Latest Comments by LoudTechie
US operating system age verification bill "Parents Decide Act" gets published
16 Apr 2026 at 11:57 am UTC Likes: 1
It puts limits on how this data when shared online should be used, but not that it must be shared online.
16 Apr 2026 at 11:57 am UTC Likes: 1
Quoting: Savor592What if I want to use my device offline? Never connect it to the internet. Old game consoles?The law actually doesn't seem to specify being online.
Just this single requirement has already so many problems attached to it.
It puts limits on how this data when shared online should be used, but not that it must be shared online.
New US Congress bill proposal requires all operating system providers to verify ages
15 Apr 2026 at 10:06 pm UTC
People have direct access to the checking code how do you keep them from making a mod that always says it's good to go?
Also, which wallet address(jk.)?
15 Apr 2026 at 10:06 pm UTC
Quoting: tmtvlHaving someone else do it for you is the least of our worries.Quoting: LachuBut any other implementation than field in passwd is bad.I'll quote from the article:
Quoting: Liam Dawerather than relying on self-reported ages.Hence just having a box that says 'how old are you?' with a simple input is not good enough.
Some options for how it may actually work:
- Scan your ID card to verify (although many people in the USA apparently don't have an ID card because they don't really need it and don't want to spend the money, which to me as a Belgian is wild).
- Scan your driver's license to verify.
- Scan your birth certificate to verify.
- Input your SSN (Social Security Number).
- Submit a blood sample.
- Maybe you'll be able to request some kind of certificate from your city hall which can be scanned.
- Or perhaps something else I didn't think of.
Of course, those could be defeated by having someone else do it for you, so maybe monitors will have iris scanners and keyboards fingerprint scanners so you're constantly being verified (government of the USA, I'll take payment for my contributions to your cause in silver or Ethereum, thanks).
People have direct access to the checking code how do you keep them from making a mod that always says it's good to go?
Also, which wallet address(jk.)?
Linux smashes past 5% on the Steam Survey for the first time
15 Apr 2026 at 2:28 pm UTC Likes: 1
Explanation of what I did wrong:
15 Apr 2026 at 2:28 pm UTC Likes: 1
Quoting: CatKillerAnd India didn't have such a ban. Good point.Quoting: LoudTechieThnx for the information.In countries where household PC ownership is standard (such as Europe and North America - the other significant regions on Steam) the measurement issue isn't a factor.
In which case I'll ask how come only the recorded number of Chinese users visibly fluctuates?
With access one can point to some kind of government interference, with measurement issues that doesn't work.
In other countries where PC bang gaming is standard (such as Japan and South Korea, as I mentioned) the Steam market just isn't as big.
China is a huge market, and the historical console ban among other factors has made playing online games in Internet cafes the norm, where measurement is hard (potentially impossible).
Explanation of what I did wrong:
Spoiler, click me
I wasn't really aware of which regulation had done what.
I just thought size(Chinese market)~=(India market) stabilityLaw(Chinese market)~=stabilityLaw(India market), thus instability is the same.
I just thought size(Chinese market)~=(India market) stabilityLaw(Chinese market)~=stabilityLaw(India market), thus instability is the same.
New US Congress bill proposal requires all operating system providers to verify ages
15 Apr 2026 at 1:11 pm UTC Likes: 6
The amount of doorbells visiting porn sites'll grow explosively.
15 Apr 2026 at 1:11 pm UTC Likes: 6
Quoting: TonyHoyleSo first you've got to define operating system in such a way that it doesn't include half the devices in your house.. (before you can press this doorbell you need to present your passport for verification).They're gonna do only the first part.
Then you've got to define it so it doesn't make business completely unviable. You're going to make linux illegal?
Then given that narrow definition, if you can even do that, you've got to deal with all the thousands of edge cases..
There *are* solutions coming, like verification apps where the data stays on your device and simply provides attestation that you're over 18, that don't require ham fisted legislation like this. But with lawmakers being typically 80+ they don't understand the problem enough to wait for it.
The amount of doorbells visiting porn sites'll grow explosively.
X.Org X server and Xwayland security advisory released for multiple issues
15 Apr 2026 at 12:30 pm UTC
Meaning it will target only open source projects.
The only good news is that this'll allow for higher code quality in open source projects.
There's one thing I hope AI'll bring the ability for non-technical people to check source code for backdoors.
Edit:
This basically means openness gets super charged.
15 Apr 2026 at 12:30 pm UTC
Quoting: TurkeysteaksNot sure what the 'TrendAI' part of the Zero Day Initiative is, but nice to see that the ZDI seems to be helping.Bad news it has gotten acceptable in finding vulnerabilities in source code and it's already in malicious hands and showing real production gains in cyber crime(although currently for social engineering attacks not bug finding).
