller sizes, you cannot guess the file name of the original photo, and this is great news for photographers worried about image theft.

While I’m writing about this, let me not forget about spaceball.gif, the transparent GIF file that gets placed over an image to discourage downloads. It can be circumvented by going to View >> Source and looking at the code to find the URL for the medium-size image file. It’s painful, but it can be done, and I understand there are some scripts that do it automatically. The cool thing is that after Flickr randomized the file names, it became next to impossible to guess the URL for a file’s original size. The best image size that someone can get is 1024×768, which might be enough for a 4×6 print, and can probably be blown up with special apps to a larger size, but still, it’s not the original.

Perhaps it would be even better to randomize the file name for the large size as well, so that it’s different from the smaller sizes and the original size. That would definitely take care of the problem. Still, this is a big step in the right direction.

Standard
Thoughts

Google to buy FeedBurner in next 2-3 weeks

I thought it odd that I got no reaction whatsoever from the FeedBurner folks when I compared their site stats service with Google Analytics back in April, and deemed FeedBurner superior. I keep in touch regularly with a couple of folks from FeedBurner, and when I write about them, I usually get a little note by email or a comment on my post. But I got nothing this time. I thought, “Hmm, something’s gotta be up. What’s going on between FeedBurner and Google? Did I ruffle some feathers?” The complete silence was unusual. I could hear virtual crickets chirping away…

Fast forward about a month, and I find out this afternoon from Beta News that Google and FeedBurner are in acquisition talks. The quoted price is $100 million. It’s a sane price, not a make-believe one, like the one paid for Doubleclick or that other ad company that MS purchased (those prices were absolutely and ridiculously inflated). I actually believe FeedBurner brings much more value to the table than those two companies combined, so the $100 million is a real bargain. I hope for FeedBurner’s sake the price is more than that in the end.

Anyway, if this does turn out to be true, I’m happy for the FeedBurner folks, and wish them all the best. May they teach Google a thing or two about feed management and other such fun stuff. Cheers, guys! Thanks for the awesome service!

Standard
Reviews

A tangible argument for working in RAW format

I photograph exclusively in RAW format these days — unless I happen to be using a camera that doesn’t have that capability. This post is a small but tangible example why shooting in RAW is a good thing.

Have a look at the photo below. That’s what happens when you combine dark streets, tall buildings and bright skies. It’s hard to get the exposure correctly, especially if you haven’t got the time to sit there taking lots of photos of the same thing while you adjust the aperture and shutter speed manually. If you expose for the shadows, you get an unpleasantly bright sky, like here. If you expose for the sky, you get really dark buildings, and then you can’t make out the details.

Overexposed sky

Fortunately, I can adjust the exposure of a photo (within limits) after the fact if I shoot in RAW. I can also make tonal adjustments much better than with a JPEG file. Here’s that same photo, post-processed. I only used Lightroom, no Photoshop here. (In case you’re wondering, I also made contrast and color saturation and luminance changes.)

Cafe 123

I was able to recover the highlights and even get a decent amount of detail in the clouds. Yes, you can tell the sky isn’t natural, but hey, it’s a whole lot better than a blown out highlight. And there’s still plenty of shadow detail.

If your camera lets you shoot in RAW, don’t hesitate, take the plunge. Yes, the files will be a little bigger, but you get a ton more creative capability in post-processing. And you don’t have to use Lightroom or Bridge if you can’t afford them. (I know Bridge is free but you need Photoshop or another Adobe app to get it.) Both Picasa and iPhoto will work with RAW files. One caveat about iPhoto: at the time of this post, it does NOT work with DNG files (Adobe’s own RAW file format). It does, however, work with Canon, Nikon and other RAW formats. Your camera may also have come with software that lets you develop and manipulate the RAW files. Get started exploring this new medium — it’s the equivalent of a film negative — and have fun improving your photography!

Standard
Places

Construction, people and traffic jams

For the past month, there’s been construction going on at the American Legion Memorial Bridge. I use it everyday to get to and from work. They’ve closed a lane on the right side, and that’s a huge inconvenience. So much traffic goes over that bridge every day, particularly during rush hour, that the single lane closure backs traffic up for several miles, all the way to Route 66.

