This is bs …
Instead of fighting the laws and the people behind it, ‘we’ (as in ‘the community’) infight about some minor commit?
If the reason is data privacy, why not also remove ‘realName’, ‘emailAdress’ and ‘location’? 🙄
They should also remove the phone number prompt that UNIX has had since before systemd even existed. Your phobe number is an optional part of the GECOS field and has been there for a very long time without anyone freaking out like this.
As far as I can tell the Name Email and location are all voluntarily provided by the user.
This is something that will be used whether you want it to or not (that makes it invasive) because of the laws around it (of course depending on where you are).
Having fields I can ignore as a user isn’t the same as this guided attempt by lawmakers to eventually get you to give ID and retina scans just to use a computer.
This is step 1. That is why people are freaking out about it.
And I know systemd isn’t doing this out of spite, but I do wish the scene would stand up for the user more… Just say no California or whatever other shit place decides to enact that and boom problem solved. Not their fault or problem anymore.
I think these laws will be similar to prohibition. They will try for a while, but then realize they can’t succeed. Governments can’t even handle cyber security, how will they handle this?
These laws are made by corporation like FB who wish to shift the blame away from itself for their transgressions. Australian and EU laws are banning social media for pre teens and kids. So instead of them developing ways to follow that law they are shifting that onus on to the operating system.
I think you underestimate the technology they have now especially in relation to an event that happened in the 1940’s.
Its like the Stasi but ten thousand times more sophisticated and every bit as motivated.
Maybe even more motivated, because it generates money for them when they have businesses do it (Palantir) and provides “value” to the markets. Because money and control is absolutely all they care about (in the USA)
Technologically, yes, they could easily identify non-compliance with how much data is being collected these days
Logistically though? How are they going to enforce this? Sue every open source project that circumvents this? Block downloads of it with a great firewall? Fine end users? It’s just not feasible
Realistically, they’re going to go after the OSes with the biggest market share. Google, Microsoft, and Apple will be forced to comply on new devices, and maybe they’ll try to make an example or two to get compliance in advance
It will be used to target certain individuals and “nail” their proverbial “balls to the wall” when they want to ruin your life for not complying.
A us court just convicted people as terrorists and one of the main reasons they cited is that they were using signal.
“This individual circumvented security measures enacted by the united States to keep people and the children™ safe from online threats both foreign and domestic. The individual conspired with multiple other people some of them from other countries, oops we meant foreign adversaries, to destroy or circumvent this framework we had in place”
Only thing I can mainly compare it to is how weed isn’t legal in a lot of places but they usually don’t care, until they suddenly do and your life is fucked.
Think of people like Ken Klippenstein and your Edward Snowdens (who used tails to leak a lot of their illegal spying shit btw which is us made btw where these laws are starting to gain traction the most [yes I see Brazil too])
It will be used to target individuals and destroy their lives through the process.
“Oh also since you’re not using the OS level biometric whatever we enacted this is an illegal machine and we are seizing it. Oh, you had whistleblower reports about government corruption? What government corruption Ken we didn’t find those files but we did find evidence if you being antifa”
And if you think I’m just some paranoid schizophrenic and this could never happen then you haven’t been paying attention.
Instead of fighting the laws and the people behind it
We can’t use the system to change the system.
Lots did. There are about a dotzend forks for this explicit purpose.
I can see it’s just an optional text field but the ick isn’t optional. It’s leaning towards submission in comparison to resistance. I’m hoping such laws get repealed, rather than spread.
- Fork a project that you have a problem with;
- Write a strong worded manifesto;
- Revel in those sweet sweet internet clicks;
- Try to gather a team of seasoned engineers to keep and evolve the project;
- Most likely fail, look for the next controversy, repeat.
Yes, but what’s wrong with this? If you gather engineers that are capable to maintain it - what is the downside? Systemd could always have used a bit of competition, I think most of us can agree. Most of the forks of systemd will fail, but most of all projects fail after some time. I don’t think this situation will harm systemd ultimately and it shouldn’t.
