Hell, I don’t submit help requests without a confident understanding of what’s wrong.

Hi Amazon. My cart, ID xyz123, failed to check out. Your browser javascript seems to be throwing an error on line 173 of “null is not an object”. I think this is because the variable is overwritten in line 124, but only when the number of items AND the total cart price are prime.

Generally, by the time I have my full support request, I have either solved my problem or solved theirs.

I agree that this is a problem.

“Responsible disclosure” is a thing where an organization is given time to fix their code and deploy before the vulnerability is made public. Failing to fix the issue in a reasonable time, especially a timeline that your org has publicly agreed to, will cause reputational harm and is thus an incentive to write good code that is free of vulns and to remediate ones when they are identified.

This breaks down when the “organization” in question is just a few people with some free time who made something so fundamentally awesome that the world depends on it and have never been compensated for their incredible contributions to everyone.

“Responsible disclosure” in this case needs a bit of a redesign when the org is volunteer work instead of a company making profit. There’s no real reputational harm to ffmpeg, since users don’t necessarily know they use it, but the broader community recognizes the risk, and the maintainers feel obligated to fix issues. Additionally, a publicly disclosed vulnerability puts tons of innocent users at risk.

I don’t dislike AI-based code analysis. It can theoretically prevent zero-days when someone malicious else finds an issue first, but running AI tools against that xkcd-tiny-block and expecting that the maintainers have the ability to fit into a billion-dollar-company’s timeline is unreasonable. Google et al. should keep risks or vulnerabilities private when disclosing them to FOSS maintainers instead of holding them to the same standard as a corporation by posting issues to a git repo.

A RCE or similar critical issue in ffmpeg would be a real issue with widespread impact, given how broadly it is used. That suggests that it should be broadly supported. The social contract with LGPL, GPL, and FOSS in general is that code is released ‘as is, with no warranty’. Want to fix a problem, go for it! Only calling out problem just makes you a dick: Google, Amazon, Microsoft, 100’s of others.

As many have already stated: If a grossly profitable business depends on a “tiny” piece of code they aren’t paying for, they have two options: pay for the code (fund maintenance) or make their own. I’d also support a few headlines like “New Google Chrome vulnerability will let hackers steal you children and house!” or “watching this youtube video will set your computer on fire!”

Not just the primaries! My city is pretty purple. We tend to vote republican by a slim majority in larger races (think 51/49), but in the mayor and city council race that just happened, the republican mayor won at like 66/33. Vote every chance or you cede your power to the people who do.

The fix is to start local. Bob’s right: that school PTO experience will be on the candidate’s bio when they run for mayor, even if they are the karen-est karen, and it will sway a few people. That ® mayor has power over a huge amount of how the city is run and many of the things people are locally unhappy with are a direct result of them electing a rich asshole. If we elect Dems locally, we might be able to sway people to our side when the situation gets better under our leadership.

We individuals have the power but it’s got a bit of a lag-time to it. Become informed about how the DNC structure works (best done by joining your local precinct, even if you do nothing more than joining a few meetings). The precincts vote for who runs the county, the counties vote for who runs the state, the states vote for the nation and it’s all based on head-count of participants: a large precinct by population might only have a relative few people engaged and will not have as large an impact when voting in upstream elections. If we’re mad at DNC leadership or the options we have for congress/president, the fix is to ensure people at the precinct-level are the right ones.

This comment is a direct response to anyone saying “both sides”, “dem’s are still corporate shills”, or similar defeatist comments. The “spineless dems” currently have power at the top of the party, but we can fix that. It will take work. It will require time, and that time will be hard to justify with little immediate result. This is the battle we need to fight right now, though. It just needs to be constant and not only complaining online and voting every 2-4 years.

It suggests to me that someone is measuring the length of a middle finger.

While I believe that this is accurate, as a broad stroke and specifically of the DNC itself, any individual democratic politician is not necessarily corrupt and playing a foil. Especially as you get more and more local.

Don’t let cynicism prevent you from voting for a local candidate for mayor or city council, for example. It’ll take time to see if Mamdani is what he claims to be, but it’s not unreasonable for someone who is mad at the current situation to run for office with a real intent to improve things.

The way we fix things is by getting the local orgs to throw their weight around. Those precinct orgs get votes in the district and district vote in state and state vote nationally. If you’re mad right now or were mad in 2020, then get involved. Find your local democratic organization and become the change. Under our Representative Democracy, we don’t always directly elect our leadership, but we do get to elect the people that elect the people that elect the people… Gotta start at the bottom and ensure that first step has our values in mind. Right now, too many people only get involved every 2-4 years and are mad at the results.

