hedgehog

hedgehog, 5 days ago

It sounds like you want these files to be encrypted.

Someone already suggested encrypting them with GPG, but maybe you want the files themselves to also be isolated, even while their data is encrypted. In that case, consider an encrypted volume. I assume you’re familiar with LUKS - you can encrypt a partition with a different password and disable auto-mount pretty easily. But if you’d rather use a file-based volume, then check out VeraCrypt - it’s a FOSS-ish [1], cross-platform tool that provides this capability. The official documentation is very Windows-focused - the ArchLinux wiki article is a pretty useful Linux focused alternative.

Normal operation is that you use a file to store the volume, which can be “dynamic” with a max size or can be statically sized (you can also directly encrypt a disk partition, but you could do that with LUKS, too). Then, before you can access the files - read or write - you have to enter the password, supply the encryption key, etc., in order to unlock it.

Someone without the password but with permission to modify the file will be capable of corrupting it (which would prevent you from accessing every protected file), but unless they somehow got access to the password they wouldn’t be able to view or modify the protected files.

The big advantage over LUKS is ease of creating/mounting file-based volumes and portability. If you’re concerned about another user deleting your encrypted volume, then you can easily back it up without decrypting it. You can easily load and access it on other systems, too - there are official, stable apps on Windows and Mac, though you’ll need admin access to run them. On Android and iOS options are a bit more slim - EDS on Android and Disk Decipher on iOS. If you’re copying a volume to a Linux system without VeraCrypt installed, you’ll likely still be able to mount it, as dm-crypt has support for VeraCrypt volumes.

• 1 - It’s based on TrueCrypt, which has some less free restrictions, e.g., c. Phrase “Based on TrueCrypt, freely available at http://www.truecrypt.org/” must be displayed by Your Product (if technically feasible) and contained in its documentation.”

hedgehog, 4 days ago

Is it possible to force a corruption if a disk clone is attempted?

Anything that corrupts a single file would work. You could certainly change your own disk cloning binaries to include such functionality, but if someone were accessing your data directly via their own OS, that wouldn’t be effective. I don’t know of a way to circumvent that last part other than ensuring that the data isn’t left on disk when you’re done. For example, you could use a ramdisk instead of non-volatile storage. You could delete or intentionally corrupt the volume when you unmount it. You could split the file, storing half on your USB flash drive and keeping the other half on your PC. You could XOR the file with contents of another file (e.g., one on your USB flash drive instead of on your PC) and then XOR it again when you need to access it.

What sort of attack are you trying to protect from here?

If the goal is plausible deniability, then it’s worth noting that VeraCrypt volumes aren’t identifiable as distinct from random data. So if you have a valid reason for having a big block of random data on disk, you could say that’s what the file was. Random files are useful because they are not compressible. For example, you could be using those files to test: network/storage media performance or compression/hash/backup&restore/encrypt&decrypt functions. You could be using them to have a repeatable set of random values to use in a program (like using a seed, but without necessarily being limited to using a PRNG to generate the sequence).

If that’s not sufficient, you should look into hidden volumes. The idea is that you take a regular encrypted volume, whose free space, on disk, looks just like random data, you store your hidden volume within the free space. The hidden volume gets its own password. Then, you can mount the volume using the first password and get visibility into a “decoy” set of files or use the second password to view your “hidden” files. Note that when mounting it to view the decoy files, any write operations will have a chance of corrupting the hidden files. However, you can supply both passwords to mount it in a protected mode, allowing you to change the decoy files and avoid corrupting the hidden ones.

hedgehog, 5 days ago

Say I go to a furniture store and buy a table. It has a 5 year warranty. 2 years later, it breaks, so I call Ubersoft and ask them to honor the warranty and fix it. If they don’t, then I can file a suit against them, i.e., for breach of contract. I may not even have to file a suit, as there may be government agencies who receive and act on these complaints, like my local consumer protection division.

I’m talking about real things here. Your example is a situation where the US government agrees that a company shouldn’t be permitted to take my money and then renege on their promises. And that’s generally true of most governments.

