Conversation

Notices

1. Embed this notice
   SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 19:22:15 JST SuperDicq

   Self awareness zero

   • prettygood and Johnny Peligro like this.
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 19:31:49 JST SuperDicq

     in reply to

     • Phantasm

     @phnt@fluffytail.org Honestly whoever is running the ffmpeg twitter account is doing a good job.

     :blobcathug: likes this.
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Nov-2025 19:31:50 JST Phantasm

     in reply to
     @SuperDicq They should rewrite it in Rust.
     ffmpeg-outdated-rust.jpg
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 19:42:01 JST SuperDicq

     in reply to

     • Phantasm

     @phnt@fluffytail.org Dav1d is actually almost exclusively written in asm. It contains more asm than C. It's an insanely efficient decoder.

   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Nov-2025 19:42:02 JST Phantasm

     in reply to
     @SuperDicq As expected, you can't beat properly written hand-optimized inline assembly.
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 20:54:44 JST SuperDicq

     in reply to

     • Reid :ablobcatattention:

     @Reiddragon@fedi.reimu.info It's very easy to call someone else's gigantic project used by the entire world "broken-ass shitty code" while you have no experience running any sort of project at this scale.

   • Embed this notice
     Reid :ablobcatattention: (reiddragon@fedi.reimu.info)'s status on Wednesday, 05-Nov-2025 20:54:46 JST Reid :ablobcatattention:

     in reply to
     @SuperDicq how tf does a security researcher even isolate a bug without having at least a basic understanding of programming and the codebase they're analyzing for exploits? And when you know exactly what the issue is, you usually know how to fix it
     
     also, calling ffmpeg "broken-ass shitty code" when the world's multimedia infrastructure is built on it... this is someone who just wants to be edgy for the sake of it
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 21:04:22 JST SuperDicq

     in reply to

     • Phantasm
     • Kraftwerk-Das Model Collapse

     @dngrs@chaos.social @phnt@fluffytail.org I mean it's still kind of pointless in my opinion considering that the project is about 80% assembly anyways.
     
     And nobody wants their video decoder to be slower by any percentage. Nobody is going to say "I want the slower version, because I care about memory safety". Literally nobody except Rust nerds.
     
     Most people don't even know what that means and just want the faster software.

   • Embed this notice
     Kraftwerk-Das Model Collapse (dngrs@chaos.social)'s status on Wednesday, 05-Nov-2025 21:04:23 JST Kraftwerk-Das Model Collapse

     in reply to

     • Phantasm

     @SuperDicq @phnt in fairness the 35% slower was for the initial release, no? There's been a lot of progress https://ohadravid.github.io/posts/2025-05-rav1d-faster/

   • Embed this notice
     Blurry Moon (sun@shitposter.world)'s status on Wednesday, 05-Nov-2025 21:43:16 JST Blurry Moon

     in reply to

     • Reid :ablobcatattention:
     @Reiddragon @SuperDicq it's standard operating procedure to run ffmpeg jailed/isolated for user supplied content because it's vulnerable to untrusted input exploits
   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 21:54:05 JST SuperDicq

     in reply to

     • Kraftwerk-Das Model Collapse

     @dngrs@chaos.social Go and try to ask a normie if they would rather want "memory safety" or if they want their phone battery to last 20% longer while watching videos.

   • Embed this notice
     Kraftwerk-Das Model Collapse (dngrs@chaos.social)'s status on Wednesday, 05-Nov-2025 21:54:06 JST Kraftwerk-Das Model Collapse

     in reply to

     @SuperDicq I don't think it's a universally true statement that memory safety is only something for "Rust nerds"; image/video decoding can be a pretty juicy attack vector (cf LogoFail or the various issues Apple had over the years). Of course all bets are off once you're in ASM land, but reducing attack surfaces does have value.

   • Embed this notice
     SuperDicq (superdicq@minidisc.tokyo)'s status on Wednesday, 05-Nov-2025 22:35:32 JST SuperDicq

     in reply to

     • Kraftwerk-Das Model Collapse

     @dngrs@chaos.social I know that's not video decoding and power consumption works, but I'm just making up a hypothetical scenario that does accurately describe my personal opinions on most of those pointless "I rewrote it in Rust" projects.

   • Embed this notice
     Kraftwerk-Das Model Collapse (dngrs@chaos.social)'s status on Wednesday, 05-Nov-2025 22:35:33 JST Kraftwerk-Das Model Collapse

     in reply to

     @SuperDicq
     1. normies aren't security experts. Why should I consult them on security matters?
     2. phones do video decoding in hardware
     3. we probably agree that when given a tradeoff of performance vs. security, security isn't *always* the correct choice, e.g. I'm not very happy with the amount of spectre etc mitigations; my personal threat model would prefer to have those disabled
     4. 20% isn't an accurate figure, but of course ideally the RIIR impl isn't slower at all. I think it's doable.