the dream is over
>We've been informed earlier today, January 13, 2016, that Arch Linux developers have already patched the FFmpeg 2.8.4 packages in the operating system by rebuilding them without the AppleHTTP and HLS demuxers.
feels good to be secure desu senpai
It's good that people can openly audit the source code and discover vulnerabilities. This whole process makes sure problems get found and fixed, which improves the quality of the software.
Security through obscurity is not the answer.
>Band-aid fix. Enjoy no HLS.
So? If this functionality is not important to you, you can go ahead and implement that patch while you wait for a proper fix to come from the ffmpeg developers.
Why are people on /g/ so aggressively stupid?
Even Debian doesn't use that shit anymore
So...should I limit all Internet use to a virtual machine that has limited shared file access with the host machine?
Vulnerabilities like this make me think that it would be the smart move. I realize there has been malware designed to detect and escape a VM, but that's a lot harder and therefore more rare.
If someone exploits a browser or media library they can read files or control execution on a machine with...no actual personal files. If I discover the exploit I can trash the VN and copy over a fresh one.
Why aren't we doing this?
>Why aren't we doing this?
It's extremely inconvenient to have a vm that has no/limited file access to the host. How are you going to save some of your work or any other files? Manually? By accessing the crazy, unreadable structure of a virtual drive file? Or Send them over mail?
This is actually a pretty good idea. The only application people use for the internet anyway is the browser, right? Well that and system updates. Just use a VM for the web browser, and any files you download just use scp to move them to your machine.
>It's extremely inconvenient to have a vm that has no/limited file access to the host.
>How are you going to save some of your work or any other files? Manually?
I imagine you could share one folder. I don't think malware could access host files outside that folder without detecting and compromising the VM itself (could be wrong???).
Some sites I would access on the host (i.e. banking; work). But must of the retarded shit we do on the Internet doesn't involve saving files except for meme and porn folders. Do I really need file access to watch a cat video sent by a friend which may be compromised with some zero day control the browser and then the OS shit?
The more I think about this the more I like it.
when VMs started getting popular I thought that one day OSes like Windows would evolve to run all applications in their own VM exactly for this reason, but forward-thinking from-the-ground-up stuff like iOS seems to be using a variant of FreeBSD jails.
Actually it's more that package managers lose again.
When it comes down to it, the only real advantage package managers have is that they're good for deduplicating dynamic libraries.
Take a vulnerability like this and you turn the whole thing on its head--package managers suddenly useless because every package that relies on the vulnerable package is suddenly a vector.
Whereas Windows is rife with static embedded libraries, and vulnerabilities are generally reduced to individual problem applications.
That's like asking why Python has libraries for handling mail or making video games.
Emacs is an Emacs Lisp interpreter that ships with a bunch of useful default scripts. Emacs has a mail client because there's a useful mail client Emacs Lisp program included in the default bundle.
On the other hand, ffmpeg is not a general programming language interpreter.
>every package that relies on the vulnerable package is suddenly a vector.
And all you have to do is update that one package and you've fixed the vulnerabilities in all of them.
Whereas in Windows you have to manually recompile or update every single fucking program that uses that library. Good luck tracking down which programs use d3dxpak74.dll, which version, whether they have the vulnerability, updating them, and hoping that the updated library actually works with the programs in question.
People call me tinfoil, but I spend most of my time in vm with linux. I have turned off:
easy copy and paste
clipboard (between host and vm)
My main vm has 40gb on ssd. I do not turn it off, just suspend.
I have other vm for not secure shit where there is a snapshot revert after turn off.
yah fuck this shit I'm gonna redo my setup during this weekend
fucking tired of all these motherfucking exploits
tfw thought about doing this could years ago when I read about 0days but thought it's too paranoid
just suspend? I've found the system runs a bit slower when I always suspend and never reboot
Yeah I had this problem few years ago on hd 5600, virtualbox and ubuntu, but I think it somekind of fuck up code by virtualbox devs.
Now I am using ssd + vmware + I have 13 months old vm and everything runs smooth.
I'm with you. I have two VMs already on my MBP for working with Windows tools and code. I think I'm going to isolate all browsing to a 3rd VM with Linux or maybe a virtualized copy of El Cap.
>the dream is over
We're flat stone cold lied to