Hell, I don’t submit help requests without a confident understanding of what’s wrong.

Hi Amazon. My cart, ID xyz123, failed to check out. Your browser javascript seems to be throwing an error on line 173 of “null is not an object”. I think this is because the variable is overwritten in line 124, but only when the number of items AND the total cart price are prime.

Generally, by the time I have my full support request, I have either solved my problem or solved theirs.

I agree that this is a problem.

“Responsible disclosure” is a thing where an organization is given time to fix their code and deploy before the vulnerability is made public. Failing to fix the issue in a reasonable time, especially a timeline that your org has publicly agreed to, will cause reputational harm and is thus an incentive to write good code that is free of vulns and to remediate ones when they are identified.

This breaks down when the “organization” in question is just a few people with some free time who made something so fundamentally awesome that the world depends on it and have never been compensated for their incredible contributions to everyone.

“Responsible disclosure” in this case needs a bit of a redesign when the org is volunteer work instead of a company making profit. There’s no real reputational harm to ffmpeg, since users don’t necessarily know they use it, but the broader community recognizes the risk, and the maintainers feel obligated to fix issues. Additionally, a publicly disclosed vulnerability puts tons of innocent users at risk.

I don’t dislike AI-based code analysis. It can theoretically prevent zero-days when someone malicious else finds an issue first, but running AI tools against that xkcd-tiny-block and expecting that the maintainers have the ability to fit into a billion-dollar-company’s timeline is unreasonable. Google et al. should keep risks or vulnerabilities private when disclosing them to FOSS maintainers instead of holding them to the same standard as a corporation by posting issues to a git repo.

A RCE or similar critical issue in ffmpeg would be a real issue with widespread impact, given how broadly it is used. That suggests that it should be broadly supported. The social contract with LGPL, GPL, and FOSS in general is that code is released ‘as is, with no warranty’. Want to fix a problem, go for it! Only calling out problem just makes you a dick: Google, Amazon, Microsoft, 100’s of others.

As many have already stated: If a grossly profitable business depends on a “tiny” piece of code they aren’t paying for, they have two options: pay for the code (fund maintenance) or make their own. I’d also support a few headlines like “New Google Chrome vulnerability will let hackers steal you children and house!” or “watching this youtube video will set your computer on fire!”

I think this is a potential windfall for gaming… Sure, it could be terrible, as other commenters have stated, but EA was already terrible. A national investment fund may very well have a better understanding of long-term investment and pull away from lootboxes and microtransactions. I’m certainly not holding my breath… but if I were in a position to buy an entire catalog of IP that people loved in their youth, I think this could be a sound strategy.

If Saudi Arabia took EA and all it’s properties and made it what 90’s gaming was… this would be monumental and I think it’d pay off; as well as a slap in the face of the modern game publishers’ business model.

We just saw this with Silksong: Make a good game, treat your customers with respect, and we will break records for you, even if it takes a decade. If the Saudis don’t act like vulture capital and instead play a longer game, they have the money to fund actual quality development.

not a locksmith, but…

One of those candidates for ‘worst memorable phrase in history’ is the old “duct-tape for things that move and shouldn’t and wd-40 for things that should move and don’t”.

WD-40 isn’t a lubricant. It often works to get something un-stuck, but then you need to still clean and lubricate the parts to keep it working.

Fully agreed. On the service-provider side, we have ‘safe harbor’ laws: A site isn’t liable for copyrighted user-generated content as long as they have mechanisms to take down items when notified.

Liability-wise: The payment processors should have no fucking insight into what is being sold, only that they handle the transactions. Therefore, they should have no liability, similar to “safe harbor”.

Reputation-wise: I can almost see a history where Visa, for example, used a statement like “we don’t handle transactions for X” as a marketing ploy… but that is way past where we are. There’s no chance of reputational damage to a payment processor for the items for which they handled a payment. Combined with the above, if I say I’m giving $20 to Tim, you give $20 to Tim and take it from me. Done. Not your problem.

As another commenter stated, the payment processor should be a dumb pipe, and anything illegal being sold should be a liability for the seller or buyer. The idea of a moral judgement of the processor is as stupid as a water pipe to your house cutting off the flow if your shower runs too long.

The real problem is the politicians, or lobbyists/influencers, who are sending bribes to each other to gain advantage… but visa doesn’t have a problem handling a venmo transaction for ‘tuition’.

Let me buy horny games until after you block world superpower corruption first. But honestly, don’t even do that. Just handle moving the money when someone send it. That’s your only job.

Evanescence in my Lemmy? Hell yeah!

I jumped into Linux, via Mint, about a year ago when I refreshed my hardware. The transition was pretty easy, and I haven’t looked back. Steam runs fine and I haven’t had a modern game that didn’t work under default proton settings except for things I’ve run outside Steam and mods. Most of my personal PC’s workload is gaming and handful of web-based apps that are effectively OS-agnostic; Everything else has an easy equivalent in the apt repos.

I would say that my decision to embrace Linux as my OS was primarily influenced by my Steam Deck. Gaming on it has been simple and the desktop UI was easy to adapt to. I replaced my laptop with the Steam Deck, bluetooth keyboard and mouse, and a USB-C dock with HDMI out (all things I already had for the laptop). I now just hook into whatever TV is handy as a monitor when I need a computer on the go.

I was a tech enthusiast when I was younger, and am thus familiar with fucking around on the command line, but now I’m an old man who just wants his stuff to work and it just has… The barrier of entry for the Linux Desktop is effectively gone. We just need PR now.

Also, I think I’d replace Mint on my primary PC with SteamOS, given a simple way to do so. About a year ago, the desktop/beta SteamOS was not fully baked.

Passive aggressive ‘All your veggies are actually fruits’ energy here. I love it :)

This has been a regular debate in my household and I’m with you on this.

This is a really interesting question. If I were a researcher, I’d try to go chase this topic, since it seems to be fairly quantifiable.

Like Mudskipper, I can replay music in my head but it has a few caveats: I don’t really process the instruments… I remember the pitch/volume/etc but primarily of vocals. I also replay with the original singer’s voice and not my own. Replaying a few songs in my head now and I can’t even focus on the instruments if there were vocals unless they are critical to how the song works, like a bass drop. If I try to replay music that is instrumental, I get verbal recreations, like someone performing the song acapella. If i focus hard, I can hear instruments instead, but that requires thinking about it. This matches how I ‘sing along’ with instrumental pieces in otherwise verbal songs. It might just be that the backing music isn’t retained, so I can remember the melody, but not, say, a bass line unless the bass is being highlighted.

Are there people who CAN’T replay music in their heads? Are they immune to ‘ear-worms’ or do they just perceive it differently?

Is there no example of prior art anywhere? Someone doing this, but not explicitly calling it out because it’s obvious?

I think the FromSoftware games have had a modular animation scheme that allowed contextual selection of sub-animations with priorities so that things looked fluid during combat. If the animations change based on context, what’s the difference if that context is incoming weapon angle vs “tiredness”? Hundreds of games have characters react to low health with a different movement animation. Other games have characters react to weather like rain or wind by bracing against it. How is this different from that, other than simply having more factors taken into account?

Software patents in general are just scummy. No one is going to buy your game specifically because your characters limp. No one bought the Mordor games JUST for the patented nemesis system. No one is going to buy a Nintendo game JUST for the loading animation that shows where you were and where you just teleported to. All patenting these things do is limit future potential and piss off vocal parts of your fan base.

I know I’m preaching to the choir here…