Can't help laughing at a random ad hominem against John Carmack of all people, and about his opinion on a guy who is already widely regarded as an especially talented programmer.
reply[dead]
replyI don't think that's fair. There's a lot of talent and grit behind ffmpeg. But for better or worse, getting the code to do what it's supposed to do requires a different mindset than getting it to not do anything else (i.e., to handle malicious inputs correctly).
replyThe developers of ffmpeg are very good at the first thing and not very good at the second. But few people on this planet, if instructed to write a complex video format parser in C or assembly, can produce something that's secure on the first try. The main failing of the ffmpeg team is that they should have spent more time on architectural hardening and mitigations. Most other large projects of this type do.
So all I am hearing is.. Rust
replyMy understanding is that ffmpeg is probably incredibly close to the metal, with tons of assembler mixed in. I imagine doing the same in Rust would include lots of `unsafe` blocks and a similar amount of assembly, so it wouldn't change much in terms of security. Or am I wrong?
replyWuffs usually comes up in this context: https://github.com/google/wuffs
replySo who is someone who's opinion is worth anything to you?
replyExcept yourself, presumably, to me it almost seems nobody is perfect.
On this subject I'd at minimum expect someone with experience in security. Not someone most famously known for making toys that run on computers.
replyI've seen a lot of things written about Carmack over the last 30+ years, not one comment this casually dismissive until today.
replydeleted
reply