dav2d is the fastest AV2 decoder on all platforms :)
Targeted to be small, portable and very fast.
If you're out of the loop like me:
AV2 is the next-generation video coding specification from the Alliance for Open Media (AOMedia). Building on the foundation of AV1, AV2 is engineered to provide superior compression efficiency, enabling high-quality video delivery at significantly lower bitrates. It is optimized for the evolving demands of streaming, broadcasting, and real-time video conferencing.
They've done the same thing with AV1, and I can't see that having prevented adoption, nor can I imagine Sisvel wanting to poke the bear that is AOMedia unless they're certain their case is absolutely watertight.
I see zero public evidence that they've filed any lawsuits against the members of AOM in any jurisdiction. I'm sure there's been a lot of threatening letters sent...
Yup. The Dolby/Disney vs Snapchat lawsuit is going to be the first one. So far it's only been filed.
The big question is if AOMedia is going to make good on their Mutually Assured Destruction promise of using their patent and financial war chest to to countersue into oblivion anyone trying to go after AV1 adaptors.
Same, which is what makes it seem to me that that case is absolutely not watertight. Those patents are probably all about esoteric minutiae (to be fair, that's because that's what it takes to make a better video codec these days) and everything and anything that can seemingly be connected to AV2 (or AV1 for that matter), many of which have only gotten a patent because the person approving it only barely understands what it's saying.
We need a more efficient way to eliminate bullshit patents or bullshit patent infringement claims than "violate them then spend millions on lawyers to fight them in court".
Sisvel is a patent troll. Take a look at the combined list of all companies that are the AOM and tell me with a straight face that all of their corporate in house counsel specializing in intellectual property law are wrong.
I don't know this stuff super well but I imagine it's not necessarily about the lawyers being right or wrong so much as what they can convince people of. The ideal scenario for the patent troll is they can intimidate you into licensing with them. Another good outcome for them (though more costly) is they can convince some non-expert in court. In either case the big players behind the codec can defend themselves but a small one just picking it up downstream as OSS can't.
Not on topic, but wow the internet has very quickly devolved into: click -> "making sure you're not a bot", click -> "making sure you're a human", click -> "COOKIES COOKIES COOKIES", click -> "cloudflare something something"
Maybe I’m naive about this, but I didn’t expect AI scrapers to be that big of a load? I mean, it’s not that they need to scrape the same at 1000+ QPS, and even then I wouldn’t expect them to download all media and images either?
What am I missing that explains the gap between this and “constant DDoS” of the site?
You cant really cache the dynamic content produced by the forges like Gitlab and, say, web forums like phpbb. So it means every request gets through the slow path. Media/JS is of course cached on the edge, so it's not an issue.
Even when the amount of AI requests isnt that high - generally it's in hundreds per second tops for our services combined - that's still a load that causes issues for legitimate users/developers. We've seen it grow from somewhat reasonable to pretty much being 99% of responses we serve.
Can it be solved by throwing more hardware at the problem? Sure. But it's not sustainable, and the reasonable approach in our case is to filter off the parasitic traffic.
You kind of can though. You serve cached assets and then use JavaScript to modify it for the individual user. The specific user actions can't be cached, but the rest of it can.
They are a scourge, they never rate-limit themselves, there are a hundred of them, and a significant number don’t respect robots.txt. Many of them also end up our meta:no-index,no-follow search pages leading to cost overruns on our Algolia usage. We spend way too much time adjusting WAF and other bot-controls than we should have.
- AI scrapers will pull a bunch of docs from many sites in parallel (so instead of a human request where someone picks a single Google result, it hits a bunch of sites)
- AI will crawl the site looking for the correct answer which may hit a handful of pages
- AI sends requests in quick succession (big bursts instead of small trickle over longer time)
- Personal assistants may crawl the site repeatedly scraping everything (we saw a fair bit of this at work, they announced themselves with user agents)
- At work (b2b SaaS webapp) we also found that the personal assistant variety tended to hammer really computationally expensive data export and reporting endpoints generally without filters. While our app technically supported it, it was very inorganic traffic
That said, I don't think the solution is blanket blocks. Really it's exposing sites are poorly optimized for emerging technology.
I highly doubt there is no other technically feasible option to block the AI bots.
You end up blocking not just bots, but many humans too. When I clicked on the link and the bot block came up, I just clicked back.
I think HN posts should have warnings when the site blocks you from seeing it until you somehow, maybe, prove you are human.
I'm sure there are many solutions for many problems, but expecting a small Foss development team to know or implement them all is rather unreasonable.
I think the world gains more if the VLAN team focuses on their amazing, free contribution to the world, than if they spend the same time trying to figure out how to save you two clicks.