Supposing an absence of regulations protecting consumers like me, like you’re trying to suggest in your example, then it would be reasonable to assume an absence of laws and regulations protecting the corporation from consumers like me. Absent such laws, a consumer would be free to take matters into their own hands. They could go back to Ubersoft and take a replacement table without their agreement - it wouldn’t be “stealing” because it wouldn’t be illegal. If Ubersoft were closed, the consumer could break in. If Ubersoft security tried to stop them, the consumer could retaliate - damaging Ubersoft’s property, physically attacking the owner / management / employees, etc… Ubersoft could retaliate as well, of course - nothing’s stopping them. And as a corporation, they certainly have more power than a random consumer - but at that point they would need to employ their own security forces rather than relying on the government for them.

Even if we kept laws prohibiting physical violence, the consumer is still regulated by things like copyright and IP protections, e.g., the anti-circumvention portion of the DMCA. Absent such regulations, a consumer whose software was rendered unusable or changed in a way they didn’t like could reverse engineer it, bypass DRM, host their own servers, etc… Given that you didn’t speak against those regulations, I can only infer that you are not opposed to them.

Why do you think we don’t need regulations protecting consumers but that we do need regulations restricting them?

hedgehog, 6 days ago

Would you appreciate it more if I told you that the bar in question is a gay bar?

(Clarification: It’s not.)

hedgehog, 15 days ago

I interpreted “biological” in this context to refer to women who’ve been impacted by the difference i hormones, i.e., a cis woman with average amounts of estrogen / testosterone would qualify, as would a trans woman who has been on estrogen for a couple years. Sort of a “people for whom the following statement is relevant” kind of an adjective.

hedgehog, 22 days ago

If you only need one factor to log into your password manager, you’re doing it wrong.

hedgehog, 22 days ago

That’s still a single point of failure.

So is TLS or the compromise of a major root certificate authority, and those have no bearing on whether an approach qualifies as using 2FA.

The question is “How vulnerable is your authentication approach to attack?” If an approach is especially vulnerable, like using SMS or push notifications (where you tap to confirm vs receiving a code that you enter in the app) for 2FA, then it should be discouraged. So the question becomes “Is storing your TOTP secrets in your password manager an especially vulnerable approach to authentication?” I don’t believe it is, and further, I don’t believe it’s any more vulnerable than using a separate app on your mobile device (which is the generally recommended alternative).

What happens if someone finds an exploit that bypasses the login process entirely?

Then they get a copy of your encrypted vault. If your vault password is weak, they’ll be able to crack it and get access to everything. This is a great argument for making sure you have a good vault password, but there are a lot of great arguments for that.

Or do you mean that they get access to your logged in vault by compromising your device? That’s the most likely worst case scenario, and in such a scenario:

• all of your logged in accounts can be compromised by stealing your sessions
• even if you use a different app for your 2FA, those TOTP secrets and passkeys can be stolen - they have to be on a different device
• you’re also likely to be subject to a ransomware attack

In other words, your only accounts that are not vulnerable in this situation solely because their TOTP secret is on a different device are the ones you don’t use on that device in the first place. This is mostly relevant if your computer is compromised - if your phone is compromised, then it doesn’t matter that you use a separate password manager and authenticator app.

If you use an account on your computer, since it can be compromised without having the credentials on device, you might as well have the credentials on device. If you’re concerned about the device being compromised and want to protect an account that you don’t use on that device, then you can store the credentials in a different vault that isn’t stored on your device.

Even more common, though? MITM phishing attacks. If your password manager verifies the url, fills the password, and fills your TOTP, then that can help against those. Start using a different device and those protections fall away. If your vault has been compromised and your passwords are known to an attacker, but they don’t have your TOTP secrets, you’re at higher risk of erroneously entering them into a phishing site.

Either approach (same app vs different app) has trade-offs and both approaches are vulnerable to different sorts of attacks. It doesn’t make sense to say that one counts as 2FA but the other doesn’t. They’re differently resilient - that’s it. Consider your individual threat model and one may be a better option than the other.

That said, if you’re concerned about the resiliency of your 2FA approach, then look into using dedicated security keys. U2F / WebAuthn both give better phishing resistance than a browser extension filling a password or TOTP can, and having the private key inaccessible can help mitigate device compromise concerns.

hedgehog, 1 month ago

Are you familiar with LaTeX? You can use plugins that generate PDFs that follow the PDF/X1-a standard and send the resulting PDFs to professional printers.

