How to overcome gzip/Mavericks incompatibility? [closed] - metadata

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
So I recently changed jobs and I brought a bunch of files with me off my OS X 10.7 system. I had way too many files than could fit on the external drive I had, so I had tried dragging select files onto the drive, which gave me eventual repeated errors, so instead I used:
tar -zcvf whatever.tar.gz my_files
and then dragged the gzipped tarball onto the drive and that worked just fine. Now however, on my new Mavericks 10.9 system, I just tried to open a rich text file (that I'd created in Text Edit on 10.7) and I get the error:
'The document "_lab_notebook_2.rtf" could not be opened.'
I called Apple about this and they claimed that gzip was adding "the command line" to the metadata of the file (I assume the rich text file - though I could be wrong) and that metadata chunk is incompatible with Text Edit in Mavericks. They said that they have a request in with the gzip developers to address this issue (by stripping out the added metadata at some point along the way). Eventually, they say once that is updated, it will be in a new system update.
In the meantime, I'm stuck with a file that Text Edit can't open. I can open the file in other text editors, but I really would rather use Apple's Text Edit, hence this post. I tried opening a copy of the file with Rezilla and I can see the metadata in coded form, but nothing's jumping out at me as the offending data. I even tried removing each resource 1 by 1 and trying to open the file after each removal, but it still would not open.
Does anyone have any hints as to how to strip out whatever it is that gzip added? Am I even working from the correct starting point? They said that the data was added during the zip-up of the file, and I no longer have access to the original. Should I be working with the .tar.gz file or the .rtf file that was contained there-in?
Thanks,
Rob

The file you are trying to open, _lab_notebook_2.rtf might not be the file. (Are you sure it doesn't have a dot before the underscore, i.e. ._lab_notebook_2.rtf?) It may be the resource fork of the actual file, where the actual file would be named lab_notebook_2.rtf.
I don't know who you talked to at Apple, but gzip doesn't add anything to anything. It is simply a lossless compression and decompression utility. They certainly haven't contacted me about it (I am one of the gzip developers). Please look up my contact information, e.g on zlib.net, and copy that email to me. Thanks.
tar on the other hand may not be preserving all of the information that was on the original file system, or storing resource forks as ._ files, depending on what you asked it to do. It would have been better if you had used the Finder File:Compress operation, which preserves all of that information. (Or on the command line, the ditto utility with the options noted in its man page to duplicate what Finder does.)

Related

Does the file name affect antivirus false positives [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I am appending my installer name with the version number, as in "progname_setup_1.1.5678.9101.exe". I like it because it makes it easy for me to track and for the user to identify it from prior downloads. This is an Inno Setup build of .net. And it is signed (if that matters).
That means the file name will change with each update. Will this practice increase the chances of false positive flags by antivirus software. If I kept the same file name (e.g., progname_setup.exe), perhaps the file would get a chance to build a reputation, even though version numbers would change inside. Or maybe antivirus doesn't work like that at all.
So, what is the best approach for file naming regarding antivirus: progname_setup_1.1.5678.9101.exe, progname_setup.exe, or it doesn't matter?
I really can't speak for "all" anti virus engines but the good ones really don't use the file name as an indicator of anything because it's just too unreliable. Think about it, if an AV definition file said, "FOO.EXE == Malicious Virus" all the malware writer would have to do is constantly change the file name.
AV engines, at least the good ones, work by looking for bit patterns inside the body of the file; usually specific bit patterns that can exist anywhere in the file. Now, you don't have to take my word for it, check out the CLAMAv signature database docs and you will see that "file name" or any other file metadata (like size, perms, etc) are not even something you can specify in a signature.
https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf
You can also run your samples via scanii's web scanning tool https://scanii.com/free-virus-scan/ if you would like to be certain that they should not trigger a false positive - disclaimer scanii is my pet project.

