Post Azw29JgvhfFVgnHg7U by SuperDicq@minidisc.tokyo
(DIR) More posts by SuperDicq@minidisc.tokyo
(DIR) Post #Azvrmq6q0dJ81t2u9o by SuperDicq@minidisc.tokyo
2025-11-05T10:22:07.987Z
7 likes, 3 repeats
Self awareness zero
(DIR) Post #AzvrsFCm8C6lJJOsQC by twinspin6@outerheaven.club
2025-11-05T10:23:01.750936Z
1 likes, 0 repeats
@SuperDicq whathow do you find flaws in code if you can't code
(DIR) Post #AzvsDklG08jfGGmjjc by SuperDicq@minidisc.tokyo
2025-11-05T10:26:59.830Z
6 likes, 1 repeats
@twinspin6@outerheaven.club Good security researchers probably can code, but from my personal experience the entire infosec community is full of clout chasers who all wanna be the one who finds the next big vulnerability instead of actually fixing anything.
(DIR) Post #AzvsMWE5PZRAmvRvYe by SuperDicq@minidisc.tokyo
2025-11-05T10:28:35.533Z
1 likes, 0 repeats
@twinspin6@outerheaven.club They also really like telling actual programmers how to do their job and what tools/languages they should be using, without having much experience doing much programming themselves.
(DIR) Post #AzvsQI7RnrAKC68vhI by twinspin6@outerheaven.club
2025-11-05T10:29:11.017263Z
0 likes, 0 repeats
@SuperDicq no more C it's insecure :p
(DIR) Post #AzvsRlc5d6kNxUBBaq by phnt@fluffytail.org
2025-11-05T10:29:33.515143Z
3 likes, 3 repeats
@SuperDicq They should rewrite it in Rust.ffmpeg-outdated-rust.jpg
(DIR) Post #AzvsdnZOBJqZV8eYxE by SuperDicq@minidisc.tokyo
2025-11-05T10:31:42.431Z
5 likes, 2 repeats
@phnt@fluffytail.org Honestly whoever is running the ffmpeg twitter account is doing a good job.
(DIR) Post #AzvsrJjHvLgr0VjIjA by mirage@ryona.agency
2025-11-05T10:34:11.741752Z
4 likes, 1 repeats
@SuperDicq An important thing to always keep in mind is that when someone on Twitter boasts about being a security researcher they probably have not have done anything beyond installing an X-Ray texture pack to cheat in Minecraft.
(DIR) Post #Azvsxgh9S3gPyGlfjk by SuperDicq@minidisc.tokyo
2025-11-05T10:35:16.097Z
2 likes, 0 repeats
@twinspin6@outerheaven.club Just don't mention that the equivalent "memory safe" code is 4 times slower.
(DIR) Post #Azvt5wQsp6tL655uSm by phnt@fluffytail.org
2025-11-05T10:36:48.800457Z
1 likes, 1 repeats
@SuperDicq As expected, you can't beat properly written hand-optimized inline assembly.
(DIR) Post #AzvtRX3RrIkwl9QbKq by SuperDicq@minidisc.tokyo
2025-11-05T10:40:42.227Z
0 likes, 0 repeats
@phnt@fluffytail.org Dav1d is actually almost exclusively written in asm. It contains more asm than C. It's an insanely efficient decoder.
(DIR) Post #AzvtdoSwwwKOEcDDEm by sofia@bottom.business
2025-11-05T10:40:55.756Z
0 likes, 0 repeats
@SuperDicq@minidisc.tokyo @twinspin6@outerheaven.club i mean, that's like complaining that a pharmaceutical researcher doesn't know how to run a drug manufacturing plant lol, they're just different jobsResearch vs engineering roles being separate is ubiquitous across industries
(DIR) Post #Azvtdpr5mfEYXmW0VU by SuperDicq@minidisc.tokyo
2025-11-05T10:42:45.184Z
1 likes, 0 repeats
@sofia@bottom.business @twinspin6@outerheaven.club Nobody is expecting security researchers to architect a new software system from scratch like an engineer.But if you're smart enough to find security issues, you can definitely write a 10-line patch file.
(DIR) Post #AzvvictJbyYjgzy24G by mangeurdenuage@shitposter.world
2025-11-05T11:06:14.059399Z
0 likes, 1 repeats
@SuperDicq @twinspin6 And besides that, the cognitive dissonance in it portrays the community as a circus for the people who aren't tech illiterate.
(DIR) Post #AzvvjsyJJGtvr4u7gO by mangeurdenuage@shitposter.world
2025-11-05T11:06:27.675732Z
0 likes, 1 repeats
@SuperDicq @twinspin6 Don't you like rust ?
(DIR) Post #AzvwH0mzGYIJelP5CS by mangeurdenuage@shitposter.world
2025-11-05T11:12:26.578995Z
1 likes, 1 repeats
@SuperDicq @twinspin6 That and the the tool chain of the "safer" language has a larger surface attack area aside being obscure and requires more strange dependencies and if you dare want to compile that from scratch instead of using the 100% safe :nintendo_seal: binaries then you're turbo hitler.
