Free, Libre, and Open Source Software Leftovers

posted by Roy Schestowitz on Oct 07, 2024

• N3wjack ☛ free audio visualization in shotcut - n3wjack's blog

  That’s all OK-ish, but the templates are pretty standard, and you can’t really tweak them. I was looking for something I have some more control over. Then I tried a search to see if this would be possible with Shotcut, my favorite open source video editing tool.

  Turns out it is! I don’t need to learn or use anything new. Here’s a small demo I cooked up after playing around with the default video effects it has on board.

• SaaS/Back End/Databases

  • SQLite ☛ Defense Against The Dark Arts

    SQLite should never crash, overflow a buffer, leak memory, or exhibit any other harmful behavior, even when presented with maliciously malformed SQL inputs or database files. SQLite should always detect erroneous inputs and raise an error, not crash or corrupt memory. Any malfunction caused by an SQL input or database file is considered a serious bug and will be promptly addressed when brought to the attention of the SQLite developers. SQLite is extensively fuzz-tested to help ensure that it is resistant to these kinds of errors.

    Nevertheless, bugs happen. If you are writing an application that sends untrusted SQL inputs or database files to SQLite, there are additional steps you can take to help reduce the attack surface and prevent zero-day exploits caused by undetected bugs.

  • Ashish Bhatia ☛ Repairing database on the fly for millions of users

    The SQLite database in the backup, however, was broken. They would neither load via Sqlite on Android nor via any Sqlite browser on Mac OS. However, one could open them up in SQLite Shell. And as long as the queries don’t try to touch the broken row, they would succeed as well. Even aggregate queries like SELECT COUNT(*) worked.

    In one case, primary key constraints were being violated. In a few other cases, there were incorrect Unicode characters. While I tried to dig in, I was not able to find a reason for these. The low-end Android phones are a weird beast. I saw enough memory faults regularly that these database corruptions didn’t surprise me either.

    But how do we find and eliminate such corrupted entries programtically?

• Web Browsers/Web Servers

  • Washbear ☛ wrestling the web from corporate control requires making it boring again

    I gave up and switched to Pale Moon around the time Mozilla's corporate office displayed yet another clear sign that their head is in the clouds by deciding that built-in "AI" chatbots are what its users deseperately need. Now, some have chosen to cast fear, uncertainty, and doubt in the direction of all Firefox forks with regards to applying security patches, but as far as I can tell there's patches for CVEs regularly being applied in new releases just as other code is updated and bugs are fixed. I also lived through the pre-Electrolysis era when infosec twitter influencers were telling everyone to use Chrome to protect their privacy. These appeal to authority arguments have an appeal in some situations - it makes sense to get your bread from a baker you know doesn't add insects, but when the authority demonstratably has insects^W ad-tech in the oven? It doesn't make sense.