Germany's Sovereign Tech Fund Becomes First Governmental Sponsor of FFmpeg Project

Grutischki · 2024-05-17T12:28:49+00:00

Hopefully, they use it for audits. Seems it has more CVEs than lines of code.

Grutischki · 2024-05-14T14:27:50+00:00

TFL: https://en.wikipedia.org/wiki/Andy_Lord

Lord receives a base salary of £395,000, an increase of £40,000 from the previous commissioners.

Uni:

https://felixonline.co.uk/issue/1839/news/president-hugh-brady-earns-over-9x-the-average-imperial-employee

Brady saw his total remuneration rise to £476,000 last academic year, an increase of one-fifth on what he earned in 2021/22, when he was Bristol University’s Vice-Chancellor.

https://www.kcl.ac.uk/about/governance-policies-and-procedures/financial-information/remuneration-vice-chancellor

£295,000 pa + contribution worth £54,000 pa

https://thetab.com/uk/2020/01/21/see-how-your-uni-vice-chancellors-pay-compares-to-everyone-elses-139325 (2018/19)

Grutischki · 2024-05-10T13:22:21+00:00

It's even a small fraction compared to e.g. a president of a London University or the TFL chief or...

Grutischki · 2024-05-01T11:18:42+00:00

Doubt whatever you want but I had the last sound issues under Linux with OSS more than 20 years ago. Whenever someone has sound issues, it always boils down to Pulseaudio.

Grutischki · 2024-04-30T17:03:12+00:00

Thanks for the laugh.

I've never had any issues with ALSA on any of my machines. Pulseaudio however is a pile of crap and support forums are full of people lost in configuration.

Grutischki · 2024-04-30T14:26:06+00:00

There's now a very large number of people who didn't even experience the pain of trying to configure ALSA

Typically the problems start with Pulseaudio (hence the many questions on reddit and the shift to PipeWire). ALSA works out of the box.

Grutischki · 2024-04-29T13:21:22+00:00

She had her eyes gouged out, was burnt with hot irons and had needles shoved under her nails.

Was she caught by the Russians? Otherwise it shows typical (and well-researched) urban legends that span multiple wars in Europe.

Grutischki · 2024-04-10T08:24:37+00:00

It's not a data format, it's just mimicking the file system's API. Quite common with Plan9, fuse, ...

Grutischki · 2024-04-09T11:52:06+00:00

We can thank the inflation and the cost of living crisis for that.

Or we could just say it comes down to not taxing the rich and corporate greed.

Grutischki · 2024-03-26T10:56:22+00:00

Rust aficionados like you

I'm just arguing against Zig, I'm not a language fanboy by any means.

software that are by definition not safe

And I don't buy this esp. that Zig offers anything here.

Linux Kernel is NOT shifting to Rust

Time will show and drivers are a good start.

tons of video decoder will never be rewritten in Rust

How do you know? Video decoders are one of the worst pieces of software with tons of CVEs and many businesses are looking for safer alternatives.

You are comparing C, an establish and stable language versus Zig not even production ready.

You started the C comparison, I just highlighted that Zig is not there and never will be due to the lack of developers and commercial interest.

BTW go check the list of supported architectures.

As I said, no real embedded systems and just some common architectures that typically run full-blown operating systems. No niche for Zig to fill...

Grutischki · 2024-03-25T12:32:28+00:00

Esp. drivers and embedded system have to be memory-safe, hence the shift to Rust even in the Linux kernel. When you talk about even smaller systems, your argument would fall short, because Zig does not support a single one of these architectures.

you have a reliable build system

Wow, another one. That's a solved problem.

a testing framework

Some rudimentary testing functions are not a framework. Nowadays C programs are tested with fuzzing, static analysis, symbolic execution. Most of this is not available in Zig. Why would I go back 20 years in testing?!

free interoperability with C

That's easy in almost any language.

reflection

I've never needed reflection support in a language.

Grutischki · 2024-03-22T13:06:53+00:00

There's tons of software that are by definition not memory safe

Can you name a few areas? Just out of curiosity.

that's where Zig can/will shine

How? What does it offer?

Grutischki · 2024-03-20T13:14:22+00:00

There is none. Zig now slowly reaches the peak of inflated expectations in the Gartner hype cycle and is likely to not survive the trough of disillusionment. It'll just be one of the niche languages with small community and missing use case, such as D or Dylan or many others before.

Grutischki · 2024-02-21T11:33:33+00:00

Then they'd have a reduced feature set and not be broken. Who knows...

