it is because security researchers are mostly not-developers. why should we have to fix your fucking broken-ass shitty code?
FFmpeg
 @FFmpeg
Nov 4
It's interesting how the security "research" community is happy to write the most ruthless things when they find security flaws. But get upset when called out about sending patches to volunteer projects like FFmpeg (or libxml2)

Nov 4, 2025 · 5:27 AM UTC

70
2
22
134
Replying to @evildojo666
Why exactly does that "fucking broken-ass shitty code" need to be fixed?
1
34
i have no idea but you've clearly missed the point of the post
1
1
more replies
Replying to @evildojo666
Because it's OSS and if you have time to complain about "shitty" code you have time to open PRs You are owed nothing and complain about what is being given out for free. Does that even register?
1
2
185
who says i'm complaining?
1
1
more replies
Replying to @evildojo666
Toxic.
1
129
Why? Because I said fucking and ass? Remove the words, point still remains
3
14
more replies
Replying to @evildojo666
You should totally sue them for breaching the contract and costing you money!!! You did sign a support contract with them right???
1
111
the fuck are you talking about dipshit?
2
3
more replies
Replying to @evildojo666
The people who think the security engineer doesn't know code because he doesn't want to make a patch for a complex system that he doesn't know are showing that they are projecting. lmao.
1
67
A lot of people either can't read or are jumping to conclusions based on the responses to my statement. Never did I imply that researchers don't know code.
1
7
more replies
Replying to @evildojo666
"your movie sucks. what? me make a movie? you've got to be fucking kidding me." maybe? idk. at the very least, you could try to help out more... see a mess, clean it up, kind of a thing? idk, i don't know much about this drama...
1
1
That's not how it works
Replying to @evildojo666
FFmpeg is written by volunteers
15
7
5
923
Replying to @evildojo666
How do you find vulnerability, if you can’t read/write code? If you understand vulnerability, you should be able to fix it
3
1
1
174
Replying to @evildojo666
And what do you do, when they (FFmpeg volunteers) do not patch it? Will you scream more? Will you send them to court? Will you cry? What about to mobilize your ass and help as a volunteer too?
2
1
117
Replying to @evildojo666
>security “researcher” >cant code >cant develop
1
4
2
101
GIF
Replying to @evildojo666
then remove "programmer" from your profile, dipshit
2
1
1
91
Replying to @evildojo666
Don’t know that I would trust a security researcher who doesn’t know code…
1
62
Replying to @evildojo666
This is like going to a stranger’s house and every day yelling at him that it is easy to break into his house and he should buy better bricks, better doors, and security cameras, etc., because you think your advice is of more value than the house which he enjoys. This is simply tooting your own horn all the time. Go build your own house - or fork his house - with a more reduced attack surface or simply leave him alone.
3
2
60
Replying to @evildojo666
How can you be a security researcher reporting CVEs and not know how to code?
1
1
39
Replying to @evildojo666
Take a step back and consider the human factor. Why does CVE process usually work? A business wants to stay in business. It will fix the issue. A volunteer project, depending on the fun factor to thrive? You drive out volunteers, the project dies unfixed, everybody loses.
1
36
Replying to @evildojo666
Well it’s you who is uncomfortable here, trying to enforce action on others. It’s opensource, so the code belongs to everyone. It’s not socialism, but it feels like if people provide their work to the world for free, nobody really acknowledge what they receive until they loose it. Free work is slavery. Maintaining the project is a lot of work. Nobody in internet is owing you nothing. Chill out.
2
1
30
Replying to @evildojo666
show us your "not-shitty" code then
25
Replying to @evildojo666
Don't use it then if it's so bad.
1
19
Replying to @evildojo666
If you’re not a developer how do you know how broken and shitty it is? Bugs and vulnerabilities aren’t always as straightforward as “program bad”
15
Replying to @evildojo666
Security researchers do what they want, user of FFmpeg use it knowing this « To protect each distributor, we want to make it very clear that there is no warranty for the free library. » opensource.org/license/lgpl-… Not clear enough ?

GNU Lesser General Public License version 2.1

Copyright (C) 1991, 1999 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document,…

opensource.org
1
14
Replying to @evildojo666
I love how security "researchers" think their job is the most important.
1
13
Replying to @evildojo666
"security researchers are mostly not-developers" but can identify "broken-ass shitty code" All of you are fucking whiny little babies, pretending to be fucking Ethan Hunt, when you admit you can't even write a fucking patch!? Literally brain dead.
2
1
8
Load more