TeXStudio is a FOSS LaTeX editor that looks well-suited for your use-case.

Since LaTeX documents are just text and your images are already sorted and so on, you could even write a script to construct the first draft of your doc with the pictures arranged consistently, based off the files in your file system, then edit it to tweak it to perfection. You could also/alternatively create or use some reusable LaTeX patterns.

hedgehog, 1 month ago

I haven’t worked with Scribus but I’ve heard good things about it, so I don’t think you’d be making a wrong choice by going with it. For this use case, the main reasons I can think of for why LaTeX would be preferable would be:

• if you preferred working with it, or with a particular LaTeX tool
• if you want to learn one tool or the other
• if being able to write a script to create the output is something you want to do and the equivalent is not possible in Scribus

hedgehog, 1 month ago

You can also get replacement Hall effect analog sticks from Gulikit and install them in your joycons yourself. They also made them for the Steam Deck. I installed a set in my old LCD Steam Deck and it was really straightforward, but I suspect the joycons take a bit more work.

It’s a shame they don’t make them for the PS5 - there are multiple third party controllers with Hall effect sensors that are compatible with pretty much everything else, but there’s only one Hall effect controller compatible with the PS5 (the Nacon Revolution 5 Pro), and it’s $200.

hedgehog, 1 month ago

I have the 8bitdo SN30 Pro+ and almost got one of their Hall effect controllers for my most recent controller (but ended up going with the King Kong 3 Max instead).

I noticed they have a repair parts section on their shop, but frustratingly, it doesn’t have analog stick replacements - just the joystick caps.

There’s an iFixit guide to replacing them, but it doesn’t list where you can get the new part, either. I’m guessing they use a standard part - maybe even one you could get for a few bucks off AliExpress - assuming you’re up to the task of desoldering the old stick and resoldering the new one.

hedgehog, 1 month ago

www.pcgamingwiki.com/wiki/Easy_Anti-Cheat

Took me about thirty seconds to find that list.

hedgehog, 1 month ago

???

hedgehog, 1 month ago

That was my first comment and all I did was share a list of games that have historically used EAC. If a game used EAC at launch then it’s pretty clear that its publishers have used EAC in their games. I made no statements about it being kernel-level or otherwise.

That said, EAC is a kernel-level anticheat, but unlike Vanguard it doesn’t run at startup. A tool being (or not being) kernel-level is a matter of which privileges it has when it runs, not when it starts up. Starting at startup allows an anti-cheat tool to perform more diagnostics and catch cheats that might otherwise go uncaught, but it’s also more invasive and increases the attack surface of people who have it installed.

hedgehog, 1 month ago

I use Standard Notes for most of my notes. For simple todo lists, I use the Checklist note type. For project planning I generally use the SN Kanban Editor and while it has some quirks, I find it works fine on desktop and acceptably on mobile. It saves notes in markdown so I’ll sometimes swap the note type, make bulk edits, and swap back. I also use some of the other editors from github.com/jonhadfield/awesome-standard-notes like the MermaidJS one.

For notes that I plan to share or want to work collaboratively on, I use Hedgedoc. I tried it out because of the name and icon, thinking of it as basically a Gist tool, but then started using it for more because of how great the experience has been.

hedgehog, 2 months ago

From docs.syncthing.net/users/faq.html#what-is-syncthi… (bolding mine)

We believe your data is your data alone and you deserve to choose where it is stored. Therefore Syncthing does not upload your data to the cloud but exchanges your data across your machines as soon as they are online at the same time.

hedgehog, 2 months ago

Do they also pronounce the E? “Guh-no-meh?”

hedgehog, 2 months ago

Is it supposed to sound like an airplane noise?

hedgehog, 2 months ago

I’ve been using Rallly - this looks like it might be a decent alternative.

hedgehog, 2 months ago (edited 2 months ago)

In the comments someone shared the code in question. It’s a new feature that both TF and OT implemented. The implementations are different, though, and OT’s appears to be much more similar to existing MPL licensed code than to the new TF code.

