HPR4406: SVG Files: Cyber Threat Hidden in Images

This show has been flagged as Explicit by the host. New hosts There were no new hosts this month. Last Month's Shows Id Day Date Title Host 4391 Mon 2025-06-02 HPR Community News for May 2025 HPR Volunteers 4392 Tue 2025-06-03 The Water is Wide, and the sheet music should be too Jezra 4393 Wed 2025-06-04 Journal like you mean it. Some Guy On The Internet 4394 Thu 2025-06-05 Digital Steganography Intro mightbemike 4395 Fri 2025-06-06 Second Life Lee 4396 Mon 2025-06-09 AI and Sangria operat0r 4397 Tue 2025-06-10 Transfer files from desktop to phone with qrcp Klaatu 4398 Wed 2025-06-11 Command line fun: downloading a podcast Kevie 4399 Thu 2025-06-12 gpg-gen-key oxo 4400 Fri 2025-06-13 Isaac Asimov: Other Asimov Novels of Interest Ahuka 4401 Mon 2025-06-16 hajime oxo 4402 Tue 2025-06-17 pinetab2 Brian in Ohio 4403 Wed 2025-06-18 How to get your very own copy of the HPR database norrist 4404 Thu 2025-06-19 Kevie nerd snipes Ken by grepping xml Ken Fallon 4405 Fri 2025-06-20 What did I do at work today? Lee 4406 Mon 2025-06-23 SVG Files: Cyber Threat Hidden in Images ko3moc 4407 Tue 2025-06-24 A 're-response' Bash script Dave Morriss 4408 Wed 2025-06-25 Lynx - Old School Browsing Kevie 4409 Thu 2025-06-26 H D R Ridiculous Monitor operat0r 4410 Fri 2025-06-27 Civilization V Ahuka 4411 Mon 2025-06-30 The Pachli project thelovebug Comments this month These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 29 comments in total. Past shows There are 4 comments on 3 previous shows: hpr4375 (2025-05-09) "Long Chain Carbons,Eggs and Dorodango?" by operat0r. Comment 4: Torin Doyle on 2025-06-06: "Reply to @Bob" hpr4378 (2025-05-14) "SQL to get the next_free_slot" by norrist. Comment 1: Torin Doyle on 2025-06-12: "Cheers for this." hpr4388 (2025-05-28) "BSD Overview" by norrist. Comment 4: Henrik Hemrin on 2025-06-02: "Learned more about BSD." Comment 5: norrist on 2025-06-02: "Additional info for OpenBSD Router" This month's shows There are 25 comments on 10 of this month's shows: hpr4391 (2025-06-02) "HPR Community News for May 2025" by HPR Volunteers. Comment 1: Torin Doyle on 2025-06-06: "Very disappointed."Comment 2: Ken Fallon on 2025-06-06: "Thanks for your feedback."Comment 3: Torin Doyle on 2025-06-09: "Reply to Ken [Comment 2]"Comment 4: norrist on 2025-06-09: "Watch the Queue for a show about how to find all the comments"Comment 5: Torin Doyle on 2025-06-10: "Comment #3 typo."Comment 6: Torin Doyle on 2025-06-11: "Reply to Comment #4 by norrist"Comment 7: Torin Doyle on 2025-06-11: "Got the link." hpr4394 (2025-06-05) "Digital Steganography Intro" by mightbemike. Comment 1: Henrik Hemrin on 2025-06-05: "Fascinating topic"Comment 2: oxo on 2025-06-05: "Good show! " hpr4395 (2025-06-06) "Second Life" by Lee. Comment 1: Antoine on 2025-06-08: "Brings philosophical thoughts" hpr4397 (2025-06-10) "Transfer files from desktop to phone with qrcp" by Klaatu. Comment 1: Laindir on 2025-06-18: "The perfect kind of recommendation" hpr4398 (2025-06-11) "Command line fun: downloading a podcast" by Kevie. Comment 1: Henrik Hemrin on 2025-06-11: "Tempted to have fun"Comment 2: Ken Fallon on 2025-06-22: "Personal message to redhat (nprfan)" hpr4403 (2025-06-18) "How to get your very own copy of the HPR database" by norrist. Comment 1: Torin Doyle on 2025-06-18: "Appreciated!"Comment 2: Torin Doyle on 2025-06-18: "Database size."Comment 3: norrist on 2025-06-18: "Also an SQLite version"Comment 4: Torin Doyle on 2025-06-25: "Not able to use database to find my comments." hpr4404 (2025-06-19) "Kevie nerd snipes Ken by grepping xml" by Ken Fallon. Comment 1: Henrik Hemrin on 2025-06-22: "More to digest"Comment 2: Alec Bickerton on 2025-06-29: "Shorter version"Comment 3: Alec Bickerton on 2025-06-29: "Shorter version"Comment 4: Alec Bickerton on 2025-06-29: "XML parsing without xmlstarlet" hpr4405 (2025-06-20) "What did I do at work today?" by Lee. Comment 1: Dave Morriss on 2025-06-25: "Thanks for bringing us along..." hpr4406 (2025-06-23) "SVG Files: Cyber Threat Hidden in Images" by ko3moc. Comment 1: oxo on 2025-06-23: "Interesting! "Comment 2: ko3moc on 2025-06-24: "response " hpr4408 (2025-06-25) "Lynx - Old School Browsing" by Kevie. Comment 1: Henrik Hemrin on 2025-06-29: "Review ALT texts" Mailing List discussions Policy decisions surrounding HPR are taken by the community as a whole. This discussion takes place on the Mailing List which is open to all HPR listeners and contributors. The discussions are open and available on the HPR server under Mailman. The threaded discussions this month can be found here: https://lists.hackerpublicradio.com/pipermail/hpr/2025-June/thread.html Events Calendar With the kind permission of LWN.net we are linking to The LWN.net Community Calendar. Quoting the site: This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page. Provide feedback on this episode.

