PDF is a very popular format. It’s also a hideously complicated one and keeps getting more complicated. It shouldn’t surprise anyone that it has security issues. I just came upon Processing Dangerous Paths — On Security and Privacy of the Portable Document Format, which enumerates many of these risks (and is ironically posted as a PDF). It’s worth a read. Thanks to Johan van der Knijff for mentioning it on Twitter.
The PDF Association has an analysis of the file which the New York Post has uploaded to Scribd, which purports to show a message from Vadim Pozharskyi to Hunter Biden and Devon Archer. Discussions of what it signifies politically and whether Twitter was justified in blocking the link are for another place. The issue in this blog is what the file says about the authenticity of the email. The answer is: Nothing at all.
Posted in commentary
Tagged email, PDF
The more complex a format is, the less chance there is that its security features will work in all cases. A vulnerability has turned up that lets sneaky people alter digitally signed PDF documents. A German team discovered a “shadow attack” vulnerability in the format. It’s easiest to do this if the document’s creator designed it to be altered after signing. The victim sees one set of content and signs it; the dishonest creator gets the document back, changes its appearance, and passes it on.
Posted in News
Tagged PDF, security
When a device uses a relatively obscure image format and a site that accepts uploads fumbles it, who is to blame? This is the question that came up when students couldn’t complete their AP college exams because of such a situation.
Students took pictures with their iOS devices of materials they submitted for the test. Their phones stored and uploaded the pictures in HEIC format. The College Board’s server didn’t recognize the format and timed out. The students immediately failed and were told they could retake the test in three weeks.
Continuing from the theme of my last post, I’ve created a page for learning about file formats. I don’t know much about educational theory, but I’ve picked out links to articles and videos which I consider suitable for high school students starting out to learn about formats. With so many people figuring out how to educate their kids without classrooms, creating resources is one thing I can do. If you think the page is useful, please link to it where the people who can use it will see it.
We’ve abruptly become a nation of homeschoolers. People are figuring out how to do it with no preparation. They have to face a lot of issues, most of which I’m not helpful with. One of them is finding good material on the Internet. There’s no lack of well-written, informative pages; the hard part is sorting them out from all the garbage. Many of us can help in our fields of expertise by providing pointers to the best material.
On Twitter I saw a call for “expert sniffers,” people who can find the experts. We can do that where we’re specialists if not experts. We need to find articles that are good from an educational standpoint. Presenting all the knowledge isn’t enough; the hard part is presenting it in a way that learners can understand.
I’ve kept this blog going for years. People are still reading it; my stats show 140 views yesterday, and that was on a Saturday! However, I’m no longer active in digital preservation, other people have taken over JHOVE, and professionally I’m now a writer rather than a software developer.
It’s better to do a few things well rather than spread myself too thin. That’s why I’m putting this blog on standby status. There could be occasional posts here if something especially interesting turns up, but they’ll be infrequent. This will help me to focus more on my writing blog and other projects, such as my novel The Magic Battery.
Thanks to everyone who’s read and commented on this blog over the years.
Yahoo is sending out alerts on the transformation of Yahoo Groups into a list server. The spin is ridiculous. The changes “better align with user habits,” and “we are making adjustments to ultimately serve you better.” It’s as if users had been protesting against the existence of public groups and Web-hosted discussions and Yahoo were complying with the demand.
Yahoo, in case you haven’t been keeping track (I hadn’t), now belongs to Verizon. It makes economic decisions, and one was that running public Yahoo Groups was no longer worth the cost and effort. This is the result of changing user preferences, as well as stupid policy decisions over the years that drove people away. The attempts to correct those blunders may be part of the current problem.
One of my favorite areas in Berlin is the Museum Island. It includes the Egyptian Museum, which is part of the Neues Museum. Among its most famous possessions is a bust of Nefertiti which dates from about 1340 BCE. The museum has an entire room dedicated to Nefertiti.
More relevant to this blog, it has made a detailed 3D scan of the bust. The museum belongs to the Prussian Cultural Heritage Foundation, which is funded by the federal government and the 16 state governments. Supposedly it has an obligation to make its information public, but for reasons that aren’t clear, it held tight to that scan for a long time. It’s now available as a free download, ten years after it was made, thanks to the persistent efforts of Cosmo Wenman. He tells the story on Reason.com.
I have removed all my profiles on Stack Exchange/Stack Overflow because of the way it has treated its people.