Ironically, Trivy was the first known compromised package and its purpose is to scan container images to make sure they don't contain vulnerabilities. Kinda like the LLM in your scenario.
Kids aren't stupid. They'll just create another account when they're old enough to figure it out. They'll tell their friends how to do it and the rest of us will be stuck with these stupid prompts forever like it's a cookie banner.
Actually given boot chain protection, this will probably get harder as time goes on but even assuming some kids are able to, this is clearly definable as a user error: the fault lies with the kid and as a parent you need to think about your threat model.
Right now, it's not even clear how to create parental controls at a reasonable level so there's no clear path for what to do or how to respond.
Maybe we can agree that if you're mature enough to hack your own phone, you're mature enough to see a nipple. Why am I rate limited though? Dang must hate this opinion.
I don't think "real" age verification with ids is immune to this either. (kids paying an adult to get an id for it or fooling an ai classifier, whatever).
Basically unsolveable, so why worry about that edge case? Kids will always get through to some adult content somewhere. A token system will make parents feel better in the meantime.
From a parent's perspective, that's the great part about bubbling it up to the OS user account level.
Its trivially easy to see if the user (child) has indeed created multiple OS level user accounts with different permission levels if you want to spot check the computer.
You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
Its very much near impossible to verify that the child is not just going to Facebook etc. and using separate accounts and just logging out religiously.
That said I wish Apple/Microsoft/Google had more aggressively advertised their Parental Control features for Mac/Windows/ChromeOS as a key differentiator to avoid Ubuntu/Open Source distros from having to implement them.
> You'll see it on first startup and then you can have "a chat". With Guest account access disabled, spawning a new account on a computer takes 2-3 minutes, will send emails and dashboard notices to the parent.
On what OS? Microslop Windows? On my computer no one is notified when an account is created. And the account list isn't visible when I log in. I log in to the TTY.
Now, granted, I am not the norm. But my OS falls under these regulations. So what is my OS vendor supposed to do? For that matter, who is the vendor? What if I were using LFS? Who even would be the vendor for LFS? It's not even a distro!
Yes it doesn't show up probably because you were able to pretty easily mindlessly click through the part where you were asked if this is being provisioned as a child's computer.
When you provision a Windows, Mac or Chromebook these days as a child's device using your parental account, it will require a parental account to enable new user accounts and/or re-enable guest user on the device.
Like I said - my preference would have been for Microsoft, Apple, Google and Meta and TikTok to have made an industry effort to educate parents about the existence of such tools a priori of any legislation, we could have avoided Linux etc. getting sucked in.
It's pointless. Kids who want an uncensored internet will use a VPN or proxy the same way they've been getting around the restrictions and filers put on the computers and networks at schools. These laws will do nothing to protect children but will instead enable them to be targeted.
I don't think its quite so easy anymore that I can tell, with parental tools today - on a properly provisioned device you can require parental permission for app installs such as VPN, etc.
So you're advocating for stronger and more invasive controls?...
I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop. Yeah, it also aligns with Meta's interests, but so what?
The age attestation solutions pursued by the EU are far more invasive in this respect, even though they notionally protect identity. They mean that the "default" internet experience is going to be nerfed until you can present a cryptographic proof that you're worthy.
> I think this is a sensible compromise. It gives parents more control than before without relying on shady third-party software or without turning every platform into a cop.
It doesn't give parents any control whatsoever. It just forces the OS to tell every website your child goes to how old they are. It doesn't require those websites to hide certain content for certain age groups. It doesn't define what types of content are appropriate for which age groups, it just makes sure that every advertiser bidding on your child's eyes knows what age range they fall into to.
If anything this takes control away from parents because even the cases where a website does their best to restrict content based on which age the OS tells them your kid is, it's the website setting the rules and not the parents. You might think that your 16 year old can read an article about STDs, but if the website your kid visits doesn't think so you as the parent don't get any choice.
With 3rd party software parents are controlling what software is used, they have the ability to decide which kinds of content are appropriate for their children and can be allowed and which types of content should be blocked. They can black/whitelist as they see fit. All of the power is in the parent's hands. This law gives parents one choice only: "Do I honestly tell my OS how old my child is". That's the end of the parent's involvement and the end of their power.
I mean on a UNIX OS you could make it yet another group the user needs to be part of. Like the group for access to optical media or for changing network credentials. Whether the child gets root access is on the parent, but that is like with anything else. A child can get around this, but it means finding and exploiting a 0-day on the OS. If they are able to pull this of I would congratulate them.
There is a huge attack surface for this. For example, kid manages to buy an old phone. Resets the phone and creates an account. Kid buys something like a Pi 3 manages to get a regular phone to become an access point. Etc. If a laptop is not completely locked down, a kid might boot a live USB stick.
The problem is that these laws tend to escalate. Once a government starts regulating, it doesn't stop.
It is also the wrong model. Instead of creating child-safe devices, just like there is a difference between toys and power tools, this regulation pretends that all devices are child safe and parents have to figure out which ones really aren't.
One of the things I always disliked about the original Digg was their threading. The slashdot like feed where the oldest comments were at the top and there was only one level of replies tended to encourage the "first" comments and harmed the quality of the discussion. I was glad to see it use a reddit-like comment thread for the new site, but it also meant there wasn't much reason to use it over reddit.
I'm a bit surprised with Alexis' involvement they didn't anticipate the bot problem. Alexis left reddit several years ago but I'm sure he's still in touch with the folks who run the place. It would've been worth it to talk to them about the threats they currently face and how they deal with them.
Absolutely. They kinda brag about it now. But I think it was just the founders making multiple accounts. It sounds like the new Digg was worried about bots scaring people away from the site with thinly disguised ads.
v3 introduced proper nested comments and filtering, problem was they were slow to load but even worse was the design. Just very bloated and padded and the information density dropped through the floor.
DESQview was absolutely not crashy. I ran several different types of BBS software in it without issues. The "DESQview (or worse...)" comment raised the hair on the back of my neck. DESQview was revolutionary at the time and I was annoyed at having to use Windows many years later.
ASCII windows may not have been everyone's cup of tea but I loved it.
I recall running Opus (or maybe the predecessor whose name escapes me) under DESQview on my lousy XT clone. I don’t recall it being crashy but it certainly didn’t have enough horsepower to handle the BBS software and an interactive DOS window.
I couldn’t afford a second machine in those days and having to sacrifice my one and only PC for the full-time BBS wasn’t fun :)
Back in the day we would've just added our IP to the .rhosts file and no password would be required at all!
It does have me thinking about what versions of SSH would run on such an old OS. I'm sure there were versions available at one time... and since it's vulnerable to remote exploit anyways the version wouldn't really matter.
The story is because these are precision strikes and the US is feigning ignorace. Satellite photos show that each building on that block was hit dead-center and destroyed, yet the US is refusing to admit responsibility. Sure, mistakes are made during war, but this one was particularly egregious. That building hadn't been used as a military barracks in over a decade. Israel immediately said they were not operating in that area. Iran said none of their missiles were in the area. The US has said for a week now that it was "investigating" despite knowing it targeted that facility. That's yet another lie. They know they accidentally killed over a hundred little girls and as usual would rather lie than admit a mistake.
Imagine a world where in order to do business in the US you must grant the government control of your company. This sounds worse than even the most alarmist China takes.
This is exactly America’s path. All this time we were “fighting” regimes like Chinese and Russian and now it is like “can’t beat them, join them” banana republic
I don't even understand why it is thought that letting a small non-elected clique run economically important infrastructure and control the lives of thousands of employees isn't considered dystopian. Public ownership at least has democratic legitimacy.
reply