- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
You must log in or # to comment.
Collaborator
I still don’t understand why it needs to be implemented as part of systemd, and not - say - as a service. Or, if we want to “go with” the law - make it a kernel module, which sounds more impressive (“we are complying at the kernel level!”) but in practice so much easier to opt out of.
I don’t see what’s wrong with implementing it as an add-on to the https://en.wikipedia.org/wiki/Gecos_field as the PR in question does. It’s the most logical place as the location to store user information and is even easier to opt out of—you just edit a file—than choosing whether to compile Linux with/add to DKMS a kernel module.
Is there an Arch fork that is not implementing this shit or do I have to go non systemd now? Because this BS is not going on any of my machines.
Artix is one, but I have no experience with it.
https://aur.archlinux.org/packages/systemd-liberated-libs-git
systemd has already been forked
Don’t go around installing random AUR packages, this really shouldn’t need to be said.
+1 I spent years wondering if my decision to invest in learning systemd was worth it. The sunk cost fallacy blinded me for too long but I am now willing to ditch systemd if a fork is not made.
I believe this pissed of enough users and it’s likely we will see a fork
There is a special guillotine for this wannabe parasite.
Then he said Arch Linux should implement it anyway because the law requires it. archinstall PR #4290
Well, it’s not “the law”, it’s your local law. To most people on the planet, it doesn’t apply any more than for example North Korea’s laws. As far as I can find, Arch Linux is not owned by a foundation or similar legal entity (i.e. which could have been located in California), but the lead developer appears to live in Germany.
I mean they kidnapped maduro and are trying him under new york law so…
So… if the law interferes with your goals, apparently it is now perfectly fine to just ignore it.
That seems to be the approach the US government is taking.
I mean yes, the dems have been breathlessly going on about how that thing that Trump’s doing is illegal but nothing seems to happen. There is no opposition at all
Germany has a similar law already active
§12 Jugendmedienschutzstaatsvertrag
(1) Anbieter von Betriebssystemen, die von Kindern und Jugendlichen üblicherweise genutzt werden im Sinne des § 16 Abs. 1 Satz 3 Nr. 6, stellen sicher, dass ihre Betriebssysteme über eine den nachfolgenden Absätzen entsprechende Jugendschutzvorrichtung verfügen. Passt ein Dritter die vom Anbieter des Betriebssystems bereitgestellte Jugendschutzvorrichtung an, besteht die Pflicht aus Satz 1 insoweit bei diesem Dritten.
(3) In der Jugendschutzvorrichtung muss eine Altersangabe eingestellt werden können
But yes, neither such laws nor the implementation into systemd is in any way positive and should be fought
to all y’all with the “it’s just a text field”: what if the field is “race”? “sexual orientation”? “jerks_off_to”? what the fuck has a system managing daemon got to do with any of that? and why would you preemptively put it in there without even a pretense of a fight?
fuck you make us! make linux illegal, in Cali of all places. guess how long that will last?
Yeah, scary.
What about some other scary fields like:
- Real Name
- Office Address
- Office number
- Office telephone number
- Home telephone number
- external e-mail address
I mean if those fields were stored, could you imagine the danger that Linux users would be in?
You don’t have to imagine, because those fields have been stored in UNIX/Linux since 1962. https://en.wikipedia.org/wiki/Gecos_field
Those are also entirely optional and not having them filled in doesn’t cause other software to stop doing what the user wants.
The same with the birthDate field.
Stored “because law”, right?
Who cares why it is stored, these fields exist for every user in every Linux system and they have existed for decades.
Either birthDate the field is dangerous or it isn’t. If it is, how?
It is no different than data fields that ask for way more identifiable and personal information such as Real Name and Office number which have, again, existed for decades without issue.
I care. One thing is “you know, fields with this name have been around since before you were born”, another thing is “some idiots passed the law half the globe away, now we are preparing your system to comply. Someone has to ©”. The field is not the danger, the thinking, attitude and act is
Edit: some local law, for fuck’s sake
That’s a fair argument.
Is it fair to say: The field is benign but there is contention about if it should be added or not and users of the software are concerned that their voices were not heard on the issue. That can be handled in the normal project framework, perhaps by suggesting a publicly stated policy about these issues around legal compliance so the community can determine if they want to support the project or not.
My argument is that I don’t think that the damage that was done justifies the hitpiece in the OP which is, almost literally, painting a target on the developer with the mugshot photograph and loaded language.
So, if you’re not one of the people then we’re having different conversations. In that conversation, I do agree with what you just said. I’d like to see the very large projects, which affect a lot of users, such as systemd, have a more formal way to accept public comment and respond on contentious changes and feature requests.
Is it fair to say: The field is benign
It is benign if it is optional, remains 100% local and under the user’s control and doesn’t prevent other software from functioning as expected.
I think back then it was generally assumed this simply assisted with office communication.
Imagine telling a UNIX engineer in the 70’s how almost everything you enter into a machine would eventually be used to manipulate or entrap you by the State and surveillance capitalism.
