Category Archives: Web/Tech

Updated – Nikon: And Then There Were Three APS-Cs

Chizai Watch listed five more Nikon design patents on the 17th. Two were APS-C Z mount cameras, one was a full frame Z mount camera (which I’ll talk about at the end), one was a Coolpix A series camera (similar to the A1000) and one was a Coolpix B series camera.

Of the two APS-C Z mount cameras, one was a new design, while the other patented a different part of one of the cameras looked at earlier, specifically the one I called Zb. It also included better line drawings and 3D images of it.

Nikon appears to be developing at least three different APS-C Z mount cameras. I marked up the designs for each of them and will talk about their similarities and differences.

I am not the only person to think there was a reason the Z6 and Z7 were identified with the numbers they have. Nikon compares them to the D750 and D850, respectively. Which means there are likely six other DSLRs that will have a mirrorless equivalent. I believe the three designs we know of are the Z1, Z2 and Z3 models. According to Nikon Rumors the first APS-C camera will be the Z50.

Full FrameD5








The Z1 is the design for application D2018-15568 filed on August 23rd, 2019 (2019.8.23).

This camera is rather thin with only the lens mount and grip jutting out. The grip is shorter than the other two cameras. It is a stills only camera with no way to record video. It has a tilt screen, popup flash and likely a popup EVF. It has few controls and is limited to an on/off switch/shutter release button, a mode dial with and Lv Switch (as seen on the D3500), front and back dials, menu button, picture view button and multi selector for scrolling through the menu and pictures. I identified the different components below:

I marked the location of the flash and EVF where I think they should be. It is possible that the flash and EVF are swapped with the EVF in a range finder position. Likely the Lv switch is used to popup the EVF.

I am not able to find where a user adds the memory card. It could be in the compartment I noted in the front view or it could be in the battery compartment as is done on some Canon waterproof point and shoot cameras. It seems unlikely, but it could be that Nikon decided to not have a memory card and instead is using non-upgradable memory inside the camera.

Should the compartment I mentioned not hold a memory card, it probably holds any ports the camera has. Considering the size it probably has USB and HDMI ports.

I find it interesting that there aren’t controls to zoom into/out of the photos the user has taken or delete them. That seems to be a feature of all three cameras and points to a touch screen that allows pinch to zoom and has an onscreen icon to delete a photo or allows swipe to delete.


The Z2 is the design for application D2018-15566 filed on August 23rd, 2019 (2019.8.23).

This camera is a stills/video camera with a tilt screen, popup flash and likely a popup EVF. It has more controls than the Z1 and adds buttons for exposure compensation, ISO, recoding movies on the top and AF-ON, release mode and another (info maybe) buttons on the back. It also has a built-in microphone and likely a mic-in jack. I identified the different components below:

My comments about the Z1’s flash, EVF, side compartment and tilt screen apply to the Z2 as well. Considering that I think the Z2 is the D5600 equivalent, I am surprised that it does not have a screen that flips out and can rotate 180 degrees. It could have a screen that flips forward over the top of the camera as the Sony APS-C cameras do or over the bottom of the camera as the Nikon a1000 does. Neither is an ideal design as it would interfere with a microphone/flash mounted on the hot shoe or prevent a user from using a tripod.


The Z3 is the design for application D2018-15573 filed on July 13th, 2018 (2018.7.13).

The Z3 has a similar set of features and controls to Z2 except that it lacks the popup flash, popup EVF and microphone. I identified the different components below:

I find it hard to believe that Nikon would create a mirrorless camera that is equivalent to the D7500 without an EVF. Like the Canon M6, I expect Nikon will have an EVF that a user can slide into the hot shoe. However, I believe that this EVF will look more like the EVF on the Z6/7 and will have its own hot shoe to allow a user to attach a flash. The recessed area on either side of the hot shoe as well as the fact that the top of the camera tapers inward toward the front would help to keep an EVF in place.

I do not believe that this camera is the Z4 (D500 equivalent) since I expect that body would be more like the Z6/Z7 with its greater number of controls and weatherproofing. I also expect that if any APS-C mirrorless camera is going to get a stabilized sensor, it is the Z4.

Top Views

The top view of the Z1 shows the lack of a microphone, since it is a stills only camera, the likely popup flash and EVF as well as a shorter hot shoe. There seems to be space so I am not sure why the hot shoe is so short.

