The EU is offering cash bounties to improve the security of the VLC media player. The VLC bounties are a proof-of-concept test to learn how to run future bounties via Free and Open Source Software Audit 2 (FOSSA-2). In this trial run, bounties which range from $100 for low-severity bugs and up to $2,000 for critical bugs are offered via HackerOne.
According to Wikipedia: "VLC media player (commonly known as VLC) is a free and open-source, portable and cross-platform media player and streaming media server developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Windows 10 Mobile, Windows Phone, Android, Tizen, iOS."
Much more information, as well as downloads, are available on the VLC homepage.
Related Stories
VideoLAN has released version 3.0.0 of the VLC media player for Windows, Linux, BSD, Android, and macOS. The new version is billed as enabling hardware decoded playback of 4K, 8K, and 360-degree video (in a demonstration video, VLC 3.0.0 is shown playing 8K 48fps 360-degree video on a Samsung Galaxy S8).
3.0.0 adds support for (not exhaustive):
- Network browsing of distant filesystems (using SMB, FTP, SFTP, NFS...)
- External audio tracks (ac3, m4a, aac, dts...)
- 12-bit color and (10-bit) high dynamic range
- Chromecast (an open source implementation of the proprietary Google Cast protocol)
- 360-degree video/audio
- Ambisonic audio and more than 8 audio channels
- Audio passthrough
- Blu-Ray Java menus
- H.265/HEVC hardware decoding on Windows, Android, OS X, iOS
- AOMedia Video 1 (AV1) video, and Daala (elements of Daala have been incorporated into AV1). VideoLAN is a member of the Alliance for Open Media, which develops the AV1 format.
Linux/BSD default video output is now OpenGL, instead of Xvideo.
The 3.0.x branch of VLC will be maintained as long-term support versions and will be the last releases on Windows XP (with significant limitations), Vista, macOS 10.7, 10.8 & 10.9, iOS 7 & 8, Android 2.x, 3.x, 4.0.x & 4.1.x, and the last to run on compilers before gcc 5.0 and clang 3.4, or equivalent.
From VLC Android developer Geoffrey Métais's blog post about the release, which discusses why Chromecast support took so long to add, as well as other missing features that have now been added to the Android version:
Chromecast support is everywhere and VLC took years to get it, right, but there are plenty of good reasons for it:
First of all, VideoLAN is a nonprofit organization and not a company. There are few developers paid for making VLC, most of them do it in their free time. That's how you get VLC for free and without any ads!
Also, VLC is 100% Open Source and Chromecast SDK isn't: We had to develop our very own Chromecast stack by ourselves. This is also why there is no voice actions for VLC (except with Android Auto), [and] we cannot use Google Play Services.
Furthermore, Chromecast is not designed to play local video files: When you watch a Youtube video, your phone is just a remote controller, nothing more. Chromecast streams the video from youtube.com. That's where it becomes complicated, Chromecast only supports very few codecs number, let's say h264. Google ensures that your video is encoded in h264 format on youtube.com, so streaming is simple. With VLC, you have media of any format. So VLC has to be a http server like youtube.com, and provide the video in a Chromecast compatible format. And of course in real time, which is challenging on Android because phones are less powerful than computers.
At last, VLC was not designed to display a video on another screen. It took time to properly redesign VLC to nicely support it. The good news is we did not make a Chromecast specific support, it is generic renderers: in the next months we can add UPnP support for example, to cast on any UPnP box or TV!
Also at The Verge and Tom's Hardware.
Related: Stable Release of VLC 1.0 for Android
VLC 2.0 for Android Released
EU Offers Cash Bounties to Improve the Security of VLC Media Player
Google Won't Take Down Pirate VLC With 5M Downloads (Update: They Have Taken it Down)
VLC is adding AirPlay support and will reach 3 billion downloads
VLC, the open-source video player app, is announcing two major milestones from CES today. The development team, Videolan — along with Jean-Baptiste Kempf, one of the lead developers — told Variety at CES that it'll be adding AirPlay support, allowing users to transmit videos from their iPhone (or Android) to their Apple TV.
The update could be released for the primary VLC app in "about a month," for free. However, VLC tells The Verge there's no specific release date yet.
[...] The second major milestone for VLC is that it’s closing in on 3 billion user downloads.
Here is the bug tracker for the 4.0.0 release.
Related: EU Offers Cash Bounties to Improve the Security of VLC Media Player
VLC 3.0.0 Released, With Better Hardware Decoding and Support for HDR, 360-Degree Video, Chromecast
VideoLAN Blacklists Huawei Phones on Google Play
(Score: 2) by frojack on Friday December 22 2017, @04:15AM (5 children)
Weren't they threatening VLC with copyright and patent violations not that long ago?
Have they stopped worrying about the streaming capabilities, the ripping capabilities etc?
Why are they suddenly interested in security?
No, you are mistaken. I've always had this sig.
