I know 1 or 2 people who used Vine when it was out then wouldn't stop talking about it for years after it shut down. There was a user base at one time. I doubt that will translate to today, though.

NHTSA and NASA didn't study all of the code in the PCM. Their analysis is therefore invalid. Barr Group found a significant number of paths to unintended acceleration, zero of which depended on cosmic rays and also that Toyota not only didn't follow industry best practices, they didn't follow their own internal procedures. And you think China, which hasn't ever made the best software for anything, is immune to the same kinds of errors. You literally stated that there was no other way that it could happen, which is an obvious falsehood. It's unclear why you're engaging in this level of gaslighting.

first post modded redundant

suck this dick like trump sucked bubba, cuck

I'll go with NHTSA and NASA over the "Barr Group" ambulance chasers, thank you. Barr found that it's possible if you get like a cosmic ray to flip just the right bit you could stick the throttle on (but still not make it overpower the brakes). NHTSA and NASA investigated not just the software but the actual cases. In not a single actual case that they investigated did they find that it wasn't well explained by either stuck pedals or pedal misapplication (mainly the latter).

Oh hi, I remember chatting with you earlier :) Sorry to hear about your back. If you're ever planning on visiting Iceland, drop me a line, I can make recommendations. :)

There's some fascinating new work on "inverse-vaccines". In the same way that antigens can be flagged as "foreign", they can also be flagged as "non-foreign" by attaching N-acetylgalactosamine (pGal) to them. The liver recognizes that tag and uses it to suppress immune activation against that antigen.

That's not the goal of a vaccine against a dormant virus (destroying B-cells), it's about developing a more capable immune reaction against the virus itself. See for example the shingles vaccine (targets dormant VZV, aka shingles / chickenpox). With a strong immune recognition of the virus, as soon as it tries to reactivate, it's immediately targeted, preventing it from becoming problematic.

Dormant viruses use a combination of (A) techniques to suppress immune recognition of them, and (B) low / no reproduction until your body's immune recognition of them has weakened. Vaccines help deal with both issues.

(BTW, if you're getting up there in age and haven't gotten your shingles vaccine, do so. It's one of the "rougher" vaccines, IMHO (both on my initial and followup doses I had "flu symptoms" for a day, when I normally have no reaction at all to vaccines), but that's *way* better than getting shingles)

The funny thing is that as soon as I saw "[condition] may be linked to a common virus" I thought, "It's Epstein-Barr, isn't it?"

Seems it causes bloody everything under the sun :P

As soon as there's even a clinical trial I can sign up for to get vaccinated against it, I'm getting it. I had mono in my late teens, so I can be expected to have dormant Epstein-Barr in me. A horrible autoimmune condition that my mother has (which leads to among other things her skin regularly feeling like it's on fire) seems to be linked to Epstein-Barr reactivation.

I agree. In fact for most cable companies in particular it probably makes little sense to replace anything that can do even just 1 gigabit, because they almost surely have other regions or at least boroughs which are currently underserved.

I suspect it's mostly limited to sizable households with a lot of users. But we keep finding new ways to use available bandwidth...

This is true, but it's also dangerous. On the other hand federal law allows you to expire them after 5 years. Some states don't allow them to ever expire, but most do. So eventually you do get some of that money back.

That's both now (they could have done fiber a long time ago) and also the best case. Remember, "up to 10 Gbps speeds" (from your link) means anything from 0 bps to 10 Gbps.

Yes, but not for the reason you think. He thinks he can have AI do all the work. This is a move to get rid of everyone who will go easily. Paying these severances has surely been calculated to be cheaper than fielding lawsuits for dismissal without "justifiable reasons." You can be sure that they will next move on to a just-barely-not-legally-provable hostile work environment in order to convince more people to quit. There is no urgent need for layoffs, just a dumb CEO idea, so doing a layoff isn't viable.

Same. I've never seen anyone get pissed off at it, which differentiates it from most other examples :)

Google, Microsoft, Apple, Facebook, Amazon, or another one of the big software development companies could easily fork ffmpeg itself, fix the open CVEs, provide their own (likely incompatible) features, and become the new standard - leaving the original developers out in the cold. Google did this with Blink (forked from WebKit, which itself was forked from KHTML). They took a fork of a KDE backed project, put it into what is now the #1 browser in the world, allowed Microsoft, Opera, and others to then use it in their own browsers — and now Google owns the entire narrative and development direction for the engine (in parallel to, and controlled to a lesser extent by Apple which maintains WebKit). The original KHTML developers really couldn’t keep up, and stopped maintaining KHTML back in 2016 (with full deprecation in 2023).

That is the risk for the original developers here. You’re right in that there isn’t really anything out there that can do what ffmpeg does — but if the developers don’t keep up on CVEs then organizations are going to look for new maintainers — and a year or two from now everyone will be using the Google/Microsoft/Apple/Facebook renamed version of ffmpeg instead.

That’s the shitty truth of how these things work. We’ve seen these same actors do it before.

Yaz

Look — I’m a developer. I get it. I’m personally all for having organizations do more to support the OSS they rely on. But the people in the C-suite are more worried about organizational reputation and losing money to lawsuits. If a piece of software they rely on has a known critical CVE that allows for remote code execution and someone breaks in and steals customer data — that software either needs to be fixed, or it needs to be scrapped. Those are the choices. Our customers in the EU are allowed to request SBOMs of everything we use and pass it through their own security validation software — and if they find sev critical CVEs in software we’re using there is going to be hell to pay. And the people in the C-suite can’t abide that level of risk.

Most software development companies (outside some of the biggest ones) don’t really have the kind of expertise in house to supply patches to something as complex as ffmpeg. But a company like Google has the staff with sufficient experience in this area that they could fork the project, fix the issues, and redistribute it as their own solution to the problem — and now Google is driving ffmpeg development. Organizations that need a security-guaranteed version will simply switch to Google’s version, which will likely slowly become incompatible with the original. They’ve done it before — Chrome was Google’s fork of WebKit, huge swaths of users flocked to Chrome, and now Google has over the years made enough changes that their patches often aren’t compatible with WebKit (and, of course, WebKit itself did similar when they forked KHTML).

Now forking like this is great for the community, but it can be tough on individual developers who see their work co-opted and then sidelined by massive corporations. And that’s really why the ffmpeg developers need to be very careful about ignoring CVEs like this. They do so at their own peril, as anyone can fork their code, fix the issues, and slowly make it incompatible with the original. And a big enough organization can ensure they’re fork becomes the new standard, leaving the original developers out in the cold.

Yaz