Right, they probably already mitigated this bug in their own usage. Which is exactly why reporting the bug is a FAVOR to ffmpeg. Would you rather they just quietly fix it on their own and not report it to the…
> you have 90 days to fix it Or else what? They release the report? That's standard and ffmpeg is open source anyway, anybody can find the bug on their own. There's no threat here. If you're mad about companies using…
What does it matter if it's AI generated if it's a real bug? The problem with AI reports is usually that they're invalid; in this case it was an actual bug. > currently have zero real-world impact So better we not talk…
There's no law that you have to fix all bug reports. Isn't it better for users and developers alike that they can see the problems of the project. If they don't have resources that's fine, it's not like they are…
[flagged]
Google found a vulnerability and reported it for free. Why do they need to do anything more? Give and inch and ffmpeg's twitter guy requests a mile. If you don't want people to use your software to make money, release…
>rarely anyone ever uses It's enabled by default so all that's required to exploit it would be to construct a payload file and name it movie.mp4
Yeah, it's actually a great bug report. Reproducible and guaranteed to be an actual problem (regardless of how small the problem is considered by the devs). Just seems irresponsible to encourage people not to file bug…
VLC is pretty popular on windows, but ffmpeg? Is there any commonly used windows app that relies on it? I doubt it'd be worth one's time to write exploits for desktop linux
Yeah, I mean if it's an actual vulnerability what are they complaining for?
No :)
Again, you're focusing on a pointless detail. Sure, I made a mistake in offhandedly using li as an example. Why do you choose to ignore the actually valid p example though? Seems like you're more interested in…
That's exactly my point, people are clueless about the basics of nuclear power. Why would they know it? I mean, why would the average person know what a linear equation is or what year the first world war started?
> If there's a bit of water in your lungs, a surprisingly small amount, it causes massive inflammation and your lungs start to fill with fluid. It's called "secondary drowning", and it happens a couple of hours after.…
Well, just because something is allowed by the syntax does not mean it's a good idea, that's why pretty much every language has linters. And I do think there's an evenly applied rule, namely: always explicitly close all…
Are you misunderstanding on purpose? I am aware they are optional. I am arguing that there is no reason to omit them from your HTML. Whitespace is (mostly) optional in C, does that mean it's a good idea to omit it from…
The merits and drawbacks of XHTML has already been discussed elsewhere in the thread and I am well aware of it. > And at a time when there was legitimate browser competition, the one that made a "best effort" to render…
As the saying goes, "a little bit of knowledge is a dangerous thing". Your "water rescue course" taught you something that's clearly wrong, as we see with the sibling comment, while my common sense and just everyday…
It's an analogy, there's no need to analyze it literally. And no, I've worked with some devs who don't understand git (thankfully I don't anymore) and it was quite a bit more than "five times" they got stuck or messed…
"Intimately understand the VM" is not the same as knowing what data structure you're using. It'd be comparable to not knowing the difference between an array and a linked list. Sure you may call it gatekeeping but…
I didn't expect this level of unfounded ignorant hysteria here. Have you really never gone swimming and inhaled some water? Did you go to the hospital? > In the past, these terms were used to try to explain that some…
It had too much unnecessary metadata yes, but case insensitivity is always the wrong way to do stuff in programming (e.g. case insensitive file system paths). The only reason you'd want it is for real-world stuff like…
> They introduce zero ambiguity to the language Well, to parsing it for machines yes, but for humans writing and reading it they are helpful. For example, if you have <p> foo <p> bar and change it to <div> foo <div> bar…
Reall? Libreoffice at least has a File > Open menu that allows you to specify the separator and other CSV stuff, like the quote character
> People can drown on dry land from about a tablespoon of water getting into their lungs. Well, I don't think there's such a big risk of that. Falling into a pool is something most of us have probably done. Being pushed…
Right, they probably already mitigated this bug in their own usage. Which is exactly why reporting the bug is a FAVOR to ffmpeg. Would you rather they just quietly fix it on their own and not report it to the…
> you have 90 days to fix it Or else what? They release the report? That's standard and ffmpeg is open source anyway, anybody can find the bug on their own. There's no threat here. If you're mad about companies using…
What does it matter if it's AI generated if it's a real bug? The problem with AI reports is usually that they're invalid; in this case it was an actual bug. > currently have zero real-world impact So better we not talk…
There's no law that you have to fix all bug reports. Isn't it better for users and developers alike that they can see the problems of the project. If they don't have resources that's fine, it's not like they are…
[flagged]
Google found a vulnerability and reported it for free. Why do they need to do anything more? Give and inch and ffmpeg's twitter guy requests a mile. If you don't want people to use your software to make money, release…
>rarely anyone ever uses It's enabled by default so all that's required to exploit it would be to construct a payload file and name it movie.mp4
Yeah, it's actually a great bug report. Reproducible and guaranteed to be an actual problem (regardless of how small the problem is considered by the devs). Just seems irresponsible to encourage people not to file bug…
VLC is pretty popular on windows, but ffmpeg? Is there any commonly used windows app that relies on it? I doubt it'd be worth one's time to write exploits for desktop linux
Yeah, I mean if it's an actual vulnerability what are they complaining for?
No :)
Again, you're focusing on a pointless detail. Sure, I made a mistake in offhandedly using li as an example. Why do you choose to ignore the actually valid p example though? Seems like you're more interested in…
That's exactly my point, people are clueless about the basics of nuclear power. Why would they know it? I mean, why would the average person know what a linear equation is or what year the first world war started?
> If there's a bit of water in your lungs, a surprisingly small amount, it causes massive inflammation and your lungs start to fill with fluid. It's called "secondary drowning", and it happens a couple of hours after.…
Well, just because something is allowed by the syntax does not mean it's a good idea, that's why pretty much every language has linters. And I do think there's an evenly applied rule, namely: always explicitly close all…
Are you misunderstanding on purpose? I am aware they are optional. I am arguing that there is no reason to omit them from your HTML. Whitespace is (mostly) optional in C, does that mean it's a good idea to omit it from…
The merits and drawbacks of XHTML has already been discussed elsewhere in the thread and I am well aware of it. > And at a time when there was legitimate browser competition, the one that made a "best effort" to render…
As the saying goes, "a little bit of knowledge is a dangerous thing". Your "water rescue course" taught you something that's clearly wrong, as we see with the sibling comment, while my common sense and just everyday…
It's an analogy, there's no need to analyze it literally. And no, I've worked with some devs who don't understand git (thankfully I don't anymore) and it was quite a bit more than "five times" they got stuck or messed…
"Intimately understand the VM" is not the same as knowing what data structure you're using. It'd be comparable to not knowing the difference between an array and a linked list. Sure you may call it gatekeeping but…
I didn't expect this level of unfounded ignorant hysteria here. Have you really never gone swimming and inhaled some water? Did you go to the hospital? > In the past, these terms were used to try to explain that some…
It had too much unnecessary metadata yes, but case insensitivity is always the wrong way to do stuff in programming (e.g. case insensitive file system paths). The only reason you'd want it is for real-world stuff like…
> They introduce zero ambiguity to the language Well, to parsing it for machines yes, but for humans writing and reading it they are helpful. For example, if you have <p> foo <p> bar and change it to <div> foo <div> bar…
Reall? Libreoffice at least has a File > Open menu that allows you to specify the separator and other CSV stuff, like the quote character
> People can drown on dry land from about a tablespoon of water getting into their lungs. Well, I don't think there's such a big risk of that. Falling into a pool is something most of us have probably done. Being pushed…