What are you listening 2 now?

Madiel · November 19, 2022, 11:22:30 PM

Quote from: absolutelybaching on November 19, 2022, 03:51:49 AM
Not sure why GMG's server space matters to anyone who isn't hosting the site, though. Enterprise-class 18TB disks can be theirs for for ~£400. Make it two for redundancy... (And yes, I know it's not quite that simple, but the fundamental point that storage is cheap remains).

Well, feel free to hand over the necessary 800 pounds.

No? Funny how using the site apparently doesn't qualify as a reason to care about keeping the site running.

Irons · November 19, 2022, 11:58:17 PM

Quote from: vandermolen on November 19, 2022, 02:56:15 AM
Rubbra: Symphony No.10

Maybe against received wisdom but Rubbra's 10th is my favourite work by the composer. Lighter in orchestration and scope then other symphonies I have heard by him and I like that. I have not heard your Chandos recording, how do you like it, Jeffrey?

Papy Oli · November 20, 2022, 01:15:43 AM

Good morning all,

Schnittke - Symphony No.0 to start the day.

vandermolen · November 20, 2022, 01:24:17 AM

Quote from: Irons on November 19, 2022, 11:58:17 PM
Maybe against received wisdom but Rubbra's 10th is my favourite work by the composer. Lighter in orchestration and scope then other symphonies I have heard by him and I like that. I have not heard your Chandos recording, how do you like it, Jeffrey?

I like it as well Lol. I'm loyal to the old Hans Hubert Schonzeler recording (RCA) as it was the only one I owned (on LP you'll be pleased to hear) until the Hickox recording. I also liked Schonzeler's pictorial biography of Bruckner. I've enjoyed the Hickox as well, but Schonzeler made the greater impression.

Some cheery early morning listening here: Rachmaninov 'The Isle of the Dead'. I was tempted by John Wilson's new recording (Chandos) with Symphony No.3, but, for once, I thought that I would exercise some uncharacteristic restraint and listen to one of the many performances already in my collection. This one by Pletnev is very good indeed.

vandermolen · November 20, 2022, 01:28:48 AM

Quote from: Wanderer on November 19, 2022, 10:13:55 PM
Love the cover! 😎

It's a fine CD in all respects.

Que · November 20, 2022, 01:29:04 AM

Lisztianwagner · November 20, 2022, 01:51:33 AM

Richard Strauss
Vier letzte Lieder

Madiel · November 20, 2022, 02:45:04 AM

Quote from: absolutelybaching on November 20, 2022, 02:08:53 AM
Short version: a JPG contains EXIF data; the EXIF data can contain program code that can be run to exfiltrate banking information from any PC whose browser views those images.

And how likely do you think it is that Amazon jpegs contain EXIF data?

We weren't talking about the generic risks. We were talking about pictures on Amazon. If Amazon was an avenue for stealing people's bank details it would be a massive scandal.

Madiel · November 20, 2022, 02:46:44 AM

Quote from: absolutelybaching on November 20, 2022, 02:08:53 AM
Using the site is one way of actually ensuring the website stays running! Without users, there's not a lot of point in running it in the first place, is there? In any event, I don't see you being a paid-up subscription member, either, so I'm not sure people living in glass houses should be quite so cavalier in throwing stones. It's probably a good idea not to go around being quite so judgmental about other people's personal budgeting choices, either.

As for this, I'm merely responding to your proposition: that none of us need to care about the site's server space. I care, because burdening the site's server space could affect how well the site runs. We are not talking about a big professional operation here. And not being so judgmental about budgeting choices? I'm not the one who just casually suggested that someone else ought to be shelling out money! No, I don't have a subscription, but I also wasn't the one who said that 800 pounds should be spent for my benefit.

Honestly, I sometimes get the sense you don't actually read your own posts.

Operafreak · November 20, 2022, 03:15:16 AM

Mahler: Symphony No. 8 in E flat major 'Symphony of a Thousand'-Chicago Symphony Orchestra, Wiener Sängerknaben, Wiener Staatsopernchor, Sir Georg Solti

Pohjolas Daughter · November 20, 2022, 03:18:23 AM

Quote from: JBS on November 18, 2022, 03:32:05 PM
PD--I thought everyone can see the Amazon images! What happens when you visit Amazon itself?

On Amazon's website, I don't have any problem seeing their images (this is using Safari)--except for those with the comment in Dutch saying something along the lines of "No image is currently available".

PD

p.s. Currently enjoying a radio program of baroque music whilst nestled in my living room (trying to keep warm).

Spotted Horses · November 20, 2022, 03:21:11 AM

Quote from: absolutelybaching on November 20, 2022, 02:08:53 AM
Using the site is one way of actually ensuring the website stays running! Without users, there's not a lot of point in running it in the first place, is there? In any event, I don't see you being a paid-up subscription member, either, so I'm not sure people living in glass houses should be quite so cavalier in throwing stones. It's probably a good idea not to go around being quite so judgmental about other people's personal budgeting choices, either.

Moreover, the fact that you cannot see the problem in permitting people to link to third-party resources over which you have zero control is your issue, not anyone else's. But I'll give you a clue. See for example: https://umbrella.cisco.com/blog/picture-perfect-how-jpg-exif-data-hides-malware or https://www.bullguard.com/blog/2018/01/jpeg-files-and-malware.