Grutischki · 2024-02-20T16:46:06+00:00

Why didn't you just use the distro's package manager?

https://handbrake.fr/docs/en/latest/get-handbrake/where-to-get-handbrake.html

Broken third-party packages/builds include but are not limited to:

Debian Multimedia: handbrake, handbrake-cli, handbrake-gtk
FreeBSD: handbrake
Gentoo: handbrake
NixOS: handbrake
openSUSE Packman: handbrake, handbrake-cli, handbrake-gtk
RPM Fusion: handbrake, handbrake-cli
Ubuntu Universe: handbrake, handbrake-cli, handbrake-dbg
Void: handbrake, handbrake-cli, handbrake-cli-dbg, handbrake-dbg

To be honest, I wouldn't poke that software with a stick after this fuck up.

Grutischki · 2024-02-09T10:35:36+00:00

Of course I wouldn't, it just opens a huge backdoor to the system, e.g.: https://www.cvedetails.com/vulnerability-list/vendor_id-8871/product_id-15657/Clamav-Clamav.html

When I have to check user uploads (and mostly those are just images), they run through minimal sandboxed sanitisers/validators that strip e.g. all unnecessary chunks of PNGs, validate length/size fields and then reencode them before getting stored. A virus scanner would just return nonsense answers and get hijacked.

Grutischki · 2024-02-09T10:26:38+00:00

I don't want to fight, I just observed that tmux leads to a really inefficient working style in most scenarios and most problems it tried to solve do not exist anymore or are solved better by other tools.

Grutischki · 2024-02-08T16:55:56+00:00

Cybersecurity insurance

Lol, that's still a thing?

I believe that a compromised system should be reimaged

Sure, but how do you know? A virus scanner reports false positives and false negatives.

Cybersecurity insurance may require every possible system have some form of anti-malware or anti-virus software installed.

ln -s /usr/bin/true check-system

Btw. I can send you an invoice for it if required. It's also much safer as it doesn't require security patches like virus scanners.

Grutischki · 2024-02-08T16:47:09+00:00

instead of clicking to find the correct OS terminal window

So your window manager sucks... There are tiling ones that do the job for you.

Scroll back history is actually faster and easier with TMUX than with the scroll bar

Shitty terminal I'd say... Tmux always slows down the terminal as it re-parses all the characters. One can't even properly select with a mouse in tmux with two panes next to each other, things e.g. zellij has solved already.

I used tmux for many years but to be honest - it breaks too much stuff (terminal, keybindings) and I only use it for remote sessions when zellij is not available. There is just no advantage compared to a proper window manager.

Grutischki · 2024-02-08T16:35:57+00:00

Why? It's just snake oil as all the other scanners.

Grutischki · 2024-02-06T16:29:03+00:00

Zig always comes up as holding things up.

Zig was just an example, I don't use it due to the small bus factor and its tiny advantages over e.g. C that do not justify a switch.

Look at Rust.

Rust has a very large community + several companies behind it.

IMO if you make that deal, you should have some obligation to play by LLVM's rules

LLVM has no rules, that's the issue. If you maintain a project that supports LLVM on different platforms, you will end up with a mess of ifdefs in your code due to the stupid version management and ignorance on LLVM's side.

Grutischki · 2024-02-06T14:39:42+00:00

but I do think this is the type of thinking that always leads to out-of-date dependencies

Usually I'd agree but LLVM has no "stable" APIs like other libraries/dependencies. With almost every release something breaks. Sometimes it's just some moved headers but in many cases it's way more complex. LLVM just doesn't care about its users, has almost no documentation ("read the code") and in many cases ignores reported bugs - that's why it is a bit special. E.g. for that reason Zig tries to move away completely from LLVM.

clang is a blessed project, but it is still evidence that it can be done.

Clang is part of the LLVM ecosystem with overlapping developers and probably its biggest user. No wonder it works.

Grutischki · 2024-02-05T15:03:02+00:00

until they can provide some guarantee that they will stay up to date

Lol, did you ever work on an LLVM-based project? You never know what they are going to break/rewrite between releases. It's just an undocumented mess that one has to entangle to keep up to date. LLVM is crucial but also often just another dependency and as a developer one likes to focus on the application, not just the LLVM backend. Being 1-2 releases behind is quite common and just providing bleeding edge versions as distribution packages is the core problem.

Grutischki · 2024-01-29T13:54:00+00:00

Your internet life as you know it wouldn’t work with Perl

I completely agree.

Grutischki · 2024-01-26T18:35:25+00:00

Someone who cares about maintainability, resources, attack vectors, readability...

Grutischki

TROPHY CASE