Imagine telling a UNIX engineer in the 70’s how almost everything you enter into a machine would eventually be used to manipulate or entrap you by the State and surveillance capitalism.
This isn’t a hypothetical. North Korea uses a version of Linux which does exactly that.
It still doesn’t make these fields inherently dangerous, and that same argument applies to birthDate. Even if systemd build a verification system that required photo identification and a DNA sample it wouldn’t be a problem.
The community would just fork the project before the totalitarianism update. The FOSS world already has a process to avoid massively unpopular changes. This change isn’t massively unpopular, this is a vocal minority who is stirred up by web articles leveraging clickbait and outrage to drive ad revenue.
The age verification laws are unpopular, I’m personally completely against them. However, they do exist and adding an optional field in order to allow project, who choose to do so, to store that data is not a red line or the start of a slippery slope.
In the future, if there was a red line that was crossed, we would fix it with a fork and not with a harassment campaign.
https://en.wikipedia.org/wiki/Boiling_frog
That’s you. You have no issues giving anyone an inch and then wondering why you’re being lined up on the street afterwards once they’ve taken the mile.
https://en.wikipedia.org/wiki/Slippery_slope
That’s you. You have no issue embarking on a creative writing exercise, painting the scariest possible scenario and pointing at that piece of fiction as if it were reality.
You think you can just make up lies about countries far away from you and no one will notice? Think again, whisu.
You must be off by a decade. Your reference mentions no OS and Unic was developed around 1970.
Your reference mentions no OS
I have the strong feeling, that some guys have crossed some red lines. Verbal abuse is also a form of violence. What will happen next? Will you beat, kill?
Someone add the default to 1/1/1970
A mistake without regret must be punished. They are not kids acting silly. I don’t feel comfortable with a foot on my neck, even when that foot isn’t pressing very hard.
Lots of disingenuous comments in this thread regarding the change being “just json” considering they’re already on a warpath of implementing id verification. They are testing the water to see what they can get away with. Furthermore, the Linux community has always been against shit like this (see: systemd outrage, open bios, gnu etc).
Who are “they”?
Loaded question. Governments, country and state level, technocrats, fascists.
I’ll believe that if and when they actually force me to upload identification to prove that my birthday really is 1970-01-01 and my name really is Nunya Bissnis. Otherwise, it’s really no different from Steam asking my birthday when opening store pages or porn sites asking “click here jf you’re 18” and take my word for it.
So long as it’s being enforced just as well as the realName field, I maintain that it is indeed harmless. If the point is to have a hilariously ineffective solution as a fig leaf against a stupid law, I’ll prefer that to efforts to actually implement verification.
I’ll believe that if and when they actually force me to upload identification to prove that my birthday really is 1970-01-01 and my name really is Nunya Bissnis
It’ll be too late by that point. Way way way too late.
I doubt those changes would be PRed, merged, updated in my distro and somehow automatically pushed to my system in the blink of an eye. This isn’t Microslop we’re talking about who can force-push intransparent “fuck your settings” at the drop of a hat, and I’m certainly going to be much more wary of upcoming updates now. This isn’t my point of objection (yet - mandatory entry would be), but definitely a point of caution.
If they stick to malicious “here, you can ask for a date, but we can’t guarantee which date, if any, you’ll get” compliance, that isn’t perfect, but it’ll be good enough to make a joke out of tracking the date at all.
Besides, just this change being minor would be no reason not to keep pushing back against the law and airing our discontent about the direction they’re heading in, because the direction is definitely concerning.
Your real name and location data have been stored in UNIX/Linux for over 60 years. https://en.wikipedia.org/wiki/Gecos_field
realName and location have been fields in systemd since the beginning.
Were you panicking about this before social media told you to be afraid?
Your real name and location data have been stored in UNIX/Linux for over 60 years.
IF you entered that info. And it wasn’t being used by applications to enable surveillance laws. It’s a false equivalency.
The birthDate field is optional. As userdb as a whole.
It’s like talking to a wall with these people.
It’s not harmless, that’s the thing. Its just the thin end of the wedge.
“Do not comply in advance.” There is simply no need for this. Resist because it’s our duty to do so in order to keep our freedoms. Start with, “why are they doing this?” Then go follow the money. Zuckerberg and Meta, that’s why. They have been under the gun for years to protect people, especially minors, from the harms of their attention based economy of apps. They hired lobbyists in multiple states to push this legislation. Why? Because if the OS does it, they don’t have to, and can blame all the problems on the OS. What’s the Meta business model? Gather data and sell it. The more accurate and targeted the data, the higher the price. What do these laws do? Add more data. Why doesn’t Apple, Google, and Microsoft resist? They already have the infrastructure and are data gathers themselves. Why does the government allow this (US and all 5 eyes)? They LOVE surveillance.
Sincerely, thank you for spelling it out to the rest of the class.
These things are always worded ‘agreeably’ enough that by the time we’re done going back and forth debating it all day, they’ve pushed even more invasive policies on us.
