Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
bawolff 6 hours ago

> nearly inexhaustible supply of LLM slop daily,

Actual well written vulnerability reports are not the same as slop.

AI slop is a real problem and annoying. Just because it exists does not mean every vulnerability report is AI slop.

Ffmpeg devs are free not to care, but then they cant complain when they start to get a bad reputation.

naturalmovement 6 hours ago | parent [-]

> AI slop is a real problem and annoying. Just because it exists does not mean every vulnerability report is AI slop.

Ok but who is going to sift through it all to triage the good bits when you're working on something for free?

> Ffmpeg devs are free not to care, but then they cant complain when they start to get a bad reputation

Who gives a shit about reputation when you're the only game in town?

There is nothing out there that even attempts to approximate an ffmpeg clone. They are the Swiss army knife of media encoding and all complainers have produced are plastic sporks.

bawolff 4 hours ago | parent [-]

> Ok but who is going to sift through it all to triage the good bits when you're working on something for free?

Its like anything else in open source. Maintainers will do so if they care. Maybe they decide they don't care. That is always their decision to make but there are consequences for the project. Maybe those consequences make sense. Being a maintainer is all about making cost-benefit trade offs.

> Who gives a shit about reputation when you're the only game in town?

Its up to the maintainers whether they care or not. It depends on what they value.

Ultimately if maintainers make decisions that are at odds with what their userbase want, someone eventually forks and people vote with their feet.

naturalmovement 4 hours ago | parent | next [-]

Security is a bit different.

Today it's an industry driven by unscrupulous clout-chasers and a commitment to quantity over quality.

There is a difference between going through patches and pull requests vs. the endless stream of LLM-assisted bullshit that has started cluttering security inboxes in the last few years.

tptacek 4 hours ago | parent [-]

Vulnerability researchers don't create the vulnerabilities they report. The vulnerabilities exist whether or not they're reported by "clout chasers".

eipi10_hn 3 hours ago | parent | prev [-]

Yes, and people will sit there and sip tea while waiting for "someone"? For how long?

bawolff 2 hours ago | parent [-]

> Yes, and people will sit there and sip tea while waiting for "someone"? For how long?

Until someone cares enough to do it. This is open source software. When it comes to open source, the golden rule is you either do the things you care about yourself or stfu.

Given the libav fork wasn't all that long ago, it can obviously happen to ffmpeg just as much as it can happen to any other project.