As people have pointed out in other threads, you don't even need access to these services to cause problems. As long as the AI can send any bytes out, it can leak information. Like you may think of an HTTP GET as read-only, but you can pack any data you want into the URL or headers.
In the end it will all be about separation of duty between agents in a larger team and isolating the ones that need more access to your private stuff.
Wardgate acts like a drop in replacement for curl with full access control at the url / method / content level, so you can allow specific curl access to specific APIs but prevent all other outbound connections. That's what I use for my PA agent. She's very limited and can't access the open internet. Doesn't need it either
(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
> Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.
Regardless of the technical details of the law(s), the devs are sensibly refusing to prompt for age on a fricking calculator.
Hopefully Linux distros get on board with this and announce non-CA/CO compliance as policy.
Ultimately, it does not matter. This legal notice is just theater, as anyone from CA or CO can still download, build and use the program. Linux distributions will just do the same.
Certainly. However, The developer seems to want to avoid the $2,500 per violation by any child who accesses the calculator, and might see a dick pic... because that calculator firmware does indeed allow for image viewing, and application development. It's more powerful than your PC back in the late 1990s.
All new PCs sold in the late 1990s handedly beat these specifications. On CPU, storage, RAM, and display. The DM42 firmly remains an embedded system that's just enough for the calculator software and not much more.
If you want to take it back to the early 1980s, you start reaching the claim being true.
I had a program on my overclocked TI-83 in 1998 that displayed a single pseudo-greyscale dithered photograph of a topless Pamela Anderson, which has left me hopelessly psychologically scarred. Ban this filth
Well, no, that's not how laws like this work. Of course people in these states can just install the software and it is very likely nothing more will come from that unless some politico in one of these states decides she has a beef against the company, group or person which distributes the software. When that happens she'll have this law at hand to whack them with because the knowingly violated state law so they need to be dealt with, won't anyone think of the children?.
I'd also put notice in the usage that the offices of the representatives of the politicians that voted for this law they are not allowed to use the software as a historical wall of shame.
For Linux it will be way more problematic because:
- A lot of of corporate contributions comes from SV.
- Linux Foundation is incorporated in CA.
- Linus himself is CA's resident AFAIR.
So there is zero chance of claiming no jurisdiction. The only hope is whoever is enforcing this batshit wouldn't go after what is essentially not an OS for the purpose of the bill, but rather an internal component (it would be like going after a vendor of bolts and nuts for noncompliance of a toaster).
It's more likely to be an issue for distributions like Debian, Ubuntu, Red Hat, etc.
Although, if I'm understanding this correctly, I think all they would have to do to comply is have something during installation that asks for the age category, and write a file that is world readable, but only writable by root that contains that category that applications can read.
That is already way too much as far as I'm concerned. It's not that it's difficult, it's that it's arbitrary and a form of commanded speech or action. Smallness and easiness isn't an excuse.
If you write a story, there must be a character in it somewhere that reminds kids not to smoke. That's all. It's very easy.
I actually don't mind mandating the market take reasonable actions. The EU mandating USB C was an excellent move that materially improved things.
However I think mandated actions should to the greatest extent possible be minimal, privacy preserving, and have an unambiguous goal that is clearly accomplished. This legislation fails in that regard because it mandates sharing personal information with third parties where it could have instead mandated queries that are strictly local to the device.
Under no circumstances should we be “mandating” how hobbyists write their software. If you want to scope this to commercial OSes, be my guest. That’s not what was done here.
I'm not sure where the line between "hobby" and "professional" lies when it comes to linux distributions. Many of them are nonprofit but not really hobbyist at this point. Debian sure feels like a professional product to me (I daily drive it).
We regulate how a hobbyist constructs and uses a radio. We regulate how a hobbyist constructs a shed in his yard or makes modifications to the electrical wiring in his house.
I think mandating the implementation of strictly device local filtering based on a standardized HTTP header (or in the case of apps an attached metadata field) would be reasonably non-invasive and of benefit to society (similar to mandating USB C).
