BartyDeCanter

Phones have always been locked down, all the way back to when you could only use a phone that AT&T sold you attached to a landline.

Basic cell phones were generally very locked down, or at least there was no documentation on how anything worked. I do remember using a photo and contact syncing tool that had the protocols for a bunch of “feature” phones reverse engineered. IIRC the dev gave up because he kept getting sued because the phone manufacturers and carriers made money off of charging for that.

When smartphones came around, Android was actually very open. My first Droid was completely open, no need to even unlock anything. Applications could be installed and run from anywhere, including the SD card. Custom ROMs were common and easy to install.

But the carriers were not happy, due to the proliferation of malware running on their networks and a general fear of hackers. Plus the “Hey, we want to charge for that like we do on the feature phones!” Back then, the carriers were all powerful because they could and would kick out any device they wanted. Users were also pretty unhappy due to the lack of security and malware. So they started by adding a boot loader lock and eventually locked down more and more.

The iPhone was locked down from the beginning. It was seen as more of an iPod or other accessory device by most people, so no one really cared.

And, that’s basically been it.

Really, the fact that PCs are as open as they are is pretty amazing and mostly due to different companies reverse engineering each other and a lot of court decisions. I’m sure looking back that IBM really wishes that their cases had gone differently.

I think I managed to skip the ndiswrapper era. I was using Ethernet on desktops and my laptops were Macs. Nowadays my desktop has both wifi and Ethernet, and my laptops run Linux but nmtui just works.

From TFB:

First, from the LEGISLATIVE COUNSEL'S DIGEST

The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched. This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.

That's not an encouraging start. Of course, that's not the bill itself just the official summary, so we will need to dig in deeper.

At the beginning of the bill proper, there are some definitions, emphasis mine.

Section 1798.500

(c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

There are no business threshold or network capability requirements for the application (though there is one for the computer, sorta). It's simply anything that may run on a computer. 'ls' definitely qualifies as an application per this definition. This is a pretty reasonable definition of 'application', even if it is a bit circular. We could also have quite a conversation about what counts as a “other general purpose computing device”, but it isn’t defined here.

(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application. (2) “Covered application store” does not mean an online service or platform that distributes extensions, plug-ins, add-ons, or other software applications that run exclusively within a separate host application.

PyPI, a Debian mirror, crates.io and GitHub qualify as a "covered application store". Pip and cargo are an "software application" that "distributes and facilitates the download of applications from third-party developers to users of a computer" so they are as well. Depending on case law curl, rsync and scp might also, though the 'distributes' qualifier may exempt them. Oddly, browser add-ons are probably exempt due to (e)(2). And there may be a grey area around things like VMs. A purely personal website that only has software developed by that person probably doesn't qualify due to the 'third-party' qualifier. Again, there is no business threshold listed.

(f) “Developer” means a person that owns, maintains, or controls an application.

Again, a fairly straightforward definition, that would apply to anyone who maintains any "software application that may be run or directed by a user on a computer, a mobile device" per 1798.500.c.

So, we've got that developer is a simple definition that basically matches what one would expect, as does application. Covered application store is probably broader than one would expect, and has an odd carve out, but covers most modern software distribution channels. I guess it might not cover sending CDs in the mail.

Then we get to a single simple sentence:

Section 1798.501

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

It's a really simple sentence that can be really easy to gloss over. But read it again. Maybe you could argue that it only applies the first time an application is run. But it absolutely applies when it is downloaded. There are no exceptions listed, no threshold tests, no "social media applications only". This applies to all applications, all developers, and all "covered application stores". Now CA jurisdiction doesn't cover downloads from outside of CA, but it does cover anyone downloading something inside of CA, or someone living in CA. So if a kid in CA downloads something from a outside of CA, the developer is in violation even if they are outside of CA. CA may not have the resources or desire to track down every developer outside of the state, but if they so choose they would be able to file a claim in the same way that CA can file claims on foreign people who violate other laws that involve CA victims, such as fraud.

Finally, there is this bit: 1798.504

(f) This title does not apply to any of the following: (3) The delivery or use of a physical product.

So, it looks like it doesn't apply to CDs in the mail.

Edit:

Of course, I forgot to talk about the penalty. Maybe there is something in there?

1798.503

(a) A person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation or not more than seven thousand five hundred dollars ($7,500) per affected child for each intentional violation, which shall be assessed and recovered only in a civil action brought in the name of the people of the State of California by the Attorney General.

Nope, no exceptions or commercial clauses. It just applies to anyone. And paragraph b?

(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

Well, an OS provider or covered application store isn’t responsible for someone lying to them, tech failures, or the actions of a rogue developer. But developers have no such waiver.

Yeah, the fact that I can wave to a cop walking out of a store where I just bought some pot, but might face massive fines for not doing age verification for a pong game I wrote is insane. I mean, I still want to be able to smoke my pot legally, but I also don't want to have to care about who plays pong.

I definitely remember having to futz with audio a looooong time ago, but honestly getting xf86config to work with my video card and monitor was much more difficult.

Hey! I’m not 50 yet!

Though not far off TBF.

I am fully aware of the open source ecosystem. I have contributed to dozens of projects, including the linux kernel, CPython, Perl, and others.

It’s astonishingly obvious that you haven’t bothered to read the bill at all and are just spewing nonsense. Take ten minutes and then pull your head out of your ass.

Sections 1798.501.b, 1798.502.a and b. Every developer of every application that can be downloaded from every website, platform and package system MUST request your age bracket every time it is downloaded. And every time it is launched.

Thats every application, from ‘ls’ to World of Warcraft. Thats every place on the internet that hosts software packages. It doesn’t matter if you feel like it is only aimed at “online services and platforms “ or “social media platforms and content services”.

It is written to cover everything that runs on a computer that can be downloaded and the places that host them. PyPI, crates.io, flathub, Debian mirrors, everything.

And that’s every individual developer who lives in or visits CA.

But they can fine every single developer of every single application. Sure, a lot of people won’t be in the jurisdiction of the state of California, but there are a hell of a lot of developers who are.

I’m definitely not saying we give up, but this absolutely does impact every developer, not just OS developers. Go read the bill, but here are the relevant parts:

(c) “Application” means a software application that may be run or directed by a user on a computer, a mobile device, or any other general purpose computing device that can access a covered application store or download an application.

(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

(f) “Developer” means a person that owns, maintains, or controls an application.

(b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

Based on a very narrow reading of the “covered application store” definition, a personal website that only has applications developed by that person might be able to get around the age bracket request, but the application itself is still covered. As things like itch.io, crates.io, flathub, PyPI, and every package repo.

But why are you even accepting this something like this should exist? What is the threat model that this is protecting against? How would it offer any protection against that threat? Why should everyone who is making any program need to ask about the age of their possible users?

That is correct. Every program that is downloadable on the internet, from a big commercial application store, a open source repository, a single project webpage, or a random personal hobby site that has a single file on it that gets an update after 1/1/2026 must request your age bracket when it is downloaded. Or launched. Every singe one, every single time.

Since I took at look at your user profile, that means you would need to add that to all of your github and itch.io projects. And if they are included in some other packaging system, you better be sure that they are doing it as well. Otherwise you will be personally responsible for a $2500-$7500 fine every time a kid downloads one of your games. Your site has a direct download, so what are you going to do to implement that?

Impossible? Certainly not. But why the fuck should we have to do that? Why should every bit of code you put up on the internet be required to check the age API every time it is run? What are you going to do?

I think we’re in violent agreement. It has a huge impact on both end users and hobbyists, and open source developers.

I have some things I’ve developed in the classic “scratch an itch” approach and published for the handful of people who might use it. Now I’m liable for $2500-$7500 if a kid runs 10 lines of code?

A couple of options:

It won’t, but will be a tacked on charge for prosecution on other things.
All non-big tech developers and package managers will stop serving to CA IPs.
Fines applied randomly and intermittently to whoever the DA or AG is mad at.

Go read the bill, particularly section 1798.501.b, 1798.502.a and b. Every developer of every application that can be downloaded from every package system MUST request your age bracket every time it is downloaded. And possibly every time it is launched. Basic utilities like ‘ls’ and ‘cat’, that pong example I pushed as a test, everything.

Go read the bill, particularly section 1798.501.b, 1798.502.a and b. Every developer of every application that can be downloaded from every package system MUST request your age bracket every time it is downloaded or face the fine. And possibly every time it is launched. Basic utilities like ‘ls’ and ‘cat’, that pong example I pushed as a test, everything.

It’s more than that. Go read the bill, particularly section 1798.501.b, 1798.502.a and b. Every developer of every application that can be downloaded from every package system MUST request your age bracket every time it is downloaded. And possibly every time it is launched. Basic utilities like ‘ls’ and ‘cat’, that pong example I pushed as a test, everything.

No, sorry, you’re wrong. Go read the bill, particularly section 1798.501.b, 1798.502.a and b. Every developer of every application that can be downloaded from every package system MUST request your age bracket every time it is downloaded. And possibly every time it is launched. Basic utilities like ‘ls’ and ‘cat’, that pong example I pushed as a test, everything.

Yes it fucking does. Go read the bill, particularly section 1798.501.b, 1798.502.a and b. Every developer of every application that can be downloaded from every package system MUST request your age bracket every time it is downloaded. And possibly every time it is launched. Basic utilities like ‘ls’ and ‘cat’, that pong example I pushed as a test, everything.

BartyDeCanter

@ BartyDeCanter @lemmy.sdf.org

Posts

17
Comments

496
Joined

3 yr. ago

BartyDeCanter

why dont android phones have a bios like computers and be able to load a generic arm linux iso or windows one,or be easily rooted?

hey can you hear me

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

Forced age verification is comming sooner than we thought.

hey can you hear me

Conversation Starters

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup

De googling in a complex family

All assembly done!

More Library Progress

Hung some hooks for my robe and such

Starting the install

Partner put labels on our linen storage

Bundled some cardboard

Library Progress

Shop Porn

Still on the level

Library plans

Finished my workbench and checked it

No, really, I just care about hygiene

MAGA Congresswoman slammed online for begging Homeland Security to protect Cubans and asylees

XBox Controller Help

Glue Bacon? Sign me up!

Gridfinity Drawer Organizer