Re: Video editing in Linux?

From: SjT (NOT_at_yahoo.com)
Date: 11/03/04 

Date: Wed, 03 Nov 2004 11:27:22 GMT

Ian Molton <spyro@f2s.com> Kissed me, Licked me, then left me a note:

>Im going to try and consilidate some of your multi-thread replies here
>to save some space...

Good idea, although i don't like the way your finger is pointing at me
;)

>> No as the malicious version, say, open office for example, would run
>> totally normal for months and months until that person suddenly finds
>> out that they've been had either by some serious CC theft or just
>> reading a news item somewhere.
>
>and this is a OSS specific problem because?

Because the possibility exists that you may be able to modify that
source code and have it accepted to appear on the official site, it
only takes a lapse and for it to be up for a day.

I'm just thinking of possibilities i'm not saying it is happening or
it will happen.

>> I haven't got the drive or time to do it to be honest, but it's easy
>> as ***,
>
>So easy you can do it just like that but you dont have the time... OK.

No, i have no reason to want to modify someones source file to do
whatever you would want, i would have to first get linux installed,
find an IDE that i like using and find and learn linux netcode
libraries or file system if i just wanted to cause damage.

I really can't be arsed to do all that to prove a point to you.

Like i said, anyone with that knowledge could perform some kind of
damage to the end users machine, it goes without saying.. Sure there
are obviously methods to stop this but you must allow for human error.

> > all i gotta do is take the source file and add my own routine
>> in there and send it on for someone to use..
>
>Thats not hacking a program its social engineering. you could take a
>shellscript that does 'rm -rf /*' and name it 'openoffice.exe' and
>convince some schmuck to run it.

Yes, but they won't be running that day after day completely oblivious
to what is happening would they?!

It is totally viable that you could modify the source code out there
to perform pretty much any task you wanted it to. Getting it through
the checkers is another issue of course, but it will be breached if
enough people try, in the same way that Windows security gets
breached.

>Do you know what 'hacking' is?

no, sorry, not a clue.

>> When i get linux i will modify some code and send to you, just
>> something silly like deleting files or something along those lines.
>
>I'll happily NOT execute it then. Your challenge is to get the malicious
>content onto my machine AND executed.

Why the *** would i want to do that to you? I haven't got the time
or the desire to screw other people's machines up.

If you asked me years ago when i was at uni and not all settled down
then hell yeah i would've taken the challenge, but i really have not
got the time or drive to do it.

>> No, because i only use it for games and databases that's not classed
>> as 'real' expertise. What point are you trying to make?!
>
>The way you talk about main.c 'calling' other things, for one. Your use
>of language in this field makes it clear you are far from an expert.

So you cannot call subs or functions from main.c then?

Are you mad?!

>Perhaps you are, but you'll forgive me being cynical when I rebut your
>point and you come back along these lines :
>
>You: P2P is all about piracy
>Me (rebuttal): LFS uses bittorrent to distribute its sourcecode legitimately
>You: yeah, well, uh. *bit torrent sucks*.
>
>Im sure you see my point.

If you rephrase it like that, sure you may have a point, but the point
i made was that not everyone can use bittorrent, a few ISP's block
ports 7001-7009 so forcing you to use alternatives causes a very very
slow download rate which is near unuseable.

I didn't say that bit torrent sucks at all. I prefere FTP's or
newsgroups as you get the full bandwidth, personal preference of
course, i think bit torrents a great idea though and to think that one
guy came up with it yet no-one really uses his software is fecking
typical.

>> If it wasn't because of them you wouldn't have half the things you use
>> today, they've really pushed the home market excessively.
>
>UTTER crap. Before I came to use linux on a day to day basis I used a
>small british OS called RISC OS, which was very good in its day and to
>this day continues to be a source of innovative new software.

Yeah i've used RISC OS, as you say, very good, excellent at
multitasking.

>if M$ hadnt been able to ride the 'my office uses PCs lets have one at
>home because thats what I use at work' trend, we'd be a lot better off
>today. we'd have multiple manufacturers competing for the market and so
>prices would be at least as low as they are now.

Not true, alot of hardware is cheap because they know the majority
would be using it on windows, therefore they can take the option of
utilizing the cpu through windows to process what would normally be
done in hardware (i.e. like a winmodem).

That has bought hardware prices down, as the hardware only solutions
have to be competitive, on top of that Microsoft push alot of money
into pushing windows into homes and businesses and so the amount of
users grow, hence the hardware sales increases, thus lower prices.

