User talk:Zhuyifei1999/Archive 48

This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

• File:Chris Mihm (71083236).jpg
• File:Chris Mihm (71083290).jpg
• File:Chris Mihm (71083340).jpg

Why are these failing? - Alexis Jazz ^{ping plz} 11:18, 25 June 2019 (UTC)

I checked File:Chris Mihm (71083236).jpg, there is no image resolution on Flickr that matches what is uploaded on Commons. It is, literally, 'size not found' --Zhuyifei1999 (talk) 21:00, 25 June 2019 (UTC)

Perhaps fall back to the original file in this case? Or at least when the image on Commons is bigger than the largest image size on Flickr. - Alexis Jazz ^{ping plz} 21:13, 25 June 2019 (UTC)

There is no 'computer vision' involved. If we can't verify that the image on Commons matches that one on Flickr, we can't pass the license review. --Zhuyifei1999 (talk) 01:32, 26 June 2019 (UTC)

সুপ্রিয় Zhuyifei1999! উইকিমিডিয়া বাংলাদেশ-এর আয়োজনে দেশের সংরক্ষিত প্রাকৃতিক বনাঞ্চল ও এর জীববৈচিত্র্যের ছবি নিয়ে বাংলাদেশে তৃতীয়বারেরমত শুরু হচ্ছে উইকিপিডিয়ার ছবি প্রতিযোগিতা উইকি লাভস আর্থ ২০১৯। এক মাসব্যাপী স্থায়ী প্রতিযোগিতাটি ১ জুন, শনিবার থেকে ৩০ জুন পর্যন্ত চলবে।

প্রতিযোগিতা পাতায় দেয়া তালিকা থেকে বাংলাদেশের প্রাকৃতিক সংরক্ষিত অঞ্চলের যেকোনো সময় তোলা ছবি জুন মাসে জমা দিয়ে প্রতিযোগিতায় অংশ নেওয়া যাবে। প্রতিযোগিতায় একজন একাধিক ছবি জমা দিতে পারবেন। প্রতিযোগিতা শেষে প্রতিটি দেশ থেকে সেরা ১০টি ছবি আন্তর্জাতিক বিচারকদের কাছে পাঠানো হবে এবং সব দেশের ছবি থেকে সেরা ১৫টি ছবি আন্তর্জাতিকভাবে বিজয়ী ঘোষণা করা হবে। বিজয়ীদের জন্য আলাদাভাবে আন্তর্জাতিক ও জাতীয় পুরস্কার রয়েছে।

• ২০১৯ সালের প্রতিযোগিতায় অংশগ্রহণ সম্পর্কে বিস্তারিত জানতে ভিজিট করুন: উইকি লাভস আর্থ ২০১৯।

আপনি যদি টুইটার ও ফেসবুকে থাকেন, তাহলে হালনাগাদ সংবাদ ও আরো তথ্যের জন্য @WLEBangladesh অনুসরণ করুন।

আপনার যদি কোনও প্রশ্ন থাকে, তাহলে নিঃসংকোচে ইমেইল করুন wlewikimedia.org.bd ঠিকানায়। আসুন সবাই মিলে উইকিপিডিয়ার মাধ্যমে বাংলাদেশের প্রাকৃতিক সৌন্দর্য বিশ্ব দরবারে তুলে ধরি। ধন্যবাদ!

#wleBangladesh দলের পক্ষে,
নাহিদ সুলতান, রবিবার ১৫:৫৭, ১৬ জুন ২০১৯ (ইউটিসি)

আপনি এই বার্তাটি পাচ্ছেন কারণ আপনি এর পূর্বে এই প্রতিযোগিতায় অংশ নিয়েছিলেন

hi Zhuyifei1999, I have you recently overloaded a file taken from the google art project, by an artist named Maria Giovanna Clementi (1692–1761). noting the category of paintings, I came across some identical file dobbig that should be absolutely eliminated, because I don't think it would be good to have to hold in the same category two completely identical paintings, above all of different size and different structural graphics. so I would like to request the immediate cancellation of these files:

1) file 1 & file 2 : are two clones where the version that must remain is this--> current version

2) File: clone of the current version---> current version

3) File: clone of his current version that uploaded her from google art project :)

4) file clone of the current version---> current version

here it is. these are the files that must be deleted, because they are clones, of current versions, and also because these clones, from the point of view of the size and quality of the image, leave a lot to be desired. this is why they must absolutely be deleted--NNEPEL12 (talk) 11:37, 1 July 2019 (UTC)

They don't qualify under speedy deletion. Please file a COM:DR --Zhuyifei1999 (talk) 14:11, 1 July 2019 (UTC)

21:22, 1 July 2019 (UTC)

