Is the FFmpeg Twitter account managed by a developer's teenage son? No matter what point that they try convey, it's always stated in an obnoxious manner.
Maybe they should hire Mario Nawfal for their announcements:
"""
BREAKING: AI FOUND VULNERABILITY IN FFMPEG!
After decades of human struggle, humans no longer call the shots.
Pwno decided to take the leap. They did not just find a vulnerability---they found a BOMBSHELL! What took developers weeks to write, AI analyzed in SECONDS!
"""
This is another drawback of security research, but one that had already existed before "AI" with ossfuzz.
You basically cannot commit in public to the main branch and audit and test everything 3 months before a release, because any error can be picked up, will be publicized and go into the official statistics.
There are no "official" statistics. None of this matters. If we judged projects by the number of security holes they had, then no one would be using ffmpeg, which had hundreds of serious vulns.
Vulnerability research is useful insofar that the bad guys are using the same techniques (e.g., the same fuzzing tools), so any bugs you squash make it harder for others to attack you. If your enemy is a nation state, they might still pack your laptop / phone / pager with explosives, but the bar for that is higher than popping your phone with a 0-day.
Vulnerability research is demonstrably not useful for improving the security of the ecosystem in the long haul. That's where sandboxing, hardening, and good engineering hygiene come into play. If you're writing a browser or a video decoder in C/C++, you're going to have exploitable bugs.
> Vulnerability research is demonstrably not useful for improving the security of the ecosystem in the long haul. That's where sandboxing, hardening, and good engineering hygiene come into play. If you're writing a browser or a video decoder in C/C++, you're going to have exploitable bugs.
IMHO, vulnerability research is the stick that drives the ecosystem towards all those things. Reports of vulnerabilities in the codec for Rebel Assult videos (or whatever) leads one to disable codecs other than those they need. Reports of vulnerabilities in playlist support leads one to disable playlist support where it's unnecessary and run transcodes in a chroot sandbox with no network access. Reports of buffer oveflows leads one to prefer implementation in memory safe languages where available with sufficient performance and also to sandbox when possible.
If we assume the company runs N projects with positive Net Present Value (NPV) at the start of the project and after re-evaluation some of the project NPV turned to be negative, closing the project and laying off the staff will actually make company worth more.
Yes, but the reason you will see companies put out press releases explaining layoffs is because the market does not on its own make such generous assumptions reliably when it sees layoffs.
(And even if it does, the fact that the NPV of a project "turned negative" indicates that the value of the company dropped, and the layoffs are only a partial mitigation, which still hurts the perception of the company if the market hadn't discovered and priced in the drop before the company did and reacted with layoffs.)
It’s a huge chuck metal well over a foot long in the middle of a lane. The center of a lane is usually higher than sides and an uneven patch of road can cause a slight bounce before it, further reducing clearance. I’d worry about my RAV4 (8 inches) clearing it safely.
At first, I thought it was possibly a tire tread, which tend to curl up.
"White" in USA means "Anglo-Saxon Protestants + some groups we accept as close enough".
Makes no sense, but the whole idea of races is dumb from the start (same skin color is a very bad proxy for DNA similarity), so it's pointless to correct them.
Calling anyone in the US "Anglo-Saxon" is already buying in to a mythology about ethnic origins. Even in England I doubt you'll find many people whose ancestry is derived mainly from the Angle and Saxon tribes as opposed to being a mix of pre-Celtic British, Celtic, Norman, other Germanic, etc.
And Protestantism didn't exist until centuries after the Anglo-Saxons stopped being identifiable groups, if they ever were
Africa's higher human diversity is mainly in low-population groups like the Khoisan. The big groups are not nearly as diverse (although they do carry some Khoisan genes, for example).
Indeed really not true. For example: I am quite mixed, declared my own race on an unclaimed spot of non-scientific identity-formation, and despite what some would say and discounting any possible future irradiation, my genitic diversity is absolutely zero ;-)
In the 1940 US census, "white" included anyone of Mexican descent.
President Franklin D. Roosevelt promoted a Good Neighbor policy that sought better relations with Mexico. In 1935, a federal judge ruled that three Mexican immigrants were ineligible for citizenship because they were not white, as required by federal law.
Mexico protested, and Roosevelt decided to circumvent the decision and make sure the federal government treated Hispanics as white. The State Department, the Census Bureau, the Labor Department, and other government agencies therefore made sure to uniformly classify people of Mexican descent as white.
This policy encouraged the League of United Latin American Citizens in its quest to minimize discrimination by asserting their whiteness.
The race category of "Mexican" was eliminated in 1940, and the population of Mexican descent was counted with the white population.
Wasn’t being “white” legally required to vote in federal elections for most of US history? Were any of these groups ever prohibited from voting on the basis of not being “white”? I have never heard of that happening, have you? I think that would answer the question, since the government was actually in the business of determining “white”-ness at that time, and unless I’m mistaken, all of those groups were determined by the federal government to be “white”.
