You might think you can keep 16 year olds from looking at porn, if they want to. You can't. You have never been able to. All you can do is teach them that the law is stupid and pointless, and they should treat rules with contempt. But they'll still be able to look at porn.
What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
Yeah, I agree with this. I think age-related content moderation is a losing fight and one that will create more contempt for laws, more surveillance, and much more PII surface area that will be exploited.
There are really two "core" issues at play:
1. The prudish nature of US society
2. The fact that we don't have data privacy laws and restrictions on digital surveillance by private companies
Sixteen year olds? Sure, mysterious Forest Porn and the older brother who'd give you skin mags have always existed. And Cinemax at night, catching the odd frame that somehow gets thought the scrambler. Whatever.
But we can't realize all the supposed glorious promise of all this tech bullcrap for education and free exploration of younger kids if we can't at least come pretty damn close to guaranteeing that an eight-year-old won't stumble on Rotten.com or hardcore porn if an adult isn't looking over their shoulder constantly. And whatever that solution is needs to work for parents who don't have the know-how or time to be sysadmins for their household.
I'm not overly concerned with 16 year olds. But the tools for protecting younger children suck. A consistent account setting and header would do a lot to improve parental controls.
> What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
This is already happening. A central setting would improve privacy over the way things are right now.
> A central setting would improve privacy over the way things are right now.
What? How? What improvement are you seeing that I'm not?
Putting all our PII into one huge repository and then letting corps and govts access it sounds like a dystopian nightmare. This is why we don't like Palantir.
What happens if a bad guy steals that data and your identity? They go and look at CSAM using your ID? The police turn up at your door and cart you off to prison? Are you really going to be able to argue that it wasn't you? If so, what is the point of the system? If we're relying on IP addresses and other evidence for access (so you can fight these charges) can't we just use them in the first place?
I don't know what you're talking about, but it's not what this kind of bill is about.
This kind of bill is about the OS telling things whether you're: 0-12, 13-15, 16-17, 18+
No databases, no stealable identity, only the barest sliver of 2 bits of PII.
As for how it's an improvement, we already have sites asking to see your driver's license or pictures of your face for much worse age verification paradigms. If most of those changed to a local age setting, privacy would go up.
How does the OS know that you moved from the "13-15" bracket to the "16-17" bracket without knowing your DoB?
And this is the thin edge. Because in a few years there'll be a bill saying something like "too many children are lying about their age online. We need to verify their age" and then we're capturing IDs and storing them somewhere.
> The OS could require the parent to manually update it.
How is their age verified?
At some point one of two things is required:
1) A promise that the user is a certain age
- Which puts us exactly where we are
2) Official identification is used to verify age
- Which creates a PII nightmare
That's it. There's only those two options. You may not believe #2 is going to be a privacy nightmare but we're already seeing it happen with Discord/OpenAI/LinkedIn and everyone else that uses Persona[1]. They aren't doing the minimal security things and already aren't doing what they claimed (processed on device, then deleted). This "hack" couldn't happen if that was true
The difference here is it can be set by the parent on the OS and locked. Requiring sudo equivalent to change.
The way it is now, there's nothing stopping a (18-) user from logging out of a 'parental control enabled' account and making a new account without those controls on any service from Facebook to Steam. So the only effective option at that point is to entirely block that app or service.
This gives more power to parental control software. And yeah moves the responsibility from the service to the parents, which is what the services want cuz COPPA and other similar laws.
But you do bring up another issue people aren't discussing. That the default setting is under 18.
So we protect the children from adults by... having no way to actually verify someone is a child?
The problem is less kids getting access to porn and more pedos getting accounts to spaces designed for children. Places like Club Penguin or very famously Roblox.
Here's the problem, you can't verify children. They don't have identification in the same way adults do. And worse, if we gave them that then it only makes them more vulnerable!
Then we have the whole problem of a global internet. VPN usage is already skyrocketing to circumvent these policies.
