Probably the law says "they cannot be used in the EU" and that's it. If the law would ban the production of said pesticides it would be a completely different story.
> No, I love criticism, as long as it's balanced and thoughtful, and invites discussion
You forgot to add "and it matches my worldview of things". Knee-jerk criticism is very fine, like "Microsoft sucks" anytime someone mentions Microsoft. You can just ignore it and move on.
No, I intentionally didn't add that. Please challenge my worldview, engage and disagree me. Just put some effort in, please.
However, you're still missing the salient point of my comment - that is, overwhelmingly the comments on any post related to the EU here are low effort, negative, reactionary. Honestly, I feel like you're not willing to engage with the point. It's not even the negativity that's my main issue here, it's the overwhelming low-effort, thoughtless nature of it which prevents any attempt at genuine discussion (positive or negative). It's groupthink, reddit style, and while HN is far from perfect there's almost no other subject that brings out this kind of reaction. Except for React, maybe.
I guess the hate is because the EU also invented the following monstrosities:
- CRA (cyber resiliency act): Manufacturers must handle and release security patches for vulnerabilities, and developers are required to report actively on exploited vulnerabilities and breaches.
- PLD (Product Liability Directive): A failure to provide critical security updates or the presence of exploitable vulnerabilities can now legally constitute a "defect" and if defective software causes physical harm or property damage, manufacturers are strictly liable and cannot contractually exclude or limit this liability.
And the kicker is this: Non-commercial open-source software is generally exempt from these commercial liability frameworks. However, if an open-source component is integrated into a commercial, for-profit product, the responsibility shifts to the corporate manufacturer.
So good luck making some money of your open source project where the risk outweighs any potential profit, or integrate an open source project into your commercial offering.
Sounds like plausible clauses to me? Please explain why they are so toxic. What cases are there where these clauses present an unfair threat or disadvantage to a business?
In case it is unclear from my tone, I am genuinely curious.
- CRA mandates vulnerability patches for products. This puts undue burden on manufacturers whose products are out of the production cycle. Basically the EU wants updates for products no longer manufactured.
- PLD requires fixes for products deemed to have critical vulnerabilities, again, if the product is not manufactured anymore, why should the manufacturer have to support who knows what old software?
Then, for OSS it is even worse: you have a pet project, you give it away for free, it has success, you want to sell a paid version of it. Automatically you're on the hook for vulnerability fixing. Which takes time. And if you're in the early stages of maybe selling a few copies here and there, the time spent fixing stuff will outweigh any winnings.
Than again with "you're on the hook if you ship commercial products using some OSS components" - either no one ships OSS packages with their commercial software given the advent of coding agents that can replicate OSS software functionality, or there will be a ton of forks, with vendors claiming they fixed the problem in their own way.
With all this said, then the EU has the nerve to come and say "use OSS" because freedom and BS.
When you have dirty writes in the kernel that have not yet been written to disk, in the old days of ext2 (before XFS was ported to Linux) if the power would go out, or you would have a bad disk, when fsck.ext2 would run, if files could not be matched to a directory, they would placed in the /lost+found as, and hopefully my memory is intact, as inode numbers, so you would have 1232342343, 123246564 etc and then you would have to look at each file to figure out what it was and where to move it if it was salvageable.
The testing was at the drive level without an OS like ext2. The test was with no flush (with flush test is easy to pass). Without PLP, the pass criteria is that the data that was buffered can be either the older or newer data and not corrupted or previous data. All the other blocks on the SSD should remain unchanged. Its trickier that you think because MLC/TLC NAND could corrupt other blocks due to NAND structure and we had to deal with that. Then you also have to worry about system data in the NAND doesn't get corrupted.
I wasn't with the company when it started using Stripe, but there's really no need to interact with Stripe besides setting up your account and using the API they provide. Since being involved with Stripe, I don't we need to talk to them more than once a year on a "so, all good?" type of emails.
They basically made it so easy to use them that it doesn't cost them anything to add small companies.
As a Stripe customer I can attest to its simplicity: you have API that you call and that's it. You don't have to deal with any of the PCI stuff if you would do it in-house, just an SAQ once a year.
The back-end is also super simple and easy to set up antifraud rules and so on.
> Do you have 3d secure or whatever the marketing name is for it this week?
Stripe takes care of that for cards that are enrolled into 3D Secure (I think it is a Visa thing - the naming) and other kinds of card 2FA validation (Mastercard has their own and so on).
Note that in the EU and UK mid-size has a definition:
"fewer than 250 employees and a turnover of under €50 million (or a balance sheet total below €43 million)"
Thus by definition that company wouldn't be mid-sized over here anyway.
edit: in-fact after checking even in the US, the IRS for example declares a large business as one with more than 10 million in assets, though there is no set rule like in the EU to be used by other gov orgs.
LE: nevermind, it is already on MacOS. Did not read everything.
reply