How to detect if a PNG was edited with PhotoShop? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I have a directory of screen shots of some software in PNG format. I found that one was edited in PhotoShop, or a similar tool. I would like to identify additional PNGs in the directory that were also edited. If the editor were careless, is there any batch tool that could be used to see if the files were opened and saved from PhotoShop, e.g. by looking at the metadata or other details?
A heuristic (purely empirical, this is not documented by Adobe, hence it can change from version to version) is to look for a iCCP chunk with the name 'Photoshop ICC profile'.
A quick and dirty oneliner (linux or mingw):
$ head -c 256 file.png | perl -e '$/=undef; print ((<> =~ /iCCPPhotoshop/)?
"photoshop" : "normal");'
Worked for me, but it's obviously not infalible. The head -c 256 takes into account that the chunk will be before the pixels data (and the palette if present), so as not to grep the entire image.
Bear also in mind that if the image was edited in Photoshop and afterwards edited by other editor or processor, the iCCP will probably not survive.
If you want to peek inside the PNG structure, there is this neat tool for Windows: http://entropymine.com/jason/tweakpng/
There is a website called image edited that is a quick and easy process.
totneschap stole my answer shakes fist
however I remember from my forensic days in uni, checking the metadata of the image is the best way, you can use the image edited website or you can use http://fotoforensics.com/,
we used to have a tool which would tell us edited version, dates of edit etc however I am struggling with the name of it, if I can remember I will edit the post, but the websites seem like the best answer.
Try FotoForensics. It will tell you if the image is edited or not.

Is there any online .plist editor? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 1 year ago.
Improve this question
I'm interested in an online application like the tool that comes with XCode, that shows the keys and values as rows, in an editable manner and handles xml plists (I don't care if it handles binary ones as well).
So, I was wondering the exact same thing, and when I saw this question and its answer, I said "Screw it, I'm making one!" And so I did. Two days later, here's my answer to you:
http://tustin2121.github.io/jsPlistor/
jsPListor (version 1 as of Aug 8th, 2013) will allow you to paste in the contents of an xml plist into it (via the Import button) and edit it with drag and drop and the like. When you're done, hit Export and it will package it all up into a valid plist for you to copy and paste back into the file.
There's still some bugs and glaring vacancies (like the Data Editing Dialog), but it functions. Future versions will attempt to allow saving via html5 download, and loading of files into data rows.
Feel free to examine, contribute, and submit bugs at the github repo: https://github.com/tustin2121/jsPlistor
I have resigned myself to the fact that there probably isn't one I will ever find. What I have found, however, is that JSON format and text PList format are very similar, and there are plenty of JSON editors available online and for windows and mac both. It may not be suitable for your needs, but it suited my needs just fine. By using nothing more than a couple of find & replaces in Notepad you can get 90% of the way to a plist file. The only big issue is semicolons vs. commas.
If you're working on a small enough file, that could be done manually. With larger files, a simple utility app to convert JSON to PList files would probably be pretty simple to whip up if you've got the urge.
Again, this all applies only to text formatted plist files. Most plist editors on mac at least can save a plist in text format.
There's Plistinator - its a native C++/Qt app for Mac, Windows and Linux desktop. So not an online tool, but it is at least portable and runs cross-platform (in case that is what the request for a web-based editor was about).
I'm not sure if the JS version handles binary files (Plistinator does). If you have a Mac you could edit them via the JS editor if you convert binary to XML via
plutil -convert xml myfile.plist
Note that will over-write myfile.plist with the XML version, which may not represent all the same information that the binary version can.
Full-disclosure: I am the author of Plistinator and the $12.99 goes to pay for my ramen & rent.
I don't think there are any plist editors online, at least not as functional as Plist Editor with Xcode.
You could use an online XML-editor, like Xmlia2.0, and code it yourself.
Why would you ever want an online tool for editing XML-files when you've got Plist Editor from xcode?
I wrote one once back in the day (for the old non-XML plist files). The structure is very regular, so it's not hard to create something that looks and acts more or less like the XCode plist editor.
I don't know off-hand of any online XML editors, but they must exist. Given a DTD-savvy XML editor, you ought to be able to edit plist files pretty easily.
Any web app that accepts .txt documents will edit plists just fine. Likewise for .xml

