Microsoft employee:
Hi, This is a high priority ticket and the FFmpeg version is currently used in a highly visible product in Microsoft. We have customers experience issues with Caption during Teams Live Event. Please help
Maintainer’s comment on twitter:
After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead.
This is unacceptable.
And further:
The lesson from the xz fiasco is that investments in maintenance and sustainability are unsexy and probably won’t get a middle manager their promotion but pay off a thousandfold over many years.
But try selling that to a bean counter
deleted by creator
Maybe OP didn’t share enough context, because this whole thing looks like a big over-reaction on their part.
- There’s no accusation of misusing the license, so they’re using it properly
- there’s a bug tracker, which they used for a bug report
- OP demanded money when there was no expectation of it
So what’s going on here? With the information given, Microsoft did what they should have and OP is acting the huge asshole
The rest of the tweets definitely don’t make him appear as less of a self-righteous ass.
This actually made me cringe:
Your weekly reminder that FFmpeg powers all online video - Youtube, Facebook, Instagram, Disney+, Netflix etc etc, all run FFmpeg underneath
I think what set them off was the MSFT guy saying “this is high priority”.
What, they just asked, they didn’t say they were entitled to it.
Maybe microsoft should try reinstalling windows.
Have they turned it off and on again?
Old issue, so why post it now make it sound like MS demands something?
Opened 11 months ago Last modified 11 months ago
It’s a regression, so ffmpeg should fix a regression.
What regression? It was a PEBKAC
Old issue, so why post it now make it sound like MS demands something?
I think it’s because of that recent security issue, and then the subject of corporations tithing into open source code efforts instead of just using it for freeish, that grew around the discussion of that security vulnerability.
11 months ago
deleted by creator
I don’t think people understood your joke. This thread is all about MS not reading docs or the comment by the guy helping them. Then you ask a date question like you didn’t even see the date on the tweet. Classic! Well done, but subtle.
deleted by creator
Because the developers tweeted about it today
deleted by creator
The tweet is from today. The ffmpeg team felt like it needed to be said.
Thanks for additional context. I don’t open Twitter links anymore because 3/4 of the time the link doesn’t work after Musk made changes
You can try to read through https://archive.today . It’s a site archiving site, it has a couple of tricks to evade such restrictions. Not the most private one… but better than visiting twitter directly.
I didn’t know that site worked for Twitter. I’ve just been using Nitter.
Yeah, me too, but lately Nitter almost never works :/
The Elon Musk of Twitter or the Elon Musk in the FFMPEG ticket?
Maybe Microsoft responded just now to their inquiry
Tell Copilot to fix it.
This is what new agentic AI looks like
I am confused. I realize this is just a flag change not even a dev problem but PEBKAC, still - in the event of an actual bug, why wouldn’t Microsoft have a dev contribute to the project and fix it instead of just opening a ticket?
deleted by creator
Filling an issue quickly is good etiquette. Then you can discuss in the ticket the best way to solve/work around.
The devs don’t take an issue with the ticket being filed. They’re irritated by one particular reply which sounds like “My million dollar product depends on this bug fix. Please do that for me”. MS isn’t offering a solution. They’re asking for one.
To be fair MS offers an amount for the fix. Most companies just bully the devs instead. However, I don’t think it’s quite fair (though legal) to offer one time payments for a core library that they use.
You assume MS is competent?
removed by mod
deleted by creator
lmao didn’t know Elon Musk is an ffmpeg maintainer
I wonder if it’s the real Elon Musk?
Wtf is a real elon musk? He is not elon musk of tesla. But is not uncommon for multiple people to have the same name.
Poor man it must be annoying to have to introduce yourself as “elon musk, no not that elon musk” all the time?
It’s just someone with the same name
If you look up Zied Aouina (issue creator), he’s a principal SWE at MS. Seems within his power to read the codebase and figure out his question if he claims he can’t find the documentation.
Good, tell leech corporations and specially Microsoft to fuck right off. Pay for it or do it yourselves.
Fucking suits. They don’t even care about the bottom-line, they just care about their own salary and benefits.
Pay for support or get fucked M$
Corporations treat free software as an endless pool of free resources to exploit, pollute, and then shut down.
Or try to take over like Redis
deleted by creator
Posted by Elon Musk. Hmm…
“A failure to plan on your part does not constitute an emergency on my part.” -Someone hopefully working on ffmpeg.
Does that go for the xz vulnerability too? Wasn’t it a Microsoft dev who discovered that?
In this case, it’s actually Microsofts fault. There is no bug in ffmpeg, Microsoft just didn’t properly use it
the xz vulnerability was done through a superflous dependency to systemd, xz was only the library that was abused to use systemd’s superflous dependency hell. sshd does not use xz, but systemd does depend on it. sshd does not need systemd, but it was attacked through its library dependency.
we should remove any pointless dependencies that can be found on a system to prevent such attacks in future by reducing dependency based attack vectors to a minimum.
also we should increase the overall level of privilege separation where systemd is a good bad example, just look at the init binary and its capability zoo.
The company who hired “the” systemd developer should IMHO start to really fix these issues !
so please hold your “$they have fixed it” back until the the root cause that made the xz dependency level attack possible in the first place has been really fixed =)
Of course pointing it out was good, but now the root cause should be fixed, not just a random symptom that happened to be the first visible atrack that used this attack vector introduced by systemd.
“A failure to plan on your part does not constitute an emergency on my part.”
Wow now that is a quote I’m going to steal. Wondering if “A failure to understand on your part does not constitute an emergency on my part.” has the same punch or is as relevant… anyway, thanks for sharing!