> I'm not sure where the line between "hobby" and "professional" lies when it comes to linux distributions. Many of them are nonprofit but not really hobbyist at this point. Debian sure feels like a professional product to me (I daily drive it).
"Professional" means you're being paid for the work. Debian is free (gratis), contributors are volunteers, and that makes it not professional.
What about Ubuntu? Its a combination of work by volunteers and paid employees, it is distributed by a commercial company, and said company sells support contracts, but the OS itself is free.
And there are developers who are paid to work on various components of linux from the kernel, to Gnome, does that make it professional?
Is Android not professional, because you don't pay for the OS itself, and it is primarily supported by ad revenue?
I would argue they're not, because they're not fully under the responsibility of a commercial entity, because they're open source. Companies can volunteer employees to the project, even a project they started themselves, but the companies and employees can come and go. Open source projects exist independently as public goods. Ultimately, it just takes anyone in the world to fork a project to exclude everybody else from its development.
Mint started off as Ubuntu. Same project, with none of the support contracts, no involvement from Canonical needed at the end of the day, etc.
On a practical level, it doesn't make sense to put thousands of dollars per user in liabilities to non-compensated volunteers whatever the case may be with regards to the employment of other contributors.
At some point it seems to devolve from a meaningful discussion about how things should be done into a semantic argument (which are almost always pointless).
> it doesn't make sense to put thousands of dollars per user in liabilities to non-compensated volunteers
I agree when it comes to individuals. But it probably does make sense to hold formally recognized groups (such as nonprofits) accountable to various consumer laws. I think the idea odd that Windows, RHEL, Ubuntu, and Debian should all be regulated differently within a single jurisdiction given that they seem to me largely equivalent in purpose.
You've confused and confabulated like 11 different things there. None of what you said has anything to do with either what I said or what the law says.
The way this currently exists is basically unenfoceable because the critical terms are not even defined. It's not even ultimately intelligible, which is a prerequisite to enforcing, or even being able to tell where it does and does not apply, and whether some covered entity is or is not in compliance.
And then another state will pass a law mandating scanning of all local images, and another state will want automated scanning of text, and a different country will want a backdoor for law enforcement. We have to stop this here and now.
"Linux" is just the source code to the kernel, pure free speech, and it can't run by itself in order to ask anybody anything. Underage programmers will benefit from the education of reading it.
Stop spreading disinformation. Linus and others did most of the work in the kernel. GNU project on the kernel side was architecture astronaut vaporware aka "Hurd". They were much more successful in userland (coreutils, gcc and the toolchain, gdb, Emacs, to name a few).
I meant the userland specifically. By calling what is fundamentally a GNU system running on a different kernel just "linux" it makes people think linux and his crew made all of the userland, in part because saying a college student made "an entire operating system" is far more profitable for news agencies than acknowledging his important but overall relatively small role in what they call "linux"
Because the kernel is the irreplaceable piece. None of what GNU did is: there are numerous implementations of coreutils and shells and at least one non-GNU production-quality compiler toolchain (clang-llvm), a few alternative libcs. And many distribution do actively use the non-GNU parts. But none of this is useful without the kernel that is compatible with computers people have. And the only usable kernel we have is Linux (while BSDs are out there too, they take a much different tightly-integrated approach to userspace).
Oh, I don't discount that! That's why I find it important to specify GNU/Linux. Not only is it respectful, but it makes the very important distinction that it is a Linux system running a GNU userland instead of a plan9 one or a busybox one. Usually when people speak of "linux" they're referring to GNU/Linux though
To add to this: I can appreciate the significance of GNU, especially in early Linux distributions, but the position of "GNU was the real OS, Linux was just the kernel" is also deceptive, IMO.
Sure, a lot of the userspace was GNU, but a lot of it ... wasn't. Things like PAM, the init system, and the network config tools, off the top of my head. A lot of system-specific tools come from "not-GNU", too.
