So, I have actually read the text of California law CA AB1043 and, honestly, I don't hate it.
Uncategorized
85
Posts
56
Posters
1
Views
-
@nicolas17 @Jeramee @david_chisnall Are you kidding?
@Andres4NY state vs federal?
-
@Andres4NY state vs federal?
@nicolas17 Have you seen who is the governor of the state that is proposing this? Have you seen who was AG of that state for half a decade (starting around 2011) who openly supported genocide? Both parties have happily supported the Epstein class. Pretending that there's some vast difference between the feds and states when it comes to this stuff is pretty wishful thinking.
-
So, I have actually read the text of California law CA AB1043 and, honestly, I don't hate it. It requires operating systems to let you enter a date when you create a user account and requires a way for software to get a coarse-grained approximation of this that says either 'over 18' or one of three age ranges of under-18s. Importantly, it doesn't require:
- Remote attestation.
- Tamper-proof storage of the age.
- Any validation in the age.
In short, it's a tool for parents: it allows you to set the age of a child's account so that apps (including web browsers, which can then expose via JavaScript or whatever) can ask questions about what features they should expose.
In a UNIX-like system, this is easy to do, with a tiny amount of new userspace things:
- Define four groups for the four age ranges (ideally, standardise their names!).
- Add a
/etc/user_birthdaysfile (or whatever name it is) that stores pairs of username (or uid) and birthdays. - Add a daily cron job that checks the above file and updates group membership.
- Modify user-add scripts / GUIs to create an entry in the above file.
- Add a tool to create an entry in the above file for existing user accounts.
This doesn't require any kernel changes. Any process can query the set of groups that the user is in already.
If a parent wants to give their child root, they can update the file and bypass the check. And that's fine, that's a parent's choice. And that's what I want.
I like this approach far more than things that require users to provide scans of passports and other toxically personal information to be able to use services. If we had this feature, then the Online Safety Act could simply require that web browsers provide a JavaScript API to query the age bracket and didn't work unless it returned 'over 18'.
@david_chisnall This shouldn't be allowed, as it creates a precident to intrude more into our peaceful lives. Fascism is sickening.
-
So, I have actually read the text of California law CA AB1043 and, honestly, I don't hate it. It requires operating systems to let you enter a date when you create a user account and requires a way for software to get a coarse-grained approximation of this that says either 'over 18' or one of three age ranges of under-18s. Importantly, it doesn't require:
- Remote attestation.
- Tamper-proof storage of the age.
- Any validation in the age.
In short, it's a tool for parents: it allows you to set the age of a child's account so that apps (including web browsers, which can then expose via JavaScript or whatever) can ask questions about what features they should expose.
In a UNIX-like system, this is easy to do, with a tiny amount of new userspace things:
- Define four groups for the four age ranges (ideally, standardise their names!).
- Add a
/etc/user_birthdaysfile (or whatever name it is) that stores pairs of username (or uid) and birthdays. - Add a daily cron job that checks the above file and updates group membership.
- Modify user-add scripts / GUIs to create an entry in the above file.
- Add a tool to create an entry in the above file for existing user accounts.
This doesn't require any kernel changes. Any process can query the set of groups that the user is in already.
If a parent wants to give their child root, they can update the file and bypass the check. And that's fine, that's a parent's choice. And that's what I want.
I like this approach far more than things that require users to provide scans of passports and other toxically personal information to be able to use services. If we had this feature, then the Online Safety Act could simply require that web browsers provide a JavaScript API to query the age bracket and didn't work unless it returned 'over 18'.
@david_chisnall Does this law only apply to desktop OSes? I fail to see why my NAS needs an age api.
-
So, I have actually read the text of California law CA AB1043 and, honestly, I don't hate it. It requires operating systems to let you enter a date when you create a user account and requires a way for software to get a coarse-grained approximation of this that says either 'over 18' or one of three age ranges of under-18s. Importantly, it doesn't require:
- Remote attestation.
- Tamper-proof storage of the age.
- Any validation in the age.
In short, it's a tool for parents: it allows you to set the age of a child's account so that apps (including web browsers, which can then expose via JavaScript or whatever) can ask questions about what features they should expose.
In a UNIX-like system, this is easy to do, with a tiny amount of new userspace things:
- Define four groups for the four age ranges (ideally, standardise their names!).
- Add a
/etc/user_birthdaysfile (or whatever name it is) that stores pairs of username (or uid) and birthdays. - Add a daily cron job that checks the above file and updates group membership.
- Modify user-add scripts / GUIs to create an entry in the above file.
- Add a tool to create an entry in the above file for existing user accounts.
This doesn't require any kernel changes. Any process can query the set of groups that the user is in already.
If a parent wants to give their child root, they can update the file and bypass the check. And that's fine, that's a parent's choice. And that's what I want.
