Premiere 2018: Hardware Accelerated Encoding using Intel iGPU Quick Sync

There’s a great article at Focus Pulling explaining iGPU acceleration for Premiere Pro CC 2018. It is amazing! By enabling iGPU and upgrading Geforce GTX 970 to RTX 2080, I’ve cut away 63% of  my export times, with the reduction primarily stemming from enabling the iGPU.

Test encoding: H.264, Preset: YouTube 2160p 4K 24 LUFS. Video: 3840×2160 (1,0), 25 fps, Progressive, 00:04:04:18

  • 10:21 time to encode, Intel 6700K with Geforce GTX 970, no iGPU.
  • 9:44 time to encode, Intel 6700K with Geforce RTX 2080, no iGPU. Upgrading graphics card only marginally speed up system.
  • 3:48 time to encode, Intel 6700K with Geforce RTX 2080 with Intel 530 iGPU.

You may need to force enable the iGPU in your BIOS, for many ASUS motherboards you do this in ‘Advanced’ menu > System Agent (SA) Configuration\Graphics Configuration > iGPU Multi-Monitor setting > Enable.

So the main takeaways here: video encoding is for simple videos largely bottle-necked by CPU Software encoding. Removing this bottle neck gives us 100% iGPU utilization and increases RTX 2080 utilization from 3% to 10%, indicating more work is being feed to the ”real” graphics card too, as less units are wasted waiting for encoding to complete.  Overall you get a much better utilization of your hardware with the iGPU support enabled.

iGPU HD Graphics 530 - 100% utilization while encoding video  NVIDIA RTX 2080 - Barely utilized while encoding video


8U Rolling Rack for Video/Streaming build


Started on my 8U Rack build with various components ordered from a magnitude of sources.

Vlog from a few days ago, already outdated:

Current idea goes as follows:

  • Gator 8U Rolling Rack for ease of transportation. It actually is 8U according to pictures, some other 8U rollers are only 7U due the roller parts consuming one U.
  • Black Magic SmartView 4K and Intel NUC VESA mounted behind (probably do something with zip ties or similar to secure the NUC well, so it cannot fall out of VESA-mount)
  • Black Magic Web Presenter for 720p down-scaled streaming with Black Magic Teranex Mini Smart Panel for operating switching etc on the Web Presenter
  • Black Magic MicroConverter HDMI-SDI to enable Intel NUC to be displayed on the SmartView
  • Black Magic MicroConverter HDMI-SDI to enable second HDMI camera.

Picture of planned design:


Panasonic GH5 6K Photos: convert to ProRes using FFMPEG

Created a Makefile for using FFMPEG to convert Panasonic H.265 (mp42hvc1 hevc) 6KPhoto files into ProRes files easily processed by current versions of Adobe Premiere Pro.


SIXKPHOTOS=$(wildcard *.MP4)

TARGET_LIST=$(patsubst %.MP4,converted_%.avi,$(SIXKPHOTOS))
.PHONY: all
converted_%.avi: %.MP4

        @$(FFMPEG) -i $^ -c:v prores -profile:v 3 $@

Geocaching 2016

Geocaching året 2016 blev ett lite mer avslappnat år där Geocachingen inte stod i fokus (desto mer annat), men en del underbara platser sågs. Lite resor i Tyskland-Belgien-Luxemburg och lite lugn geocaching på hemmafronten. En lugn geocachingtur med föräldrarna på julafton var ett trevligt inslag.

Luxemburg är ju aldrig fel att se!

Världen var fin!

Man kunde se konstiga saker i Trier

En groda i tyskland.

Rheinsteig tillhör en del av Tyskland man skall ha sett.

En bro!

Någon sorts lastanordning brevid kanalen i Trier.

Försöker hitta vägen ute i hård skärgårdsterräng.

Många loggremsor sågs.

Och fotades.

XMAS2014-24 Reviewergömman hittades liggandes 40-50 meter ifrån där den skulle vara, mugglad. Så den återförlyttades till där den skall vara.

