| ▲ | Objections to systemd age-attestation changes go overboard(lwn.net) |
| 39 points by todsacerdoti a day ago | 46 comments |
| |
|
| ▲ | stevenalowe a day ago | parent | next [-] |
| There’s nothing “overboard” about pushing back on unnecessary political meddling. The operating system does not need to know your date of birth (or identity! Looking at you Micro$oft) in order to manage your hardware and software. The need to know is zero, and given the 1st Amendment I question that any political entity has the legitimate authority to compel one to alter software, open source or otherwise. |
| |
| ▲ | ahofmann 21 hours ago | parent | next [-] | | I think the "overboard" part is that the developer was doxxed and received death threats. | | |
| ▲ | stevenalowe 20 hours ago | parent | next [-] | | that is definitely overboard :( | |
| ▲ | nslsm 17 hours ago | parent | prev [-] | | Blowback is expected when you do evil to lots of people. If you’re not ready for the blowback then do no evil. | | |
| |
| ▲ | trinsic2 11 hours ago | parent | prev | next [-] | | It's funny how people completely miss the meat of your post. Political entities do not have the authority to compel this kind of activity. If you go along with it, you are given them a reason to keep going. You have to look at this from a rights perspective. | |
| ▲ | pinkmuffinere a day ago | parent | prev | next [-] | | > It was to be expected that some members of the community would object; the actual response, however, has been shockingly hostile. Some of this has been fueled by a misinformation campaign that has targeted the systemd project and Taylor specifically, resulting in Taylor being doxxed and receiving death threats. I think we can agree this is overboard | | |
| ▲ | razingeden 20 hours ago | parent [-] | | > I think we can agree this is overboard Yeah it’s not like these people are IRC operators or something! |
| |
| ▲ | GrayShade a day ago | parent | prev [-] | | The operating system does not need to know your full name, email and location in order to manage your hardware and software, yet systemd has had optional fields for those for years and nobody complained. They added an extra optional field for the date of birth. > Some of this has been fueled by a misinformation campaign that has targeted the systemd project and Taylor specifically, resulting in Taylor being doxxed and receiving death threats. I see. | | |
| ▲ | HackerThemAll 18 hours ago | parent | next [-] | | > systemd has had optional fields for those for years and nobody complained. GECOS in 1962, and UNIX in '70s had them as well, and nobody threatened to kill their creators. Having a field in a database is not equal to mandatory data collection. Let me remind of data that /etc/passwd allows to store on even an OS without systemd: - User's full name (or application name, if the account is for a program) - Building and room number or contact person - Office telephone number - Home telephone number - Any other contact information (pager number, fax, external e-mail address, etc.) | |
| ▲ | rasz a day ago | parent | prev | next [-] | | > full name, email and location in order to manage your hardware and software, yet systemd has had optional fields for those for years and nobody complained. maybe we should complain | | |
| ▲ | nine_k 21 hours ago | parent [-] | | Why, it's fine to have these values in a corporate environment: name, work email, office location. I'd be fine with an ability to store the birth date, the blood type, the zodiac sign, actually an arbitrary list of key-value pairs, as long as it's optional. It's only a problem when the OS insists on recording your private information to let you access your private account. | | |
| ▲ | db48x 20 hours ago | parent | next [-] | | It is an optional field, and so far there is no software that asks for this information, let alone insists on it. | |
| ▲ | stevenalowe 20 hours ago | parent | prev [-] | | which is the logical next legislative step |
|
| |
| ▲ | stevenalowe 20 hours ago | parent | prev | next [-] | | unfortunately the article does not mention who is responsible for the alleged misinformation campaign | | |
| ▲ | jojomodding 20 hours ago | parent [-] | | I doubt it has been top-down coordinated. So what do you expect the article to say? | | |
| ▲ | cwillu 14 hours ago | parent [-] | | Then “campaign” was not the correct word to describe it. It's like calling any group of people an “organization”. |
|
| |
| ▲ | marshray a day ago | parent | prev [-] | | [dead] |
|
|
|
| ▲ | tzs 21 hours ago | parent | prev | next [-] |
| Are Unix and Unix-like vendors making implementing this harder than it needs to be? Here is what is required for laws like California's. 1. To modify account creation so that in the scenarios where the law applies (account is being created for a child who is the primary user of the device) to ask for the age and/or birthdate of the child. 2. A way for applications to ask for the age range of the user ([0, 13), [13, 16), [16, 18), [18-infinity)). Implicit is to store enough information from #1 to support #2. The way I would store that information is by creating a directory, say /etc/age_group, and in that creating one file named after each age range. These files would be owned by root and not group or world readable. On creating an account this applies to add an access control list (ACL) entry for that account to the appropriate file in /etc/age_group that allows that user to read it. Then for #2 the way applications can check is by simply checking which files /etc/age_group it can open. This should be more portable than the other ways I've seen proposed. POSIX access control lists are included I believe on every major Linux distribution (and also MacOS, FreeBSD, and maybe other BSDs). This would give application writers on most Unix and Unix-like systems a common way to check if they are on a system that implements the California law (does it have /etc/age_group?) and a common way to check age group. |
