>video players don't need updates!
>they just play videoz and shit
>I don't need to update muh MPC-HC
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
>Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software
I used mpc-hc to watch movies until I test mpv
I think anyone who continues in MPC is because they have not tested mpv or think it's only for linux or they do not know how to install
>>60550883
Or because it is a video player and MPC meets the requirements.
>>60550859
>tfw the botnet on pantsu torrents will soon be true
hold me
any saample?
>>60550883
can you use madvr with mpv?
>>60550859
the specific formats affected by this aren't even mentioned
fuck off
>>60550883
>no gui
>shit tier hotkeys
>inb4 you can change it
I don't give a fuck, I want a media player to just work out of the box, im not gonna bother configuring a FUCKING MEDIA PLAYER
That site doesn't mention mpc.
>>60551595
You don't need to
Good thing I don't download subtitle files.
>>60551694
But it works? If you don't want to configure a player, the basic functions suffice - play, pause, next, volume, seek etc. What else would you need in a video player?
>>60551595
top lel
>>60551709
I actualy only need air, water, food and a shelter
but I want a good resize for my 80s chinese cartoons that don't have been released on BD
>>60550859
Fuck you /g/, the amount of paranoia this board had already created on me is terrifying, and now this?
You made use vpns, made me use open-source software only, and now this? Not even my subtitles are safe?
Looks like i'll have to start watching my anime on a vm, or i'll never be able to sleep again. Thanks /g/.
>>60550859
it's not a subtitle format vuln. it's not MPC-HC. it's the shitty conehead and its derivatives happily auto-unzipping/auto-overwriting the first thing it finds on public uploaders, without sanitizing relative paths at all, so it will happily drop things in (parent)/(parent)/(parent)/(parent)/(parent)/(parent)/(parent)/Windurrrrrr/System三二
even goddamn yotsuba has better filtering on its posts to not let me post the actual path
>>60551879
>actually falling for the memes here
fucking kek
>>60551839
I don't remember what's it called but mpv has its own version of madvr which works just as good
>>60550859
sweet, gonna take advantage of this and make a fake leak of evangelion 3.0+1.0
>>60550859
>including VLC, Kodi (XBMC), Popcorn-Time and strem.io
A shoot in the dark but it sounds like a fontconfig vulnerability. mpc-hc doesn't use fontconfig neither is it listed on that page.
Also if you use very large cone and any of those streaming crap then please re-consider your life.
>>60551939
It's dumber than that, it's the automatic subtitle fetcher accepting zips and not stripping relative paths.
>>60551695
>That site doesn't mention mpc.
That's because mpc-hc hasn't been contacted for a fix yet. The ones listed have already fixed it.
>>60552107
MPC-HC isn't vulnerable to this attack by design.
>>60550859
1. Note that the article doesn't say MPC as vulnerable.
2. this is what you get when you create ridiculous bullshit subtitle formats that can draw full shapes on the screen with embedded fonts and other bullshit. SRT files don't have this problem and they are completely perfect for all movies.
>>60550883
I used that. Went back to MPC immediately.
>>60551924
>Half Life 3 leaked intro cinematic (english subs).mkv
>>60552336
ironically, srt handling in typical use case is vulnerable while the full-on embedded fonts .ass experience is not
This thread right here is the problem with nu-/g/.
Software A has a poorly-described vulnerability! 20 people have opinions about it.
A whole two of them have looked at the linked commit comments for the fixed bug.
First reply is holy warring the completely-unrelated softwares B and C, and half the rest of the thread takes the bait.
Third reply is muh botnet memes ecksdee upboat pls :)
Fourth and sixth replies are "reading github comments is haaaaaaard, spoonfeed me"
Fourteenth reply is a genuine untreated scizophrenic.
Nineteenth reply is completely wrong guess at what the problem is by someone who didn't bother reading the commit comments.
21st insists that software C, which doesn't even have its own competing implementation of the feature the vulnerability is in, is actually more vulnerable because reasons.
23rd can't read commit comments or the rest of the thread, insists that REEEEEEEEE this is what newfangled formats get you, plaintext was good enough for Baudot and dammit it's good enough for me (the vuln is actually in how the software implements its plaintext community-sourced fallback for content which doesn't use newer formats)
This isn't even a technology board anymore. It's just Plato's Cave as reenacted by sad autistic children.
Is mpv with the autosub script affected?