There’s nothing wrong with forking a project, IF you can and intend to maintain it – hell, that’s the whole basis of FOSS.
Forking it to make a point with no intention to maintaining it is just an easy way to gather clicks and stir drama.
IMHO the effort is better spent fighting the politicians that are shoving this down our throats, or should we fork all the tech that gets affected by bad political decisions?
Try to gather a team of seasoned engineers to keep and evolve the project;
What is there to evolve? Just keep it up to date with the mainstream project while applying this one patch. This is as useful as the signatures that prohibit use of comments to train LLMs.
Forking projects to put a different coat of paint on them is just silly. It’s still the same project, it’s just got your sticker on it now. You still dependent on upstream decisions. If things change too much for your liking, you have a growing patch management issue on your hands, and that’s not fun. But hey, you’re free to do it, that’s the beauty of FOSS.
Reminds me of the Linux distros that just fork Debian, stick a new theme and logo, create a website and voilá. Nah, mate, it’s still Debian.
I find that move extremely funny, since it’s purely made for sensationalism and nothing else. I mean, if you hate how systems implemented age verification, then why don’t you remove its identity verification too, i.e. also optional fields for stuff like your address an e-mail that most users don’t even fill out.
There is no mechanism verifying what birth date you type in - you can type whatever date you want and systems doesn’t care.
I’d say no matter where you stand with age verification, this is the best solution to handle the situation. After all, any and all age checks we have nowadays are a black box anyways. There is no real knowing how other systems are checking ages, and there is AFAIK no real government mandated rules on how it is verified. They could make you scan your ID’s front, back, nuclear composition and dietary preferences and give you a result that is almost, but not quite, entirely unlike a proper age verification procedure.
If the government wants to introduce age verification, they have to do it themselves - build an API that handles the age verification, similar to how the digital ID in Germany works, as an example. If they want proper age verification, they also have to take the blame themselves if things go wrong.
This. And forking is easy. Maintaining a big piece of software is not. This is why every popular repo has hundreds of forks, but non of them are active or in sync with upstream.
You know I remember when age verification was a thing on porn sites.
No big deal, I was like 12 and could easily say “yupp, I was born April 20th, 1969” and there was no problem.
Now, in several states that has escalated to you showing your ID.
Do you think this is the end game? Systemd made it clear with this move that any kind of US law passed will be able to be honored by their architecture. They didn’t take a stand that you would expect from pretty much the entire Linux community as a whole.
And see the funny part is where you talk about “if the government wants age verification they have to do it themselves” they pretty much do in USA its called your social security number. Banks, auto dealerships, landlords etc use it all the time and its very effective.
By not taking a strong stance against what is happening here you are paving the road brick by brick to having to provide full on SSN and very plausibly retina scans or something similar in the not so distant future before you can even login to your computer or phone.
I don’t understand, how people here are missing that. Fuck we are on Lemmy because we see how shit worked with things like reddit and others. Things always escalate when control and greed are the primary motivators.
This will escalate. And when it does I want you to remember that people were rightfully making a HUGE FUCKING DEAL about when systemd started doing this because by then you will be able to see clearly how it led to whatever surveillance wet dream they are absolutely going to force on us. It will be clear, and this will be step 1 .
I don’t think that systemd is really bending the knee too hard on this one. Actually, I think this move is actually a great way to render any sort of age verification, when using systemd, inert. Because, let’s think about it: it’s an optional field, in a JSON file that NEEDS to be editable at all times. If a distro decides to implement any serious age verification, it will have to store the data, namely the date of birth, somewhere. The /home folder would be wrong, as the user could edit that at all times. The userdb on the other hand can be restricted, meaning that the user can only edit it with user privileges. So if a government questions the seriousness of this verification method, distros can just claim that it is the administrative duty of the parent to prevent their children accessing things they shouldn’t, and that the Linux kernel itself provides the proper tool to do it without constant supervision. Yet systemd cannot enforce any stricter rules because service users, especially root, are not real people and thus cannot have any age verification. The only solution would be to tie these accounts to a person. This would cause an outrage at companies, considering that this role would most likely be the CEO or CIO, and if that device is stolen their identity could be linked to a crime, and I doubt any police station would bother trying to retrieve that laptop.
