MurmurCast
DiscussionInsightful

How controversy on Twitter/X helps solve problems | Lex Fridman Podcast

Lex Clips

Speakers from FFmpeg and VideoLAN discuss how social media controversy has been an effective tool for small open-source projects to get attention from large corporations like Google and Microsoft. They also celebrate the contributions of young and unpaid developers to these critical open-source projects. The conversation highlights the tension between genuine security research and performative CVE drama in the security community.

Summary

The conversation opens with an acknowledgment that provocative or 'spicy' tweets from FFmpeg and VideoLAN have produced tangible positive results, including increased donations and greater technical awareness of FFmpeg's importance. While donations still fall short of funding even a single full-time developer, the visibility gained through social media controversy has been meaningful.

A key example is shared about VLC on Android: for over a year, the team could not get anyone at Google to address a Play Store bug that was blocking VLC updates — a product used by roughly 100 million people. It was only after threatening to stop distributing VLC for Android via a public tweet that someone from Android finally engaged. A similar tactic was used with Microsoft regarding the Windows Store distribution of VLC. The speaker notes that despite VLC likely being one of the top 10 most-used applications on Windows, they have no formal ISV relationship or point of contact at Microsoft, unlike major companies such as Adobe or Spotify.

The discussion then shifts to celebrating contributors to these projects, with specific praise for Andreas Reinhardt and Anton Kern's work on refactoring FFmpeg.c with threading — a massive behind-the-scenes overhaul that doesn't change anything for end users but represents enormous engineering effort. The speakers push back on a dismissive tweet claiming 'a teenager is running the FFmpeg account,' countering that teenagers have written more assembly for FFmpeg than many Google engineers, and that there are no barriers to contributing to world-class open-source software.

Several young contributors are highlighted: Ruikai Peng, a 16-year-old whose early FFmpeg contributions found and fixed security issues without fanfare; Felix, one of VLC's oldest contributors who started at 16 and handles Mac and iOS; and Edward Wong, a 14-year-old Google Summer of Code participant who contributed significant assembly code. The speakers express admiration for contributors who fix issues quietly and quickly rather than staging public security drama, contrasting this with a portion of the security community that inflates CVE severity scores for self-promotion — citing an example of an issue in a development branch that was fixed within 3 days but could easily have been hyped as a high-priority vulnerability.

Key Insights

  • The VLC team couldn't get anyone at Google to address a Play Store bug blocking Android updates for over a year — despite having ~100 million users — until they publicly threatened to stop distributing VLC for Android on social media.
  • Despite VLC likely being one of the top 10 most-used applications on Windows, VideoLAN has no formal Microsoft ISV relationship or dedicated point of contact, unlike companies such as Adobe or Spotify.
  • The FFmpeg account pushed back on the claim that 'a teenager is running this account' by arguing that teenagers have written more assembly in FFmpeg than Google engineers, framing youth not as a disqualifier but as a point of pride.
  • Andreas Reinhardt and Anton Kern's refactoring of FFmpeg.c with threading is described as 'rebuilding the airplane while it's in the air' — a massive engineering undertaking that produces no visible change for end users but represents critical unpaid maintenance work.
  • A 16-year-old contributor, Ruikai Peng, found and fixed a security issue in FFmpeg within 3 days without filing a dramatic CVE, which the speakers contrast approvingly with security researchers who inflate severity scores on development-branch issues for self-promotion.

Topics

Social media as leverage for small open-source projectsFFmpeg and VideoLAN funding and awareness challengesYoung and volunteer contributors to open-source softwarePerformative CVE security drama vs. genuine security contributionsOpen-source projects' difficulty engaging large corporations like Google and Microsoft

Full transcript available for MurmurCast members

Sign Up to Access
View original source →

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.