User talk:Anonymous31415927

jpegs

You have started to repeat posting this block of text in the discussion on matrix with two diagonals:

>>>I have been removing it for several reasons:

The civilized way of discusing is not to erase what others write, but to make factual arguments. It's nice you finally understand that.

I am against jpegs on RC website. Really. Not because they are technically dangerous in any way. But because - if they are on an external server - RC cannot be sure that they will not be replaced with one that will show content not accepted by RC.

>>># The 2004 thing was not the only example of this buffer overflow problem -- it's something that keeps happening, so

Of course, mistakes, errors of various kinds, can be dangerous. Once upon a time (about 1/3 century ago) it was enough to write an e-mail subject string long enough to overflow the buffer and so on. Should we stop using e-mail for this reason?

Your reasoning is that of a driver who completely drunk got into a car with broken brakes, no airbags, no seat belts, and blames a tree by the road for the accident. Well, actually - if that tree wasn't there, it wouldn't be able to break down on that particular tree. Fact!

If the program is badly written, running on a crap system (without memory protection), the sandbox does not work and the buffer is overwritten by crafted jpeg ... then don't say jpeg is a devil's invention, but just patch the real holes in your system. The jpeg format as such has no scripts, it is not an executable format.

>>># Suggesting that there's no historical validity to being cautious about image links is the wrong approach, and

A simple question that you probably don't know the answer to: how is a link to an image (jpeg) different from a link to anything else? By demonizing the harmfulness of jpegs, you don't notice the obvious.

>>># There are people who actively go out and try to deal with people taking advantage of buffer overflow problems, which means the problems tend to be relatively rare, so a lack of examples isn't particularly meaningful (especially when you ignore well documented examples of jpeg buffer over problems which are more recent than 2004),

There are all kinds of bad people in this world. However, spreading panic is unnecessary and will not lead to anything. Embedding malware into jpeg? For what? Since attacks can be done more simply and effectively in a thousand other ways?!

>>># Minimizing external dependencies on a website is generally good practice anyways,

Yes, it is true. See above why I am against externally hosted jpegs.

>>>so being "too cautious" in this context seems like a maybe mediocre but not horrible and maybe even good idea. (Certainly a lot better than some of the other stunts people have been pulling, recently.)

>>>Now, ... it's undoubtedly true that some people somewhere discourage image links because they have been annoyed by porn. But that does not seem relevant here, since that's not the kind of image under discussion.

I have met many times people who said that "jpeg infected their system". 99% of the time it was actually an attack ... while (coincidence) they were viewing pictures that were completely harmless files. 1% are naïve who considered the virus that deleted their files (jpeg files were zero length after the attack) to be a virus that "sits in jpeg". Punny.

In order to infect a computer with jpeg, you need a lot of knowledge, skills and you can do it when the system is vulnerable (ie not updated since 2004).

In order to put eg a photo [...] someone does not need any knowledge or special skills. It swallows any system, even with the latest patches.