So the only real "solution" to this is global identification systems where essentially everyone is carrying around some dystopian FIDO key (definitely your phone) that has all your personal information on it and you sign every device you touch. Because everything from your fridge to your car is connected to the Internet.
But that's a cure worse than the poison. I mean what the fuck happens to IOT devices? Do we just not allow them on the internet? That they're assumed 18+? So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies. That information spread like wildfire and you bet it got easier as the smarter kids put in the legwork.
This is a losing battle. It's not a cat and mouse game it's While E Coyote vs Road Runner.
We're on HN FFS. If there's anywhere on the Internet that the average user is going to understand how impossible this is it should be here. We haven't even talked about hacking! And yes, teenage script kiddies do exist.
These policies don't protect kids, they endanger them. On top of that they endanger the rest of us. Seriously, just try to work it out. Try to create a solution and then actually try to defeat your solution. Don't be fucking Don Quixote.
> But you do bring up another issue people aren't discussing. That the default setting is under 18.
Some things do that. This law doesn't have a default. If the admin sets all the user accounts to 18+, then the users are stuck with the setting being 18+.
> I mean what the fuck happens to IOT devices? Do we just not allow them on the internet?
Sounds pretty good to me.
But yeah they need a different handling of some manner. Maybe a "give no access to anything age-gated" category, though is that really different from under-13 in practice?
> So all kids need to do is get a raspberry pi? All they need to do is install a VM on their phone? On their computer? You might think that kids won't do this but when I was in high school 20 years ago we all knew how to set up proxies.
Just delaying unrestricted access to high school would already solve most of the problem.
> These policies don't protect kids, they endanger them. On top of that they endanger the rest of us.
They do not. Some totally different system could endanger people, but this one doesn't.
Really? Be a bit more serious now. There are a lot of things that connect to the internet, and not just for stupid data harvesting reasons. I gave other examples. I think you can understand that this gets pretty hairy pretty quickly. If you don't, then dig in deeper to how the networking is done. You're an older account so I'm assuming you actually understand computers.
> They do not.
They definitely do. I explicitly stated how that happens too. If you want me to take you seriously you have to respond with something better than "trust me bro".
There is no evidence that these companies are actually handling that data properly. There is a lot of evidence that they are handling it improperly. That data being leaked does in fact, endanger kids.
I'm also unconvinced these things even achieve the goals they claim to be after. Which is keeping pedos away from kids. i.e. the reason I said you're missing the point. So either it is not achieving that goal, or lulling people into a false sense of security. Imagine if Roblox was saying "we don't allow adults on the platform" and so now all the tech illiterate parents and kids think their kids are exclusively talking to other kids. That's just a worse situation than now.
> They definitely do. I explicitly stated how that happens too. [...] data being leaked
Again "Some totally different system could endanger people, but this one doesn't."
Any system that has companies handling personal data and able to leak it is not the system this kind of law talks about.
> false sense of security. Imagine if Roblox was saying
In that situation, Roblox is the problem, not the law.
> So what do these laws even solve?! I'm serious
If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
It wouldn't replace direct checks from the parent on what their kids are doing, but it would greatly reduce the risk profile. And making it simple and built-in means that non-tech-expert parents can set it.
>> Be a bit more serious now.
> The serious answer is in the next line.
> ...
> Again "Some totally different system could endanger people, but this one doesn't."
>> If you want me to take you seriously you have to respond with something better than "trust me bro".
I do have a hard time taking you seriously
> If widely implemented, a parent can set a single toggle and then the accounts their kids make will all be appropriately restricted.
Heard exactly the same thing about VPN use (kids won't know how to set up a VPN). Then Australia age verification kicked in, and VPN use went through the roof [0]
And, of course, the response so far has included similar thoughts as the UK about banning VPNs [1]
> How does the OS know that you moved from the "13-15" bracket to the "16-17" bracket without knowing your DoB?
The OS has the birth date. Of probably 1-5 people.
