The Engineer Who Tried to Put Age Verification Into Linux
-
The Engineer Who Tried to Put Age Verification Into Linux
The Engineer Who Tried to Put Age Verification Into Linux
Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.
Sam Bent (www.sambent.com)
The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.
@Khrys is it just me or is the article a bit weird? Weird repetitions, weird (fully animated) graphics and a weird quiz at the end. It smells vaguely like slop, but is it?
-
The Engineer Who Tried to Put Age Verification Into Linux
The Engineer Who Tried to Put Age Verification Into Linux
Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.
Sam Bent (www.sambent.com)
The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.
@Khrys @thedarktangent what the actual fuck, you’re reposting and spreading an article that targets an open source maintainer by insulting him and making his picture into a wanted poster? Seriously?
-
@Khrys @nblr @doingfedtime What kind of bullshit hit piece is this?
We’re now blaming developers for contributing to FOSS projects?
Great job everyone, you can be really proud of yourselves!
/s@joschi @Khrys @doingfedtime
"Contributing" -
@joschi @Khrys @doingfedtime
"Contributing"@nblr @Khrys @doingfedtime Save the nitpicking. It is a contribution, just one you don’t like.
I’m not saying I’m thrilled about it either, but writing and promoting this hit piece is low. Very low…
-
@nblr @Khrys @doingfedtime Save the nitpicking. It is a contribution, just one you don’t like.
I’m not saying I’m thrilled about it either, but writing and promoting this hit piece is low. Very low…
@joschi
The article is as much about the multi-layer organisational failure as it is about the "contribution" - which indeed is not just one "I don't like". Please take your framing and go elsewhere. Thank you. -
@joschi
The article is as much about the multi-layer organisational failure as it is about the "contribution" - which indeed is not just one "I don't like". Please take your framing and go elsewhere. Thank you.@nblr @Khrys @doingfedtime Yes, it's absolutely a well-founded article debating organizational failures in a complete impartial way.
That's why there's a fake image of the developer in which looks like he's getting a mugshot.
-
@Khrys @thedarktangent what the actual fuck, you’re reposting and spreading an article that targets an open source maintainer by insulting him and making his picture into a wanted poster? Seriously?
@filippo @Khrys @thedarktangent know what would prevent this shit in the first place? If actively supporting fascism had consequences.
Meet consequences.
-
@nblr @Khrys @doingfedtime Yes, it's absolutely a well-founded article debating organizational failures in a complete impartial way.
That's why there's a fake image of the developer in which looks like he's getting a mugshot.
@joschi The style is debatable and it tastes a bit like someone drank a bit much of the generative kool-aid, but content-wise it does a good job in condensing the "why this is bad", how the chain is forged, from good intentions, in very understandable words.
-
@Khrys we like to think of FOSS as some sort of anarchist collective°. it never has been.
it's run by a series of people with absolute power, for the most part. the benefit is that it's a lot of tiny dictators rather than a few big ones; that in theory anyone can become one, you don't need to be rich; and that these dictators tend to have technical knowledge.
but they can still be arseholes.
° i mean, we might not CALL it that.
@Khrys @fishidwardrobe I've long been saying that, instead of debating the relative merits of open source software and free software, we should have been demanding noncommercial software. Now it may be too late. FOSS is no anarchist collective, but arguably hacking is. Unfortunately too many of the hacker era hackers were ancaps and could be hired to do the dirty work of the powerful. But now that computing freedom is by definition illegal, maybe a new generation of hackers will arise. One can only hope. -
The Engineer Who Tried to Put Age Verification Into Linux
The Engineer Who Tried to Put Age Verification Into Linux
Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.
Sam Bent (www.sambent.com)
The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.
@Khrys Please tell me the age of the "root" user?
-
I don't understand what the fuss is about. This is exactly the right way to comply with that law: an optional birth date field. You don't want to have to submit an idea to your OS or implement facial recognition, and you certainly don't want to tie account creation to external services for those things, but now parents can fill in the birth date for their kids, and everybody else can ignore it. This kind of thing needs to be in the hands of parents, not external companies.
So I don't really see the problem here.
So I don't really see the problem here.
I do. The problem is that the guy is complying in advance with unjust, abusive, and dangerous laws.
"Okay, guess I'll add it in" is not the correct response to an unjust legal requirement. The correct response is "Fuck you, make me."
-
@sebsauvage @Khrys Comme je le commentais sur SeenThis dans la semaine, c'est la première vraie démonstration qu'il y a un problème avec systemd et que ce n'est donc finalement pas qu'un problème technique, et qu'il y a aussi un problème politique.