En Geocache fick inleda januari 2017.


  • 2016: 99 Found / Attended (including 1 event). Total: 3493.
  • 2015: 197 Found / Attended (including 2 events). Total: 3394.
  • 2014: 295 Found / Attended (including 3 events and 1 FTF) Total: 3197. Completed 7 Souvenirs of August.
  • 2013: 242 Found / Attended (including 2 events and 1 FTF) Total: 2902. Completed 31 Days of Geocaching challenge and logged caches all days in August.
  • 2012: 427 Found / Attended (including 2 events [1 mega] and 3 FTF) Total: 2660.
  • 2011: 250 Found / Attended (including 10 events [1 mega] and 6 FTF) Total: 2233. Participated in organizing 1 mega event, FAD 2011.
  • 2010: 550 Found / Attended (including 9 events [1 mega] and 12 FTF). Total: 1983.
  • 2009: 531 Found / Attended (including 9 events and 13 FTF). Total: 1433.
  • 2008: 463 Found / Attended (including 5 events and 7 FTF). Total: 902.
  • 2007: 311 Found / Attended (including 8 events and 9 FTF). Total: 439.
  • 2006: 128 Found / Attended (including 4 events and 1 FTF) since July.

Recording computer presentation Live Capture with Atomos Ninja 2 HDMI to SSD recorder – Lessons Learned

Recording HDMI from Computer


  • Verified okay with Macbook Pro HDMI port, using normal applications like viewing videos and surfing the internet, no issues.
  • Verified okay in live use with a Microsoft Surface with mini-displayport.


  • Presenter running virtual machines (parallels or such) on Mac. Whenever switching to the virtual environment, HDMI recording and pass-through freezed. Unplugging Atomos unit and connecting Mac directly to the projector, everything worked well.
  • Presenter with an old and torn Mac experienced some temporary screen glitches. Considering the physical state of the the machine, the fault could have been with the HDMI port of that computer and not the Atomos recorder.
  • Presenter with a Mac experienced a HDMI blackout followed by Powerpoint for Mac hanging. So eh, may or may not have been related to the Atomos. Being paranoid, I decided to continue without the Atomos NINJA 2 connected.
  • Presenter with an exotic variant of Linux could detect the Atomos NINJA 2, but was unable to output signal to it. Perhaps it would have worked with other variants of Linux or with more advanced settings.
  • A low cost Delcato Prime VGA-to-HDMI converter did not seem to work at all together with the Atomos. So with this combination, no VGA recordings succeeded.
  • Multiple presenters who had said they had HDMI actually had full sized Display Port. Presenters are not necessarily aware of which cable is named what.

Retrospective / Lessons learned

  • Atomos Ninja 2 is considerably worse than a normal TV/Receiver/Projector at handling ”strange” signals. Lack of supported resolutions, lack of re-scalers, etc (your guess is as good as mine) makes it not able to handle misbehaving or odd computers. But geeks heavily hacked computers will not work.
  • Atomos Ninja 2 works pretty well for ”normal computers with normal HDMI”.  If all you do is to show presentations on a computer you can test and verify in advance, things will probably be okay.
  • You probably need an advanced and well behaving HDMI switch which can do splitting/rescaling etc to reliably use Atomos NINJA2 with geeks hacked computers. Don’t have the Ninja 2 inline with untested presenter computers.
  • Don’t expect a cheap VGA-to-HDMI device to work with this.
  • Get all passive adapters known to man before a presentation. Presenters don’t necessarily correctly identify their needs when asked.
  • You need a lot more time than we had (partly due to Atomos RMA issue) to prepare.