(DIR) Post #AzvwJ7O1hxAMhHjUyu by mangeurdenuage@shitposter.world
2025-11-05T11:12:49.890058Z
0 likes, 1 repeats
@SuperDicq @twinspin6 I say that but that ways like 2 or more years ago, maybe it has changed.
(DIR) Post #AzvwWHeCrwxgHlZwUS by mangeurdenuage@shitposter.world
2025-11-05T11:15:12.490930Z
2 likes, 1 repeats
@SuperDicq @twinspin6 And lets not forget the myriad of very strange projects that wants to upgrade GNU software by replacing it with rust code but instead of contributing to it they just start a new project with a permissive/corporate license.
(DIR) Post #Azvzw0EuVvYpgfhb2u by SuperDicq@minidisc.tokyo
2025-11-05T11:53:23.960Z
2 likes, 0 repeats
@mangeurdenuage@shitposter.world @twinspin6@outerheaven.club No, I don't like like Rust.I have actually tried writing Rust at some point and I find the syntax quite cumbersome. I am also not very fond its package manager Cargo. And I especially don't like that if you want to do literally anything with a C library, which is of course very common if you want to write a useful program, you have to wrap almost everything in unsafe { } blocks which really defeats the purpose of Rust in the first place.Rust also has various issues and limitations with reproducible builds, something GNU C already fixed in the 90s. Let's hope gccrs actually delivers.And on top of that the Rust Foundation is a terrible organization in the way they enforce their trademarks and things like that.
(DIR) Post #Azw02t5RVQhfWxYZ4S by Reiddragon@fedi.reimu.info
2025-11-05T11:07:06.263963Z
0 likes, 0 repeats
@SuperDicq how tf does a security researcher even isolate a bug without having at least a basic understanding of programming and the codebase they're analyzing for exploits? And when you know exactly what the issue is, you usually know how to fix italso, calling ffmpeg "broken-ass shitty code" when the world's multimedia infrastructure is built on it... this is someone who just wants to be edgy for the sake of it
(DIR) Post #Azw02u7FgBkEirPWWu by SuperDicq@minidisc.tokyo
2025-11-05T11:54:37.942Z
0 likes, 0 repeats
@Reiddragon@fedi.reimu.info It's very easy to call someone else's gigantic project used by the entire world "broken-ass shitty code" while you have no experience running any sort of project at this scale.
(DIR) Post #Azw08l647pU4UIeCZs by xyfdi@gameliberty.club
2025-11-05T11:55:45Z
0 likes, 0 repeats
@SuperDicq From the /g/ telegram group.
(DIR) Post #Azw0L6tSuYY5Z2dxHk by amerika@annihilation.social
2025-11-05T11:57:59.832636Z
0 likes, 1 repeats
@SuperDicq @phnt Rust has no advantages over C except that it is easier to teach H-1Bs how to write safe code.
(DIR) Post #Azw0bO7AeS2fbjoeES by phnt@fluffytail.org
2025-11-05T12:00:56.040974Z
1 likes, 1 repeats
@amerika @SuperDicq It isn't, the language is horrible syntax-wise. It's like if you took C++ and Haskell, they had a baby and the baby's uncle was Erlang.I do get Rust in security related contexts like cryptography, but the problem is that those people don't like Rust, because it's too heavy for what they want and too unportable for their liking.
(DIR) Post #Azw0u8iE8o7jLA5eJk by dngrs@chaos.social
2025-11-05T11:08:41Z
0 likes, 0 repeats
@SuperDicq @phnt in fairness the 35% slower was for the initial release, no? There's been a lot of progress https://ohadravid.github.io/posts/2025-05-rav1d-faster/
(DIR) Post #Azw0u9w5ako38RaEYy by SuperDicq@minidisc.tokyo
2025-11-05T12:04:15.145Z
1 likes, 0 repeats
@dngrs@chaos.social @phnt@fluffytail.org I mean it's still kind of pointless in my opinion considering that the project is about 80% assembly anyways.And nobody wants their video decoder to be slower by any percentage. Nobody is going to say "I want the slower version, because I care about memory safety". Literally nobody except Rust nerds.Most people don't even know what that means and just want the faster software.
(DIR) Post #Azw0vR8v6P0gn7C61w by amerika@annihilation.social
2025-11-05T12:04:33.953278Z
0 likes, 1 repeats
@phnt @SuperDicq The advantage of C is that it is relatively close to assembly in terms of how it thinks about things.I suggest to humanity that we simply become better at writing C and build up huge libraries of code for reference.Sort of like CPAN, but for other languages.