You can't discount how much of early Linux was "GNU", and how big a deal GCC and GNU libc (and the rest!) were, but it's disingenuous in my opinion to call GNU an "operating system" that you just plugged Linux, the kernel, into. Even today, as far as I can tell, there is still not a true GNU system. Guix comes close, in terms of being "GNU-ish", but the most usable Hurd distro (AFAIK!) is Debian, where, again, a lot of components come from Debian, rather than GNU.
And, as you say, modern systems have drifted even further from being GNU. They have lots of GNU components, but so did, say, the Sprite OS, or a lot of 4.4BSD derivatives.
On that note, one of these days I want to make the GNU system as it was imagined a reality. Perhaps with the linux kernel as its kernel, maybe with co-official status with the hurd
“can download” could refer either to transfers initiated by the user, or to transfers initiated from the device. The language “from [device] developers to users of [that device]” clarifies that this applies if users can access a third-party directory and/or repository of applications.
I strongly encourage the EFF to sue the FSF over not shipping age verification in Emacs, since in every respect Emacs fits these criteria; it is a computer environment that avid users can reside fully within to operate their system, and its publisher operates a directory+repository system at https://elpa.gnu.org. I think that both organizations would be excited to pursue that lawsuit pro bono, since it would evidence such significant flaws in the law that it might be struck by the court.
Incidentally, this likely also implicates Tesla and BMW as not requiring age verification before allowing users to download updates containing new pay-to-unlock applications from their vehicles’ in-app purchase marketplaces. I’m sure they would both be happy to help overturn this law once implicated in violating it.
It's also still bound only to companies in CA. I'm in GA, I don't have to comply, for example, if I were making operating systems. People REALLY need to push back when governments try to extend their reach beyond their borders, like EU regulations. The more we let them the more enshrined in law it will become. We have the right and duty to say no, that only applies in your jurisdiction.
Developers are not lawyers, so they cannot be expected to know every subtle detail of the law, and not how these laws are then interpreted (in a often non-logical way) by courts.
If you are providing legal advice as a legal professional, happy to follow your advice. Are you willing to provide legal indemnity to me? I assume it will be cheap, say $12/year.
> Or it took an hour of back and forth with ChatGPT loaded up with those 34 pages.
That's exactly what I was thinking when I read that line. And there's nothing necessarily wrong with using AI to help decipher large legal documents, just be honest about it.
I've always been baffled why we just hand the man pages over to a normal pager rather than something that actually understands their structure. That "look up a flag" case is exactly what bothers me constantly when viewing man pages. And the search they say they should be using doesn't even work consistently since the flag might not be the first non-whitespace thing on a line if there's aliases.
Yes AI has taken away the tedium, but a lot of that could already be overcome by leveraging your text editing tools well or with basic code generation (such as being able generate the skeleton of a class from an interface).
And there was something nice about still having to put in the manual work in those cases. It let me process what the code is actually doing and gave me the opportunity to internalize it in a way that just doesn't happen with AI. It also sort of gave me a thinking break where I was engaged at just the right level to let the thoughts about the more interesting parts float around in my head. With AI writing all the code, I feel like I'm either fully engaged with those thoughts or not engaged at all. And that's a bit of a problem because aha moments often happen when the idea is in that middle area of thought.
I'm a little wary of believing this without confirmation. It certainly sounds like something an app from a big Chinese company might do, but the LLM writing style with em-dashes replaced by double hyphens looked like someone trying to hide that they use an LLM. And I noticed that the account for the Gist submission is only 3 hours old. And then looking here the account on HN is also only 3 hours old. Seems a little sketchy to me.
It's not, but do you really think the people having Claude build wrappers around Claude were ever aware of how services like this are typically offered.
If you tell me "no fucking way" by running it through an LLM, I will be far more pissed than if you had just sent me "no fucking way". At least in that case I know a human read and responded rather than thinking my email was just being processed by a damned robot.
I'm feeling the same way. It's quite the contrast from all the hype posts that make it sound like you give the AI a rough idea of what you're looking for and then it will build it from start to finish on its own.
reply