The un-lame LAME

Posted: May 8th, 2009 | Author: | Filed under: IT Related | Tags: , , , , , , , , , | No Comments »
lame

LAME originally stood for LAME Ain’t an Mp3 Encoder. LAME development started around mid 1998 by Mike Cheng. It started life as a GPL’d patch against the dist10 ISO demonstration source, and thus was incapable of producing an mp3 stream or even being compiled by itself. Therefore, Mike Cheng decided to start from scratch based on the dist10 sources. His goal was only to speed up the dist10 sources, and leave its quality untouched. That branch (a patch against the reference sources) became Lame 2.0, and only on Lame 3.81 did we replaced of all dist10 code, making LAME no more only a patch. Now LAME is the source code for a fully LGPL’d MP3 encoder, with speed and quality to rival and often surpass all commercial competitors.

Mike Cheng eventually left leadership and started working on tooLame, an MP2 encoder. Mark Taylor became leader and started pursuing increased quality in addition to better speed. He can be considered the initiator of the LAME project in its current form. He released version 3.0 featuring gpsycho, a new psychoacoustic model he developed. In early 2003 Mark left project leadership, and since then the project has been lead through the cooperation of the active developers (currently 4 individuals).

Today, LAME is considered the best MP3 encoder at mid-high bitrates and at VBR, mostly thanks to the dedicated work of its developers and the open source licensing model that allowed the project to tap into engineering resources from all around the world. Both quality and speed improvements are still happening, probably making LAME the only MP3 encoder still being actively developed.

LAME features:

  • Many improvements in quality in speed over ISO reference software. See history.
  • MPEG1,2 and 2.5 layer III encoding.
  • CBR (constant bitrate) and two types of variable bitrate, VBR and ABR.
  • Encoding engine can be compiled as a shared library (Linux/UNIX), DLL , Directshow filter or ACM codec (Windows).
  • Free format encoding and decoding.
  • GPSYCHO: a GPL’d psycho acoustic and noise shaping model.
  • Powerful and easy to use presets.
  • Quality better than all other encoders at most bitrates.
  • Fast! Encodes faster than real time on a PII 266 at highest quality mode.
  • MP3x: a GTK/X-Window MP3 frame analyzer for both .mp3 and unencoded audio files.

Q: What the hack is this? I did involve in MP3 encoding, but why I never heard about this before?
A: Because you are lame. 😛

Among the commercial tools that are using LAME are :

  • WinAmp
  • UltraISO
  • SWiSH Max
  • Blaze Media Pro
  • … and many more…

Those names that I mentioned above (in bold) are the true hero in open source world especially in MP3 encoding. They are the truly un-lame LAMErs. For the lamers out there who have big dreams but totally have no effort like Mike Cheng, you are the king of lame!:)


Sorry to Say, But It is a Lame Exploit

Posted: January 18th, 2009 | Author: | Filed under: IT Related | Tags: , | No Comments »

As posted in SEBUG Security DB, puret_t released an exploit on WordPress 2.7.0 admin remote code execution vulnerability. I plan to discuss the exploit and the vulnerability in a knowledge sharing session, so I spent a few minutes to study them.

Sorry to puret_t because I have to say that it is a lame exploit. The reasons are :-

  1. You need to have admin user name and password to execute the exploit.
  2. The exploit will upload a webshell, but since you have admin user name and password, why dont you just use the upload function in wordpress?
  3. The webshell itself contain error :-
    <?php eval($_POST[c]); ?>

    The correct one should be :-

    <?php eval($_POST['c']); ?>