> Slavic peoples were considered to be people of an "inferior race" who were unable to assimilate into American society.[4] They were originally not considered to be "fully white" (and thus fully American), and Slavic peoples' "whiteness" continues to be a debate to this day, but most people consider them to be of Caucasian culture
"white" is a racist label that does not take into account the complexity of world history. It may be reasonable to use it in contexts of historical racism, e.g. in America (where many Slavic people were almost absent) or Sub-Saharan Africa (zero Slavic presence during colonial times), but it just does not make much sense elsewhere, e.g. it's absolutely irrelevant when describing ethnic tensions between Slavs and Caucasians or Central Asians.
Not if you consider all the modern negative connotations of being called "white". Eastern Europe was under colonial rule (of Russian empire) up until 1980-90s.
Russians are Slavs too. They are the last remaining colonial empire and historically one of the worst bullies ever.
Poles are Slavs, and they colonized EE before Russians took over.
It's just a pointless subdivision within a pointless hierarchy.
Races as defined by Americans don't match skin color nor DNA proximity.
Skin color doesn't match DNA proximity.
And none of these map cleanly into "bully vs victim" subdivisions. Mostly because groups of people move from bullies to victims and back over time. People who systematically have the chance to bully others will eventually do that.
Doesn’t the word “white” obviously refer to the skin color? If you think it has to bring something about colonialism it’s probably because you have somewhat of a twisted perception of reality.
No, just someone who is not a jingoist for an Eastern European country.
Though I'm sure Russian jingoists over 60 today too prefer to see Soviet-allied states as "their empire". It's no more true than saying Argentina was a US colony - which means yes, you could say it, but we'd all be dumber for thinking of it like that.
I work with a lot of scrap and scrappers. they did this at the local scrapyard, and indeed they stopped accepting anything from anyone without a city-issued business license.
now the tweakers sell directly to scrappers with a business license, that take a 25-50% cut.
That's how it works in the UK, following too many thefts of copper cables for railways which are at least one, maybe two orders of magnitude more expensive to repair than highway barriers.
You must show identification when selling scrap metal, and the scrapyard must record that for a period.
Yep, they only care about crimes that earn them bonuses either financially or materially. And drug crime lets the courts rake in fines and fees which filter down to cops too and many police also seize all sorts of material goods that disappear both legally and illegaly into their personal possessions.
The numbers just don't seem big enough. Repair costs of $62,000 over two years in LA and Ventura counties - an area with 10 million people. The savings from 100% enforcement at the scrapyard level would pay for what, one full time employee inspector for the state of California?
It would be cheaper all round to add a $100 yearly registration fee to every scrapyard, rather than give them an extra compliance burden.
The guardrails aren't the only things being stolen for scrap, they're just what the article focuses on. There's a link included to an article about streetlight copper theft which probably costs even more, and another about telecom theft.
That's all there is to it. All these scum know they are buying stolen items, but they do it anyway. Same thing for catalytic converters and copper stolen from just about anywhere.
Drop long prison sentences and massive fines on these people, and this problem would vanish in short order.
Once pharmacies and drug manufacturers in the American legal system started getting held liable for excessive opioid prescriptions and pushing, it became less common. So yeah. It might work.
Isn't America experiencing absurd amounts of petty theft right now? Maybe pawn shops are no longer in the equation (doubtful, though. Any data on this?) but did it actually help alleviate the problem?
As for the opioid crisis... well, I don't want to open up that can of worms.
You can carefully pick an order of features to build in a way, that every new feature will invalidate an abstraction correctly implementing all the previous features.
AI translation (to English) is off in places. "Ukrainian cybercriminals" is not in the original and was picked as the translation of the closest sounding full word.
I checked with HR at my company and got an answer I'm not allowed to announce the following: anyone submitting the code or asking a question about the code without disclosing the fact that the code in question was generated by LLM would be cursed.
"Jewish State" literally means religious norms and holy scriptures are considered a law. Rabbinical courts are part of the Israeli legal system, which operates religious courts in parallel to the civil court system.
The rabbinical courts exist for sorting out religious issues, such as religious marriages and divorces of Jewish citizens. Judaism is not even special-cased: «Such courts exist for the recognized religious communities in Israel, including Muslim courts, Christian courts, and Jewish Rabbinical courts.» (Wikipedia).
The Basic Laws, which sort of comprise the makeshift constitution of Israel, don't seem to make any religious references, but rather refer to the founding UN principles like human rights.
you know such a clause in a rental agreement would be legal in the US as well, right? Binding arbitration clauses are legal in rental agreements at least in many parts of the US and agreeing to a rabbinical court to be the arbitrator is legal as well.
> Seeing as this has made the orange site, let it be known this person is a model security researcher.
> The issue was not in any FFmpeg release, and a report was sent three days after a new code was added to FFmpeg Git.
> There was no big CVE ADVISORY "MUH SECURITEH" "you need to fix this now or you will be hacked and the world will end" associated with the report.
reply