VLC 1.1.1 is out: GPU decoding for ATI

VLC 1.1.1 was just released! A lot of bugs were fixed, and now, GPU decoding works on ATI cards! You need Catalyst 10.7 to use DxVA on your ATI GPU.

Other important news: libVLC has a lot of new useful functions, like libvlc_set_user_agent(), or libvlc_video_set_callbacks() and libvlc_video_set_format() to replace the –vmem-* hack.

Enjoy this new release!


I hate the web

I first experienced Internet at the glorious time of the 56k. It was slow, hard to browse, and full of badly designed websites. But it was fun to discover. At that time, people were still trying to figure out the answer to “what the hell can I do here?”, were experimenting a lot, and shared their results.

Then the internet bubble grew and… I won’t waste time telling that story, that’s not my goal here. Let’s go forward a little, to that new trend, the Web 2,0.

It was the beginning of social media, users producing content, companies investing a lot to reach those users. And somewhere, something went wrong. It was quiet at first. People were wondering how to get a better rank in search engines, how to blog, how to create a buzz. Some of them were really trying create value, and share it with the right users. But others didn’t think like that. They found a way to make money out of thin air.

How to be successful on the Interwebz

Take a lot of incompetent people, more or less linked by a common interest-let’s say “being famous”, as an example- and able to communicate with each other thanks to social networks. One of them will see a post somewhere describing someone famous, and will share it with the rest. He will share other articles for a few months, and all the incompetent fools will be pleased  to learn about how famous people became famous.

Then, he will begin to write articles that rephrase the ones he sent a few months ago. All the incompetent fools will thank him for sharing his insight in being famous. And if he doesn’t find anything to write, he will rephrase one of his own articles, with a catchy title like “top ten ways to create a viral video” and a lot of bullet points. And some of the incompetent fools will share these articles (mostly because they’re not smart enough to go and find the original content by themselves).

Little by little, he will be recognized as an expert in being famous, and will start a consultant job, and will be overpaid to teach the incompetent fools how to be famous. And then, those incompetent fools will start to share themselves, and blog, and become consultants and make money. Don’t you recognize something?

The Ponzi scheme web 2.0 expert

That’s the Internet we see now, and I find it disgusting. No real content, people quoting each other, and experts telling us “Get rich following my method, it worked for me, why wouldn’t it work for you?”. Social networks gave the crooks an easy way to legitimacy. Why would you bother working hard, when you can quickly get exposure by preaching to the incompetent crowd?

If you follow most of the news, you will think that those people talking about SEO, copywriting, web marketing or community management are the ones building the web. They’re not. Internet is there thanks to a lot of quiet system administrators, developers and electronics engineers. They’re not necessarily following new trends. They’re at their origin.

If you want real content and real value, look for these people. If you want to build something useful, learn from them but follow your own path. Inventing is not about repeating what smart people say, but contradicting them.

Current state of security in VLC on Windows

A recent report from Secunia states that popular Windows applications don’t use the DEP and ASLR protections. It is true for VLC up to 1.0: the latest version at the moment, 1.1, supports permanent DEP mode, and ASLR on all of its DLLs.

One thing the report could have shown is the difference between applicatins built with MSVC or GCC. Adding DEP and ASLR in Visual Studio means adding /NXCompat and DynamicBase to the compilation options. With MinGW, there is a different trick. This article on my old blog is slightly outdated: ld in binutils 2.20 supports the –nxcompat and –dynamicbase options. So, now, the developers using GCC have no more excuse!

Let’s sum up the state of the security of VLC:

  • 1.0.5 is NOT SAFE on Windows. 1.0.6 brings a lot of security fixes, but this version was not released on Windows. And security features are not used.
  • 1.1.0 supports permanent DEP and ASLR (with DllCharacteristics flag, only on Vista/7) and termination on heap corruption
  • 1.1.1 supports the same as 1.1.0, and adds DEP on XP SP3 with SetProcessDEPPolicy
  • SafeSEH and stack cookies are not yet used

The developers using LibVLC should check their software: DEP won’t be activated if their executable doesn’t support it.