Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Saturday, 18 June 2016 at 19:52:20 UTC, Observer wrote: in the context of image decoding, you're often handling untrusted data from external sources Not always though. The main case I'd use a little single-file thing is for files that I created and packaged with the application myself, but wanted to be small for distribution. If I wanted my program to do something naughty, I wrote it, I'd just make it do something naughty!
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Saturday, 18 June 2016 at 19:52:20 UTC, Observer wrote: Not convinced? no. i believe that it's all strongly overrated. don't run software with full access to your system, don't feed it with untrusted data, use sandboxes and such, etc. this is the way to go, not adding endless checks for all possible corner cases. still, anyone is free to undo that: just replace all `\.ptr\b` with empty string -- and voila! all the bounds checking (and mind you, there is little, as many arrays are just malloc'ed anyway) is back. it's way easier to do than to put `.ptr` into vanilla code. for my use cases `.ptr` access is ok: i prefer to leave bounds checking on for all builds, and manually escape it in the code when i feel that it is necessary. in other words: i believe that validating data and loading/processing data should be separated. first validate all your jpegs with some tool, then use loaders to actually load and process 'em.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 14:20:14 UTC, ketmar wrote: ah, i also put `.ptr` to array access to skip bounds checking -- i love to build my code with bounds checking on, and i don't feel that i need it in this decoder -- it should be fairly well-tested. This statement stands out as a problem. There are lots of security notices out there that refer to media-decoding problems. Remember, in the context of image decoding, you're often handling untrusted data from external sources. The security notices often talk about "carefully crafted" files; here's just one simple example: http://www.videolan.org/security/sa0702.html Here are a couple more, regarding the infamous Adobe Flashplayer: https://hackerone.com/reports/30567 https://hackerone.com/reports/36279 Not convinced? Let's not stop there; let's look specifically at what has happened with JPEG in the past, such as: http://download.oracle.com/sunalerts/1000310.1.html http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/ You need to think not just about your own code, but also about the overall environment in which it will operate.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 23:17:56 UTC, Xinok wrote: On Friday, 17 June 2016 at 22:15:47 UTC, ketmar wrote: i put it under unlicense[1], as some other works of the same author is using it, and it is basically the same PD. [1] http://unlicense.org/ Unfortunately, using unlicense is just as problematic as using public domain: https://programmers.stackexchange.com/questions/147111/what-is-wrong-with-the-unlicense alas, that is all i can do without breaking the "spirit" of the original terms. i'm ok with it, and people still can fork the code and relicense in under Boost/MIT.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 22:15:47 UTC, ketmar wrote: i put it under unlicense[1], as some other works of the same author is using it, and it is basically the same PD. [1] http://unlicense.org/ Unfortunately, using unlicense is just as problematic as using public domain: https://programmers.stackexchange.com/questions/147111/what-is-wrong-with-the-unlicense The next best thing is the CC0 license (Creative Commons Zero) which is better written than unlicense but it's currently not recommended for software / source code. http://copyfree.org/content/standard/licenses/cc0/license.txt After that, the most-open licenses with good legal standing would be Boost and MIT but then you run into the same issues again with incompatible licenses. I don't have any recommendations but I thought it was worth pointing out that unlicense isn't the solution here.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 13:35:58 UTC, John Colvin wrote: On Friday, 17 June 2016 at 13:05:47 UTC, ketmar wrote: finally, the thing you all waited for years is here! pure D no-frills JPEG decoder with progressive JPEG support! Public Domain! one file! no Phobos or other external dependecies! it even has some DDoc! grab it[1] now while it's hot! [1] http://repo.or.cz/iv.d.git/blob_plain/HEAD:/jpegd.d awesome. Without wanting to start a huge thing about this, see http://linuxmafia.com/faq/Licensing_and_Law/public-domain.html and http://www.rosenlaw.com/lj16.htm and please at least add an optional licencing under a traditional permissive open-source license (boost would be nice, who knows, maybe phobos should have jpeg support?). i put it under unlicense[1], as some other works of the same author is using it, and it is basically the same PD. [1] http://unlicense.org/
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On 06/17/2016 04:08 PM, Kagamin wrote: Uh oh, a license is revokable? What happens when boost license is revoked? No, it's not, but you can publish stuff under multiple licenses at the same time.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On 06/17/2016 09:05 AM, ketmar wrote: finally, the thing you all waited for years is here! pure D no-frills JPEG decoder with progressive JPEG support! Public Domain! one file! no Phobos or other external dependecies! it even has some DDoc! grab it[1] now while it's hot! [1] http://repo.or.cz/iv.d.git/blob_plain/HEAD:/jpegd.d https://www.reddit.com/r/programming/comments/4oj7ja/public_domain_jpeg_decoder_with_progressive/ Andrei
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 14:33:41 UTC, ketmar wrote: ah, just fork it and slap Boost license on top! i myself have no objections, and i doubt that the original author will object too. p.s. i'm pretty sure that somebody *will* fork it soon to get it to code.dlang.org. i won't do that myself, but again, i have no objections.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 14:28:52 UTC, Rory McGuire wrote: Thanks for that info. I don't think it would help if ketmar made it MIT / Boost licensed or any other, if the original authors relatives chose to dispute the license it the fact that the code is based on the PD code would make it hard to protect. ah, just fork it and slap Boost license on top! i myself have no objections, and i doubt that the original author will object too.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Fri, Jun 17, 2016 at 3:35 PM, John Colvin via Digitalmars-d-announce < digitalmars-d-announce@puremagic.com> wrote: > On Friday, 17 June 2016 at 13:05:47 UTC, ketmar wrote: > >> finally, the thing you all waited for years is here! pure D no-frills >> JPEG decoder with progressive JPEG support! Public Domain! one file! no >> Phobos or other external dependecies! it even has some DDoc! grab it[1] now >> while it's hot! >> >> [1] http://repo.or.cz/iv.d.git/blob_plain/HEAD:/jpegd.d >> > > awesome. > > Without wanting to start a huge thing about this, see > http://linuxmafia.com/faq/Licensing_and_Law/public-domain.html and > http://www.rosenlaw.com/lj16.htm and please at least add an optional > licencing under a traditional permissive open-source license (boost would > be nice, who knows, maybe phobos should have jpeg support?). > Thanks for that info. I don't think it would help if ketmar made it MIT / Boost licensed or any other, if the original authors relatives chose to dispute the license it the fact that the code is based on the PD code would make it hard to protect. I think that source code under PD might get exception to the laws in those articles because of the way PD is used globally and what its intent is, and what our common understanding of it is. However that would probably go to court to settle.