(DIR) Post #Azw1pJR6wToF6eLXJA by SuperDicq@minidisc.tokyo
2025-11-05T12:14:37.498Z
2 likes, 0 repeats
@mangeurdenuage@shitposter.world @twinspin6@outerheaven.club If you want to write useful programs without obscure dependencies you will most likely be calling C libraries in Rust anyway. I'm talking about very common stuff that almost any program uses here, such as libssl, curlib, opengl, sdl2, etc.Using any of these you are wrapping your code in unsafe { } blocks, making the use of Rust pointless to begin with.
(DIR) Post #Azw29JgvhfFVgnHg7U by SuperDicq@minidisc.tokyo
2025-11-05T12:18:14.390Z
1 likes, 0 repeats
@mangeurdenuage@shitposter.world @twinspin6@outerheaven.club Yes, that's also not a good thing because that's copyleft erasure. But fortunately the GNU system is very mature and these projects will often not live up to the same quality that people are used to.
(DIR) Post #Azw2SWDhLYXQ31lePQ by mangeurdenuage@shitposter.world
2025-11-05T12:21:45.546802Z
0 likes, 1 repeats
@SuperDicq @twinspin6 >But fortunately the GNU system is very mature and these projects will often not live up to the same quality that people are used to.As much it's correct, never underestimate opposition that has unlimited amount of funds and just considers it's only a matter of time for them to be successful because they don't care about solving problems for others but how much market share they posses.
(DIR) Post #Azw3X8xvKjUJKN9sqe by SuperDicq@minidisc.tokyo
2025-11-05T12:33:45.060Z
0 likes, 0 repeats
@mangeurdenuage@shitposter.world @twinspin6@outerheaven.club Also thing that is maybe a little bit off topic.I am not a fan of software that tries to hold your hand and is very restrictive in what you can and can't do. Software designed by cool people just let's you do really stupid things like "sure, whatever kiddo". This is what makes hacking fun.I also fucking love dynamically typed languages. Stuff like PHP and Python are my bread and butter. Yes these languages have strict typing systems too, but only if you want to use them and make your life as a programmer more annoying, it's all optional.I really fucking love abusing insane shit that probably makes strict type enthusiasts cry like comparing two strings that contain dates without converting them to DateTime first because they are in ISO8601 and that shit just happens to work because the interpreter also just happens to see the date that is actually a string as an integer and compares those.
(DIR) Post #Azw4EYY85YOV7vnIO0 by sun@shitposter.world
2025-11-05T12:41:37.626287Z
1 likes, 1 repeats
@Reiddragon @SuperDicq it's standard operating procedure to run ffmpeg jailed/isolated for user supplied content because it's vulnerable to untrusted input exploits
(DIR) Post #Azw5Ej6mvk65pTeOTg by dngrs@chaos.social
2025-11-05T12:48:27Z
0 likes, 0 repeats
@SuperDicq I don't think it's a universally true statement that memory safety is only something for "Rust nerds"; image/video decoding can be a pretty juicy attack vector (cf LogoFail or the various issues Apple had over the years). Of course all bets are off once you're in ASM land, but reducing attack surfaces does have value.
(DIR) Post #Azw5EjtM1AwgG6NBB2 by SuperDicq@minidisc.tokyo
2025-11-05T12:52:48.532Z
0 likes, 0 repeats
@dngrs@chaos.social Go and try to ask a normie if they would rather want "memory safety" or if they want their phone battery to last 20% longer while watching videos.
(DIR) Post #Azw7PbUJnrTPHwyG5g by Suiseiseki@freesoftwareextremist.com
2025-11-05T13:17:13.675952Z
1 likes, 0 repeats
@SuperDicq @twinspin6 Especially don't mention that rust forces you to write at least 4 times the lines to do the same thing in C and that the error rate increases exponentially with each added syntactical token and that most bugs are logic bugs, not memory bugs.Almost all of the logic bugs have been worked out of extensively developed GNU C programs - with only a few memory bugs to be fixed.
(DIR) Post #Azw92QlThoQzHM4jC4 by dngrs@chaos.social
2025-11-05T13:31:37Z
0 likes, 0 repeats
@SuperDicq 1. normies aren't security experts. Why should I consult them on security matters? 2. phones do video decoding in hardware 3. we probably agree that when given a tradeoff of performance vs. security, security isn't *always* the correct choice, e.g. I'm not very happy with the amount of spectre etc mitigations; my personal threat model would prefer to have those disabled4. 20% isn't an accurate figure, but of course ideally the RIIR impl isn't slower at all. I think it's doable.
(DIR) Post #Azw92S78glM5SpDXay by SuperDicq@minidisc.tokyo
2025-11-05T13:35:24.984Z
0 likes, 0 repeats
@dngrs@chaos.social I know that's not video decoding and power consumption works, but I'm just making up a hypothetical scenario that does accurately describe my personal opinions on most of those pointless "I rewrote it in Rust" projects.
(DIR) Post #AzxKx005BHedQl2i3s by jeffcliff@shitposter.world
2025-11-06T03:23:39.672920Z
0 likes, 1 repeats
@twinspin6 @SuperDicq fuzzer go bzzzzzz