I was just highlighting the juxtaposition in length and depth between the two comments by dropping a dumb meme one level deeper.

I know, I get the meme. I just took it as inspiration for another wordy, serious comment, which I now realise continued the trend. I suppose the apt follow-up would have been some even shorter quip like “OK Boomer”. Instead, you had to make a serious reply of your own and break the chain. Thanks, Obama.

I genuinely value your post.

And I value your genuine response and explanation. We hope together.

Absurdist humour is one of my coping mechanisms for exactly these kinds of topics

That I can get behind. When confronted with the absurdity of our great ambitions and worries in face of our own insignificance, what else can we do but make memes?

What better way to bear dark times than to make light of them?

When life is serious enough, you don’t need to be.

Live. Laugh. Shitpost.

I get the meme, but it’s kinda dumb. This is a website where you’re free to just not read my comment, if you don’t wanna engage with the topic, not a captive audience like a retail employee.

Because limited liability corporations were created to avert liability from individuals. His firm is liable, but no single individual within it.

Not even the ones making the executive decisions, despite their near-monarchic power. I guess since they’re appointed by a board of directors, it’s something like an electoral monarchy, except the board isn’t democratically elected so it’s a plutocracy by proxy. The ultimate culprit would be - and this is a chorus you’ve probably heard a thousand times on here - the shareholders, and going after them is hard. Particularly when the shareholders are themselves corporations…

But the CEO is the pin focusing shareholder intent down into decisions and ultimately action. If they were effectively held responsible for their decisions, it would at least provide some counterbalance to the shareholders’ demands. It could also solve the “shareholders are corporations” issue, since you could make the CEOs of those companies liable for demanding illegal measures from companies they control.

Of course, such a drastic change would be hard to actually push through, as things stand, since it would inhibit (illegal) profit and growth and “the economy” is a sacred cow. It’s still worth pushing for, in my opinion, but building awareness and support takes patience and tact to avoid pushing people into political apathy.

The alternative I could see (and would prefer, but suspect to be even less attainable) is to dismantle the stock and capital system entirely. What you’d replace it with is a whole separate debate I won’t cover in this comment. Drastic systemic change is difficult to plan and enact, and building and maintaining the new system is difficult in the face of insecurities, old habits, unforeseen challenges that it may not yet have developed effective ways to deal with and generally all the growing pains that come with new things.

They’re not mutually exclusive, and the first may be a step on the road to the second. Either way, public support is key, and that is rarely won quickly.

I can’t even write a two-sentence comment in 30s without overthinking. I do like to use formatting, but that doesn’t make it quicker…

I doubt those changes would be PRed, merged, updated in my distro and somehow automatically pushed to my system in the blink of an eye. This isn’t Microslop we’re talking about who can force-push intransparent “fuck your settings” at the drop of a hat, and I’m certainly going to be much more wary of upcoming updates now. This isn’t my point of objection (yet - mandatory entry would be), but definitely a point of caution.

If they stick to malicious “here, you can ask for a date, but we can’t guarantee which date, if any, you’ll get” compliance, that isn’t perfect, but it’ll be good enough to make a joke out of tracking the date at all.

Besides, just this change being minor would be no reason not to keep pushing back against the law and airing our discontent about the direction they’re heading in, because the direction is definitely concerning.

The systemd PR also referred to a flatpak PR who said they had wanted that to allow for parental controls even before the law came. That’s a somewhat reasonable use case, in my opinion.

I’ll believe that if and when they actually force me to upload identification to prove that my birthday really is 1970-01-01 and my name really is Nunya Bissnis. Otherwise, it’s really no different from Steam asking my birthday when opening store pages or porn sites asking “click here jf you’re 18” and take my word for it.

So long as it’s being enforced just as well as the realName field, I maintain that it is indeed harmless. If the point is to have a hilariously ineffective solution as a fig leaf against a stupid law, I’ll prefer that to efforts to actually implement verification.

Can both sides lose please?

But in a way that only hurts the power-hungry bastards, not the civilians

It doesn’t as long as other init systems exist

Of course, which is why I said it was “somewhat” central earlier in the thread: it’s not universal, even if systemd is widely used.

Other init systems generally also have ways to store data (not specifically dates, just in general), and some overarching standard for securely accessing them would be useful for intercompatibility, but that’s a mess as it stands anyway.

people can luckily choose, hopefully that will always be the case.

