Tbh it’s linked to a ton of things (lots of cancers), so it’d be a pretty big deal in general if they’re able to scale it into something widely usable.

In a recent analysis, Adam Harvey found that among the 999 most popular crates on crates.io, around 17% contained code that do not match their code repository.

17%!

Let me rephrase this, 17% of the most popular Rust packages contain code that virtually nobody knows what it does (I can’t imagine about the long tail which receives less attention).

Given that he lied about the results of the analysis he is using to prove his point, I find it hard to trust anything in this article.

In the analysis, Harvey said only 8 repositories did not match their upstream repos. The other problems were issues like not including the VCS info, squashing history, etc.

EDIT: Also, I just noticed that he called it a “recent” analysis. It’s roughly a two year old analysis. I expect things have improved a bit since then, especially since part of the problem was packaging using older versions of Cargo.

I’m actually looking into this right now. Other than tracking down all the birth certificates and stuff, it seems pretty straightforward.

The bill is C-3, since the article didn’t seem to mention it.

Hm, I’m reading the spec. It seems more simplistic than I was expecting.

Issuance of Proof of Age attestations (step 3)

Once the User’s age has been verified, the AP may either issue the Proof of Age attestation directly to the User’s AVI or generate a pre-authorized code and provide it to the User as part of a credential offer. At a later stage, the User can present this credential offer through their AVI to obtain the Proof of Age attestation.

Confirmation and presentation (step 5)

The AVI receives the Proof of Age request and presents it to the User. The User reviews the request details, verifies the information, and confirms the transaction to proceed.

The AVI securely transmits the Proof of Age attestation to the RP.

Guess it does just pass the attestation around.

2.2.3 Revocation and Re-Issuance In its current form, the solution does not support revocation or re-issuance. Adding support for these features would introduce additional complexity, which could hinder the rapid adoption of the solution.

The attestation is ideally only used once and issued in batches, so this is both good and bad I guess, since if they ask to track you and they haven’t already recorded all the attestations, they’ll need to wait for you to generate more.

Unlinkability: The goal of the solution is to prevent user profiling and tracking by avoiding linkable transactions. Initially, the solution will rely on batch issuance to protect users from colluding RPs. Zero-Knowledge Proof (ZKP) mechanisms will be considered to offer protection. More details are provided in Section 7.

Basically a big TBD. Lovely.

The more subtle attack you mention could probably be avoided if the root certs and so on or whatever equivalent they’re using are public and you check that the attestation given to you doesn’t include extraneous details (which ideally the app would do for you). Not sure how that’ll interact with the zkSNARK solution provided as an “experimental feature.”

It doesn’t really matter though since they can just record the attestations when they’re issued, so they just have to say “look for these attestations” to whatever site and they can track your visits.

It is recommended that the Proof of Age attestation be designed as a single-use credential and remain valid for a maximum period of three (3) months from the date of issuance. If a revocation mechanism is required, a status list may be utilized as an effective solution for managing the revocation status of attestations.

Of course, using it in batches is only “recommended,” so I guess they could just issue it once and continuously reuse it, in which case it would be very easy for websites to link it to you.

There’s probably more I could pull out, but yeah, doesn’t seem great based on the spec :|

I’m kind of surprised they’re actually going through with the zero-knowledge proof setup. This is pretty much the only method I find mostly acceptable for stuff like this tbh.

which would work on any device

This part seems unlikely. It’ll work on “most” devices but if you’re running something weird like a Linux phone I doubt it’ll work (although since it’s open-source I guess someone could potentially add support).

This was my first thought lol. Like, there are flattering photos of Hegseth? At best he looks smarmy.

Pretty sure they’re actually a bot given that they nearly instantly reply and they’ve replied to almost every top-level comment in this thread.

If not, they’re just a total shithead tbh given that they talk about homosexuality being a choice elsewhere.

I guess you’d be fine if everyone treated you as a lizard and required you to live and act like a lizard. It’s all good because you know you’re not, right?

People can be wrong about literally anything. That is not an excuse to say “fuck everyone else in this group.”

If you extend this argument, we shouldn’t believe what anyone tells us about absolutely anything because they might have made a mistake. Truly a great basis for human society.

The amount of people who detransition is incredibly small compared to the overall trans population, and even then most people detransition because society didn’t accept them and battered them down until they gave up.

I listened to some of the “music.” I’m not sure wtf is going on in his head at this point, and I’m glad I don’t understand.

Yeah, I feel like a lot of the people here going “just don’t use social media then” are missing part of the point. Like, as she specifically mentioned, the misogynistic discourse happening online is also happening offline. Even if you yourself manage to avoid most online misogyny by not using social media, you’ll still be exposed to it through everyone else who is and all the people watching and reading stuff like Fox. It’s just kind of everywhere.

My point is that wasn’t the original reason the EU started looking into this. They started looking into it because of all the shit the Trump admin is doing. If someone like Biden or Harris had been elected, there wouldn’t be this big push to swap off US tech. Economic growth is just a possible side benefit.

Seems like a roaring endorsement to me.

According to Google, the idea of replacing current tools with open-source programs would not contribute to economic growth.

I like how Google just talks about economic growth when the main reason to swap off US tech is to not be entirely beholden to an untrustworthy govt for European digital infrastructure. Kind of shows how fucked up the mentality of Google execs is that all they can think about is money.

Part of the problem is that some of the LDP’s base thought they weren’t conservative enough and started voting for other parties, so the LDP decided to appeal to them. Of course, this is just short-term thinking to maintain power at all costs and is gonna fuck the country in the long-run unless they get their act together.

Matrix is fragmented too, but it’s generally less fragmented in my experience (if you use a relatively well developed client). Part of this is because most people just use Synapse for their server. With XMPP, server implementations support random combinations of XEPs, and specific servers often are missing random XEPs because they’re not enabled by default and so on (thinking about ejabberd for instance here, the default config probably isn’t what most people want). I also routinely have random compatibility problems between clients pop up with XMPP. As a basic example, retracting messages is very haphazard.

Anyway, yeah, if they standardize on server and client setup for all govt instances, it’d be fine either way probably. The clients may be somewhat janky, but they can probably fix those issues more easily when they’re only focused on one client (although unless it’s like FluffyChat and cross-platform, they may need to standardize multiple clients) and server.

The biggest problem with XMPP is what various servers and clients implement is kind of all over the place. For instance, most clients support an older version of OMEMO, but some clients support newer versions, and the different versions are incompatible.

The other issue is some platforms (iOS in particular) have pretty shitty XMPP apps filled with bugs.

I still generally like XMPP more than Matrix since ATM Matrix clients are also filled with bugs/laggy, Synapse (the main server implementation) is very resource heavy, and message syncing is kind of shit if the client doesn’t implement sliding sync (like FluffyChat). I personally think the UI for both XMPP and Matrix clients generally kind of suck, which isn’t great for convincing non-techy people to use them.

I’m ngl, when I see that acronym I immediately think of Star Wars.

Yeah, I considered mentioning it but didn’t bother. If you have enough money, you can just ignore whatever the government provides and pay for it yourself (which is ofc why the super wealthy often don’t like government programs supporting the average person). Sort of makes a bad situation worse when the average person is already stressed from the problems of population decline and then they have to deal with government programs being gutted because the wealthy don’t like them.

If immigration was the solution to everything, the US would be a paradise. It’s necessary but not enough.