This seems to have been an investment scheme. Who hired an architect who is this insane?

"One recalled warning Tarek Qaddumi, The Line's executive director, of the difficulty of suspending a 30-story building upside down from a bridge hundreds of metres in the air. 'You do realize the earth is spinning? And that tall towers sway?' he said. The chandelier, the architect explained, could 'start to move like a pendulum,' then 'pick up speed,' and eventually 'break off,' crashing into the marina below."

That level of nonsense is usually restricted to a flat-Earth message board. But these folks were hired? They had no intention of delivering this project. If they wanted to deliver it, they wouldn't have hired people from the local psyche-ward.

Anyone who voted this up is disgusting.

OP is also disgusting.

Since when do people who read "news for nerds, stuff that matters" advocate for racism? Good, old-fashioned racism? The kind that started in the 16th century, and should have died there?

https://en.wikipedia.org/wiki/...

That this is a post and was moderated up is disgusting. What the hell is wrong with you?

"1) Canada has already lost its status. Its hard to see how that is Trump's fault."

It is the fault of people who cause other people to hesitate or not vaccinate. We call them anti-vaxxers.

"2) Trump has only been in office for less than a year. Its unlikely the measles outbreak is a result of any of his policies."

Trump appointed an anti-vaxxer to head the CDC. This is his policy. His actions drive this as much as RFK and other anti-vaxxers. No one seems to disagree that the folks who vote for silly policies view his silly policies as legit, and legit policies as silly. That means they are the same problem -- ignorance masquerading as a relevant choice due to people's fear, uncertainty, and doubt. The same things any flim-flam con-artist would brag about.

"3) The outbreak is all along the southwest border with large populations of people who lack access to regular health care."

Yes, it is truly sad to see how terrible healthcare is in the United States. Why do you view that as a reason to not try anything new, and give up what little is being done? We seem to agree that what exists is not satisfactory.

"Blaming anti-vaxxers is attributing way too much power to a fringe group."

Wrong. That's like saying the person who drove the car off the cliff isn't responsible, because the other people in the car could/should have wrestled the wheel away from the driver. The driver is responsible. It is ridiculous to claim otherwise (you sound brainwashed).

"Perhaps we should look at years of neglect of public health in those states instead. With millions of people lacking access to basic health care what did you expect?"

Yeah, normal people have decried the terrible state of public US health policy. The only improvement in the last 2 decades was Obama Care. What's with the Republicans taking that away? How far into the dark ages do they want us to go?

""Trump did it" has become the standard excuse for the widespread failure of our political class. You can just point the finger at Trump and pretend the problems will be solved when he goes away. So his rival politicians will spend the next three years talking about Trump instead of addressing how to make our lives better."

Like you are doing? This "point" seems weirdly self-antithetical. Trump is one part; there's also Justice/SCOTUS, Senate, Congress. All aspects of government are in government, otherwise it's not government. Seems tautological.

"Its not that there isn't a lot to criticize about Trump. Its that most of the criticism is directed at minor sideshows like this one. And I say that as a former community health worker who spent a couple years knocking on parent's doors to increase the level of MMR vaccinations in local schools. I may have run into one parent who opposed vaccination. The rest just lacked the personal resources to get their kids immunized. They had a hard time making sure their kids had breakfast and got to school."

You know, programs that provide food to those in need + vaccine resources were cut by Trump and his cabinet of doom? This "point" also illustrates that this problem is big and has many factors at play, like problems that humans have traditionally banded together to face. That's why most developed countries (just the USA abstaining) use socialized healthcare policies.

Frankly, your confused post just shows why the problem seems intractable to the occupants of the country most victimized by their own medical policies -- the current USA medical policy is rake-stepping! You have people who make more money than god from medical care profits which are in the bleeding-from-your-eyes-numbers of over ,000 markup, because no-one shops around for things like bullet extractions. It's not a service that does well in unregulated capitalism (unless you own the company selling heroin, in which case you're billionaires and don't care).

Trump is also a promoter of that. It's valid to mention the toxic effect his cabinet and policies have had during *BOTH* of his terms, because that is literally what's happening now. These are the issues we agree on, and these are things driving those issues. The learned helplessness and unwillingness to challenge ignorance you seem to suggest isn't helpful, in my opinion.

> by weight, equivalent to a half-raisin carrying three uncooked grains of rice.

wtf?

Google, Microsoft, Apple, Facebook, Amazon, or another one of the big software development companies could easily fork ffmpeg itself, fix the open CVEs, provide their own (likely incompatible) features, and become the new standard - leaving the original developers out in the cold. Google did this with Blink (forked from WebKit, which itself was forked from KHTML). They took a fork of a KDE backed project, put it into what is now the #1 browser in the world, allowed Microsoft, Opera, and others to then use it in their own browsers — and now Google owns the entire narrative and development direction for the engine (in parallel to, and controlled to a lesser extent by Apple which maintains WebKit). The original KHTML developers really couldn’t keep up, and stopped maintaining KHTML back in 2016 (with full deprecation in 2023).

That is the risk for the original developers here. You’re right in that there isn’t really anything out there that can do what ffmpeg does — but if the developers don’t keep up on CVEs then organizations are going to look for new maintainers — and a year or two from now everyone will be using the Google/Microsoft/Apple/Facebook renamed version of ffmpeg instead.