This show has been flagged as Clean by the host. After updating the firmware on my Sony Noise Cancelling Headset, and upgrading to Fedora 40 , my A2DP ) profiles stopped working. I did a quick search and found someone with the same issue and it would be fixed in a Kernel upgrade. Common enough on a bleeding edge that is Fedora, however as the months moved on and the kernel upgraded, the problem remained. I tried to implement workarounds several times but eventually came across this passage from hank aka hankuoffroad on the Fedora Forums This is a known behavior when using Bluetooth audio on Linux on hands-free mode: you cannot use A2DP for high-quality audio output while simultaneously using the Bluetooth microphone via HSP/HFP, due to profile limitations in the Bluetooth specification and current Linux audio stack. I knew this of course, but my Sony WH-CH700N Wireless Noise Cancelling Headphones don't have a microphone. ... Hold on how does Noise Cancelling work exactly again ? Active noise control (ANC), also known as noise cancellation (NC), or active noise reduction (ANR), is a method for reducing unwanted sound by the addition of a second sound specifically designed to cancel the first Wikipedia If the first is the background noise, it needs a microphone to capture it so it can be inverted. Ah ha...I had recently also disabled my Zoom H2v2 as it was now sometimes acting as a speaker. So presumably pipewire tries to find any microphone on the system, when it cant find the best one it will resort to the one used for noise canceling in the headset. Once the headset is been used for audio in as well, then there isn't enough bandwidth to do high definition audio, so you end up with the low quality two way profiles. Would the solution be as easy as enabling a proper microphone . . . . Provide feedback on this episode.

This show has been flagged as Clean by the host. Having purchased a new cable bag from Bellroy at the start of the year, Kevie shares his thoughts on the Bellroy Travel Kit . Provide feedback on this episode.

This show has been flagged as Clean by the host. If you go to the system settings in the main menu for KDE and scroll down, you can get to shortcuts and under shortcuts, there is a thing called custom shortcuts, and you can do anything you want in here. Provide feedback on this episode.