We all hate that this is happening, but you don't need to attack everyone that is unfortunately caught up in it.
> I highly doubt there is no other technically feasible option to block the AI bots.
If you have discovered such an option, you could get very wealthy: minimizing friction for humans in e-commerce is valuable. If you're a drive-by critic not vested in the project, then yours is an instance of talk being cheap.
First off, don't block the first connection of the day from a given IP. Rate limit/block from there, for example how sshguard does it.
I've seen several posts on HN and elsewhere showing many bots can be fingerprinted and blocked based on HTTP headers and TLS.
For the bots that perfectly match the fingerprint of an interactive browser and don't trigger rate limits, use hidden links to tarpits and zip bombs. Many of these have been discussed on HN. Here's the first one that came to memory:
https://news.ycombinator.com/item?id=42725147
> its citizens that act selfishly and in bad faith will slowly make it unusable
It's rarely been the citizens that have been the problem, but the governments and companies that seek the use the network connection for their overwhelming benefit.
Re (above):
> Not on topic, but wow the internet has very quickly devolved into: click -> "making sure you're not a bot", click -> "making sure you're a human", click -> "COOKIES COOKIES COOKIES", click -> "cloudflare something something"
Its pretty explicitly not a tragedy of the commons. Its a tragedy of the ruling class abusing the resources of the 'commons' to extract value. There is nothing 'commons' about trillion dollar companies extracting all available value from the labor of the working class. That's just the tragedy that'll bring around the death of society, the same tragedy that brings all other tragedys
While a lot of the plebs do suck, a pleb who sucks causes way less problems than a big corp that sucks simply by virtue of not having too much resources.
But whether you agree with me or not, most paradigm shifting changes come from billionaires/corps because they are the only ones with the money to pull off massive shifts. Most innovation is not grassroots and heavily funded by the “elites”. This is how most successful countries have been for atleast the last 100 years. So billionaires add a lot of value even as they cause a lot of pain.
The solution in my mind is we absolutely need uncapped billionaires but they need to be effectively taxed (not like 90% but closer to 50%) and they have to have absolutely no influence on the government.
No one's even clicking anymore, everything implores me to tap or swipe these days, and everything is optimised for humans with one eye above the other.
Then I press the X to close the all-caps banner commanding me to install the app, upon which I get sent to the app store. Users of the website refer to it as an app.
Glorious. Really looking forward to seeing how much better than AV1 it actually turns out to be. It's a shame it'll take a while before we'll have a decent encoder (it took an annoyingly long time until SVT-AV1 was usable).
off topic, but related to the recent github alternative discussion:
Wow, this gitlab instance looked so much cleaner/simpler and less clunky than my past experiences! Also loaded really fast on first page load as well as subsequent actions
And who ever heard of this in the majority of the world? It was news to me, I'm white and European btw.
Did you know the US consititues about 4% of humans? When we look at adults and age range that likely ever hear of D4vd we are talking probably considerably less that 1%.
The rest of humanity has no negative association with these four letters.
It was my first thought when I saw the name, unfortunately. The US constitutes a large portion of this site's user base. Whether the association sticks around is yet to be seen.
So a project should change its name because when it will be production ready 6 years from now the 1% of the 1% of the 1% will think for 1 microsecond about a piece of news from today?
Hollywood retitles movies based on books all the time[1], for the silliest of reasons ("Sorcerer's Stone" was contemporaneous to LOTR too); so given there's precedent, it follows that those wanting to retain the original title from the books should defend their position.
Potentially... supposing the criminal investigation into this uncovers a hitherto unknown organ harvesting scheme operating within the global music records industry; the subsequent police dragnet implicates significant proportion of the world's music stars and record labels and generates continual major headlines and criminal convictions - with all their lurid details - all for multiple decades from now on.
It's quite ridiculous when I put it that way, but this is basically the same thing as Epstein's network, just with a different crime; and Epstein was already in the news almost 20 years ago from his first conviction.
...so back in 2009, back when everyone was building their own social-network websites and online dating services, and supposing your real-name was also Epstein, so you called it "EpsteinLoveIsland.com" - would you have changed the name back then?
It's just unfortunate. Like there was a pharmaceutical company named "Isis" that changed their name due to the association with the terrorist group. That said, while people will notice for the next couple of months, I don't think it warrants changing a name for.
Not just C, dav1d and dav2d are actually mostly written in ASM! Then there's a bit of C as the glue or for functions that don't have optimized ASM yet.