Also agreed. Just because I personally come down on the systemd side of the debate doesn’t mean everyone should have to use it. Standards are nice, but there always should be alternatives, in case a standard gets captured by twats (which kinda is the debate we’re having: whether systemd has started bowing to fascists significantly enough to warrant migrating away).

I believe that’s on purpose so people can easily accept it and they can do worse later.

That point, I disagree on, because systemd (not) implementing this doesn’t actually make it easier (or harder). Distros that want to comply would just write a file for it somewhere instead. Distros that don’t comply will just not implement any verification process.

What systemd does here is offer a solution to secure it centrally (see the commit discussion about the most efficient and reasonable way to wipe that info from memory again). Considering the whole issue, I think its impact on feasibility of verification is minor, while the advantages of standardisation make it preferable to a wild growth of uncontrolled alternatives.

Corporations are behind this, don’t forget that.

Another user pointed out the concept of anticipatory obedience to me, and in that context, corporations pre-emptively bowing to authoritarian surveillance is definitely a cowardly move. We agree on that.

Here’s to hoping this entire discussion becomes just as pointless as you expect the PR to become. If that’s what I end up being wrong about, I’ll gladly take the L for cynicism and the W for privacy.

there’s also a push for making opensource exempt from it

Let’s hope it succeeds. Actually, let’s hope the law is overturned entirely. And while we’re at it, let’s hope Meta fails, crashes, burns and takes all its bullshit down with it, but that’s only tangentially related.

It depends, if the purpose is age verification then yes I will oppose it.

Then I’ll not tell you what I intend to use that encrypted hash I’m writing to my app’s data storage for.

Any data storage can be abused. This one is transparent about its content, but I don’t see anything implying that you have to enter anything, let alone have to enter your actual birthdate. It can be used for parental controls, it can be used for age restrictions, but if I implement age verification, where I store that data on your machine is the least of your worries.

Where I store your ID on my machine, on the other hand, should be more concerning, and even more so the fact that I need your ID at all.

We can argue whether this is necessary, whether it can serve reasonable use cases (such as voluntary parental controls), but at the end of the day, it’s such a small and exchangeable part of the system that it’s not worth the shit people give systemd over it.

I think controlled, transparent storage is better than intransparent, and any storage is only as evil as the things using it. Target those things instead.

You’re right, and thanks for that and the second link too.

Still, as “bowing to fascist fuckery” goes, trying to figure out how to securely store a piece of data is hardly problematic. The Flatpak PR they cite also mentions that they wanted options for parental controls independently of the law, and it’s that part I’d be more concerned about, but still less than about the “upload your ID please, promise we won’t pull any fuckery with it- whoops” shit going on elsewhere.

That would be the case if everyone used systemd, but it’s not, sysvinit distros still exist and they’re not going away in the foreseeable future.

That’s nice. Doesn’t change the fact that it needs to be stored somewhere, if the maintainers end up facing legal pressure to implement it. Opposing one (optional) way to store it won’t fix the issue, it’ll just result in the same splintering of competing standards we see everywhere else, with the attendant difficulties in ensuring security and quality across the board. In other things, that might matter less, but if we’re pissed about having to hand over PII to one instance, I’d be even more wary of it being stolen.

You’d be cutting off one leaf of a tree.

I could agree with this if the reason for this PR wasn’t age verification, that’s indeed a battle that needs to be fought, on every piece of the puzzle.

Are you going to oppose every other system that allows storing data too, because it might be used to store data for age verification?

No, it’s a battle that needs to be fought at the focal points: lawmakers, law enforcement, developers implementing the verification tools, companies using them.

Spending time and energy waging a culture war over the most insignificant, replaceable, trivial part of it will achieve nothing. It sacrifices all nuance and bulldozes all discussion of other merits (or issues) systemd might have.

There are legitimate, reasonable complaints to have with systemd. “We added a data field, which we’re trying to make sure doesn’t end up in the wrong hands” isn’t one.

Fuck these laws, and fuck the fascists using kids as pretense for surveillance.

I mean, I literally say that implementing actual verification would be an invasion of privacy. Storing data isn’t the problem, because we do that any way. This isn’t any different from the fields for your real name or location, which nobody gives a fuck about either. At least systemd are talking about ways to secure that data, whether to add a separate flag or save some CPU cycles before wiping it from memory and such.

If you force me to enter something, that’s definitely shady. If you force me to verify that information, we’re in “fuck no, fuck you, fuck this surveillance bullshit” territory.