| |
| ▲ | db48x 20 hours ago | parent | next [-] | | That’s a clever start, but it has a problem. What happens when the list of age groups changes? This list is not fixed; it changes over both time and space. How do I tell the difference between a system that doesn’t support age attestation vs one that only supports age groups that I don’t know about? For example, suppose I am looking to see if the user is in the `over_13` age group, but only `/etc/age_group/adolescente` exists? What if there are multiple readable files? Systemd’s solution is simpler and doesn’t have these edge cases. A higher level of software, such as the desktop environment, can query the user’s birth date from systemd and use their locale settings or time zone or other information to compute the correct age group. | |
| ▲ | nine_k 21 hours ago | parent | prev [-] | | This is a great idea. It very compactly implements a barebones parental control system: a parent (with admin access) can assign an age group to a user account, and apps which care can easily check it. I think it's exactly how such a system should work: apps, sites, etc should declare an age limit, and the user's OS should decide if it's going to give the user access to them. This approach is opposite to having the user to prove their age (and worse, the legal identity) to the web site, app, etc. | | |
| ▲ | razingeden 20 hours ago | parent [-] | | Well you got me there. For the most part, I actually agree that Ubuntu is an appropriate operating system for toddlers. | | |
| ▲ | nine_k 19 hours ago | parent [-] | | I ran a Debian box for my daughter when she was a toddler and a pre-schooler. She was good at selecting her favorite movies and music in XBMC, and enjoyed simple drawing apps. |
|
|
|
|
| ▲ | gradientsrneat a day ago | parent | prev | next [-] |
| Setting aside the obvious fact that it's morally wrong to harrass people, something tells me these harrassers never do the same to developers working on closed source software for companies, having the net effect of harming the FOSS movement overall. |
|
| ▲ | delichon a day ago | parent | prev | next [-] |
| I think I'd feel the same way about race- or gender-attestation: none of your business. Let's not build the infrastructure into the operating system to selectively restrict civil rights by demographic. |
| |
| ▲ | nh23423fefe 21 hours ago | parent [-] | | Doesn't make sense to invoke civil rights and pretend there are no legislative limits. If a law is passed requiring age verification and the component can't attest, then its blocked. You must attest your age to vote for example. | | |
| ▲ | delichon 21 hours ago | parent | next [-] | | Not every device needs to be a secure voting machine. Civil resistance is an appropriate response to such an effort. The author prefers proactive cooperation. | |
| ▲ | youarentrightjr 21 hours ago | parent | prev [-] | | > You must attest your age to vote for example. How does this relate here, or to computing generally (barring electronic voting machines)? |
|
|
|
| ▲ | kelseyfrog 21 hours ago | parent | prev | next [-] |
| As a parent, I welcome these changes. When people say, "parent your kids," this is what I need to do that: an os-level setting that serves as a source of truth, a browser that reads it, and sites that require it. If you don't like those things then use another distro or create your own, branch a browser, and create your own Internet. I welcome that. Until then, don't say the contradictory phrases of "parent your kids," and resist any of the infrastructure to actually accomplish that. |
| |
| ▲ | jollyllama 3 hours ago | parent [-] | | This is silly. No parent who is seriously looking for your requirements is going to count on a UNIX OS setting to enforce restrictions on what their child can do. | | |
| ▲ | kelseyfrog 2 hours ago | parent [-] | | Happy to be the exception to the rule. I guess this is what it feels like when the client is trying to say what they want and eng doesn't believe them. |
|
|
|
| ▲ | mzajc 18 hours ago | parent | prev | next [-] |
| > > I understood that the change was not going to be popular, but I was expecting civil discourse and a level-headed response. Not to give credit to the antisocial mob, but it would be a lot easier to take the maintainers' side here if the discourse was started before the change was merged into production. It's incredibly ironic that the LWN article praises Jeremy Soller for having reasonable objections against the change but fails to mention that systemd maintainers locked the issue* when he tried to raise his objections (and implicitly called them spam). I really fail to see how anyone could expect civil discourse given these circumstances. * In an incredibly pathetic way too - the systemd maintainer responded to his comment, then immediately locked the issue without even waiting to see what Soller would write in return. |
| |
| ▲ | JuniperMesos 16 hours ago | parent | next [-] | | This is classic bad online-forum-moderator behavior, that you see in all sorts of online chat and message board spaces where there's a moderator who has the power to lock threads at all. Obviously, the systemd maintainers have no obligation to adhere to any particular moderation policy on their org's github issues, but they definitely deserve mockery for this. | | |
| ▲ | SpicyLemonZest 14 hours ago | parent [-] | | Have you ever been on the moderator side of this? There's ultimately no perfectly polite and collegial way to say "we've heard your concerns, but this is our decision and it's not subject to your review". Being more direct about it would only have inflamed the situation further. | | |