This show has been flagged as Explicit by the host. The program starts with a brief trailer, presenting the story, before starting the full audiodrama... I hope you have a good show, thanks in advance for listening. References (some): LIANG, Jiashuo. A History of Japan’s Unit 731 and Implications for Modern Biological Warfare. Advances in Social Science, Education and Humanities Research, v. 673. Atlantis Press, 2022. PBS. The Living Weapon: Shiro Ishii. Link: https://www.pbs.org/wgbh/americanexperience/features/weapon-biography-shiro-ishii. Accessed: January 2025. RIDER, Dwight R. Japan’s Biological and Chemical Weapons Programs; War Crimes and Atrocities – Who’s Who, What’s What, Where’s Where. 1928 – 1945. 3rd ed., 2018 [“In Process” version]. Credits of audio used — in order of appearance (or “listenance”): Kulakovka / Pixabay – Lost in Dreams (abstract chill downtempo cinematic future beats). BBC Sound Effects – Aircraft: Beaufighters - Take off. (Bristol Beaufighter, World War II); Army: Parade Ground Manoeuvres - Platoon strolls single-file on parade ground; Weather: Snow - Blizzard - heard inside house, with banging shutters; Footsteps In Snow - Footsteps in snow, 3 men departing; Water - Filling metal bucket from pond and pouring water on to concrete. florianreichelt / Freesound ¬– quick woosh. Thalamus_Lab / Freesound – Vertical Noise_Chinese Folk Duo Decay. neolein / Freesound – Mystic chinese guzheng. BBC Sound Effects again – World War 2 - Enemy artillery (World War II actuality) - 1975 (500S); Aircraft: Beaufighters - Exterior, steep climb. (Bristol Beaufighter, World War II). JamesFarrell_97 / Freesound – Game Theme. Luke100000 / Freesound – turning old pages. BBC Sound Effects – Sirens & Gunfire - World War II Air Raid Siren, German, all clear sounded. Gvidon / Pixabay – Spinning Head. * If you'd like the script to read (along with a few other things, like the Audacity project), you can obtain the text at the production's page on Archive.org: https://archive.org/details/the-prisioner-of-unit-731-audiodrama-final * As a post-show extra: you can listen to the producer's motivation for producing this story on ep. 4313. hpr4313 :: Why I made a 1-episode podcast about a war story: https://hackerpublicradio.org/eps/hpr4313/index.html Provide feedback on this episode.

This show has been flagged as Clean by the host. In this episode Dave and Kevie chat with Nik from the Pachli project.   Pachli is a free/open-source Mastodon/Fediverse client for Android. We talk in depth about Nik's background, Pachli's name and origin, and the motivation for creating another client for the Fediverse. Also discussed is Pachli's association with the Nivenly Foundation , and how users and developers can contribute to the project as a whole. With thanks to Nik for his time and candor. Fediverse: @[email protected] Fediverse: @[email protected] Email: [email protected] Website: pachli.app GitHub: pachli-android Provide feedback on this episode.

This show has been flagged as Clean by the host. Civilization V, released in 2010, was a further evolution of the franchise that added interesting new features. We introduce it in this episode. Links: https://en.wikipedia.org/wiki/Jon_Shafer https://civilization.fandom.com/wiki/Production_(Civ5) https://civilization.fandom.com/wiki/Happiness_(Civ5) https://www.youtube.com/watch?v=xgRIdcWq_fs https://www.youtube.com/watch?v=rh6hXzW_GyA https://www.youtube.com/watch?v=DbK82-u08dw https://www.youtube.com/watch?v=Hyv3qJpMNIs https://www.youtube.com/watch?v=Qgc8ZaShkR4 https://www.youtube.com/watch?v=Wy6AoOQ136Y https://www.youtube.com/watch?v=q7VW-rGvfrs https://www.youtube.com/watch?v=xypYpI4UiEc https://www.youtube.com/watch?v=I__9ZlOUG4E https://www.youtube.com/watch?v=Z3x3P8gsCFA https://www.palain.com/gaming/civilization-v/ Provide feedback on this episode.