The top view of the Z2 shows that the body and grip are clearly wider than the Z1. The microphone is clearly visible.

In the Z3, the recessed area around the hot shoe is quite clear and shows the V shape that would help hold an EVF. The lack of a microphone is clear.


Looking at the bottom, the Z1 clearly has a smaller battery than the two other cameras. That fits with the fact it is a stills only camera. Strangely there does not appear to be a tripod mount which seems very strange and undesirable.

The Z2 and Z3 clearly have larger batteries than the Z1. Also, neither appears to have a tripod mount. None of the other design patents are missing a tripod mount. I really hope that is just an oversight in the design document.


Nikon is trying to standardize its mirrorless cameras in a way it hasn’t its DSLRs. The Z6 and Z7 are identical except for their sensors and software (ISO/focus points).

With the addition of these APS-C mirrorless cameras, it looks like all Z mount cameras will have the same two function buttons in the exact same place next to the mount. Additionally, all three APS-C cameras have two grip dials: front and back. Standardizing feel and usability will help retain customers.

Nikon has acknowledged that fixed screens are a thing of the past and going forward, all Nikon mirrorless ILCs will have at least tilt screens. This change makes sense since tilt screens make it easier to see the screen in sunny conditions or see the screen while taking a picture on a different axes. It is a convenience feature that mobile phones are unlikely to have, especially as they get thinner.

Nikon is clearly learning from Sony and by embracing standardization, will hopefully better retain customers and reduce the cost of manufacturing its cameras.


The Z1, Z2 and Z3 are clearly geared toward different users.

The Z1 is a stills only camera that can be used easily to get better pictures than a mobile phone will give you. I am not convinced that removing the ability to take videos is a good idea, but it certainly simplifies the camera and leaves video to a user’s mobile phone.

The Z2 is a Z1+ which will suit advanced beginners. Some might see the Z3 as a lesser Z2 since it lacks a built in microphone, flash and EVF. I expect that what it lacks in such features will be made up for with a better sensor (maybe stabilized?) and software. I also expect the external EVF will be much better than the internal one in the Z1 & Z2. Those who need them can always purchase an external flash or microphone.

So about that Z4

… or is it a Z5? There is another design patents to consider. It also came out on the 17th. That one is for a body like the Z6/Z7 and looks mostly similar to the one I mentioned at the end of my last article. Mostly similar…

The mount is slightly curved when compared to the earlier design (and the Z6/Z7). Seems strange to file a design patent for such a change if it isn’t another camera. I noted the differences below:

Have fun speculating.

Protecting Your Digital Identity Workshop

Recently I gave a workshop on protecting your digital identity for the 2019 Digital Literacy Fall & Winter Workshop series run by the Somerville Media Center and the Somerville Public Library.

You can download a slightly updated version of my slide deck.

If you would be interested in such a workshop for your community, non-profit group or company, please feel free to contact me at jokeefe at jamesokeefe dot org and I would be happy to setup a time or help find other members of the Somerville Cryptoparty group to teach.

Updated: New Nikon Mirrorless Camera Designs Appear

Nikon Rumors posted pictures from chizai-watch (translated) of a new Nikon mirrorless camera design, probably an APS-C camera. What is more interesting is that there are two other cameras registered on the same day: another APS-C camera without an EVF (translated) and a camera that looks much like the Z6/Z7 full frame camera (translated), but doesn’t indicate whether the sensor is full frame or APS-C.

The other APS-C camera (which I’ll call Za) is missing two dotted squares with curved front corners on either side of the shoe that are on the APS-C camera that Nikon Rumors mentioned (which I will call Zb). Update: Just noticed that camera Za is also missing the microphone next to the top dial in camera Zb.

Za Top View

Zb Top View (note the two dotted squares with curved front corners on either side of the shoe)

Za Front View

Zb Front View

Za Back View

Zb Back View

Not sure what the dotted squares are intended to be, though guesses are:

  • a small digital display as with the Z6/Z7
  • popup flash
  • popup EVF

Looking at the back view for both cameras, there is a port between the hot shoe and the top dial for both cameras that could be a port for an EVF that also hooks into the hot shoe. Just to the left of the hot shoe in the Zb is an rectangle with rounded corners. Could be a port of some kind.