Commits in question: Terraform vs Opentofu

hedgehog, 2 months ago

At least as of October the DJI Fly app was reported working under GrapheneOS, see github.com/GrapheneOS/os-issue-tracker/…/2527

My understanding from …grapheneos.org/…/904-grapheneos-pixel-6-dji-fly-… was that it requires broad storage access to work. Did you try adjusting the Storage Scopes configuration to get it to run?

hedgehog, 2 months ago

Whereas the signal devs are just sitting on their high horse and doing nothing but stupid cryptoscams.

Nah, they also spend their time squashing FOSS forks

hedgehog, 2 months ago

For me the problem is that it just feels like a poor imitation of the way it’s done in Dark Souls / Bloodborne / Elden Ring.

hedgehog, 2 months ago

I was able to read it by clicking the stop button mid-refresh, but it took me a few tries.

hedgehog, 2 months ago

I have a Brother color laser printer and it’s great. Just as reliable as my B&W Brother laser printer. I don’t use it to print photographs, though - I assume your recommendation is more for people who need photo quality color?

hedgehog, 2 months ago

I have the Brother HL-L3270CDW, which prints in color. Ran me about $300 (it’s $270 directly from Brother now) plus the cost of the high yield toner cartridges I bought with it, but you can probably get away with the included toner for a while - with my B&W Brother the included toner lasted me over a year. It says the starters are supposed to last 1000 pages and the high yield 2300, but I’m pretty sure those numbers are very low based on my own usage estimates. I definitely went through more than two 500 page packs of paper in that first year.

It doesn’t have a built-in scanner but it does have:

• wireless and ethernet connectivity, plus support for AirPrint, cloud printing, etc
• direct USB connectivity (though I’ve never used it)
• duplex printing (not for A4 apparently)
• a 150 or so sheet capacity tray (advertised 250) that can handle letter, legal, A4, and anything smaller all the way down to 3” x 4.57”

It says it doesn’t support printing card stock but I’ve printed small amounts (30 or so sheets) at a time, largely without issues. That said, the only times I’ve had the printer jam, I was printing card stock, so maybe there’s some truth to that recommendation.

I haven’t used third party toner but my understanding is that as long as it’s good quality the printer will work fine. It doesn’t force you to only use first party toner.

The color quality has been good enough for my purposes - substantially better than the consumer inkjet printers I used like 20 years ago, but worse than current inkjets. That said, if photo quality color is the main thing your parents print and they print regularly, my recommendation - based on research, not personal experience - is an Epson EcoTank. From their site the entry-level model (the ET-2800) is $200 and comes with about 3k pages worth of ink (and replacement ink bottles have even more capacity). Other commenters have covered it in depth.

hedgehog, 2 months ago

Ah, in that case I probably could have gotten even more life out of the starter toner - I ordered a replacement as soon as I got the warning about it being low but my prints weren’t washed out at all by the time I replaced it.

hedgehog, 2 months ago

They do, but they’re a bit more expensive. They have a list at www.brother-usa.com/color-laser-all-in-ones (that includes printers without scanners but you can add a filter).

hedgehog, 3 months ago

I was curious if this supported cross save with the existing game and if it was also going to be launching on Android. Looks like both answers are “No.”

From Supergiant Games’s blog post:

Does Hades on iOS support Cloud Saves and Achievements?

Yes and yes. Please note, however, that due to a variety of technical constraints, automatic save transfers (i.e., cross-saves) with any existing version of Hades** **are not supported.

Is Hades also coming to Android devices?

We appreciate the interest though we have no plans for additional versions of Hades at this time.

hedgehog, 3 months ago

but most people either feel like its morally 100% fine to download a copy if they bought one, or don’t even know that its technically not legal.

Morally speaking, why would backing up your own copy make a difference, assuming you bought a copy in either case?

hedgehog, 3 months ago

Laws should be heavily influenced by what is morally right and wrong, but morality as a concept is not influenced by laws. An individual’s or culture’s sense of morality might be, but if laws are derived from morals then that’s fine.

Questions of morality will have different answers when the context changes, so it may be morally unacceptable in one society to do something and morally acceptable to do the same thing in another. Laws have an influence on morality only insofar as laws have an impact on the context in which actions take place. This would not be because the law prohibits those actions.