Since no notice was given of the nature of the work, I thought they might be building an additional lane. But no, all they’re doing is cleaning and painting the bridge. It turns out that one lane’s going to be closed for 6-12 months, causing huge traffic delays for everyone. I have to file this one under really poor planning. For a road that important, they should have built a platform underneath the bridge and put the machines over there instead of inconveniencing everyone above with their work.

Things wouldn’t be so bad except for the rubbernecking delays. Everyone wants to look at the loud machines and the construction workers. They’re a sight to be sure, the machines noisy, big and smelly, and the workers sunburnt and stained all over with muck and grime — but that doesn’t excuse the traffic delays.

If some sort of wall were put in place to separate the construction work from the passing cars, people wouldn’t have anything to look at, and traffic would go much faster. But that wouldn’t be in character with the poor planning shown by blocking the full lane in the first place, would it? So my commute time (and that of tens of thousands of other people) is doubled, and there’s absolutely nothing we can do about it, since there is no other route we can take.

Standard
Thoughts

How many of my photos were stolen?

For the moment, this is a rhetorical question. I’ve been re-thinking the way I publish my photos online in view of the recent and very prominent theft of Rebekka Guðleifsdóttir‘s photos from Flickr. Call me naive, but I really believed, and still would like to believe, that people will wish to stay legal and pay for the right to use my photos, especially for commercial purposes. That’s why I’ve been publishing my photos at full resolution. I wanted folks who weren’t able to pay (developing countries, for instance), or only wanted a nice desktop background, to be able to download a photo of mine and enjoy it without financial obstacles.

But I talked with my brother this morning, and he told me some things that made me think twice about my approach. He’s a professor at a university in Transylvania (Romania), and he does a lot of field research in ethnology and religion. He takes a lot of photos, and shoots a lot of video. When people ask him for copies of his work, he’s very nice about it and does so, hoping they’ll respect his academic work and cite him or ask for his permission when they use it. But he’s been finding out that they don’t. They’ll reuse his photos and his videos, and he won’t hear about it until he sees his work somewhere else. Just recently, someone entered one of his videos in a contest as their own creation, and he found out about it only after that person won. It was very disheartening. He’s now thinking of watermarking both his videos and photos, and of only publishing lower resolution copies on the Internet. He’s tired of constant theft and no attribution.

So I had to ask myself: how many of my photos have already been stolen? I haven’t yet heard of or seen a particular instance, but I also haven’t really looked around to see. It’s probably just a matter of time before I start finding my work in someone else’s portfolio, website or printed materials. When you combine high-resolution photos with people that have no respect whatsoever for someone else’s hard work, you’re asking for trouble. As much as I’d like to believe otherwise, good people, those that respect other people’s property, are few and far between, and it’s best not to tempt the thieves or uneducated ones by making good photos easily available.

I’ve taken some steps already. I used to upload to Flickr at full resolution. Not anymore. Since they offered Rebekkah no help whatsoever, and even deleted the photo where she complained of image theft, along with the thousands of comments that she received there, I’ve lost respect for them. If that’s how they’re going to treat one of their best users, then I sincerely hope they get what’s coming to them, and I hope it’s a wallop.

I may also start to watermark my images. As much as I hate this (it uglifies an image, imo), I’ll do it, just to make it harder to pass my photos around without crediting them properly. I may also start to copyright my photography with the Library of Congress, and pursue damages to the full letter of the law (up to $150,000 per incident).

Finally, I may also stop uploading at full res to Zooomr. I keep waiting for them to push out the Mark III upgrade, and it seems that every time Kris is ready to do it, something happens to stop it. This week was the third time the promised upgrade didn’t materialize, and I’m pretty disappointed. Mark III is supposed to have this really nice image theft prevention built in, so I could continue to upload a full res, but restrict the sizes available to casual visitors or even my contacts at certain resolutions, and only make the full res size available to buyers. But if Mark III doesn’t show up any time soon — and since Zooomr has no photo replace feature like Flickr — I may just delete all of my photos, or make them all private. I do not want to see my hard work go to waste.

It’s a real shame that we can’t function equitably as a society, at the local, state, national or global level. If only everyone would respect other people’s property (physical or intellectual), things would work a lot better. One would think the concept of property has been around long enough for most people and cultures to grasp it…

Standard