The more complex a format is, the less chance there is that its security features will work in all cases. A vulnerability has turned up that lets sneaky people alter digitally signed PDF documents. A German team discovered a “shadow attack” vulnerability in the format. It’s easiest to do this if the document’s creator designed it to be altered after signing. The victim sees one set of content and signs it; the dishonest creator gets the document back, changes its appearance, and passes it on.
Posted in News
Tagged PDF, security
Yahoo is sending out alerts on the transformation of Yahoo Groups into a list server. The spin is ridiculous. The changes “better align with user habits,” and “we are making adjustments to ultimately serve you better.” It’s as if users had been protesting against the existence of public groups and Web-hosted discussions and Yahoo were complying with the demand.
Yahoo, in case you haven’t been keeping track (I hadn’t), now belongs to Verizon. It makes economic decisions, and one was that running public Yahoo Groups was no longer worth the cost and effort. This is the result of changing user preferences, as well as stupid policy decisions over the years that drove people away. The attempts to correct those blunders may be part of the current problem.
One of my favorite areas in Berlin is the Museum Island. It includes the Egyptian Museum, which is part of the Neues Museum. Among its most famous possessions is a bust of Nefertiti which dates from about 1340 BCE. The museum has an entire room dedicated to Nefertiti.
More relevant to this blog, it has made a detailed 3D scan of the bust. The museum belongs to the Prussian Cultural Heritage Foundation, which is funded by the federal government and the 16 state governments. Supposedly it has an obligation to make its information public, but for reasons that aren’t clear, it held tight to that scan for a long time. It’s now available as a free download, ten years after it was made, thanks to the persistent efforts of Cosmo Wenman. He tells the story on Reason.com.
I’m not entirely sure where the right place to put this is. It’s a file format issue in part, since if people can’t keep using Finale after a macOS upgrade, they need to salvage all the files they’re created in its proprietary format.
The email which I got from MakeMusic, dated October 18, was alarming:
Finale v25.5 is not compatible with macOS 10.15 Catalina and will not be updated to support Catalina. It is our recommendation that users of Finale v25.5 not upgrade to macOS Catalina.
In my recent searches, I came across Fileformat.com, which presents itself as a guide for developers. There’s no information on the site about who’s running it, though most or all of the articles on the wiki are credited to Farooq Sheikh. The site looks worth following. The main sections of it are:
- A wiki on file formats. It isn’t as thorough as the Archive Team wiki, but it has some good technical information on the most popular formats.
- A news section, which consists of links to articles on other sites, including some of mine. Not all of them are strictly news, but they’re all relevant to people with a specialty in file formats. It has an RSS feed, though it isn’t advertised. There aren’t a lot of RSS feeds on file formats (besides the feed for this blog, of course), so it could be worth bookmarking in your reader.
I’ve added a link to the site in my sidebar.
An ABC News Australia article calls attention to the problem of archives on magnetic tape. Author James Elton clearly knows something about digital preservation issues, as the article goes beyond the usual generalities and hand-wringing.
Tapes, on the other hand, can only be read by format-specific machines.
And dozens of formats of magnetic tape were created through the last century — one-inch, two-inch, various versions of Betamax.
JHOVE 1.22 is now available from OPF.
Microsoft’s eBook Store is closing. According to the announcement, “starting July 2019 your ebooks will no longer be available to read, but you’ll get a full refund for all book purchases.” This shows a basic truth about DRM book purchases: you don’t actually own your copy. You can use it only as long as the provider supports it. It was honest of Microsoft to refund all “purchases,” but digital oblivion eventually awaits all DRM-protected materials.
Andy Ihnatko once told me that DRM is safe because “Amazon will be around forever.” It won’t. The fact that a company as big and stable as Microsoft is abandoning support for its DRM-protected products reminds us that all such products exist only as long as the provider has sufficient motivation and ability. It’s questionable whether Amazon’s protected ebooks from today will be readable in 2050, let alone “forever.”
JHOVE 1.22 Release Candidate 2 is available today (April 2).
An issue which was noted but isn’t fixed in this release is the handling of the command line parameters. I don’t think that code has changed significantly since I worked on it. It’s so old that it was already there when I took over the project in 2005, so don’t blame me. :) Hopefully version 1.23 will have revamped command line handling using a modern code library.
Open Preservation Foundation has scheduled an online hack week for JHOVE. The focus for this one will be on development. Another hack week is planned for September, focusing on documentation. JHOVE just keeps going and going, and this is a chance for volunteer Java developers to reduce its issue list.