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 13:51:29 UTC, Andrei Alexandrescu wrote: Nice, thanks for this work. I see it has 3213 lines. I take it the source is https://github.com/richgel999/jpeg-compressor. How many lines from there are reflected in the D code? -- Andrei it's a complete port of jpegd.h+jpegd.cpp (so, no encoder). it is almost 1:1 to c++ code, including fancy templated row/col decoders and 4x4 matrix mini-class. mostly sed work, and after i made it to compile (and fixed silly bug in CLAMP that i introduced) it "just works". i replaced stream reader class with delegate (we have such a great delegates in D, so let's use 'em! ;-), but otherwise the code is unmodified. ah, i also put `.ptr` to array access to skip bounds checking -- i love to build my code with bounds checking on, and i don't feel that i need it in this decoder -- it should be fairly well-tested. so you may assume that all of the lines there are came from c++ (sans some curly brackets). of course, one can do much better work by writing "idiomatic" D code, i guess, but that would be much greater work -- not a "port", but "rewrite".
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 13:35:58 UTC, John Colvin wrote: Without wanting to start a huge thing about this, see http://linuxmafia.com/faq/Licensing_and_Law/public-domain.html and http://www.rosenlaw.com/lj16.htm and please at least add an optional licencing under a traditional permissive open-source license (boost would be nice, who knows, maybe phobos should have jpeg support?). ah, i know about PD caveats. but the original source was PD, so i don't feel like adding any other license on top of it will be good. not that it is legally impossible, i just want to keep it as the original author intended. after all, anybody can just fork it and add any license he wants. it is unlikely that the thing will get extensive upgrades anyway. ;-)
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 13:35:58 UTC, John Colvin wrote: Without wanting to start a huge thing about this, see http://linuxmafia.com/faq/Licensing_and_Law/public-domain.html and http://www.rosenlaw.com/lj16.htm and please at least add an optional licencing under a traditional permissive open-source license (boost would be nice, who knows, maybe phobos should have jpeg support?). Uh oh, a license is revokable? What happens when boost license is revoked?
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On Friday, 17 June 2016 at 13:05:47 UTC, ketmar wrote: finally, the thing you all waited for years is here! pure D no-frills JPEG decoder with progressive JPEG support! Public Domain! one file! no Phobos or other external dependecies! it even has some DDoc! grab it[1] now while it's hot! [1] http://repo.or.cz/iv.d.git/blob_plain/HEAD:/jpegd.d awesome. Without wanting to start a huge thing about this, see http://linuxmafia.com/faq/Licensing_and_Law/public-domain.html and http://www.rosenlaw.com/lj16.htm and please at least add an optional licencing under a traditional permissive open-source license (boost would be nice, who knows, maybe phobos should have jpeg support?).
Re: pure D JPEG decoder, with progressive JPEG support, public domain
On 06/17/2016 09:05 AM, ketmar wrote: finally, the thing you all waited for years is here! pure D no-frills JPEG decoder with progressive JPEG support! Public Domain! one file! no Phobos or other external dependecies! it even has some DDoc! grab it[1] now while it's hot! [1] http://repo.or.cz/iv.d.git/blob_plain/HEAD:/jpegd.d Nice, thanks for this work. I see it has 3213 lines. I take it the source is https://github.com/richgel999/jpeg-compressor. How many lines from there are reflected in the D code? -- Andrei
pure D JPEG decoder, with progressive JPEG support, public domain
finally, the thing you all waited for years is here! pure D no-frills JPEG decoder with progressive JPEG support! Public Domain! one file! no Phobos or other external dependecies! it even has some DDoc! grab it[1] now while it's hot! [1] http://repo.or.cz/iv.d.git/blob_plain/HEAD:/jpegd.d