I like this approach far more than things that require users to provide scans of passports and other toxically personal information to be able to use services. If we had this feature, then the Online Safety Act could simply require that web browsers provide a JavaScript API to query the age bracket and didn't work unless it returned 'over 18'.
@david_chisnall@infosec.exchange
Я это вижу так, что в системе просто должен быть какой-то файлик, который будет хранить мою дату рождения, и все приложения смогут обратиться к этому файлику просто чтобы не спрашивать меня, есть ли мне 18. Условно, захожу я на страницу игры в Steam, на сайт секс-шопа, на страницу фильма с рейтингом 18+ на сайте кинотеатра. Я не хочу каждый раз вводить дату своего рождения. Будет удобно, если это можно будет как-то автоматизировать. Но опять же, я не вижу причины, почему это должно быть делом государства. Это задача инженерная, а не юридическая. -
@drahardja @david_chisnall Also, "coarse-grained" is nothing but theater. Frequently visited sites can determine a child's exact birth date by noticing when the API changes from returning "under 13" to "between 13 and 16."
@ieure @drahardja @david_chisnall Which makes it probably irresponsible for a parent to provide their child's real birth-date into this field that may be leaked to arbitrary untrusted parties.
-
@lerxst @david_chisnall Yeah, like 18 is not even standard across the globe.
@Arcaik 18 is the closest there is to a standard, due to the Convention on the Rights of the Child, which establishes 18 as the default age of majority (but stll allows it to be overridden by local laws). A curious example of another value leaking is how, because 16 used to be the age of majority in Netherlands for a long time, a lot of medical guidelines for trans youths, even in other countries, used to adopt 16 as an explicit age that a person would be able to consent to their gender (until the GOPnik bullies decided to start picking on trans women and children after the Oberge fell).
-
@Arcaik @lerxst @david_chisnall true. But the important is the country of child and whether he or she is considered adult in his own country by his own device. Until they are adults, it should require parent's consent.
@pemensik You forget that a typical Big Tech TOS includes a venue clause, specifying that the laws of wherever their headquarter is apply to the contract.
-
undefined oblomov@sociale.network shared this topic
-
@pemensik And how does this law change that?
The “parental controls” that exist today provides the same level of restriction as this law with less burden and fewer privacy issues.
@drahardja I think browsers should send underage header for every normal request, based on OS indication. Then instead of authenticating adults, rely on kids do not have powers to avoid sending such indication. If OS doesn't provide the information, we cannot make browser vendors sending it.
-
@pemensik And how does this law change that?
The “parental controls” that exist today provides the same level of restriction as this law with less burden and fewer privacy issues.
@drahardja I disagree existing parental controls have something similar. For example Windows controls won't work at all in Mozilla Firefox nor Google Chrome. This seems a way to fix it.
-
@david_chisnall So I also read the text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
I have MANY issues with how poorly defined many of the terms are in the document (e.g. is a website an “application”?), and how it still holds developers liable for verifying the provided age information (“internal clear and convincing information…that a user’s age is different”), but…
The part that to me implies implementation is that there is no leeway for the OS to *under*-report the account’s age group, e.g. reporting that a user is younger than they actually are—strictly, they are liable for civil penalties either way. This implies that the OS *must* collect the user’s date of birth and store it somewhere, and derive the age bracket from that date on a daily basis (like your algorithm says). This means that it’s not enough for a parent to set up an account as “13–16 years old” and leave it at that forever.
IMO the fact that the OS *must* collect a child’s birthdate to comply is an erosion of privacy.
@drahardja @david_chisnall The law says the OS must provide a way "to indicate the birth date, age, or both, of the use".
The only reasonable interpretation of this is that this is satisfied by asking for the "age" as just the year (because no reasonable person would expect the UI to ask for the user's age to day precision). But this makes the law kind of contradictory since you can't actually determine if someone is above 13, etc. merely from the age provided at account creation.
Maybe it's *intended* to be sufficient to just ask for an age (or a drop-down for each of these brackets) and rely on the parent to update this in the future as needed, but as you say that doesn't really seem to fit with how it's worded.
So yeah, just seems very poorly thought out in general.
-
@ieure @drahardja @david_chisnall Which makes it probably irresponsible for a parent to provide their child's real birth-date into this field that may be leaked to arbitrary untrusted parties.
@ids1024 @drahardja @david_chisnall Honestly, irresponsible for anyone at all.
-
@ids1024 @drahardja @david_chisnall Honestly, irresponsible for anyone at all.
@ieure @drahardja @david_chisnall For someone who is already an adult, if it just has these brackets it doesn't actually leak the age, only that one is an adult. Though it also serves no purpose.
II'd probably advise everyone to just enter Jan 1 1900 or Jan 1 1970 or something for all computers used by them or their children.
