Quoting: PikoloThe problem is that the "penalty of perjury" part of DMCA is never enforced on false reports. If it was, we'd have way less false positive reports

DMCA is very different from abuse reports. DMCA is an american legal system intended to protect copyright holders (more often than not, big companies with lots of money).

Abuse reports aren't a legal system, they're just a way for people or companies to report bad actions (phishing, miners, viruses, etc) to another company (usually a registrar or host). There are some common practices (such as the [email protected] mailbox) but there is no law or set process to react to reports. Therefore there is no "penalty of perjury" either.

Quoting: eldakingIf they want to accept some false positives, I'd say it is fine... if they take liability for it. Revenue lost, deadlines missed, possibly moral damages. Do they? Is it viable for a small business or individual to get it? Otherwise, they should have to prove they did due diligence before taking it down.

In the case of the company I worked at, liability was waived as part of the contract customers accepted. For the basic, cheap, competitive offer that is.

There were also offers which included manual review of any action or even remediation, as well as access to a qualified employee 24/7 and liability for SLA. However, these were not cheap, typically £250 to £10k per month.

View this comment - View article - View full comments

As someone who worked on the "other side" (in fact, I personally automated some abuse handling), I'd like to offer a bit of a different point of view.

Firstly internet in general is fundamentally flawed in that most of the protocols and technologies in use today were developed by some nerds in a uni/garage. They were never intended to be used at such scale nor were they designed to be abuse-proof.

As a result, internet is full of trash. I worked for some small registrar/host and we would get hundreds of abuse reports daily, week-end included. And the sad truth is that 99.9% of them were legitimate: hacked websites, domain registered with fake/stolen info for phishing, servers used to send spam, the list is endless.

Additionally, the bad actors are not dumb, abuses are often obfuscated (like displaying only if the referrer is google or at certain times of the day) to make detection harder. Checking whether a website is really compromised may require some technical skills (and thus be expensive).

It sucks for itch and imo, their registrar is still at fault if itch did indeed reply (should have trigger a human check). But in general "shoot first, check second" is sadly the most efficient way to protect people from scams, phishing and other bad stuff.

View this comment - View article - View full comments

Interesting! Sounds like a huge project but Shiro games is no greenhorn studio, I'll be following along to see where this goes.

View this comment - View article - View full comments

Quoting: Purple Library GuyDunno. I've had mixed feelings about a couple of Arcen's previous games. I seem to have liked them better in theory than in practice.

Fairly accurate description of my feelings after playing the demo (older version mind you).

Game premise was really interesting, but execution was lacklustre. For example the way to get some resources is to attack and take over the corresponding production building then defend it. It works, but I was expecting something more... intelligent ? Like being able to covertly control the financial system of a big company to buy the land then erase it from their record.

I was hoping for a novel blend of stealth, economy, strategy and story. But got served a pretty average RTS.

View this comment - View article - View full comments

Reading the headline I was expecting gog to have taken over publishing rights for these games or something similar. But given their entirely noncommittal FAQ entry, I will chuck that one in the "marketing intern had a cool idea so we ran with it" bin.

Can a game be removed from the Program?

We never want a game to be removed from the GOG Preservation Program, and at the time of this writing, we don’t see a reason it should happen.

View this comment - View article - View full comments

Quoting: pleasereadthemanualA member of the Quality Assurance team for instance is concerned about being able to assure the quality of KDE:

For KDE, this would be extra 51 apps! Compare the scope. I believe it's impossible for us to have the same quality bar here. And even if we had a huge surge of volunteers to test those regularly, it would just mean that we'd hardly ever release, because the likelihood of discovering a broken functionality in 73 apps (22+51) is much higher than in 22 apps. Workstation is quite lean on pre-installed apps, and yet we already struggle with this, and many people get irked by the whole compose being blocked on a bug in gnome-clocks/gnome-contacts/gnome-calendar/etc.

And concluding:

Either the quality requirements won't be the same, or we need to lower the Workstation one and meet somewhere in the middle for both.

Seems solid at first but the entire argument hinges on the fact all "apps" are of equal complexity and quality.

Either way, pretty happy about the news. Right when I was thinking of giving KDE a spin after fixing gnome's search tracker for the umpteenth time.

View this comment - View article - View full comments

Quoting: TuxeeWhy? I mean, why took it that long? With some consoles in the past I understood that the whole marketing, localization, availability of games, production capacities etc. led to different release dates in Japan, the US and Europe. But 2+ years to bring the Deck to Australia?

Hi from Switzerland, where no valve hardware was ever sold despite being available in every single adjacent country. If they don't expect the profits to outweigh the hassle by a factor 10, they just don't care.

View this comment - View article - View full comments

Quoting: jib_for

Quoting: hell0They got €32k out of their kickstarter. Being based in France, a quick search suggests a monthly salary of around 2500€ would be reasonable. With just 2 people full time, they would be out of funds after 6 months. As if that wasn't bad enough, it appears they hired more people and even external consultants (source: their kickstarter updates).

Pretty likely that their publisher put several hundred thousands on the table before cutting their losses, not sure they deserve the flak they're getting. I for one wouldn't buy an unknown game IP with its half finished prototype for even €1000.

10-19 employees, with a gross yearly revenue of 714 900€ for the company, you know how much the publisher put money on the game. This is public data you can found here: https://www.societe.com/societe/studio-black-flag-793709577.html [External Link]

Simple math would tell an average gross yearly salary around 36.000€ per employee (for 19 employees), which is above the average in France, based on the fact it was a cooperative, salaries should have been flat. However, a big part could have been used to pay some third-parties, so the salary may have been lower

Had no idea it was public, thanks for digging it up! It sucks for the people who lost their job, but I really can't fault the investor(s) for not wanting to cough up 700k/year if they thought the project was going nowhere.

View this comment - View article - View full comments

They got €32k out of their kickstarter. Being based in France, a quick search suggests a monthly salary of around 2500€ would be reasonable. With just 2 people full time, they would be out of funds after 6 months. As if that wasn't bad enough, it appears they hired more people and even external consultants (source: their kickstarter updates).

Pretty likely that their publisher put several hundred thousands on the table before cutting their losses, not sure they deserve the flak they're getting. I for one wouldn't buy an unknown game IP with its half finished prototype for even €1000.

View this comment - View article - View full comments

Quoting: WORM

The enclave is essentially intended to be a way for us to PGP-sign packages with a single signing key instead of how we do it right now, which is with one personal key per packager.

My assumption is this requires building on build servers instead of building on maintainers' machines like they currently do.

Not necessarily. In all likelihood, the enclave will not decide whether it should sign off a package on its own. Which means there should be a way for maintainers to say "this package is authorised and should be signed". This can be done in many ways, including maintainers uploading packages they built themselves (and signed with their own key) to the enclave.

To be clear: they will likely want to move builds to dedicated servers for various reasons, but having an enclave does not make it a hard requirement.

View this comment - View article - View full comments