tag:blogger.com,1999:blog-591179528445148028.post185949052969915001..comments2012-07-19T18:16:11.736+02:00Comments on ppenz: Don't Crash When Reading MetadataAnonymoushttp://www.blogger.com/profile/10339806249189186547noreply@blogger.comBlogger15125tag:blogger.com,1999:blog-591179528445148028.post-28067968070666195772011-10-08T15:48:54.054+02:002011-10-08T15:48:54.054+02:00Running Kubuntu 11.04 with KDE 4.6.something, bump...Running Kubuntu 11.04 with KDE 4.6.something, bumped into this, installed dbg packages, the bug reporting tool suggested me some similar bugreps, I found out that it's already fixed -> upgrading to KDE 4.7.x -> FIXED. Gotta love Open Source :) Thank you for your work!!!!!Risto H. Kurppahttp://risto.kurppa.fi/blognoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-5381879068532190172011-05-27T21:36:56.815+02:002011-05-27T21:36:56.815+02:00Peter, I just noticed that Dolphin could crash whe...Peter, I just noticed that Dolphin could crash when showing the metadata of some .zip files. Should I file a bug about this specific indexer ?<br /><br />(using Archlinux)<br /><br />Cheers ; thanks again for your amazing work !<br /><br />PS : sorry for being annoying, but I think this is a problem if people who use a distro based on KDE 4.6.x always get this issue. This is pretty serious (filemanager crash !). What do you think ? I kind of tend to think stability is the most important feature :-)<br /><br />PPS : would love to support you financially (like what is possible with Aurélien Gâteau or Raphaël Hertzog for instance)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-41210867272047580882011-03-07T11:26:14.318+01:002011-03-07T11:26:14.318+01:00Nice :)
While you're at it, as anonymous said...Nice :)<br /><br />While you're at it, as anonymous said, it would be great if the analyzer was sandboxed so that we're less vulnerable to the filepreview exploits that are currently fashionable.<br /><br />I wouldn't go with apparmor or selinux though, since they're less widely available than seccomp. Seccomp is ideal for this job : just open a pipe between dolphin and the analyzer before you fork()&&seccomp(), and then you can feed files to the anlyzer in a crash- and exploit-safe way.moltonelnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-43880791961743500952011-03-06T09:43:34.340+01:002011-03-06T09:43:34.340+01:00@jospoortvliet: Good to know, will take care to us...@jospoortvliet: Good to know, will take care to use the terms correctly in future :-)<br /><br />@Carsten Pfeiffer:<br />> AFAIR, KFileMetaInfo and its<br />> plugins weren't actually restricted<br />> to read "the first 64K".<br /><br />Thanks for clarification, this is quite interesting. Too bad that this approach does not seem to be respected by most of the Strigi analyzers...Anonymoushttps://www.blogger.com/profile/10339806249189186547noreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-546465688914517212011-03-06T00:50:56.654+01:002011-03-06T00:50:56.654+01:00Cool feature.
Also sounds like a perfect app to p...Cool feature.<br /><br />Also sounds like a perfect app to protect with AppArmor & Co. to prevent things like this: http://www.thesecuritysamurai.com/2011/03/02/usb-as-a-vector-of-network-attack-by-diego-ramirez-soc-analyst/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-81442247006723187512011-03-05T22:30:23.033+01:002011-03-05T22:30:23.033+01:00This comment has been removed by a blog administrator.Carsten Pfeiffernoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-70050563896188554092011-03-05T22:29:57.471+01:002011-03-05T22:29:57.471+01:00Thanks for caring about this, Peter
AFAIR, KFileM...Thanks for caring about this, Peter<br /><br />AFAIR, KFileMetaInfo and its plugins weren't actually restricted to read "the first 64K". It was rather a hint to the analyzers that they shall provide only that information that can be calculated cheaply. <br /><br />Depending on the file format, that information may be stored in the beginning or even somewhere at the end.<br /><br />Cheers,<br />CarstenCarsten Pfeiffernoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-17970992794420193412011-03-05T22:22:40.924+01:002011-03-05T22:22:40.924+01:00Maybe it would be good to at least ensure the proc...Maybe it would be good to at least ensure the process will stay around and gets re-used (if you don't do that already)...