
Amazon Lumberyard: A Scream of Anguish - AndreyKarpov
https://www.viva64.com/en/b/0574/
======
jhare
Easy to pick on an open source project, suggest changes, but not actually make
them on your OWN fork? Clickbait, gross.

Similar to linting, where often I need variation in rules, sometimes there's
red herrings even in static code analysis.

Game software in general can be fly-by-the-wind because it's real-world
software

... of course this is all me reacting and trying to argue with the clickbait
:/

~~~
cmjqol
> not actually make them on your OWN fork? Clickbait, gross.

Yup. Something like :

> You have bugs in your codebase of 1M+ line, you want to fix them ? Buy my
> proprietary software for 30$/Month per user , which was built 100% on open
> source tech obviously.

Getting traffic using linting issues from a large codebase to promote a
proprietary software , Outrageous.

~~~
pjmlp
Well that is what happens when releasing open source tech with licenses that
support this kind of behavior, nothing to be outrageous about.

------
royjacobs
One thing that puzzles is me is why some of these checks aren't just part of
the warnings that a compiler emits. I get that you wouldn't want to enable
them all the time, but _usually_ comparing a variable to itself is not what
you want.

~~~
pm215
gcc and clang have been getting better at this recently. For instance if you
do an "x == x" comparison for an int x clang will warn "warning: self-
comparison always evaluates to true [-Wtautological-compare]".

I completely agree that having these warnings in the compiler is much better
than a standalone analysis tool, because they're less likely to be ignored.
But I think it may have been a bit of a shift of mindset for the compiler
developers to put more effort into warnings and diagnosing dubious code rather
than simply being a code generator for correct code.

~~~
pjmlp
Lint exists since 1979.

Everything that is outsourced for an external tool, just happens not to be
used by the majority.

Clearly the introduction of clang and its sanitizers has changed a bit the
mindset, however they are still used by a minority.

As per CppCon 2016, 1% of the audience confirmed they were using some kind of
validation tool.

~~~
pm215
I agree, but my sense is that the number of people and projects willing to fix
complaints reported by compiler warnings is larger than the number of people
who care enough to run a separate tool over their codebase. This is purely a
UI thing -- if the compiler had a -Wlint option that ran lint and integrated
its reports into its own warning output it would probably have a similar
effect, especially if enabled by default...

------
throwaway13337
One of the best blog-ads for a product I've seen in a long time.

It effectively shows value of their software while being interesting enough
and relevant to something popular that already has (some) following. Perfect.

Makes me wish they had something similar for JS or Python. I know I've made
these mistakes all too often.

------
imglorp
If it wasn't obvious from the URL, OP is more about a code analyzer product
than Amazon Lumber, mentioned in passing as an example usage.

~~~
Waterluvian
Yeah. I think the analyzer is pretty neat. It's cool to focus on human
mistakes writing code rather than validity of code itself. I see a bunch of
errors I've made before, especially when copying and pasting. Time to find
something like this for vscode to do realtime linting of human errors.

That being said, I think this article really overstates the dire state of
Lumberyard. Yep, it has bugs. I don't think this convinces me that the sky is
falling if the devs don't change their ways.

------
agameengineer
The posts from these guys are pure BLACKMAIL.

I work at one of the companies who's product they "reviewed" and many of us
got unsolicited emails basically saying, we found all these bugs using our
code analyzer. Buy a license from us to fix them or we will post a negative
review of your code.

It's a horrible business practice and they do that with many open source
products. This behavior shouldn't be praised.

~~~
yorwba
Maybe something got lost in translation? "Fix the bugs or we will publish"
seems to be standard operating procedure for security researchers who randomly
find a vulnerability. Maybe they just wanted to tell you that you'd be able to
use their tool to fix those bugs more easily.

~~~
tgb
The difference to me is whether they list all the bugs (while suggesting that
their product would help) to the developer before publishing or not. If the
only way to satisfy them is to pay, then it's incredibly scummy and moreover
is a big disincentive for companies to open their source code. After all,
every code base has bugs and I'm sure their developers were working on fixing
bugs already, but only open source projects can be extorted over their bugs.

~~~
git_son
Developers of the project can write in support and ask for a full log for
free.

~~~
zenexer
In this case, they shouldn’t have to ask. If you’re going to provide a
vulnerability report, provide a vulnerability report. Don’t dance around it to
see if you can make money first.

~~~
git_son
Vulnerability is always a Bug. Weakness is always a Bug. Weakness is sometimes
a Vulnerability. Bug is sometimes a Weakness and a Vulnerability.

Vulnerability != Weakness!

------
nik736
Why would anyone choose Lumberyard over CryEngine directly? I would think that
ones core product will always be better maintained then just some side project
that was bought in.

~~~
wlll
Crytek recently (and it may still be going on) sued Cloud Imperium Games (CIG,
the people behind StarCitizen) for switching from Cryengine to Lumberyard.

The details are few and far between, but the possibility or being sued by the
vendor would be a bit off putting for me.

~~~
tormeh
I remember reading about this and being left with the impression that CryTek
was in the green there. Don't remember any details, but it wasn't as ugly as
it sounds, though I also got the impression that CryTek weren't entirely
graceful.

~~~
wlll
I think you might have written CryTek there when you meant CIG so I'm not sure
quite what you meant. Was it:

> I remember reading about this and being left with the impression that [CIG]
> was in the green there.

If so, ISTR CIG is fine, but then they have a lot of money and fancy lawyers,
a lot of smaller companies might have fared less well, and it doesn't really
look good when a vendor is seen to be suing their customers because it is
rumoured they are running out of money.

~~~
tormeh
No, I meant CryTek. RPG explains:
[https://www.google.com/amp/s/www.rockpapershotgun.com/2017/1...](https://www.google.com/amp/s/www.rockpapershotgun.com/2017/12/14/star-
citizen-lawsuit/amp/)

Would someone like Unreal have swallowed that from a client in order to avoid
bad PR? Possibly. But if the allegations are true then I wouldn't go so far as
to expect (in the moral sense) CryTek to let it slide.

~~~
wlll
I'm not sure that CryTek have the moral high ground here as you seem to
suggest.

CIG have moved to Lumberyard, a tech based on CryEngine, so lines of similar
looking code are seemingly expected.

And the license was negotiated for a single game, not two as StarCitizen now
is, but this would seem to be negated by the fact that these games are no-
longer using CryEngine.

On the subject of CIG passing back engine improvements or not to CryEngine, I
don't know.

------
hguhghuff
This is really, really poorly written.

------
avryhof
Never heard of Amazon Lumberyard. I thought this post was going to be about
them entering the market, and Home Depot/Lowes worrying.

------
jlebrech
what's the value add of Lumberyard over Cryengine? you'd think the netcode
would be the selling point.

~~~
rurounijones
AWS integration and everything that goes with it (scaling), Twitch.tv
integration etc.

[https://aws.amazon.com/lumberyard/details/](https://aws.amazon.com/lumberyard/details/)

------
andrepd
More integration and hegemony in the Amazon behemoth. Is this what we want?

------
ctvo
tl;dr:

Ran static analysis tool author is trying to sell on a 1 million+ line code
base for Amazon's open source game engine Lumberyard.

Found warnings. Used it to infer quality of the product and wrote a very
click-bait title.

~~~
k__
The funny thing is, the code wasn't even written by Amazon.

They just bought it. Maybe the new team will clean up the code of Crytek?

~~~
lowmagnet
The version lumberyard started with a 2016 engine, a few revisions behind
Crytek's current engine. Crytek had fixed some of the logic bombs, as
mentioned in the article, in their current release.