So this change will most likely be the maximum systemd can do without breaking distros for corporations, while at the same time allow classic Linux users, who most likely give themselves admin rights, a way to render any verification null and void by editing this optional field on their own.
EDIT: Also, being mad at an organisation trying to meet the laws in order to be usable will solve nothing. As you said yourself: a strong stance is needed. So complaining about systemd and trying to make them revert it will do nothing, because there will always be someone who bends the knee. If you want to do something, organize or join a protest and go to the streets, show that the law is for the people, not to be used as an oppression tool.
Yup. All this crying about the field is a big nothing burger.
My line in the sand is when a distro/app starts enforcing entry of birth date data. Having a database field to store it, or even an optional prompt for it isn’t the point where I bin it.
This is the most sane take I’ve read in this entire debacle. Between arguing the semantics of attestation vs verification and whether we need five hundred forks and PRs, I’m glad to read this.
The biggest mistake the original PR did was not make it more clear it’s not directly because of the laws themselves, it’s to support higher level systems that may want to or need to comply. Systemd is no more complying with any present or future laws than a keyboard manufacturer is violating the law if the user uses it to type racially motivated hate speech.
Good distros will push default a dob of 1970-1-1, mark my fucking words.
That’s still forcing a DOB, which is the line I won’t cross.
When you make a new user using
adduserdo you leave your full name, number, and room number?Blank is blank, epoch is functionally the same as leaving it blank. Especially if it becomes industry standard.
I would but I’ve always been opposed to systemd anyway.
But for me it’s a slippery slope I don’t think we should even get on.
Yeah I hated systemd since before it was cool to hate systemd again.
But for me it’s a slippery slope I don’t think we should even get on.
I agree. But the start of the slope isn’t my exit point. My exit point is just before the slope gets too steep to get off.
That’s the thing about slippery slopes. You don’t really know where the point you slip is.
I’m curious about GNU Shepard but still haven’t gotten around to swapping. Does anyone have experiences to share?
That is a valid point. Of course it still would be rather anonymised, but it could always be a ‘frog in the pot’ type situation, where most drastic changes are introduced very slowly. My main concern at the end of the day is how much info will be required to be given to services and how much data will be actually stored. If it’s anonymised, then I don’t see much of a threat. If a service requires me to fully identify for an age check, that’s an entirely different thing, especially considering the last of Discord’s data leaks.
I agree with all that you’ve said. But why add it now? Why haven’t they added it a long time ago? Or if now they remembered, why not other extra optional fields that some people might want, like gender, sex, any other field? Oh, it would be too political? I see…
I mean, the introduction of the date of birth field is obviously done to make it easy for distros to comply with age verification by simply saving the birth date and nothing else.
As for the other fields: what use would it have to have such info at OS level? What application would use these fields and how? I mean, some fields, like the ‘location’ one, already are pretty useless, as, for example, the ‘location’ field doesn’t seem to bhave any firm consensus on how it should be formatted. Even the documentation lists both “Berlin, Germany” as well as “Basement, Room 3a” as valid values.
So I doubt not introducing such fields has any sort of political agenda to it, but just raises the question on why such fields would be useful to begin with.
I’m thinking the same. I understand the people saying it’s no big deal, it’s just an optional field. But the existing optional fields (GECOS) have been there since the beginning of time. The original Unix user database (/etc/passwd) was created in a different time. Things have changed in the last 50 years and we now know that a simple field in an OS level database is not really an appropriate place to store PII. I don’t know what the solution is, as these laws are coming and there will be some people that need to comply, but I don’t think the current change to systemd is the right approach.
