I didn't say they don't need calibration.
I said they don't need calibration all the time.
Failure to connect to the cloud should not result in immediate device failure. Manual calibration steps should be possible. Or at least a message "cloud service unavailable, device will stop working in 48h" or similar.
I don't understand why people are willing to bootlick the company in this case. Cloud connected everything is cancer.
I mean, the data is easily googleable.
Me: Prison is not the answer to everything.
You: It is because (insert specific scenario).
Let me introduce you to the word "everything" and what it means.
This whole article is about how to STOP people from driving while drunk. I'm not hand wringing, I just don't think that prison is the only solution here.
Because prison is not the answer to everything for fuck's sake.
Sure, in this case we can say "fuck you" to drunk drivers and the don't deserve sympathy, but this everything must be cloud connected trend is going to fuck us all eventually.
The problem is that the above sentence requires a person to be able to hold two thoughts in their head at the same time, which appears to be above almost everyone commenting in this thread.
Drinking and driving is not cool.
Making a device that could and should operate locally rely on a cloud service is also not cool. Breathalyzers have been around for decades, and do not need calibration all the time.
Sure, in this case we can say "fuck you" to drunk drivers, but this everything must be cloud connected trend is going to fuck us all eventually.
That's some optimism you have, asking people to think before posting.
That's a cheap low IQ tactic. I don't need to have a fully formed alternative politico-economic system, ready to deploy tomorrow, in order to critique this one aspect of the existing system.
Alternatively (and I understand that this is unintelligible to Americans), I have a social conscience, and socioeconomic structures that exacerbate the already destructive and divisive civilisational landscape that we are currently suffering with bother me. I want my fellow humans to live in a world characterised by justice, fairness, compassion, and kindness.
For whatever it's worth, I have an MBA and I own two successful businesses. But if it makes you feel better telling yourself that I'm just a barefoot hippy railing against the establishment, go right ahead.
No, it's not. Some shit in society is so unredeemably depraved that excising the cancer is the only meaningful solution.
It's fundamentalist capitalist bullshit that the fuckery in Wall St is somehow a necessary component for our way of life. Fuck that, and fuck you.
This is the internet.
Link please.
Google, Microsoft, Apple, Facebook, Amazon, or another one of the big software development companies could easily fork ffmpeg itself, fix the open CVEs, provide their own (likely incompatible) features, and become the new standard - leaving the original developers out in the cold. Google did this with Blink (forked from WebKit, which itself was forked from KHTML). They took a fork of a KDE backed project, put it into what is now the #1 browser in the world, allowed Microsoft, Opera, and others to then use it in their own browsers — and now Google owns the entire narrative and development direction for the engine (in parallel to, and controlled to a lesser extent by Apple which maintains WebKit). The original KHTML developers really couldn’t keep up, and stopped maintaining KHTML back in 2016 (with full deprecation in 2023).
That is the risk for the original developers here. You’re right in that there isn’t really anything out there that can do what ffmpeg does — but if the developers don’t keep up on CVEs then organizations are going to look for new maintainers — and a year or two from now everyone will be using the Google/Microsoft/Apple/Facebook renamed version of ffmpeg instead.
That’s the shitty truth of how these things work. We’ve seen these same actors do it before.
Yaz
Look — I’m a developer. I get it. I’m personally all for having organizations do more to support the OSS they rely on. But the people in the C-suite are more worried about organizational reputation and losing money to lawsuits. If a piece of software they rely on has a known critical CVE that allows for remote code execution and someone breaks in and steals customer data — that software either needs to be fixed, or it needs to be scrapped. Those are the choices. Our customers in the EU are allowed to request SBOMs of everything we use and pass it through their own security validation software — and if they find sev critical CVEs in software we’re using there is going to be hell to pay. And the people in the C-suite can’t abide that level of risk.
Most software development companies (outside some of the biggest ones) don’t really have the kind of expertise in house to supply patches to something as complex as ffmpeg. But a company like Google has the staff with sufficient experience in this area that they could fork the project, fix the issues, and redistribute it as their own solution to the problem — and now Google is driving ffmpeg development. Organizations that need a security-guaranteed version will simply switch to Google’s version, which will likely slowly become incompatible with the original. They’ve done it before — Chrome was Google’s fork of WebKit, huge swaths of users flocked to Chrome, and now Google has over the years made enough changes that their patches often aren’t compatible with WebKit (and, of course, WebKit itself did similar when they forked KHTML).
Now forking like this is great for the community, but it can be tough on individual developers who see their work co-opted and then sidelined by massive corporations. And that’s really why the ffmpeg developers need to be very careful about ignoring CVEs like this. They do so at their own peril, as anyone can fork their code, fix the issues, and slowly make it incompatible with the original. And a big enough organization can ensure they’re fork becomes the new standard, leaving the original developers out in the cold.
Yaz
BLISS is ignorance.
