CatSalad🐈🥗 (D.Burch) 

@catsalad@infosec.exchange
18.3K Followers
3.7K Following
32.5K Posts

Privacy advocate 〱 Malware analyst 〱 Cybersecurity
〰️ ⁠InfoSec 〰️ ⁠DFIR 〰️ ⁠CISSP 〰️ ⁠黑客 〰️ ⁠Katzenmädchen
 ⁽ʰᵒᵖᵉ ʸᵒᵘ ˡⁱᵏᵉ ᶜᵒʳⁿʸ ʲᵒᵏᵉˢ ᵃⁿᵈ ᶜᵃᵗˢ⁾

【 Professional Computer Booper 】
Even my brain has certs (asd,adhd,...)
Gender: a threat model  (they/them)

”Hän on vähän sellainen kusilonkki”

__😺😷🔛Ⓜ️🦠🏺🐈‍⬛🩷🩵🔬🧑🏻‍💻🛏️💤__
#Android #BLM #CatSalad #CyberSecurity #Developer #DFIR #Emojis #enby #fedi22 #Hacker #InfoSec #Malware #MasksWork #PenTest #Privacy #Puns #PurpleTeam #Security #tfr #Tor #TransRights #Unicode #Veilid #ಠ_ಠ #ʘ‿ʘ

Main² (HTown)🥗https://masto.hackers.town/@catsalad
Main³ (Floof)🌈https://lgbtqia.space/@catsalad
🔺🔻https://defcon.social/@catsalad
Githubhttps://github.com/devsalad
Keyoxidehttps://keyoxide.org/534C7832701F8A6612D289B1A2F5593628046A9E
Just CatSalad Tootshttps://justmytoots.com/@catsalad@infosec.exchange
Show threadCatSalad🐈🥗 (D.Burch) 4m ago
@stroz Wait, that means I've been destroying people's notification for the many, many times I have edited that post... (Whoops)
Show threadCatSalad🐈🥗 (D.Burch) 7m ago
@mttaggart  award
Show threadCatSalad🐈🥗 (D.Burch) 8m ago

@stroz It's almost at the 10k character cap!

I should really a newer one that is broken up by region. 😅

CatSalad🐈🥗 (D.Burch) 18m ago
daily emojiMay 6
🌸 + 🥴 =
CatSalad🐈🥗 (D.Burch) 21m ago
HTTP 1.1/418 Teapot27m ago
Oh, cisco. A pair of vulerabilities in #cisco #ISE (Identity Services Engine). wheeeeee!
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
Cisco Security Advisory: Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

Cisco
Show threadCatSalad🐈🥗 (D.Burch) 1h ago
@Natsura mrrrp! 
CatSalad🐈🥗 (D.Burch) 1h ago
Nora Reed1h ago
med check
Show threadCatSalad🐈🥗 (D.Burch) 1h ago
@nora Oh shoot! Thank you :3
Show threadCatSalad🐈🥗 (D.Burch) 1h ago
@puppygirlhornypost2 @ben @kitten (it really did... 😬)
Show threadCatSalad🐈🥗 (D.Burch) 1h ago
@ligniform It's a live action movie from the cards perspective. (Like Toy Story!)
×
Thorsten Leemhuis (acct. 2/4)1d ago

PNG is back!

https://www.programmax.net/articles/png-is-back/ (by Chris Blume)

A new PNG spec was just released! […]

[…] After 20 years of stagnation, PNG is back with renewed vigor!

What's new?

* Proper HDR support (future‐proof, too!)

* Finally recognizes APNGs (animations!)

* Officially supports Exif data

* General tidying up—fixing errata, clarifications, etc.

#png

Show threadTom1d ago
@knurd42 Animated PNG's must be HUGE.
Show threadThorsten Leemhuis (acct. 2/4)1d ago

@tripplehelix they certainly can be I'd assume, but I guess the real questions are:

is there a wide enough niche/area between animated gifs and video files where they might be really useful due to their quality vs size ratio?

Show threadTom1d ago

@knurd42

It's good to have more choice, but as you suggest, I don't see how they'd fit in. I guess they could be great for offline use, where size is not an issue.

Show threadC. Scott Ananian (he/him)1d ago
@tripplehelix @knurd42 reading between the lines, it seems like PNGs are an intermediate format for video tooling which wants a lossless format for (eg) animated chyron text or other on-screen graphics.
Show threadbluestarultor22h ago

@tripplehelix @knurd42 APNGs with transparency are actually smaller than equivalent WEBPs. APNG has all the same optimizations PNG does and is excellent for anything with large fields of color. Best of all, it's lightweight on the browser since it piggybacks standard PNG handling.

Like all formats, it's not the best for every job, but it's a solid option.

