Linux-audio-dev

linux-audio-dev@lists.linuxaudio.org

2 participants
7447 discussions

interesting security update to bristol just came out

by Niels Mayer

I noticed that bristol-0.40.7-7 updated due to the following security update. What got me curious is what kind of security issue could running bristol possibly pose?? -- none on it's own, but another rogue package could exploit this issue ... https://bugzilla.redhat.com/show_bug.cgi?id=638376 ................. Raphael Geissert conducted a review of various packages in Debian and found that bristol contained a script that could be abused by an attacker to execute arbitrary code [1]. The vulnerability is due to an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries in directories other than the standard paths. When there is an empty item in the colon-separated list of directories in LD_LIBRARY_PATH, ld.so(8) treats it as a '.' (current working directory). If the given script is executed from a directory where a local attacker could write files, there is a chance for exploitation. In Fedora, /usr/bin/startBristol re-sets LD_LIBRARY_PATH insecurely: declare -x LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:${LD_LIBRARY_PATH}:${BRISTOL}/lib A solution is to patch the script to test if $LD_LIBRARY_PATH is set first before attempting to modify it: if [ -z ${LD_LIBRARY_PATH} ]; then export LD_LIBRARY_PATH=/usr/lib/foo else export LD_LIBRARY_PATH=/usr/lib/foo:${LD_LIBRARY_PATH} fi This issue has been assigned the name CVE-2010-3351. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285 ........................... Niels http://nielsmayer.com

13 years, 10 months

Re: [LAD] [LAA] [ANN] gjacktransport 0.5.0

by Niels Mayer

On Fri, Nov 12, 2010 at 9:50 AM, Robin Gareus <robin(a)gareus.org> wrote: > http://gjacktransport.sourceforge.net/ is a tool that provides graphical > control over JACK-transport [1]. IAt some point, either from installing version 0.4 or 0.5, whenever I browsed a directory out of the web browser, such as the "show in folder" option for downloaded files, gjacktransport would get invoked instead. I finally figured out what happened. Somehow, the following setting got "installed" along with gjacktransport: KDE's System Settings -> File Manager -> gjacktransport Whereas it should have been set to "dolphin" . Investigating further, I noticed that gjacktransport got added as a viewer for file type "inode/directory" which seems to be a bug. I'm not sure why adding it as a MIME type would also select it as the default directory viewer in KDE, but that's what I've been seeing. But perhaps my system has been cobbled on too much as it is a hybrid of KDE and Gnome. In either case, I finally figured out the issue, and fixed it for myself. Just thought I'd share in case others had the same problem, and hopefully, if this is a bug in gjacktransport, that'll get fixed as well. Thanks, Niels http://nielsmayer.com

13 years, 10 months

Re: [LAD] FOSS Ethernet Soundcard - IETF Ethernet AVB

by errordeveloper＠gmail.com

Hi everybody, Fallowing up the long discussion i'm trying to sort of give the information you all seem to be missing. there was a meantion of this, but not too many of you have paid any attention: here you can find an article about the current status of the protocol mess: http://prosoundnewseurope.com/pdf/PSNLive/PSNLive_2009.pdf (page 28) obviously eas50 is good to go, but Ethernet AVB is right thing really. the only thing that it's still work in progress, but many of the proprietary vendors, which already have their own networking solution (like Harman with HiQ-net, the one i can name of top of my head) are involved in AVB stadard deveelopment. The idea of AVB is to bypass the IP layer, which is right thing really. you don't need to assign IPs to your audio nodes, really! in avb you'd just have to select channels that nodes whant to listen to. there is a fair bit of documentation on the ietf.org AVB group's page. but XMOS is looking to be the best point of refference: http://www.xmos.com/news/15-jun-2009/xmos-simplifies-ethernet-avb-implement… is think we should forget everything else and crack on with the XS1 AVB implementation! their XS1 chips seem to be really great, their are basically every innovative and open-source minded. the official toolchain is LLVM-GCC based. you can use C, C++ or their own XC. XC is basically C with some stuff omited (like goto and floats) and XMOS IO stuff added, don't just say WTF, look at it first! you should also watch the videos here: http://www.xmoslinkers.org/conference-online-wf especialy the two about the "XMOS Architecture" and the AVB presentation. some dev-kits are quite expencive, but that's due to low-volume really ;) there is alos a nice USB Audio kit! plus there is alittle board that is cheap and has two RJ45's on it already :) I'm myself studying the XC book at the moment. And geting familiar with the tool set :)~~ looks very exciting, cause these are the invovative chips! ok, may be an FPU is really missing on XCore, but how many DSPs have it anyway? well quite a few, but there was no FPU on dsps for ages! :)) also XC or C/C++ are so much more obvious then the bloody "menthal american military engeneers non-sense" called HDL-whatever! Cheers Everyone, Hope you will appreciate my excitment :)~ (l0l) -- ilya .d