> And this is the thin edge. Because in a few years there'll be a bill saying something like "too many children are lying about their age online. We need to verify their age" and then we're capturing IDs and storing them somewhere.
Those things are already happening. I see this kind of mechanism as significantly more of an alternative to privacy invasion than an enabler of privacy invasion.
The political establishment used to be able to control what you read, through control of the media. Then 1995 happened and everyone got access to anything they wanted. The establishment have wanted to put that genie back in the bottle ever since. This is part of that effort.
> Requiring the central database is the scary part.
Yes, agreed.
And this type of proposal has no central database, so it removes the scary part.
(Unless you're talking about the local accounts on each computer storing dates of birth for a single household as a "central database" in which case you're being ridiculous and please stop doing that.)
We have been able to automatically inline functions for a few decades now. You can even override inlining decisions manually, though that's usually a bad idea unless you're carefully profiling.
Also, it's pointer indirection in data structures that kills you, because uncached memory is brutally slow. Function calls to functions in the cache are normally a much smaller concern except for tiny functions in very hot loops.
I'm not sure Rust's `async fn` desugaring (which involves a data structure for the state machine) is inlineable. (To be precise: maybe the desugared function can be inlined, but LLVM isn't allowed to change the data structure, so there may be extra setup costs, duplicate `Waker`s, etc.) It's probably true that there is a performance cost. But I agree with the article's point that it's generally insignificant.
For non-async fns, the article already made this point:
> In release mode, with optimizations enabled, the compiler will often inline small extracted functions automatically. The two versions — inline and extracted — can produce identical assembly.
I am fairly doubtful that it makes sense to be using async function calls (or waits) inside of a hot loop in Rust. Pretty much anything you'd do with async in Rust is too expensive to be done in a genuinely hot loop where function call overhead would actually matter.
I have actually very convincingly recreated a moderately complex 70s-era mainframe app by having an LLM reimplement it based on existing documentation and by accessing the textual user interface.
The biggest trick is that you need to spend 75% of your time designing and building very good verification tools (which you can do with help from the LLM), and having the LLM carefully trace as many paths as possible through the original application. This will be considerably harder for desktop apps unless you have access to something like an accessibility API that can faithfully capture and operate a GUI.
But in general, LLM performance is limited by how good your validation suite is, and whether you have scalable ways to convince yourself the software is correct.
> I haven't seen this much hype and hopium since the dot com boom.
The notion that 99% of the workforce and military will be AIs isn't "copium", it's grounds for absolute terror. One of two things will be true:
1. The AIs will be controlled by the Epstein class, who will then have no use for most of humanity, either as workers or soldiers.
2. Or the AIs will be controlled by the AIs themselves, which also seems worrisome.
Really, any situation where 99% of the workforce and military are AIs should be deeply concerning, for reasons that should be obvious to any student of history or evolution.
And, sure, maybe we won't get there in our lifetimes. But if we did, I wouldn't expect an automatic utopia.
Nope, the War Powers Resolution gives the president broad authority to respond to an active attack on the United States (which makes sense). But it does not allow the President to unilaterally start an aggressive war against some random country without Congressional approval.
Not that we live in country where laws or the Constitution matter much right now. It's theoretically possible that some people might someday be prosecuted for breaking laws or violating people's Constitutional rights. But even there, I world expect that many of the law breakers will simply be pardoned.
What about the argument that Congress has always gone along with this in the past?
I mean it isn't quite that stark, but the last president that actually asked congress for and got a declaration of war was Roosevelt. The last president that asked for and got permission for the use of military force was George Bush (junior) after 9/11 (obv. he meant against the Taliban).
Which means all US conflicts are "based on" George Bush's approval for use of military force, about 1 per presidential term: military intervention in Lybia, the campaign against ISIS, campaign against Syria and Iraq militias/continuation against ISIS, and now Iran. Iran is a different scale I guess, but ...
> We are centuries into the deep automation of certain things, like looms, but people with deep understanding of those things are still needed to guide the automation and keep it working to meet human needs.
