CassandrichI want someone (a real collaborator, not one of y'all as a joke) to try submitting a patch to musl adding a pw_dob field to struct passwd. I will roast and reject.
Ariadne Conill 🐰
@dalias I don't even want to figure that law out right now
@dalias my personal view is that most of fedi is rejecting a boogeyman created by lunduke
the california law is clearly intended for consumer OS with cloud services and app stores.
but importantly it has quite a few features that seem desirable
- the assured age bucket is configurable by the device owner
- it is not verified with third party services like persona
- app developers have to accept it as a valid age verification unless they have direct knowledge that the age verification is invalid (!)
the latter seems actually to be good, as there is less personal data processing happening. it makes it illegal for app developers to demand ID, they have to accept the attested signal.
I don't even know what shape, if any, compliance for a distro would look like, but most likely that information wouldnt be stored in /etc/passwd anyway.
most likely we would just have a daemon that generates attestations based on a configured age bracket. no libc changes needed 😵💫
Jackie@dalias @burnoutqueen my points are
- the law is not targeted (as in intention) at FOSS projects
- a compliant OS can simply generate any signal it wants and remain compliant with the law
- people are vigorously debating the law as represented by Bryan Lunduke, a known chud
Eric Schultz@ariadne @dalias @burnoutqueen I'm debating the implementation based on the law and what people are actually doing.
Pretty sure Lunduke didn't inspire me given he literally posted my name last fall in a tweet where he discussed "groomers" because I challenged a fascist running Rails. It's not about me but just saying.
I see this law in the same light as the DMCA, KOSA and the Patriot act. I believe that giving *any concession* to the corporate surveillance state *in any context* *under any pretext* is unacceptable.
Because every inch that is given can and will be used to oppress working class people, enrich the bourgeoisie, and build up the tools required for Trump's henchmen to police online speech. The amount of inches I am willing to give is zero. Because every inch is going to be used to silence criticism of the government, prevent vulnerable people from getting help in abusive situations, and strengthen the oppressive grip of the Republican party over US society and culture.
I don't think it's targeted at foss, I don't listen to Lunduke (I blocked him, in fact). I just see the writing on the wall, and I'm acting accordingly.
yes, I get that. I also am transgender and have been smeared by Lunduke in an episode of his podcast that he dedicated talking about how I am a transgender rabbit therian and thus it could not possibly be xlibre's own community behavior that makes people not want to deal with them.
anyway I hear a lot of talking about the law and I am also autistic as fuck so pattern recognition is something I lock into very easily.
so I notice the talking points about the law are as described by Lunduke and how his misinformation has diffused around fedi, and much less debate about what is actually in it. people copy, paste and react to talking points all day on fedi.
my point is that the aspects of the law that I bring up, nobody knows about them because none of the journalists have talked about what is actually in the law and are instead turning it into a boogeyman for clicks like Lunduke did. he just did it before everyone else.
internally in alpine we have been debating what, if anything, to do about this law for almost a month now, so it is possible that things look differently to me :)
so anyway:
1. i would put money on Linux distributions with package managers being left alone. I just don't see the risk. if anything the risk is as you say, that we are complying in advance without even being confronted.
2. some distributions which have actual app stores (e.g. elementaryOS) probably will have to comply with this somehow because they have more of the right shape. i don't think that makes them evil, to any more extent than participation in capitalism is evil by default. i would rather the trans woman running the indie distro keep her income.
3. in general I think people should calm down just a little bit and engage with these legislation attempts to protect our interests as distribution maintainers. this way we aren't caught off guard. it was surprising to see that this was not on anyone's radar. I seriously wonder where LF was here, for example.
jane400 - 628.4 fan@ariadne @dalias @burnoutqueen I'm a lot more pessimistic than you on point one. App store seems to be a applied more and more as an umbrella term, e.g. I fear some lawyer will describe apt as an app-store without the pictures/text based. Flathub and snap describe themselves as app stores.
But I'm definitely on the supporting point three. Nobody cares or knows about the Linux Desktop.
Val Packett 🧉@ariadne @dalias @burnoutqueen
- everyone keeps repeating VERIFICATION VERIFICATION VERIFICATION but the referenced laws EXPLICITLY DO NOT propose verification, it's a SIGNAL
@ariadne @burnoutqueen @valpackett But requiring signaling is a step towards requiring verification, and doesn't meet the needs of someone who doesn't even want signaling (maybe because they don't want to have to lie, or because of risk of exposure).
@dalias @ariadne @burnoutqueen the slippery slope fallacy is a fallacy, everyone has forgotten that apparently..
in technical terms it's a lot more of an "alternative" than a "step towards"?? any kind of verification would not use a literal number field at all, it would have totally different implementation requirements
@valpackett @ariadne @burnoutqueen The problem is accepting that they have standing to demand a feature whose purpose is identifying user's age. Once you've accepted that you're just squabbling over details.
@burnoutqueen @valpackett @dalias sure. but given this I think it isn't a problem for traditional distro unless california says they want to sue distros.
Tiota Sram@ariadne @burnoutqueen @valpackett @dalias there's an obvious alternative move here: just say "users in California shouldn't download this distro" on your website. IANAL but I've seen at least one serious org take this stance. If you want to build political resistance to verification (which is clearly the writing on the wall and which is already mandated for other things in some jurisdictions) this is the way to go. Instead of explaining to each other how this isn't really such a big deal because it's only a signal, not verification, force the ones passing the laws to explain that themselves in response to "California bans Linux" articles. Then you put them in a position where you can follow up with "this is clearly just a pretext to make verification easier to mandate in the future, and/or could be used as such by a future administration with worse goals, so I don't mind you banning me over this."
As a bonus feature you help users get practice at ignoring oppressive laws (and they're not even liable anyways, so it's not a crime for them to ignore your disclaimer and download it).
It's the fact that developers (in some cases without proper community input) are choosing the compliance path over this *actually simpler-to-implement* path that's galling, especially if they say "this needs to be opposed but for now we'll comply" since they've chosen a harder path to compliance that undermines political opposition.
@dalias @burnoutqueen at no time did I propose anything and I would appreciate you not assuming I have, thanks
@ariadne @burnoutqueen I didn't see such an assumption in the toot you replied to.
@ariadne What about users who don't want that data stored on their computer to begin with, where it might leak due to vulnerabilities or badly-behaved applications?
And what apps would this even be serving? We're not like appstore platforms with sketchy apps that phone home to some service provider and want to report information abou the user. There's no possible thing any real native application that would be packaged could use this for.
But worst of all, complying is expressing a willingness to go along with ridiculous demands of a malicious government.
@ariadne Expressing that willingness is a betrayal of users and community. It's telling them whose concerns you deem valid and whose you don't.
@dalias sure, but if the alternative is that the state of california brings financial ruin on indie distribution maintainers, I can see why some don't want to risk their livelihood over such a stupid law
to reiterate, I don't think there is any practical risk of California coming after distros. this just isn't how the California grift machine works, they go after money.
but either way, if it were up to me, I would just slap "not for use in california" label on the alpine website and wait for silicon valley to fix the law.
@dalias that's my point: I don't think the law as written is intended to affect Linux distributions. I will worry about this when the state of california announces that they intend to enforce the law against distributions. they have not done so yet. I don't even think it's on the radar.
it makes sense for the commercial OS scenarios with cloud services and app stores. it fits what they are doing very well.
though, for example, Discord would be an example of a Linux app that would benefit from this law.
Emma needs ☕️ and paying work