Za Back View

Zb Back View

Both cameras have:

  • the same button layout
  • top dial
  • front grip dial
  • back grip dial
  • two function keys as in the Z6/7
  • tilt out screen which, without the EVF, could rotate upwards ala Sony-series cameras
  • one compartment for the memory card(s)

Both cameras seem to lack compartments for:

  • USB port
  • HDMI port
  • Audio in port
  • Headphone port

It is possible that the USB port is hidden in the memory card compartment.

Above the memory card compartment is a rectangular shape that could contain access to a USB port and/or audio in port:

It seems unlikely that one of the two dotted squares with curved front corners on either side of the shoe in camera Zb slides out to reveal such ports, but it is possible.

The third camera looks very much like the Z6/7 and might be just the Z6/Z7:

The design does not indicate what size sensor it uses. It could be anything from the Z6/7, the rumored high megapixel Z8, a lower end full frame Z5 or a high end APS-C Z4.

If it is a new camera and considering that the Z6/7 have the same body, it would make sense for Nikon to use the same body for the full frame/high end APS-C camera bodies. The Z8 might be a stretch if only because of the greater heat such a sensor generates. Keeping the number of distinct bodies to a minimum would help Nikon keep costs down especially with declining camera sales.

App Privacy Workshop (Updated)

I gave an application privacy workshop at Code for Boston on Tuesday. They recorded my talk on Facebook:

and on YouTube:

I posted the slide deck as a PDF. Feel free to offer suggestions in the comments.

Some of the topics I need to add to the presentation:

  • highlight privacy and security testing;
  • having development/test servers and how to sanitize the data in the development/test database;
  • more about SQL/XSS Injection attacks;
  • review the video for other topics to add.

Patreon made it easier to troll its users

Scott Helme is a Information Security Consultant. He has a Patreon account on which he posts about computer security issues and which he uses to take in donations for each blog post.  Recently he found out that Patreon suspended his account:

He could still post and people could still signup to support him, but, taking a page from Paypal, Patreon prevented him from withdrawing any of the money people donated.  Eventually, Patreon completed their investigation and emailed him that he was good to go.  He eventually discovered that:

He estimates that account withdrawals were suspended for between 18 and 47 days.

Account takeovers are a real problem. Had his account been taken over, it would be good if someone couldn’t take his money out and notifying the account that they think it might be hacked could tip the hacker.  In that light, it could make sense to act as they did.

Having multiple other methods of contacting the user would have helped in this case…. well unless email, phone number and Signal were compromised. Patreon would need to prove they are who they say they are, of course. Phishing is a problem as well.

That all said, going from one fraudulent pledge to account takeover seems a stretch.

But this incident reminded me of Violet Blue‘s reporting in Engadget about a troll campaign against women AMSR video creators:

Capitalizing on entrenched and easily exploitable anti-sex policies by internet giant payment processors and a new internet sex panic ushered in by FOSTA, 8chan trolls have started a campaign to mass-report attractive women who make ASMR videos. Listing names of women making these sound-effect videos in a forum thread called “PayPal lowering the hammer on ASMRtits” they’ve declared war by posting links to report pages for PayPal, and called upon fellow haters to get the women kicked off YouTube and Patreon as well.

… and that Patreon just added another method for trolls to harass Patreon’s users.  If all it takes is for one fraudulent looking donation to pass into someone’s account to flip the Account Hacked bit, trolls will use Patreon’s process to suspend a user’s ability to withdraw their money for two to six weeks. That would screw up the life of anyone who makes a living via Patreon.

Patreon has more than a customer service problem.

Hate your ISP? Help form a community ISP

Today during the monthly Somerville Cryptoparty, will be a discussion on how we can move forward with developing a community mesh network in the Boston area.  It will be from 6-9pm at The Sprouts, 339R Summer Street, Somerville. The Sprouts is in the garage in the back of the drive way. Unfortunately, it is not wheelchair accessible.

On Saturday, February 10th, there will be a Community Meshnet Workshop from 1-4pm at the Somerville Public Library, 79 Highland Ave, Somerville.  The Somerville Public Library is wheelchair accessible. The Somerville Cryptoparty folks put together this flyer for the February workshop. I would appreciate it if you downloaded it and put it up around your neighborhood. You can also share the Somerville Cryptoparty page or the February Facebook event.

