Risk of deadlock is real if you have processes calling each-other in a cyclic way. e.g. process A sends GenServer call to process B, that then sends a GenServer call to process A to in order to handle the original call. However, process A is busy waiting on B to reply to it's initial call.
> government passes law that requires companies to age verify users
> said government provides no way to actually verify a human's age
> hilarity ensues
That's exactly what pisses me off about it. The government could have at least devised a technical solution to verify the age of people privately. Data breaches happen all the time, do they just not care about the consequences when millions of peoples' porn watching habits are inevitably leaked?
It's a great first step toward making criticism of the government scary. Porn, hate speech, and other "legal but private/embarrassing" speech are the sharp end of the spear. When it's okay to restrict those, it becomes more easier to restrict political opposition.
Note that, while the proscribed group spray painted war planes, they also disbanded (and regrouped under different names?) immediately after their appeal against proscription failed.
The only people who are getting arrested now, are those who are expressing support for the group (so: speech only, no action besides showing up)
Nobody in the UK cares about "criticism of the government". That's a paranoid concept that only makes sense in a presidential system like the US.
In Westminster systems you can kick out the government all you want and often do. The point of the constitutional monarchy is to separate the people you "shouldn't criticize" from the people who actually have any power.
The reason they're doing this is that British people hate themselves, hate their children, and the purpose of the country is to take everyone's money and give it to pensioners.
> A man who was arrested by police in England for asking who elected King Charles III says he’s worried that his arrest could have a “chilling effect” on freedom of expression in the country.
That's the whole point of a constitutional monarchy!
The king's literal job is to not be the government. He gets to be the emotional symbol of the country and be treated with respect in exchange for promising to never actually do anything.
Most of them pretend the monarch is allowed to do things (as long as the government tells them what to do first), but in Japan and Sweden they don't even have that power. The emperor of Japan is basically just a prisoner we (the US, who wrote their constitution) keep in a palace for fun. They seem to like this and have taken to being the most boring family possible; the current emperor's official hobby is "water" and he stopped playing the violin because he thought it was too interesting.
As for why the UK still has lese majeste, beats me.
Personally I'd rather my kid discover porn sites with cleartext(S) browsing, so I can be aware of the development and have a talk. Then later I can teach them how to use VPNs, TOR, and other secure protocols to eek out some freedom from this digital prison that Surveillance Valley has built for us.
If I've understood it correctly, Pornhub can't see anything except that you've turned 18 (no names, no date of births, nothing) and your local government can't see that you've signed up for Pornhub using the app.
Yes, this is correct. As I understand it, the server asks the application some questions ("is the user above 18?" "are they a resident of country X?" or whatever), you confirm that you want to share the answer, and the application just gets "yes" or "no" to each question.
This really deserves a digital solution. Let me get a government account and generate tokens that websites can ingest to confirm I'm an adult (and other optional details about me).
Having to use passports or poor solutions like face scanning isn't good enough. I guess the reason they don't do this is because they fear the cost, anything governments price up these days seems to be in the billion range. So the politicians who don't understand how cheap it is to build software assume it's way out of their price range.
When you place all the requirements on a software product like what the government has to, then it’s going to be expensive. Anyone who thinks that the total cost of a privacy protecting, government accredited, widely available, reliable, audited, and domestically produced age verification system isn’t going to be in the hundreds of millions has never actually shipped something comparable.
It is literally illegal to slap a few lines of glue code and say “there’s your age verification, look how cheap it is.” The public would be happy about saving money right up until there’s a massive privacy breach and all the ways you cut corners are exposed.
I don’t know if leaving the standards unspecified is the right thing to do (it’s probably not), but don’t pretend like a government verified solution could ever be cheap when dealing with citizens’ identities.
I disagree. This is exactly what happened with the initial launch of Healthcare.gov after the Affordable Care Act. The government spent hundreds of millions contracting a large firm that completely botched the site, it couldn't even handle a few hundred users at launch.
Then a small team of highly skilled engineers from Google/Facebook etc were brought in to fix it. They stabilized and relaunched the system in weeks at a fraction of the original cost. It showed that the problem wasn't the complexity or the standards, it was how the project was managed and who was building it.
IIRC, it wasn't even that it contracted one firm, it contracted many, and the individual contracts were managed separately. None of the systems were actually required to work with each other in letter, only in spirit.
The major advantage of bringing in the engineers (only one ex-googler, most were oracle and redhat, again IIRC) was that they were all already bigwigs and knew how to take ownership of large systems, and were given the authority to do so.
A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.
The idea that a small group of people can't produce something that can scale to millions of people is just false.