Since dav2d is newer it has a higher fraction of C, but not enough for it to be the main language in the codebase :)
And? It's common knowledge that the "reference" or "research" version of any codec is always quite high level to get development going and actually produce a working bitstream
That codecs should be written in safer languages given that they usually process untrusted files. There have been a number of serious hacks from file parsing bugs due to them being written in unsafe languages.
There's literally a DSL designed for this purpose (Wuffs) so it would be interesting to hear why they didn't use it.
There's an order of magnitude difference in speed requirements between file format parsing and image decoding, then another order of magnitude difference to video decoding. Even rav1d reuses dav1d's assembly (most of the actual runtime) to approach its speed.
The people who write DSLs for video codec asm, or who claim that it's fine to use intrinsics or X higher-level language and it will still be fast enough to be usable, are simply wrong and have never been able to demonstrate otherwise.
Having said that I do think you could write a DSL to generate safe performant asm for a video codec. Just not a platform-independent one. It would still have to be asm.
We must not continue to develop media codecs in memory unsafe languages. Small, auditable sections can opt-out perhaps, but choosing default-unsafe for this type of software is close to professional negligence.
Cryptography and video codecs are notable exceptions, they put a lot of effort to making the code provably memory safe: no recursion, limited use of stack variables, no dynamic allocations, etc. As a result, memory safe languages bring nothing but trouble by making it non deterministic, that’s especially true for crypto where compiler “optimisations” guarantee you side channels attacks.
Video codecs just don't need to do dynamic allocations because it's not relevant to the problem. There's still certainly plenty of opportunities for memory bugs because there's a lot of pointer math.
Of the 3 software AV1 encoders, the only one that is fully dead is the Rust encoder (rav1e). If people truly wanted memory safe encoders/decoders, they would fund and develop them.
I think these conversations are directed by the parties funding the efforts. Example: "we (large company) want a fast AV2 decoder" -> they pay a specialized team to do it -> this team works in C for the most part, so it is done in C. If there were financial incentives to do it in Rust, they'd pay more for a Rust decoder.
For the codec itself, the majority of it is performance sensitive and often has a significant amount of assembly even, so a memory safe language doesn't change much.
However for the container/extractor... those should absolutely be in a memory safe language, and those are were a lot of the exploits/crashes are, too, as metadata is more fuzzy.
As a practical example of this see something like CrabbyAVIF. All the parser code is rust, but it delegates to dav1d for the actual codec portion
https://www.sisvel.com/insights/av2-is-coming-sisvel-is-prep...
yep
The big question is if AOMedia is going to make good on their Mutually Assured Destruction promise of using their patent and financial war chest to to countersue into oblivion anyone trying to go after AV1 adaptors.
It’s not an easy problem.
Aesthetics over function; style over substance. If that's their web design policy it's likely their policy in all other aspects.
I'm also not sure that they're aware that intellectual property rights no longer exist in the US. If AV2 was vibe coded, there would be no case.
…for copyright. Not for anything else. Patents would still apply.
Otherwise it was under a constant DDoS by the AI bots.
For instance, MCP, static sites that are easy to scale, a cache in front of a dynamic site engine
Our documentation and a main website are not fronted by this protection, so they're still accessible for the scrapers.
What am I missing that explains the gap between this and “constant DDoS” of the site?
Even when the amount of AI requests isnt that high - generally it's in hundreds per second tops for our services combined - that's still a load that causes issues for legitimate users/developers. We've seen it grow from somewhat reasonable to pretty much being 99% of responses we serve.
Can it be solved by throwing more hardware at the problem? Sure. But it's not sustainable, and the reasonable approach in our case is to filter off the parasitic traffic.
- AI scrapers will pull a bunch of docs from many sites in parallel (so instead of a human request where someone picks a single Google result, it hits a bunch of sites)
- AI will crawl the site looking for the correct answer which may hit a handful of pages
- AI sends requests in quick succession (big bursts instead of small trickle over longer time)
- Personal assistants may crawl the site repeatedly scraping everything (we saw a fair bit of this at work, they announced themselves with user agents)
- At work (b2b SaaS webapp) we also found that the personal assistant variety tended to hammer really computationally expensive data export and reporting endpoints generally without filters. While our app technically supported it, it was very inorganic traffic
That said, I don't think the solution is blanket blocks. Really it's exposing sites are poorly optimized for emerging technology.
I think the world gains more if the VLAN team focuses on their amazing, free contribution to the world, than if they spend the same time trying to figure out how to save you two clicks.
We all hate that this is happening, but you don't need to attack everyone that is unfortunately caught up in it.
If you have discovered such an option, you could get very wealthy: minimizing friction for humans in e-commerce is valuable. If you're a drive-by critic not vested in the project, then yours is an instance of talk being cheap.
