it's so funny to me how webp literally got a massive vulnerability in its library and people are still defending it over png and jpeg
daddy google is not going to notice you
@mavica_again Google sees all. They don't want the Big G to get annoyed and kill their only email address.
@drwho who knew that the path to world domination all along was free inboxes and a sensationalist hi-speed footage ad back in 2010
@mavica_again Can't say that was on my bingo card. Kind of the definition of soft power, right there.
@mavica_again I mean... there have been vulnerabilities in the past with other fairly common format stuff, such as PDF, don't libraries, etc. Not sure this is all that great of a position to take, cause a vulnerability in something like PNG would be 10x worse than one for webp even...
@southernwolf daddy google is not going to notice you
(not a vampire)
@mavica_again@computerfairi.es@southernwolf@furry.engineer it saves space on my service and ssl had its own vulns too in the past. its c's fault
The issue of the WebP vulnerability is far far more of a problem because WebP was a monoculture (primarily just libwebp), whereas because it’s so complex, there wasn’t any completely independent implementations, other than Google’s. Meanwhile for PDF, JPEG, GIF, etc, there’s a far more healthy variety of library options.
A vulnerability in just libwebp ended up affecting: nearly all modern web browsers, all recent Electron apps, many several to hundreds of desktop applications with WebP support (Telegram, LibreOffice, etc), and so much more.
@mavica_again to be fair, “there was a vulnerability in the reference implementation” isn’t necessarily a problem with the format itself. it’s more a knock on Google for programming libwebp in C, and seriously mismanaging the issue by reporting it exclusively in Chrome
but yeah webp as a format pales in comparison to jpeg-xl, and i’d even prefer png. the fact that it’s being adopted on the web before most of the software that works with images supports it, really annoys me.