Short version: a JPG contains EXIF data; the EXIF data can contain program code that can be run to exfiltrate banking information from any PC whose browser views those images. If you're comfortable with that, maybe just email me your bank details right now and save everyone time! If this site enforced uploading JPGs to its own storage, it could scan for such trojan code at the point of upload and protect its users properly. It cannot mandate scanning of images merely linked to, however. And that's the potential security hole here.

Rob has stated that he runs the site as a labor of love, not as a business. He pays for the cost of maintaining the site out of pocket, which is partially offset by advertising and subscriptions. Doing what I can to reduce his overhead seems like a no brainer.

As I understand it, EXIF data is never executed. A malicious site can execute code that it has hidden in an image file (either in the EXIF data or in the image data itself), which can help it evade detection.

Pohjolas Daughter · November 20, 2022, 03:27:25 AM

Quote from: Madiel on November 19, 2022, 11:20:45 PM
Well it sounds like the issue is that you personally have blocked Amazon. Why? Or more particularly, why was your first thought "No"? It's Amazon, not some virus-laden nefarious download site.

I'll double-check my settings. Thanks for the suggestion. I'll try playing around with them.

With my older computer, I'm probably finding myself feeling increasingly cautious.

PD

Karl Henning · November 20, 2022, 03:42:05 AM

Quote from: ultralinear on November 20, 2022, 02:12:24 AM
Good to hear.

Cheers!

Spotted Horses · November 20, 2022, 03:56:30 AM

Quote from: Pohjolas Daughter on November 20, 2022, 03:27:25 AM
I'll double-check my settings. Thanks for the suggestion. I'll try playing around with them.

With my older computer, I'm probably finding myself feeling increasingly cautious.

PD

Didn't you say that when you browser explicitly asked you if you wanted to allow downloads from Amazon and you said no?

Spotted Horses · November 20, 2022, 04:01:21 AM

Continue to enjoy these very concise trio sonatas from Albinoni, performed by Parnassi Musici

Sonatas No 2, 3, 4 this early morning.

Pohjolas Daughter · November 20, 2022, 04:13:59 AM

Quote from: absolutelybaching on November 20, 2022, 03:46:18 AM
Try to use your imagination a little more effectively.

First of all, some people are not linking to Amazon at all, but to sites that don't even use https, but use just plain unencrypted http. Have you not noticed that the little padlock icon in your browser's address bar, for some pages here, will be displayed with a little exclamation mark and the text (when you click it) saying "Site information for www.good-music-guide.com ... Connection not secute... Parts of this page are not secure (such as images). See the screenshot I attach below. Blaming no-one in particular, because I know they wouldn't do it wilfully, but that message appears on this present page in part because back on page 4157, a link to http://www.exactlabels.com/ap11498816/lm40442211/CDart5513.jpg was included. Http, not https: entrie encryption scheme for this webpage thus borked, through innocent linkage. There's a reason some people lock down their browsers so that linked images appear blank: that's one of them. But they shouldn't need to (that is, by all means set your security settings to strict, but it shouldn't make web pages break on well-regulated websites).

So whilst it might well be the case that you can trust Amazon not to contain compromised JPGs (though even that is an act of faith on your part), it's not an issue that only affects Amazon.

Moreover, which website do you think would make a more appealing target for hackers? Good Music Guide or Amazon? So, even if it were only Amazon.com images we were worried about, there's a good chance that Amazon might be compromised at some point, because they are such a juicy target. Ask your Australian Medicare IT department how they feel about massive, robust, well-regulated IT infrastructures like Amazon not being compromised! And when the day of compromise comes, formerly good JPGs can be silently replaced with bad ones -and everyone who ever linked to them has just helped the hack spread.

The fundamental point is: you cannot control this. GMG certainly can control their own security practices, but by allowing third-party links, they compromise their own security and put it in the hands of people they do not know and have to merely trust. And that usually doesn't turn out to well for the people doing the trusting.

You might not have been talking about generic risks, but I very definitely was. It's why I mentioned 'third part resources', not 'Amazon pictures'. Amazon is a potential problem, just like any third-party site over which you do not have direct control.

I'm a bit confused as I checked out page 4157 (of this thread) and the only image that I couldn't see was one that Todd had posted and had an Amazon address. I'll go back and copy it.

I was able to see the address--not the image--when I clicked on quote. This is what I copied from there:

Or did I miss some other image? I didn't see anything else blocked?

PD

Papy Oli · November 20, 2022, 04:16:53 AM

A first listen to Messiaen's organ music.

Messiaen - Les Corps Glorieux
(Louis Thiry, organ)

Pohjolas Daughter · November 20, 2022, 04:21:18 AM

Quote from: absolutelybaching on November 20, 2022, 04:18:35 AM
I wasn't referring to whether it was visible or not, sorry.

I mentioned that page because it contains an http image link, rather than an https one. Such links mean not everything on a web page is encrypted. That's all orthogonal to whether said linked image is viewable in a particular browser or not.

Got it; thanks!

PD

Pohjolas Daughter · November 20, 2022, 04:34:50 AM

Quote from: Spotted Horses on November 20, 2022, 03:56:30 AM
Didn't you say that when you browser explicitly asked you if you wanted to allow downloads from Amazon and you said no?

That happened when I copied the address and opened it in another tab and it asked me; at the time, I said no.

I did go back and try some things. I checked my settings in Safari for Amazon and I had had content blocking "On" for both this forum and Amazon. I tried enabling both of them (turning CB "off") and that didn't make any difference as to what I could see vs. not in terms of images. I'm not certain what else I could try changing? Anyway, I don't want to sidetrack this thread any further. Perhaps one of the mods could shift the relevant postings elsewhere?

PD