“President” and “Senator” are important titles, but so is “County Chair”. Doing this and pushing the Democratic party further left will be more effective than sending a protest vote for a third party every 4 years, but you can do both.

I’m happy you provided a few examples. This is good for anyone else reading along.

Equifax in 2017: Penalty was, let’s assume the worst case, 700$M. The company in 2017 made 3.3$B, and I’d assume that was after the penalty, but even if it wasn’t, that was a penalty of 27% of revenue. That actually seems like it would hurt.

TSB in 2022: Fined ~48.6£M by two separate agencies. TSB made 183.5£M in revenue in 2022, still unclear if that was pre- or post- penalty, but this probably actually hurt.

Uber in 2018: your link suggests Uber avoided any legal discovery that might have exposed their wrongdoing. There are no numbers in the linked article and a search suggest the numbers are not public. Fuck that. A woman was killed by an AI driven car and the family deserves respect and privacy, but uber DOES NOT. Because it’s not a public record, I can’t tell how much they paid out for the death of the victim, and since uber is one of those modern venture-capital-loss-leader companies, this is hard to respond to.

I’m out of time – and won’t likely be able to finish before the weekend, so trying to wrap up – and Boeing seems complicated and I’m more familiar with Crowdstrike and I know they fucked up. In both cases, I’m not sure how much of a penalty they paid out relative to income.

I’ll cede the point: There are some companies who have paid a price for making mistakes. When you’re talking companies, though, the only metric is money-paid/money-earned. I would really like there to be criminal penalties for leadership who chase profit over safety, so there’s a bit of ‘wishful thinking’ in my worldview. If you kill someone as a human being (or 300 persons, Boeing), you end up with years in prison, but company just pays 25% of it’s profit that year instead.

I still think Cassandra is right, and that more often than not, software companies are not held responsible for their mistakes. And I think your other premise, that ‘if software is better at something’ carries a lot: Software is good at explicit computation, such as math, but is historically incapable of empathy (a significant part of the original topic… I don’t want to be a number in a cost/benefit calculation). I don’t want software replacing a human in the loop.

Back to my example of a flock camera telling the police that a stolen car was identified… the software was just wrong. The police department didn’t admit any wrongdoing and maaaaybe at some point the victim will be compensated for their suffering, but I expect flock will not be on the hook for that. It will be the police department, which is funded by taxpayers.

Reading your comments outside this thread, I think we would agree on a great many things and have interesting conversations. I didn’t intend to come across as snide, condescending or arrogant. You made the initial point, cassandra challenged you and I agreed with them, so I joined where they seemed not to.

The “bizarre emotion reaction” is probably that I despise AI and want it nowhere near any decision-making capability. I think that as we embed “AI” in software, we will find that real people are put at more risk and that software companies will be able to deflect blame when things go wrong.

Who knew? One-size fits all health guidance doesn’t actually work!

Supporting you, not trying to diminish your experience.

I was made to spell ‘pepsi’ before getting caffeinated sugar syrup at dinner. Looking back, that seems like poor decision making on my parents’ part, but I can see the good intended behind the act. Hopefully we learn from those that came before… and make new and exciting mistakes!

The burden of proof is on you. Show me one example of a company being held liable (really liable, not a settlement/fine for a fraction of the money they made) for a software mistake that hurt people.

The reality is that a company can make X dollars with software that makes mistakes, and then pay X/100 dollars when that hurts people and goes to court. That’s not a punishment, that’s a cost of business. And the company pays that fine and the humans who mode those decisions are shielded from further repercussions.

When you said:

the idea that the software vendor could not be held liable is farcical

We need YOU to back that up. The rest of us have seen it never be accurate.

And it gets worse when the software vendor is a step removed: See flock cameras making big mistakes. Software decided that this car was stolen, but it was wrong. The police intimidated an innocent civilian because the software was wrong. Not only were the police not held accountable, Flock was never even in the picture.

And here I will not disagree with you that the accuracy doesn’t matter right now, and I’m not missing the point. I see how we on the left are losing the “cultural war,” but I’m not sure that turning to propaganda with blatant lies or half truths is going to work.