General issues (not computer related)

  • Atomos NINJA2 number one had a weird banding issues on the screen, that basically rendered it unusable with my main camera, had to be RMA’d. Getting a replacement Atomos NINJA2 took forever. So in my unfortunate experience, you cannot order a Atomos unit one month in advance and expect to have any learning experience with it.
  • Both Atomos NINJA2 have a tendency to get SSD stuck. This is apparently normal with new units and problem is reduced significantly after some use (wear and tear makes it better). Dealer showed me the very useful to know the best grip for easy removal:
    1. place unit on a flat table with screen up, ”NINJA 2” text up-side-down close to you.
    2. Use left hand to hold unit and move the eject button with one finger. At the same time, use your right hand thumb to press the closest edge of the Master Caddy.
    3. The drive should remove pretty easily
  • Getting Master Caddy II instead of the original Master Caddy is recommended, it lacks the hole that makes Master Caddy get stuck.

River of Light

On 20 February 2016, hundred and fifty lanterns will create a ‘River of Light’ for one night event in the city of Gothenburg, in the winter darkness bringing people together to celebrate our hope for the future. We gather at 16.00 at Götaplatsen to light the lanterns. After that we walk trough the city and the procession ends at A-venue on Avenyn at 18.00 with soup and bread and festivities.

The procession is a part of the 150 years celebration of the Valand Academy and on UN World Day of Social Justice which is annually observed on February 20.

During the last couple of months has the refugee crisis become worse and worse and Sweden has taken in on third of all the unaccompanied minors seeking asylum in Sweden. They come to Sweden as it is a country with an excellent reputation for respecting Human Rights and recognized for the good education system. Migrationsverkets numbers shows us that there were 30 000 children without their family in Sweden by the end of 2015. The situation in Gothenburg is also getting worse, with to little room for the young people seeking a safe place to stay.

In the project “River of Lights” and artists from the Academy of Valand has worked with international children, many of them who just arrived from Syria and Afghanistan, and created lanterns together.

Mario Heiderich – An Abusive Relationship with AngularJS – About the Security Adventures with the ”Super-Hero” Framework

Some voices claim that ”Angular is what HTML would have been if it had been designed for building web applications”. While this statement may or may not be true, is certainly accounts as one of the bolder ones a JavaScript web framework can ever issue. And where boldness is glistening like a German Bratwurst sausage in the evening sun, a critical review from a grumpy old security person shouldn’t be too far away. This talk will have a stern, very stern look at AngularJS in particular and shed light on the security aspects of this ever-popular tool. Did the super-hero framework do everything right and follow its own super-heroic principles? Does AngularJS increase or rather decrease the attack surface of a web application? How does AngularJS play along with the Content Security Policy, and was it a good idea to combine this kind of security with futuristic feature creep? And what about AngularJS version 2.0? Beware that we won’t stop at glancing at the code itself, investigating security best practices, and verifying compatibility and other common things that contribute to robust security (or lack thereof). We will cross the moral border and see if the AngularJS team could notice rogue bug tickets. A pivotal question that everyone is wondering about is: Have they successfully kept evil minds like yours truly speaker here from introducing new security bugs into the code base? This talk is a reckoning with a modern JavaScript framework that promises a lot and keeps even more, not necessarily for the best for developers and users. We will conclude in deriving a general lesson learnt and hopefully agree that progress doesn’t invariably mean an enhancement.

An Abusive Relationship with AngularJS – About the Security Adventures with the ”Super-Hero” Framework. Dr. Mario Heiderich, handsome heart-breaker, bon-vivant and (as he loves to call himself) ”security researcher” is from Berlin, likes everything between lesser- and greater-than. He leads the small yet exquisite pen-test company called Cure53 and pesters peaceful attendees on various 5th tier conferences with his hastily assembled PowerPoint-slides and a lot of FUD.