This show has been flagged as Clean by the host. Never fan of duel monitors Mother inlaw had a better monitor then me https://slickdeals.net 4:3, 16:9, 21:9 (Ratio calculator) Samsung 49" Class Odyssey G95C DQHD 240Hz Curved Gaming Monitor LS49CG95DENXZA US $646.49 posture / arms out / screen position / mouse shoulder For car sim and gaming not for DEV Virtual Monitor for Display Port connections https://github.com/roshkins/IddSampleDriver HDR profiles for windows HDR calibration https://github.com/dylanraga/win11hdr-srgb-to-gamma2.2-icm avsforum HDR10 test patterns set https://www.avsforum.com/threads/hdr10-test-patterns-set.2943380/ Set and Forget HDR on Win11. Works for Black Myth Wukong. Sdr Hdr Trick https://www.youtube.com/watch?v=EPUKW3xLTNM Talk about Gameplay / Lighting /HDR / Bright High contrast https://github.com/freeload101/SCRIPTS/blob/6059ce43696e3c8101926da7959bebafbd0ab3b6/AutoHotkey/C0ffee%20Anti%20Idle%20v2.ahk#L130 SUMMARY The presenter discusses configuring monitor settings for development, emphasizing HDR calibration and multi-monitor productivity. IDEAS Calibrating a monitor's HDR settings can significantly improve image quality by adjusting brightness and color. Using HDR (High Dynamic Range) enhances the visual experience by improving contrast and color accuracy. Adjusting black levels and brightness helps in achieving optimal visibility for both bright and dark scenes. The calibration of HDR settings involves fine-tuning various parameters like gamma, whites, and blacks. Multi-monitor setups can enhance productivity by allowing more efficient workspace organization. Curved monitors may benefit development tasks by providing a larger visual area without needing multiple displays. Managing dual monitors requires spatial awareness to efficiently switch focus between screens. Windows' snapping features help in organizing windows on multi-monitor setups, enhancing workflow efficiency. The presenter finds the transition from dual monitors to a single large curved monitor advantageous for productivity. A larger screen real estate reduces the need for physical separation of workspaces, easing multitasking. QUOTES "I will be looking at calibrating my monitor's HDR settings." "Let me know if you have any questions or suggestions in regards to these videos..." "HDR is an incredible technology that allows us to see better contrast and colors on our screens." "That way we can achieve a much more dynamic range of colors while playing games and watching media on our TVs, computer monitors, phones, etc." "It will be a bit different between calibrating a normal monitor with SDR to a HDR-enabled display." "So if the blacks are too bright then you won't really see the black levels as well." "The idea is that your brightest whites should be at 100% and your darkest blacks should be around 0%." "With this being said, I've never had a lot of luck with using my Windows HDR settings before." "A lot of people say don't buy a curved monitor for production stuff." "And now I have like basically three monitors." RECOMMENDATIONS Calibrate your monitor's HDR settings to enhance color and contrast. Adjust brightness, gamma, whites, and blacks for optimal visibility in various lighting conditions. Utilize Windows snapping features for efficient window management on multi-monitor setups. Consider transitioning to a single curved monitor for improved productivity and workspace real estate. Familiarize yourself with the tabbing system to ensure input is directed to the correct window. Experiment with panel sizes in your multi-monitor setup to find a configuration that suits your workflow. Ensure proper calibration of both SDR and HDR displays to achieve the best visual experience. Adjust black levels so they are not too bright, maintaining clear visibility of darker scenes. Set whites to 100% for better representation of bright areas in images and videos. Explore different monitor configurations to determine what enhances your productivity the most. ONE SENTENCE SUMMARY The presenter shares insights on optimizing HDR monitor settings and maximizing productivity with multi-monitor setups for development tasks.Provide feedback on this episode.

This show has been flagged as Clean by the host. Kevie , from the TuxJam podcast, takes a look at the Lynx command line browser and briefly discusses it's uses and if it still has a place in our modern times. Some Useful Hot-keys: g to go to a specific website m goes to your start page (Main screen is what Lynx calls it) o for options h for help p for print q to quit program / search for text on a page Navigation < previous page > forward page up and down move between links on the page. Down or left will also cancel a command if pressed accidentally. Pg Up and Pg Down scroll up or down a whole screen at a time. ctrl n (down or next) and ctrl p (up or previous) will move the page up and down a couple of lines a will add the current page to the bookmarks list v views the list of bookmarks , open the current page in another browser G displays the URL and allows editing ctrl L reloads the current page Some Basic Config Edits: Edit the file /etc/lynx/lynx.cfg (You will need to used sudo privileges to edit a system file) To change the starting page go to Line 111 and add STARTFILE:YOUR_CHOSEN_PAGE_URL I used https://duckduckgo.com/lite Don't forget to comment out the default one at line 105 To change the browser to open a link, go to Line 3141 and add EXTERNAL:http:BROSWER_LAUNCH_COMMAND %s:TRUE To use the default browser on modern Linux systems add xdg-open Provide feedback on this episode.