-
@pkw AFAIK the issue is not the network bandwidth but how much the OS restricts underage users (children). Actually, according to @david_chisnall the #ageverification should be a totally local process, not even requiring network access. @AVincentInSpace
-
@pkw AFAIK the issue is not the network bandwidth but how much the OS restricts underage users (children). Actually, according to @david_chisnall the #ageverification should be a totally local process, not even requiring network access. @AVincentInSpace
I knew @pkw was talking about developer bandwidth, and I'm not convinced it takes much of that either.
-
I knew @pkw was talking about developer bandwidth, and I'm not convinced it takes much of that either.
@AVincentInSpace Oh, my! As a #nonNativeSpeaker I tend to miss those subtleties, I would have rather used the term "developer time" or at most "developing resources" @pkw
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
3 marzo 1993: muore Albert Sabin
@anarchia
di Bruno Lai. Scopritore del vaccino che sconfisse la poliomielite: non volle arricchirsi con i brevetti. Albert Sabin (1906-1993). Albert Sabin è una delle figure più affascinanti della medicina del XX secolo, non solo per il suo contributo scientifico, ma...Vedi l'articolo
https://www.rivoluzioneanarchica.it/3-marzo-1993-muore-albert-sabin/
-
Quello che mi stupisce di più in tutto questo è che Prodi festeggi la fine del Ramadan, visto che è appena iniziato... 😁
-
## 📡 Non è un giocattolino. È radio. Punto.
A prescindere dai miei 30 anni passati sui ponti radio.
A prescindere dalla patente da radioamatore dal ’95 (ok, nominativo scaduto… ma il cervello no).Quando vedo qualcosa di nuovo, non mi metto a premere pulsanti a caso come fosse l’ennesima app per chattare con gli amici.
Mi documento.
Perché **LoRa non è “messaggini simpatici via Bluetooth”**.
È una tecnologia radio seria. Con fisica, limiti normativi, parametri tecnici e responsabilità.Se vogliamo fare le cose in modo utile — non folkloristico — si parte dalle basi:
👉 https://www.loraitalia.it/wiki/cose-lora/
---
## ⚙️ Cos’è davvero LoRa
LoRa non è un social.
Non è WhatsApp in montagna.
Non è “ah guarda che figo, mi vedo sulla mappa”.È una modulazione radio a spettro espanso (Chirp Spread Spectrum), progettata per:
* coprire grandi distanze
* consumare pochissima energia
* lavorare in banda ISM 868 MHz
* rispettare il famoso **duty cycle 1%**Quel famoso 1% che molti ignorano, ma che significa:
> puoi trasmettere solo per 36 secondi ogni ora su quella frequenza.
Non è un dettaglio.
È ciò che distingue chi gioca da chi capisce cosa sta facendo.---
## 🧠 Nodo, rete, copertura
Un nodo non è “una chat portatile”.
È un elemento di una rete mesh.
Può fare da router, da client, da infrastruttura.
Può estendere copertura.
Può collegare zone isolate.Ma per farlo bene devi sapere:
* dove lo metti
* che antenna usi
* che altezza hai
* che ostacoli hai intorno
* che parametri radio stai impostandoNon è magia. È propagazione.
-Se l’obiettivo è “scrivere ciao dal divano”, va bene tutto.
Ma se l’obiettivo è rendersi utile, creare copertura reale, fare rete, costruire qualcosa che rimanga, allora si studia.
Si parte dalla documentazione.
Si capisce cosa si sta usando.
Si rispettano le regole radio.Poi si monta l’antenna.
Io non sto abbandonando nulla.
Sto solo facendo quello che ho sempre fatto quando si parla di radio:
Prima capire.
Poi trasmettere. 🙏
#MESHTASTIC
-
@meatlotion wow, it's beautiful!
-
@stefano the view from my bedroom window. Not as colourful, but definitely as hopeful.
-
📬 NicFab Newsletter #10 | March 3, 2026
Privacy, Data Protection, AI & Cybersecurity — weekly review.
In this issue: EU enforcement actions, EDPB developments, cybersecurity alerts, and AI Act analysis.
👉 Read the full issue: https://www.nicfab.eu/en/newsletter/2026-03-03-issue-10/
📩 Subscribe: https://www.nicfab.eu/en/pages/newsletter/#subscribe-now
#Privacy #GDPR #DataProtection #AIAct #Cybersecurity #InfoSec
-
@antonemma infatti io NON uso Microsoft ma esclusivamente #Linux e #SoftwareLibero. In particolare ho ancora una TV tradizionale che però uso come monitor multimediale collegato ad un #Raspberrypi con kodi.tv. Non c'è collegato niente altro
-
@esna@serafuku.moe 이미 國漢文混用體로 쓰고 있습니다. 😎
