“Shadow attack” allows alteration of signed PDF files

The more complex a format is, the less chance there is that its security features will work in all cases. A vulnerability has turned up that lets sneaky people alter digitally signed PDF documents. A German team discovered a “shadow attack” vulnerability in the format. It’s easiest to do this if the document’s creator designed it to be altered after signing. The victim sees one set of content and signs it; the dishonest creator gets the document back, changes its appearance, and passes it on.
Continue reading

Apple HEIC vs. students

When a device uses a relatively obscure image format and a site that accepts uploads fumbles it, who is to blame? This is the question that came up when students couldn’t complete their AP college exams because of such a situation.

Students took pictures with their iOS devices of materials they submitted for the test. Their phones stored and uploaded the pictures in HEIC format. The College Board’s server didn’t recognize the format and timed out. The students immediately failed and were told they could retake the test in three weeks.
Continue reading

A new homeschooling resource on file formats

Continuing from the theme of my last post, I’ve created a page for learning about file formats. I don’t know much about educational theory, but I’ve picked out links to articles and videos which I consider suitable for high school students starting out to learn about formats. With so many people figuring out how to educate their kids without classrooms, creating resources is one thing I can do. If you think the page is useful, please link to it where the people who can use it will see it.

Helping a nation of homeschoolers: Digital preservation

We’ve abruptly become a nation of homeschoolers. People are figuring out how to do it with no preparation. They have to face a lot of issues, most of which I’m not helpful with. One of them is finding good material on the Internet. There’s no lack of well-written, informative pages; the hard part is sorting them out from all the garbage. Many of us can help in our fields of expertise by providing pointers to the best material.

On Twitter I saw a call for “expert sniffers,” people who can find the experts. We can do that where we’re specialists if not experts. We need to find articles that are good from an educational standpoint. Presenting all the knowledge isn’t enough; the hard part is presenting it in a way that learners can understand.
Continue reading

Going on standby

I’ve kept this blog going for years. People are still reading it; my stats show 140 views yesterday, and that was on a Saturday! However, I’m no longer active in digital preservation, other people have taken over JHOVE, and professionally I’m now a writer rather than a software developer.

It’s better to do a few things well rather than spread myself too thin. That’s why I’m putting this blog on standby status. There could be occasional posts here if something especially interesting turns up, but they’ll be infrequent. This will help me to focus more on my writing blog and other projects, such as my novel The Magic Battery.

Thanks to everyone who’s read and commented on this blog over the years.

Preserving Yahoo Groups

Yahoo is sending out alerts on the transformation of Yahoo Groups into a list server. The spin is ridiculous. The changes “better align with user habits,” and “we are making adjustments to ultimately serve you better.” It’s as if users had been protesting against the existence of public groups and Web-hosted discussions and Yahoo were complying with the demand.

Yahoo, in case you haven’t been keeping track (I hadn’t), now belongs to Verizon. It makes economic decisions, and one was that running public Yahoo Groups was no longer worth the cost and effort. This is the result of changing user preferences, as well as stupid policy decisions over the years that drove people away. The attempts to correct those blunders may be part of the current problem.
Continue reading

Nefertiti, now available as a 3D scan

Bust of Nefertiti, from 3D scan, Egyptian Museum of BerlinOne of my favorite areas in Berlin is the Museum Island. It includes the Egyptian Museum, which is part of the Neues Museum. Among its most famous possessions is a bust of Nefertiti which dates from about 1340 BCE. The museum has an entire room dedicated to Nefertiti.

More relevant to this blog, it has made a detailed 3D scan of the bust. The museum belongs to the Prussian Cultural Heritage Foundation, which is funded by the federal government and the 16 state governments. Supposedly it has an obligation to make its information public, but for reasons that aren’t clear, it held tight to that scan for a long time. It’s now available as a free download, ten years after it was made, thanks to the persistent efforts of Cosmo Wenman. He tells the story on Reason.com.
Continue reading

Aside

I have removed all my profiles on Stack Exchange/Stack Overflow because of the way it has treated its people.

Finale and macOS

I’m not entirely sure where the right place to put this is. It’s a file format issue in part, since if people can’t keep using Finale after a macOS upgrade, they need to salvage all the files they’re created in its proprietary format.

The email which I got from MakeMusic, dated October 18, was alarming:

Finale v25.5 is not compatible with macOS 10.15 Catalina and will not be updated to support Catalina. It is our recommendation that users of Finale v25.5 not upgrade to macOS Catalina.
Continue reading

Identifying files by programming language

Most of today’s programming languages look vaguely similar. They’re derived from the C syntax, with similar ways of expressing assignments, arithmetic, conditionals, nested expressions, and groups of statements. If the files have their original extension and it’s accurate, format identification software should be able to classify them correctly.

The software should do some basic checks to make sure it wasn’t handed a binary file with a false extension, which could be dangerous. A code file should be a text file. regardless of the language. (This isn’t strictly true, but non-text languages like Piet and Velato are just obscure for the sake of obscurity.) The UK National Archive recognizes XML and JSON (which is a subset of JavaScript) but doesn’t talk about programming languages as file formats. Exiftool identifies lots of formats but makes no attempt to discern programming languages.
Continue reading