FLAC 1.3.2 was just updated.

FLAC 1.3.2 (01-Jan-2017)

FLAC (Free Lossless Audio Codec) was just updated, 3 years since last update. What is FLAC? Well,  an audio format similar to MP3, but lossless, meaning that audio is compressed in FLAC without any loss in quality. This is similar to how Zip works, except with FLAC you will get much better compression because it is designed specifically for audio, and you can play back compressed FLAC files in your favorite player (or your car or home stereo, see supported devices) just like you would an MP3 file.

  • General:
    • Fix undefined behaviour using GCC/Clang UBSAN (erikd).
    • General hardening via fuzz testing with AFL (erikd and others).
    • General code improvements (lvqcl, erikd and others).
    • Add FLAC in MP4 specification docs (Ralph Giles).
    • MSVS build cleanups (lvqcl).
    • Fix some cppcheck warnings (erikd).
    • Assume all currently used OSes support SSE2.
  • FLAC format:
    • (none)
  • Ogg FLAC format:
    • (none)
  • flac:
    • Fix potential infinite loop on flac-to-flac conversion (erikd).
    • Add WAVEFORMATEXTENSIBLE to WAV (as needed) when decoding (lvqcl).
    • Only write vorbis-comments if they are non-empty.
    • Error out if decoding RAW with bits != (8|16|24).
  • metaflac:
    • Add –scan-replay-gain option.
  • plugins:
    • (none)
  • build system:
    • Fixes for MSVC and Makefile.lite build systems.
  • documentation:
    • (none)
  • libraries:
    • CPU detection cleanup and fixes (Julian Calaby, erikd and lvqcl).
    • Fix two stream decoder bugs (Max Kellermann).
    • Fix a NULL dereference bug (on a malformed file).
    • Changed the LPC order guess for a slight compression improvement, particularly for classical music (Martijn van Beurden).
    • Improved encoding speed on older Intel CPUs.
    • Fixed a seeking bug when decoding certain files (Miroslav Lichvar).
    • Put an upper bound (32768) on the number of seek points.
    • Fix potential memory leaks.
    • Support 64bit brword/bwword allowing FLAC__BYTES_PER_WORD to be set to 8 (disabled by default).
    • Fix an out-of-bounds heap read.
    • Win32: Only use large buffers when writing to disk.
  • Interface changes:
    • libFLAC:
      • (none)
    • libFLAC++:
      • (none)

TLS 1.3 design finalized

The biggest practical development in crypto for 2016 is the finalization  Transport Layer Security version 1.3. TLS is the most important and widely used cryptographic protocol and is the backbone of secure Internet communication.

How might users notice TLS 1.3?

Speed. TLS 1.3 is designed for speed, specifically by reducing the number of network round-trips required before data can be sent to one round-trip (1-RTT) or even zero round-trips (0-RTT) for repeat connections.

These ideas have appeared before in experimental form through the QUIC protocol and False Start for earlier TLS versions, but as part of the default behavior of TLS 1.3 they will soon become much more widespread. This means latency will decrease and webpages will load faster.

TLS 1.3 should be a big improvement security-wise.

First, the protocol is much simpler by removing support for a number of old protocol features and obsolete cryptographic algorithms. Additionally, TLS 1.3 was designed with the benefit of model checking (which has been used to find flaws in many older versions of TLS and SSL).

What are you waiting for?

Now, all we need to do is wait for OpenSSL to release a updated version with TLS. 1.3, something they are working on.  Or if you don’t have time for that, you could build OpenSSL from source yourself.

Fail0verflow demonstrate Linux and Steam running on Firmware 4.05

Marcan42 of Fail0verflow fame was at the CCC33 event this year, to explain how Fail0verflow exploited the PS4 hardware in order to run Linux on the PS4.

Marcan42 explained how the base of the hack consisted in a man-in-the-middle attack of the PCIE bus on the PS4, with the rest of the presentation focused on why several patches were required on the linux kernel for it to run on a PS4.
Towards the end of the demonstration, Marcan ran Steam on the PS4 to confirm 3D Hardware acceleration was working.

Asked if Fail0verflow planned to release an exploit for a firmware higher than 1.76 (PS4s running firmware 1.76, the only publicly exploited firmware, can be found but are expensive), Marcan answered that his whole presentation was running on a 4.05 PS4, but also confirmed that Fail0verflow do not intend to release any exploit for the PS4, as their focus is 100% on the Linux port (for which all of their work is already available on github) and they want to avoid typical scene drama.

Download Fail0verflow’s Linux port for the PS4

Fail0verflow’s work on the PS4 can be downloaded on Github

Star Trek – Next generation available on Norwegian Netflix

Space: the final frontier. These are the voyages of the starship Enterprise. Its continuing mission: to explore strange new worlds, to seek out new life and new civilizations, to boldly go where no one has gone before.

This amazing and iconic series is now available on Netflix in Norway.