The difference this time is that the thing they're trying to automate is intelligence. The goal is a machine that's as smart as a Nobel Prize winner or a good CEO, across all fields of human intellectual endeavor, and which works for dollars an hour. The goal is also for this machine to be infinitely copyable for the cost of some GPUs and hard drives.
The next goal after that will be to give that machine hands, so that it can do any physical labor or troubleshooting a human can do. And again, the goal is for the hands to be cheaper to produce and cheaper to automate than humans.
You may ask yourself, who would need humans in a future where all intellectual and physical tasks can be done better and cheaper by a machine? You may also ask yourself, who would control the machines? You may ask yourself, what leverage would ordinary humans have in a future that no longer needed them for anything? Or perhaps you would not ask those questions.
But this is the future investors are dreaming of, and the future that they're investing trillions of dollars to reach. That's the dream.
This author is pointing out that the fraction of the tech dream du jour that is actually realized is consistently about 1%, so taking tech dreams du jour seriously is guaranteed to give you a false world model. Which is unhelpful and maladaptive, unless perhaps your goal is to make money off of other people with that false world model.
I believe that full automation of the mundanities of human life is coming in the fullness of time. But for that insight to be helpful to me, I have to get the timing right, and the data suggests I should be extremely skeptical about excitable tech guys predicting big things in short time frames.
Part of me thinks that we're already reaching peak stuff/employment/the current system.
We are currently churning out graduates who work in coffee shops. More and more employment is make work. The issue is can we carry on requiring work, making it a moral requirement.
I suspect it'll be like the industrial revolution, when the average labourer moved to a factory in the city living in a slum, they were worse off. It took time for the conditions of the working class to improve.
Basic income is touted as the solution, but then globalisation means workers are moving much more and I'm not sure the 2 are compatible. Not that I have a better idea.
I do think we need a cultural change decoupling work from self worth. It's becoming less and less defensible to require everyone to work to be 'deserving'.
All that being said, there will still be jobs, there will always be demand for hand made, or something that isn't soulless corporatism. Although I'm starting to sound like Star Treks view of the future, which may not achievable
By what metric? Around me it was all sheep farming or weaving.
It seems to me having the agency to choose your own hours, to be able to collect fire wood for the fire is better than on paper earning more, but being in a slum a family to a room, with all the diseases, perhaps the mill owner having a monopoly on what you could buy, or banning alcohol. Yes you may have more money, but I don't think the quality of life was better.
We could make the same point today. I live in an area why you can buy a house for £150k. So am I better or worse off than a Londoner that earns twice as much but paid £1M for the equivalent house?
> They actually were better off, which illustrates how bad rural poverty was at that time.
Perhaps at the start of the industrial revolution, but not during most of it. Which is says a lot about how pricing shifts and finds equilibrium, not only for raw materials but also for human workers.
> Although I'm starting to sound like Star Treks view of the future, which may not achievable
Also worth noting that even in Star Trek, which is viewed as a utopian vision of the future, the sort of societal changes you are talking about only came after humanity almost wiped itself out in a third world war (which coincidentally happened to start in 2026)
Yes, but ultimately. Just like transporters, it was pulled out of Roddenberry's arse. We could have have a long debate about how society would work if transporters were a thing, but that doesn't make transporters possible.
The exact same issue arises with it's society. We can imagine it, that doesn't necessarily make it real. Yes WW3 sounds like a good reason, but it's a story, it's a plausible sounding reason.
So yes I am biased, in that I am aware of the future that star trek presents, and on the face of it, it would solve the problems I see coming. But none of that makes it possible.
> It was slightly salty french fries, buttered and coated in sugar and cinnamon, like cinnamon toast. Bang on. Makes a lot of sense too, if you think about it.
The closest existing food I know to this are churros, which can be truly excellent when made well. In places like Barcelona, they dip them in chocolate sauce.
I support your experiments in potato-based churro analogs!