<br /><br />About the KDE SC etc story:<br /><br />We don't change the name of older releases. Dolphin once ran on KDE 3, keep that name. From KDE SC 4.0 onwards we say SC if we mean both workspaces, apps & platform. Most of the time you don't need to say SC. Dolphin ships as part of Plasma Workspace 4.6 and runs on KDE Platform 4.6. So in Plasma 4.7 Dolphin is fixed. Or Dolphin on Platform 4.7 will be fixed, both fine.Jos Poortvliethttps://www.blogger.com/profile/05243886270488333877noreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-43546485249750995512011-03-05T20:14:01.879+01:002011-03-05T20:14:01.879+01:00Creating a process is relatively cheap on Linux, I...Creating a process is relatively cheap on Linux, IIRC somewhere around 1-10 million CPU cycles. KIO regularly creates many processes, it usually doesn't hurt performance and if it does it's mostly due to further setup work after process creation. We can do something about that.<br />I am convinced that a process to generate previews is a good idea.Andreasnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-68371834792672448962011-03-05T19:22:43.997+01:002011-03-05T19:22:43.997+01:00@uetsah:
> Is it official terminology to
> r...@uetsah:<br />> Is it official terminology to<br />> retrospectively add "SC" to the<br />> names of old KDE releases which<br />> were released when the software<br />> compilation was actually still<br />> called "KDE" or "K Desktop<br />> Environment", and not yet "KDE SC"?<br /><br />I don't know... It seems that "SC" is not used at all anymore during the latest releases and I agree it looks somehow strange. I'll probably just write "KDE 4.x" in future.<br /><br />@maninalift:<br />> Presumably this is not an issue<br />> if the files have already been<br />> indexed. Right?<br /><br />Right :-)<br /><br />@mwiesweg:<br />> As much as I appreciate pragmatic<br />> solutions: It is possible to fix <br />> crashes in code, as long as the <br />> code is maintained (maintainer + <br />> sample file + reproducible crash<br />> = fix). Crashing, unmaintained <br />> code should be removed from KDE <br />> SC (at least blacklisted), better <br />> not having PPT files indexed than<br />> a crashing dolphin?<br /><br />I generally agree that the analyzers should be fixed in the first place, but not all analyzers are part of the KDE SC. Any kind of application may install a custom analyzer (e.g. like done by Amarok). Also blacklisting analyzers means having no metadata for specific filetypes at all, but some analyzers works well but crash only on some rare cases like corrupt files (e.g. the ppt-analyzer works and only fails "sometimes").Anonymoushttps://www.blogger.com/profile/10339806249189186547noreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-33630897810983408002011-03-05T19:12:02.471+01:002011-03-05T19:12:02.471+01:00As much as I appreciate pragmatic solutions: It is...As much as I appreciate pragmatic solutions: It is possible to fix crashes in code, as long as the code is maintained (maintainer + sample file + reproducible crash = fix). Crashing, unmaintained code should be removed from KDE SC (at least blacklisted), better not having PPT files indexed than a crashing dolphin?mwieswegnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-72642721658731350502011-03-05T19:10:58.651+01:002011-03-05T19:10:58.651+01:00Presumably this is not an issue if the files have ...Presumably this is not an issue if the files have already been indexed. Right?maninalifthttps://www.blogger.com/profile/08040522135159233946noreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-20617704450285040402011-03-05T18:44:24.427+01:002011-03-05T18:44:24.427+01:00Thank you for this! Much appreciated.Thank you for this! Much appreciated.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-346204043361100002011-03-05T17:53:43.883+01:002011-03-05T17:53:43.883+01:00> KDE SC 3
Is it official terminology to retro...> KDE SC 3<br /><br />Is it official terminology to retrospectively add "SC" to the names of old KDE releases which were released when the software compilation was actually still called "KDE" or "K Desktop Environment", and not yet "KDE SC"?<br /><br />It looks a little weird.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-591179528445148028.post-21374565439714182292011-03-05T17:06:55.126+01:002011-03-05T17:06:55.126+01:00Thanks a lot for this.
The bug is _really_ annoy...Thanks a lot for this. <br /><br />The bug is _really_ annoying, I suffered from it a lot and already submitted it via dr konqi on bugs.kde.org. I am happy to see that this finally gets solved. Pity though that I'll either have to wait until summer or use git/svn versions. <br /><br />Keep up the good work and thanks for dolphin.Anonymousnoreply@blogger.com