On the AI side though I am curious. I despise AI, and a new reason to hate it is that some of the latest models (namely Anthropic's Mythos) is *reportedly* incredibly good at finding and exploiting vulnerabilities. I take that with a huge pinch of salt because clearly it's somewhat marketing, but it does worry me. If it ever gets into the wrong hands (and to be clear, I don't really consider Anthropic to be the RIGHT hands...) and it is even half as powerful as they are claiming, it really could be dangerous - I feel even more so for Open Source projects.
Hopefully not though.
I'm a SWE, and while I still avoid AI in my workplace for the most part, my colleagues are not the same - but even the most enthusiastic are starting to feel quite sour about it. Even on the most personal and maybe selfish level, it makes the job... really damn boring. I don't want to be a 'manager', I want to code! (which again, is partly why I refuse to use AI wherever I can)
Meaning it will target only open source projects.
The only good news is that this'll allow for higher code quality in open source projects.
There's one thing I hope AI'll bring the ability for non-technical people to check source code for backdoors.
Edit:
This basically means openness gets super charged.
New US Congress bill proposal requires all operating system providers to verify ages
15 Apr 2026 at 12:23 pm UTC Likes: 1
15 Apr 2026 at 12:23 pm UTC Likes: 1
Congress too; sad.
On one side I feel smug.
I knew this would come, so for school I'm working on an anonymous and cryptographically secure functioning Age Verification system.
I already have a good design.
In the spoiler is the written down version
On the other side it's stil yet another way to force mass surveilance and monopolistic behavior.
On te EU one can at least force that they fix the "informationless ID" part themselves(lookup dsa age verification), there is good reason to not trust it, but at least they do it themselves without passing the bug to big tech.
The USA just says "be like Microsoft/Amazon/Google", but I don't want and am unable to surveil someone their whole youth.
On one side I feel smug.
I knew this would come, so for school I'm working on an anonymous and cryptographically secure functioning Age Verification system.
I already have a good design.
In the spoiler is the written down version
Spoiler, click me
The requirements for a privacy respecting arbitrary static property verification system are that:
System abuse and it's prepretators can be detected.
The way it's used isn't detectable to the verifier of the static property.
The identity of the user isn't revealed to the ones who make the uses possible.
The hashsing algorithm I will be using is sha256, because I can assure that ids will be unique and unrelated.
I will be using the proven slow prngs, because the qualtity of this protocol falls and stands with the qualtity of a prng
The verifying party randomly generates n ids.
The verifying party runs each of the id's through the pseudorandom generator and generates (n-1)*p codes based on it.
It divides this set up in (n-1) subsets, one for each other ringmember.
Each of the subsets is labeled with a within the ring shared pseudonym for one of the other ringmembers.
The codes are send to the individual.
After which it's added to a pool of similarly labeled sets of the other ringmembers, here they are pooled together without saving to which member they originally belonged.
In total n*(n-1)*p=np(n-1)=n^2+pn-n-p codes are generated.
For each receiving server a seed is generated by the verifier and each of the codes is hashed with this seed as pepper.
This set of hashes, labeling and the seed is send to the receiving server, but not the original values.
When an individual connects to an age verifying server the server sends its seed and the individual randomly picks a value from the received ones and hashes it with the seed and sends that hash to the age verifying server.
If it matches the received hash with one of the hashes that hash is removed and the age is labeled as verified.
To determine potential abusers of the system the age verifying servers can simply check whether some of the n labeled subsets are getting abnormally underutelized.
If this turns out the system abusers are apperantly the ones in the underutelized sets.
After which not only the abuse, but also the abuser have been identified and appropiate action can be undertaken.
Many of these could involve reporting the abuse to some authority like the verifier.
This authority would need some proof of appropiate conduct at the side of the reporter.
The best I can offer is pseudonymous labeling for the subsets, so the reporter can't know who they reported.
To avoid birthday attacks p should be at least as large as n and probably larger, because accidentally matching a p row isn't a problem, but an n match allows one to blame other people for sharing codes.
p = 1.000.000
(n-1) = 1000
total storage use is
3 8bit bytes par sha256 hash
order can communicate subcatogrisation, since every other user has the same redundancy
n^2+pn-n-p
10^3^2+10^6*10^3-10^3-10^6=10^6+10^9-10^3-10^6=10^9-10^3=1,0000003*10^10
1,000003*10^10*3=3,0000009*10^10
around 10gb usage for the client
the servers store the hashes everybody and the seed, thus around
(n^2+pn-n-p)*n+1
1,0000009^10*10^3+1
is around 10 terabyte par server
System abuse and it's prepretators can be detected.
The way it's used isn't detectable to the verifier of the static property.
The identity of the user isn't revealed to the ones who make the uses possible.