On the plus side - this controversy has prompted me to look into other options for my home servers and I’m loving the minimalism and simplicity of Alpine. (This isn’t a knee jerk reaction - I’ve been frustrated by the bloated feel of mainstream distributions for a while - more the straw that may break the camel’s back)
Oh, definitely I’m not saying people should just jump the gun and replace their distro for one without systemd immediately. I certainly won’t, at least not without thinking about it for a while. But I also think that denying the controversy exists is not good. This is definitely controversial, for some people even a deal breaker and there are valid, real reasons why. For the rest, it’s good to look at what options there are, see that there really isn’t an appropriate alternative for systemd in some cases and realizing that a successful fork would be a good thing. Also, a long time criticism of the community has been that systemd does too much and it being against basic Unix philosophy. I always thought of it not being a big deal, given its modularity. But I now realize that it centralizes control and design decisions to a single org and that is certainly a weak point IMO. So a fork makes a lot of sense, but it is at this point a mammoth of the project, so it will be really hard to maintain.
you mean like adding it to a bunch of optional details already?
None of the id fields in the systemd db are required to be filled. This is useless. Simply don’t put any personal info in, and bam, you’re already liberated, from laws that aren’t even in effect yet!
Yupp 100% optional.
for now
This is perfectly logical and I agree. Except that this controversy has prompted me to go learn about Lennart Poettering. I’ve been using systemd forever and I like it - I like journald and remote journald, I like networkd, I even deleted cron off my systems and use systemd timers exclusively. I knew there was some controversy about Lennart, but I didn’t really care. Now that I’ve read a bit about his background and, maybe more importantly, his new company - I don’t have a good feeling for the future of systemd.
Finally someone who’s read into the issue
Will you still say that when they implement ID checking functionality?
Obviously not, that would be something very very different than what they’ve done.
What systemd has done is the following: They went “we speak for the distros utilizing our program now”
What they’ve done, is in the user info field (which already has a ton of information that almost nobody ever fills out) they added a date of birth field. They do not control what it’s used for, who’s going to use it, or if the user will ever bother filling it out. Perhaps nobody will ever implement a use for it, it’s really nothing.
No, what they have done is kowtowing.
What? It’s like saying systemd is handing the government your info because they have a field for your real name and address.
YOU control what info goes there, if any. It mandates NOTHING.
You may as well be mad at vim because your text editor is capable of storing your birthdate if you go in and type it and save it to /public/myInfo.txt
Context matters. Systemd did this as a reaction to frankly insane laws. They didn’t have to do anything like this, yet they did and comparing this to changing and creating files manually in vim misses the point entirely. Intentionally doing something is very different from a feature being natively present.
YOU control what info goes there, if any. It mandates NOTHING.
Until closed source or even open source programs demand an ID verified age from the OS. When that happens you are forced to unmask yourself and the systemd shit is the first step to making such an API possible. It normalizes genuinely insane demands that add nothing for the users except compliance.
when that happens, I’ll build my own ISO with that part stripped out, or just move away from systemd
Will you still say that when aliens from the 19th Dimension verify your age rectally?
I don’t know what this derailment is ultimately trying to say honestly.
It’s saying that you can invent an infinite number of hypothetical futures but they are not useful for making decisions in the here and now
The prospect of being prompted to submit an ID is not useful for making decisions in the here and now? As far as I understand it, this is the concrete danger. California lawmakers and lawmakers from elsewhere have indicated that this is only the beginning.
But this is just speculation. The fact is, systemd introduced a new optional field in the local database. They don’t publish an OS so they have no obligation to do anything more, actual implementation would have to happen in other projects.
What this is, is a spite-fork by some random AI researcher and anybody installing that on their system has way larger problems here and now than hypothetical ID verification in the maybe future.
