Video players don't need updates!

>video players don't need updates!
>they just play videoz and shit
>I don't need to update muh MPC-HC

blog.checkpoint.com/2017/05/23/hacked-in-translation/

>Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software

I used mpc-hc to watch movies until I test mpv
I think anyone who continues in MPC is because they have not tested mpv or think it's only for linux or they do not know how to install

Or because it is a video player and MPC meets the requirements.

>tfw the botnet on pantsu torrents will soon be true
hold me

any saample?

can you use madvr with mpv?

the specific formats affected by this aren't even mentioned

fuck off

>no gui
>shit tier hotkeys
>inb4 you can change it
I don't give a fuck, I want a media player to just work out of the box, im not gonna bother configuring a FUCKING MEDIA PLAYER

That site doesn't mention mpc.

You don't need to

Good thing I don't download subtitle files.

But it works? If you don't want to configure a player, the basic functions suffice - play, pause, next, volume, seek etc. What else would you need in a video player?

top lel

I actualy only need air, water, food and a shelter

but I want a good resize for my 80s chinese cartoons that don't have been released on BD

Fuck you Sup Forums, the amount of paranoia this board had already created on me is terrifying, and now this?

You made use vpns, made me use open-source software only, and now this? Not even my subtitles are safe?

Looks like i'll have to start watching my anime on a vm, or i'll never be able to sleep again. Thanks Sup Forums.

it's not a subtitle format vuln. it's not MPC-HC. it's the shitty conehead and its derivatives happily auto-unzipping/auto-overwriting the first thing it finds on public uploaders, without sanitizing relative paths at all, so it will happily drop things in (parent)/(parent)/(parent)/(parent)/(parent)/(parent)/(parent)/Windurrrrrr/System三二

even goddamn yotsuba has better filtering on its posts to not let me post the actual path

>actually falling for the memes here
fucking kek

I don't remember what's it called but mpv has its own version of madvr which works just as good

sweet, gonna take advantage of this and make a fake leak of evangelion 3.0+1.0

>including VLC, Kodi (XBMC), Popcorn-Time and strem.io

A shoot in the dark but it sounds like a fontconfig vulnerability. mpc-hc doesn't use fontconfig neither is it listed on that page.

Also if you use very large cone and any of those streaming crap then please re-consider your life.

It's dumber than that, it's the automatic subtitle fetcher accepting zips and not stripping relative paths.

>That site doesn't mention mpc.

That's because mpc-hc hasn't been contacted for a fix yet. The ones listed have already fixed it.

MPC-HC isn't vulnerable to this attack by design.

1. Note that the article doesn't say MPC as vulnerable.

2. this is what you get when you create ridiculous bullshit subtitle formats that can draw full shapes on the screen with embedded fonts and other bullshit. SRT files don't have this problem and they are completely perfect for all movies.

I used that. Went back to MPC immediately.

>Half Life 3 leaked intro cinematic (english subs).mkv

ironically, srt handling in typical use case is vulnerable while the full-on embedded fonts .ass experience is not

This thread right here is the problem with nu-Sup Forums.

Software A has a poorly-described vulnerability! 20 people have opinions about it.
A whole two of them have looked at the linked commit comments for the fixed bug.
First reply is holy warring the completely-unrelated softwares B and C, and half the rest of the thread takes the bait.
Third reply is muh botnet memes ecksdee upboat pls :)
Fourth and sixth replies are "reading github comments is haaaaaaard, spoonfeed me"
Fourteenth reply is a genuine untreated scizophrenic.
Nineteenth reply is completely wrong guess at what the problem is by someone who didn't bother reading the commit comments.
21st insists that software C, which doesn't even have its own competing implementation of the feature the vulnerability is in, is actually more vulnerable because reasons.
23rd can't read commit comments or the rest of the thread, insists that REEEEEEEEE this is what newfangled formats get you, plaintext was good enough for Baudot and dammit it's good enough for me (the vuln is actually in how the software implements its plaintext community-sourced fallback for content which doesn't use newer formats)

This isn't even a technology board anymore. It's just Plato's Cave as reenacted by sad autistic children.