It also wouldn't just be cheaper; it would be better. The "government" way of doing things would be far more likely to be broken glue code with privacy issues because all those committee meetings and bottom of the barrel contractor selection don't produce better end results
> A small group of closely working skilled engineers would produce something more reliable and far less likely to have a privacy breach than the typical government contracting system.
Large technological companies are unable to pull this off either, it’s unrealistic to expect it from a government.
What are you talking about? The government gets to cheat and use the IRL ID verification they do already for licenses.
* You create your account as part of your license renewal and have a normal-ass login. As part of that your account is manually marked as being 18+ (or just your age) by the person behind the counter.
* The government publishes a few public certs which will be used to verify.
* Then you go to your account page and click the button to generate a certificate signed by one of the government's private keys. The cert is valid for say 7 days.
* You upload the cert to the website you want to access and the website validates it.
Done. You make it illegal to provide your tokens to minors like it's illegal to provide booze to minors. Good enough for government work. It's literally just an EV cert.
The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
> The problem gets a lot easier when you have a country wide IRL ID system already in place and can write laws.
every time a country wide ID comes up, people freak the fuck out about state's rights and it being a power grab. people are already freaking out about RealID. it will take a very authoritarian system to force this through, yet it's the supporters of that leader that are the most vocally against it.
I don't think we can really trust in all those years of stated preferences, now that the revealed ones are so different. They folks who often say "States' rights" have always been the most willing to violate them if it gets them what they want.
Meanwhile, the rest of us should have new fears of a National ID feature. Republicans in administrator-roles recently started corrupting federal databases, fraudulently marking living people as dead [0] in order to kill their accounts, while firing the people who pointed out it was flagrantly illegal.
It doesn't require any imagination for the same bad administrators to illegally disable National ID logins because you posted something that hurt the cult-leader's feelings. The feature cannot be made safe if the framework is still open to crooks.
Hard disagree. The Right Wing Noise Machine freaks out. That is not what people generally think. That’s what they’re TOLD to think, by people who have an agenda to sew discontent.
The US refuses to do this, so we get a mess. Every state has different drivers license, Social Security numbers aren’t secure at this point, most people don’t have passports.
But if there was a true national ID, the government could provide APIs to verify those. Then these kind of things would be easy for the apps/sites.
All of that obviously ignores the problems in privacy from doing any of this in the first place, etc. i’m starting to think I’m on the side of our national ID given how much of a mess everything is with our current patchwork. But I certainly wouldn’t want to be giving it over to random sites.
We have sort of accidentally set up a system in which verifying someone’s age is a really really hard problem. If a credit card number or trying to use a photograph are the best tools we have it’s clear this doesn’t work.
I'd rather have a mess than allow the federal government to have more power over me. I'm trans and I would have to out myself every time I needed to show ID if I had to give up my state driver's license. I like not having to worry about getting harassed whenever I want to go to a bar.
I like the idea of a way of verifying who you are (in that you’re a real person) and age (so you could prove ability to do 18/21+ things).
I see no reason why random companies/etc would need to know gender identity, name, etc.
None of that is relevant to buying alcohol. If they need something, e.g. name on a mortgage, then maybe it’s optionally provided, under my control. I don’t know.
I’m not seriously suggesting we do this. They were clear downsides before the last 10 years made all of them ridiculously clear.
It’s more I hate the current mess and wish something nicer existed. I think it’s fixable in the abstract. But even if we had a good idea for a better system I don’t know how we’d get there. Between sovereign citizen nuts one side who don’t think there should ever be any way to prove they ever existed, to people like you with very clear and good reasons for fearing changes it just seems impossible.
I mean, honestly, there's a good question to be had: why do we even need gender on a modern ID? Assuming a reasonably up-to-date photo, there isn't even a whole lot of purpose in listing descriptive information about the person. And that's before we talk about other stuff that you could list instead or encode as data into a smart ID if you really want some descriptive data.
Unfortunately, I agree with you that while fixable in the abstract, we're not getting anywhere in the modern USA. Can you imagine what would happen if a politician suggested removing gender from IDs?
This is one of my biggest issues with pretty much any ID verification legislation. If the Gov wants to enforce ID verification, it is incumbent on the Gov to bend over backwards to ensure that everyone impacted is given a free, secure ID. I refuse to accept any situation where someone is excluded from public participation because they can't afford or are otherwise unable to acquire an ID.
Drivers licenses are the de facto one today. You can also get an id card for those who can’t drive.
But it’s fully incumbent on you to do it. You have to arrange transportation to get it, have the free time, necessary documents, live close enough, etc.
That already causes problems for people, and is getting worse as voter ID laws get passed.
