trompete [he/him]

  • 7 Posts
  • 179 Comments
Joined 3 years ago
cake
Cake day: October 16th, 2021

help-circle






  • Ffmpeg is used by everybody so you’d hope people are looking at it, but I’m sure there’s security bugs in there, and probably plenty of them, since it’s C parser/decoder code, probably the most dangerous kind of code. I think web browsers do some kind of sandboxing around ffmpeg, plus web browser restrict the kinds of formats they support, but ffmpeg (and peertube?) supports a lot more, many of which will not be audited/fuzzed to the same degree.

    Ideally this would be sandboxed so much it can’t call anything but read(2) and write(2). I have no idea if any of this software does any sandboxing at all.

    Is this any more dangerous than BitTorrenting anime?

    Maybe, depends on the what exactly you’re worried about. There’s potentially political actors that might be interested in fucking with tankie.tube, whereas you can’t really target anyone specifically with bittorrent. Also the attacker knows exactly what software will be used to decode the videos, which makes this easier to exploit. I assume that videos can get uploaded to tankie.tube by basically anybody, and those videos would be sent out to be transcoded on random people’s machines?

    If you assume tankie.tube (maybe peertube in general) is just too small to be on anyone’s radar, then that’s probably fine.


  • Ffmpeg is used by everybody so you’d hope people are looking at it, but I’m sure there’s security bugs in there, and probably plenty of them, since it’s C parser/decoder code, probably the most dangerous kind of code. I think web browsers do some kind of sandboxing around ffmpeg, plus web browser restrict the kinds of formats they support, but ffmpeg (and peertube?) supports a lot more, many of which will not be audited/fuzzed to the same degree.

    Ideally this would be sandboxed so much it can’t call anything but read(2) and write(2). I have no idea if any of this software does any sandboxing at all.

    Is this any more dangerous than BitTorrenting anime?

    Maybe, depends on the what exactly you’re worried about. There’s potentially political actors that might be interested in fucking with tankie.tube, whereas you can’t really target anyone specifically with bittorrent. Also the attacker knows exactly what software will be used to decode the videos, which makes this easier to exploit. I assume that videos can get uploaded to tankie.tube by basically anybody, and those videos would be sent out to be transcoded on random people’s machines?

    If you assume tankie.tube (maybe peertube in general) is just too small to be on anyone’s radar, then that’s probably fine.








  • Die Zeit found the perfect framing device in a young man the reporter just happened upon in front of the bomb crater south of Beirut, and apparently follows him around all night. He’s perfect for the story. Too perfect.

    He’s looking for his family from one of the nearby damaged buildings (no worries happy ending). His father is Hezbollah, he’s Hezbollah technically, but doesn’t want to become a fighter against his father’s wishes. They had a fight and he’s the black sheep of the family now. He works at a hair salon and rather likes beautiful hair, no, beauty itself! He blames Hezbollah for this. He says there were of course weapons at the Hezbollah HQ next to his home. He thinks Israel is just too powerful; can’t be beaten. He just wants to live in a real country with a proper army and a president.

    This conversation with a young man who lives and grew up in the heart of the Hezbollah movement, who, as he says, is of course a member, like everyone in this neighborhood, but is not convinced, who criticizes Hezbollah so bluntly amidst a crowd of irritated Hezbollah guards, is completely improbable - and perhaps only possible for this reason. Nobody pays attention to us anymore.

    OK now they’re just fucking with me, right?