If I saw an advert for my local statesman that claimed that their republican opponent eats babies, it wouldn’t change how I vote, but it would diminish my fervor for voting for them. The end-game of this propaganda war is that nobody pays attention at all, since it can’t be trusted, or that everyone believes everything they see regardless of it’s merit. Obviously there is a spectrum, and you can’t fool all of the people all of the time, but I don’t think aiming for that lowest common denominator is the way to go.

Calling back to my previous post, you don’t seem like a ‘fence-sitting lefty’ to me. You come across as a cranky lefty like myself. I know I don’t have a solution to this issue of messaging and you think you have yours. I do disagree that it would be better to meme harder at the expense of truth, but we’re broadly on the same side and have the same goals.

I’m just curious at this point: What would your memes look like? I’m such a sucker for accuracy that all I can come up with are things like: “Republicans could end the government shutdown at any point: They have the majority and can change the rules whenever they want, but they can’t even come to an agreement amongst themselves about how hard to fuck you over”, or “You can’t have informed voters if they can’t read [temple-tap]” and I don’t think those would sell.

It seemed somewhat topical to me. Google’s censorship is the same trend of enshittification that Yar is talking about.

There are tons of other comments talking about the censorship issue. Using this moment to plug open source software is not unreasonable.

The firehose of bullshit falsehood plus, A Lie Can Travel Halfway Around the World While the Truth Is Putting On Its Shoes

This isn’t that the left has failed to understand, this is that the left actually values accuracy where the right doesn’t.

“They’re eating the dogs!” he said, just making shit up. Proving that they are not, in fact, eating dogs requires a bit of work. The right works on ‘feels’ and their ‘guts’ where the left values truth and reality. It’s easy to make something up as a meme and just post it, with no intent to ever defend it. Some amount of people will see it and believe it’s true.

A thing that separates left and right is that we are skeptical and require proof before we believe.

Oh so good information on the left must be searched while good information on the right is actively searching for me?

[Emphasis mine.]

I would strongly disagree with the idea that the right is putting out “good information.” I will agree that they are searching for gullible people like you. In this thread alone, we have the most powerful people on the right stating the shutdown is caused by the dems. It took an intern 10 minutes to print a “the democrat shutdown” sign, but takes significantly longer to write an article that describes why that isn’t accurate, and that article won’t be read by the people who need to see it. Falling to their level and making a ‘the republican shutdown’ sign and holding a press conference with it just enforces the ‘both sides’ narrative that only discourages people from voting.

I don’t have a solution, but it certainly isn’t “meme harder”. It’s more like “encourage critical thinking and expect people to be informed before voting”. I’ll even put out a point: Democratic leadership wants to encourage education by making it affordable to everyone while republican leadership constantly pushes to de-fund teachers, schools, and programs that would let the poors into college. I could back that up with examples and proof, but it would take that time I’m talking about, go looking for counterpoints instead and spend your own time making yourself better.

donald trump famously said, “I love the poorly educated”. I don’t think he loves them because they are amazing people, or that he wants to take care of them. He loves them because they are rubes and marks and he is a con-man.

This is your wake-up call. There is no such thing as a ‘fence-sitting lefty’. You are either:

• ignorant and can be shown how to think for yourself. At which point you also get angry and become a real lefty.
• ignorant and intentionally staying that way – good for you, I also want to just bury my head in the sand sometimes. Please don’t vote republican because their meme game is better.
• a saboteur or bad-faith actor claiming to be left while actually holding right-wing views and trying to sow discord to weaken your political opponents.

I’m a little confused.

You’re a fence-sitting-lefty?

Without being rude… what behavior on the right are you in favor of? Is it the reduction of rights for literally every minority? Is it the clearly stated planned process in Project 2025 that is being implemented? Is it tariffs, to punish our “trade partners” (read: farmers, citizens, small businesses)? Do you think trans people are not human?

I’m cranky, clearly, but honestly looking for some insight. What makes you not a staunch lefty? I don’t think an informed lefty can possibly be fence-sitting; the political landscape is just so polarized and the right is just trashing everything they can get their hands on.

If you’re just uninformed and not paying attention, then you need to start looking around. There are tons of left memes right here, so if you’re not seeing them, then you’re not looking. If you’re seeing the right-leaning memes more, then check your sources and biases.

I’ll admit that I should have been more clear that I was paraphrasing and interpreting instead of actually quoting you. The previous message was right above mine, though, so I though it was pretty clear.

Just as you have written me off, I’ve done the same for you. I’m just responding for anyone else who reads this far down and finds this thread, and only because I’m in a waiting room and this is more interesting than HGTV.

