Recherche avancée

Sur d’autres sites (4221)

• avformat/matroskadec : Fix heap-buffer overflow upon gigantic timestamps

  25 août 2021, par Andreas Rheinhardt

  avformat/matroskadec : Fix heap-buffer overflow upon gigantic timestamps
  The WebM DASH Manifest demuxer creates a comma-delimited list of
  
  all the timestamps of index entries. It allocates 20 bytes per
  
  timestamp ; yet the largest 64bit numbers have 20 decimal digits
  
  (for int64_t it can be '-'+ 19 digits), so that one needs 21B
  
  per entry because of the comma (resp. the final NUL).
  The code uses snprintf, but snprintf returns the strlen of the string
  
  that would have been written had the supplied buffer been big enough.
  
  And if this is 21, then the next entry is written at an offset of 21
  
  from the current position. So if enough such entries exist, the buffer
  
  won't suffice.
  This commit fixes this by replacing the allocation of buffer for
  
  the supposedly worst-case with dynamic allocations by using an AVBPrint.
  Signed-off-by : Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
  

  • [DH] libavformat/matroskadec.c

• How to salvage a gigantic, possibly corrupt, AIFF file ?

  9 novembre 2024, par Ross Duncan

  Due to a Sound Track Pro glitch, I have a problematic AIF file. It plays fine in QuickTime Player, and is about 1 hour 50 mins long. However :

  



  

  • It's 3.81GB in size, whereas (I believe) AIF files are only supposed to be 2GB or smaller.

  


  • iTunes refuses to play it.

  


  • Logic Pro gives the error message "party-mix.aif is empty!" when I try to import it.

  


  • VLC will open and play the file, but it ends after an 1 hour (I guess this is the 2GB point).

  


  • Attempting to transcode using ffmpeg to Ogg gives the errors,

    



    


    [aiff @ 0x102051000] max_analyze_duration 5000000 reached at 5001333

    
 


    ....

    
 


    [pcm_s16be @ 0x10205a200] invalid PCM packet

    


    



    but the resulting file plays in VLC up till 1 hour, when it ends.

  


  • Attempting to transcode using ffmpeg to MP3 gives similar results as Ogg, except that the number of channels must reduced from 6 to 2. This is odd because it was a stereo project - where the extra 4 channels came from I have no idea.

  


  • There are a few places where the audio has been very noticeably sped up.

  


  



  My question : how can I transcode this frankenstein monster to MP3 without losing the second half ? I am running Mac OS 10.6.8.

  


• 4 Ways to Embed User Privacy & Data Security in Your Business

  15 juillet 2022, par Erin — Privacy

  Customer analytics undeniably plays a vital role for businesses. Product improvements, interface personalisation, content improvements, and creative advertising thrive on data. 

  Yet, there’s a fine line between being a customer-centred company and a privacy-violating one. 

  Due to ubiquitous online tracking, 62% of Americans now believe that it’s impossible to go about their daily lives without companies collecting data about them. Still, despite the importance of privacy in business for consumers, companies are reluctant to act. Privacy initiatives often stay on the back burner due to perceived complexity. That’s true to some extent.

  Privacy in business does assume complex technical changes to your data management. But to be a privacy-centred organisation, you also need to re-think your processes, practices, and culture. 

  Here are four ways to start your journey to better user privacy and data security. 

  1. Revise Your Data Collection Process to Gain Consumer Trust 

  The public is wary of sharing data with businesses because they are suspicious of its subsequent usage. 

  However, not all data collection is bad or wrong. In many cases, you need specific data for service delivery, compliance, or good-natured personalisation. 

  That’s exactly what consumers expect. Almost half of US consumers say they’d trust a company that limits the amount of personal information requested and only asks for data relevant to its products/services. 

  By limiting data collection and offering transparent data usage terms, you can : 

  • Reassure reluctant users to try your product or service — hence, boost conversions and sales. 
  • Retain existing audiences by gaining their trust, which leads to loyalty and higher customer lifetime value (CLV). 