Show threadIvanDSM1d ago
@tripplehelix @knurd42 I think APNGs have interframe compression.
Show threadAnisse11h ago

@tripplehelix @knurd42 one would think so but… no, apng can be fairly competitive in size http://littlesvr.ca/apng/gif_apng_webp.html

Also it's the default(and only) format for Signal stickers.

GIF vs APNG vs WebP

Show threadsrslypascal9h ago

@tripplehelix @knurd42

The FLAC of GIFs

Show threadAlan Langford 🇨🇦🧤🧊摏1d ago
@knurd42 Great. Blinky PNGs, just what I always wanted.
Show threadPoppe 1d ago

@knurd42

>APNG support

I kinda thought we were over this considering animated WebPs and AVIF exist, was there really any interest in bringing back Animated PNGs?

Show threadnaught1011d ago
@knurd42 that's super cool.. When can we expect universal integration? Some time after the climate collapse?
Show threadMina22h ago

@naught101

Exactly my thought!

@knurd42

Show threadProgramMax19h ago

@mina @naught101 @knurd42

"Universal" is a big ask :)
But it is already live in Chrome, Safari, Firefox, iOS/macOS, Photoshop, ...
A bunch of software.

Also in broadcast. So overlays in sports, news, etc.

Show threadnytpu1d ago
@knurd42 Unfortunately literally everyone (including libpng) only implements a fraction of the original PNG spec, so I'm not really hopeful for any of these that weren't already de facto supported like Exif. I doubt extended color spaces would be supported very well in anything but pro photo software where it's already supported, for instance
Show threadProgramMax19h ago

@nytpu @knurd42

Some of it has already landed in libpng. Other parts are currently landing. :)

Show threadsodigay  forever17h ago
@nytpu @knurd42 Even if capabilities are not universally implemented, it's still valuable for the way they are implemented to be standardized and not rely on de facto hacks. I think this is very exciting indeed.
Show threadLuna D Dragon1d ago
@knurd42 WOWW this is cool as hell thanks for posting about it would have missed it other wise <3
Show threadAndy1d ago
@knurd42 I think we hugged the site to death :(
Show threadvandorb1223h ago
@knurd42 I thought all of these features and issue mitigations were addressed in the JPEGXL standard?
Show threadJuno Jove23h ago
@knurd42 finally HDR
Show threadPeter Fisher23h ago
@knurd42 will i have to buy an app from the windows store just to look at these images? (like heic).
Show threadJuno Jove23h ago

@knurd42 Skimmed over it, and while I am hyped, I think their HDR implementation is lacking especially for common applications such as video game assets.

4 bytes for 4 floats is a drastic reduction of color resolution, showing a short-sighted perception of images always being "photos", instead of, e.g., linear space color textures.

So yeah. I'm afraid PNG is back for everyone else but us game devs.

Show threadAras Pranckevičius22h ago
@jupiter @knurd42 to be fair at 16bit/channel PNGs you can have better precision, but yes, this is very much aimed at “HDR photos”, and not “arbitrary floats”
Show threadJuno Jove21h ago

@aras @knurd42 hence no transparency either.

16 bit per channel/half precision floats are a good start. Never seen them work well yet.

And that's my critique. It's almost exclusively for display, not image interchange.

Show threadProgramMax19h ago

@jupiter @aras @knurd42

I'm actually particularly interested in the game dev space. I've been pushing the group to allow us to store extra channels (so normals, bump maps, etc) in the same image.

I think there may be some confusion here, though. The 4 bytes are just to indicate the properties of the image's color space. The image data itself is still up to 16-bit (with transparency, too).

Show threadwrosecrans21h ago
@jupiter @knurd42 Maybe they just feel like EXR solves that problem well enough that adding it to PNG adds complexity to PNG implementations without really making anybody's life better.
Show threadJuno Jove20h ago

@wrosecrans @knurd42
EXR does key alpha now? (afaik it does premultiplied only, which is destructive and sucks)

All I want is a plain half or single precision float, 4 channel RGBA format with linear color and widespread support.

Show threadwrosecrans20h ago

@jupiter @knurd42 EXR always did Alpha. Alpha conventions are a bit different than PNG:

https://openexr.com/en/latest/TechnicalIntroduction.html#premultiplied-vs-un-premultiplied-color-channels

But yeah it's pretty much universal in film VFX tooling for textures, render passes, etc. 16b half, 32b float, bucket for as many channels of linear data as you want. Even has schema for specifying stuff like intended wrap mode if you are using it as a texture: https://openexr.com/en/latest/StandardAttributes.html#anticipated-use-in-pipeline

Technical Introduction to OpenEXR

Show threadJuno Jove18h ago

@wrosecrans @knurd42 pre multiplied needlessly destroys image information, I wonder why anyone would store their images with it. There isn't even a space advantage.

