This is critically important for everyone and is shared for wide reach.

  • d3Xt3r@lemmy.nz
    link
    fedilink
    arrow-up
    3
    arrow-down
    2
    ·
    edit-2
    1 year ago

    You didn’t, but it was posted by others. Posting about a critical vulnerability a whole month later is pointless. If this was acceptable then we’d see people constantly posting outdated news stories for critical vulnerabilities in other apps weeks or months after it’s been published, which doesn’t make sense. Admit it, you made a mistake in posting this - you didn’t check the date and thought it was a new article, right? Otherwise why would you post about this a month later?

    • TheAnonymouseJoker@lemmy.mlOPM
      link
      fedilink
      arrow-up
      2
      arrow-down
      5
      ·
      edit-2
      1 year ago

      Because WinRAR is popular and I have not seen it posted as much? My motive was to spread awareness, because of its sheer popularity. I see no harm in this.

      This CVE being a month old does not mean its an outdated thing, because the potential of users getting affected is massive. Too many RAR 3.x and older packaged archives circulate around the world, and WinRAR does not automatically update for people, unless you are a techie that uses winget or choco.

      I remain on top of such news usually, and if I missed it, there is a very good chance many have. Yes, I see myself as a benchmark of sorts, considering how seriously I treat and advocate privacy and security. If you want to just look good for calling me as a mod out, it is very unnecessary, unless there is some malicious intent or a low effort post being made.

      Edit: you say it was posted “a lot” on Lemmy. But I only see one post each on Beehaw and Lemmy.world, which, for a CVE of this potential is… very bad? This news should have been plastered all over in relevant tech subs for maximum awareness.

      • d3Xt3r@lemmy.nz
        link
        fedilink
        arrow-up
        3
        arrow-down
        2
        ·
        edit-2
        1 year ago

        because the potential of users getting affected is massive.

        Except, it’s not actually popular these days, and therefore, it doesn’t really warrant reposting such old and irrelevant news. And my earlier point still stands - what you posted is basically a repost. Just because you missed it doesn’t mean others have, nor does it justify it.

        You probably won’t believe me that WinRAR isn’t popular, so I made a poll just for this - you can see for yourself that not many people here actually use WinRAR.

        • TheAnonymouseJoker@lemmy.mlOPM
          link
          fedilink
          arrow-up
          3
          arrow-down
          5
          ·
          1 year ago

          Do you realise WinRAR has over half a billion users? Your personal poll, assuming 20-30 votes, will not change that fact. 7-Zip has lesser users because WinRAR has been a full featured archiver since over a decade with a pretty GUI.

          The average user that uses Windows installs and uses software in this order -> Chrome/Firefox, VLC, WinRAR, MS Office, Zoom/Discord/Teams, then rest of the stuff. No matter what large software downloading website you check (Softpedia, Majorgeeks, Techspot, Filehorse, Filehippo), the most popular downloaded software will have these at the top. Photoshop, IDM and Avast are also similarly popular.

          You have no idea about general user security and popular software demographics.

          Also, go figure. I have a whole guide on Linux/Windows computing that covers users of all skill levels. https://lemmy.ml/post/511377?scrollToComments=true

          • d3Xt3r@lemmy.nz
            link
            fedilink
            arrow-up
            3
            arrow-down
            3
            ·
            edit-2
            1 year ago

            Do you realise WinRAR has over half a billion users

            Citation needed. But regardless, these users are clearly not on Lemmy. This is about relevance to Lemmy users, and the poll reflects how relevant WinRAR is for them.

            No matter what large software downloading website you check (Softpedia, Majorgeeks, Techspot, Filehorse, Filehippo), the most popular downloaded software will have these at the top.

            That’s not really a valid metric, because these sites only show the total downloads, and don’t display recent numbers. WinRAR may have been popular 10 years ago, but they don’t show how many users downloaded it in the last year or whatever, so those numbers are meaningless.

            You have no idea about general user security and popular software demographics.

            I’ve been a Windows sysadmin for 11+ years and used computers since the days of MSDOS, so don’t tell me I don’t know software demographics. It’s you who is out of touch. Besides pirates, I’ve haven’t seen anyone still actually use WinRAR in the wild. The average user just doesn’t have a need for WinRAR - Windows already creates and opens zip files, and that’s all they need, because everyone else uses mainly zip files these days. And in offices, where they may need to transfer password protected files, they may ocassionaly use 7zip (due to its more secure encryption). But that’s all. Excluding Linux and Mac users, Windows users mainly only use .zip and .7zip these days (once again, excluding pirates).

