Announcement

Collapse
No announcement yet.

MPV 0.34 Released For Popular Linux Media Player

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #21
    Originally posted by smirky View Post

    Can you explain what exactly may happen if I download random movies from untrusted sources? Aren't media files just containers with streams inside, which don't execute any binary code on the CPU?
    Wrong. Crafted exploits can be made. for instance you can fairly trivialy create a virus using a .mkv file. to exploit old VLC. All you have to do is create an exploit. And once you have an exploit you can create a virus that can make use of it.

    You have two parts of a virus. The exploit and the payload. while the payload is a scary part, the exploit is what you want to try and patch. I believe in 2020 there was a fairly significant vulnerability with VLC that was found, it would allow a crafted MKV to be used to execute malicious code.

    It doesn't matter what is in the container, a video program will still look at the container and try to figure out what's in it. If you can exploit that process which they did, then you could get yourself code execution

    Comment

    • #22
      Originally posted by dec05eba View Post

      why rust + seccomp? isn't c + seccomp just as secure since it gets sandboxed at kernel level anyways? you would also need to rewrite ffmpeg in rust and the video decoders, such as libx264 (assuming cpu decoding). parts of libx264 is also hand written in assembly for performance. Writing it in pure rust would lead to performance degradation.
      Because of multi-layered security. Because defense in depth.

      Comment

      • #23
        Originally posted by rmfx View Post
        I miss when wm4 was in charge and still active.
        Code was leaner and leaner and big improvements were recurrent and at a fast pace.
        It was 50 / 50, for the good he did the other 50% was like him being a wrecking ball and screwing thing up. He wasn't ousted from the project for no reason.

        Comment

        • #24
          Originally posted by uid313 View Post
          Because of multi-layered security. Because defense in depth.
          No one is going to re-write millions of lines of code from multiple projects just to appease someone's ideals and then have unportable junk. Yay!

          Comment

          • #25
            Originally posted by hax0r View Post
            it is an unmaintained abandonware at this point
            Come back to reality. Too many morons.

            Comment

            • #26
              Originally posted by brad0 View Post

              It was 50 / 50, for the good he did the other 50% was like him being a wrecking ball and screwing thing up. He wasn't ousted from the project for no reason.
              WM4 was wild, he was the evil version of old Linus, I would always get a kick from the stuff he wrote in commits, I wonder what he is doing now, He may be a prick, but he was a talented coder.

              Comment

              • #27
                Originally posted by Quackdoc View Post
                WM4 was wild, he was the evil version of old Linus, I would always get a kick from the stuff he wrote in commits
                Yet Linus' wouldn't pull some of the crap wm4 did.

                Originally posted by Quackdoc View Post
                He may be a prick, but he was a talented coder.
                There is more than just talent to being a developer.
                • Likes 1

                Comment

                • #28
                  Originally posted by uid313 View Post

                  More and more malware starts to target Linux. Firejail is great, but end-users don't know how to configure and setup firejail. It should run sandboxed without the user has to setup anything. It should be sandboxed by default.
                  Flatpak and snap should have a sandbox, sure it's a bit safer, but I've seen a lot of hacked sandboxes, so I've always thought that sandbox is just a myth.

                  Comment

                  • #29
                    Originally posted by brad0 View Post

                    Yet Linus' wouldn't pull some of the crap wm4 did.
                    Like I said, evil version lol

                    There is more than just talent to being a developer.
                    While true there was a great deal of talent that he had, I can't help but wonder what it is being used for now

                    Comment

                    • #30
                      Originally posted by Quackdoc View Post
                      While true there was a great deal of talent that he had, I can't help but wonder what it is being used for now
                      Yet he was kicked out for all of the talent he had. Didn't do him any good.

                      Comment

                      Previous 1 2 3 4 template Next
                      Working...
                      X