Help! Recover Eclipse file [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
I'm using eclipse, when i close eclipse, it ask me save a file, I press yes and eclipse shuts down. When I open my computer I see that the drive only has 3 bytes left, and I get a bad feeling. I go to my file and oh my god, it's totally blank, size is 0 byte! :(
I need that file back, can a free recovery program can work on this case?
Sometimes Eclipse keeps the changes it made to the files you edit. Does not always work but it's worth a try :
Find you file in your (package, project, navigator) explorer.
Right click on your file and look for the menus to compare... (I recommend Compare though in your case it will not matter since the file is now empty)
Choose Local History... from the sub menu
If you are lucky and had been using Eclipse to edit the file you should find a few entries there. Look them up, chances are you will find the content.
This has helped me countless times and saved my ass on many occasions. However, every times I resort to it I always feel like hitting my head with a baseball bat for not commiting changes to the source control system earlier.
good luck, if that does not work I fear the SO will not be of much help to you :-(
--- EDIT ---
Little something that can help make this trick a tad bit more useful.
you can change the amount of information Eclipse keeps in local history, go to your preferences and then general->Workspace->Local History (Indigo here, may be different on other versions). If you tend to be light headed or burn the midnight oil a bit too much this will help you repair the next day that bug fix you insisted on finishing before going to sleep.
If you know some phrase or uncommon word from your file, you can search the raw sectors of the hard drive for pieces of text. This will turn up the text anywhere it might have been written: as paged out virtual memory, as a stil-existant file (temp file or saved file), or as temporary or saved file that was deleted and the space has not yet been rewritten.
But it will be slow. And if the file was never written to disk, it will yield nothing. And what it yields may be fragmented or incomplete.
Boot a Knoppix CD and start grepping! Knoppix is a linux installation that runs from CD, without writing to your hard drive.
get knoppix: http://www.kernel.org/pub/dist/knoppix/KNOPPIX_V6.0.1CD-2009-02-08-EN.iso)
Boot it. Start a terminal. Search the hard drive:
$ sudo grep "Four score and seven years" /dev/hda
If it turns up anything, copy and paste to a text editor, and save to usb stick or send it to yourself via web-based email.
If you have SCSI or SATA disks, you need to use /dev/sda instead of /dev/hda
The other answer is correct, every moment that OS continues running decreases your recovery chances. pull the power and use another computer to prepare the knoppix CD.
First, turn off the computer. Every second that it is on and being used at this point reduces the chance you'll recover your file.

What are the most common virus file types currently circulating? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am working on a project that will involve file upload to a server. I am interested in understanding what kinds of files virus writers currently tend to target. I am aware of the following threads:
How would you programmatically test a file for viruses ?
ensuring uploaded files are safe
How can I determine a file’s true extension/type programatically?
Server side virus scanning
But am interested in general in finding out about common attack vectors.
All of them. There aren't any "safe" file types when a JPG image can infect you with a virus and you can even trick the browser to execute JavaScript in any file no matter its declared type.
But the biggest and most widespread danger doesn't even involve uploaded files - ANY text that is entered by users and displayed on your page is a potential vector of Cross-Site-Scripting attacks.
I ran an "upload file" form for a little while and a few things I found:
All sorts of PHP scripts (shells, redirects, various "owned by $LAMER", you name it)
I think I had a few browser exploits (.html, .jpgs)
A bunch of files with the wrong extensions (ie, PHP scripts with the extension .rar, hoping that the server's mime-type guesser did the wrong thing)
Zip files full of all of the above
Anyway, those are just a few things I found. Hope they are helpful.
.exe and .scr are most common filetypes. Also, there are "tricks" with double extensions like readme.txt.scr or readme.doc.exe
exe is probably the most common