I noticed that bristol-0.40.7-7 updated due to the following security
update. What got me curious is what kind of security issue could
running bristol possibly pose?? -- none on it's own, but another rogue
package could exploit this issue ...
https://bugzilla.redhat.com/show_bug.cgi?id=638376
.................
Raphael Geissert conducted a review of various packages in Debian and found
that bristol contained a script that could be abused by an attacker to execute
arbitrary code [1].
The vulnerability is due to an insecure change to LD_LIBRARY_PATH, and
environment variable used by ld.so(8) to look for libraries in directories
other than the standard paths. When there is an empty item in the
colon-separated list of directories in LD_LIBRARY_PATH, ld.so(8) treats it as a
'.' (current working directory). If the given script is executed from a
directory where a local attacker could write files, there is a chance for
exploitation.
In Fedora, /usr/bin/startBristol re-sets LD_LIBRARY_PATH insecurely:
declare -x
LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib
A solution is to patch the script to test if $LD_LIBRARY_PATH is set first
before attempting to modify it:
if [ -z ${LD_LIBRARY_PATH} ]; then
export LD_LIBRARY_PATH=/usr/lib/foo
else
export LD_LIBRARY_PATH=/usr/lib/foo:${LD_LIBRARY_PATH}
fi
This issue has been assigned the name CVE-2010-3351.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285
...........................
Niels
http://nielsmayer.com
On Fri, Nov 12, 2010 at 9:50 AM, Robin Gareus <robin(a)gareus.org> wrote:
> http://gjacktransport.sourceforge.net/ is a tool that provides graphical
> control over JACK-transport [1].
IAt some point, either from installing version 0.4 or 0.5, whenever I
browsed a directory out of the web browser, such as the "show in
folder" option for downloaded files, gjacktransport would get invoked
instead.
I finally figured out what happened. Somehow, the following setting
got "installed" along with gjacktransport:
KDE's System Settings -> File Manager -> gjacktransport
Whereas it should have been set to "dolphin" .
Investigating further, I noticed that gjacktransport got added as a
viewer for file type "inode/directory" which seems to be a bug. I'm
not sure why adding it as a MIME type would also select it as the
default directory viewer in KDE, but that's what I've been seeing. But
perhaps my system has been cobbled on too much as it is a hybrid of
KDE and Gnome.
In either case, I finally figured out the issue, and fixed it for
myself. Just thought I'd share in case others had the same problem,
and hopefully, if this is a bug in gjacktransport, that'll get fixed
as well.
Thanks,
Niels
http://nielsmayer.com
Hi everybody,
Fallowing up the long discussion i'm trying to sort of give the
information you all seem to be missing.
there was a meantion of this, but not too many of you have paid any
attention:
here you can find an article about the current status of the protocol mess:
http://prosoundnewseurope.com/pdf/PSNLive/PSNLive_2009.pdf (page 28)
obviously eas50 is good to go, but Ethernet AVB is right thing really.
the only thing that it's still work in progress, but many of the
proprietary vendors, which already have their own networking solution
(like Harman with HiQ-net, the one i can name of top of my head)
are involved in AVB stadard deveelopment.
The idea of AVB is to bypass the IP layer, which is right thing really.
you don't need to assign IPs to your audio nodes, really!
in avb you'd just have to select channels that nodes whant to listen to.
there is a fair bit of documentation on the ietf.org AVB group's page.
but XMOS is looking to be the best point of refference:
http://www.xmos.com/news/15-jun-2009/xmos-simplifies-ethernet-avb-implement…
is think we should forget everything else and crack on with the XS1 AVB
implementation!
their XS1 chips seem to be really great,
their are basically every innovative and open-source minded.
the official toolchain is LLVM-GCC based.
you can use C, C++ or their own XC.
