JHOVE 1.22 is now available from OPF.
Malware has shown up which takes advantage of a path traversal bug in the WinRAR archiving utility. The bug, which reportedly existed for 19 years, is fixed in the latest version. The problem stems from an old, buggy DLL which WinRAR used. It allowed the expansion of an archive with a file that would be extracted to an absolute path rather than the destination folder. In this case, the path was the system startup folder. The next time the computer was rebooted, it would run the malware file.
MacOS provides a few different ways to do screen captures. My personal favorite is Grab, which is found in the Applications/Utilities folder. It lets me capture a selection, a window, or the whole screen without having to remember any magic key combinations. I keep it in the Dock for quick access.
Grab has one deficiency, though. It can save screenshots only as TIFF files. If Apple had to pick just one format, that’s hardly the most useful one. But there’s an easy workaround.
After you’ve got your screen shot, press Command-C or choose “Copy” from the Edit menu. Open the Preview application. Press Command-N or select “New from clipboard” from the File menu. You now have the screenshot in Preview.
In Preview, press Command-S or choose “Save…” from the File menu. You’ll get a dialog to save the file, with a choice of formats: JPEG, JPEG2000, OpenEXR, PDF, PNG, or TIFF. Pick whichever one you like. If you’re going to put the image into a Web page, PNG is usually the best choice. Preview will remember your choice for next time. Then save the file.
If you prefer, you can do the equivalent in Photoshop, Gimp, or any other image-processing application, but Preview has the advantage of launching quickly and keeping the process simple.
That’s it. You can now use Grab to save screenshots to a Web-friendly format.
Articles about JHOVE, such as Good GIF Hunting, grab my attention for obvious reasons. This article talks about false positive and negative results, and got me to thinking: What constitutes a “positive” result in file format validation? There are two ways to look at it:
- The default assumption is that the file is of a certain format, perhaps based on its extension, MIME type, or other metadata. The software sets out to see if it violates the format’s requirements. In that case, a positive result is that the file doesn’t conform to the requirements.
- The default assumption is that the file is just a collection of bytes. The software matches it against one or more sets of criteria. A positive result is that the file matches one of them.
Libtiff 4.0.9 has been released. According to the email announcing it:
A great many security improvements have been implemented by Even Rouault.
Much thanks to OSS Fuzz, team OWL337, Roger Leigh, and of course Even Rouault.
Obligatory reminder: Don’t download from libtiff dot org. It’s many years out of date.
An Open Preservation Foundation webinar, “Putting JHOVE to the acid test: A PDF test-set for well-formedness validation in JHOVE,” will be held on November 21, 10 AM GMT (that’s 11 AM in Central Europe and a ludicrous 5 AM or earlier in the US).
Popular Science has an article, “How to convert any file to any format.” The title overreaches, but the article actually isn’t too bad. It’s addressed at the ordinary user, not the file format specialist, so it wouldn’t be appropriate to complain too much that it has more breadth than depth.
It starts by recommending using the application that created the file, and that’s certainly good advice. Even when formats are open standards, an app knows more about how it creates its own files than anyone else does. Its files might have bits of application-specific information.
Posted in commentary
My venture into the Techno-Liberty blog didn’t work so well. In fact, I’m getting more views on this blog, in spite of not having posted in months, than I got on my best days on the other blog. So … I’m back.
JHOVE is still doing well too, thanks to excellent work by Carl Wilson and others at the Open Preservation Foundation. There will be an online hack day for JHOVE on April 27. The aim is to find ways to improve JHOVE by improving error reporting, collecting example files, and documenting the preservation impact of JHOVE validation issues. (I think that last one means “Why does McGath’s PDF module suck?” :)
The time listed is 8 AM-8 PM. I asked what time zone that is, and was told it means any and all, from New Zealand the long way around to Hawaii.
Last time I said I’d drop in and didn’t really manage to. This time I won’t make promises, but I’ll try to be around in some form. If nothing else, people can ask me questions about JHOVE in the comments.
Posted in News
Tagged JHOVE, software
Libtiff is still offline at remotesensing.org, but there’s a mirror of the source available on GitHub. I held off on mentioning it in this blog till Bob Friesenhahn confirmed it’s reliable.
Posted in Links
Tagged software, TIFF
The Libtiff library, which has been a reference implementation of TIFF for many years, has disappeared from the Internet. It was located at remotesensing.org, a domain whose owner apparently was willing to host it without having any close connection to the project. The domain fell into someone else’s hands, and the content changed completely, breaking all links to Libtiff material. Malice doesn’t seem to be involved; the original owner of remotesensing.org just walked away from the domain or forgot to renew it. Who owns it now is unknown, since it’s registered under a privacy shield.
Originally Libtiff was hosted on libtiff.org, but that fell into the hands of a domain owner with no interest in the project. I don’t know why. It still holds Libtiff code, but it’s many years out of date.
As I’m writing this, people on the Libtiff list are trying to figure out exactly what happened. There’s talk of trying to get libtiff.org back, though that may or may not be possible.
For the moment, there’s no primary source for Libtiff on the Web. I’ll hopefully be able to post more information later.
Posted in News
Tagged software, TIFF