>> i mean it sounds like all
>> you do is code and tinker around, i see nothing that really pushes
>> linux to the point where you would have to boot up windows.
>
>That makes no sense to me. things like continuous monitoring of the data
>from my radio would be much harder on windows. I play videos, re-encode
>them, listen to music, download files, hack code, play games.

I don't know about monitoring your data from the radio, but all those
tasks are miniscule, i doubt your cpu even hits 10% of its potential
(Thats assuming you have a modern processor) until you play a game or
re-encode video, hardly what i would define as pushing an OS.

>My
>filesystems do thewir best to not hog the CPU and ttransfer data
>quickly. My network drivers are low latency and faster than a windows
>user reported here recently by a factor of about 2. Why would I want too
>switch to windows where I'd have a single desktop (not 7 virtual ones)
>for all those tasks, AND have my network performance halved?

I'm not saying you should switch to windows?!

It's horses for courses, the only option that appeals to me in that
paragraph is an efficient filesystem of course, i dont want 7 virtual
desktops or a super fast network performance at home, i just want
software that does what i want and enhances my creativity, not stifles
it.

>I care. If it wasnt for the stolen code M$ would have had to write it
>themselves. instead they used the advantage to crush their competition,
>resulting in a stagnant (albeit cheap) market with no real innovation.

Not true, you have that 'innovated' option with linux, surely?
Although what you would call innovation others would label as change
and would not be happy with it.

MS have a great business model, and it is frustrating if you dont like
them, but take your hat off at what they've done in a business sense ,
they are a very aggresive company.

> >> Its possible on ANY software binary.
> > It's possible but not as easy,
>Its a piece of cake for any competant programmer.

It's a piece of cake for anyone who knows what they're doing yes, and
who has time on there hands.

>and for the incompetant ones, simply rename nuke.exe to norton_setup.exe

But that's not modifying the norton code is it?! nuke.exe would be
eaten up by the virus checker upon coming down from the net.

I'm specifically talking about modifying software to run code that is
imbedded within the original source code, not tagged onto the end of
the file, not renaming a file to something else, actually built within
the core functions of the software.

>however you also get the *source* which allows you to play with, hack
>at, browse for holes, or whatever, the code. you can make a new binary
>if you like.

Sorry, didn't realise you could 'hack' source code when it's freely
offered?!

>[security again - installing hacked code]
> > This same user could be using OSS on linux, think about that.
>
>If I did that here, the worst I would do is wipe out my user data files.
> My OS would remain untouched. (barring a kernel or SUID binary bug, of
>which there are no currently exploitable examples)

Whatabout running a server which opens your ports? or permissions to
delete/rename files on your HDD's?

I can't see how you can run read-only rights when re-encoding video
for example.

>maintainer. the would read the patch and see something like
>
>- security_check()
>+ /* Remove temp files */
>+ rm -rf *
>+
>and I would hope any smart developer would at least check that out.

What?! You wouldn't go down that path at all, besides that looks more
like a batch/script file to me, if attempted to compile it i would
expect to see some errors!??

You would hide it amongst other code, i.e. add a function into one of
the files defined as an include and call it when required later in the
code.

So many options as you well know.

>then run the app. unless your kernel has a bug (not likely) the worst
>that will happen is test_user loses ther files (no big loss as you can see).

And what if the app in question requires admin rights? Would you
question that?

> > as you well know there are only a small number of
> > actual C functions as standard.
>
>none, in fact. you're probably thinking of the C library, which isnt
>actually required at all.

Yes, hence why i labelled them as 'standard'.

>[project development]
>Ok, so the original author of the software releases the official
>package, what happens then if say 10-20 alternative versions come
>back? how do they decide which one to put up?
>
>what do you mean? 10 - 20 differnt versions that do the same thing or
>10-20 new features people have created?

I mean the original authors received 10-20 emails with attachments (Or
however they are submitted) saying 'hey, found a few bugs and fixed
them...' they then detail the bugs, and they're all vary to what has
been fixed and what hasn't. (Of course one of these could be an
arsehole who has fixed a few glitches but added some unwanted code
which causes some kind of damage. Attaching his notes to what has been
fixed in the hope that the other code isn't spotted)

>Sometimes a person or group of people take a project and 'fork' it into
>two seperate projects. often the forks develop for a while and then
>merge back into the original project. sometimes they become new projects
>in their own right.

