of course i'm not qualified enough either, so if someone jia-tanned the source then i'd not be able to notice. but maybe going through the source code for even a super slim chance is better than running it blindly, isn't it? if thousands of people glance at the source code a bit, one of them might catch something.
the bento4 library i mentioned (for mp4 file manipulation when ffmpeg failed) seems to include its structs from their own headers in the crypto part which would probably make patching the codebase extremely painful. maybe the crypto part is needed, since it does decryption schemas that ffmpeg can't seem to handle?
either way i did replace it with gpac which as far as i know is completely filled with vulnerabilities (and that's why it got dropped from some distros) but it did the job at least (i ran it in a live session, lol)
the syntax is awful and instead of arguments it reads data from an xml file so i did a few wrappers for that.
generally feels like any tool that touches video is a hot mess and ffmpeg might be the most user-friendly of them.
arihi :bocchi_arch: :naima_padoru: :blobcatchristmastree: :ibrs2: :ene: :adorizz: :ruby_happy:
npub188…jglkl
2026-03-27 19:43:12 UTC
in reply to nevent1q…xclf
Author Public Key
npub1887fe0nagc0c5dctz6t7w70sd36k96zka4lcwga8lmfn97wct02qgjglklSeen on
wss://relay.momostr.pinkPublished at
2026-03-27 19:43:12 UTCEvent JSON
{
"id": "5857e44b4660a40decfe7802aa74d1fb65418b188f31797c01951b766ae28533",
"pubkey": "39fc9cbe7d461f8a370b1697e779f06c7562e856ed7f8723a7fed332f9d85bd4",
"created_at": 1774640592,
"kind": 1,
"tags": [
[
"e",
"ca3ba8352bbd5b4d2107070c2efd3fbe521b7db86734e8c3fd2d6076c4a0c696",
"",
"reply",
"8ab44a84fb757fea3c983e68a9bcc8e331fa49ed99cfcfd06a4499d542eae93c"
],
[
"p",
"8ab44a84fb757fea3c983e68a9bcc8e331fa49ed99cfcfd06a4499d542eae93c"
],
[
"p",
"39fc9cbe7d461f8a370b1697e779f06c7562e856ed7f8723a7fed332f9d85bd4"
],
[
"e",
"9d376ad824cb478dc1f614c6b073975f3bb7ddb8dcaed0be14709a037ee458b7",
"",
"root",
"39fc9cbe7d461f8a370b1697e779f06c7562e856ed7f8723a7fed332f9d85bd4"
],
[
"proxy",
"https://blackstar.cafe/objects/cb9afdcc-4f1a-4c00-99e8-ffa2e6747061",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://blackstar.cafe/objects/cb9afdcc-4f1a-4c00-99e8-ffa2e6747061",
"pink.momostr"
],
[
"-"
]
],
"content": "of course i'm not qualified enough either, so if someone jia-tanned the source then i'd not be able to notice. but maybe going through the source code for even a super slim chance is better than running it blindly, isn't it? if thousands of people glance at the source code a bit, one of them might catch something.\r\n\r\nthe bento4 library i mentioned (for mp4 file manipulation when ffmpeg failed) seems to include its structs from their own headers in the crypto part which would probably make patching the codebase extremely painful. maybe the crypto part is needed, since it does decryption schemas that ffmpeg can't seem to handle?\r\n\r\neither way i did replace it with gpac which as far as i know is completely filled with vulnerabilities (and that's why it got dropped from some distros) but it did the job at least (i ran it in a live session, lol)\r\nthe syntax is awful and instead of arguments it reads data from an xml file so i did a few wrappers for that.\r\n\r\ngenerally feels like any tool that touches video is a hot mess and ffmpeg might be the most user-friendly of them.",
"sig": "ce90a9d16f9468c13bbaa2b9ccbfbc39ee84e17909c707b2f1b9bc7496a6f8f23547116852d75d8cea220ba913a598d9968244813634002b98255dd0b61b32c6"
}