But getting upset about this optional field in particular, but not any other data storage option, is hypocritical. Worse still, getting upset at the one effort to provide a standard that also makes some attempt at securing it is short-sighted. We have a hundred ways to store data. Cancelling one won’t stop the root issue:

Collecting that data. Fuck that law, fuck the people that wrote it, fuck the people that passed it, fuck the people forcing you to surrender PII for plain bullshit reasons and fuck the people implementing those surveillance methods. That is worth raging about.

It’s easy to say “just ignore the law” when you’re a nobody on the internet. But also, this isn’t much bowing. More like slightly inclining your head to do the bare minimum.

They’re debating about the best way to make sure that data doesn’t end up where it shouldn’t. They’re not implementing some systemd-level verification requirements. They’re literally just offering a central-ish place to handle storing and securing that data. If anything, this should be preferable to having different implementations with different levels of security standards.

And it’s delusional to think that Linux will collectively be able to evade this requirement, unless the law as a whole ends up overturned (which I very much hope it does). You wanna get pissed at someone for sucking fascist dick, get pissed at the lawmakers passing this crap.

A data field isn’t the hill to fight that battle on. If someone goes and actually implements mandatory verification, I’ll be right there with you, (pitch-)fork ready and ready to burn bridges, but this isn’t it.

being requested by the operating system

Is it though? As best as I could tell, this PR is literally just adding the field next to the others, not requesting shit.

In case you didn’t notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they’re trying to shift the responsibility to operating systems of all things, and that’s not acceptable.

Absolutely. I just disagree that this particular addition (particularly considering all the fuss about making sure it doesn’t show up in logs and dumps and what not) is a problem. I don’t think this is the hill that battle should be fought on. Adding or not adding it to systemd doesn’t make the OS / distro built on top of it any less responsible for their handling of that data.

It does provide a standard and (somewhat) central place to implement the security aspects of it though.

He’s taking his competence and experience with him, for starters. Transitions always take time for the newbie to get accustomed. There’s also some public image effect to a respected veteran an expert disagreeing not just behind closed doors, while outwardly being seen as another asset of a regime they no longer support, but out in the open, at the expense of losing their job. They might not be allowed to publicly speak out against their superior (insubordination), so by quitting, they explicitly cut that chain and avoid the consequences (which would involve being fired at the very least).

We don’t know how long and how much he has tried to fight back from the inside, how much good that might have done, and how much pressure he has faced. It’s possible he was slated for replacement anyway, and given the choice between being fired and burning the bridge himself, he felt the latter would send the stronger signal: “I hate my job so much that I’ll quit because I can’t stand to wear this title while that snotrag up there is dripping all over it. Fuck this shit, I’m out.”

And it might also send a signal to those working under him that respected him: You shouldn’t cooperate with this shit.

(There are less charitable explanations that might apply to this guy in particular, but the above generally holds for officials making a point of quitting their position)

Nope. I’m John Doe, living in Nice Try, Atlantis, and my email is “who@car.es”. But I draw the line at being asked for my birthday (which is 1970-01-01).

The userdb already has fields for other information. Nobody enforces putting anything there, nor verifies the contents. Why should DoB be different? And why should that be on the userdb?

That “stuff” is a personal information that not everyone is legally equipped to deal with.

You mean like email address, real name, location? Because those fields exist already. I’m not aware that they have ever caused any issues, even though real name and location should be more critical in a doxxing or surveillance context than “just” the date of birth.

I assure you, I don’t have my email, real name or location stored in my userdb. Nobody makes me enter them. Nobody cares. Nobody would verify if I did. What’s stopping me from entering 1970-01-01 as my DoB, if I enter anything at all?

If I’m the one storing, transmitting, querying and processing PII, I’m responsible for it. If my distro were to require email verification, proof of identity for the real name, records of my place of residence or employment to ensure the location is accurate, that would be an issue, and that would make the vendor liable for handling that data.

That is what the GDPR and related laws are actually concerned with, not the exact format or place they’re stored. Otherwise, you’d have to ban me from creating text files: I might store someone’s phone numbers in there.

Red Hat probably could afford to go to court over those laws. Maybe should, too. Maybe just passively ignore them until someone drags them to court for it. But all of that would be independent of this change.

impacts the majority of distros?

And just what is that impact?

“Here, you have a space to write stuff down.” So what? If I’ll never read it or verify the contents, what difference does it make?