“Everyone gets an ID once you’ve figured out these riddles three and gone on a quest” is a stupid system.
A quest indeed. In my state, it is not uncommon for there to be a months-long wait for appointments at the DMV. So, you can either wait the necessary months (how are you driving?), or try to slip in as a walk-in by showing up when they open and waiting the entire day for a chance to be seen. My local office will have 3 or 4 agents staffing the front and a line dozens long waiting outside the door before they even open. I get it, no one likes the DMV, bastion of inefficiency, blah blah... but for such a critical service, they're clearly not staffed for the demand that they're facing.
We already nearly have a national ID. That’s what RealID is clearly building towards. It helps to build a standardized and federated database of state ID cards that meet Federal guidelines. There’s an de-duplication system called SPEXS as well as a standard called Nlets that can be used to search the state databases. There’s a multi-state query (MSQ) that allows law enforcement to query all of the state databases and obtain a lot of the functionality that we get from a national ID. What’s missing from this is citizenship data, but ICE has a system called IAQ/IAR that can help with that. The recent “BBB” bill also tosses a lot of IT funding at DHS and ICE, which might lead to further expansions.
There’s also a system called mDL that allows you to obtain a digitally signed mobile driver’s license that can be used in your smartphone. This is only supported by a few states for now but it’s not hard to imagine this expanding to many more states in the near future, especially now that both Apple and Google are starting to support it. TL;DR we may not have a national ID, but it sure seems like pretty soon we’ll have an effective “national ID” that does most of the same stuff.
Problem: the millisecond this system is rolled out, personal data will be attached to it, not least because I'm just going to generate unlimited 18+ tokens and sell them for $10 apiece
You don't need to identify the user, just be able to show that two tokens are the same user and invalidate, log out both users, and make them generate a new token. You can sell your license to kids today, but it doesn't scale and is a terrible idea to give a kid an ID to a place you frequent.
So basically how it is today with phone verification. There are websites where you can pay $5 to borrow a phone number to verify a particular service. Except you only get one at a time.
Your idea also amounts to preventing ban evasion by linking a government ID to each account, which is on of the criticisms of linking accounts to government ID. And preventing multiple accounts even when not used to ban-evade..
And are you going to give the government N^2 queries every day?
My understanding has been that any form of national ID (beyond a passport) is a complete non-starter in US political discourse, and it's all handled at the state level. Not so?
Briefly, the government can give you a digital copy of your driver's license or passport or whatever that can be bound to a hardware security key you have. Most modern smartphones have a suitable security key built.
To verify your age for a site a zero-knowledge proof (ZKP) can be constructed for the site to prove that you have that document, it says your age is above the threshold needed for the site, and that you have the hardware key it is bound to, and you were able to unlock that hardware key. Nothing else is revealed to the site.
Note that once the government issues that digital ID bound to your security key they are out of the picture. They have no idea what you use that ID for or when you use it.
Google has released an open source library to help with this kind of system, discussed here [1].
My bank has an API endpoint that (basically) returns your name and age (in this use case). It can return more for signing electronic docs etc. and is basically your digital ID.
Need to buy "toys", vape products, alcohol... anything adult online?
There's a 3rd party web app (you rightfully don't trust) as an age check in the shopping cart / user account of any of these adult shops, and this has multiple ways of verifying your age - and one of them is the bank's api, you pick it, your bank's identity sharing page loads, you log in, it shows exactly what information will be shared in a bullet point list, you tap OK, immediately a request like "this app wants to know your age, please verify" pops up in your smart banking app on your phone, you tap ok, fingerprint scan, DONE.
Problem solved. The 3rd party app knows just what it needs to. All of this takes maybe a minute and your personal info is perfectly safe (unless you don't trust your bank at which point you have bigger problems to worry about...)
Identity shouldn’t be tied to a private institution that requires you to have a bank account to login.
Two of the well-used solutions to identity in the U.S. are login.gov (government-managed) and id.me (private, but used by government). Basically to get setup, at some point you have to have physical presence to get an actual government-approved physical ID, which can still be a barrier to some, but it doesn’t require a bank account.
Just don’t implement your own like Discourse and Tea.app.
>Identity shouldn’t be tied to a private institution
This right here. Just look at what happened with visa/mastercard this week, private institutions can and will cave to special interest groups advocating to block access to legal content.
Whether it’s a government controlled or private identity provider which can or has to provide data to the government, in the end it’s still the perfect way to control what people do online. It’s age restricted stuff at first, but can just as well be applied to any store or social media. Not so eager to express your dissent if it has your name stapled to it.