Some examples:

• If a law is passed outlawing sharing nonconsensual AI-generated pornography, it should be because it was agreed that doing so is morally wrong. The law being passed doesn’t make it suddenly morally wrong.
• If a law were passed making some completely innocuous action illegal, and frequently punished - say, hand-painting Nintendo or Disney characters on an interior wall in your own house - then posting publicly on someone’s Facebook wall about loving their Princess Peach X Princess Elsa mural would be morally wrong, even though it would have been fine to do that before the law was passed.

The context that we have is that it is illegal (in the US) to:

• distribute copyrighted materials
• download copyrighted materials
• bypass DRM even when making a backup, except for specific purposes. With video games, unless you are circumventing DRM because the auth servers were taken down (inapplicable for the Switch) or solely because you have a physical disability and are patching the game to support other input options (standard keyboard and mouse specifically excluded), then it is still illegal.

So in either case you’d be doing something illegal. But morally, in a situation where you’ve purchased the game and are platform-shifting to an unsupported platform (like the “time-shifting” defense used with VHS recordings, DVRs, etc.), then the laws aren’t really relevant. The laws certainly don’t exist because there’s societal agreement that this type of platform shifting is morally wrong.

The reason the person I replied to had to pay someone to rip his own game for him is because Nintendo makes it difficult to do so. Even if the law were different and allowed those actions, I don’t understand why anyone would think that it makes sense that a corporation can morally obligate their customers (who want to consume their product in a particular way) to perform work with no value add when the customers could get what they want by doing something much easier.

Unless you’re actually causing harm (directly or indirectly) to someone by your actions in one instance but not the other, I don’t see how one option would be morally acceptable and the other morally wrong.

If the game were supported on the other platform, then the context - and potentially the outcome - changes. If Nintendo invested a decent amount of money porting BotW to Android phones and it cost them a decent amount of money to do so, then would it be morally wrong to not support them and to emulate it instead? Would there be an ethical obligation to support them? What if the Android port was terrible - would it be acceptable to buy it, then use the emulated version anyway - and if you’d bought the Android version and were emulating it on Android, would there still be a moral or ethical obligation to purchase the same cart you were emulating? What if Nintendo just licensed or repackaged Yuzu and didn’t actually make any changes to the game, so their investment was minimal?

It’s a different situation entirely when determining whether it’s morally wrong to host a site with freely downloadable ROMs. The site could be used by people who did not purchase those games, causing lost revenue to their creators.

Both of those situations have grey areas and I can see why someone would consider them immoral. I have opinions on them, of course, but there’s a lot more nuance there; I can easily see why someone would feel differently.

With this specific situation I don’t understand - and am trying to understand - how someone could come to different conclusions for the morality of the two actions. Are they inferring that you support the site hosting the content when you download it? (If you use an adblocker and don’t financially support them, would it then be fine?) Are they assuming torrenting, where you would have to either leech (which they would consider immoral) or seed, and thus distribute, as well? Or is there some other factor that I’m not thinking of?

hedgehog, 4 months ago

For the former use case, have you considered a dedicated solution? For example: libimobiledevice.org

hedgehog, 4 months ago

My main experience casting to Apple TVs from Linux is with Home Assistant, which has a few different addons related to Apple TV. Unfortunately most are related to receiving casts or casting music, and it doesn’t look like any support screen mirroring. The main library - pyatv.dev - has only limited support for AirPlay, and its documentation indicates it lacks screen mirroring support. If you just want to stream a video, though, then it would be worth looking into.

open-airplay with the auth solution by @funtax (on Github) is the approach I would try, but unfortunately I can’t comment as to whether or not that actually still works.

hedgehog, 4 months ago

I don’t think they contributed to openairplay, but they mentioned in an open issue in the openairplay repo that they had created a separate repo to handle the auth piece. Strangely I can’t find the issue now, but this is the repo I was talking about for that: github.com/openairplay/AirPlayAuth

That all said, it pyatv will work for you it looks like a much better bet, anyway. Good luck!