>>60551918
>mpv has its own version of madvr which works just as good
>just
>as
>good
>>60551810
For starters I would like to be able to open up a new fucking video without it using a new windows every damn time + not remembering the window position. You know just basic shit I shouldn't have to do while I have one hand on my dick.
>>60553346
close it and open a new video, then
as far as i'm concerned, i'm either watching a video or i'm not, so i rarely take it out of fullscreen
so i need to dismiss the video to select another anyway
>Switch from VLC to MPC-HC because /g/ recommends it
>Starts working fine, some time later for some reason the audio is distorted whenever it gets a bit loud
Why is this happening?
>>60551839
m80. I used mpc+madvr for like 5 years and recently switched to mpv just to try it out. It's impossible for a human to see a difference between them, even if you grab same frame and compare them. It's literally up to whether or not you want a GUI for settings at this point, they're effectively the same thing.
>>60550883
or because MPC does not make GPU decoded frames go back and forth before presenting them.
(what basically dxva-copy does)
>>60553455hwdec=dxva2-copy
?
>>60553346
>autoload.lua
>>60553510
No point in using some script to get basic functionality offered by another player with a superior gui + renderer.
>>60550859
>letting your media player download subtitles on its own
>>60553433
I think I got that once and I looked everywhere until I remembered that I had increased the audio boost up to 150%. Look for it and lower it back to 0% if it's turned up.
>>60554995
Its because he is probably using some other guys config instead of the default. Distortion will happen with some configs on certain hardware.
>>60550859
>streaming
You deserve it. And I don't remember mpc-hc downloading subtitles by itself.
Who the fuck uses subtitles? They totally ruin the delivery of every line. They spoil the punchlines of jokes and ruin the emotional delivery of non-jokes.
>>60557615
People who are deaf. People who aren't very good at English or have trouble understanding other accents. People who watch things that were made in foreign languages.
>>60557615
>Who the fuck uses subtitles?
>on an anime website, for english speakers
>seriously asking this question
>>60550859
Nobody uses the subtitle functionality in MPC-HC. Everyone uses VS-Filter. Fuck if I know if that's vulnerable tho. But it is certainly something that doesn't require MPC HC to be updated.
>>60550883
mpv is ugly and shit
>>60557842
>Nobody uses the subtitle functionality in MPC-HC
I'm glad I watch hardsubbed only
>tfw building mpv every day
>>60550859
>can't even watch Mongolian cartoons on Windows without getting hit with malware
Winbabbies have it hard.
>>60557842
I use xysubfilter
>>60557893
>hardsubbs
>>60557842
Actually I do, I can't see a difference between it and xysubfilter.
>which are then downloaded by a victim’s media player
Yeah, that's if you stream through the player? So if you download a media file it will get spotted - meaning only the retards that stream get hit?
>>60550859
>downloaded by a victim’s media player
These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user.
Can any of you fuckers actually read? It's not the subtitles itself that makes your shit vulnerable, it's the online repositories where these subtitles come from.
>>60550883
mpv can't do this
>>60558508alang=jpn,jp,
slang=eng,en,
>>60558448
>Can any of you fuckers actually read?
it's a fact that more than half of the people in this thread haven't clicked the link
>>60558534
So you get english subs for everything?
>>60558568
If they are in the file or the folder. If you mean subtitle downloading (which has nothing to do with that screenshot I think) then you can use autosub.lua
>>60551051
nyaa.si doesn't have this problem
>>60550859
botnet, meme, CIA-nigger
>>60558656
Why would you want english subs for things with english audio?
Like I said, mpv can't do this >>60558508
>>60553005
What's Plato's Cave?
>>60558784
dual audio anime, prefer to use original audio + subs
barely anything i have in english-only has subtitles at all, for things that do, it's no trouble to hit "v" to turn off subtitles
>>60558840
I come upon movies all the time that have english subs. Needing to stab at your keyboard when the dialogue starts is retarded. eng:eng|f eng:off *:eng|d *:eng *:*|d master race.
>>60550859
>he doesn't use hardcoded subs
why even bother?
>>60558897
>Needing to stab at your keyboard when the dialogue starts is retarded.
not really, 'v' toggles subtitles on and off, regardless of whether there are subtitles
so if i know i won't need subs, i can hit v right away and will never see any
i will admit it'd be nice to default to no subs or forced subs with only english audio present, i wonder if that can/has been done with a lua script
>>60558784
Ah I see what you mean now. Pretty sure that's possible with auto-profiles.
>>60550883
mpv doesn't have seekbar thumbnails.