  To gain consumers’ trust, implement proper consent and opt-out mechanisms. Then create educational materials about how you are collecting and using their data.

  2. Perform Data Mapping to Determine Where Sensitive Data Rests 

  Businesses are already pressed with an expanded cyber-security radar, courtesy of remote work, digital payment processing, IoT device adoption, etc. Yet, 41% of the executives don’t think their security initiatives have kept up with the digital transformations.

  Loopholes in security eventually result in a data breach. The average cost of a data breach looms at $4.24 million globally. The sum includes regulatory fines and containment costs, plus indirect losses in the form of reduced brand equity and market share. 

  Lax data protection in business also undermines consumer trust : 87% of consumers wouldn’t transact with a company if they had qualms with its security practices. 

  To improve your security posture, analyse where you are storing sensitive consumer data, who has access to it (internally and externally), and how you are protecting it. Then work with cybersecurity specialists on implementing stronger consumer security mechanisms (e.g. auto-log offs, secure password policy, etc) and extra internal security policies (if needed). 

  At the same time, start practising data minimisation. Ensure that all collected data is : 

  • Adequate – sufficient to meet your stated objectives 
  • Relevant – is rationally linked to the objectives 
  • Limited – no unnecessary data is collected or stored
  • Timely – data is periodically reviewed and removed when unnecessary 

  

  These principles prevent data hoarding. Also, they help improve your security posture and regulatory compliance by reducing the volume of information you need to safeguard.

  3. Do an Inventory of Your Business Tools

  Data leaks and consumer privacy breaches often occur through third parties. Because Google Analytics was deemed in breach of European GDPR in France, Austria and Italy, businesses using it are vulnerable to lawsuits (which are already happening). 

  Investigate your corporate toolkit to determine “weak links” – tools with controversial privacy policies, murky data collection practices, and poor security. 

  Treat it as a journey and pick your battles. By relying on Big Tech products for years, you might have overlooked better alternatives. 

  For example :

  • Matomo is a privacy-centred Google Analytics alternative. Our web analytics is compliant with GDPR, CCPA, and other global privacy laws. Unlike Google Analytics, we don’t exploit any data you collect and provide full transparency into how and where it’s stored. Or if you want a simple analytics solution, Fathom is another great privacy-friendly option.

  

  • For online data storage, you can choose Proton Drive or Nextcloud (open-source). Or host your corporate data with a local cloud hosting provider to avoid cross-border data transfers.

  

  Aim to progressively replace Google products with more privacy-centred alternatives. 

  4. Cultivate a Privacy-Centred Corporate Culture 

  To make privacy a competitive advantage, you need every team member (at every level) to respect its importance. 

  This is a continuous process of inspiring and educating your people. Find “privacy ambassadors” who are willing to lead the conversations, educate others, and provide resources for leading the change. 

  On an operational level, incorporate privacy principles around data minimisation, bounded collection, and usage into your Code of Conduct, standard operating procedures (SOPs), and other policies. 

  Creating a privacy-centric culture takes effort, but it pays off well. Cisco estimates that for each dollar spent on privacy, an average organisation gets $2.70 in associated benefits. Almost half (47%) of organisations gain 2X returns on their privacy initiatives.

  Moving Forward with a Data Privacy Programme 

  Privacy has become a strong differentiator for brands. Consumers crave transparency and ethical data usage. Regulators mandate limited data collection and proper security mechanisms.

  But sweeping changes are hard to implement. So start small and go one step at a time. Understand which first-party data your company collects and how it is stored.

  Then look into the tools and technologies you are using for data collection. Do these provide sufficient privacy controls ? How are they using data collected on your behalf ? Finally, move to wider transformations, pertaining to data management, cybersecurity, and cultural practices. 

  Be consistent with your effort — and eventually, all the pieces will fall into place.