Keep in mind that those kinds of services: - should not be MITMed by CDNs - are generally ran by volunteers with zero budget, money and time-wise
I've seen several posts on HN and elsewhere showing many bots can be fingerprinted and blocked based on HTTP headers and TLS.
For the bots that perfectly match the fingerprint of an interactive browser and don't trigger rate limits, use hidden links to tarpits and zip bombs. Many of these have been discussed on HN. Here's the first one that came to memory: https://news.ycombinator.com/item?id=42725147
It's rarely been the citizens that have been the problem, but the governments and companies that seek the use the network connection for their overwhelming benefit.
Re (above):
> Not on topic, but wow the internet has very quickly devolved into: click -> "making sure you're not a bot", click -> "making sure you're a human", click -> "COOKIES COOKIES COOKIES", click -> "cloudflare something something"
https://en.wikipedia.org/wiki/Enclosure
That being said, so many of the plebs suck. Like 2% will ruin everything for everyone.
But whether you agree with me or not, most paradigm shifting changes come from billionaires/corps because they are the only ones with the money to pull off massive shifts. Most innovation is not grassroots and heavily funded by the “elites”. This is how most successful countries have been for atleast the last 100 years. So billionaires add a lot of value even as they cause a lot of pain.
The solution in my mind is we absolutely need uncapped billionaires but they need to be effectively taxed (not like 90% but closer to 50%) and they have to have absolutely no influence on the government.
it is incredibly annoying but what can you do? AI scrapers ruined the web.
Then I press the X to close the all-caps banner commanding me to install the app, upon which I get sent to the app store. Users of the website refer to it as an app.
Wow, this gitlab instance looked so much cleaner/simpler and less clunky than my past experiences! Also loaded really fast on first page load as well as subsequent actions
https://www.deb-multimedia.org/dists/unstable/main/binary-am...
... it says "fast and small AV1 video stream decoder"
... should probably be "AV2" ?
Happy, AV2 decoding already here.
:)
Did you know the US consititues about 4% of humans? When we look at adults and age range that likely ever hear of D4vd we are talking probably considerably less that 1%.
The rest of humanity has no negative association with these four letters.
It's a recurring headline on the rolling news channels on broadcast TV right now - and it's on the front-page of Reddit for me as well.
[1] https://www.empireonline.com/movies/features/book-movie-titl...
Potentially... supposing the criminal investigation into this uncovers a hitherto unknown organ harvesting scheme operating within the global music records industry; the subsequent police dragnet implicates significant proportion of the world's music stars and record labels and generates continual major headlines and criminal convictions - with all their lurid details - all for multiple decades from now on.
It's quite ridiculous when I put it that way, but this is basically the same thing as Epstein's network, just with a different crime; and Epstein was already in the news almost 20 years ago from his first conviction.
...so back in 2009, back when everyone was building their own social-network websites and online dating services, and supposing your real-name was also Epstein, so you called it "EpsteinLoveIsland.com" - would you have changed the name back then?
So no one below the age of 60 is aware of this.
[0] highest reaching uk language news site in March 2026 - https://pressgazette.co.uk/media-audience-and-business-data/...
[1] >400M visits weekly - https://www.bbc.co.uk/mediacentre/2025/bbc-response-to-globa...
Why did you feel the need to explicitly specify that you're white as one of the reasons you didn't hear the news?
I'm not american either, but the news is all over social media platforms like reddit and Twitter, it's hard to turn a blind eye on them.
dav1d - started in 2018
d4vd - started composing in 2021
>look inside
>it's C
Since dav2d is newer it has a higher fraction of C, but not enough for it to be the main language in the codebase :)
There's literally a DSL designed for this purpose (Wuffs) so it would be interesting to hear why they didn't use it.
Having said that I do think you could write a DSL to generate safe performant asm for a video codec. Just not a platform-independent one. It would still have to be asm.
https://www.youtube.com/@Dave2D
One day in the mysterious future the AV3 decoder will be dav3d.
https://en.wikipedia.org/wiki/Dangerous_Dave_in_the_Haunted_...
C compilers, Rust compilers, and assemblers are all deterministic.
I wonder IFF Rust had an effects system that a Jasmin MIR transform (ie like SPIRV is for shaders) would be useful?
https://github.com/jasmin-lang/jasmin
Really? How many codecs have your neighbors contributed money for the development of, just curious.
However for the container/extractor... those should absolutely be in a memory safe language, and those are were a lot of the exploits/crashes are, too, as metadata is more fuzzy.
As a practical example of this see something like CrabbyAVIF. All the parser code is rust, but it delegates to dav1d for the actual codec portion