Getting my popcorn ready for when they turn that on in Austin. I only day trip to there infrequently, and I've already seen a stopped Waymo at a traffic light intersection with APD cops around it.

Don't worry, there are only four digits on most pumps. When it hits $10/gallon, the 9/10 of a cent falls off the end!

Have you seen what a brass dollar coin looks like after a little bit of circulation? The metal tarnishes badly, to the point where you can barely identify the artwork.

Only if they stop making it out of that crappy brass that tarnishes into an ugly brown metal slug after only a little bit of actual circulation. I learned this back in the Sacajawea coin days when there were postage stamp vending machines that tried to accept and give change with dollar coins. The artwork on the coin may have changed since then, but the metal hasn't changed.

For those who may not be familiar (zoomers and foreigners), the previous dollar coins were the Susan B Anthony dollar, for which the primary complaint was that it was too hard to tell apart from a quarter (similar size and ridges), and the 4cm silver dollar, which was simply too huge to be useful.

Tim Kitzrow? Mister "Boom Shaka-Laka" from NBA Jam? Yeah, I've seen him a couple of times at classic video game events in recent years, he's quite the wild card. I can believe that there would be some crazy improv in there.

Remember: you can't spell powershell without "hell".

Perl had the concept of "tainted" input data to make it sort of possible to prevent SQL/shell injection, etc.. We've already got web browsers marking downloaded files as "treat this like a biohazard" even if just it's a stupid text file, why not clipboard contents too? (...to be followed by the scam instructions telling you to open a text editor, create a new document, paste into it, copy what you just pasted... the universe can always create Bigger Idiots)

That, or your project gets sidelined. Which is where the danger lies.

I work for a big multinational software company that uses a lot of Open Source Software. We have a security office that audits all of our products several times a year. If any piece of our stack shows any open CVEs we have a fixed amount of time to fix the issue, with the amount of time varying from a few days (for CRITICAL severity issues) to roughly half a year for the lowest severity issues. A lack of a fix for a published CVE isn’t an excuse for not fixing the issue on our end — the software still has a security flaw in it, and the organization is so incredible security averse (thanks in part to having contacts in the defence industry) that they don’t want to risk expensive lawsuits and the loss of reputation if a vulnerability is exploited.

A lot of bigger organizations now work this way. We’ve all seen what has happened to organizations that have had significantly security breaches, and it’s not pretty. Our customers are big corporations and government entities — and if they even sniff a risk there are going to be problems. So if there is an unpatched exploit, we’re expected to either switch to something comparable, or DIY a solution (either replacing the library in question, or potentially patching it ourselves).

If ffmpeg allows known and published vulnerabilities to languish, the risk here is that organizations that use their code will simply stop using it and will look for other solutions. That’s a tough pill for an Open Source Software developer to swallow, especially when they make it as big and important as ffmpeg. You might wind up in a situation where an entity like Google forks your code and takes ownership, and eventually gets everyone to migrate to using their version instead (like what they did with WebKit to Chrome), leaving you sidelines. Or maybe someone else jumps in with a compatible solution that works well enough for enough users that they switch to that instead.

Now in an ideal world, the Google’s of this world would not only submit a CVE but would also submit a patch. Having been an OSS developer myself I’ve always encouraged my staff if they find a bug in a piece of software we use to file a bug report and ideally a patch if they know how to patch the issue correctly — but I know that is hardly universal within our organization, and probably even less so elsewhere.

TL;DR: a lot of OSS success relies on having lots of users, or at least some big and important users. But you risk losing those if you leave CVE’s open for too long, as company policies may require scrapping software with unfixed CVEs. That loss of users and reputation is dangerous for an OSS project — it’s how projects get supplanted, either by a fork or by a new (and similar) project.

Yaz

Nobody wants your shitty iOS. People tolerate it on phones, because you taught them that it's ok for PCs to suck if they fit in one hand. But once the one hand constraint is lifted, people come back to their senses for some weird reason. You did too good a job of persuading people to treat phones as weird exceptions to common sense, when you should have undermined common sense itself (but that would have harmed Mac sales).

...famously played by Slashdot user CleverNickName.

Both are effective monopolies because of being the first and most dominant in a market. But they have a different level of evilness. Steam is a beneficial monopoly that doesn't abuse its position, while Ebay can be a pain in the ass.

Spam, spam, spam, eggs and spam didn't provide enough incentive to try to distinguish between humans and skin jobs, but now "AI slop" does? Ok, great!

Check the OpenPGP signature.

Unsigned? /dev/null.

Signed but no trust path? /dev/null

Signed and with a trust path? Can still be trash, but its claims to be of human origin, are worth taking seriously. If you find a problem (e.g. someone trusted the wrong person) then deal with that then.

Even if the people who know how didn't move on over the last few decades, surely they would have been fired some time in the last few months as part of the overall effort to weaken the US economy, health, and defenses.

Is there anyone left who knows how to do the job? Can they be hired back, after the Epstein shutdown is over?

Apple could just stop being evil.

Problem: adversary has you in a headlock.

Solution: wait for the adversary to change allegiance.

This sure sounds like something that can be completely solved by getting a new account. But then there's this hilarious excuse for insisting that the problem remain:

Although users can "abandon the accounts and start again with new Apple IDs," the report notes that doing so means losing all purchased apps, along with potentially years' worth of photos and videos.

If there's any risk of losing photos and videos, then they should already be working on fixing their backup system immediately, before something bad happens. This isn't so much a problem as a wake up call that they haven't yet done one of the most basic first-things in using computers: get data backups going.

Loss of access to an external data storage account is just one of the risks they aren't protecting themselves against, with regard to that data. (And geez, since they're already cloud-storage enthusiasts, what was their plan for what they were going to do if they ever found a better cloud provider?)

As for proprietary apps: same problem, they already faced the risk even without this parental splitup. Either stop doing that, or accept that you occasionally have to repurchase your proprietary software. Given how much crap is monthly subscriptions now, I suspect there's very little loss here anyway, since having to continuously repay is already the status quo for an increasing number of .. [sighing and trying to remember to be nice] .. inexperienced computer users.

But if it's not (yay! it shouldn't be), then either suck it up that you have to re-do a "one-time" purchase, or [gasp] contact the manufacturer of that software and tell them the problem.

Oh, it's some company who is unresponsive or says "fuck you, pay me?" Well, then you're the one who decided to do business with an unresponsive company. You were already fucked and just hadn't run into the already-looming disaster anyway. Glad you're learning about how stupid that was while you're a teenager instead of later, when the stakes are going to be even higher.

All objections to "get a new account" are bullshit. And worse, they just point out problems that these people can/get-to/should face now, before anything bad happens.