Huh. And here I thought everybody just used libpng, and that's why PNGs look the same in every program.

(Unlike most MOV and MP4 files which, as I've discovered through extensive and thoroughly unenjoyable testing, have significant colour, range and gamma differences depending on which application you open them in.)
posted by clawsoon at 11:23 PM on December 15, 2021

If you're on MacOS: try Firefox vs Safari.
posted by pompomtom at 12:13 AM on December 16, 2021 [8 favorites]

> unlike most MOV and MP4 files which, as I've discovered through extensive and thoroughly unenjoyable testing, have significant colour, range and gamma differences depending on which application you open them in.

This is due to two factors: whether correct and full color attributes are stored in the file, but more importantly whether the player heeds that metadata and transforms the decoded picture correctly for presentation.
posted by Gyan at 12:49 AM on December 16, 2021 [2 favorites]

but more importantly whether the player heeds that metadata and transforms the decoded picture correctly for presentation.

Indeed. My most interesting discovery was that Quicktime Player, at least on Windows (didn't test Mac), interprets range (full/pc vs legal/video) metadata in exactly the opposite way that everything else does, at least for the codecs I tested. It interprets the field as "here's what you should convert this data to" instead of "here's how this data was encoded."

And that's why no-one has ever gotten a satisfactory answer in any of the million "why are my colours washed out in Quicktime?" threads that exist on the Internet.
posted by clawsoon at 4:15 AM on December 16, 2021 [3 favorites]

(The most common problem I found was applications interpreting movies tagged with Rec.709 colour primaries as if they had Rec.601 primaries. Most of the applications were open source, which makes me think that it's either a libavcodec bug or a bug in how those applications are using libavcodec.)

But I digress... this is a very neat bug that this person has discovered in Apple's code after discovering it in their own. I wonder if Apple will fix it.
posted by clawsoon at 4:49 AM on December 16, 2021 [1 favorite]

unrelated except that they are both in a way exploits and I lack the technical background to really understand what it's describing but this exploit description I came across on twitter sounds wild:

JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent.
posted by juv3nal at 5:02 AM on December 16, 2021 [7 favorites]

So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does.

Sometimes I see someone committing crime and think to myself that they are smarter and more hard-working than like 75% of the "honest" people in the world, and that with a crack at a job, they could have success and money without all that the jail time.
posted by wenestvedt at 6:00 AM on December 16, 2021 [4 favorites]

JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!?

It's Virtual Machines all the way down.
posted by jabah at 6:12 AM on December 16, 2021 [1 favorite]

It's Virtual Machines all the way down.

Our universe is actually a simulation, running as a 0day exploit proof-of-concept in another universe.
posted by AzraelBrown at 6:19 AM on December 16, 2021 [14 favorites]

Sometimes I see someone committing crime and think to myself that they are smarter and more hard-working than like 75% of the "honest" people in the world, and that with a crack at a job, they could have success and money without all that the jail time.

While that's often true, in this particular case, the people behind that exploit have very lucrative, legal, and even respectable (in some circles) jobs working at a private cybersecurity firm called NSO Group. The only reason there's controversy over this exploit is that it was being used on critics of the Saudi government, because NSO Group doesn't appear to care how its tools are used once they're sold.
posted by Nutri-Matic Drinks Synthesizer at 6:35 AM on December 16, 2021 [4 favorites]

Hmmm...So, in iOS on my iPhone, the png definitely says "hello apple". However, in my somewhat ancient copy of Safari on my Mac, it properly says "hello world". Is this bug iOS-specific, or was it introduced in a later version of WebKit?
posted by Thorzdad at 7:11 AM on December 16, 2021 [1 favorite]

,> most of the applications were open source, which makes me think that it's either a libavcodec bug or a bug in how those applications are using libavcodec.

Libavcodec will only handle the decoding. YUV to RGB is post-processing and would be handled by a scaler or filter. But like you said this is a digression.
posted by Gyan at 7:14 AM on December 16, 2021 [1 favorite]

Hmmm...So, in iOS on my iPhone, the png definitely says "hello apple". However, in my somewhat ancient copy of Safari on my Mac, it properly says "hello world". Is this bug iOS-specific, or was it introduced in a later version of WebKit?

There might be a clue in a comment on this page:

I was involved in adding this to PNGs in ~2011 or so. I don't remember the details but you've got this pretty much right.

The reason was indeed performance: on the first retina iPads, decoding PNGs was a huge portion of the total launch times for some apps, while one of the two cores sat completely idle. My guess is that it's still at least somewhat useful today, even with much much faster single-thread performance, because screen sizes have also grown quite a bit.

posted by clawsoon at 7:17 AM on December 16, 2021 [1 favorite]

Our universe is actually a simulation, running as a 0day exploit proof-of-concept in another universe.

On the multi-cosmic scale, our universe is most similar to running Quake on a smart refrigerator.
posted by wemayfreeze at 8:39 AM on December 16, 2021 [2 favorites]

NutriMatic: ...in this particular case, the people behind that exploit have very lucrative, legal, and even respectable (in some circles) jobs working at a private cybersecurity firm called NSO Group.

Oh, certainly -- but given the space that NSO works in, I really wish they had more boring jobs instead of what they do all day.

Imagine if they were using that creativity and focus to block spam calls or make medical software more secure or write a freeware income tax package... *sigh*
posted by wenestvedt at 10:02 AM on December 16, 2021 [2 favorites]

re the NSO JBIG thing: there's a thread for that - Turing completeness strikes again | MetaFilter
posted by scruss at 11:51 AM on December 16, 2021 [2 favorites]

Saving the PNG to my Mac, Preview and the Finder's preview show HELLO APPLE, but the icon for the file is a little thumbnail that says HELLO WORLD! I'm curious how that comes about.
posted by aws17576 at 12:29 PM on December 16, 2021 [2 favorites]

If you've got MacOS Safari, this page will make it glitch out in real time.
posted by grahamparks at 3:51 PM on December 16, 2021