- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
You must log in or # to comment.
Next they will mandate a “race” field, and the same kind of imbecile will implement it.
yes, race, sex, … because in some countries men can’t access women stuff online and women can’t access men stuff, there is some good pushback and this looser was shown the door in a few places like the freedesktop gitlab and Ubuntu repos. Such a fucking looser.
Fuck this guy.
I’m so confused he adds a JSON field and corporate linux (who fund 95% of Linux development) need some sort of age auth mechanism for enterprise deployments. What do you guys want instead?
Like its not even enforceable, when the hardware attestation comes sure but before that why does anyone care (thats not going to stop you from changing a json field in systemd lmao)
Like its not even enforceable
Why bother then?
Because its required by law, and many customers of systemd need to support this?
I love the level of disdain the linux community has for this kinda bootlicking.
Be careful now! His coworkers will act most silently.
You know what, at this point they can totally fuck systemd and I won’t care anymore.
Half of my machines were running sysvinit already, I’m freeing from systemd the other half, also exploring other Linux distros that took a stance against this and even BSD.
If everything fails, there’s always Linux from scratch.
Collaborator
Then he said Arch Linux should implement it anyway because the law requires it. archinstall PR #4290
Well, it’s not “the law”, it’s your local law. To most people on the planet, it doesn’t apply any more than for example North Korea’s laws. As far as I can find, Arch Linux is not owned by a foundation or similar legal entity (i.e. which could have been located in California), but the lead developer appears to live in Germany.
I mean they kidnapped maduro and are trying him under new york law so…
So… if the law interferes with your goals, apparently it is now perfectly fine to just ignore it.
That seems to be the approach the US government is taking.
I mean yes, the dems have been breathlessly going on about how that thing that Trump’s doing is illegal but nothing seems to happen. There is no opposition at all
Germany has a similar law already active
§12 Jugendmedienschutzstaatsvertrag
(1) Anbieter von Betriebssystemen, die von Kindern und Jugendlichen üblicherweise genutzt werden im Sinne des § 16 Abs. 1 Satz 3 Nr. 6, stellen sicher, dass ihre Betriebssysteme über eine den nachfolgenden Absätzen entsprechende Jugendschutzvorrichtung verfügen. Passt ein Dritter die vom Anbieter des Betriebssystems bereitgestellte Jugendschutzvorrichtung an, besteht die Pflicht aus Satz 1 insoweit bei diesem Dritten.
(3) In der Jugendschutzvorrichtung muss eine Altersangabe eingestellt werden können
But yes, neither such laws nor the implementation into systemd is in any way positive and should be fought
to all y’all with the “it’s just a text field”: what if the field is “race”? “sexual orientation”? “jerks_off_to”? what the fuck has a system managing daemon got to do with any of that? and why would you preemptively put it in there without even a pretense of a fight?
fuck you make us! make linux illegal, in Cali of all places. guess how long that will last?
You want the user to put their age somewhere?
Have a simple script that asks for a number and echos it into a file called “age”. Done.
And they can only run the script if they want to.
$ cat /home/$USER/isUserUnderage.txt no $ ll /home/$USER/isUserUnderage.txt -rw-r--r-- 1 root rootDone. Now please let me through, mr. Caflifornia Immigration Officer
That would still be complying. Not okay.
I still don’t understand why it needs to be implemented as part of systemd, and not - say - as a service. Or, if we want to “go with” the law - make it a kernel module, which sounds more impressive (“we are complying at the kernel level!”) but in practice so much easier to opt out of.
I don’t see what’s wrong with implementing it as an add-on to the https://en.wikipedia.org/wiki/Gecos_field as the PR in question does. It’s the most logical place as the location to store user information and is even easier to opt out of—you just edit a file—than choosing whether to compile Linux with/add to DKMS a kernel module.
Edit: One can see https://github.com/systemd/systemd/blob/8878df45c1a58afdfb500fdc53ec50e057a240ce/docs/USER_RECORD_BLOB_DIRS.md?plain=1#L103 for an example of a user record file and its path. Further documentation you can read at https://github.com/systemd/systemd/blob/8878df45c1a58afdfb500fdc53ec50e057a240ce/man/systemd-userdbd.service.xml#L36 and https://github.com/systemd/systemd/blob/8878df45c1a58afdfb500fdc53ec50e057a240ce/docs/USER_RECORD.md .
Is there an Arch fork that is not implementing this shit or do I have to go non systemd now? Because this BS is not going on any of my machines.
+1 I spent years wondering if my decision to invest in learning systemd was worth it. The sunk cost fallacy blinded me for too long but I am now willing to ditch systemd if a fork is not made.
I believe this pissed of enough users and it’s likely we will see a fork
https://aur.archlinux.org/packages/systemd-liberated-libs-git
systemd has already been forked
Don’t go around installing random AUR packages, this really shouldn’t need to be said.
Artix is one, but I have no experience with it.
