• IronKrill@lemmy.ca
    link
    fedilink
    arrow-up
    47
    arrow-down
    1
    ·
    edit-2
    1 year ago

    The problem is rather the opposite of the meme. The file format is fine, but there is so little effort into making it happen.

    If we were trying then I should be able to upload webp images everywhere. The most egregious is websites that will convert jpg and png uploads to webp but don’t allow webp upload.

    • Wilzax@lemmy.world
      link
      fedilink
      arrow-up
      10
      arrow-down
      6
      ·
      1 year ago

      webp isn’t fine, it has a ton of vulnerabilities because it’s not a safe file format. It gets to do too much and it’s insecure for that reason. That’s why you can’t upload your own webp but conversion to it is fine

      • carpelbridgesyndrome
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        4
        ·
        1 year ago

        The format is fine. The rate of bugs in image parsing code in general is alarming but that is true of just about all the formats.

      • UnderpantsWeevil@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        3
        ·
        1 year ago

        it has a ton of vulnerabilities because it’s not a safe file format

        Its a high compression image file, ffs. If someone sends you a 10 mb .webp file, that should be setting off alarm bells right off the bat. Even then, I have to ask what the hell your Windows Viewer app thinks it should be allowed to do with the file shy of rendering it into pixels on the screen.

        • propaganja@lemmy.ml
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          I mean, it sounds like you’re saying, “I don’t know how it can be dangerous, therefore it’s not dangerous.”

          • UnderpantsWeevil@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            All I’m hearing is that “its not safe” without further details. And given the utility relative to .jpeg, I’d like more on the table than just “Don’t do it! Unsafe!”

            • propaganja@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I agree the claim requires more evidence and it would be foolish to just take it at face value, but even if my intuition told me it was intrinsically safe I wouldn’t place any degree of trust in my own logical conclusions, or discount someone else’s warnings, however spurious.

              The burden of proof should never be on the accuser when it comes to safety, in my opinion, or anything else of public concern. And the standard of proof should be higher to show that everything’s ok than to show that it’s not. At least in an ideal world.

              • UnderpantsWeevil@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                I wouldn’t place any degree of trust in my own logical conclusions

                Okay, but then why use .jpeg?

                The burden of proof should never be on the accuser when it comes to safety

                How does the .webp protocol demonstrate itself at least as safe as any other standard format? There’s no established safety standard for image protocols that I’m aware of.