I said, and I quote:

I still don’t get your angle. Why are you defending this…

I assume the lack of a defense is clear enough proof that you don’t have one.

Palantir scouring the internet, cloud cameras like Flock, Facebook and Google retaining your data forever to maximize profit. None of that is defensible. We should be sounding alarms like OP did and making sure people are aware. Putting others down for ‘not having caught on yet’ (interpreted, you can still correct me if I’m misunderstanding) is counterproductive. We can still resist or reverse the power these huge companies have… but there might be a point where it becomes too late.

Would you prefer to be someone who helped fight, or someone who complained it was futile until it was?

Call your Senators and Representatives. Demand privacy. Elect and support people who are against these kinds of overreach if the current ones won’t.

Love you!

edit: dammit, the quote formatting ate a line break. fixed.

“Anyone could already do this, so why bother being worried that it’s easier now” they said.

I still don’t get your angle. Why are you defending this, or at the very least downplaying it’s impacts? You seem to also be aggravated by this data collection and spying, so why are you so mad that other people are catching on?

“Oh, I’m so smart” they said. Enjoy your useless internet points?

The situation is actually different now, in the last few years. This is less relevant to the OP, but we/they are building automated snitches that will tattle on you, and more importantly be wrong with a statistical significance. See Flock mistaking license plates and calling the police on innocent people. Sure, we might catch a few violent criminals, but when your government decides that your online activity complaining about them is now criminal, your data can be correlated in real time in a way that wasn’t possible in our parent’s time.

Your dismissal of this seems insane. Stop arguing with me about how long it’s been possible and help me/us fight against it.

No, that’s not what I said. Widespread data collection and searching used to be something only state actors could accomplish and there were at least theoretically guard rails. Now the barrier of entry has been seriously reduced, the data is owned by a corporation, and being fed to AI. That has a chilling effect as well as being ripe for abuse.

I don’t see an upside.

I’m going to say that this is actually spooky.

Not that it’s unreasonable, but that the scale of what AI can surveil is so vast that there’s no more personal security-via-obscurity.

It used to be that unless someone had a reason to start looking at you, anything you did online or off was effectively impossible to search. You might be caught on some store’s CCTV, Or your cell provider might have location pings, but that wasn’t online for anyone and needed a warrant to have the police use it to track your activities. Now cities are using Flock and similar tools to enable tracking vehicles across the country without any reason, and stores are using cloud-service AI cameras to attempt to track your mood as you move through the store. These tools can and have been abused.

Now, due to the harvesting of this data for AI, anything that’s ever been recorded (video footage, social media posts, etc) and used as training data can be correlated much more easily, long after it occurred, and without needing to be law enforcement with a warrant.

I’d call that spooky.

We can learn a few things from the French. They seem to have good ideas about how to protest for sure.

A question: How do you think you get to the point where the quiet majority feels confident enough to show up in force? To ‘disrupt the system’?

We Americans, by our own devices, have become a very insular people. We have social media, which puts us all in our little bubbles and cellphones, which distract us from the actual people around us. We sit in despair about rising prices and the tragedies inflicted on ourselves or our neighbors, our world. We watch our rights get eroded.

These protests are a symbol that we are not alone. That there are others out there that are also mad. These protests burst the bubble that technology has trapped us in. Read through the comments with this in mind: How many people were surprised at the turnout being larger than expected. And for each of those, there’s a comment indicating it could be larger. As we come to terms with how many allies we have, we gain collective power. Sure, we have it now, but we’re not willing to wield it yet. Building the confidence that you will be one among many is the key to wielding that power. Ten people protesting will be intimidated by the local police. Ten thousand will intimidate the police instead. Ten million will intimidate the government.

I write actual responses to throwaway comments all the time. I don’t do this for Auli or Fresh, I do this for those that might agree with you on the surface. This protest was not intended to make immediate change. It was intended to build pressure, to unite the people and to show support for the cause. When we show up and make a scene, we provide a shield for those who are not as willing to be in front to join in. When they join in, we grow and are able to pull in even more. Every thumbs-up from a car is someone who is on our side, but due to life commitments or fear did not attend… this time.

Edit: Followup: If you want faster change… do it. What’s your idea? Build a movement and implement or shut the fuck up. You might find that it’s hard to find other people willing to risk their safety and arrest to block a street, or to risk losing their job to strike with only a few people involved. When we have the numbers to make the system fear what we could do, we will win, even if we never have to do it.

