- cross-posted to:
- linux@programming.dev
- cross-posted to:
- linux@programming.dev
Some of you need to watch this video, and hang your head in shame.
Dylan Taylor has been receiving constant harassment, including threats to his life and safety, for actions done collectively by SystemD. The article by Sam Bent was explictly mentioned as part of the harassment campaign, and rightfully so.
I don’t think enough people realize that this is catastrophically bad. It’ll discourage people from becoming open source developers, it’ll discourage people from using Linux, and it’ll discourage legislators from taking the Linux community seriously.
If you ever wished ill upon another human being for complying with a relatively inconsequential law, you are better off never touching a computer again. The Linux community has collectively gone so far beyond what is acceptable here.
i think subset of people online who are vocally upset about his code contributions (and harassing him, committing fraud, and so on) are ignorant to the actual charges in the PRs and only read the headline and assume he’s shoving ID verification down our throats. I primarily blame media outlets and social media accounts trying to capitalize on this outrage over nothing.
Some of us are old enough and have seen enough to KNOW this is not the end of this. They start with little non things like this (age attestation), see how the population takes it, and when they are sure a majority are onboard with this “Not really invasive, voluntary thing” they change it up to be more invasive and non voluntary(age verification). No, this guy shouldn’t be getting death threats, that is stupid, but he should hang his head in shame for complying in advance. The more we fight this, the longer it will take. I am sad the youth of today will never see the web I did.
Honest question: are you sure this thinking is not a slippery slope fallacy?
You seem to imply that adding self age attestation inherently necessitates ID verification.
I do not agree with this line of thinking. Instead, I reason that this PR was merged because it is not harmful, and a potential future PR implementing ID verification would not be merged. These are two separate things (PRs/merges), which are not in any way tied to each other causually.
I see it more as a boiling frog, look at California/Colorado/Brazil and I think NY is getting in on it as well, then there is the UK/Australia starting points. The Gov’ts and meta etc are looking for buy in. As the discussion dies down after attestation you will see them try to take another step to submitting actual ID (you have the infra in place, just add this API…) give it a year or so after we’ve moved on to another subject
Any time “they” cry Maude’s line “Won’t someone PLEASE think of the children!” the children’s safety is the furthest thing from their mind. I hope I am wrong, but I have seen too much stuff like this to hold my breath. The more we fight every step the longer it will take to come into effect and we can hope for more buy in, from the less educated on this invasion of privacy of the population, to the resistance instead of acquiescing in advance. Linux distros are the last stand against it from major OSes, Microslop/Apple/iOS/Android are all on board, no fight. There is at least 1 distro that changed their EULA to say that their OS is not to be used in California or Colorado and lists the date that the laws come into effect.
Instead, to ACTUALLY think of the children, parents should be using the built in Parental Controls available on all OSes to keep their children from going places they shouldn’t. Getting into fantasy land here but, these controls should have simple to follow instructions so parents can easily set them up with no tech knowledge, simple access to curated blocklists (a great job for LLMs) so they can easily add an approved block list by age range, and in the case of phones the parental controls should block resetting of the phone to factory settings unless from the parental control settings.
PR vs Merge is a moot point here, I am looking at the bigger picture to see where these choices are leading. By itself the attestation is pointless as anyone can put anything they want, but it is step one - buy in. We should never just look at what is going on around us in isolation or the bigger picture will crush us all.
I hope I didn’t ramble too much here and lose my focus.
I’m still not convinced there is a direct casual link between the merged attestation and some future surveillance. Your speculation that this is some deliberate political strategy for some gradual escalation from attestation to surveillance is not logical evidence, but some belief you have, which holds no weight in an argument; it stands that you have no concrete evidence against your logic being a slippery slope fallacy.
You did concede to my argument by admitting “by itself the attestation is pointless.” Good to know we agree that there is outrage over nothing.
By saying “PR vs merge is a moot point”, you’re running away from a logical/technical debate by being dismissive; you are openly stating you don’t care how the mechanics of these foss projects actually work. Again, you can have a speculative opinion, but that is not a logical argument.
When you argue parents should be using OS parental controls, you do know that that’s exactly what the systemd age attestation PR is building, right? It seems you’re fighting against the very infrastructure needed for your preferred solution.
Finally, you conflate local infrastructure with cloud APIs (vindicating my claim that people opposing this are ignorant to the actual code being merged): Systemd is a local init system. Connecting the local userdb age integer to an external, network reliant govt API is a monumental leap in implementation and architecture, not a simple “add this API” patch that can be quietly slipped in without the entire foss community noticing and revolting. The attestation PR, for instance, had around 200 comments, of back and fourth refining of implementation and discussion, before merge.
Maybe others really believe it’s not “nothing” 😒
To be clear, I would also be outraged if some personal privacy nightmare got merged into foss projects I used.
However, adding an optional field to userdb for self reporting of age is definitely not a privacy concern. I honestly have not heard a valid argument against this addition of an optional field. Most are just appeals to emotion/outrage not grounded in the reality of what code was actually committed/merged.
What benefit is there to have it? The only purpose it serves is to create privacy concerns.
Benefits:
I maintain that optional self reporting of age is not a privacy violation. Would you clarify: what specific privacy concerns does the merged systemd PR create? Be specific about the material consequences it has on the privacy of users.
How is having a centralized store of all your demographic information where any app can query it on your OS a privacy concern? Are you serious? Maybe people don’t want to send their personal information to every single god damn thing that asks for it?
Example:
The Datastealingassholes app wants your data
Without this: You are prompted to enter your DOB in a field, decide fuck no, and that’s that.
With this: They query the data store on your OS and they have whatever they want without input from you. Maybe the app is run by a bad actor trying to spy on you. They already have your DOB. It just confirmed for them that YOU are the person operating this PC.
Your example relies on some assumptions:
None of these assumptions are garunteed by the merged code into systemd. The following are optional, and not required as a result of the code merged into systemd:
It’s possible to put your full first and last name into your user, so by your logic the first and last name fields of the user profile should not exist.
Did that help identify the absurdity of your argument?
It doesn’t guarantee anything, but does open the door for it. Now that this functionality exists, apps are going to start using it and requiring it. It’s now something we all have to worry about and compensate for going forward.
If you’re not putting accurate information in there why have it at all? Why argue in favor of it? There is literally no benefit to having this shit other than to comply with a bullshit law that they could get around by simply blocking California users from downloading their OS (this wouldn’t actually work because peer to peer exists, but it would eliminate the OS developers responsibility in the situation).
Agreed
Despite all of us collectively agreeing that the law is dumb/flawed, the 40 M residents of Cali should have the liberty to be able to use distros that depend on systemd, legally. And, the developers of these distros using systmed (whether you interpret the law to see them as OS providers or not) want to be able to provide these distros legally.
Yes, but not all apps. While the CA law mandates that app developers must use some API to get the age bracket, the merged code into systemd is not causually related to all apps actually implementing and using the API. Just because systemd merged this code does not inherently result in every single user application querying this, nor does it force you to install apps that do query the API. One may freely choose to not use apps that require it. If one needs an app that requires it, one may set a garbage DOB to their user. I don’t see this as an issue. Do you?
It seems you disagree with the law (so do I) but are blaming the wrong person here (author of merged systemd code). I maintain that complying with the law is harmless, and thus it is beneficial to add this DOB field to the userdb json, because in all cases of some distro user using their computer, they are not compelled to compromise their personal privacy.
No he’s not shoving ID verification.
He added an optional birth date field to the user database. Along side things like name and location.
Nothing checks the date entered, and nothing enforces it’s use.