This whole article/blog post reads as “How dare this person follow the law. ;(”
I really don’t understand the pushback on this one person for submitting the change request. When it is the lawmaker that put this law into place that we should be criticizing. The post repeatedly uses how the contributer said that the change was “hilariously pointless and ineffective.” As some sort of gotcha as to why the merge should not have been accepted but does not explain why the maintainers should not follow the law other than “law bad”.
It also consistently calls out the various peoples’ places of work and experience as some sort of boogeyman for why they should not be allowed to contribute to open source. If these people were universally accepted to be bad actors in the community then they would not be accepted as reviewers for these projects. This just attacks their character to try to prove a point.
“How dare this person follow the law. ;(”
The law requires an operating system provider to provide the age.
Is systemd an OS provider? NO.
They didn’t do it for the law. Especially since the law doesn’t require to do it before next year.
well someone has to implement it somewhere on the stack. systemd seems like a good candidate ?
Why, because they throw everything in there like a jello salad?
do you have an alternative solution in mind?
“The law”, what law? Why should my computer in fucking Canada ask for age verification?
Because big tech and the us government want to complete the panopticon and the people queued up to approve his change worked at MSFT?
This shit needs to be stopped cold. Mark Zuckerberg doesn’t get to buy control of Linux just because he bought control of Gavin Newsom.
Even if systemd is managed by someone outside of Cali that does not automatically except them from all Cali laws. When a person decides to distribute software that comes with the legal responsibility of the locations where the software is distributed.
Why does your computer need to ask for your full name or office location? You don’t have any issues with those fields? Or is it because you understand that those are optional just like this field is?
If you don’t want to put your bday in then don’t. fork the software and remove what you don’t want. That is the great thing about open-source.
If you don’t trust the maintainer of systemd then why are you using their software in the first place?
You are right it is obvious that zuck wants to hoover up as much data as possible. But what if, instead of this being a data gathering ploy (since the law forbids the data to be used for anything else), this is them trying to put the responsibility of controlling what children look at online onto the parents?
While I don’t think that FB should be held resonsible for all the ways they fucked up the youth, I also think that the parents are to blame as well.
Hilarious that you think that the law affects how the us government behaves.
The holocaust was legal, hiding Jews to keep them alive was illegal.
Following the law does not guarantee you’re doing the right thing.
The word antisemitism has been thrown around so much that it’s lost all meaning, but what you just said, comparing the holocaust to age indication on the internet, is holocaust minimization which is near universally agreed to be antisemitic.
Equating this law with hiding jews during the holocaust is crazy.
At the rate things have been going, we are certainly headed that way and we get there by accepting this kind unnecessary privacy violations.
Let’s just ignore whether there’s any moral or ethical arguments about legal compliance: What law is this man complying with? This is not a law that governs him. He is volunteering, and not compelled. There is no sanctity of law at play here.
Are you implying that only people who are affected by something are allowed to contribute to open source projects? If this were some nobody developer in California would that really make you any more likely to accept that this merge request is okay?
There’s no subtext. This man has no obligation to this law, so “How dare this person follow the law. ;(” isn’t relevant. This man is not following a law, he is simply going about his day. He is volunteering, and not compelled. There is no sanctity of law at play here.
But, to play ball, yes. If a person who would otherwise receive punishment were to do this, I would take that into account. That is not the case here.
Jesus fucking Christ guys. Regardless of your thoughts on age verification, hunting down someone just for complying with the (currently) rather inoffensive law is nuts.
Posting his face here is absolutely going to get him doxxed, and going to cause someone to actually hunt him down and hurt him.
Focus your anger on the people who actually passed and push for this law. Not the person who drew the short straw and had to implement it.
EDIT: Yeah, this whole discussion is toxic now. Suggesting that someone shouldn’t be lynched for making a change in a piece of software is equivalent to me agreeing with that change. I don’t like the push for age verification. It gives me a lot of stress. But I don’t think some random software developer should be hurt for it.
Reading the room wrong when writing software is not worth a life.
You’re part of the problem and I look forward to the day when you’re ashamed of it.
Regardless of your thoughts on age verification, hunting down someone just for complying with the (currently) rather inoffensive law is nuts.
No one has been hunted down. I’ve not read an article anywhere showing that’s happened, have you? Also, this wasn’t complying, this was being complicit. The law IS offensive, both to ones sensibilities and in that it literally attacks Linux by attempting to criminalize it. No one is taking a life, but maybe educating those in charge of open source projects and employers who work closely with the open source community, that this person should not be granted contributor access to such projects.
Why does the rest of the world have to comply with a handful of states laws? The US is not the center of the universe. If you people want to lick the boot and allow this, then by all means, create your own terrible versions and leave the rest of the world alone.
Have you checked your local laws? At least for Germany there is already one requiring this option.
Systemd is NOT an operating system provider, so they didn’t have to do absolutely anything.
It was their choice to do what they did, not the law, especially since it won’t be active and enforceable before next year.
Witch hunts are despicable indeed but lets not use that an an excuse to justify what they did.
Not the person who drew the short straw and had to implement it.