@biggrizzly @sebsauvage @Khrys Si on regarde la thèse de Gabriel Alcaras (https://theses.fr/2022EHES0120.pdf), le fait que de plus en plus de développeurs Open Source intègre le monde du libre et son développement (dans le kernel, et partout ailleurs), ce type de cas risque de se multiplier, les entreprises poussant linux à être le plus "Compliant" possible malheureusement ... Cela ne m'étonnerait pas que cela créé de plus en plus de remous, de plus en plus de FOSS se dotant de chartes heureusement
poke @khinsen -
@Khrys @fishidwardrobe I've long been saying that, instead of debating the relative merits of open source software and free software, we should have been demanding noncommercial software. Now it may be too late. FOSS is no anarchist collective, but arguably hacking is. Unfortunately too many of the hacker era hackers were ancaps and could be hired to do the dirty work of the powerful. But now that computing freedom is by definition illegal, maybe a new generation of hackers will arise. One can only hope.
@lori @Khrys i've recently been thinking about — and this is beyond my skills, so i should really say "fantasising about" — some sort of common retrocomputing platform, maybe based on an esp32 or something, which is completely incompatible with commercial computers and so can't be used commercially.
but it would also be missing all the spy-firmware (minix in the cpu, tiny computers in usb plugs etc). maybe we could start our own replacement for the internet!
… yeah, right. sorry.
-
The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.
What the hell is the issue here? Do you need to be a member of an organization to submit a PR? And if the lack of organisational backing would be a problem, why is it a problem that the people merging it do work for an organisation? The only thing that matters is that an official committer approves it.This whole article sounds like pointless fear mongering. If there's anything else to it that I'm missing, I'd love for someone to explain it.
@mcv @Khrys let's take it a bit further too. Nobody uses a pre-built systemd straight from upstream, every distribution is building and packaging it.
This seems very trivial to patch right back out and/or put behind a define. (I would actually be surprised if it wasn't like that, to make compliance with different jurisdictions easier).
-
R relay@relay.infosec.exchange shared this topic
-
@biggrizzly @sebsauvage @Khrys Si on regarde la thèse de Gabriel Alcaras (https://theses.fr/2022EHES0120.pdf), le fait que de plus en plus de développeurs Open Source intègre le monde du libre et son développement (dans le kernel, et partout ailleurs), ce type de cas risque de se multiplier, les entreprises poussant linux à être le plus "Compliant" possible malheureusement ... Cela ne m'étonnerait pas que cela créé de plus en plus de remous, de plus en plus de FOSS se dotant de chartes heureusement
poke @khinsen@SReyCoyrehourcq On voit en effet de plus en plus de "corporate" dans l'univers Linux, et la Linux Foundation en est peut-être le symbol le plus visible. Je suppose que c'est pourquoi BSD (re-)trouve de plus en plus d'adhérents.
-
Nowhere do I call this a bug. It's an additional field in the user db. Just like userName, realName, emailAddress, location, timezone, preferredLanguage, and many others, some of which are at least as sensitive as age.
People are panicking about a complete non-issue. Read the actual discussion on the commit; there is actual discussion there, but nobody is panicking about it the way people here are.
The discussion on the Arch commit has a bit more pushback; there the contributor puts more emphasis on legal compliance, receives some pushback that it offers no reliable age verification, so how can it comply with the law? and the decision is made to put in on hold until they get some legal advice.
And with or without that law, I don't see any problem with storing yet another piece of personal information. It fits right in with everything else that's already stored. If you don't trust the privacy of your own PC, don't fill it in. It's optional.
But I can imagine that parents would want to set this for their kids, and may also want software to restrict their kids' access to certain kind of content based on that. But that's not what this does.
-
"Fuck you, make me."
Sorry, but nobody is making you fill this in. It's an optional field. And there's no verification on it. -
@filippo @Khrys @thedarktangent know what would prevent this shit in the first place? If actively supporting fascism had consequences.
Meet consequences.
@filippo @Khrys @thedarktangent oh, and the company he works for?
Brags about not doing credit checks before issuing payday loans at usurious rates, and charging a monthly subscription fee on top of it.
-
"Fuck you, make me."
Sorry, but nobody is making you fill this in. It's an optional field. And there's no verification on it.Not *yet*.
-
"Fuck you, make me."
Sorry, but nobody is making you fill this in. It's an optional field. And there's no verification on it.@mcv @Khrys Imagine if instead of your DOB, the field asked "Are you a Jew?" and it was also optional and didn't have any sort of verification attached to it. Just an innocent question, right? No one's being forced to answer it. Not a problem, right?
Except anyone who'd spend their time adding such a field to an open-source project in anticipation of an imagined legal requirement should immediately become radioactive in the community, as should anyone defending such an action.
