←back to thread

FFmpeg to Google: Fund us or stop sending bugs

(thenewstack.io)
1125 points CrankyBear | 9 comments | 11 Nov 25 18:32 UTC | HN request time: 0.884s | source | bottom
Show context
phkahler ◴[11 Nov 25 19:41 UTC] No.45891830[source]
From TFA this was telling:

Thus, as Mark Atwood, an open source policy expert, pointed out on Twitter, he had to keep telling Amazon to not do things that would mess up FFmpeg because, he had to keep explaining to his bosses that “They are not a vendor, there is no NDA, we have no leverage, your VP has refused to help fund them, and they could kill three major product lines tomorrow with an email. So, stop, and listen to me … ”

I agree with the headline here. If Google can pay someone to find bugs, they can pay someone to fix them. How many time have managers said "Don't come to me with problems, come with solutions"

replies(8): >>45891966 #>>45891973 #>>45893060 #>>45893320 #>>45896629 #>>45898338 #>>45902990 #>>45906281 #
1. zxspectrum1982 ◴[11 Nov 25 19:53 UTC] No.45891973[source]
Google is not paying anyone to find bugs. They are running AIs indiscriminately.
replies(7): >>45892052 #>>45892117 #>>45892121 #>>45892277 #>>45892330 #>>45895657 #>>45898332 #
2. rescbr ◴[11 Nov 25 20:00 UTC] No.45892052[source]
Still, they are paying for the computing resources needed to run the AI/agents etc.
replies(1): >>45892288 #
3. dtech ◴[11 Nov 25 20:05 UTC] No.45892117[source]
Someone is making the tools to find these bugs. It's not like they're telling ChatGPT "go find bugs lol"
replies(1): >>45894764 #
4. pimlottc ◴[11 Nov 25 20:06 UTC] No.45892121[source]
Someone started it running, they are responsible for the results.
5. rsanek ◴[11 Nov 25 20:18 UTC] No.45892277[source]
https://en.wikipedia.org/wiki/Project_Zero
6. nimih ◴[11 Nov 25 20:23 UTC] No.45892330[source]
They certainly paid someone to run the so-called AIs.
7. foobarchu ◴[12 Nov 25 00:18 UTC] No.45894764[source]
And running those models on large codebases like these isnt anywhere close to free either.
8. knowitnone3 ◴[12 Nov 25 02:13 UTC] No.45895657[source]
Does it matter? Either it's a valid bug or it's not. Either it's of high importance or it's not.
9. surajrmal ◴[12 Nov 25 10:02 UTC] No.45898332[source]
A human at Google investigates all of the bugs fuzzers and AI find manually and manually writes bug reports for upstream with more analysis. They are certainly paid to do that. They are also paid to develop tooling to find bugs.

I'm not sure what you think you mean when you say "running AIs indiscriminately". It's quite expensive to run AI this way, so it needs to be done with very careful consideration.