Mastodawn

#CaliforniaLaw is written by people who are either very ignorant or very incompetent.

https://leginfo.legislature.ca.gov/faces/billStatusClient.xhtml?bill_id=202520260AB1043

They have assumed that all operating systems are like Microsoft Windows 11, Android, or iOS; and have written legislation for operating systems where people download glorified WWW client 'apps', from 'stores', which use 'accounts' that they have with vendors or Microsoft/Google/Apple.

But the legislation *as worded* *also* covers everything from #Debian and #Ubuntu through #Arch Linux and #MobaXTerm to #FreeBSD and #NetBSD and #OpenBSD; where users anonymously use package managers or ports systems to install applications, written by developers, on operating systems, from 'publicly available internet website' repositories.

There is no age field in the GECOS data in master.passwd(5) of course, and the reality is that no BSD or Linux-based operating system has this concept of apps/stores/accounts.

#MidnightBSD #FreeSoftware #Unix #California #USLaw #AgeVerification #GDPR

Bill Status - AB-1043 Age verification signals: software applications and online services.

AB 1043 Age verification signals: software applications and online services.

I foresee:

1. #Debian eventually following #MidnightBSD's lead and cutting #California off from #FreeSoftware; after lengthy mailing list discussions where at least one person tries to deny with convoluted nonsense the plain reading of the statute.

1. A storm when someone points out that the #MobaXTerm version of APT isn't exempt, nor is RPM. (Goodness knows what IBM is going to do.)

1. An even bigger storm when someone adds an 'age' field to systemd's JSON User Records, to be enforced and served out over Desktop Bus via a systemd-aged service or some such. Much fun if that someone comes from a #GDPR country.

1. Some nutter taking a Linux distribution to court because it doesn't enable developers to control whether 16-year-olds can install rustc and busybox.

#CaliforniaLaw #Unix #rust #USLaw #AgeVerification #FreeBSD #OpenBSD #NetBSD

MontyOnTheRun Mar 1

@JdeBP how about legacy Mainframe operating systems? Would those fit the definition of such law?

I can imagine the chaos among the COBOL maintenance programmers 😅

The definitions are broad, so to quite an extent they would. There are users, who have accounts, on general purpose computers, and run applications.

The only hope for #mainframes seems to be that they likely don't have things that fit the definition of a 'covered application store'.

But they might; especially if the mainframe is nowadays running a Linux-based operating system.

http://linuxvm.org/info/distros.html

#Debian and #Ubuntu have package repositories for s390x, for example. Such a repository is a 'publicly available internet website […] that distributes and facilitates the download of applications'.

Here's one way how the naughty 16-year-olds in #California would download rustc onto such a mainframe with no #AgeVerification, for example:

https://packages.debian.org/trixie/s390x/rustc/download

#CaliforniaLaw #USLaw #FreeSoftware #rust

Linux distributions for the mainframe

Linux for Mainframe systems

Svavar the Neurospicy Mar 1

What about cloud servers in auto scaling groups that were configured by someone outside of California?

Svavar the Neurospicy Mar 1

What about servers provisioned using CI/CD scripts with multiple contributors and no direct human user of the operating system?

Anthony David Mar 1

I see a rekindling of the distro CD in California's future.

🇨🇦 Todd Bee <🖕🍊>Mar 1

@JdeBP Or, someone does know what they're doing, and they're trying to tear open Source *nix operating systems out of the hands of regular people so that "regulated" OSes will be the only ones that are legal to run and the masses will be monitored and controlled.

ReallyCanadianFly Mar 1

@toddalio @JdeBP

I was wondering if there might be an attempt to quash OSs like Linux as Win 11 keeps pushing away users. I don't know if this is it. It sounds like idiots who don't understand technology making policy again. However, we know corporate interests love to quash competition.

@reallyflygreg @toddalio

I'm inclined to believe that it is indeed the people who don't understand technology (specifically: they think that everything works like their smart 'phone or Microsoft Windows 11 PC do) making policy; or that they did understand the technology and were just crap at drafting legislation such that it could distinguish the Microsoft Store, Google Play, the Apple App Store, et al. from #Ubuntu's package repository and #OpenBSD's ports tree.

And that distinguishing criterion is not #FreeSoftware. Given the aims, the #California legislators would want #FDroid to be required to hand over #AgeVerification data to free-software apps that F-Droid allows, that themselves want to impose age restrictions (on, say, showing certain content to minors) via the route of getting the account holder's age (bracket) information from the operating system via a 'signal' from the 'store'.

https://monitor.f-droid.org/anti-features

#FreeBSD #NetBSD #Debian #CaliforniaLaw #USLaw

anti-features - F-Droid Monitor

Simon Dassow Mar 1

@JdeBP Given it's USA legislation it at least shouldn't affect those operating elsewhere. And one of the OSes named has related experience due to cryptography export restrictions back in the day and isn't under this moronic jurisdiction.

Svavar the Neurospicy Mar 1

@simondassow @JdeBP

Given it's the USA, corporations will be exempt and some high school kid will get arrested for it.

Svavar the Neurospicy Mar 1

Does this also cover the underlying operating systems for cloud and SaaS services?

So would it require age verification for every AWS Lambda or free Prisma database?

It's broad enough that it could include public Docker repos or the apt-get default repos.

@JdeBP DVDs will be back in market in notime

@JdeBP could you please provide a link to the exact wording ?

click on "Today's Law As Amended" in the link they posted

CC: @[email protected]

@khm thank you mate. I already found the whole text in here:

https://legiscan.com/CA/text/AB1043/id/3269704

David Chisnall (*Now with 50% more sarcasm!*)Mar 2

@JdeBP Okay, I’ve finally read this and… I don’t actually hate it. If I understand correctly, I believe any *nix system can comply with this by:

Creating four groups, one for each age group specified in the law.
Creating a database to hold the dates of birth of all accounts that correspond to a human (probably a flat file, given that it’s key-value pairs of date and uid).
Creating a cron job that runs daily, checks each user against the database and, if it’s their birthday, checks whether their group membership needs updating.
Updating user-add scripts and GUIs to ask for the date of birth if creating an account for a human.

Any application can then query which age group a person is in by querying group membership and web browsers can expose this.

A child with root can bypass the mechanism, but it gives a tool for parents to set age restrictions if they wish and to allow supervised privileged access. It does not require any verification of the age.

It looks a lot more sensible than the UK’s Online Safety Act, which ends up requiring a load of privacy-invasive things.

@david_chisnall @JdeBP or they can simply **** right off