If nothing else they should not be allowed to call themselves a bank, including not a "trust" bank. Stick with crypto exchange or hascode pawnshop or whatever but not bank.

People are only annoyed because this is Apple.

If a clothing brand like Ann Taylor made an ugly $250 phone purse nobody here would bat an eye.

This particular thing has only been pushed recently, but various different visions of "interactive TV" has been a Thing for a very long time.

People were talking about it back in the 50s, probably earlier. But the earliest deployment in the US of something plausibly called interactive TV was Qube in 1977.

There's a parallel universe in which the US ended up with a cable-TV-based version of Minitel.

There are multiple reasons, but I think the biggest is that a different interactive screen ate TV's lunch.

The phone is superior in most ways, from the perspective of the pushers - usually maps to a single person, always with them, location trackable, etc. About the only advantage of the TV is being a big screen, but that doesn't seem to matter for much.

Another big one is there's no central player to lay the rails and the big players have competing interests. But I really think the deciding factor is just that the money folks don't see a need for a QVC "buy now" button.

People don't like having cameras streaming from their bedrooms and livingrooms. I'm shocked.

That's insane! Sign me up and ship me out.

It is always DNS.

Google, Microsoft, Apple, Facebook, Amazon, or another one of the big software development companies could easily fork ffmpeg itself, fix the open CVEs, provide their own (likely incompatible) features, and become the new standard - leaving the original developers out in the cold. Google did this with Blink (forked from WebKit, which itself was forked from KHTML). They took a fork of a KDE backed project, put it into what is now the #1 browser in the world, allowed Microsoft, Opera, and others to then use it in their own browsers — and now Google owns the entire narrative and development direction for the engine (in parallel to, and controlled to a lesser extent by Apple which maintains WebKit). The original KHTML developers really couldn’t keep up, and stopped maintaining KHTML back in 2016 (with full deprecation in 2023).

That is the risk for the original developers here. You’re right in that there isn’t really anything out there that can do what ffmpeg does — but if the developers don’t keep up on CVEs then organizations are going to look for new maintainers — and a year or two from now everyone will be using the Google/Microsoft/Apple/Facebook renamed version of ffmpeg instead.

That’s the shitty truth of how these things work. We’ve seen these same actors do it before.

Yaz

Look — I’m a developer. I get it. I’m personally all for having organizations do more to support the OSS they rely on. But the people in the C-suite are more worried about organizational reputation and losing money to lawsuits. If a piece of software they rely on has a known critical CVE that allows for remote code execution and someone breaks in and steals customer data — that software either needs to be fixed, or it needs to be scrapped. Those are the choices. Our customers in the EU are allowed to request SBOMs of everything we use and pass it through their own security validation software — and if they find sev critical CVEs in software we’re using there is going to be hell to pay. And the people in the C-suite can’t abide that level of risk.

Most software development companies (outside some of the biggest ones) don’t really have the kind of expertise in house to supply patches to something as complex as ffmpeg. But a company like Google has the staff with sufficient experience in this area that they could fork the project, fix the issues, and redistribute it as their own solution to the problem — and now Google is driving ffmpeg development. Organizations that need a security-guaranteed version will simply switch to Google’s version, which will likely slowly become incompatible with the original. They’ve done it before — Chrome was Google’s fork of WebKit, huge swaths of users flocked to Chrome, and now Google has over the years made enough changes that their patches often aren’t compatible with WebKit (and, of course, WebKit itself did similar when they forked KHTML).

Now forking like this is great for the community, but it can be tough on individual developers who see their work co-opted and then sidelined by massive corporations. And that’s really why the ffmpeg developers need to be very careful about ignoring CVEs like this. They do so at their own peril, as anyone can fork their code, fix the issues, and slowly make it incompatible with the original. And a big enough organization can ensure they’re fork becomes the new standard, leaving the original developers out in the cold.

Yaz

Really? You think at this point SpaceX is just going to throw up its hands and say "never mind" on Starship? I'm trying to imagine why they would do that.

I think you're right. If he thought he knew anything - in either direction - he'd be all in. Instead he's just throwing his hands up.

Politics is more important than code quality, and while it's a non-profit that doesn't make it unprofitable to senior leadership.

There is no incentive to improve Mozilla whose revenue is not tied to performance.

The good news is that nine-in young people

What is "nine-in".....? New term to me....

The rush is that burning it is buggering up the planet. If the US refuses, it becomes a security issue and we be dealt with appropriately.

Chicken little has been shouting this for waaaay too long....driving our ICE vehicles will not cause the planet wide DOOM scenario....certainly not in any lifetime soon.

We have plenty of time to come up with new and better vehicle power schemes.....

Mainly because I started doing this in 1997 and managing /etc/aliases myself works just fine.