Hello there - how are you? I made a small error regarding File:ANC Provincial Chairperson Zamani Saul.jpg. I accidentally entered the wrong Flickr link. Can you maybe just please fix it. Thanks in advance. Lefcentreright (talk) 22:14, 2 July 2019 (UTC)

On Commons:Deletion requests/File:Sophie Scholl in custody of the Gestapo in 1943.jpg, SignBot signs for Poppy Higgins but not for Malbuff. I dont know if this means SignBot might need a fix.--Roy17 (talk) 16:04, 5 July 2019 (UTC)

It was down during that period --Zhuyifei1999 (talk) 22:33, 5 July 2019 (UTC)

Hey Zhuyifei1999,

I manged to make the web shell inaccessible + Undetectable for other users (I guess). Could you please try to detect it ? I did it for fscbot only. Thanks for your help -- Eatcha (talk) 14:32, 6 July 2019 (UTC)

Challenge accepted ;) --Zhuyifei1999 (talk) 17:41, 6 July 2019 (UTC)

I am confident that the shell has since been deleted, and it is not automatically recreated by the tool itself without someone ssh-ing into the tool. This challenge is moot. --Zhuyifei1999 (talk) 18:03, 6 July 2019 (UTC)

No, this is not a prank. I'm serious! Really the web shell is not deleted(Just hidden and inaccessible to others including server admins). In fact the web shell is/are one of the following files!

As you now know that the web shell is one of the files in the list, If you find it. It's much harder to access it without knowing what I did but that also means that it is very unlikely for the bad guys to get access to my shell(It's much easier to get a tool-forge membership, you just need to say "I want to create a ______bot for ______ . ") or anything like this. -- Eatcha (talk) 19:17, 6 July 2019 (UTC)

To verify that I didn't removed the shell you can verify the the last modified date of that shell(I can't backdate it as I am not a SU). I will tell you where is the shell after 24 hours or when you want. Thanks for accepting the challenge -- Eatcha (talk) 19:27, 6 July 2019 (UTC)

WOW! virustotal.com result is 0/54. Not a single Antivirus or Web Shell detection tool detected it! -- Eatcha (talk) 19:36, 6 July 2019 (UTC)

I can see the file list myself. I can also see that you have created g.php after I posted my message. It was d.php before, and dot.php before that. --Zhuyifei1999 (talk) 20:54, 6 July 2019 (UTC)

The fact that g.php is currently empty means that I can only claim that it is currently not a shell, but it may have been a shell. --Zhuyifei1999 (talk) 21:08, 6 July 2019 (UTC)

I just used my privileged access to check some logs, and the only url you accessed from your IP during the time that g.php was a 404 to the time that g.php a 200 was to /favicon.ico. You also logged in via ssh for 8 minutes, and that 8-minute timeframe that includes the 7 second timeframe when the file p.php is created. During the ssh session vi invoked on g.php 2 minutes and 5 seconds before g.php became a 200. To me this is beyond doubt that g.php was created through an ssh session and not by a privileged escalation through http.

However, I must say that, which yes you can delete / empty the shell to disable it, during the at least 38 minutes 59 seconds timeframe in which g.php existed whatever vulnerability that shell may have may impact the bot's security. A sufficiently dedicated / lucky attacker can compromise it during such timeframes. --Zhuyifei1999 (talk) 22:14, 6 July 2019 (UTC)

It's actually fv-logo.jpg, the shell is inside the image. In the EXIF Data + I didn't edited that picture for more than 2 days, you can check your logs. I can use exif_read_data or include them to access the shell anytime I want. You can check it using virus total which still fils to detect it (0% detection rate) on the contrary the php files were B74K which is not designed to avoid detection. -- Eatcha (talk) 04:17, 7 July 2019 (UTC)

fv-logo.jpg is cot executable code, but rather 'data'. Its magic number is ffd8 ffe0 0010 4a46 4946 0001 ......JFIF.., with a mime type of image/jpeg and not application/*. A web server should not interpret such files as 'code' or execute it (and indeed we don't). If you exif_read_data, then it stays as data as the exif information would not be executed. If you include it, then yes I'd immediately suspect something is wrong as the code-data separation is being broken. This argument is as good as "there's a shell code at /home/attacker/shell.php; I can include it anytime I want to give myself a shell"; you have to realize that if an attacker is able to include any arbitrary file they want, they already pwned you; whether that shell is a jpeg or not, whether it can be scanned by scanned by virus total or not, whether it is utf-16 or not, whether it is in your public_html or not, none of that matters. There are countless shells out there at GitHub. Their concern is that the user-provided code (as their data), is not executed on their servers (as their code). Similarly, your job is then is to ensure that fv-logo.jpg is never executed by an arbitrary attacker.

Though, if you do made data executable, then it is your problem. Again, whatever vulnerabilities the shell may have can compromise you while it is 'executable'.