Lots of disingenuous comments in this thread regarding the change being “just json” considering they’re already on a warpath of implementing id verification. They are testing the water to see what they can get away with.
https://en.wikipedia.org/wiki/Slippery_slope
Argue against what is happening, not fictitious and hypothetical scenarios that are not happening.
Furthermore, the Linux community has always been against shit like this (see: systemd outrage, open bios, gnu etc).
We’ve had fields for storing way more personal information (like real name, home telephone number, location, etc) since 1962. https://en.wikipedia.org/wiki/Gecos_field
There is nothing that a birthdate will tell about a person that their real name and location will not.
The criticism here needs to be aimed at the laws and politicians. This article is whipping up a lynch mob against a volunteer developer using a clickbait article for the purposes of ad revenue.
Collaborator! What’s your name?
Excellent. Just having his face out there will discourage him for good, once he gets the backlash.
He should just fuck off, we don’t need free and open source anything that is in league with Palantir.
Jesus fucking Christ guys. Regardless of your thoughts on age verification, hunting down someone just for complying with the (currently) rather inoffensive law is nuts.
Posting his face here is absolutely going to get him doxxed, and going to cause someone to actually hunt him down and hurt him.
Focus your anger on the people who actually passed and push for this law. Not the person who drew the short straw and had to implement it.
Why does the rest of the world have to comply with a handful of states laws? The US is not the center of the universe. If you people want to lick the boot and allow this, then by all means, create your own terrible versions and leave the rest of the world alone.
Have you checked your local laws? At least for Germany there is already one requiring this option.
Uhm, wat. Had to implement, worldwide? Da fuck are you talking about?
No.
It’s not inoffensive at all, it’s being pushed by religious whackjobs https://www.eff.org/deeplinks/2026/03/rep-finke-was-right-age-gating-isnt-about-kids-its-about-control
That’s the Minnesota bill. The PR does not comply with that. You can read on how to the California law and NY and Colorado bills basically say to give the user a drop-down to select their birth date.
Systemd is NOT an operating system provider, so they didn’t have to do absolutely anything.
It was their choice to do what they did, not the law, especially since it won’t be active and enforceable before next year.
Witch hunts are despicable indeed but lets not use that an an excuse to justify what they did.
- He didn’t draw any straw. Nobody asked him to work on such an implementation (or maybe Meta did?).
- In fact, he appeared out of the blue to do this implementation. This was his very first pull request on the Systemd git.
- From the very start he received a huge amount of critical comments from the community on GitHub, while he was working on this. He neglected their criticism and plowed on.
So he already had a warning that the majority of the community didn’t agree on what he was doing. Nobody asked him to. He chose to continue – he could have imagined the consequences.
And the whole context on why and why now he did this is fishy.
Not the person who drew the short straw and had to implement it.
That’s the whole point, though, they don’t have to implement it. They’re under no obligation at all to do so. Try to rule Linux is illegal in California and watch Silicon Valley lobbyists damn near riot. They’re just giving in, but even just procrastination would be a ridiculously effective tactic.
Complying with this shit is nuts.
Provided compliance is nuts, this man is a nutcase for complying. Sounds all good, but I dont believe being a nutcase warrants doxxing, verbal harassment, verbal threatening, and everything else that we’re seeing here.
So what you are saying is is that you are a collaborator, too? What’s your real name, friend?
it’s the public info on the accounts GitHub page it’s not like anybody really had to dig at all
There’s a huge difference between someone’s information being available on github and someone taking their picture and photoshopping it to look like a mugshot and writing a hit piece article that’s whipping people up into a lynch mob.
Not really.
He “was only following orders”. But yes this is a class war.
Nah useful idiots like this deserve the shit they’ll get.
Fuck Dylan Taylor
He didn’t just try. He succeeded in doing so. His pull request was merged into systemd and will land into your distro eventually (if it is systemd-based).
There are distros free of systemd, like Devuan, based on Debian.
There are distros free of systemd, like Devuan, based on Debian.
AntiX, Artix, Guix System and a few others
Gentoo has 5 different init systems
systemd already stores your realName and location. It has stored that information since the beginning.
There is nothing that birthDate will tell a person that they can’t find out using your realName and location.
I agree with you but repeating your arguments in mass replies does not make it stronger.
I don’t think that it does, if this were a wikipedia discussion where bad faith arguments and trolling were removed then I’d agree.
But since the moderation on this topic doesn’t exist, the only thing remaining to Team ‘Don’t Dox and Harass Developers’ is the blunt instrument of repetition.
You are trying to protect the villain in the story.
Personally, I do think it’s a useful exercise to decide what your red-lines are when it comes to OS level age verification.
For me: Having a field in a database that could contain my DoB is acceptable. Having a prompt to populate it during first time set up is very concerning. Requiring that data to be validate by a third party is the red line.
If you don’t want to be boiled like a frog, bring a thermometer.
NO!