This show has been flagged as Explicit by the host. Introduction On 2025-06-19 Ken Fallon did a show, number 4404 , responding to Kevie's show 4398 , which came out on 2025-06-11. Kevie was using a Bash pipeline to find the latest episode in an RSS feed, and download it. He used grep to parse the XML of the feed. Ken's response was to suggest the use of xmlstarlet to parse the XML because such a complex structured format as XML cannot reliably be parsed without a program that "understands" the intricacies of the format's structure. The same applies to other complex formats such as HTML, YAML and JSON. In his show Ken presented a Bash script which dealt with this problem and that of the ordering of episodes in the feed. He asked how others would write such a script, and thus I was motivated to produce this response to his response! Alternative script My script is a remodelling of Ken's, not a completely different solution. It contains a few alternative ways of doing what Ken did, and a reordering of the parts of his original. We will examine the changes in this episode. Script #!/bin/bash # Original (c) CC-0 Ken Fallon 2025 # Modified by Dave Morriss, 2025-06-14 (c) CC-0 podcast="https://tuxjam.otherside.network/feed/podcast/" # [1] while read -r item do # [2] pubDate="${item%;*}" # [3] pubDate="$( \date --date="${pubDate}" --universal +%FT%T )" # [4] url="${item#*;}" # [5] echo "${pubDate};${url}" done < <(curl --silent "${podcast}" | \ xmlstarlet sel --text --template --match 'rss/channel/item' \ --value-of 'concat(pubDate, ";", enclosure/@url)' --nl - ) | \ sort --numeric-sort --reverse | \ head -1 | \ cut -f2 -d';' | wget --quiet --input-file=- # [6] I have placed some comments in the script in the form of '# [1]' and I'll refer to these as I describe the changes in the following numbered list. Note: I checked, and the script will run with the comments, though they are only there to make it easier to refer to things. The format of the pipeline is different. It starts by defining a while loop, but the data which the read command receives comes from a process substitution of the form '<(statements)' (see the process substitution section of "hpr2045 :: Some other Bash tips" ). I have arranged the pipeline in this way because it's bad practice to place a while in a pipeline, as discussed in the show: hpr3985 :: Bash snippet - be careful when feeding data to loops . (I added -r to the read because shellcheck , which I run in the vim editor, nagged me!) The lines coming from the process substitution are from running curl to collect the feed, then using xmlstarlet to pick out the pubDate field of the item, and the url attribute of the enclosure field returning them as two strings separated by a semicolon ( ';' ). This is from Ken's original code. Each line is read into the variable item , and the first element (before the semicolon) is extracted with the Bash expression "${item%;*}" . Parameter manipulation expressions were introduced in HPR show 1648 . See the full notes section Remove matching suffix pattern for this one. I modified Ken's date command to simplify the generation of the ISO8601 date and time by using the pattern +%FT%T . This just saves typing! The url value is extracted from the contents of item with the expression "${item#*;} . See the section of show 1648 entitled Remove matching prefix pattern for details. The echo which generates the list of podcast URLs prefixed with an ISO time stamp uses ';' as the delimiter where Ken used a tab character. I assume this was done for the benefit of either the following sort or the awk script. It's not needed for sort since it sorts the line as-is and doesn't use fields. My version doesn't use awk . Rather than using awk I use cut to remove the time stamp from the front of each line, returning the second field delimited by the semicolon. The result of this will be the URL for wget to download. In this case wget receives the URL on standard input ( STDIN ), and the --input-file=- option tells it to use that information for the download. Conclusion I'm not sure my solution is better in any significant way. I prefer to use Bash functionality to do things where calling awk or sed could be overkill, but that's just a personal preference. I might have replaced the head and cut with a sed expression, such as the following as the last line: sed -e '1{s/^.\+;//;q}' | wget --quiet --input-file=- Here, the sed expression operates on the first line from the sort , where it removes everything from the start of the line to the semicolon. The expression then causes sed to quit, so that only the edited first line is passed to wget . Links hpr1648 :: Bash parameter manipulation Section entitled Remove matching suffix pattern Section entitled Remove matching prefix pattern Diagram showing the Bash parameter manipulation methods hpr2045 :: Some other Bash tips Section on process substitution hpr3985 :: Bash snippet - be careful when feeding data to loops hpr4398 :: Command line fun: downloading a podcast by Kevie hpr4404 :: Kevie nerd snipes Ken by grepping xml by Ken Fallon Provide feedback on this episode.