mccDec 14, 2022
TIL: There is a cursed color in the Kodak ProPhoto RGB color space which, when converted to sRGB using pre-August-2020-Security-Update Android's image conversion routines, causes an integer overflow and a crash due to a rounding error. Some dude accidentally created an image (https://www.flickr.com/photos/gaurav_agrawal/48746079687/) which contains the cursed color on a single pixel. In 2020 if you set this image as your desktop on a Google or Samsung device, the device would brick & lose all onboard data https://www.youtube.com/watch?v=iXKvwPjCGnY
Prolific sunset at St Mary Lake, Glacier National Park

Flickr
Show threadmccDec 14, 2022
There was an actual IRL SCP / machine basilisk in the world and it remained effective for almost a year
Show threadmccDec 14, 2022
The most amazing part of the video is where the author is trying to figure out if the file was maliciously crafted so he recreates the image from scratch and accidentally kills his phone
Show threadmccDec 14, 2022
This is making me think about making an "irl-basilisks" Github repo containing the Excessively Loud Sunset, Janet Jackson's "Rhythm Nation" and a copy of the EICAR test file. Probably a bad idea because sometime in 2026 I'd wind up including "entirely innocuous image that incorrectly trips neural network CSAM scanners" and then I'd get banned from Github https://mastodon.social/@miah@hachyderm.io/109513848856267780
Show threadarborelia

@mcc I love this idea and I submit the string "+d,+6t,+vu8-", an erroneous UTF-7 string that Python used to happily convert to erroneous Unicode and even erroneous UTF-8.

Python 2 gist from 2014: https://gist.github.com/rspeer/7559750

deadbeef_character.py

GitHub Gist: instantly share code, notes, and snippets.

Gist
Dec 14, 2022 at 9:01pmWeb
Show threadMegDec 14, 2022
@arborelia @mcc why on earth does python even have a utf7 decoder? May as well have utf-1 while it's at it. (Please tell me it doesn't have a utf1 decoder too)
Show threadarboreliaDec 14, 2022

@megmac @mcc thankfully no.

Though it does support ISO 2022, and as I understand it, the unsuccessful pitch for UTF-1 was "at least it's not ISO 2022"

Show threadAndreas KDec 15, 2022
@megmac @arborelia @mcc who knows if the line we are working with is 8-bit clean?
Show threadtaylor Dec 15, 2022

@arborelia @mcc reminds me of a bug in old windows notepad where certain combinations of letters & spaces would load as the wrong charset

https://en.wikipedia.org/wiki/Bush_hid_the_facts

Bush hid the facts - Wikipedia