Hope you can make it and please spread the word about these events. Thanks!

Downloading your images from Typepad

The transition from Typepad to WordPress has been a bit haphazard, but I should have finally removed most of the references.

One of the things you need to move over are the images Typepad hosts for you. Unless they are in a photo album, they will be in the <your user id> directory.  To get them, export the contents of your Typepad blog and save it.  It will be saved as Unnamed_Comet_Asset.txt.

Once I had that file, I used this Bash script (on a Unix OS) to generate another script to get the files. Be sure to replace <your user id> with your Typepad id.

sed -n ‘s/.*\(http:\/\/<your user id>\/\.a\/[a-z0-9]*-[0-9]*si\).*/wget \1/p’ Unnamed_Comet_Asset.txt >
sed -n ‘s/.*\(http:\/\/<your user id>\/\.a\/[a-z0-9]*-[0-9]*wi\).*/wget \1/p’ Unnamed_Comet_Asset.txt >>
sed -n ‘s/.*\(http:\/\/<your user id>\/\.a\/[a-z0-9]*-pi\).*/wget \1/p’ Unnamed_Comet_Asset.txt >>
chmod 755

It is possible that there are other types of files whose filenames do not end with -*si, -*wi or -pi but those seemed to work for me.  Search through Unnamed_Comet_Asset.txt if you want to be sure.

Once is generated, look it over and make sure that it looks right, then run it:


It will dutifully download all of your images.  I copied them over to a .a directory on my hosting provider then updated the references to in the blog posts.  Ideally, you should do it in a copy of Unnamed_Comet_Asset.txt, then import it into your site.

You will need to run this script for each blog you have hosted at Typepad.  Be sure to have a different directory for each blog so that you don’t overwrite either script.

I have a script for getting all of the files from your Photo Albums that I will post about in the future.

SSL Migration Progressing (Updated)

Update: I have installed SSL certificates for all of my sites which have images on this site. All of the side bar images are back up.

One of the reasons I migrated from Typepad to another hosting provider, was so I could enable SSL on my site. Making sure your site supports SSL is the one of the basic efforts you can do to support encrypting the web.

I set it up for my main domain a few weeks ago, but since some of the images I use are on sites that didn’t use https, my blog did not appear to be completely secure.

I have adding SSL to two of my (sub-)sites, and will finish the rest tomorrow. I have removed the non-SSL widgets so the site shows a nice green lock and will add them back then they are all set. As an added bonus, I removed a bunch of tracking javascript that Typepad adds to their photo galleries that I don’t need.

One up shot of this effort is that I have a nice set of instructions that work for my setup which will help speed the process in the future.

How to kill standalone social networks

Yasssu has an interesting interview with Eben Moglen about a variety of topics including government surveillance, privacy, and sharing:

The topic that drew my attention to the video was his contention that Facebook would only last for about ten years before the open web and open alternatives to it won out. He cites Diaspora, GNU Social and other efforts as the tools that are leading the way to that change and I generally agree with him. However, the flaw I see with that approach is that the variety of social services that are available is increasing at a rate that a canned aggregation service will not be able to keep up. What is needed is an api for:

  1. who is your friend or who you follow and thus who you trust;
  2. the different services to share updates you make on the service;
  3. the different services to talk to talk to an aggregator.

Item 1 can leverage OpenId and OAuth and there are projects such as Portable Contacts, DiSo, FOAF and XHTML Friends Network that can be built upon (or rebuilt) to provide the secure social connection information.
Item 2 requires a defined api and a willingness for social services to support it. However, RSS is pretty prevalent, so building off of that shouldn’t be a complete jump into the dark.
I am not convinced that Item 3 is desirable even on a local level. Rather, the only thing I think we need to host is our public and private connection information. Once we have that information, it would be possible to use a javascript browser plug in that pulls in our connection information and builds a status page of what our friends are doing.
With these tools in place, we won’t need Facebook, Google+ or other specific social network services to act as a man in the middle to our social lives on the net.
I do like his suggestion that we all have our own plugin computers running a server like FreedomBox that act as VPN, host our website, etc.
He touches on a wide variety of other points that I find useful and his quotes are direct and pithy, so please to take the time to watch it.