Benjamin Esham

A nifty fifty isn’t always the best choice for your first lens

The perennial advice for new SLR owners is to buy a “nifty fifty” lens: an inexpensive (but optically very good) lens with a fixed focal length of 50 mm. Most camera makers offer one of these for $100–150. They don’t zoom, but when you mount them on a full-frame camera they provide roughly the same field of view as the human eye, making them useful for many different styles of photography.

The operative phrase there, though, is “on a full-frame camera.” When you use a 50 mm lens on a crop-frame APS-C camera, the effective focal length is more like 80 mm in full-frame terms.1 APS-C cameras dominate the lower end of the SLR market, so the first-time buyer who’s being advised to buy a nifty fifty is probably going to be mounting it on a crop-frame camera.

That combination is much less versatile. To my taste it’s too “zoomed in” to be a general-purpose or walkaround lens, and while it’s a good focal length for portraits you have to be at least a couple of yards2 from your subject or else your composition will feel cramped. Fixed-focal-length (“prime”) lenses may have better optical quality than the zoom you buy with your camera, but that’s irrelevant if the lens has too narrow a field of view for you to get the photos you want.

If you’re buying your first SLR and you’re considering a prime lens to go with it, you might want to spend a couple of weeks shooting with the kit zoom first. These have ranges like 18–55 mm, so you can just set it on 50 mm and pretend it’s stuck there. Is that a comfortable focal length for you? If yes, great! My nifty fifty became one of my most-used lenses once I learned what it was good for (and what it wasn’t). If you find that a different focal length better suits your style, though, you might be glad you didn’t unnecessarily constrain yourself to 50 mm right off the bat.3

  1. The “effective focal length” can be found by multiplying 50 mm by the crop factor of your camera. For APS-C cameras these factors range from 1.52 to 1.7. ↩︎

  2. A couple of meters. ↩︎

  3. The obvious solution here seems to be to buy a prime lens in the 28–32 mm range, which would give you a field of view equivalent to 50 mm on full-frame. That’s true; there just aren’t any lenses in that category that are quite as good a value as the nifty fifty. (Not in the Canon system, anyway, as far as I know.) ↩︎

Converting to and from hexadecimal at the command line

As a programmer1 I frequently need to convert numbers to or from their hexadecimal representations. Today I added the following functions to my zshrc:

function from_hex() {
    python -c "print(0x$1)"
}

function to_hex() {
    python -c "print('{:x}'.format($1))"
}

These aliases allow me to do conversions like

$ to_hex 42
2a
$ from_hex 09f91102
167317762

right from the command line. The code above works with GNU bash and with zsh.

(These functions inject unsanitized text into Python expressions, so they’re not very robust. Caveat emptor. I’m sure this is possible with shell built-ins too, but after a decade of not quite consciously realizing that I didn’t have a quick way to do these conversions, it felt good to fix the problem with a pair of one-liners that I could just type off the top of my head.)

  1. Honestly, I mostly encounter hexadecimal in CSS colors. I don’t do any numerical programming. ↩︎

An incomplete list of Western New York towns that were named after famous places or people but somehow ended up with completely different pronunciations

Close call

1.3 billion years ago, two black holes were locked together in a death spiral. Rotating around each other at two thirds the speed of light, separated only by the distance between London and Paris, they quickly and violently merged into a single black hole. Its mass was less than the combined mass of the original ones; the leftover energy was blasted out in all directions in the form of a gravitational wave.

Meanwhile, on Earth, the Rodinia supercontinent was home to nothing more than single-celled organisms. Life slowly grew in complexity; the continents separated; the dinosaurs arose; the continents recombined; the dinosaurs died out. When the gravitational waves had traveled 99.985% of the way to Earth humans appeared. Over hundreds of millenia we developed language, agriculture, philosophy, mathematics, and science.

Mystical explanations for the natural world slowly gave ground to empiricism. Newton developed a theory of gravity and Einstein later refined it, predicting that some moving objects would radiate waves of gravitational energy. Almost a century later, the LIGO experiment began to look for these waves. After seeing nothing for five years the detectors were taken offline and upgraded; they saw nothing again and were taken offline and upgraded again.

They were brought back online last February and in September they detected the gravitational waves from the merging black holes. The waves had been traveling for 1,300,000,000 years — since before humans existed — and they passed through our detector seven months after we turned it on.

Setting up OCSP stapling for Let’s Encrypt certificates under nginx

Thanks to a free certificate from Let’s Encrypt, this site is now accessible over SSL.1 Instead of using the official Let’s Encrypt client to obtain the certificate I used letsencrypt-nosudo. This client has a number of advantages: it doesn’t need to run as root, it doesn’t take over port 80 on your server, it doesn’t run continuously in the background, and it doesn’t touch your server configuration. The only thing I missed from the official client was setting up OCSP stapling, which the official client will do but letsencrypt-nosudo won’t. Through some trial and error I figured out which certificates need to go where in order to get stapling working from nginx.

These commands assume that you’re working in the directory that contains your nginx configuration (usually /etc/nginx) and that there’s already a directory there called “ssl”.

  1. Figure out which of the Let’s Encrypt certificates was used to sign your certificate.

    From the command line, run the command

    openssl x509 -noout -text -in ssl/signed.crt | grep Issuer:
    

    replacing “ssl/signed.crt” with the path to the certificate you just obtained. (The openssl command prints a bunch of somewhat-human-readable information about the certificate; the grep command extracts the line we care about.) The output will be something like

    Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
    

    That last bit (“Let's Encrypt Authority X3”) is the name of the Let’s Encrypt certificate that was used to sign your new certificate.

  2. Download that certificate in PEM format.

    You need to download the PEM version of this certificate. You can find all of the Let’s Encrypt intermediate certificates on the Let’s Encrypt site; click on the “PEM” link for the appropriate certificate to get the file you need. Or, from the command line,

    wget -O ssl/chain.pem "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
    

    replacing “x3” with a different certificate name if necessary.

  3. Point nginx to this file as the “trusted certificate”.

    In your nginx.conf file, add these directives to the same block that contains your other ssl directives:

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate ssl/chain.pem;
    

Make sure you verify your setup using sudo nginx -t. If the test is successful, restart nginx (e.g. using sudo nginx -s reload) and you should be up and running with OCSP stapling! You can test your server using the instructions in this guide from DigitalOcean.

  1. It’s actually no longer available over unencrypted HTTP. I share Brent Simmons’s ambivalence (see the “http deprecation” section) about the shift toward HTTPS, but I also can’t deny that the shift is happening more and more quickly (due in no small part to Let’s Encrypt). ↩︎