Originally posted by Anux
View Post
Announcement
Collapse
No announcement yet.
Fwupd Switches From XZ To Zstd Compression: More Trust & Slightly Better Performance
Collapse
X
-
-
Originally posted by piotrj3 View PostWould i trust ZSTD over random maintainer with unknown indentity, probably from China who only exist in project a little over 2 years? Yes for sure.
What if that person had proven indentity? Like you know attended conferences etc. - That i could debate.
Seriously biggest trust has creator of LZMA Igor Pavlov, but linux world decided to fork from him long time ago. You know guy only thanklessly maintained project for 25 years and made certain companies like WinRAR a joke.
- Likes 1
Comment
-
I would assume many projects are going to switch to zstd. The reason has been discussed many times before, but due to this latest exploit, people are finally paying attention. It's called the Nebraska problem: https://www.explainxkcd.com/wiki/ind...47:_Dependency
Comment
-
Originally posted by Robust0522 View PostIt's a sad story. Lasse Collin developed and maintained Xz as an open source compression tool for well over a decade until mental health issues set in. His reward is to be remembered as the guy who allowed a malicious actor to introduce a backdoor into the software which could easily not have been caught. Not a great advertisement for being an open source maintainer.
it can happen to anyone because software code is complex and you can use complexity to perform obfuscation...
ok you will never change your mind about that but Lasse Collin is innocent always remember this.Phantom circuit Sequence Reducer Dyslexia
Comment
-
Originally posted by qarium View Post
you surly do understand that this could happen to anyone even to people who clearly have no mental health issues and who surly would never allow malicious actors to do something like this.
it can happen to anyone because software code is complex and you can use complexity to perform obfuscation...
ok you will never change your mind about that but Lasse Collin is innocent always remember this.
My point was simply that being an open source maintainer is in the majority of cases, a rotten deal. These stories of burnout and mental health are extremely common; a great proportion of projects, including those relied on by the most profitable organisations on the planet, are maintained for free by a single person.
Lasse Collin is indeed innocent, but the fact is that people will remember this incident and not the decade of work and stewardship over a widely used open source project. That's the sad reality.
For open source to truly thrive, we need to transition to a culture in which people feel obligated to give back to those projects which have helped them (and who can give). While there are individuals who definitely feel that way, I would say the culture as a whole, both on the personal and corporate side, is moving in the opposite direction.
Comment
-
Originally posted by Draget View Post
You are a despicable and pitiful being.
Throwing a dedicated, talented and struggling developer together with a malicious, year-long planned, targeted and potentially state-actor based attack is not only wrong, but also obnoxious fud.
(I agree with Theo on that one: https://www.youtube.com/watch?v=0pT-dWpmwhA)
That being said, it is nice to see zstd adoption.
Comment
-
Originally posted by piotrj3 View PostI actually tested 7za (23.01 version from opensuse repository) vs xz-utils downgraded from default repository.
I compressed some old thing i had soapui 5.7.0 around, installed as entire directory, tarred and after compressed with 7za and with xz. Both create .xz format.
Compression size at -mx9 (or -9 in case of xz) is pretty much indentical (I assume 7za does a little bigger alligment, but size difference is 0.0023% of one to another, so negligable, and few more compression tests shown same thing size is not the same but almost exactly the same).
Biggest difference is performance. At same amount of threads used, 7za heavly outperforms xz.
time xz -z -k -9 -T16 soap.tar
real 0m52.695s
user 1m29.057s
sys 0m0.410s
time 7za a -txz -mx=9 -m0=lzma2 soap.xz soap.tar
(some 7za verbose stuff, it said it used 16threads automatically)
real 0m29.788s
user 0m53.919s
sys 0m0.609s
I compared few more other stuff bigger and smaller and stuff that don't compress well (like mp4 file) and same thing happens, size is pretty much the same, while 7za heavly outperform xz speedwise.
Another test took xz-utils compressed soap.tar.xz file (not 7za).
And told both to decompress.
time xz -d -k -T16 soapold.tar.xz
real 0m3.001s
user 0m5.642s
sys 0m0.271s
time 7za x soapold.tar.xz
(some verbose stuff from 7za)
real 0m1.736s
user 0m2.908s
sys 0m0.240s
Literally i don't see a reason to use xz-utils on linux.
Edit added ZSTD:
time zstd -T16 --ultra -22 soap.tar -o archive.tar.zst
real 1m28.745s
user 1m28.471s
sys 0m0.460s
time zstd -d archive.tar.zst -o archive.tar
real 0m0.269s
user 0m0.264s
sys 0m0.147s
Overall sizes:
315023360 soap.tar
158759424 soapold.tar.xz (from xz utils)
158763196 soap7z.xz (7za doing xz archive on tar)
162068083 archive.tar.zst
Of course zstd decompression speed is unmatched, but 7za's 50-100% performance gain relative to xz-utils is literally for free to take around, and on top of that free from backdoors and having actual maintainer.
zstd is also nice of course. but with your data i would say no one should use xz anymore and use 7za instead.Phantom circuit Sequence Reducer Dyslexia
Comment
Comment