Meta is funding a lot of the lobbyists pushing for age verification laws. Uncoincidentally, Meta both owns a stake in a company providing identity verification as a service, and serves to benefit from not having to moderate its own platforms.
It’s like Secure Boot, but without any of those pesky self-signing workarounds.
“But that’s unenforceable”, some will claim.
And to that, let me remind us all of a little-known concept called cryptographic attestation. If that doesn’t ring any bells, then the term “secure boot” should.
Once this shit passes into law, that’s the next step. Operating system vendors have their private keys to sign attestation tokens saying “John Johnson is an adult” and you’re only getting one if you verify your government ID. When you go to a website, your browser sends your signed token to the website and then the website checks if it’s a valid token signed by Microsoft, Apple, or Google.
But Linux?, you may be wondering. No. No Linux. Kiss it good-bye. Your bank will “require” identity attestation for “extra security”, and your bank doesn’t give a fuck about Linux. Your bank will check against whatever list of public keys they want to trust, and it ain’t going to include anything not backed by a global megacorporation.
But have you considered that Peter Theil knows the antichrist?
He’s part of the “you will never need to vote again” admin, so… yes?
Or do one even better and stay silent while also threatening any media outlets that report the terms. Now you get weakness, confirmation, and lying all in one package with a ribbon bow on top.
Valve HATES this ONE TRICK to DOUBLE YOUR FPS INSTANTLY!
I have tried it multiple times over the years and I did not have great luck with things “just working” as everyone claims.
This is why I don’t like recommending LTS distros for anything other than servers. The Linux kernel and desktop software moves fast these days, and running 2 year old kernel and DE means missing out on the fixes and improvements that the “it just works” people are talking about.
Oh god, no. Are you trying to drive people away from using Linux?
The typical conservative response to that is “but then they’ll take their businesses elsewhere and now you get nothing.”
The typical conservative response also fails to even consider just how difficult, expensive, and risky it is to move a large business to an entirely new region. Real estate has to be purchased and sold, employees have to be relocated or replaced, logistics have to be established in the new region, valuable business connections and contracts will have to be severed, and for brick and mortar businesses, the competitive landscape will be different.
Legal, probably. Whichever corporations push that hypothetical bill are going to write it very specifically to ensure that it excludes their use cases.
Here’s an example of how they could do it:
S.A.V.E.K.I.D.S:
Support Age Verification Environments Keeping Internet Detectable SignalsBlah blah pretext and background information…
Blah blah surface-level purported reason for the bill is to prevent kids from bypassing age verification checks by using a VPN to pretend they’re a resident of another country…
No entity operating in or doing business within <jurisdiction> may provide services or make available technology that irreversibly redirects, masks, or otherwise obscures internet-destined traffic to appear as originating from any source other than the internet-connected network in which it was generated.
Site–to-site VPN? Fine, it’s destined for the intranet.
NAT? Also fine, it is the originating internet-connected network.
HTTP reverse proxies? Still fine, they pass the origin IP along.
VPN that routes all traffic through it? You’re getting locked up and they’re throwing away the key.
“New legislation mandates that we no longer offer the VPN connections necessary for our remote workers to access the company intranet off premises. Starting immediately, all employees are to return to office 7 days a week. If this does not work for you, please reach out to HR and they will accept that as your resignation in lieu of a written document.”
— Meta (the corp pushing the age verification laws), probably.
If you thought Flock cameras were a bad situation, imagine not being able to query, read, write, or probably even speak about topics that they decide are “unpatriotic” or “satanic”.
The only difference between right now and then is that right now they aren’t doing anything about it. They already have the data about people’s opinions and leanings as a side effect of the massive network of tracking built for targeted advertising.
It will obviously be worse when we’re stuck renting computers, but what you’re describing is a today problem just as much as it’s a future problem. The only reason it hasn’t turned full 1984 is because they haven’t gone full mask off yet.
No, it won’t. It will cause more of the supply to be reallocated away from consumers into enterprise, and that is exactly what the big tech companies want to see happen.
Having access to a computer and phone is as much of a necessity to survive in modern society as internet is. When personal computing is unaffordable to the point where subscription computing is a good enough “deal” for consumers to jump on, the ball will start rolling towards the inevitable price squeeze that we have no choice but to accept.
The researchers said it was “maddening” that such easy action to fight the climate crisis was not being taken, and said people should be angry. Stopping the leaks can even be free, given that captured gas can be sold – methane is the “natural gas” that fires power stations.
It’s maddening but expected.
When corporate decisions are based solely on pleasing investors, fixing a leak isn’t a priority. It might be a long-term investment that eventually pays for itself, but it comes with a front-loaded cost that diminishes the profits of the current quarter.
The only way to get them to care about the problem is if it’s actively unprofitable or comes with personal liability for the leadership, and the only way that will happen is with regulations.
In other words: “why about the survivability of the species when we can instead care about making our investor’s loins tingle?”
the experiment you are referring to was specifically designed to deceive whereas AI vulnerabilities would just be simple bugs.
In my original comment, I was specifically referring to OpenClaw. Given that it doesn’t live in a vacuum and can be influenced with prompt injection, it’s not safe to assume that whatever bugs it creates aren’t specifically designed to deceive.
Secondly, the security requirements of the Linux Kernel are way more important/stringent than Lutris, which has no special access & is often even further sandboxed if installed via Flatpak.
Sure, but that’s not the point I was trying to make. You said that I don’t trust the guy to audit the code for malicious intent before committing and I gave you a reason why nobody should: if multiple people with decades of experience in a specialized domain can’t catch vulnerabilities disguised as subtle bugs, one guy who isn’t scrutinizing the changes nearly as hard definitely won’t.
For a research experiment, a university snuck malicious commits with subtle but exploitable bugs past the maintainers of the Linux kernel.
I trust the Linux kernel maintainers to be capable of finding obfuscated exploits far more than I trust this guy, and even they failed to identify a bunch of them.
Sometimes, I ask OpenClaw to generate some code
https://github.com/lutris/lutris/discussions/6530#discussioncomment-16088355
OpenClaw is extremely vulnerable to prompt injection. If the maintainer is using it to author code, you absolutely can not trust that the code is safe from exploits obfuscated as unintentional logic errors or bugs.
There’s purity testing, and then there’s being cautious about running code made by someone who is doing something incredibly stupid and unsafe. This is the latter.
I think it comes down to developer skill more than the engine itself.
There are a few indie games that run great and you wouldn’t even have known they used Unity until you looked for it. The Hollow Knight games and Ori games are well-known examples that even manage to run on the 2014-era pile of underpowered crap that is the Nintendo Switch. Even some 3D games like Gunfire Reborn or Risk of Rain 2 (before Gearbox took over) run well on older hardware.
Shitty devs with better engines can still produce horrible, unoptimized games. More alternatives to Unity are great, but we also need devs who aren’t pushing out half-baked slop.
It won’t at first. If more essential websites start to unnecessarily adopt it, it will start to lock Linux users out of being able to access the services necessary to exist in modern society.
Imagine if you need age/identity verification to: