I'm probably missing something, but when I read the California statute I didn't understand it to be anything like "computers enforcing age" - more like, when you create an account it needs to ask your age, and then provide a system API by which apps can ask what bracket the account holder is in. This seems better than the current solution of every app asking independently?
Again, I'm probably missing something but it strikes me as pretty trivial to comply with?
The government really shouldn't be telling us how/what we can compute at all.
But on this specific point - It's a bellwether. They're doing this to lay the groundwork and test the waters for compulsory identification and/or age verification. Getting MacOS and Windows and Linux and etc to implement this WILL be used as evidence that compulsory identity verification for computer use is legally workable.
>The government really shouldn't be telling us how/what we can compute at all.
You could say the same thing about restaurants. "The government really shouldn't be telling us how/what we can cook at all."
When you are selling a product to the public, that is something that people have decided the government can regulate to reduce the harms of such products.
Being "trivial to comply with" is completely disjunct and not at all an argument against "this type of law is fundamentally at odds with the liberty and self-determination that open source projects require and should protect." It's a shot across the bow to open-source, it's literally the government telling you what code your computer has to run. It is gesturing in the direction of existential threat for Free software and I am not exaggerating. It's purposefully "trivial" so you don't notice or protest too much that this is the first time the State is forcing you to include something purely of their own disturbed ideation in your creative work.
Free software is already mandated to do a lot of things, like not defraud the user. If you make a bitcoin wallet that sends 5% of your money to the developer without asking I'm pretty sure you'll be prosecuted, so the government is compelling you to ask the user for consent to do that.
When you make food you're compelled to write the ingredients. We tolerate these because they are obvious and trivial, but pedantically, food labelling laws also violate the first amendment.
> Free software is already mandated to do a lot of things, like not defraud the user.
Surely you recognize the difference between "you cannot go out of your way to do crime" and "your software must include this specific feature"??
> When you make food you're compelled to write the ingredients.
Well, the point about how this affects open source is that under a similar California law, every home kitchen would need to be equipped with an electronic transponder whose purpose is to announce to the world what ingredient bucket you used for tonight's casserole.
In the earnest interpretation of your question that presumes you're not trying to drag this into a quagmire of nitpicking over the metaphor, the analogous part of the California law to the casserole ingredient advertisement is announcing the user's age bucket to the world. The world being, any app or website that happens to ask for it. I don't know why you brought browser histoy into this, it's not in the law and I didn't mention it.
Anyway, the whole point of the metaphor, because I feel like I will have to explain it, is that we don't put these onerous "required labeling" rules in place for private individuals going about their own lives. So just like you don't have to tell anyone who asks what you put in your dinner last night, private individuals should not have to tell anyone who asks (websites, apps) what age demographic they fall into.
Note: this is one of many arguments I endorse against this type of law. This shouldn't be interpreted as "so that's all you're worried about?" just because we dissected it in detail here.
If that’s true, I think the law is fine. There are good solutions for anonymous disclosure of information about you, the most mature being Verifiable Credentials, which is an open standard: https://en.wikipedia.org/wiki/Verifiable_credentials
You can disclose just a subset of a credential, and that can be a derived value (eg age bracket instead of date of birth), and a derived key is used so that its cryptographically impossible to track you. I wish more people discussed using that, but I suspect that it’s a bit too secure for their real intentions.
In general, any proposal to use government ID for "age verification" over the internet is going to end in someone using it for mass surveillance, and it's probably not wrong to suspect that as the intention to begin with.
There is no benefit in doing that because parents already know how old their kid is. They don't need the government to certify it to them, and then they can configure the kid's device not to display adult content.
Involving government ID is pointless because the parent, along with the large majority of the general population, has an adult ID, and therefore has the ability to configure the kid's device to display adult content or not even in the presence of an ID requirement if that's what they want to do. At which point an ID requirement is nothing but a footgun to "accidentally" compromise everyone's privacy. Unless that was the point.
And those are better than the ones that do involve ID, which also exist, but not as good as the thing where the service tells your device the rating of the content instead of the user telling the service their age.
How would that work when the service has mixed content? You'd have to go to kids.facebook.com to get the child-friendly version? With a client-sent signal they can just filter it, the same way Accept-Language can automatically translate the UI.
Agreed. Which is why I think the OS level is dumb. Kids can just live boot or launch a vm or keylog their parents' account.
If it's windows, they can just live boot into the OS and get access to pretty much all the files anyway, if the parent didn't encrypt things.
My point is, if the implementation is trivial to bypass, why do we need this legislation? Just let the parents use the existing tools we have and parent.
Elements that contain adult content are tagged and then the user agent doesn't display them.
This also has the extremely useful benefit of making you aware that something is being censored, because then it has a censorship box in place of the content. Whenever censorship is happening it should be flagrantly conspicuous rather than invisible.
It doesn't even need to be that complicated. OS asks you your birthday at setup time. Stores it. Later, an app asks whether the user falls into one of the following brackets:
A) under 13 years of age, or B) at least 13 years of age and under 16 years of age, or C) at least 16 years of age and under 18 years of age or D) at least 18 years of age.
that's it. The OS can decide how it wants to implement that, but personally I'd literally just do get_age_bracket_enum(now() - get_user_birthday());
I think the uproar comes because the well is already poisoned. People are already trained to respond with an outburst of anger to any law that mentions the age of the user, and will find excuses to rationalize that outburst, even when the law isn't that bad.
I mean, "compelled speech"? Really? That's people's argument? This is about as bad as the government compelling you to write a copyright notice.
Compelled speech is bad and it’s something we don’t do, at all. All kinds of bad things come with compelled speech. Mandatory loyalty oaths, erosion of the fifth amendment, compelled work to weaken encryption, etc.
The well should be poisoned. The whole idea is poison.
As a mobile dev at YouTube I'd periodically scroll through crash reports associated with code I owned and the long tail/non-clustered stuff usually just made absolutely no sense and I always assumed at least some of it was random bit flips, dodgy hardware, etc.
I heard the same thing from a colleague who worked on a Dutch banking app, they were quite diligent in fixing logic bugs but said that once you fix all of those, the rest is space rays.
As an aside, Apple and Google's phone home crash reports is a really good system and it's one factor that makes mobile app development fun / interesting.
For the Mastodon Android app, I also sometimes see crashes that make no sense. For example, how about native crashes, on a thread that is created and run by the system, that only contains system libraries in its stack trace, and that never ran any of my code because the app doesn't contain any native libraries to begin with?
Unfortunately I've never looked at crashes this way when I worked at VKontakte because there were just too many crashes overall. That app had tens of millions of users so it crashed a lot in absolute numbers no matter what I did.
Well, vendors' randomly modified android systems are chock full of bugs, so it could have easily been some fancy os-specific feature failing not just in your case, but probably plenty other apps.
Usually I'd just look at clusters of crashes (those that had similar stack traces) but sometimes when you're running a very small % experiment there's not enough signal so you end up looking at everything. And oh boy was there a lot of noise.
In an app with >billion users you get all kinds of wild stuff.
I have max, I kept hitting usage limits. I have 4 projects that I will code in parallel, so while one agent is working, I spin up other agents to complete things. Most of my effort now is designing agile roadmaps with specifications, epics, sprints and implementation cards (using AI to create it, then reviewing it), so the Agents have a massive, detailed roadmap. I review code but I also built a framework where much of the code is generated by templates not the model itself so the review is mostly cursory.
I assume you're doing things with the API that aren't coding tasks that could be done with Claude Code? Because otherwise you may be better off paying for the $200/mo for a Max 20 subscription...
Or btrfs for that matter. I'm doing something similar with btrfs. Used zfs for a while, but the external repositories kept getting out of sync with the distribtion kernel, so system updates required manual intervention. That annoyed the heck out of me over time. Switched back to btrfs, which has been working fine for the last year. 10 or so years earlier I still had data corruption and bugs with btrfs.
Again, I'm probably missing something but it strikes me as pretty trivial to comply with?
reply