BTW, I currently work on reverse engineering. I don't see why being undetectable by virus scanners is a big deal; there are just way too many ways to make detection hard. Have you thought of writing some machine code, some bytecode (as in, Java's compiled code), or even your own brainfuck interpreter? How about adding some obfuscation (such as [5][6]) or even self-modifying code? It doesn't matter as long as they are always data and never executable. Having high security standards is far more important than 'scanning for viruses'. By the time a virus code is executed, then it is already too late; The attacker has been able to run arbitrary code on you, and you have already been pwned. --Zhuyifei1999 (talk) 06:09, 7 July 2019 (UTC)

BTW, since you appear to have so much time, could you help me figure out what is a 'goose pool'? A certain program I'm analyzing "labelled" memory starting at 40000000h with length 80440h as '.goose_pool' and I'm having trouble figuring out what it is used for. And yes, the name troubles me. --Zhuyifei1999 (talk) 06:27, 7 July 2019 (UTC)

I can give it a try, But I need following information:

• Name of the Program (Necessary)
• Language Used (If applicable, asm?)
• Version (If applicable)
• Download Link of the program (if available)
• Host OS (If applicable)
• Is it a Proprietary software ? (If yes better you e-mail me)

I may ask some non-Wikimedian friends for help, are you okay with it ? -- Eatcha (talk) 14:47, 7 July 2019 (UTC)

Name/Version: . Language: compiled into m68k (more accurately, ColdFire ISA_C) machine code without debugging symbols. Source code is likely a mixture of assembly, C, and C++ (I have not found the vtable so can't be sure abut C++). Host OS: Bare metal, but likely loads / related to ThreadX. And yes it is Proprietary. I do not think I am permitted to provide you with the binary. I'm asking if the name rings a bell in any way. --Zhuyifei1999 (talk) 18:10, 7 July 2019 (UTC)

Actually, never mind. I'm guessing it is reserved memory for a certain service. --Zhuyifei1999 (talk) 18:22, 7 July 2019 (UTC)

In SEL-751 they Increased the maximum number of GOOSE (Generic Object Oriented Substation Event it's a subset of w:Generic Substation Events ) subscriptions to 64. GOOSE messages are “published” by a device via Ethernet multicast such that they can be “subscribed” by any number of other devices (here 64). So I think it is reserved memory for the goose service.

For more info you can visit trianglemicroworks.com/GOOSE.htm and cdn.selinc.com/751_DS . I didn't find anything on the internet about .goose_pool then I searched the model you mentioned, in the manual I read about the increment in goose subscription which when searched gives Generic Substation Events (Wikipedia Article). I read that and found what I think is your goose in this case. Hope this helps -- Eatcha (talk) 01:40, 8 July 2019 (UTC)

Yeah thanks for looking. I think that is likely the case. There are two strings literals in .const_data having 'GOOSE Memory Pool'. --Zhuyifei1999 (talk) 03:42, 8 July 2019 (UTC)

Hi, there. How are you? The bot could not confirm the license of File:DA Leader Helen Zille protests alongside protesters (2010).jpg. Link of the image is here. Lefcentreright (talk) 19:54, 7 July 2019 (UTC)

https://www.flickr.com/photos/democraticalliance/5032149871/sizes/l: 161 x 240... okay that's a 2:3 aspect ratio. But then the original... 1936 x 1296... that's a 3:2 aspect ratio. This is unfortunately a bug on Flickr's side. --Zhuyifei1999 (talk) 21:14, 7 July 2019 (UTC)

20:12, 8 July 2019 (UTC)

hi Zhuyin 1999, I am writing to ask you if you could kindly overload these two portraits with me. both files have a link linked to google art project, if possible cut the frame (thanks) 1) file 1 2) file 2 --Gerard Gaden (talk) 12:53, 12 July 2019 (UTC)

Are you aware that dezoomify is now able to download from Google Arts & Culture? Until Google change their algorithm, please use that, since my program takes much more time than dezoomify (though mine is algorithm-independent). --Zhuyifei1999 (talk) 01:11, 13 July 2019 (UTC)

algorithm ??????, but because you can't simply insert the right mouse button into OPEN IMAGE, it would all be better this way :), to be honest, some of this stuff please, BECAUSE I JUST HAVE KNOWN NOTHING--Gerard Gaden (talk) 13:12, 13 July 2019 (UTC)

Use dezoomify --Zhuyifei1999 (talk) 15:43, 13 July 2019 (UTC)

15:29, 15 July 2019 (UTC)