(Score: 2) by takyon on Friday December 22 2017, @04:18AM
Not sure what incident you are talking about. Did you mean Kodi/XBMC?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 5, Informative) by c0lo on Friday December 22 2017, @04:27AM (3 children)
No, France has not become a part of USA [videolan.org].
So Frenchy, so chic.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by frojack on Friday December 22 2017, @07:39AM (2 children)
I said nothing about software patents.
But since YOU did:
> And in Europe, we don't have valid software patents.
That is categorically untrue, and you should stop telling people that. In Europe, software is not patent-eligible "as such", but it is if it solves a technical problem.
A partial list of EU recognized software patents, (some French in origin)
http://www.mpegla.com/main/programs/avc/Documents/avc-att1.pdf [mpegla.com]
It was only this year that fraunhofer mp3 patents lapsed:
https://www.iis.fraunhofer.de/en/ff/amm/prod/audiocodec/audiocodecs/mp3.html [fraunhofer.de]
No, you are mistaken. I've always had this sig.
(Score: 5, Informative) by canopic jug on Friday December 22 2017, @11:11AM
In Europe, software is not patent-eligible "as such", [...]
In Europe, software may not be patented. Full stop. Software and several other categories are specifically excluded by name as per article 52 of the 1973 European Patent Convention.
(2) The following in particular shall not be regarded as inventions within the meaning of paragraph 1:
[...]
schemes, rules and methods for perform- ing mental acts, playing games or doing busi- ness, and programs for computers;
There is no wiggle room there despite what lobbyists from M$, Nokia, and others [techrights.org] might get the mainstream press to mislead or lie about.
It has become a contentious issue because the European Patent Office EPO) [techrights.org] has been illegally granting invalid patents on software, even though they are unenforceable. The idea they appear to have is to steamroll the EU and just issue enough untill software patents are defacto accepted in the EU.
Money is not free speech. Elections should not be auctions.
(Score: 2) by c0lo on Friday December 22 2017, @01:03PM
You mean the same class of software to which VLC belongs?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Funny) by MichaelDavidCrawford on Friday December 22 2017, @04:31AM (1 child)
We make money the old-fashioned way: we mine it.
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Funny) by Bot on Friday December 22 2017, @10:39AM
mining example:
- HEY YOU! that's my wallet!
- now it's mine!
Account abandoned.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @05:13AM (3 children)
Why would anyone allow any media player internet access, I mean I get that MP4's and other media files can carry malicious packages but, you can deny processes from vlc network access, unllike media player
(Score: 0) by Anonymous Coward on Friday December 22 2017, @05:20AM (2 children)
VLC can stream from URLs and also fetch track/album data.
(Score: 2, Interesting) by noyou on Friday December 22 2017, @07:11AM (1 child)
Sure but who would be dumb enough to send their playlists to the MPAA or the RIAA oh right people that think uber is a good company, and that being tracked evey step they take is ok
(Score: 2) by Ramze on Friday December 22 2017, @07:36AM
I don't care for the feature either, but at least it can be turned off... and it's open source, so one can verify that the "off" mode actually works.
(Score: 0) by Anonymous Coward on Friday December 22 2017, @05:50AM
How about fixing the god damn tempo changing bug. That's why i've been testing other media players on my phone. Not that any of them are actually completely usable.
(Score: 4, Interesting) by drussell on Friday December 22 2017, @06:04AM (4 children)
Gee, I wonder who has been most successful recently in editing that particular part of the Wikipedia entry:
You know... All those mobile platforms...
Obviously they must have been listed in order of relevance and market share... All those popular mobile devices running Windows 10 Mobile and all those Windows Phone phones.... Oh, and maybe Android or iOS...
LOL indeed...
:facepalm:
(Score: 3, Funny) by Bot on Friday December 22 2017, @10:38AM (3 children)
They simply listed them in order of coolness. Inverse, ofc.
Account abandoned.
(Score: 2) by stretch611 on Friday December 22 2017, @11:59AM (2 children)
So, iOS is cool?
What exactly is cool about a overpriced piece of hardware with a "unique" feature of a rectangle with curved edges and completely closed software ecosystem that is under complete control of a single bloated corporation?
While others, <*cough*>Android/Google<*cough*> are far from perfect, at least they allow to bypass the software store with a single configuration option, and allow for competition from multiple hardware vendors creating choice in physical features.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 3, Informative) by nobu_the_bard on Friday December 22 2017, @02:32PM (1 child)
Every single discussion I have anymore about any piece of software with clients, one of the first three questions is "can I use it with iPhone"?
(Score: 0) by Anonymous Coward on Friday December 22 2017, @06:05PM
Another example that shows how this industry is toxic and why I wish it would be nuked from orbit.
(Score: 4, Funny) by Bot on Friday December 22 2017, @10:45AM
1. write open source software
2. introduce security bugs
3. get bounty to remove security bugs
4. PROFIT!!!
Account abandoned.