That’s the whole point, though, they don’t have to implement it. They’re under no obligation at all to do so. Try to rule Linux is illegal in California and watch Silicon Valley lobbyists damn near riot. They’re just giving in, but even just procrastination would be a ridiculously effective tactic.
- He didn’t draw any straw. Nobody asked him to work on such an implementation (or maybe Meta did?).
- In fact, he appeared out of the blue to do this implementation. This was his very first pull request on the Systemd git.
- From the very start he received a huge amount of critical comments from the community on GitHub, while he was working on this. He neglected their criticism and plowed on.
So he already had a warning that the majority of the community didn’t agree on what he was doing. Nobody asked him to. He chose to continue – he could have imagined the consequences.
And the whole context on why and why now he did this is fishy.
It’s not inoffensive at all, it’s being pushed by religious whackjobs https://www.eff.org/deeplinks/2026/03/rep-finke-was-right-age-gating-isnt-about-kids-its-about-control
That’s the Minnesota bill. The PR does not comply with that. You can read on how to the California law and NY and Colorado bills basically say to give the user a drop-down to select their birth date.
He “was only following orders”. But yes this is a class war.
Uhm, wat. Had to implement, worldwide? Da fuck are you talking about?
Complying with this shit is nuts.
Provided compliance is nuts, this man is a nutcase for complying. Sounds all good, but I dont believe being a nutcase warrants doxxing, verbal harassment, verbal threatening, and everything else that we’re seeing here.
Hey, honestly, thanks for being mature and real about this. I 100% am going to be migrating away from systemd after seeing how quickly this happened at the project and yhat Microsoft can basically decide they want code added to it; but I’m not gonna drag this random junior dev… I’m gonna choose to direct my hate at Microsoft instead. If they orchestrated these changes, that is the story here. When did that corporation get its fingers into the cookie jar, and how do I now make sure my entire software stack is free from projects where Microsoft can have this level of influence? That’s the tactical picture that matters.
So what you are saying is is that you are a collaborator, too? What’s your real name, friend?
it’s the public info on the accounts GitHub page it’s not like anybody really had to dig at all
Nah useful idiots like this deserve the shit they’ll get.
No.
Lots of disingenuous comments in this thread regarding the change being “just json” considering they’re already on a warpath of implementing id verification. They are testing the water to see what they can get away with. Furthermore, the Linux community has always been against shit like this (see: systemd outrage, open bios, gnu etc).
I’ll believe that if and when they actually force me to upload identification to prove that my birthday really is 1970-01-01 and my name really is Nunya Bissnis. Otherwise, it’s really no different from Steam asking my birthday when opening store pages or porn sites asking “click here jf you’re 18” and take my word for it.
So long as it’s being enforced just as well as the realName field, I maintain that it is indeed harmless. If the point is to have a hilariously ineffective solution as a fig leaf against a stupid law, I’ll prefer that to efforts to actually implement verification.
It’s not harmless, that’s the thing. Its just the thin end of the wedge.
“Do not comply in advance.” There is simply no need for this. Resist because it’s our duty to do so in order to keep our freedoms. Start with, “why are they doing this?” Then go follow the money. Zuckerberg and Meta, that’s why. They have been under the gun for years to protect people, especially minors, from the harms of their attention based economy of apps. They hired lobbyists in multiple states to push this legislation. Why? Because if the OS does it, they don’t have to, and can blame all the problems on the OS. What’s the Meta business model? Gather data and sell it. The more accurate and targeted the data, the higher the price. What do these laws do? Add more data. Why doesn’t Apple, Google, and Microsoft resist? They already have the infrastructure and are data gathers themselves. Why does the government allow this (US and all 5 eyes)? They LOVE surveillance.
Sincerely, thank you for spelling it out to the rest of the class.
These things are always worded ‘agreeably’ enough that by the time we’re done going back and forth debating it all day, they’ve pushed even more invasive policies on us.
I try to explain to people a lot. If you like freedom, and you want to keep it, it’s a constant fight. The power structures are far more profitable without it, so they’ll undercut it every chance they get. “Give an inch they take a mile.” Don’t give them the inch.
I’ll believe that if and when they actually force me to upload identification to prove that my birthday really is 1970-01-01 and my name really is Nunya Bissnis
It’ll be too late by that point. Way way way too late.
I doubt those changes would be PRed, merged, updated in my distro and somehow automatically pushed to my system in the blink of an eye. This isn’t Microslop we’re talking about who can force-push intransparent “fuck your settings” at the drop of a hat, and I’m certainly going to be much more wary of upcoming updates now. This isn’t my point of objection (yet - mandatory entry would be), but definitely a point of caution.
If they stick to malicious “here, you can ask for a date, but we can’t guarantee which date, if any, you’ll get” compliance, that isn’t perfect, but it’ll be good enough to make a joke out of tracking the date at all.
Besides, just this change being minor would be no reason not to keep pushing back against the law and airing our discontent about the direction they’re heading in, because the direction is definitely concerning.
Who are “they”?
Loaded question. Governments, country and state level, technocrats, fascists.
There is a special guillotine for this wannabe parasite.