Hey Zhuyifei1999,

The problem with EAC is most players do not support it, literally found nothing on GitHub that can play this format. But native equirectangular format is widely supported across the internet and there are tons of players than can be integrated with our new video.js player. I read issue#15267, the easiest way to bypass this is serving empty User-Agent. Is there are any chance of doing this before we are flooded with crappy EAC format videos ? Just remove the UA (Any kind of UA will result in EAC format) and we are done. -- Eatcha (talk) 20:38, 10 July 2019 (UTC)

Check out File:360 Video of LCS-15 Christening and Launch.webm, I uploaded equirectangular by replacing the EAC. See https://tools.wmflabs.org/fpcstats/videojs-vr/index.html (Working 360 player, videojs-vr ) and https://tools.wmflabs.org/fpcstats/videojs-vr/index2.html (The same video in EAC format, doesn't works) -- Eatcha (talk) 21:09, 10 July 2019 (UTC)

So empty UA for YouTube only? --Zhuyifei1999 (talk) 04:02, 11 July 2019 (UTC)

Yes, but does it matter if you supply empty UA to all other sites (like Vimeo, Dailymotion, LiveLeak ,IG and FB )? -- Eatcha (talk) 05:04, 11 July 2019 (UTC)

I'm afraid to break downloading from other sites. I'll do the patch tomorrow. However, the backend servers and badly overloaded so I am unable to restart one right now to deploy the patch. --Zhuyifei1999 (talk) 05:24, 11 July 2019 (UTC)

I will try to test as much sites as I could (within next 24 hours )with local deployment, any other popular site you know other than what I mentioned ? -- Eatcha (talk) 05:28, 11 July 2019 (UTC)

-- Eatcha (talk) 07:17, 11 July 2019 (UTC)

I find that empty UA is a bad idea in general so I'd only do that if it is necessary. Besides, who knows which day a site will start blacklisting such? I know Wikimedia blacklist them.

Anyways, guess what? Make an EAC-format video player? Challenge accepted. (Might take a few days because too occupied with IRL stuffs) --Zhuyifei1999 (talk) 16:10, 11 July 2019 (UTC)

Are you sure, about creating a new EAC player that can be integrated with Video.js ? We don't have that many EAC videos as of now (see Category:EAC_Video), I also found that (We can not record in EAC format (yet), users only upload equirectangular format ). Maybe you should add a check box to serve empty UA, similar to Keep video, Keep audio and Import subtitles. Most of our 360 videos are equirectangular, we only have about 15 files that are EAC. And if I ever need to download a 360 EAC from commons, there is no media player that supports it. -- Eatcha (talk) 06:22, 12 July 2019 (UTC)

"there is no media player that supports it" Yes, but I'm about to change that. It's such a nice format don't you think? So sad that Google didn't make it a standard.

Regarding the patch, I'll get it deployed during the maintenance next week for a hypervisor migration. It needs a complete shutdown of the tool so why not do it together? --Zhuyifei1999 (talk) 01:15, 13 July 2019 (UTC)

@Eatcha: It happened: https://tools.wmflabs.org/yifeibot/videojs-vr/examples/eac.html (main modification: https://tools.wmflabs.org/yifeibot/videojs-vr/src/plugin.js search for 'EAC'). There's one issue I can see on my end though, that it appears to have aliasing edges if the texture is discontinuous at the point. Any ideas how to fix that? I tried zooming in during the glsl stage by multiplying q by something like 0.99 and no that doesn't help with getting rid of the edges, but made the entire texture discontinuous. --Zhuyifei1999 (talk) 06:42, 14 July 2019 (UTC)

Thanks, I was wrong about EAC this is in fact better that the native one (Both quality and transmission wise) - per google. Right now I don't know how to fix this issue, I will ask some one who I know can help. Warm Regards, Eatcha (talk) 14:58, 14 July 2019 (UTC)

Thanks. I just found that if I truncate 1.5 pixels from edges of all faces the lines will be gone, but then the string on the right becomes visibly discontinuous. Even then, if my understanding of the rendering / aliasing is correct only 0.5 pixels should be needed, not 1.5 --Zhuyifei1999 (talk) 18:46, 14 July 2019 (UTC)

I did it. Truncated 2 pixels from all discontinuous edges. --Zhuyifei1999 (talk) 19:59, 14 July 2019 (UTC)

I'm upstreaming it: https://github.com/videojs/videojs-vr/pull/179 --Zhuyifei1999 (talk) 22:21, 14 July 2019 (UTC)

@Eatcha: It should now upload equirectangular ones --Zhuyifei1999 (talk) 06:07, 18 July 2019 (UTC)

Thanks for the ping, I will try this now. -- Eatcha (talk) 06:18, 18 July 2019 (UTC)

Great, everything looks okay I checked by uploading two 360° files. Thanks -- Eatcha (talk) 09:20, 18 July 2019 (UTC)

13:06, 22 July 2019 (UTC)