(thenewstack.io)

1124 points CrankyBear | 2 comments | 11 Nov 25 18:32 UTC | HN request time: 0s | source

Show context

theoldgreybeard ◴[11 Nov 25 19:50 UTC] No.45891941[source]▶

The vulnerability in question is a Use After Free. Google used AI to find this bug, it would've taken them 3 seconds to fix it.

Burning cash to generate spam bug reports to burden volunteer projects when you have the extra cash to burn to just fix the damn issue leaves a very sour taste in my mouth.

replies(4): >>45892004 #>>45892129 #>>45892230 #>>45895702 #

tpmoney ◴[12 Nov 25 02:22 UTC] No.45895702[source]▶

>>45891941 #

If it takes 3 seconds to fix it, then how is this some massive burden on the maintainers? The bug report pointed to the relevant lines, the maintainers are the most familiar with the code and it probably would have taken them 1.5 seconds to not only fix it, but validate the fix. It probably took more time to write up the complaint about the bugs than to implement the fix.

replies(2): >>45900512 #>>45901191 #

1. theoldgreybeard ◴[12 Nov 25 15:12 UTC] No.45901191[source]▶

>>45895702 #

I’m not on the beck and call of Google’s robot.

Maybe if it was an actual engineer from Google doing this they would have gotten a better response. Don’t expect people to treat AIs the same way we treat people.

But if you send me an automated report and then tell me to jump I’m telling you to f*ck off.

replies(1): >>45904249 #

2. Dylan16807 ◴[12 Nov 25 18:51 UTC] No.45904249[source]▶

>>45901191 (TP) #

The report had a bunch of human effort in it, and didn't tell ffmpeg to do anything at all.

What happens if I send you an automated report that tells you of a meaningful problem you didn't know about, and don't tell you to jump?

↑

FFmpeg to Google: Fund us or stop sending bugs