| ▲ | JuniperMesos 7 hours ago | parent [-] | | My actual opinion here is that Github issue threads shouldn't exist at all; and pretty much all online communication should be redesigned in such a way as to prevent anyone taking the role of a moderator to lock down a coherent comment thread from everyone else who wants to participate. (I agree this is a hard chat UX problem). In my ideal world, instead of having Github accounts everyone in the thread would be posting under their own personal ID (in a way similar to ATProto, Nostr, etc.), using a discussion UX that would allow Soller to seamlessly continue the thread along with any other willing participants even after the systemd maintainers blocked it from their own end (which is their right to do). Perhaps if systemd entirely forked over this, this issue comment thread could seamlessly transition into a new issue on the fork, to serve as documentation for why the fork works the way it does. In general, sometimes the best response to a moderator banning some kind of discussion is for everyone who is subject to that ban to fork the discussion thread itself; and online communication software should more readily facilitate this. | | |
| ▲ | SpicyLemonZest 2 hours ago | parent [-] | | I think that's affirmatively a bad idea, even given a solution to the UX problem. Maintaining a healthy discussion forum requires the ability to terminate bad discussions that are causing problems, and making decisions effectively requires that there be a seam-ful distinction between the thread where a decision is discussed and meta-threads where someone else in some other context wants to talk about the same issues. I see where the intuition for your idea comes from (I can't just declare that my friends have to stop talking about a road trip because I'd prefer to ride the train, I can pull someone out of the circle for a side conversation freely), but it only works in closed groups where all participants are invested in their reputation and there's no clear decisions to be made. |
|
|
| |
| ▲ | 14 hours ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | dizhn a day ago | parent | prev | next [-] |
| This reads like a company piece. |
|
| ▲ | wormius 19 hours ago | parent | prev | next [-] |
| 1. Harrassment of these devs is wrong (no matter how shitty Lennart and systemd is (for those of us who dislike it)). 2. Why do the worst of the worst have to be on "my side" (like this harrassment, and other issues, where they are polar opposites of me when it comes to social issues). But. You have to go to war with the army/allies you have, and if that means I have to be in bed with ... a certain unduke, then I guess it shall be. 3. I remember when statements like the following would have been laughed at by the free software/"open source" community. Instead of acquiescing, and saying "well we have to plan for this big totalitarian overreach" (if you think it isn't, look at Palantir and all the big tech CEOs getting their mitts everywhere), it would have been calling to RESIST and do everything we can technically, organizationally and politically to push back against this, but here we are willingly just building our future prisons. At the behest of giant "open source" corporations who "have nothing to hide" after all. Of course systemd is NOT a free/libre project in any sense of the word, which is all the more reason I distrust it, and this latest is going to push me off it (I'm on Cachy now). But like I am, we all just sit in the boiling water. I'm still on Firefox for example. I'm on Facebook. This is why it's important to resist BEFORE, so it doesn't become a systemic thing where everyone feels compelled to "go with the flow". (the following, as referred to in point 3):
"Zbigniew Jędrzejewski-Szmek replied that while it was possible California's law would be changed, ""similar ideas are popping up in other contexts and it's unlikely that they'll all go away"". Ultimately, Luca Boccassi merged Taylor's changes after a bit of back-and-forth about the implementation." If I could trust that "it's just a field, maaaaan" fine, but I don't. I see how politics is played and plays out and it's the people who are building this that should reconsider, because they ARE enabling future abuse of these systems merely by putting them in. "Oh look - we now have an affordance there's no reason not to exploit it and put it in our central repository of "authentic" validated computer users). How long before felons are disallowed from owning/using computers? No matter how necessary that is (and I don't mean "1337 hackers" just "we must punish 'the bad guys'). If I felt we were in a forward moving direction maybe I wouldn't be so resistant, but the past 15-20 years should have taught us well about this process of enshittification and corporate capture of tech in a way we never thought possible (just like the shock of the AT&T room wiretap back in the 00s, etc...) That said, stop harrassing these people in this manner, it is not good and does a disservice for "our cause". Goddamnit, people. |
|
| ▲ | stalfosknight 21 hours ago | parent | prev | next [-] |
| I'm a Mac person through and through but I've always had the deepest respect for the sincere commitment to freedom and privacy that you find in the FOSS world. I am shocked by what's going on with systemd and by how suddenly bootlicky LWN has gotten. |
|
| ▲ | jollyllama 21 hours ago | parent | prev | next [-] |
| >systemd age-attestation changes WTF? |
|
| ▲ | cetinsert 19 hours ago | parent | prev [-] |
| No, they don't! Entitled people doing opinion psyops normalizing overreach is the problem. We are private citizens. Public officers need to be transparent! Not the other way around. |
| |
| ▲ | tredre3 19 hours ago | parent [-] | | Are systemd developers public officers in your mind? | | |
| ▲ | cetinsert 11 hours ago | parent [-] | | systemd developers should not get trigger happy and suck up to anyone willing to undermine privacy. | | |
| ▲ | orf 8 hours ago | parent [-] | | The systemd developers are private citizens though. |
|
|
|
