glad too see fedi is increasingly becoming the hellsite twitter used to be lol

glad too see fedi is increasingly becoming the hellsite twitter used to be lol

maybe i should try to be a bit less volatile with my hot takes?

@ret genuinely curious, if not this then how would you have distros like Debian or small ones like ElementaryOS handle this, assuming the law goes into effect and makes them ultimately responsible for complying with it?

by all means critique how systemd went about this i guess, but at the end of the day if the bar for distro maintainers is to risk fines or quit then are we not just letting the fascists win?

I just don't think implementation is the right platform to fight this issue, we need lobbying and political pressure

@ret yes fight this shit at every turn, but don't get mad at distros (particularly small and community driven ones) for not wanting to risk not complying. maintainers didn't sign up to risk their livelihoods against fascism and we shouldn't expect them to take on this liability

@kkarhan @OS1337 power to you, honestly

@rakoo I agree with your suggestions but i still feel like your analysis isn't fully grounded here. Pushing back is good, coming together to do so is amazing, but it's also not mutually exclusive with ensuring that distro maintainers don't get caught in the net and fined

i expanded a bit more here, id also suggest giving Danieles post I linked to a read

kcxt (@cas@treehouse.systems)

in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this. However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply. I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works. Very relevant example: https://mastodon.online/@danirabbit/116250765623660340

Treehouse Mastodon (social.treehouse.systems)

in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this.

However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply.

I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works.

Very relevant example:

Danielle Foré (@danirabbit@mastodon.online)

When you tell me to just not implement age declaration, do you understand you’re asking me to risk thousands of dollars in fines? Which means realistically the only way for me to not follow the law is to close my business and stop making elementary OS. Do you think it makes sense for me to decide to have no income right now in the middle of massive tech layoffs in a purely symbolic act of protest? Do you really fully understand this is what you’re asking of me?

Mastodon (mastodon.online)

@rakoo i agree that systemd is pretty entrenched in capitalism, and i very much agree that complying in advance is super not great.

Where I struggle is with the prescriptive language that systemd or freedesktop shouldn't comply with these laws. This can only harm distros who are then forced to deal with the situation themselves and then what? Now they have to face the backlash based on their explicit decision to comply or not.

Linux distros refusing to comply would carry significantly more weight imho, and I'd advocate for pressuring Ubuntu, Fedora, Suse etc to refuse and make some noise about this. I just can't say the same for the much more legally and financially precarious distros out there

@hipsterelectron i think i'm missing several layers of context to understand your point here tbh?? /gen

@ki damn i thought i had escaped the systemd haters this time

you quoted me lol, did i say "community project"?

@justsoup on the one hand, i think id generally fully agree with you here, but in this case i struggle to see how things would be better if systemd/xdg refused to comply. I think it would be contrarian and shallow from an implementation perspective to refuse to store the users DoB in systemd's case, or for XDG to refuse to define a flatpak portal API to get the user's age bracket, both of these are fairly reasonable features were they not motivated by legislation.

i'm glad folks like Jeremy from system76 are pushing back harder against this, and from an individual level I'd agree that we should not comply, but from an OS/distribution perspective it feels like a pretty milquetoast response to just throw up your hands and say "Sorry, if you live in Cali we can't give you our software"...

@f4grx i'm sorry but this is just FUD. GNOME lets you set a profile photo for your user account but we aren't getting up in arms about how any unsandboxed software could upload it and run facial recognition.

@eliasr @pid_eins i think that's fair. I certainly don't think all legislation is inherently morally good, but neither is it morally bad.

still though im not a huge fan of prescribing motivations on maintainers

@navi @jane @freya I think I could be persuaded either way on this topic tbh, it depends a whole lot on the family, the interests of the kid, their relationships, etc...

@eliasr @pid_eins superficially sure that makes sense, if FOSS existed in a vacuum I'd be totally on board. But despite the efforts of many to create and share software while taking zero responsibility for the consequences of their actions, software still exists in the real world.

To be clear (though I think i said so in my post) im not in favour of governments imposing restrictions or requirements on software, these laws are arbitrary and almost as hard to define concretely as they are to enforce.

With that being said, if I may attempt to challenge your underlying assumptions here: how are the requirements of law different to the requirements of (for example) a security minded individual, or an enterprise customer?

I want to daily drive a Linux phone but I care a whole lot about security and implementation details basically mean to only way to implement a truly secure OS stack is to use proprietary "trusted apps" from Qualcomm to protect my OS encryption keys (think software backed TPM), I have no doubt in my mind that people may object to the idea of Linux loading proprietary trusted apps into the "secure world" to implement this functionality, but would you object to the kernel adding support for this because it might not be "what the users want"?

I guess im making two points here so i'll try to separate them:

1. At what point is a topic so technical that the opinion of an average user with minimal context shouldn't be trusted?
2. How do you in practice enforce that "libre" software is always serving "the users" without alienation and othering?

Like I personally am always pretty confused and occasionally frustrated by the systemd unit constraints system, did i want Requires= or BindsTo= or WantedBy= or Requisite= etc.... Similarly the fact that every openrc service file is a shell script is infuriating, does these mean these aren't libre projects?

And again, yes I think the laws are fucking dumb, i just think criticising systemd and XDG in particular is just virtue signaling here, not advocating for real change. I hope i don't just come across as contrarian, you're making a philosophical argument so I hope it's ok to respond in kind.

@jane @freya agreed, this was basically the point i was trying to get to. parental controls in Linux are absolutely a good feature to have, and the GNOME community have earnt a lot of respect from me for implementing this functionality. The ability to impose restrictions on non-sudo users (particularly children) is NOT a restriction of freedoms, I'd argue it's the opposite.

Knowing you can give your kids a device running a FOSS OS while being able to ensure they aren't accessing software they shouldn't is a good thing, give them the freedom to enjoy tech without looking over their shoulder

@dvshkn i have no idea, but as far as i can tell the work so far is basically just laying the groundwork, nothing specific to the legislation

that being said, IANAL obviously but surely there has been prior art in this sense, at the end of the day are distros (that don't explicitly sell/ship their software in california in this case) even responsible for people who live there installing their software even if it doesn't follow local laws?

@gourd eh don't get it twisted, claude didn't event reply to the review request on the birthDate MR

(for real though yeah constructive criticism is good, but don't be reductive about it)

people on reddit are doing a whole lot of yapping about age verification in Linux

I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future

at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?

what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??

An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)

and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!

@mntmn damn i wanna daily drive this already 🥹