"The momentum is real."

It’s amazing what a difference a little bit of time can make: Two years after kicking off what looked to be a long-shot campaign to push back on the practice of shutting down server-dependent videogames once they’re no longer profitable, Stop Killing Games founder Ross Scott and organizer Moritz Katzner appeared in front of the European Parliament to present their case—and it seemed to go very well.

Official Stream: https://multimedia.europarl.europa.eu/en/webstreaming/committee-on-internal-market-and-consumer-protection-ordinary-meeting-committee-on-legal-affairs-com_20260416-1100-COMMITTEE-IMCO-JURI-PETI

Digital Fairness Act: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14622-Digital-Fairness-Act/F33096034_en

  • CileTheSane@lemmy.caEnglish
    29·
    1 day ago

    That implies any and all FOSS project should be getting exploited constantly, especially those being run by a community of hobbiests, and that is simply not the case.

    • JasonDJ@lemmy.zipEnglish
      81·
      1 day ago

      There’s been a notable uptick in supply chain attacks coming from the odd FOSS dependency.

      Fortunately the FOSS environment as a whole, ironically, reflects the best aspects of a “free market” in the capitalist sense. If a package is no longer maintained, or poorly maintained, or the maintainer is a douche/Russian asset, it forks and many users jump ship to the newer package.

      Users have full transparency into how the sausage is made. Everybody does.

      So if exploitable code is discovered, it can just as well be discovered first by a defensive researcher (non-inclusive term: white-hat) or offensive researcher (black-hat).

      And if an offensive researcher discovers it first, they have a choice:

      • Use it and risk being spotted. Once discovered in the wild, patching is only a matter of time.
      • Sit on it and hope a defensive researcher doesn’t find it.

      Submitting bad code to a project in itself though. Some new user with no reputation is going to be heavily scrutinized putting a PR on a large/popular project. And even with a good reputation, you’re still putting the exploit code out there in the open and hoping none of the reviewers or maintainers catch it.

      • Tonava@sopuli.xyzEnglish
        1·
        10 hours ago

        non-inclusive term: white-hat

        Uh, sorry to comment besides the subject, but could someone explain why white-hat is non-inclusive? I’m not trying to argue it is not, but I had not heard that and I can’t find any answers by searching about it

        • JasonDJ@lemmy.zipEnglish
          2·
          4 hours ago

          There’s been a push in IT (and I assume other industries as well) towards inclusive-language.

          Part of that is moving away from phrasing that has non-technical historical connotations…like using “leader/follower” or “primary/secondary” instead of “master/slave”.

          But another part is also getting away from catagorizing things as good/bad on a white/black spectrum. We no longer blacklist things, we denylist or blocklist them. Likewise we no longer whitelist things…they get allowlisted or permitlisted. We don’t have white-hat/black-hat hackers…we have defensive/offensive, or blue-team/red-team.

          Afaik it’s still okay to refer to plugs and prongs as female and male, as that is referring to biological sex moreso than gender. But yet, people gasp when I refer to plugs that have a sheath over them as “uncircumcised”.

          • Tonava@sopuli.xyzEnglish
            1·
            2 hours ago

            Aahhh, yes of course, the classic white-good evil-black problem. Thanks for the answer!