The hashsing algorithm I will be using is sha256, because I can assure that ids will be unique and unrelated.
I will be using the proven slow prngs, because the qualtity of this protocol falls and stands with the qualtity of a prng
The verifying party randomly generates n ids.
The verifying party runs each of the id's through the pseudorandom generator and generates (n-1)*p codes based on it.
It divides this set up in (n-1) subsets, one for each other ringmember.
Each of the subsets is labeled with a within the ring shared pseudonym for one of the other ringmembers.
The codes are send to the individual.
After which it's added to a pool of similarly labeled sets of the other ringmembers, here they are pooled together without saving to which member they originally belonged.
In total n*(n-1)*p=np(n-1)=n^2+pn-n-p codes are generated.
For each receiving server a seed is generated by the verifier and each of the codes is hashed with this seed as pepper.
This set of hashes, labeling and the seed is send to the receiving server, but not the original values.
When an individual connects to an age verifying server the server sends its seed and the individual randomly picks a value from the received ones and hashes it with the seed and sends that hash to the age verifying server.
If it matches the received hash with one of the hashes that hash is removed and the age is labeled as verified.
To determine potential abusers of the system the age verifying servers can simply check whether some of the n labeled subsets are getting abnormally underutelized.
If this turns out the system abusers are apperantly the ones in the underutelized sets.
After which not only the abuse, but also the abuser have been identified and appropiate action can be undertaken.
Many of these could involve reporting the abuse to some authority like the verifier.
This authority would need some proof of appropiate conduct at the side of the reporter.
The best I can offer is pseudonymous labeling for the subsets, so the reporter can't know who they reported.
To avoid birthday attacks p should be at least as large as n and probably larger, because accidentally matching a p row isn't a problem, but an n match allows one to blame other people for sharing codes.
p = 1.000.000
(n-1) = 1000
total storage use is
3 8bit bytes par sha256 hash
order can communicate subcatogrisation, since every other user has the same redundancy
n^2+pn-n-p
10^3^2+10^6*10^3-10^3-10^6=10^6+10^9-10^3-10^6=10^9-10^3=1,0000003*10^10
1,000003*10^10*3=3,0000009*10^10
around 10gb usage for the client
the servers store the hashes everybody and the seed, thus around
(n^2+pn-n-p)*n+1
1,0000009^10*10^3+1
is around 10 terabyte par server
On the other side it's stil yet another way to force mass surveilance and monopolistic behavior.
On te EU one can at least force that they fix the "informationless ID" part themselves(lookup dsa age verification), there is good reason to not trust it, but at least they do it themselves without passing the bug to big tech.
The USA just says "be like Microsoft/Amazon/Google", but I don't want and am unable to surveil someone their whole youth.
Spoiler, click me
You might ask how doe age verification force mass surveilance and monopolistic behavior?
The only ways to reliably verify someone's age are through methodically keep record of them since their birth or some very invasive biometric measurements.
Behavioral tests only work on a case by case basis if at all.
I hope it's clear how "keeping records of someone, since birth" is mass surveillance when not done by a semi-trusted party like the government.
Invasive biometric measurement requires hardware changes and access to someone's person, which are once again great angles for mass surveilance and monopolisation.
Also people don't tend to trust many parties with that kind of access making it a monopolization angle(people are right btw)
The only ways to reliably verify someone's age are through methodically keep record of them since their birth or some very invasive biometric measurements.
Behavioral tests only work on a case by case basis if at all.
I hope it's clear how "keeping records of someone, since birth" is mass surveillance when not done by a semi-trusted party like the government.
Invasive biometric measurement requires hardware changes and access to someone's person, which are once again great angles for mass surveilance and monopolisation.
Also people don't tend to trust many parties with that kind of access making it a monopolization angle(people are right btw)
Linux smashes past 5% on the Steam Survey for the first time
15 Apr 2026 at 11:51 am UTC
In which case I'll ask how come only the recorded number of Chinese users visibly fluctuates?
With access one can point to some kind of government interference, with measurement issues that doesn't work.
15 Apr 2026 at 11:51 am UTC
Quoting: CatKillerThnx for the information.Quoting: LoudTechieIt could be, but I'm not seeing significant fluctuations, which is what surprises me.The number of Chinese users on Steam doesn't fluctuate.
I would expect Indian Steam access to fluctuate comparable, but with a different rhythm, to Chinese Steam access.
Simplified chinese spikes are easy too see, yet there're no visible english and/or Hindi spikes.
The number of samples recorded varies, on account of sometimes being wildly wrong.