            • TheAnonymouseJoker@lemmy.mlOPM
              link
              fedilink
              arrow-up
              3
              arrow-down
              3
              ·
              1 year ago

              Do you realise WinRAR has over half a billion users

              Citation needed. But regardless, these users are clearly not on Lemmy. This is about relevance to Lemmy users, and the poll reflects how relevant WinRAR is for them.

              From the official website https://www.win-rar.com/ (https://rarlab.com is the other site):

              With over 500 million users worldwide, WinRAR is the world’s most popular compression tool!

              Lemmy is not catering to Lemmy users, but to internet users who may search and find this post as one of the search results. In the case of tech and information subreddits, Reddit never exclusively acted as a place catering to Reddit only, but to disseminate information people could read 5-10 years later and still find use out of it. This logic of making Lemmy an isolated culture is invalid.

              That’s not really a valid metric, because these sites only show the total downloads, and don’t display recent numbers.

              Thanks for validating this post even more. This means most people downloaded a WinRAR installer years ago, and never updated it. And since then, WinRAR is just being used as a rightclick -> extract tool. Hence the reason I said most WinRAR users who never updated are somewhere around 5.20 version. WinRAR on top of this is not a software that can self update.

              I’ve been a Windows sysadmin for 11+ years and used computers since the days of MSDOS, so don’t tell me I don’t know software demographics. It’s you who is out of touch. Besides pirates

              It is worrying that you have been a sysadmin and yet you are telling me these things. I have been a hardcore Windows user since the 95 days, having switched to Linux 6 years ago, and am dualing Debian and W10 since more than a year.

              I think you do not exactly understand how piracy works, if your claim is that implied pirate users aka “torrent” only users receive RAR files. Most pirate users get their RAR files from regular file sharing websites like Mediafire or Gofile. Your implication could be further reduced and extrapolated to something like “oh people do not download they just stream, why worry” as well.

              RAR continues to be the most robust production ready archival format due to its builtin recovery records (Igor Pavlov recently refused to work on incorporating it) with the most complete file timestamp support and archival locking features over 7Z, which is why there exist people who still prefer it. I personally switched to 7-Zip for compression ratio years ago, but I have been fairly an expert on file compression and archival for over a decade. WinRAR also skips errors often and successfully extracts all multipart (and regular) RAR and ZIP archives unlike 7-Zip which sometimes fails, which is the reason many users use it.

              7-Zip gets installed onto corporate machines due to its free license, just like Notepad++ and VLC, something you probably base your claim off of, which is not how personal users work.

              I think you are arguing for the sake of arguing, and to solve a problem that does not exist. Winning internet debates is bad for mental health and bad for feeding the confirmation bias monster in your head. If this “1 month old” post was such a widely known vulnerability, the vote ratio would have been atleast 35-45% negative, and I would have received more than 1 report as complaints.

                • TheAnonymouseJoker@lemmy.mlOPM
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  6
                  ·
                  edit-2
                  1 year ago

                  I think you do not exactly understand how piracy works,

                  Stop making assumptions on my behalf. I never even mentioned torrents or streaming.

                  Great, but your implication is clear as day, about the “pirate” users = RAR users. I have not just been a pirate but [REDACTED], if you will, besides normal computing. The credential game is not one to be won here.

                  RAR continues to be the most robust production ready archival format due to its builtin recovery records

                  That’s irrelevant and besides the point. It could be the best damn thing in the world but it doesn’t matter if no one uses it.

                  Except hundreds of millions of active users use it. The active users may not be 500 million, but it sure is easily atleast 200 million, with every download site having it topping the charts. To make my post look ridiculous, you are ending up making the worst possible arguments. I say cut your losses.

                  Compression was a big necessity those days due to the low capacity of floppy disks, and recovery records were needed due to floppies being very succeptible to corruption. These days though, that’s all mostly a thing of the past. No one cares about the recovery records in RAR files, besides pirates.

                  Data archivists also use RAR for the same reason, besides multiple backups. Protection against CRC errors is always handy. I was a 40 and 80 GB HDD user, so my compression obsession comes from those days, when I was a kid and disk space was expensive to buy, later turning into expertise hobby. I continued to be one of those few users that recognised the potential of FreeARC the same time as famous repackers like FitGirl and Razor, so let us just say I will speak no more further than the word NanoZip. And that I continue to be as uptodate on compression as Zstandard and BLOSC.

                  I told you about the voting ratio acting as a good determining factor. If this was something as popularised as WannaCry was few years ago, I would have deleted the post. But I have not seen it posted on this instance, only on Beehaw (same activity as this post) and Lemmy.world, a couple memes on r/piracy and a post on r/datahoarder. It is not on YouTube or popularised enough on Reddit/Lemmy. WinRAR is still almost as popular as MS Office.