hedgehog, 5 months ago

Someone in another comment shared a link to this - is this what you’re looking for? github.com/tfeldmann/organize/

hedgehog, 6 months ago

It’s the second best selling game of 2023 and it came out last month, though - that’s notable, particularly given the shitty reviews. Plenty of other games are also available on just as many consoles and storefronts. Zelda 20 was presumably mentioned because of name recognition and because it was previously second and is now third.

hedgehog, 7 months ago

Totally solid option for some people, but not everyone. Depends on the game (some can’t be judged in two hours), your available time (can’t refund a game you bought a year ago that you only just now played), etc., and limits you to buying only from Steam. What if you’d rather buy from GOG or Humble Bundle?

hedgehog, 7 months ago

With intellectual property there is at least (by default) a direct link between the work necessary to create an item and its ownership. With physical items the initial ownership is necessarily predicated on having controlled a means of production.

I can create an IP and I do not need to spend hundreds of thousands or millions of dollars to do so. But I cannot create a substantial physical item without paying the people who own the materials and the factories for the privilege of doing so. Why is previous ownership such a critical factor in ownership of new items, separate from the work to create them?

Intellectual property laws have their own issues but at least with regard to them conceptually, intellectual property is more “pure” than physical property.

hedgehog, 9 months ago

Do you have a source for that claim that doesn’t reference the sale of Steam keys specifically?

hedgehog, 9 months ago

Do you have a source for that claim that doesn’t reference the sale of Steam keys specifically?

hedgehog, 9 months ago

Your best sources are a tweet by a competitor and a 2.5 year old lawsuit filed because of that tweet? Excuse me for maintaining my skepticism.

hedgehog, 9 months ago

it’s a real thing, they have a duty to grow infinitely or the sroxk price will crash

This isn’t a thing.

Here’s another article explaining why and how it isn’t a thing, and also why people like you think it is.

hedgehog, 9 months ago

All of that is true, but it doesn’t contradict my point. Fiduciary duty isn’t a duty to maximize shareholder value.

hedgehog, 9 months ago

“People like me” meaning “People who cite their sources and investigating claims before making them?” Yes, I can understand why you might find it difficult to convince “people like me” to believe something that’s trivially shown to be false.

hedgehog, 9 months ago

Yes, that’s much more credible - thank you for sharing that. This part in particular is concerning:

The ruling makes particular note of “a Steam account manager [who] informed Plaintiff Wolfire that ‘it would delist any games available for sale at a lower price elsewhere, whether or not using Steam keys [emphasis in original complaint].’” The amended suit also alleges that “this experience is not unique to Wolfire,” which could factor into the developer’s proposed class-action complaint.

I wasn’t able to find any instances of Steam actually de-listing a game because it was listed cheaper elsewhere, but a credible threat to do so is almost as bad (possibly worse, really, since such a threat hints that Steam might have used other underhanded tactics when dealing with game devs). I wasn’t able to find any more recent news on the case, but hopefully we’ll learn if the issue was that particular Account Manager + lack of oversight or something more.

hedgehog, 9 months ago

Thanks for sharing that!

Steam’s “price parity rule” is a policy that ensures that Steam keys cannot be sold on other sites unless the product is also available for purchase on Steam at no higher a price than is offered on any other service or website.

IMO, it’s reasonable to say “If you want to sell Steam keys off Steam, you need to follow our pricing rules,” but it is not reasonable to say “If you want to sell your game, sans keys, off Steam, you have to follow our pricing rules to keep selling on Steam.” You’re talking about the former here, right? Or does that mean that the following situation is prohibited:

• Your game is listed at $50 on Steam
• You sell keys from your own site for $50
• You sell your game directly from your site for $40

and if so, that the mitigation is to either stop selling Steam keys entirely or to raise the price on your own site to $50?

That’s somewhere in between the two but I dislike it. I suspect it’s more legally murky, too, like tied selling.

The article briefly talks about the latter (emphasis mine):

Wolfire’s David Rosen expanded on that accusation in a recent blog post, saying that Valve threatened to “remove [Wolfire’s game] Overgrowth from Steam if I allowed it to be sold at a lower price anywhere, even from my own website, without Steam keys and without Steam’s DRM.”