They don’t publish an OS so they have no obligation to do anything more, actual implementation would have to happen in other projects
Why are the people who decide on changes to systemd implementing stuff that the vast majority of Linux users vehemently reject? +Things that they have no legal obligation of adding I might add.
What this is, is a spite-fork
No one deeply cares about the spite fork. It’s weird that commentators have suddenly become very acclimatised to the systemd changes. A few days ago people were asking themselves why a rando got through with an intensely disliked pull request and now we are here.
deleted by creator
Good luck maintaining it
Honestly it’s such a minor change, I’m pretty sure they could just grab all the upstream commits in the future and not do anything and it’ll be fine.
They’ll just keep forkin’ and removing that field haha
Its about forkin’ time
I’d like to try an alternative to SystemD but I don’t know quite enough to filter the list of OS options for a gaming PC. I have Mint on desktop (modern GPU) with and OpenSUSE 14 on a server.
MX Linux. But it’s as pointless as only driving cars without onboard computer not to get tracked.
You probably want to mod it so that whenever (in future) it’s called on to send an age to an external service then it just supplies a new randomised dob or age. Another good feature would be to make sure that the OS exposes any such checks to the user.
Ah yes and the dissidents using Linux who don’t know a lick of C can just simply mod their OSes
Some opinionated individuals do have programming skills, and in a Linux space, there’s plenty of dev hands.
opinionated
Greta Thunberg is just an opinionated individual. Gotcha.
This one person probably doesn’t know how to code, therefore no one does. Is that really your argument?
My argument is that most people don’t work in software and don’t know what a config file even is, this includes people who are the targets of persecution They might know how to install GrapheneOS or Mint and get the Tor browser but beyond that there is little they can do. systemd comes along and paves the way to ruining the much of libre software. If someone needs to be anonymous right now or else they are in danger, like a whistleblower with described skillset, can’t just create quick patches or implement experimental patches made by others. This is especially concerning with solutions that use external services to verify age.
They literally just added a field in the JSON schema to support a birth date field which is completely optional and has no relevance on the project. People are so dumb.
Well yeah, right now it is optional.
What about when the law passes that says it’s required on a federal level (yes I’m talking about USA). They added this one in pretty quick, do you think they would fold and be like “nah we stand for the users!”
Or do you think they will build on what is already being added here?
One inch, one centimeter, one millimeter of shit like this and eventually it keeps building until its inescapable. Until you need fingerprint or retina scans or fucking SSN or some other shit to login to your computer.
I’m sure then you would take issue with it, but by then its too late for you and everyone else.
Frog being boiled slowly and all that.
This is why it’s so important to ensure that the USA continues its slide to irrevelance.
You are right because maybe then they would lose some money and that is the only thing the us government cares about.
So once you start disrupting that, maybe shit will get different. Idk though, I’m not very optimistic about most things tbh.
However its worth noting that, in the actual github commit one of the developers for system 76 said that they are in talks with legislators right now and that this may be overturned, not even apply to open source operating systems, etc.
And one of the maintainers said and I quote, “It is possible that California law will be changed. But similar ideas are popping up in other contexts and it’s unlikely that they’ll all go away. This implementation is fairly generic and useful for other things besides age verification, so we shouldn’t decide whether to merge it or not based on a single law in any jurisdiction.” -keszybz
So, it kind of seems like they have a rock hard erection to lick any pair of boots they can, not just the USA ones.
If a law passes and you’re running your IT infrastructure and not enforcing it then you have bigger problems.
The bigger problem being the government with guns that makes you follow their surveillance laws?
Also most people don’t run IT infrastructure. Most people will not be able to escape this when it turns in to full blown surveillance.
Not to mention that removing that field won’t make you adult. Without it you can either not go to certain websites or download applications from stores like Flathub or the system assumes that you are a toddler and only let you visit baby tv.
