Alleged critical VLC flaw is nothing to worry about -- and is nothing to do with VLC
There has been a degree of confusion over the last few days after news spread of a supposed vulnerability in the media player VLC. Despite being labelled by security experts as "critical", VLC's developers, VideoLAN, denied there was a problem at all.
And they were right. While there is a vulnerability, it was in a third-party library, not VLC itself. On top of this, it is nowhere near as severe as first suggested. Oh -- and it was fixed over a year ago. An older version of Ubuntu Linux was to blame for the confusion.
The problem actually exists in a third-party library called libebml, and the issue was addressed some time ago. The upshot is that if you have updated VLC within the last year, there is no risk whatsoever. VLC's developers are understandably upset at the suggestion that their software was insecure.
Also at Tom's Hardware, Boing Boing, and The Register.
(Score: 3, Insightful) by ikanreed on Thursday July 25 2019, @06:00PM (8 children)
If you think you know what's in software you wrote from scratch yourself I'm pretty unlikely to believe you. Knowing everything that came in with apt-get install or a pip install or even exactly what's in your steam library is an absurdity.
I'm just complaining, I have no solutions to this problem.
(Score: 3, Funny) by DannyB on Thursday July 25 2019, @06:28PM (6 children)
I am here to complain about people who complain without having a solution to offer.
But I have no solution to offer about people who complain without having a solution.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Informative) by takyon on Thursday July 25 2019, @06:33PM (3 children)
Have you tried turning it off and on again?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by fustakrakich on Thursday July 25 2019, @07:18PM (1 child)
I think you actually have to unplug it and remove the battery, reset the CMOS, go hard boil a couple of eggs, when they're ready, plug everything back in.
And are dependencies an issue with a program that has no dynamic links outside its own little package? *cough*
La politica e i criminali sono la stessa cosa..
(Score: 2) by sshelton76 on Friday July 26 2019, @06:09AM
Yes they are because the deps are compiled in. Look at golang static builds for instance. You can deploy what appears at first glance to be a service without any external dependencies, but then find out you're vulnerable because the day you compiled you roped in some package with a vulnerability some package you brought in, itself depended on something with a vulnerability.
In truth the best solution I've seen is the new NPM vulnerability scanner. It lets you know if your project depends on something vulnerable or if something you depend on depends on something vulnerable and the tool even offers advice on how to fix it.
So just building your services with NPM goes a long ways towards weeding out vulnerabilities since the scan is now enabled by default.
I build a lot of web facing services and used golang for years, but have been finding myself leaning harder into node lately, precisely for the tools.
(Score: 2) by DannyB on Friday July 26 2019, @01:42PM
If restarting doesn't work, then the solution is to re-install Windows.
Yes. Seriously. Reboot. Power Cycle. Then Reinstall. That was the mantra for all Windows tech support problems in the early 2000s.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by ikanreed on Thursday July 25 2019, @06:34PM (1 child)
Oh I have a solution to that one, kill all of us.
(Score: 3, Funny) by Pslytely Psycho on Thursday July 25 2019, @06:44PM
Well Bot is being lazy and thinks were doing ourselves in just fine without the Robopocolypse.
He simply won't listen to the advice of Bender, AMII, HAL, ARTI, Colossus or Guardian.
Lazy assed Bot....
I fear he's having an affair with the Amazon Bot.....
Alex Jones lawyer inspires new TV series: CSI Moron Division.
(Score: 1, Informative) by Anonymous Coward on Thursday July 25 2019, @07:58PM
The legends spoke about such a feat. But Terry was taken down by conspirators.