Speaking of Spanish food and sweetened french fries, I think berenjenas with miel de caña are a truly underrated breakfast competitor. And Spanish tortilla is also sort of a dark breakfast food... I make them to keep in the fridge. Although... heh. My fav thing to eat in Spain for breakfast are the small clams called almejas, sauteed in Manzanilla, with some crusty bread to soak up the boozy clam juice. Tragically, I became allergic to clams when I lived there.
I, too, once believed this. Then I had the displeasure of watching a $10,000 server fail during Christmas travel (about 20 years ago now). A single RAID drive failed. Then, during the rebuild, a second drive failed. Then the RAID controller itself failed catastrophically, losing all the RAID volume metadata. When we restored from backup, we discovered that the sysadmin who had just quit a few weeks before had lied to us about the backup system, and we had no backups.
This is the sort of black swan event that happens every 5-10 years. It's an unusually bad event, even by black swan standards, but stuff like this happens.
The fundamental problem of self-hosted databases is that you test the happy path every day, but you only test true disaster recovery every 5-10 years. And in practice, this means that disaster recovery will usually fail.
With a managed database service, most of what you're paying goes to making sure that disaster recovery works. And in my experience, it does. I've seen RDS database servers fail catastrophically, and completely rebuild in under 15 minutes with virtually no data loss, with almost no human intervention at all.
If you care about your customers' data, I think that a reputable managed database is the right move until roughly the point that you can pay for a full time database administrator. At that point, sure, roll your own. But do regular disaster recovery tests, lest you discover that a recently departed DBA has been lying to you.
Yeah but even with managed database services you don't know if your provider has invested into proper testing of their recovery so you have to test it anyway. Major services like DigitalOcean have been known to shit the bed with your backups. If you don't test your backup recovery, you don't know if you're screwed even if you're paying for "managed" services.
I test my backup recovery several times a month by actually baking into our CI/CD workflow under certain conditions. The entire production database gets restored from backup every week.
You could use a managed db service as a live replica dedicated as a backup only. The queries would go to your local database on beefy hardware, while the replica would just have to be powerful enough to keep up with the WAL stream.
I have been a lead engineer for a few decades now, responsible for training teams and architecting projects. And I've been working heavily with AI.
I know how to get Claude multi-agent mode to write 2,500 lines of deeply gnarly code in 40 minutes, and I know how to get that code solid. But doing this absolutely pulls on decades on engineering skill. I read all the core code. I design key architectural constraints. I invest heavily in getting Claude to build extensive automated verification.
If I left Claude to its own devices, it would still build stuff! But with me actively in the loop, I can diagnose bad trends. I can force strategic investments in the right places at the right times. I can update policy for the agents.
If we're going to have "software factories", let's at least remember all the lessons from Toyota about continual process improvement, about quality, about andon cords and poke-yoke devices, and all the rest.
Could I build faster if I stopped reading code? Probably, for a while. But I would lose the ability to fight entropy, and entropy is the death of software. And Claude doesn't fight entropy especially well yet, not all by itself.
What I've found out is that a lot of people don't actually care. They see it work and that's that. It's impossible to convince them otherwise. The code can be absolutely awful but it doesn't matter because it works today.
I have been able to write some pretty damn ambitious code, quickly, with the help of LLMs, but I am still really only using it for developing functions, as opposed to architectures.
But just this morning, I had it break up an obese class into components. It did really well. I still need to finish testing everything, but it looks like it nailed it.
I have systematically and successfully banned OpenSSL across all of my Rust projects. Sure, RusTLS shares a few C crypto primitives with OpenSSL forks. But I've never been happier with the overall library.
You might think you can keep 16 year olds from looking at porn, if they want to. You can't. You have never been able to. All you can do is teach them that the law is stupid and pointless, and they should treat rules with contempt. But they'll still be able to look at porn.
What you can do is allow the government and private companies to track everyone, everywhere, all the time. And you can create more gatekeepers that hold personal identity data, misuse it, and leak it.
reply