That’s the shitty truth of how these things work. We’ve seen these same actors do it before.

Yaz

Look — I’m a developer. I get it. I’m personally all for having organizations do more to support the OSS they rely on. But the people in the C-suite are more worried about organizational reputation and losing money to lawsuits. If a piece of software they rely on has a known critical CVE that allows for remote code execution and someone breaks in and steals customer data — that software either needs to be fixed, or it needs to be scrapped. Those are the choices. Our customers in the EU are allowed to request SBOMs of everything we use and pass it through their own security validation software — and if they find sev critical CVEs in software we’re using there is going to be hell to pay. And the people in the C-suite can’t abide that level of risk.

Most software development companies (outside some of the biggest ones) don’t really have the kind of expertise in house to supply patches to something as complex as ffmpeg. But a company like Google has the staff with sufficient experience in this area that they could fork the project, fix the issues, and redistribute it as their own solution to the problem — and now Google is driving ffmpeg development. Organizations that need a security-guaranteed version will simply switch to Google’s version, which will likely slowly become incompatible with the original. They’ve done it before — Chrome was Google’s fork of WebKit, huge swaths of users flocked to Chrome, and now Google has over the years made enough changes that their patches often aren’t compatible with WebKit (and, of course, WebKit itself did similar when they forked KHTML).

Now forking like this is great for the community, but it can be tough on individual developers who see their work co-opted and then sidelined by massive corporations. And that’s really why the ffmpeg developers need to be very careful about ignoring CVEs like this. They do so at their own peril, as anyone can fork their code, fix the issues, and slowly make it incompatible with the original. And a big enough organization can ensure they’re fork becomes the new standard, leaving the original developers out in the cold.

Yaz

"otherwise qualified students" -- what other qualifications are relevant?

Wouldn't SAT testing filter out these students? Or is that considered to be classist or something?

That, or your project gets sidelined. Which is where the danger lies.

I work for a big multinational software company that uses a lot of Open Source Software. We have a security office that audits all of our products several times a year. If any piece of our stack shows any open CVEs we have a fixed amount of time to fix the issue, with the amount of time varying from a few days (for CRITICAL severity issues) to roughly half a year for the lowest severity issues. A lack of a fix for a published CVE isn’t an excuse for not fixing the issue on our end — the software still has a security flaw in it, and the organization is so incredible security averse (thanks in part to having contacts in the defence industry) that they don’t want to risk expensive lawsuits and the loss of reputation if a vulnerability is exploited.

A lot of bigger organizations now work this way. We’ve all seen what has happened to organizations that have had significantly security breaches, and it’s not pretty. Our customers are big corporations and government entities — and if they even sniff a risk there are going to be problems. So if there is an unpatched exploit, we’re expected to either switch to something comparable, or DIY a solution (either replacing the library in question, or potentially patching it ourselves).

If ffmpeg allows known and published vulnerabilities to languish, the risk here is that organizations that use their code will simply stop using it and will look for other solutions. That’s a tough pill for an Open Source Software developer to swallow, especially when they make it as big and important as ffmpeg. You might wind up in a situation where an entity like Google forks your code and takes ownership, and eventually gets everyone to migrate to using their version instead (like what they did with WebKit to Chrome), leaving you sidelines. Or maybe someone else jumps in with a compatible solution that works well enough for enough users that they switch to that instead.

Now in an ideal world, the Google’s of this world would not only submit a CVE but would also submit a patch. Having been an OSS developer myself I’ve always encouraged my staff if they find a bug in a piece of software we use to file a bug report and ideally a patch if they know how to patch the issue correctly — but I know that is hardly universal within our organization, and probably even less so elsewhere.

TL;DR: a lot of OSS success relies on having lots of users, or at least some big and important users. But you risk losing those if you leave CVE’s open for too long, as company policies may require scrapping software with unfixed CVEs. That loss of users and reputation is dangerous for an OSS project — it’s how projects get supplanted, either by a fork or by a new (and similar) project.

Yaz

The information ABOUT the version is much more valuable than the source code.

You don't put the source in a history book and that's the only place unix v4 is valuable.

Hahaha, what?

You say the pilot in control should have intentionally sheered off the wings (FULL OF JET FUEL) off during a dual-engine failure? You obviously have no idea about planes.

There is nothing that could have been done. They were past V1. There was no arrester pit at the end of the runway (which wouldn't have done much). We're talking about a vehicle loaded with 10,000s of lbs of fuel. Sheering the wings off would have spread chaos and destruction.

There is nothing that could have been done.

after the demo where they massively overpay for clean hydrogen they start burning the stuff you get from natural gas.

Hydrogen is BS in all practical applications.

Dear AMD,

There wasn't any confusion. We heard what you said.

Now you're backtracking - so it seems like the only confusion was with amd.

Ok, except: that doesn't address vulnerabilities in C/C++ apps which are stopped in Rust. This also ignores the fact that there already exist functional tests of these core utilities.

If I can swap a 2mm hex nut from company A for a 2mm hex nut from company B -- and the nuts pass acceptance tests -- that's what you want. It's *ELIMINATING* sources of error within the existing framework of tests.

Sounds like a huge waste of resources. P = MV. Any form of air-balloon is ... how many kilograms? The plane will be going at less than mach 1.

Also, do you not understand what ADSB is? I think you mean TCAS.