13 years, 10 months

Musescore "music trainer"?

by Camilo Polymeris

Hello all, I was a Smartmusic (http://www.smartmusic.com) user until that program stopped working with wine. For those of you who don't know it, it is a program that basically downloads finale files (score + accompaniment) from a centralized server for musical instrument practice. When you play along it uses either MIDI input or a microphone to rate your perfomance (which notes you played in tune, and so on). As far as I know, there is no native Linux or open source alternative. My questions are: Do you think it would be hard to code a plugin for musescore (http://www.musescore.org) to do the same pitch detection and comparison with the score? Or maybe would it be better to fork the code and make a stand-alone app, keeping it as compatible as posible? Any experience with pitch to midi? aubio (http://www.aubio.org) could be an option, but I haven't tried it. I think the music repository part could be addressed later... I don't have much time right now, but I'd like to ponder the posibility of working on it in the future. Maybe start experimenting in the meanwhile. Just an idea, Greetigs, Camilo

13 years, 10 months

Re: [LAD] panning thoughts

by Martin Leese

Eric Kampman <erickampman(a)me.com> wrote: > Hello, > > I'm writing a synth module on top of jack and I'm starting to contemplate > stereo. > > I looked up "pan law" and ... This reference: M.A. Gerzon, "Panpot Laws for Multispeaker Stereo", Preprint 3309 of the 92nd Audio Engineering Society Convention, Vienna (March 1992) looks at panning laws and psychoacoustics. The paper is concerned mostly with 3- and 4-speaker frontal stage stereo, but 2-speaker stereo is analysed as an introduction. Regards, Martin -- Martin J Leese E-mail: martin.leese stanfordalumni.org Web: http://members.tripod.com/martin_leese/

13 years, 10 months

Re: [LAD] What do you do for a living?

by Ralf Mardorf

-------- Forwarded Message -------- From: Ralf Mardorf To: Kris Calabio Subject: Re: [LAD] What do you do for a living? Date: Thu, 11 Nov 2010 16:23:46 +0100 On Wed, 2010-11-10 at 15:06 -0800, Kris Calabio wrote: > Hmm, lot's of anti Google sentiment here? I'm afraid that I was sort > of in the afterglow of positive testimonials when I wrote that > original email. What exactly does Google do that is unethical? Sure, > they're a huge corporation (bureucracy blah blah), but they are > companies that are a lot worse. > > It's great (and refreshing) to hear that a lot of us do what we do in > spite of money. community > capitalism > > Yeah, I'd like to > > work for Google, but who doesn't right? :) > > Not me... > > Gordon MM0YEQ > > > > > They cooperated with China, than there are trackers such as Google Analytics and read Fon's first reply. Off cause there are also some good sides of Google. - Ralf

13 years, 10 months

Re: [LAD] What do you do for a living?

by Kris Calabio

They're a corporation. Of course they're meant to make money. I know that already. Be more polite, please. ;) I'm afraid you're drew the wrong implication about myself from that statement, but perhaps I should have been more clear. I meant that Google likes to see open source in a resume. If they see that you developed for open source projects and talk about it in an interview (if you get one), they will be more likely to hire you. The Google representativs at the panel emphasized this point many times. I hope you understand where I was coming from now. Best, Kris --- On Wed, 10/11/10, fons(a)kokkinizita.net <fons(a)kokkinizita.net> wrote: From: fons(a)kokkinizita.net <fons(a)kokkinizita.net> Subject: Re: [LAD] What do you do for a living? To: "Kris C" <cpczk(a)yahoo.com> Cc: "Linux Audio Developers Mailing List" <linux-audio-dev(a)lists.linuxaudio.org> Date: Wednesday, 10 November, 2010, 2:44 PM On Tue, Nov 09, 2010 at 07:17:24PM -0800, Kris C wrote: > Google just loooooves open source and those involved. Quite naive. Google doesn't want to share its profits with Microsoft, that's all. For the the rest, it's and advertising machine meant to make money. The rest is just an means to this end. Wake up to reality, please. Ciao, -- FA There are three of them, and Alleline.