XC is basically C with some stuff omited (like goto and floats)
and XMOS IO stuff added, don't just say WTF, look at it first!
you should also watch the videos here:
http://www.xmoslinkers.org/conference-online-wf
especialy the two about the "XMOS Architecture" and the AVB
presentation.
some dev-kits are quite expencive, but that's due to low-volume really
;)
there is alos a nice USB Audio kit!
plus there is alittle board that is cheap and has two RJ45's on it
already :)
I'm myself studying the XC book at the moment. And geting familiar with
the tool set :)~~
looks very exciting, cause these are the invovative chips!
ok, may be an FPU is really missing on XCore, but how many DSPs have
it anyway? well quite a few, but there was no FPU on dsps for ages! :))
also XC or C/C++ are so much more obvious then the bloody "menthal american military engeneers non-sense" called HDL-whatever!
Cheers Everyone,
Hope you will appreciate my excitment :)~ (l0l)
--
ilya .d
Hello all,
I was a Smartmusic (http://www.smartmusic.com) user until that program
stopped working with wine. For those of you who don't know it, it is a
program that basically downloads finale files (score + accompaniment)
from a centralized server for musical instrument practice. When you
play along it uses either MIDI input or a microphone to rate your
perfomance (which notes you played in tune, and so on).
As far as I know, there is no native Linux or open source alternative.
My questions are: Do you think it would be hard to code a plugin for
musescore (http://www.musescore.org) to do the same pitch detection
and comparison with the score? Or maybe would it be better to fork the
code and make a stand-alone app, keeping it as compatible as posible?
Any experience with pitch to midi? aubio (http://www.aubio.org) could
be an option, but I haven't tried it.
I think the music repository part could be addressed later...
I don't have much time right now, but I'd like to ponder the
posibility of working on it in the future. Maybe start experimenting
in the meanwhile.
Just an idea,
Greetigs,
Camilo
Eric Kampman <erickampman(a)me.com> wrote:
> Hello,
>
> I'm writing a synth module on top of jack and I'm starting to contemplate
> stereo.
>
> I looked up "pan law" and
...
This reference:
M.A. Gerzon, "Panpot Laws for Multispeaker
Stereo", Preprint 3309 of the 92nd Audio
Engineering Society Convention, Vienna
(March 1992)
looks at panning laws and psychoacoustics.
The paper is concerned mostly with 3- and
4-speaker frontal stage stereo, but 2-speaker
stereo is analysed as an introduction.
Regards,
Martin
--
Martin J Leese
E-mail: martin.leese stanfordalumni.org
Web: http://members.tripod.com/martin_leese/
-------- Forwarded Message --------
From: Ralf Mardorf
To: Kris Calabio
Subject: Re: [LAD] What do you do for a living?
Date: Thu, 11 Nov 2010 16:23:46 +0100
On Wed, 2010-11-10 at 15:06 -0800, Kris Calabio wrote:
> Hmm, lot's of anti Google sentiment here? I'm afraid that I was sort
> of in the afterglow of positive testimonials when I wrote that
> original email. What exactly does Google do that is unethical? Sure,
> they're a huge corporation (bureucracy blah blah), but they are
> companies that are a lot worse.
>
> It's great (and refreshing) to hear that a lot of us do what we do in
> spite of money. community > capitalism
> > Yeah, I'd like to
> > work for Google, but who doesn't right? :)
>
> Not me...
>
> Gordon MM0YEQ
>
>
>
>
>
They cooperated with China, than there are trackers such as Google
Analytics and read Fon's first reply.
Off cause there are also some good sides of Google.
- Ralf
They're a corporation. Of course they're meant to make money. I know that already. Be more polite, please. ;)
I'm
afraid you're drew the wrong implication about myself from that
statement, but perhaps I should have been more clear. I meant that
Google likes to see open source in a resume. If they see that you
developed for open source projects and talk about it in an interview (if
you get one), they will be more likely to hire you. The Google
representativs at the panel emphasized this point many times. I hope
you understand where I was coming from now.
Best,
Kris
--- On Wed, 10/11/10, fons(a)kokkinizita.net <fons(a)kokkinizita.net> wrote:
From: fons(a)kokkinizita.net
<fons(a)kokkinizita.net>
Subject: Re: [LAD] What do you do for a living?
