[NTG-context] PDF viewer poll

Henning Hraban Ramm texml at fiee.net
Sat Oct 19 13:06:56 CEST 2019


> Am 2019-10-19 um 12:51 schrieb Hans Hagen <j.hagen at xs4all.nl>:
> 
> On 10/19/2019 12:21 PM, Henning Hraban Ramm wrote:
> 
>> When I read "Java runs on millions of devices" I don’t feel that’s good advertising, but it remembers me that each of those devices is at risk.
> 
> The java updates keept telling that it runs on 3 billion devices but that message doesn't change over years. I always wonder about numbers. One can find similar huge numbers for tex usage but what defines usage (forced? ontime? for fun? lifelong? advanced or like any word processor usage?).

Jep. And it doesn’t help if my washing machine runs Java if I can’t change the program. (Or play Tetris on it while waiting, or whatever.)

>> It would be very easy to spread malicious TeX code, since everyone uses CTAN (LaTeX) packages without checking them first.
>> But it wouldn’t come far, I guess, for it needs a while for a package to become known and in wide use, and that still means only in a subset of the (La)TeX community, where there are enough expert hackers who would find this malicious code.
>> And you can count the people on one hand who would be able to publish a malicious ConTeXt module… Malicious code snippets in our wiki or ML also wouldn’t come far.
> 
> Also, I tend to stay optimistic. If there were way more strict rules for software abuse (with hard penalties) it would be less of a problem, but for now we just have to trust. So, far we could trust texies.

Exactly. I guess it makes sense to be aware that there is a risk, but on the other hand the risk is quite neglectable, depending on your own programming skills… (I managed to mess up a git repository last week, trying to rename a file in all of the branches. Big pro of SCM repositories: you can restore them.)

>> There was PDF malware (using JS or media stuff). There also was PostScript malware in its time. The latter didn’t make a lot of sense, except it could destroy RIP hardware. The RIP technician at the newspaper where I worked told me stories, e.g. there was an evil EPS (some faulty customer logo, no deliberate malware) that caused the deletion of important parts of the RIP software. At my time there was a PS ghost: somehow a page got installed on one of the printers and got printed at odd times. Reboot didn’t help, we never found the cause.
> Writing could be restricted I guess, so wiping rip source is also bit of a bug in the rip i guess. Anyway, I do remember sending postscript to our printer just to find out that you ended up with an empty paperbin and a few lines per page with garbage ascii. In that respect pdf is a bit better: something or nothing gets printed.
> 
> This ghost: makes for nice debugging. Kind of a challenge.

We weren’t up to it, and it was just a minor annoyance. Maybe the problem was not really in the printer but in the print spooler of one workstation, so that the job was printed every time it was switched on or some user logged in.

> (btw, this makes for a nice topic next meeting: security and documents and such)

No, that’s boring ;)

Best, Hraban


More information about the ntg-context mailing list