I read that article and just scratch my head.

Afaik premul alpha baked into image files is a remnant from fixed function pipelines. (the math involved is good and appropriate to use, but it should be done in the fragment shader, at runtime, because otherwise you can do exactly 1 type of alpha compositing, ever)

Show threadJuno Jove18h ago

@wrosecrans @knurd42 the amazing and mathematically lossy and incorrect HACK these hacks explain in that doc...

Guys, your color is GONE after premul with zero, you will never get it back.

Add a flag that tells us what format the channels are in, already... 🥲. I'm sick of losing color information and precision when stuff is transparent.

Additive and subtractive blending and destination alpha exists. Not everything is an overlay.

It would have cost them $0 to reserve that in the file header.

Show threadwrosecrans18h ago

@jupiter @knurd42 Heh, I am used to premult alpha, so it's the only thing that makes sense to me. You can certainly stick unassociated alpha in an EXR if you prefer that, it's just not the most common convention.

Typical use case is something like an object with a glow. Where you have rgb image > 0 but alpha=0, a standard over operation adds the glow to the bg. No good way to represent that with unassociated alpha, cuz the glow will get multiplied by 0 in the over operation.

Show threadJuno Jove9h ago
@wrosecrans @knurd42
🤔 You have a point. I was unable to explain this to artists so we always ended up with separate glow maps in separate layers.
I should take another shot at researching how to export from a graphics program like this.
Anything from Paint.NET to Photoshop seems to save 0 alpha with RGB also zero.
Show threadPekka Paalanen10h ago
@jupiter @knurd42 It invented quarter-float data type?
Show threadsylvie1h ago
@jupiter sorry but what do you need HDR for in a game? asking as a game dev, though not necessarily one concerned with pointlessly trying to use the new hot thing and bumping the minimum required specs
Show threadLumiWorx23h ago

@knurd42

For photographers, having to use JPG as the only output to retain embedded EXIF data was not the ideal. If this is to be the new default, the question is, how can older (outdated, defunct, dead, or abandoned) photo processing software make use of it.

Does this mean adding some other post-processing tool into workflows to implant the latest additions? I can't assume there's some magic 'injector' that will somehow push HDR or EXIF data into preexisting files without user intervention.

Show threadLunaphied23h ago
@knurd42 finallyyyyyy been waiting for an HDR spec for so long
Show threadJohn Ulrik23h ago
@knurd42 Can’t wait for 2045 when all tools will finally have implemented the new version! 🤗
Show threadAlbi   🇵🇱 22h ago
@knurd42 can we finally get proper arithmetic coding support?
I know it has been in the spec, but maybe this time.
Also 32 bit png anytime?
Show threadFish Id Wardrobe21h ago
@knurd42 wait, it didn't support EXIF before?
Show threadLumiWorx10h ago

@fishidwardrobe @knurd42

Only JPEG and TIFF support EXIF...

The 1st and 2nd Edition specs don't mention either EXIF or HDR being included or even planned. The old specs use the term "IHDR" and some may assume that's High Dynamic Range, but it actually describes the file's "Header' data, that holds dimmensions (height, width) for the transparent black rectangle as the bounding box of the entire image... (and now, animation stages).

https://www.w3.org/TR/2003/REC-PNG-20031110/

https://www.w3.org/TR/png-3/

Portable Network Graphics (PNG) Specification (Second Edition)

Show threadBasil18h ago
@knurd42 APNG is pronounced Jiff.
Show threadtxt.file10h ago
@knurd42 will it be as successful as YAML1.2?
Show threadRackuur 7h ago
@knurd42 oh no, they changed something. stop changing existing standards
Show threadCTHULHU KAWAII4h ago
@knurd42 Ok but APNG with sound when 🤡
Show threadKirinn B.4h ago

@knurd42 I'm very interested in seeing an upgraded #PNG format! Since the official PNG spec seemed stagnant, I was jotting down ideas on an upgraded PNG myself ( https://mooncore.eu/bunny/txt/pngx-eval.htm ), but I guess if the big guys like @ProgramMax are on it, I can wait and see what they come up with. :D

Although if they go with zstd for the new compression, I'll be sad.

Evaluation of PNGX ideas

Evaluation of easy improvements for the PNG image format

Show threadmillennial falcon3h ago
@knurd42 cant believe they improved upon perfection, awesome.
Show threadRichard W. Woodley ELBOWS UP 🇨🇦🌹🚴‍♂️📷 🗺️3h ago

@knurd42

I've been using png for a few years now to save photo edits losslessly for working on in different editing programs.