13 years, 10 months

Pet-Project announce: AutoMate alpha1

by Harry Van Haaren

Hey guys, I've recently been working on a small MIDI automation line editor, and I've managed to get it into a working condition. Its a C++ & GTK jobbie, see this blog post for more info: http://harryhaaren.blogspot.com/2010/10/automate-another-stage-along-way.ht… I've not announced this as usable yet, as I am aware that there are some serious enough errors in it: 1. Drawing the GUI is not optimized and hogs resources. It always redraws the whole graph, and also redraws when its not necessary. 2. I'm not at all experience with threaded programming, and hence am pretty sure there's some threading possibilities to be explored. I've worked on this project on my own so far, and while it has taught me a lot, I think now I need to ask for some assistance with regards getting it polished for "everyday-use".. :-) If anybody has interest and want's to pull the repo to find out if it works for you, please provide feedback! (I'm 50% sure the waf script will need some tweaking, and maybe some other things too...) Cheers for reading, -Harry

13 years, 10 months

Faster context switch

by Michael Ost

Hi list, I am seeing what appears to be a 4 - 7 usec context switch time on a 3 GHz Core 2 Duo machine with the 2.6 kernel, and 10 - 15 usecs on a 1.66 GHz Atom. Is that reasonable? Does anyone have any tips on how to speed that up, if possible? The background is that I have two apps --- one a straight Linux app and the other a Wine one. The Linux app is doing the mixing and the Wine app is hosting Windows VSTs. During audio processing I use a sem_t to signal from the mixer app to the vst app. Once the vst app is done processing, it signals back to the mixer app over another sem_t. I believe this is roughly the approach taken by other linux audio apps to host Wine vsts. And is also something like how Jack does IPC. But it takes about 4-7 usecs on the faster machine to signal another app and have it wake up again. I assume this is the time needed for a context switch. Since this has to happen twice per buffer, at a 32 sample buffer size and with 10 VSTs, overhead accounts for about 14% of the CPU. On the slower Atom machine, it would account for 33% of the CPU. Any hints on how to reduce that time, or an alternate IPC design to look in to? Thanks for any help, Michael Ost Muse Research, Inc.

13 years, 10 months

Fwd: YTD-Meego on Googlecode - Planning Youttube direct uploading app

by Niels Mayer

Seeking Qt4.7 (esp. QtQuick/QML) and Linux multimedia experts to join a new project -- http://ytd-meego.googlecode.com -- to contribute code/planning/ideas for a port of http://ytd-android.googlecode.com/ to Meego running on http://en.wikipedia.org/wiki/Nokia_N900 and equivalent mobile computing platforms. FYI, the youtube direct application allows integrated capture/cataloging/uploading of video (or audio) to youtube captured directly from the handheld. See the following articles to understand how it is being used: http://gigaom.com/video/youtube-direct-abc7/ http://www.digitaltrends.com/computing/youtube-direct-is-helping-media-find… ---------- Forwarded message ---------- From: Niels Mayer <nielsmayer(a)gmail.com> Date: Sun, Nov 7, 2010 at 9:02 PM Subject: YTD-Meego on Googlecode - Planning Youttube direct uploading app To: qt-qml(a)trolltech.com I've created http://code.google.com/p/ytd-meego/ for the port of ytd-android to Meego using QtQuick/QML. YTD-Meego is to be a feature-equivalent port of the Youtube-direct application for Android ( http://ytd-android.googlecode.com/ ). Initially, the purpose of the googlecode project will be for issue-tracking and planning features and their implementation in QtQuick. The subversion repository will eventually contain working snippets of QtQuick test code that will evolve into an application with the help of the community. Please send mail if you want to be added as a project contributor/committer for contributing ideas, code snippets and helping developing this application openly. -- Niels http://nielsmayer.com

13 years, 11 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Linux-audio-dev