To: "Kris C" <cpczk(a)yahoo.com>
Cc: "Linux Audio Developers Mailing List" <linux-audio-dev(a)lists.linuxaudio.org>
Date: Wednesday, 10 November, 2010, 2:44 PM
On Tue, Nov 09, 2010 at 07:17:24PM -0800, Kris C wrote:
> Google just loooooves open source and those involved.
Quite naive. Google doesn't want to share its profits with
Microsoft, that's all. For the the rest, it's and advertising
machine meant to make money. The rest is just an means to this
end. Wake up to reality, please.
Ciao,
--
FA
There are three of them, and Alleline.
Hey guys,
I've recently been working on a small MIDI automation line editor, and I've
managed to get
it into a working condition. Its a C++ & GTK jobbie, see this blog post for
more info:
http://harryhaaren.blogspot.com/2010/10/automate-another-stage-along-way.ht…
I've not announced this as usable yet, as I am aware that there are some
serious enough errors in it:
1. Drawing the GUI is not optimized and hogs resources. It always redraws
the whole graph, and also redraws when its not necessary.
2. I'm not at all experience with threaded programming, and hence am pretty
sure there's some threading possibilities to be explored.
I've worked on this project on my own so far, and while it has taught me a
lot, I think now I need to ask
for some assistance with regards getting it polished for "everyday-use"..
:-)
If anybody has interest and want's to pull the repo to find out if it works
for you, please provide feedback!
(I'm 50% sure the waf script will need some tweaking, and maybe some other
things too...)
Cheers for reading, -Harry
Hi list,
I am seeing what appears to be a 4 - 7 usec context switch time on a 3
GHz Core 2 Duo machine with the 2.6 kernel, and 10 - 15 usecs on a 1.66
GHz Atom. Is that reasonable? Does anyone have any tips on how to speed
that up, if possible?
The background is that I have two apps --- one a straight Linux app and
the other a Wine one. The Linux app is doing the mixing and the Wine app
is hosting Windows VSTs.
During audio processing I use a sem_t to signal from the mixer app to
the vst app. Once the vst app is done processing, it signals back to the
mixer app over another sem_t.
I believe this is roughly the approach taken by other linux audio apps
to host Wine vsts. And is also something like how Jack does IPC.
But it takes about 4-7 usecs on the faster machine to signal another app
and have it wake up again. I assume this is the time needed for a
context switch.
Since this has to happen twice per buffer, at a 32 sample buffer size
and with 10 VSTs, overhead accounts for about 14% of the CPU. On the
slower Atom machine, it would account for 33% of the CPU.
Any hints on how to reduce that time, or an alternate IPC design to look
in to?
Thanks for any help,
Michael Ost
Muse Research, Inc.
Seeking Qt4.7 (esp. QtQuick/QML) and Linux multimedia experts to join
a new project -- http://ytd-meego.googlecode.com -- to contribute
code/planning/ideas for a port of http://ytd-android.googlecode.com/
to Meego running on http://en.wikipedia.org/wiki/Nokia_N900 and
equivalent mobile computing platforms.
FYI, the youtube direct application allows integrated
capture/cataloging/uploading of video (or audio) to youtube captured
directly from the handheld. See the following articles to understand
how it is being used:
http://gigaom.com/video/youtube-direct-abc7/http://www.digitaltrends.com/computing/youtube-direct-is-helping-media-find…
---------- Forwarded message ----------
From: Niels Mayer <nielsmayer(a)gmail.com>
Date: Sun, Nov 7, 2010 at 9:02 PM
Subject: YTD-Meego on Googlecode - Planning Youttube direct uploading app
To: qt-qml(a)trolltech.com
I've created http://code.google.com/p/ytd-meego/ for the port of
ytd-android to Meego using QtQuick/QML. YTD-Meego is to be a
feature-equivalent port of the Youtube-direct application  for Android
( http://ytd-android.googlecode.com/ Â ).
Initially, the purpose of the googlecode project will be for
issue-tracking and planning features and their implementation in
QtQuick. The subversion repository will eventually contain working
snippets of QtQuick test code that will evolve into an application
with the help of the community. Please send mail if you want to be
added as a project contributor/committer for contributing ideas, Â code
snippets and helping developing this application openly.
-- Niels
http://nielsmayer.com