I’m going to expand on TrickDacy’s comment:

Every both sideser is either extraordinarily lazy or a closeted right winger

and instead state: It is OKAY to be mad at democratic politicians. Especially the spineless ones we have an abundance of right now. And there is certainly some rage we can all aim at the DNC as an organization, which appears to be trying to hamstring any actually progressive candidates.

But there really isn’t a competition in the race for ‘who is most evil’ between D and R. One side is at least appearing to fight for worker rights, healthcare, equality, peace and other progressive/liberal goals. The other side is actively dismantling the government… like actively and they told us they were going to. There’s no both sides here.

So, by ‘closeted right winger’, what I think Trick means is that anyone boldly claiming ‘both sides’ falls into one of a few categories:

• lazy: Doesn’t “do politics” and gets their news from tiktok, fox, cnn, their buddy at work, and doesn’t put in the critical thinking to make their own decisions. “Both Sides” lets them get away with not caring enough and just moving on with life.
• gullible: Believes they are thinking critically, but are swayed by media, social or conventional, into thinking that all politicians are shit, and if one is corrupt then they all are.
• malicious: Knows they are being disingenuous, but knows the other categories exist. If they claim ‘both sides’ are doing something, then when one side actually gets caught doing it, the public just kinda shrugs it off. This also depresses voter turnout in general, because of the lazy group.

So. What is your purpose in your post. Are you lazy, and just know that democrats also suck, but want to sound smart on the internet? Are you gullible, and really think that democrats would be just as bad if they had power? Or are you malicious, and trying to make the people that would otherwise “do politics” give up and become lazy?

If you are not trying to make people give up, STOP. There is no both sides. There is the fascist, authoritarian, oligarchic, billionaire side, and then there are the people. If you want to make a real difference and move the needle, then the time is now, but it’s not in a forum post saying ‘both sides are bad.’ It’s going to be in your local democratic organization, trying to find candidates to run for local or regional offices and then supporting them. The people THERE are definitely on our side, since they are just us. And if we can build strong networks THERE, then we can push people into the national stage who will also fight for us.

The democrats who act like republicans need a strong local network to primary them. Be the change you want to see.

I don’t see what value you think you’re getting from this conversation – other than expressing your anger, which is valid. Your anger is valid, if you are sincere, and many of us feel it too. We really are your allies here, and not your enemy. Your language suggests your are not a US citizen.

Yes, Kamala lost and due in part to her stances around Israel/Palestine and her chasing the ‘moderate’ vote she was unlikely to win. By blaming the losing party for the bullshit the winning party is doing, you are in part blaming the victims. We don’t want this either.

Literally anybody could have won if spineless cowards like you had supported them, but […]

What’s to say that village604 didn’t vote for her? That huge numbers of people didn’t vote for her even while they were unhappy with some of her decisions. Literally anyone could have won if “we” would just vote for them!?

I will highlight that we, “liberal” voters (language matters), did not get a chance to choose someone as our candidate. That’s a real issue and we need to hold the DNC accountable for that. We also had large amount of content (somewhat like yours) that ‘Kamala/Biden are bad because …’ but ignored that trump would clearly be worse in all cases. I can’t imagine that this didn’t depress her votes. This is hard to prove, but it seems unlikely that this was not in part built by non-US actors who wanted to destabilize us.

Long-story-short, we “liberal” voters are partially to blame for not turning out enough to get Kamala elected… but we also have a larger body (quantitatively) of trump voters who did show up. THEY are responsible for his policies. And the constant harping on “liberal” voters is doing nothing useful to make things better. I can only imagine that you are one of those non-US actors.

You stand for absolutely nothing, you deserve Trump and worse.

I stand for empathy and compassion. For those that live in my neighborhood, my city, my state, my country and my world. I stand for Palestine. I stand for the homeless. I stand for the disabled, the war veterans, the disadvantaged. I am wealthy (comfortable, not millionaire), white, male, and a citizen of the US. When given the opportunity to vote for those causes, I will every time. I will happily pay higher taxes to let someone sleep tonight with a full belly. Your blanket statements against people like me only make things worse. Stop. Be nice to each other.

Follow up question if you will: What changed for you?

As you say, the conditioning is there and deep. What triggered you to re-evaluate your stances on beliefs so deeply held?

I’m also a middle aged white guy raised in the 80’s. My parents were democratic, but even I fell for some of right-wing propaganda when I was old enough to vote, but didn’t have world experience. It’s insidious. I can only imagine I’d still be there, if not for my social structure guiding me towards a more progressive understanding of the world.