Stubsack: weekly thread for sneers not worth an entire post, week ending 2nd November 2025 - awful.systems
awful.systems
Want to wade into the spooky surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youā€™ll near-instantly regret. Any awful.systems sub may be subsneered in this subthread, techtakes or no. If your sneer seems higher quality than you thought, feel free to cutā€™nā€™paste it into its own post ā€” thereā€™s no quota for posting and the bar really isnā€™t that high. > The post Xitter web has spawned soo many ā€œesotericā€ right wing freaks, but thereā€™s no appropriate sneer-space for them. Iā€™m talking redscare-ish, reality challenged ā€œculture criticsā€ who write about everything but understand nothing. Iā€™m talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyā€™re inescapable at this point, yet I donā€™t see them mocked (as much as they should be) > > Like, there was one dude a while back who insisted that women couldnā€™t be surgeons because they didnā€™t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canā€™t escape them, I would love to sneer at them. (Credit and/or blame to David Gerard for starting this. Happy Halloween, everyone!)

Want to wade into the sandy surf of the abyss? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youā€™ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cutā€™nā€™paste it into its own post ā€” thereā€™s no quota for posting and the bar really isnā€™t that high.

The post Xitter web has spawned soo many ā€œesotericā€ right wing freaks, but thereā€™s no appropriate sneer-space for them. Iā€™m talking redscare-ish, reality challenged ā€œculture criticsā€ who write about everything but understand nothing. Iā€™m talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyā€™re inescapable at this point, yet I donā€™t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldnā€™t be surgeons because they didnā€™t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canā€™t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

  • Sailor Sega Saturn@awful.systemsEnglish
    16Ā·
    7 months ago

    NotAwfulTech and AwfulTech converged with some ffmpeg drama on twitter over the past few days starting here and still ongoing. This is about an AI generated security report by Googleā€™s ā€œBig Sleepā€ (with no corresponding Google authored fix, AI or otherwise). Hackernews discussed it here. Looking at ffmpegā€™s security page there have been around 24 bigsleep reports fixed.

    ffmpeg pointed out a lot of stuff along the lines of:

    • They are volunteers
    • They have not enough money
    • Certain companies that do use ffmpeg and file security reports also have a lot of money
    • Certain ffmpeg developers are willing to enter consulting roles for companies in exchange for money
    • Their product has no warranty
    • Reviewing LLM generated security bugs royally sucks
    • Theyā€™re really just in this for the video codecs moreso than treating every single Use-After-Free bug as a drop-everything emergency
    • Making the first 20 frames of certain Rebel Assault videos slightly more accurate is awesome
    • Think it could be more secure? Patches welcome.
    • They did fix the security report
    • They do take security reports seriously
    • You should not run ffmpeg ā€œin productionā€ if you donā€™t know what youā€™re doing.

    All very reasonable points but with the reactions to their tweets youā€™d think they had proposed killing puppies or something.

    A lot of people seem to forget this part of open source software licenses:

    BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW

    Or that venerable old C code will have memory safety issues for that matter.

    Itā€™s weird that people are freaking out about some UAFs in a C library. This should really be dealt with in enterprise environments via sandboxing / filesystem containers / aslr / control flow integrity / non-executable memory enforcement / only compiling the codecs you needā€¦ and oh gee a lot of those improvements could be upstreamed!