The issue is that it's difficult to count each machine in a PC bang once and only once per year. You can't count them server-side because they're all behind one IP address. You can't count them client-side because the clients get periodically wiped, which erases your means of seeing that you already counted it. Valve put their hands up on the issue - for a while after that they corrected the issues in the data when they came up, but they stopped doing that a couple of years ago so we get the spikes again.
Japan and South Korea could well have the same issues with data collection, but they aren't ~ a third of Steam, so no one notices.
In which case I'll ask how come only the recorded number of Chinese users visibly fluctuates?
With access one can point to some kind of government interference, with measurement issues that doesn't work.
Linux smashes past 5% on the Steam Survey for the first time
14 Apr 2026 at 8:40 pm UTC
I would expect Indian Steam access to fluctuate comparable, but with a different rhythm, to Chinese Steam access.
Simplified chinese spikes are easy too see, yet there're no visible english and/or Hindi spikes.
14 Apr 2026 at 8:40 pm UTC
Quoting: NicknameIt could be, but I'm not seeing significant fluctuations, which is what surprises me.Quoting: LoudTechieHow well are these Indian languages supported on Linux? There might be other explanations for it as mentioned before, but with Linux(English only) being at 11% one could argue that that is significant.Quoting: PoliticsOfStarvingIs it even an accurate way to measure Linux gaming? For the last two years or so, I don't even bother installing steam, I just go straight to heroic.There is no accurate measure.
The Steam survey is one of the most accurate.
Steam dominates pc gaming enough to be considered a monopolist by the courts and for it to hold coercive power over Apple.
The survey provides enough extra information to see interesting trends including misleading ones(say variations in simplified Chinese. It's clear that if one considers Steam's global market Linux would probably not cross the 3% line, but that the Great Firewall of China distorts the picture).
Interesting here is that there isn't a clear variation visible for any of India's official languages.
With a 16% adoption rate [External Link], >1.4billion residents and a government with a track record of fast and hard decisions one would expect an easily spotted trend.
Nothing of the kind.
I would expect Indian Steam access to fluctuate comparable, but with a different rhythm, to Chinese Steam access.
Simplified chinese spikes are easy too see, yet there're no visible english and/or Hindi spikes.
European Commission gathering feedback on the importance of open source
13 Apr 2026 at 3:32 pm UTC Likes: 1
Maybe you want to say something about laws about electronic invoicing [External Link], the distribution of water [External Link], police datasharing [External Link], Fraud prevention and KYC laws [External Link], Export controls for dual use goods like chips, encryption tech and cybersecurity tools. [External Link]
Edit:
Ooh I found two that're much more juicy.
Call for you views on the current form of the Cyber resilience act. [External Link]
Call for your view of the current draft act for cross border health data sharing. [External Link]
13 Apr 2026 at 3:32 pm UTC Likes: 1
Quoting: MayeulCDarn, I missed the deadline, I had so much to say :|The EU is always curious what you've to say about the things that matter to you:
Maybe you want to say something about laws about electronic invoicing [External Link], the distribution of water [External Link], police datasharing [External Link], Fraud prevention and KYC laws [External Link], Export controls for dual use goods like chips, encryption tech and cybersecurity tools. [External Link]
Edit:
Ooh I found two that're much more juicy.
Call for you views on the current form of the Cyber resilience act. [External Link]
Call for your view of the current draft act for cross border health data sharing. [External Link]
Linux smashes past 5% on the Steam Survey for the first time
13 Apr 2026 at 2:48 pm UTC
The Steam survey is one of the most accurate.
Steam dominates pc gaming enough to be considered a monopolist by the courts and for it to hold coercive power over Apple.
The survey provides enough extra information to see interesting trends including misleading ones(say variations in simplified Chinese. It's clear that if one considers Steam's global market Linux would probably not cross the 3% line, but that the Great Firewall of China distorts the picture).
Interesting here is that there isn't a clear variation visible for any of India's official languages.
With a 16% adoption rate [External Link], >1.4billion residents and a government with a track record of fast and hard decisions one would expect an easily spotted trend.
Nothing of the kind.
13 Apr 2026 at 2:48 pm UTC
Quoting: PoliticsOfStarvingIs it even an accurate way to measure Linux gaming? For the last two years or so, I don't even bother installing steam, I just go straight to heroic.There is no accurate measure.
The Steam survey is one of the most accurate.
Steam dominates pc gaming enough to be considered a monopolist by the courts and for it to hold coercive power over Apple.
The survey provides enough extra information to see interesting trends including misleading ones(say variations in simplified Chinese. It's clear that if one considers Steam's global market Linux would probably not cross the 3% line, but that the Great Firewall of China distorts the picture).
Interesting here is that there isn't a clear variation visible for any of India's official languages.
With a 16% adoption rate [External Link], >1.4billion residents and a government with a track record of fast and hard decisions one would expect an easily spotted trend.
Nothing of the kind.