| ▲ | oinoom 4 hours ago |
| Funny, John Carmack was just admiring the creator of ffmpeg the other day for being a better programmer. https://x.com/id_aa_carmack/status/2064095424420487226?s=46 |
|
| ▲ | mjg59 25 minutes ago | parent | next [-] |
| The majority of code in ffmpeg today isn't written by Fabrice, but also there's multiple axes that people view programming ability on. Some people can write software that will do things you couldn't imagine given the constraints. Some people can write software that is resilient against all malformed input. Sometimes these people are the same people, but frequently they're not. |
|
| ▲ | tptacek 4 hours ago | parent | prev | next [-] |
| One thing has nothing to do with the other. |
| |
|
| ▲ | pibaker 2 hours ago | parent | prev | next [-] |
| Famous man whose last impactful work was decades ago and spent years on meta's sinking metaverse boat said so, so it must be true. |
| |
| ▲ | plaguuuuuu 35 minutes ago | parent | next [-] | | Can't help laughing at a random ad hominem against John Carmack of all people, and about his opinion on a guy who is already widely regarded as an especially talented programmer. | |
| ▲ | zerobees an hour ago | parent | prev | next [-] | | I don't think that's fair. There's a lot of talent and grit behind ffmpeg. But for better or worse, getting the code to do what it's supposed to do requires a different mindset than getting it to not do anything else (i.e., to handle malicious inputs correctly). The developers of ffmpeg are very good at the first thing and not very good at the second. But few people on this planet, if instructed to write a complex video format parser in C or assembly, can produce something that's secure on the first try. The main failing of the ffmpeg team is that they should have spent more time on architectural hardening and mitigations. Most other large projects of this type do. | |
| ▲ | endofreach an hour ago | parent | prev | next [-] | | So who is someone who's opinion is worth anything to you? Except yourself, presumably, to me it almost seems nobody is perfect. | | |
| ▲ | pibaker an hour ago | parent [-] | | On this subject I'd at minimum expect someone with experience in security. Not someone most famously known for making toys that run on computers. | | |
| ▲ | bravoetch an hour ago | parent [-] | | I've seen a lot of things written about Carmack over the last 30+ years, not one comment this casually dismissive until today. |
|
| |
| ▲ | an hour ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | wavemode 3 hours ago | parent | prev [-] |
| Security vulnerabilities are less about programming ability and more about rigor. |
