Skip to content

Photography Tips for shooting people

Here are some tips for beginners that I learnt from this book written in layman’s terms.

  1. lens : 85-100mm
  2. Best aperture(f-stop) for portrait : f/11
  3. Choose as plain &  simple a background as possible, when shooting outdoors. You can also try and throw the background out of focus by using f/2.8 aperture. Also the background should not be brighter than the subject.
  4. Focus directly on the subject’s eyes.
  5. Position your camera at the subject’s eye level.
  6. Position the eyes 1/3 of the way down from the top of the frame.
  7. Zoom in close so that your subject’s face fills the entire frame, or even zoom in close enough so that either the top of the head or the ears actually extend outside the frame.
  8. When outdoors always try to shoot in the shade, where the light is softer and warmer, not in direct sunlight, to avoid the shadows on the face.
  9. When indoors, position your subject beside a window which is not receiving direct sunlight. If it receives direct sunlight draw the sheers (thin curtains)

Hopefully these tips will make you shoot photographs like a pro 🙂


Web Security leads to ‘Heartbleed’

heartbleedAbout one third of all e-commerce websites may have been affected by ‘Heartbleed’ which is an OpenSSL vulnerability that was exposed around April 2014. However this bug has been existing in the OpenSSL code for that past 2 years. There are a bunch of sites detailing the bug and some tools let you even check if a particular site has been affected. That said, the best course of action is to change all your passwords, especially for financial websites. You do love your money, right?

However in this blog I will discuss the basics of SSL and TLS and their operation. I am paraphrasing most of the information from this excellent book which I recommend reading for a comprehensive understanding of SSL.


The Secure Sockets Layer protocol was designed by Netscape to address 3 concerns:

  1. Confidentiality : Avoid 3rd parties from viewing your information.
  2. Integrity : Determine that the information received is genuine and not tampered with.
  3. Authentication : Determine that the information received is from a trusted person.

Huh, look at that, its an acronym CIA 🙂

These 3 tasks are accomplished with cryptographic techniques which fall under either

  • Secret Key Cryptography : both parties know the same information also known as Symmetric Encryption. The encryption algorithm or ciphers may either process the input data a byte at a time (Stream Ciphers) or a block at a time (Block Ciphers), for e.g : DES, 3DES, AES. Symmetric Encryption is less computationally intensive and therefore much faster, especially for bulk data encryption such as data transfers, and can run on appliances without dedicated cryptographic hardware. Use case : Encrypt data
  • Public Key Cryptography : both parties use different keys hence Asymmetric Encryption  – one for encryption (public key) and another for decryption(private key) & the public key need not be a secret. For e.g : RSA. Since RSA is a reversible public key algorithm, ie either key can be used for encryption or decryption, it can be used for non-repudiation, i.e for digital signing. Use case : digital certification and key management
  • Hybrid of Secret and Public Key Cryptography : Because of the complexity of PK Crytography, a hybrid of the two can be used wherein 2 users can exchange a secret key and no longer use the public key. So lets say Elmo wants to communicate with Dora who has published a public key. Elmo will use this public key to encrypt a set of random numbers. These numbers can be extracted only by Dora using her private key. Now they can both use these random numbers as secret keys for standard symmetric encryption and thus reduce the complexity of asymmetric encryption. Diffie-Hellman algorithm allows 2 parties to securely establish a secret number using public messages.

This is all well and good, however the basic premise of the above is that the public key is shared reliably, IOW, how do you make sure that the public key Elmo receives is not tampered with? Thats where Public Key Certificates come into play. They are issued by a trusted organization known as certificate authority (CA) and are the equivalent of a driver’s license for computers. Sometimes when a certificate is no longer valid, then the CA issues a CRL or a certificate revocation list, which is a list of certificates that are no longer valid.

Thus these are the critical building blocks of the SSL protocol and web commerce. In the next post I will dive into the SSL operation.

ID-theft Protection Steps

Of all the theft scare tactics, only a few are legitimate. Most of the paid services have some gotchas, in fact too many to cover. To protect yourself these are the steps to take :

1. Before signing up for any paid service, check with Better Business Bureau for any complaints or deceptive tactics.

2. Sign up for free alerts from your CC issuer, for any charges above 100$

3. Free annual reports from Experian, Equifax, and Transunion from Stagger the reports.

4. Check reports free of charge from :

a. : Access personal information

b. : Order Consumer Report  or

5. Put a security freeze on your credit card reports.

6. Use security software on all computers and smart phones.

7. Finally monitor your credit accounts frequently.

Thanks to moneyadviser for the tips.

Euro Stocks

Even though the Euro is in a bad state, 12 of the largest 30 companies in the world are based in the Euro Zone and the Euro has the biggest GDP after the US.

So certain global stalwarts are unnecessarily punished for eg : Louis Vuitton, Volkswagen, Nestle.

All of these have low P/E ratios with promising businesses.

If individual stocks are not your cup of tea pick up good companies at a discount via  : VWIGX or OAKIX mutual funds.


Why I resisted the iphone..

1.  Replaceable Battery, for cases when you are traveling short distances and dont have time to even charge it in the car.

Replaceable storage, only avail on android.

2. Bigger AMOLED screen with better contrast for pictures and videos.

3. Google Voice and free Navigation

4. Swype! it has changed the way I type.

5. 4G on Samsung S2 which is not avail on iphone 4S

6. Of course if you are tech savvy, automating your phone and installing ROMs is only available on Android.

So I think ive made my decision especially since I love Ice cream 🙂

Update:  Since I have Sprint as a carrier, the insurance covers lost phones and damaged screens only with the Samsung Galaxy S2. The iphone has a different insurance scheme which does not cover it. Deal Breaker!


State of the Euro.

Contagion, sovereign debt crisis, austerity.. all big words that Ive heard and read often. But what is the actual problem and what are the remedies? Those were unclear to me. After some research here is what I learnt:

The Cause :

  1. Greece was profligate in its spending and lived beyond its means
  2. PIIS ran budget surpluses but after a decade of low interest rates they were hit by the financial crisis, which caused unemployment and thus loss of taxes to shore up the failing banks.
  3. PIIGS owe €3Trillion to Eu banks.
  4. Germany saves a lot but invested in American subprime mortgages and Greek govt debt instead of investing in its own country. In addition just saving doesnt help as someone has to spend.
  5. Europeans cant seem to unite and reach a common solution to bail out solvent governments to prevent contagion.

The Solution:

  1. Austerity programs like cut wages, slashed benefits and services. But this will deepen recession
  2. More power to common Institutions like the European Commission.
  3. Fortify the banks with money against default of any of the PIIGS.
  4. ECB can buy the debts of failing governments.
  5. America and China can buy the troubled government’s bonds.

So what do you think? Will Greece break away from the Euro Zone if its people dont agree with the austerity programs and rebel against the government? Or will Germany bail out Greece and others and the Eu return to normalcy?