However, it also says “Sources close to Valve suggested to Ars that this ‘parity’ rule only applies to the ‘free’ Steam keys publishers can sell on other storefronts and not to Steam-free versions of those games sold on competing platforms. Valve hasn’t responded to a request for comment on this story.” I wonder if the lack of comment was because of Wolfire’s lawsuit?

I’m also now curious if the reason for Steam saying that was related to the in-between situation I talked about above.

@Kecessa shared this ArsTechnica article from 2022 that covers an update on that lawsuit - I haven’t seen anything more recent. In it, Wolfire makes the same claim, in court, that they’d already made in their blog post, which was sufficient to convince the judge to re-open their case.

The ruling [to re-open the case] makes particular note of “a Steam account manager [who] informed Plaintiff Wolfire that ‘it would delist any games available for sale at a lower price elsewhere, whether or not using Steam keys [emphasis in original complaint].’” The amended suit also alleges that “this experience is not unique to Wolfire,” which could factor into the developer’s proposed class-action complaint.

Hopefully we’ll hear more about that soon.

hedgehog, 9 months ago

It isn’t. If it were, that would mean that in practice, board members act to maximize shareholder value because they are legally obligated to do so, and that simply isn’t true.

In practice, board members and C-suite employees are incentivized to maximize shareholder value. They are not legally obligated to do so.

Fiduciary duty is a legal requirement, meaning that if you don’t fulfill your fiduciary duty, you’re liable. But nobody has been successfully sued for not maximizing shareholder value when their actions were in line with the business judgment rule (“made (1) in good faith, (2) with the care that a reasonably prudent person would use, and (3) with the reasonable belief that the director is acting in the best interests of the corporation”). Successful lawsuits regarding breach of fiduciary duty (in the context of corporate law) require the defendant to have acted with gross negligence, in bad faith, or to have had an undisclosed conflict of interest.

The closest instance of legal precedent that I know of (aside from “” of course) that eBay v. Newmark (Craigslist), which Max Kennerly took as meaning that corporations . In this case, Craigslist was found to have violated their fiduciary duties to eBay because Craigslist, in Max’s words, “tried to protect the frugal, community-centric corporate culture that was a hallmark for their success.”

Except, if you actually read the case notes, it’s clear that the issue wasn’t that Craigslist wasn’t maximizing their profits, but that they were diluting the percentage of stocked owned and flexibility of selling those stocks of other stockholders. The issue wasn’t that Craigslist wanted to spend half their profits supporting charities or anything like that - no, it was that they were trying to artificially limit, thus directly devaluing, the shares they had already sold. In other words, I agree that this was a case about minority shareholder oppression as opposed to being an edict to maximize profits / shareholder value.

And other than people threatening legal action, the most recent case we have (other than eBay v. NewMark) in favor of shareholder primacy is 124 years old - Dodge v. Ford. But the opposite is true:

Shareholder primacy is clearly unenforceable on its own term because the business judgment rule would defeat any claims based on a failure to maximize profit. 40 Corporate managers formulate business strategy. A rule‒sanction is antithetical to the core concept of the business judgment rule. In over one hundred years of corporate law, there is not a case where a state supreme court imposed liability for breach of fiduciary duty on the specific ground that the board, in managing operational matters, failed to maximize shareholder profit, though it made the decision informedly, disinterestedly, and in good faith.41 That case does not exist. In fact, many cases show just the opposite. Courts have held that shareholders cannot challenge a board’s decision on the specific grounds that, for example: the company paid its employees too much; 42 it failed to pursue a profit opportunity;43 it did not maximize the settlement amount in a negotiation;44 it failed to lawfully avoid taxes.45 There are classic textbook cases where courts have rejected attempts of shareholders to interfere with the board’s decisions on the argument that their views of business or strategy would have maximized shareholder value.46

The belief that a corporation is legally obligated to maximize shareholder value isn’t just wrong; it also:

• Implies that no other model is feasible
• Removes accountability for the negative effects of such policy from the people who are responsible for perpetuating them
• Reinforces the fallacy that this should be resolved through legislation
• Completely disregards that fiduciary duty to a company includes several other stakeholders: employees, customers, suppliers, local communities, the environment