I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
-
@wwahammy can't say. What I mean there's a simple technical way to coerce distros rather than a complicated legal one.
@isagalaev it's not a non-zero risk and there's of course lots of issues with Microsoft controlling the SecureBoot crap. I don't think it's a major risk but really who knows?
-
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
1. The AG of California sues the biggest Linux distro because their real goal is destroying Linux, not age verification. The smaller ones will fall through legally questionable means, once the big ones who can resist are destroyed.
2. Debian has a committee, Redhat is a corporation, and they don't care who the OS distributor actually is. They'll incriminate some random Joe off the street, just to set a precedent, and then they can start sending threats and unlawfully raiding other organizations that distribute and maintain Linux. Because it'd probably hold up in court, so who'd risk fighting it!
3. Prove? All they have to do is get a jury who knows nothing about computers to feel like their children are in danger. And once they find a jury that mistakenly rules in their favor, that's precedent, so future juries who are saner or more prepared will be completely ignored since USA law is only based on precedent.
4. Easy for them to buy a judge. Their lawyers can finagle it to happen in the worst court and cherry pick the worst jury.
5. You don't think they intended to violate the law? They're trying to cook your children into stew! Are they guilty, or do you love dead children? Did we mention children?
6. Once the OS maker has been taken down, it doesn't matter who uses it, because all they can do is buy a proprietary OS, or have no computer. And a few will "break" the "law" but 99% of everyone else will get bullied into compliance, and those few will get locked out of everything in society, since the 99% won't even be aware that the locks are in place.
So uhh, this is a big deal. Also US law sucks sweaty monkey balls. It's true that assuming proprietary software giants like Microsoft, Apple and Google always play by the rules and never do anything in bad faith, then that California law can't possibly become a problem. No punishment awaits them for lawbreaking and cheating the courts though, nothing but either reward, or people complaining about it online and doing nothing until the corporation gets to try again. -
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
@wwahammy I want everyone who says "this is the law, distros need to comply" I want you to stop mentioning Colorado SB26-051 as law. It's not law, and no one needs to comply. Maybe it will become law, but it hasn't yet. Stop using it to put wind in your misguided sails.
-
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
@wwahammy I agree. It also there are at least two obvious targets: Red Hat and Canonical. It’s unlikely you can get anything from them but they are convenient targets to harass for headlines.
-
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
@wwahammy Ironic that when I do a search for the developer making the PR the only thing I can find is him being doxed on Endchan. So that's two horrible things I learned about in the last five minutes.
Also, Andrew Cuomo killed Usenet while he was Attorney General of New York.
https://arstechnica.com/uncategorized/2008/07/ny-attorney-general-gets-more-isps-to-block-alt-newsgroups/ -
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
@wwahammy while I agree the default answer to every invasion of privacy should always be, "fuck you, make me", I suspect this one will be enforced by the same companies that lobbied for it. So, Facebook, YouTube, streaming services, seem very likely to start blocking systems that don't report an age. I would just stop using those services (though some would be painful), but it'd be pretty disruptive for most folks, I think. Same story as DRM in Firefox.
-
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
@wwahammy There should be some kind of free speech argument saying that you can't add restrictions for free software developers like this. (After all.... source code is very close to speech.) -
@wwahammy none of this is going to happen, not likely. Currently main Linux distros are graciously allowed to boot by Microsoft letting them use Microsoft-signed binary for the Secure Boot process. California AG could just facilitate uhm "cease of continuation" of this practice.
@isagalaev @wwahammy Every PC out there has the option to disable secure boot, and BIOSs are very rarely updated. And even if California/the US or whoever passed a law to mandate always on secure boot, why would the mostly chinese and taiwainese motherboard manufacturers oblige ?
Ofc we need to fight back against all of this shit, but the PC should remain "free" for a while longer. -
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
@wwahammy personally if I was living in California and working on an OS I would not like to fuck around and find out.
Even winning a court case is likely to be expensive, I would expect. And even if winning is possible I wouldn’t want to gamble my life savings on it.
Obviously I don’t like it, but that doesn’t mean it’s unreasonable to take it seriously.
And I think it would be particularly unreasonable of me to demand that others bear the risk of non-compliance, given that it’s not me who’s getting sued. If someone who is at risk of legal consequences themselves is willing to refuse to comply, then great! But I have no right to expect that of anyone.
-
@wwahammy while I agree the default answer to every invasion of privacy should always be, "fuck you, make me", I suspect this one will be enforced by the same companies that lobbied for it. So, Facebook, YouTube, streaming services, seem very likely to start blocking systems that don't report an age. I would just stop using those services (though some would be painful), but it'd be pretty disruptive for most folks, I think. Same story as DRM in Firefox.
@swelljoe the California AG is the one who can enforce the law. It doesn't make sense for them to sue random distros.
-
@swelljoe the California AG is the one who can enforce the law. It doesn't make sense for them to sue random distros.
@wwahammy yeah, as I said, I don't think it'll be enforced by law. I think it'll be enforced by the same companies that lobbied for the law. You want to visit Facebook, YouTube, TikTok? Gotta have an OS that complies. And, they'll have the law to point at when people get angry about it. Obviously the big operating system vendors will comply, so the ostracization of open source users would suit the billionaires just fine.
-
RE: https://social.treehouse.systems/@wwahammy/116264430375745593
I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:
* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.How does all of this happen?
They will go after a larger distro or system vendor with a reputation and a modest bank balance first.
System 76 or similar so they can scare everyone else into following along with their stupid legislation.
The better short term option is to ban everyone in California (and other jurisdictions with such stupid laws) from using the OS. No sales, supply and no ongoing support. Explain clearly why.
Then go for malicious compliance in the way that Ageless Linux is presenting.
-
R relay@relay.infosec.exchange shared this topic
-
They will go after a larger distro or system vendor with a reputation and a modest bank balance first.
System 76 or similar so they can scare everyone else into following along with their stupid legislation.
The better short term option is to ban everyone in California (and other jurisdictions with such stupid laws) from using the OS. No sales, supply and no ongoing support. Explain clearly why.
Then go for malicious compliance in the way that Ageless Linux is presenting.
@simonzerafa I would be beyond shocked if they targeted any one other than Valve. There's no gain.
But I agree on the malicious compliance plan.
-
@cy the AG of California doesn't care about Linux. It's not an issue they have ever thought about or considered.
-
@simonzerafa I would be beyond shocked if they targeted any one other than Valve. There's no gain.
But I agree on the malicious compliance plan.
Valve have already indicated they will fight. Would they take on that challenge given they have deep pockets?
Small and medium-sized first without lots of resources to fight back