Marie Moe: Unpatchable – Living with a Vulnerable Implanted Device

My life depends on the functioning of a medical device, a pacemaker that generates each and every beat of my heart. This computer inside of me may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring and I am forced to become a human part of the Internet-of-Things. As a seasoned security-professional I am worried about my heart’s attack surface.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can’t easily be patched without performing surgery on patients, my personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

Marie Moe (@MarieGMoe):
Marie Moe is passionate about incident handling and information sharing, she cares about public safety and securing systems that may impact human lives, this is why she has joined the grassroots organisation “I Am The Cavalry”. Marie is a research scientist at SINTEF ICT, and has a Ph. D. in information security. She has experience as a team leader at NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College in Norway. Marie loves to break crypto protocols, but gets angry when its in her own body.

Martin Johns: Your Scripts in My Page – What Could Possibly Go Wrong?

When it comes to web security, there is the one policy to rule them all: The Same-origin Policy. Thanks to this policy, sites hosted on disjunct origins are nice and cleanly separated, thus preventing the leakage of sensitive information into the hands of unauthorized parties. Unfortunately, HTML predates the Same-origin Policy and, thus, was not designed with the origin-based security model in mind. In consequence, HTML tags can freely reference cross-domain locations and include cross-domain content in their hosting web pages.

In this talk, we will present an attack, resulting from this circumstance, that has been widely overlooked in the past but affects a surprisingly high number of Web sites: Information leakage via cross-domain script inclusion.

Modern web sites frequently generate JavaScript on-the-fly via server-side scripting, incorporating personalized user data in the process. Thanks to HTML’s general ignorance of the Same-origin Policy, an attacker is able to include such dynamic scripts into web pages under his control using script-tags pointing to the vulnerable site. This, in turn, allows him to learn many of the secrets contained in these scripts, through the scripts interaction with the page it is included in. In our experiments, we were able to obtain personal information such as name & address of the logged-in user, leak CSRF tokens, read the users emails, and occasionally fully compromise the user’s account. All possible by simply including a script-URL into one of our web pages.

To systematically investigate the issue, we conducted a study on its prevalence in a set of 150 top-ranked domains, in which we observed that a third of the examined sites utilize dynamic JavaScript. Using our attack techniques, we able to leak sensitive data from more than 80% of these sites via remote script inclusion. In the talk we will present the study in general, and the most interesting cases in detail, showing the wide range of possible attack variations along with a bag of tricks how the including page can be prepared to efficiently leak a script’s secrets. Furthermore, we present an efficient detection mechanism, in the form of a browser extension, as well as defensive measure, which enable robust protection.

Martin Johns (@datenkeller)
Dr. Martin Johns is a research expert in the Security and Trust group within SAP SE, where he leads the Web application security team. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990s and the early years of the new millennium he earned his living as a software engineer in German companies. He is board member of the German OWASP chapter, holds a Diploma in Computer Science from University of Hamburg and a Doctorate from the University of Passau. Martin is a regular speaker at international security conferences, incl. Black Hat, the OWASP AppSec series, ACSAC, ESORICS, PacSec, HackInTheBox, RSA Europe, or the CCC Congress.

Michele Orrù (@antisnatchor) – Dark FairyTales from a Phisherman Vol III

Phishing and client-side exploitation DevOps for all your needs. Combine BeEF, PhishingFrenzy and your fishy business to automate most of the usual phishing workflow while minimizing human interaction. Multiple real-life phishing engagements will be discussed, together with the shiny new BeEF Autorun Rule Engine.

Michele Orrù a.k.a. antisnatchor is the lead core developer and smart-minds-recruiter for the BeEF project. Michele is also the co-author of the ”Browser Hacker’s Handbook.” He has a deep knowledge of programming in multiple languages and paradigms, and is excited to apply this knowledge while reading and hacking code written by others. Michele loves lateral thinking, black metal, and the communist utopia (there is still hope!). He also enjoys speaking and drinking at a multitude of hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra AllStars, OWASP AppSec USA, 44Con, EUSecWest, Ruxcon, InsomniHack, PXE, BlackHat and more we just cant disclose. Besides having a grim passion for hacking and programming, he enjoys leaving his Mac alone, while fishing on saltwater and praying for Kubricks resurrection.