Meta is funding a lot of the lobbyists pushing for age verification laws. Uncoincidentally, Meta both owns a stake in a company providing identity verification as a service, and serves to benefit from not having to moderate its own platforms.
It’s like Secure Boot, but without any of those pesky self-signing workarounds.
“But that’s unenforceable”, some will claim.
And to that, let me remind us all of a little-known concept called cryptographic attestation. If that doesn’t ring any bells, then the term “secure boot” should.
Once this shit passes into law, that’s the next step. Operating system vendors have their private keys to sign attestation tokens saying “John Johnson is an adult” and you’re only getting one if you verify your government ID. When you go to a website, your browser sends your signed token to the website and then the website checks if it’s a valid token signed by Microsoft, Apple, or Google.
But Linux?, you may be wondering. No. No Linux. Kiss it good-bye. Your bank will “require” identity attestation for “extra security”, and your bank doesn’t give a fuck about Linux. Your bank will check against whatever list of public keys they want to trust, and it ain’t going to include anything not backed by a global megacorporation.
ZZ? ZC? Come on now, copilot. You have more options than simply killing it.
I have tried it multiple times over the years and I did not have great luck with things “just working” as everyone claims.
This is why I don’t like recommending LTS distros for anything other than servers. The Linux kernel and desktop software moves fast these days, and running 2 year old kernel and DE means missing out on the fixes and improvements that the “it just works” people are talking about.
Oh god, no. Are you trying to drive people away from using Linux?
Most people with that little money aren’t going to go out of their way and assume the risk of investing in new ventures. They’re going to put it in some managed or unmanaged fund recommended by someone else, and that money is going to be invested in something safe and presumably profitable on an infinite time scale, like a megacorp (or 500).
It would amazing if the everyday worker’s savings went towards aiding the local community in starting new businesses, but I wouldn’t count on that being the default.
Legal, probably. Whichever corporations push that hypothetical bill are going to write it very specifically to ensure that it excludes their use cases.
Here’s an example of how they could do it:
S.A.V.E.K.I.D.S:
Support Age Verification Environments Keeping Internet Detectable SignalsBlah blah pretext and background information…
Blah blah surface-level purported reason for the bill is to prevent kids from bypassing age verification checks by using a VPN to pretend they’re a resident of another country…
No entity operating in or doing business within <jurisdiction> may provide services or make available technology that irreversibly redirects, masks, or otherwise obscures internet-destined traffic to appear as originating from any source other than the internet-connected network in which it was generated.
Site–to-site VPN? Fine, it’s destined for the intranet.
NAT? Also fine, it is the originating internet-connected network.
HTTP reverse proxies? Still fine, they pass the origin IP along.
VPN that routes all traffic through it? You’re getting locked up and they’re throwing away the key.
“New legislation mandates that we no longer offer the VPN connections necessary for our remote workers to access the company intranet off premises. Starting immediately, all employees are to return to office 7 days a week. If this does not work for you, please reach out to HR and they will accept that as your resignation in lieu of a written document.”
— Meta (the corp pushing the age verification laws), probably.
If you thought Flock cameras were a bad situation, imagine not being able to query, read, write, or probably even speak about topics that they decide are “unpatriotic” or “satanic”.
The only difference between right now and then is that right now they aren’t doing anything about it. They already have the data about people’s opinions and leanings as a side effect of the massive network of tracking built for targeted advertising.
It will obviously be worse when we’re stuck renting computers, but what you’re describing is a today problem just as much as it’s a future problem. The only reason it hasn’t turned full 1984 is because they haven’t gone full mask off yet.
No, it won’t. It will cause more of the supply to be reallocated away from consumers into enterprise, and that is exactly what the big tech companies want to see happen.
Having access to a computer and phone is as much of a necessity to survive in modern society as internet is. When personal computing is unaffordable to the point where subscription computing is a good enough “deal” for consumers to jump on, the ball will start rolling towards the inevitable price squeeze that we have no choice but to accept.
They’re not awesome when your workflow revolves around the command line and you’re stuck choosing between wasting days trying to layer your configuration on top of the project devcontainer or giving up and using the unconfigured bash shell included.
The Darwin kernel is based on BSD… sort of. It’s a monstrosity hybridization of an ancient version of BSD and the Mach kernel.
You should do dev work in devcontainers anyway.
Devcontainers work for Visual Studio Code when developers are more than happy to click their way through running builds and debugging problems. But, as someone whose workflow is optimized for the command-line, they can fuck off.
the experiment you are referring to was specifically designed to deceive whereas AI vulnerabilities would just be simple bugs.
In my original comment, I was specifically referring to OpenClaw. Given that it doesn’t live in a vacuum and can be influenced with prompt injection, it’s not safe to assume that whatever bugs it creates aren’t specifically designed to deceive.
Secondly, the security requirements of the Linux Kernel are way more important/stringent than Lutris, which has no special access & is often even further sandboxed if installed via Flatpak.
Sure, but that’s not the point I was trying to make. You said that I don’t trust the guy to audit the code for malicious intent before committing and I gave you a reason why nobody should: if multiple people with decades of experience in a specialized domain can’t catch vulnerabilities disguised as subtle bugs, one guy who isn’t scrutinizing the changes nearly as hard definitely won’t.
For a research experiment, a university snuck malicious commits with subtle but exploitable bugs past the maintainers of the Linux kernel.
I trust the Linux kernel maintainers to be capable of finding obfuscated exploits far more than I trust this guy, and even they failed to identify a bunch of them.
Remember, kids: if communism is evil and communism is “taking your hard-earned money away and giving it to people who don’t work hard enough,” then it’s your duty to demand the government stops those communist bailouts given to corporations that won’t support themselves.
Sometimes, I ask OpenClaw to generate some code
https://github.com/lutris/lutris/discussions/6530#discussioncomment-16088355
OpenClaw is extremely vulnerable to prompt injection. If the maintainer is using it to author code, you absolutely can not trust that the code is safe from exploits obfuscated as unintentional logic errors or bugs.
There’s purity testing, and then there’s being cautious about running code made by someone who is doing something incredibly stupid and unsafe. This is the latter.
I think it comes down to developer skill more than the engine itself.
There are a few indie games that run great and you wouldn’t even have known they used Unity until you looked for it. The Hollow Knight games and Ori games are well-known examples that even manage to run on the 2014-era pile of underpowered crap that is the Nintendo Switch. Even some 3D games like Gunfire Reborn or Risk of Rain 2 (before Gearbox took over) run well on older hardware.
Shitty devs with better engines can still produce horrible, unoptimized games. More alternatives to Unity are great, but we also need devs who aren’t pushing out half-baked slop.
It won’t at first. If more essential websites start to unnecessarily adopt it, it will start to lock Linux users out of being able to access the services necessary to exist in modern society.
Imagine if you need age/identity verification to: