- cross-posted to:
- privacy@lemmy.dbzer0.com
- cross-posted to:
- privacy@lemmy.dbzer0.com
The latest changes implemented in the Systemd repo, related to or prompted by age-verification laws, have made many people unhappy (I suppose links about this aren’t necessary). This has led to a surge in Systemd forks during the last days (“surge” because there have always been plenty of forks). Here are some forks that explicitly mention those changes as their reason for forking (rough time ordering taken from the fork page):
-
paramazo/systemd “The systemd System and Service Manager without age verification”
-
ganitam/systemd “Systemd fork just before the Age Verification addition. Hoping more capable developers and maintainers do same…”
-
GSYT-Productions/systemd-fork “The systemd System and Service Manager, without the stupid Age Verification”
-
speedythesnail/unret arded-systemd “The systemd System and Service Manager, without the ret arded age-verification commits”
-
ta13579/systemd “The systemd System and Service Manager WITHOUT THE FUCKING AGE CHECKS”
-
r4shsec/systemd-no-age-verification “This is systemd but without the age verification made via pull request https://github.com/systemd/systemd/pull/40978”
-
Pingasmaster/fightthesystemd “Systemd without the nonsense: no age verification, no lighthouse built-in.”
-
Jeffrey-Sardina/system “Liberated systemd – no surveillance. Ever.”
-
HaplessIdiot/systemd-saneagecheck “The systemd System and Service Manager with age verification bypass and polling rate options for said feature”
-
Queer-Coded-LGBTQ/systemd-fuck-california “The systemd System and Service Manager, but without age bs added in.”
-
Codiak540/unshitted-systemd “A fork of systemd aiming to strip the Age verification. Sue me california.”
Hopefully the energy of this reaction won’t be scattered among too many alternatives, although some amount of scattering is always good.
You must log in or # to comment.
Out of the loop:
The systemd project merged a pull request adding a new birthDate field to the JSON user records managed by userdb, in response to age verification laws in California, Colorado, and Brazil.
Lennart Poettering clarified that this is an optional field in the userdb JSON object — not a policy engine, not an API for apps. It just defines the field so it’s standardized if people want to store the date there, but it’s entirely optional. Systemd itself does nothing with the data.
What a nothing burger
It’s not nothing, freedom is often taken by inches.
How do you see this depriving anybody of freedom? It’s an optional field. There’s no logic connected to it. Even if you were to put your date of birth into that optional field how do you see this technically connects with external consumers let alone for regulatory purposes?
Complying in advance.
It is not complying in advance, it is beeing prepared for when the law becomes active and binding.
This is one of the beautiful things about open source. If the original devs do something stupid, the community can fork.
Amen!
Good luck trying to maintain the mammoth that is systemd… why not just switch to an alternative init system and focus your efforts on contributing to those, instead of trying to single-handedly maintain such a huge codebase?
You got any good tips on alternatives?
They can be a bit overemotional about systemd’s issues, but their list of init systems and distros is rather exhaustive
It’s all nerdy stuff, usually installed via CLI. I think Devuan is the most user friendly, at least it has an installer
I’ve used Void, Devuan, Chimera and Guix. They’re all cool, and I did learn interesting things as a developer, but I wouldn’t advise switching to one of those distros just for the current drama. Wait until it actually gets bad, there will hopefully be user-friendly distros to address the situation.
Ah, well. I don’t think I’ll be changing my distro from Arch unless this becomes a real issue for me. Thanks for the recommendation though.
If you want something more featureful, OpenRC is decent.
I usually use runit, which is much more lightweight, which I like.
You can try out distros with different inits in VMs and see what you like. Or if you’re the distro-hopping kind, just distro-hop.
I don’t know. I don’t think I’ll ever leave Arch as long as it’s available.
Hopefully, someone makes a “False Verification” module that can replace surveillance systems like this. I am expecting to someday use SteamOS Desktop, so being able to rip out the “legitimate” verifier and replace it with one that doesn’t work or allows for faked personas, would be good.
Mind, it would be far better if the verification bullshit NEVER takes off. Hopefully one of these alternatives would put SystemDOGE to sleep.
There is no verification and there is no surveillance: You can enter whatever value you want, or no value at all.
It’s exactly like the other personal information (full name, location, phone numbers) you can enter, when you create an account using standard tools on Linux
Rewrite in Rust when?
I’m mostly interested in how will they handle giving the info to apps. If it’d let me to block or fake the request depending on what I currently need (just prompt me every time an app asks, and let me choose the bracket), I’m good.
Tbh, most sites that are slowly getting targeted by age verification laws are things I’m kind of addicted to and have been trying to drop for a long time. A “scan your face or id” dialog would be a good reminder to finally cold turkey it. It’s one of the things I hate more than however much I need their platforms.
If you have root access to the system, then you can enter any date you wish. That’s not exactly a per-app or per-request prompt, but there is nothing preventing you from using whatever date you want. The only situation where this is going to matter is when an adult manages a computer for a minor and wants them to be age restricted.
I get the “boiling a frog” arguments against this. It does feel like a first step towards gating the Internet behind government ID. However, if this were to forever be the way things work, I don’t see a problem.
I’m also not sure how resistance from the Linux community on this law will do anything to prevent future authoritarian overreach. It could do more to keep us marginalized, which will make us even less capable of standing up to the next phase.
It’s more the question of why is everyone folding to this age verification nonsense. One dumb state makes a law, now everyone is bending over backwards to comply. A state full of corruption no less, like what are the alteria motives.
Maybe parents should start, parenting their kids, rather than making the government parent them.
alteriaulterior motives🤝 Maybe “government
parentbrainwash them”.Because it is not only one dumb state but also multiple countries with such laws, either already active or as plans.
We should be not complying with any of them, but actively resisting it. This is authoritarianism, pure and simple.
Hi! I’m actually the creator of unshitted-systemd (the one at the bottom of the list). I had my eye on systemd for a few weeks due to the whole AI code fiasco, but the second my friend DM’ed me saying “they just added age verification” I said “I’m forking it”, forked it, stripped the DoB field, and submitted a PR
Not even an hour later my PR was closed due to being “Spam”.
So I went further, stripped all the AI code, the realName field for User Accounts, and started fixing issues that haven’t been fixed by systemd themselves. I also saw a 4.5 second boot time speedup from installing mine. I have NO IDEA how, but it’s happened.
I plan on going further and taking out parts that go against user privacy and control over their system (I.E: systemd makes the /etc read only by default, I’ve removed that code in my fork)
I can’t do this on my own though, if anyone wants to help, please let me know! you can email me at codiak540@bbs.4d2.org, or contact me through github. You might be able to DM me on this platform idk I’m new to it, and my discord is @codiak540
If the original description hasn’t made it clear, I’m not afraid of California. I don’t live in California and as such believe I am not subject to their stupid laws. Keep that in mind if you’re considering helping me.
I also saw a 4.5 second boot time speedup from installing mine. I have NO IDEA how, but it’s happened.
If I saw a speedup that I didn’t understand, then I’d worry that I had accidentally broken something. It’s easy to get speedups by not doing things correctly
Or i’d start looking for backdoors in the old code.
That’s similar to how the backdoor in xz was found. A slightly slower connection caused by obfuscated payloads tipped off a developer to find out what caused the slowdown. His was half a second lag so i’d really be curious what would cause 4.5 seconds.
That’s a lot less likely to be the case; I am aware of just one example of what you describe, and that’s the example you give, whereas I’ve “sped up” my own code many times, by accidentally breaking stuff.
Rather than assume the presence of backdoors, the rational thing is simply to work out why you are seeing a difference in performance, and to determine if you fixed something by accident, or (the more likely scenario) if you broke something by accident
You’re saying to not assume the presence of backdoors out of some discipline to avoid fear.
That’s absolute nonsense. Fear isn’t real even when your imagination is so child-like you can’t discern the difference. How the fuck did you learn to “code” without the basis logic of living paradox validation hash? You can’t even learn math til you get past that and you talk about treating people with some kind if child like care handling.
Paranoia doesn’t have fear because fear isn’t real, let alone when conducted for the sack of logic feeding imagination meaningful scope of direction observation eyes to discern “bugs” regardless of it being intention all or accidental.
Intention doesn’t exist in a coders read manual over others even when patterns of any volume arise. You don’t know what people are anymore when you read code. I would say end of story but there wasn’t one to begin with. You were already distracted hashing out against way to many of the same such handled by unchecked hashes with the words you use.
Like money. Intent may be real but unless it’s you it doesn’t matter and even then, then it’s not, now is it?
Did you reply to the wrong comment? I have no idea how you managed to get all that from my comment. All I’m saying is, "when you hear hoofbeats, think of horses, not zebras”
well you’ve already won from the marketing point of view compared to the others because yours isn’t a shit (lol) name
I saw a fork coming when the AI drama started, good on you. Don’t have the time budget for it right now, but you should contact the other fork devs, maybe you could join forces.
Lovely!
I wanted to fork too but wanted a more carefully planned one (avoid reverting the new time utility names in case they will be re-used in the future & to make syncing newer changes from upstream straightforward otherwise it will not be a one-to-one replacement)
I would love to help with your fork, allocate a worker to build a binary from the CI, create an AUR package (I already studied the systemd arch package a little bit), start using the fork and hopefully with some PRs too. Discord is blocked where I am so it would be cool to have a matrix group / space for this effort and let’s see how far we can push this. Because if this doesn’t work, I will be moving to Artix or Gentoo 100%
deleted by creator
the linux community is funny sometimes
Yes, this whole thing is very silly. Linux installers ask for your full name already. You can just make one up. Same with the birthday.
The slippery slope total surveillance state paranoia is hysterical.
That is not the point. If it was so logical to add, why add it now, when you know it is controversial? The devs are aware of the controversy, they have made a political decision to do it this way. At the very least, they could’ve handled it with more care - as sensitive matters should. Turning a blind eye and pretending this is business as usual is very insulting. To me at least, and I’m sure to most who care. If you do this during “the surveillance state paranoia”, you have to be aware you are contributing to more of it.
Because raging autist nerds get upset about minor changes all the time. They mostly make a lot of noise, but don’t actually provide the foresight or insight they believe. The Linux culture is filled with them and has held back Linux for decades with their uncompromising radicalism.
You can always have your shitty forks and weird distros for fanatics. Just let other people be productive and practical.
This has happened so many times by now. It’s very destructive behavior and lots of wasted energy.
I agree to some degree, but I think the issue of age verification is beyond this point. Yes, Linux users tend to be much nerdier and reactive than the general public. But they are the ones who use linux in the first place. Whether they gatekeep linux from others is another story, but the devs should know their audience by now - and hopefully care. And what’s more - a lot of idealists (I wouldn’t call them autistic, though that may be a factor) hate systemd in the first place. They already dont use it or don’t want to use it. So the ones that do, I argue, are more mainstream. I am one of them. I don’t want to go back to sysvinit and write a script for each new service. I also know that this doesn’t end here. Today they add the field, tomorrow, some mainstream browser will depend on it existing and the frog will be boiled. Now it is not an API, but it’s added in case anybody needs it. So you didn’t even have to add it. And they didn’t add a gender field in case anybody needed it, for example. Yes, Linux community would probably start arguing about that, but not nearly as much IMO. I think this is far more mainstream issue than you give it credit, honestly.
“If you’ve got nothing to hide, you’ve got nothing to worry about”, people used to say. You don’t hear it as much, these days, probably because it is now such a transparently ignorant thing to say.
You’re not forced to enter your true name or true birthdate. Do you have your true birthdate on your Steam account for example?
Yes, not yet. That’s how they walk it in, a little at a time. First they add in the functionality, but don’t worry, you don’t have to enter your true birth date! Then, well meaning (or malicious) developers will start making use of that field, instead of asking you for it on a case-by-case basis. Then, more regulation will come down the pipe, requiring that the date of birth be sourced by some trusted provider. Soon enough, you need to use your government ID biometric chip to log in, and all of your activity is directly connected to your real-world identity. That is their end goal. That’s why they’re doing all of this.
The more important question here, why do you feel the need to defend this? What does this feature add to your operating system? How does it improve your computing experience?
not who you replied to but makes linux systems maliciously compliant so that you can still use them (say, in schools) without having your privacy violated.
your slippery slope argument could apply to any field of userdb: real name will require an id, location will require geolocation!
slippery slope is a logical fallacy, complain when systemd requires an id, not when it does the bare privacy-respecting minimum to comply with a silly law
It isn"t malicious compliance at all, it is just compliance. This is exactly what the law requires, to a T. Windows and MacOS would implement it in an identical way.
You want to act like this field is just being added for no reason, and not for compliance with a law that is being created as part of a fabric of increasingly authoritarian age assurance, age-based restriction laws and a rising tide of fascism. A slippery slope argument is where someone claims negative consequences without evidence, there is plenty of reason to believe the goal is de-anonymization.
What benefits would this feature add for you? How would it improve your computer? Why is it being added now and not at the same time as name and location which were added literal decades ago?
for me it adds nothing (like most userdb fields as i don’t use them) but equally doesn’t remove or compromise anything, userdb is optional
i’m absolutely not acting like it’s being added for no reason, did you read my reply? it’s being added (and i just wrote it) to maliciously comply with CA upcoming laws. you instead just acted like a optional field is the same as MS no-offline setup. “Windows would implement it in an identical way”. do you even use linux?
you claim there’s plenty of evidence and this is not a slippery slope because the goal is deanonymization. this is not how you prove to not be in a logical fallacy. “legalize gay marriage and they’ll marry dogs”, “oh i have plenty of evidence queer folks are against nuclear family”. the second statement is true (per this queer folk) but it doesn’t make the first less of a slippery slope.
Meta pushes for age verification? i believe that, not contested. systemd will violate privacy? this is the slippery slope. i know meta wants privacy violated. you’re claiming that having an optional field is a dead giveaway systemd wants to let meta do this.
how? wouldn’t systemd rely on meta services, or third party stuff like persona, to id you if they really wanted to make sure who you are? i see no api calls, i see no system lockdown when not complying, i see no data being sent away.
i see an optional field that nothing uses, that prevents nothing, that is strictly on your device.
you say it’s “just” compliance, but how does it verify? if this is compliance with age verification, it sure lacks a lot of verification and seems to just be age. thus why this is malicious compliance: the bare minimum to be lawful and not compromise user privacy. seems desirable to me
Yeah, its not like there is a big push by many governments around the world, for more surveillance and therefore less privacy, right?
When those governments find out I’m 150 years old I wonder what they’re going to do
Yeah, you really missed my point by saying that. This law on its own is not dangerous, because you can lie.
They will clearly stop it there, I mean its for the safety of our children after all.
No I didn’t miss your point. I was intentionally stating that what you’re worried about is not what is currently happening.
Slippery slope, the world’s always ending, blah blah blah
They should make the API call for apps to query that value a per-system/boot randomly generated signature, so it’s impossible to use while also complying with the law.
Personally I do not want to comply with the law. It’s a law that violates my basic rights as a human being, and any tools that favours it or try to comply with it become tools that commit the same violations. My laptop is mine, I decide what goes in it, and nobody has any right to force any software in it, no more than they have any right to put a camera in my house to check what I do. When “laws” violate human rights, what counts is not what’s the “legal” thing to do, but what’s the moral thing to do.
Today we would be in a Russia-like state if people had not actively resisted, broken, and refused to comply with unjust laws.
Nothing more dramatic than Linux users angry-forking a repository
As somebody that uses valkey, I’m happy there’s drama.
Yup, and MariaDB, and LibreOffice, and Nextcloud…
Systemd still has no age verification, so all those forks are absolutely pointless.
If and when Systemd adds age verification, I’ll move away from it.
But the recent change adds literally nothing. Just leave the field blank, like you always did with those for your home address and full name.
The age field is malicious compliance. It satisfies the letter of the law while being completely and deliberately useless for its purpose.It doesn’t work quite that way. Typically you have a sequence of very small changes, all “innocuous”, that lock you more and more into the previous ones. When you suddenly realize that the cumulative change is bad, you also find it’s very difficult to “move away from it”. This is why it’s important not to give away a single inch, from the very start.
That’s simply not true in this case.
With age verification, there’s a very clear cut-off point that you can see and act upon:
Age verification is when you’re required to verify your age.
Not just enter a number.And the way to fight against this law isn’t to “boycott” systemd.
Literally no one will notice. It’s free, so using it doesn’t support it.
And no one even knows whether you use it or not.That’s why I think the law is bad, but it doesn’t really apply to open source software. You see the actual limit crossed, you can still fork the version from before that.
Even the law itself, as it stands, is pretty alright. It’s effectively just a parental control system, the OS needs to provide the user age to applications, but that age is just whatever you type at install, without any verification. In general, if enough applications implement it, that’s not a bad system to help protect kids without invading anyones privacy. Of course, it can be circumvented by the kid installing the OS themselves, but that possibility is a feature, not a bug.
The problem there is the slippery slope though.
I think there is an intention to convey a clear message. I will be warching the distro’s. Red Hat, being an IBM company, will probably back this age verification farce. I’m not so sure about the community distro’s like Debian or Arch. Maybe even Ubuntu will stop short.
Despite being a minor technical feature, I think this will have a disproportionate response from people.
Systemd isn’t going to add age verification
!remindme 1 year
This isn’t Reddit
/whoosh
The age field is one step closer to age verification in a program that already has made it more than clear that they don’t respect their consumers. Not only that but it also opens the door for other distro’s to force age verification.
This is nonsense. Do you feel like having a “user name” field brings “real ID one step closer”? Just don’t fill that field or enter some bogus data - nobody is checking this.
a program that already has made it more than clear that they don’t respect their consumers
Could you elaborate on this? I don’t get it.
I don’t know why we downvoted the correct answer.
It sucks and is stupid but the alternative is banning Linux. You wanna have ICE knock on your door for “harboring a foreign operating system that doesn’t comply with the Christlike values of patriotic Americans”?
It sucks and is stupid but the alternative is banning Linux.
Good. Have it banned in the one state that probably relies on it the absolute most. Silicon Valley would start to implode and the law would be changed very quickly.
They will not ban it on Servers or for Corporate use, but ban it in youth Centers, in schools, in public libraries, and everywhere else where kids could have access to Computers. This will create another generation of people who only know close source Systems, most likely from Microsoft, who will have no issues with making their Systems compliant to the bindig laws.
They will not ban it on Servers or for Corporate use
That’s the thing, the law doesn’t differentiate.
as far as I read the law, but i am neither a lawyer or even american, are those Option only needed for Systems with users and a user, as defined by the same law, is
(i) “User” means a child that is the primary user of the device.
The law says nothing about Systems that don’t have such a “user”, or at least i could not find anything.
So, there could be a valid argument that the law does differentiate.
- Providing courses for kids to learn linux? Not longer possible
- Providing older, but still perfectly fine running, Computers with Linux to low incoming or otherwise in need families? You are now a criminal!
Systems have to be ready and in place when the law becomes bindig and active, it is to late to beginn with the work then.
It’s almost like the latest changes are unpopular or something… /s
I don’t like age verification either but that feature is optional and it’s up to the OS distributor to use it or not. Picking a distribution that doesn’t use it is easier than building your own distribution with a systemd fork.
I suppose people are afraid that this is just the step one of a series of incremental changes that will make systemd more surveillance friendly. Regarding changing distros, starting a fork and doing couple fixes is not the same thing as maintaining it and being vetted by the community. So I would too change distro to a non systemd one, although options might be quite limited.
So I would too change distro to a non systemd one, although options might be quite limited.
Just use the regular, non-California edition of your regular distribution instead of jumping through hoops for a feature that doesn’t affect almost the entire planet anyway.
That was a comment in the case this feature evolves into many apps requiring the age verification via this info. In that case I would like to part ways with any OS using systemd as a means of protest.
California, New York, Texas, Brazil, the UK, I think at least 2 more states as well…this is only the beginning. Everybody is jumping on the surveillance state/data broker hype train.
My question is when will governments attempt to pass stupid and impossible laws like requiring ISPs to verify your age before you can connect to the internet.
Optional as far as systemd is concerned, perhaps, but it’s designed to support a whole suite of software which will expect it to be used.
They’re also making dubious decisions about how it will be done, such as how they’ll handle the fact that date of birth is PII and something advertisers will be delighted to know. The laws they’re trying to support require very limited information, but they’re storing far more than that and they’ve actively decided not to protect it properly.
However optional it may be, they’re effectively defining the standard for what will be stored and how it will be accessed by all of the software which will use it
I will simply not store any data there. There is no need to resort to building my own distribution with a systemd fork, just as I don’t use this week´s Firefox fork because the shitty features of Firefox can be disabled with 1 click.
Using barely maintained forks because of optional features is a security risk.
The laws they’re trying to support require very limited information, but they’re storing far more than that and they’ve actively decided not to protect it properly.
All systemd is storing is the DOB in YYYY-MM-DD format.
Which is more than the law requires. What they’re supposed to report is an age bracket. You don’t need to store someone’s precise date of birth, and you certainly don’t need to make it available to other software, to report a broad age bracket
In California they require date of birth IIRC but some other state requires an age bracket. From a technical standpoint asking for an age bracket is removed. It requires maintenance and also actions from the user. How will the system know when you become an adult? Should I keep nagging you every year asking if you are now over 18? Give it a date of birth and it’s set and forget.
That said, I don’t like where we are headed with surveillance of citizens and I think it would be a lot better to handle date of birth on the websites you use rather than your whole operating system. It’s Metas responsibility to make sure their users are not underage. It’s not our responsibility.
People were already mad about systemd in general. This just gave them more ammunition.
Angry nerds get upset about a nothingburger.
As long as it’s offline I don’t see a problem of implementing this. It’s a nieche use case, but why not? No program has to use the interface. It does what’s on the can: If I have a kid with a user not in wheel, it can install stuff on user level but might be “safe” from programs it is not supposed to use. Are people saying this is a slippery slope?
Yes, thin end of the wedge. Authoritarianism happens little by little, then all at once. It must be furiously resisted by those of us who care about freedom and privacy.
I don’t see any difference with a law saying that you must have a camera installed in your house to potentially check what you do (or what your child does). It’s my house, I decide whether I want a camera installed.
If someone tells me they’re going to put a camera but it’s innocuous because it’s off, or because I can decide whether to turn it on, or because I can point it in any direction I like (toward the wall), well they completely miss the point: it’s my house, if I don’t want a camera in there, then no camera goes in there. That’s my basic right as a human being, and any individual or entity or government that tries to force something like this, automatically loses its legitimacy. Its “laws” are immoral and therefore void. I don’t care being then branded as “anarchist” or as “criminal”. Welcome are all “criminals” from the past that fought and broke unjust laws in order to fight for human rights. I’m not a Russian, bowing my head and complying. Better dead. My grandchildren should not grow up in such conditions.
Likewise, my personal laptop is mine and I decide what does go and what doesn’t go in it.
@pglpm @Paulemeister And your phone?
Absolutely touché! My Android is dying and I look forward to switching to GrapheneOS.
It is a slippery slope, because it came as a response to a law. The law itself does not require a real verification for now, but it is clearly a step in this direction. If we look how governments world wide push for laws to undermine privacy for control, these laws are part of this push.
The birth field itself might even be a “good” tool for parents (I am not a fan of restricting your kids, but I know many are). The problem many people have with the changes by systemd is their anticipatory obedience with these laws.
Not to discourage anyone, but a big problem with maintaining a systemd fork is how much the “init” covers. But it’s encouraging to see see just how many people are attempting a fork, if they join forces it could doable.
Worst case scenario there is alternative init systems that don’t have the kitchen sink
@Liketearsinrain @pglpm An init system is not a kitchen. There isn’t supposed to be a sink there in the first place.
Let that sink in.