Is there ever a time when code is not approved for being too big or
deemed not to be useful, yet there is a demand for it so to obtain
this 'extra' version you would have to use non-official means?

> > I thought you claimed that MS Windows couldn't stay up for as long?
>
>Anything can stay up forever if it doesnt do anything. Well, except
>windows - at least one version couldnt stay up more than something like
>39 days even then...

It's hardly doing nothing.. it's serving all our users here, admit it,
in the right hands windows is pretty useful and does what it says on
the tin ;)

Although saying that we had a power cut yesterday and the frigging UPS
failed on us, so it has gone down! You caused this! ;)

>[protection, spy/mal ware]
> > Totally agree, and i think it's been absolutely rife since all the
> > Iraw 9/11 business, i don't know whether that is a factor or not.
>
>9/11? ROFL yeah ok. btw, its 11/9 in the civilised world :-)

You don't think then?

I know here at work we've seen nothing like it before the 911
business, i mean we have a mailshot system for our customers to inform
them of product updates etc and in the past we've hit 2000-3000 emails
with very few problems, but recently our net box has been hit with
everything and the amount of virus infested mails that we have hitting
our list@ address is horrendous, luckily trend is doing a good job but
i got it updating every 30 mins.. just incase, cause its me who will
get it.

In fact i've already been moaned at this morning because the server
took a few minutes to get up and running again, i mean ffs it takes
almost as long for their machines to boot.

>Blanket statements are bad, but basically, nothing. a firewall doesnt
>hurt and will help you detect anything untoward. virii on unix type
>systems are nonexistant despite the fact that the majority of the
>(servers on the) net use it, and would be supremely plummy targets
>thanks to their phat connections.

So virus's are a possibility on Linux, its just that they dont exist?

Pretty interesting stuff that, what firewall would you recommend?

>spam is just a problem in general linux mail clients wont execute it for
>you, however, and there are a number of sophisticated spam detection
>tools available. mozilland and konqueror disable spyware in general,
>although I guess home useres will always be trickable in the long run.

My email is pretty sound for spam, i'm really careful what i do with
it, i use x@mydomain.com when subscribing to lists, where x = the list
name so i know exactly where spam comes from if i get it and so deal
with it straight away.

>Look, if you bought the thing for windows and its drivers sucked youd
>have taken it back. either treat linux the same way or stop whining as
>you only have yourself to blame on this one. I will *bet* it wasnt the
>only device able to perform that well, there were HUNDREDS of TAs to
>choose from at that time.

Well no doubt if i was prepared to wait long enough asus would have
put good drivers up, i dont know, i just wasnt prepared to sacrifice
windows functionality for a linux play-around.

I'm just showing you easily it is to be put off from linux, i'm sure i
wont have that problem now i've got a netgear though.

>[DSP work]
>You say that DSP work isnt CPU load dependant. You are WRONG. just
>because you have a blazingly fast CPU doesnt mean this isnt true, it may
>simply make it irrelevant for you.

I said that the DSP latency does not differ when put under load, i
used to run VST on a 400mhz machine comfortably, the only limit
regarding the cpu was how many effects could be processed, if my max
was 10 then no matter whether i was using 1 or 10 the latency did not
alter.

> "Upgrading my CPU recently i gained the benefit of adding more FX
> and instruments, no more latency though."
>
>See?

Yes it didn't affect latency which, your point that latency would be
affected when the cpu was under load is incorrect.

>Oh btw, you claim 3ms latency on your system and think its good? I've
>just done some research and found that this was the level linux was at a
>few years ago (2.2.10 kernel era) and on a 350MHz K6-II at that. Further
>googling found a quote from one of the linux developers as follows:

*snip*

I was referring that windows can turn around my line-in source, add
several effects on to it, play soft synths in real time and god knows
how many other audio tracks with real time DSP on them, all within
5.33ms.

Linux at the moment can't even do that due to the software not
existing, so it cannot be compared.

>Cubase equivalent - rosegarden
>premiere equivalent - cinelerra
>media players: xmms, beep, mplayer (and others)

Excellent cheers for those, very interested to see how cinelerra, main
actor and rosegarden compare to what i use currently.

Hopefully rosegarden will become popular and people will write a lot
of plugins for it.

Seriously, thanks for that it was exactly what i was looking for, just
looked online, i'm quite excited to try it out now as even sound on
sound are saying its great :D 

-- 
Playing: FIFA 2005.... Thats it atm
Awaiting: PES4 & HALO2 (Yawn yes i know)
Quantcast