Is mpv with the autosub script affected?

>mpv has its own version of madvr which works just as good
>just
>as
>good

For starters I would like to be able to open up a new fucking video without it using a new windows every damn time + not remembering the window position. You know just basic shit I shouldn't have to do while I have one hand on my dick.

close it and open a new video, then
as far as i'm concerned, i'm either watching a video or i'm not, so i rarely take it out of fullscreen
so i need to dismiss the video to select another anyway

>Switch from VLC to MPC-HC because Sup Forums recommends it
>Starts working fine, some time later for some reason the audio is distorted whenever it gets a bit loud

Why is this happening?

m80. I used mpc+madvr for like 5 years and recently switched to mpv just to try it out. It's impossible for a human to see a difference between them, even if you grab same frame and compare them. It's literally up to whether or not you want a GUI for settings at this point, they're effectively the same thing.

or because MPC does not make GPU decoded frames go back and forth before presenting them.
(what basically dxva-copy does)

hwdec=dxva2-copy
?

>autoload.lua

No point in using some script to get basic functionality offered by another player with a superior gui + renderer.

>letting your media player download subtitles on its own

I think I got that once and I looked everywhere until I remembered that I had increased the audio boost up to 150%. Look for it and lower it back to 0% if it's turned up.

Its because he is probably using some other guys config instead of the default. Distortion will happen with some configs on certain hardware.

>streaming

You deserve it. And I don't remember mpc-hc downloading subtitles by itself.

Who the fuck uses subtitles? They totally ruin the delivery of every line. They spoil the punchlines of jokes and ruin the emotional delivery of non-jokes.

People who are deaf. People who aren't very good at English or have trouble understanding other accents. People who watch things that were made in foreign languages.

>Who the fuck uses subtitles?
>on an anime website, for english speakers
>seriously asking this question

Nobody uses the subtitle functionality in MPC-HC. Everyone uses VS-Filter. Fuck if I know if that's vulnerable tho. But it is certainly something that doesn't require MPC HC to be updated.

mpv is ugly and shit

>Nobody uses the subtitle functionality in MPC-HC

I'm glad I watch hardsubbed only

>tfw building mpv every day

>can't even watch Mongolian cartoons on Windows without getting hit with malware

Winbabbies have it hard.

I use xysubfilter

>hardsubbs

Actually I do, I can't see a difference between it and xysubfilter.

>which are then downloaded by a victim’s media player

Yeah, that's if you stream through the player? So if you download a media file it will get spotted - meaning only the retards that stream get hit?

>downloaded by a victim’s media player
These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user.
Can any of you fuckers actually read? It's not the subtitles itself that makes your shit vulnerable, it's the online repositories where these subtitles come from.

mpv can't do this

alang=jpn,jp,
slang=eng,en,

>Can any of you fuckers actually read?
it's a fact that more than half of the people in this thread haven't clicked the link

So you get english subs for everything?

If they are in the file or the folder. If you mean subtitle downloading (which has nothing to do with that screenshot I think) then you can use autosub.lua

nyaa.si doesn't have this problem

botnet, meme, CIA-nigger

Why would you want english subs for things with english audio?
Like I said, mpv can't do this

What's Plato's Cave?

dual audio anime, prefer to use original audio + subs
barely anything i have in english-only has subtitles at all, for things that do, it's no trouble to hit "v" to turn off subtitles

I come upon movies all the time that have english subs. Needing to stab at your keyboard when the dialogue starts is retarded. eng:eng|f eng:off *:eng|d *:eng *:*|d master race.

>he doesn't use hardcoded subs
why even bother?

>Needing to stab at your keyboard when the dialogue starts is retarded.
not really, 'v' toggles subtitles on and off, regardless of whether there are subtitles
so if i know i won't need subs, i can hit v right away and will never see any

i will admit it'd be nice to default to no subs or forced subs with only english audio present, i wonder if that can/has been done with a lua script

Ah I see what you mean now. Pretty sure that's possible with auto-profiles.

mpv doesn't have seekbar thumbnails.