The OFFICIAL programming thread
-
Kinda agree that Google should throw out an AI solution or something for this.
-
Yeah I dunno. I mean given they own YouTube they should certainly be contributing dollars or resources to the ffmpeg project regardless but the world is a better place with their fuzz tool that finds these vulnerabilities and I’m not sure an entity finding and reporting a vulnerability should be obligated to fix it. They’d probably just shut the tool down if they had to. Other projects actually pay people to find vulnerabilities.
As an aside, that person behind that ffmpeg tweet has touched off a huge controversy and a lot of bad blood in the ffmpeg project. There was a vote to have their posting rights removed for poorly representing or misrepresnting the project and then people who voted in favor of that started getting TOS’d for bullying. Only mention it because I happened to watch the below for some reason and it went into detail about the drama:
-
I think the tool is awesome, but the time limit thing is sort of arbitrary. Nobody is thinking about whether this is a significant vulnerability, but the effect where they just report and auto disclose in 90 days is where there is a problem. Like in this case maybe there’s one download a year of the thing that was broken from the 1990s, but the Google disclosure makes it look like FFmpeg is broke and they have to deal with that fallout if they don’t fix it immediately. And also in this case if FFmpeg is integral to Youtube, they should give back and help with these things.
As far as the Twitter fight, I thought “talk is cheap, send patches” was pretty funny.
-
Weird, in java: 1 == 1 is true and 1000 == 1000 is false. Seems like a communist language or something Tigger would like.
-
Gemini gave me a long boring explanation of why that might happen with autoboxing and said you should do the comparison this way:
Integer.valueOf(1000) == Integer.valueOf(1000)I think I must have spent all of 24 hours learning Java decades ago before thinking, nah this is bullshit (too much boilerplate) and never touching it again. Stuff like the above seems to confirm it.
-
This works too:
Integer a = 1000;
Integer b = 1000;
System.out.println(a.equals(b)); // trueAnd yeah, I would have quit as well had I even tried to learn it. That’s stupid.
-
Code snobs!
-
And Fortran boy shows up, the cave drawings of coding.
-
@Gators1 said in The OFFICIAL programming thread:
And Fortran boy shows up, the cave drawings of coding.
Bah. We should have stopped at FORTRAN and Pascal. They did everything an engineer needed.
-
@oyaji said in The OFFICIAL programming thread:
@Gators1 said in The OFFICIAL programming thread:
And Fortran boy shows up, the cave drawings of coding.
Bah. We should have stopped at FORTRAN and Pascal. They did everything an engineer needed.
Dads sims were Fortran and M204.
-
I like Rust but it can pretty quickly get very unergonomic depending on the complexity of what you are trying to do (and async in Rust is a clusterfuck IMO) so I generally prefer to code in something else. That said, these claims are pretty dramatic:
We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust’s impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one.
I drilled Gemini on the 1000x reduction claim and Gemini calculated it to be closer to 5000x.
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...
why everyone is mad at google (this time)
