22
Stubsack: weekly thread for sneers not worth an entire post, week ending 9th November 2025 (awful.systems)
submitted 1 week ago by BlueMonday1984@awful.systems to c/techtakes@awful.systems
199 comments fedilink hide all child comments

Want to wade into the sandy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

you are viewing a single comment's thread
view the rest of the comments
[-] sailor_sega_saturn@awful.systems 15 points 6 days ago* (last edited 6 days ago)

NotAwfulTech and AwfulTech converged with some ffmpeg drama on twitter over the past few days starting here and still ongoing. This is about an AI generated security report by Google's "Big Sleep" (with no corresponding Google authored fix, AI or otherwise). Hackernews discussed it here. Looking at ffmpeg's security page there have been around 24 bigsleep reports fixed.

ffmpeg pointed out a lot of stuff along the lines of:

  • They are volunteers
  • They have not enough money
  • Certain companies that do use ffmpeg and file security reports also have a lot of money
  • Certain ffmpeg developers are willing to enter consulting roles for companies in exchange for money
  • Their product has no warranty
  • Reviewing LLM generated security bugs royally sucks
  • They're really just in this for the video codecs moreso than treating every single Use-After-Free bug as a drop-everything emergency
  • Making the first 20 frames of certain Rebel Assault videos slightly more accurate is awesome
  • Think it could be more secure? Patches welcome.
  • They did fix the security report
  • They do take security reports seriously
  • You should not run ffmpeg "in production" if you don't know what you're doing.

All very reasonable points but with the reactions to their tweets you'd think they had proposed killing puppies or something.

A lot of people seem to forget this part of open source software licenses:

BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW

Or that venerable old C code will have memory safety issues for that matter.

It's weird that people are freaking out about some UAFs in a C library. This should really be dealt with in enterprise environments via sandboxing / filesystem containers / aslr / control flow integrity / non-executable memory enforcement / only compiling the codecs you need... and oh gee a lot of those improvements could be upstreamed!

[-] swlabr@awful.systems 11 points 6 days ago

For a moment there I was worried that ffmpeg had turned fash.

Anyway, amazing job ffmpeg, great responses. No notes

[-] yellowcake@awful.systems 7 points 6 days ago

The ffmpeg social media maintainer is an Elon fan so when he purchased Twitter and made foolish remarks about rewriting it all in C and how only hardcore programmers are cool that write C/assembly they quickly jumped on it.

https://xcancel.com/FFmpeg/status/1598655873097912320

Ya maybe it’s a way to attract more contributors or donation money. Felt a bit weird after Elon was shitting on all the people who built Twitter and firing them.

[-] swlabr@awful.systems 5 points 6 days ago

🙃🙃🙃

this post was submitted on 03 Nov 2025
22 points (100.0% liked)

TechTakes

2284 readers
100 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 2 years ago
MODERATORS
dgerard@awful.systems