Aside

Lately this blog hasn’t been showing up on Google. It’s unfortunately necessary to convince Google I’m real, so I’ve added a confirmation meta tag and linked to this blog from a Google Page. As an extra advantage, you’ll be able to read my posts from Google, if you’re so inclined.

This is also a test post to see if that’s working. I’ll post about something more interesting soon.

Comments Off on Google+ crossposting

Posted on November 28, 2016

Sloppy reporting of image file hazards

Posted on November 26, 2016 | Comments Off on Sloppy reporting of image file hazards

Reporting carries responsibility. When you tell the public about a risk, you need to tell them what the risk is, not just scare them. An article from Check Point Software Technologies, titled “ImageGate,” shows how bad even tech sites can get at clickbait reporting. According to Wikipedia, Check Point is a business with thousands of employees, not a hole-in-the-wall IT company that hires ghostwriters to write filler.

The article claims:

the attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.

Continue reading

Comments Off on Sloppy reporting of image file hazards

Posted in commentary

Tagged ,

JavaScript risk in SVG images

Posted on November 21, 2016 | Comments Off on JavaScript risk in SVG images

Malicious SVG images sent over Facebook Messenger are being used to deliver Locky ransomware.

An SVG file can contain a <script> tag, which contains executable JavaScript as CDATA. If it’s an image on a Web page, the JavaScript can run in the browser. This is a potential XSS weakness, if users can submit images to a site.
Continue reading

Comments Off on JavaScript risk in SVG images

Posted in commentary

Tagged , ,

HTML 5.1 and 5.2

Posted on October 31, 2016 | Comments Off on HTML 5.1 and 5.2

HTML 5.1 is now a W3C proposed recommendation, and the comment period has closed. If no major issues have turned up, it may become a recommendation soon, susperseding HTML 5.0.

Browsers already support a large part of what it includes, so a discussion of its “new” features will cover ones that people already thought were a part of HTML5. The implementations of HTML are usually ahead of the official documents, with heavy reliance on working drafts in spite of all the disclaimers. Things like the picture element are already familiar, even though they aren’t in the 5.0 specification.
Continue reading

Comments Off on HTML 5.1 and 5.2

Posted in News

Tagged , , ,

Administrative note 2

Posted on October 27, 2016 | Comments Off on Administrative note 2

The domain madfileformatscience.garymcgath.com is working again. Let me know if you see any problems.

Comments Off on Administrative note 2

Posted in administrative

Administrative note

Posted on October 26, 2016 | Comments Off on Administrative note

The domain madfileformatscience.garymcgath.com will be down briefly at some point for maintenance. You’ll still be able to reach this blog through fileformats.wordpress.com.

Comments Off on Administrative note

Posted in administrative

Bit-rot tolerance doesn’t work

Posted on October 18, 2016 | 2 comments

My brief post yesterday on the TI/A initiative provoked a lively discussion on Twitter, mostly on whether archival formats should allow compression. The argument against compression rests on the argument that archives should be able to deal with files that have a few bit errors in them. This is a badly mistaken idea.
Continue reading

2 Comments

Posted in commentary

Tagged , ,

The TI/A initiative

Posted on October 17, 2016 | Comments Off on The TI/A initiative

A project to define an archive-safe subset of TIFF has been going on for a long time. Originally it was called the TIFF/A initiative, but Adobe wouldn’t allow the use of the TIFF trademark, so it’s now called the TI/A initiative.

So far it’s been very closed in what it presents to the public. It’s easy enough to sign up and view the discussions; I’ve done that, and I have professional credentials but no inside connections. However, it bothers me that it’s gone so long presenting nothing more to the public than just a white paper and no progress reports.

I’m not going to make anything public which they don’t want to, but I’ll just say that I have some serious disagreements with the approach they’re taking. When they finally do go public, I’m afraid they won’t get much traction with the archival community. Some transparency would have helped to determine whether I’m wrong or they’re wrong.

Comments Off on The TI/A initiative

Posted in commentary

Tagged ,

JHOVE Online Hack Day

Posted on October 7, 2016 | Comments Off on JHOVE Online Hack Day

I’ve just learned that the Open Preservation Foundation is hosting a JHOVE Online Hack Day on October 11. I’m flattered people are still interested in the work I started doing over a decade ago, though getting some paying work would be far more satisfying.
Continue reading

Comments Off on JHOVE Online Hack Day

Posted in News

Tagged ,

The little-known potential of SVG

Posted on September 27, 2016 | 2 comments

Today on Twitter I came upon an article, “SVG Has More Potential,” by Mike Riethmuller. He points out that SVG is more than just “scalable vector graphics,” and he demonstrates that its images can be responsive.
Continue reading

2 Comments

Posted in commentary, Links

Tagged , ,