> Just don’t implement your own like Discourse and Tea.app.
FWIW discord did not implement their own (sensibly), but since the british government does not provide this service it basically mandates possibly dodgy middlemen.
As a Brit that relocated to Norway a decade ago, trust me when I say you cannot fathom the lack of organization around identity that the UK (somewhat intentionally) has. (It’s constantly used for political Godwin’s-law fear-mongering)
There is no centralized ID number, the closest is your social security number but this is basically only outbound for PAYE tax and haphazardly correlated to your pension payments in late life.
Everything operates on a “trust system” where you often present paper (!) with whatever address you claim to be living at as proof you are real (e.g. opening bank accounts).
Passport loss is rectified by seeking out “professionals” with government-approved occupations that are not related to you that can vouch you are actually the person you are trying to replace a passport for.
The entire thing is a mess and living in digital-identity-native Europe is a dream come true that you should be extremely thankful for.
>>There is no centralized ID number, the closest is your social security number
Until you find out that due to a cock up years ago the National Insurance numbers are not guaranteed to be unique, and you realize that somehow the best proof of identity British people have is a humble driving licence because DVLA is at least somewhat competent.
It's even worse now: A lot of places now accept PDF's of things like bank statements, since so many people don't get paper copies any more.
It's not that it was hard to fake before if you wanted to, but when you can just get a real PDF as a starting point, and edit it slightly it's just theatre.
It doesn't have to be perfect. This is how financial regulation works in the US too, but it does work. The idea is that every individual step is weak, but it's a crime to bypass any of it. So the deterrence is you can catch things probabilistically and most people don't want to commit a whole bunch of crimes at once because they all have individual punishments.
B-but... if we have an ID card the "government" will be able to track us! /s
It does annoy me how much people get away with scaremongering, I just read a comment of someone who's against digital payments because "then the government will be able to work out how much tax you owe"????
This is the way. Belgian banks joined forces years ago to create such a platform for identity verification and private companies can get granular acces when needed and after they are vetted.
It's all based on the 2014 eIDAS regulation.
Actually, they could release a platform quite easily that only delivers age verification, without anything else.
For example, our id's have a qr on it that contains some basic info. Why not provide a platform for age checks with that qr? Anyway, fuck them. Education goes a lot further than trying to force identity verification on private companies when there is no real life threat in play.
Yeah, it's more about the future. Maybe in a year or three, you'll be able to write a website that does age verification using a standard web API, without processing any identity documents yourself, and expect it to work.
And sometimes kids will put fake ID's on their phones, or borrow a phone, but that's not your problem.
Why should the govt provide a way to verify? They should fine companies that violate. Companies will figure how to comply because they don't want to be fined.
The truth is this won't actually stop AI crawlers and they'll just move to a large residential proxy pool to work around it. Not sure what the solution is honestly.
I don't know if I ever recall seeing a CEO go to jail for practically anything, ever. I'm sure there are lots of examples, but at this point in my life I have kind of derived a rule of thumb of "if you want to commit a crime, just disguise it as a legitimate business" based off seeing so many times where CEOs get off scott free .
He went to jail because he refused to help the NSA violate FISA, and then he sold the stock knowing that his refusal would cause the stock to drop (i.e. insider trading). His conviction was entirely on the basis of insider trading. The SEC went after him, not the NSA or DOJ or whatever.
> His conviction was entirely on the basis of insider trading. The SEC went after him, not the NSA or DOJ or whatever.
The SEC has no criminal prosecution powers; all they can do in that regard is write a note asking the DOJ to pretty-please look into something. The only way to get a federal (civilian) criminal conviction is to have the DOJ go after you.
> His conviction was entirely on the basis of insider trading.
Insider trading charges are to high-flying executive-types as "Based on my training and experience, I detected the distinct odor of cannabis on the suspect's person" is to folks who are committing the crime of walking while black near an officer with something to prove.
Seriously, these regs are very, very vague and open-ended, and a ton of deference is given to the SEC.
It's the usual PaaS convenience tax, you end up paying an order of magnitude or so premium for the underlying bandwidth and compute. AIUI Vercel runs on AWS so in their case it's a compound platform tax, AWS is expensive even before Vercel adds their own margin on top.
Hi, I'm the author of the blog (though I didn't post it on HN).
The site was originally secondary to our business and was built by a contractor. It was secondary to our business and we didn't pay much attention until we actually added the episode pages and the bots discovered them.
I saw a lot of disparaging comments here. It's definitely our fault for not understanding the implications of what the code was doing. We didn't mention the contractor in the post, because we didn't want to throw them under the bus. The accountability is all ours.
Metal looks super cool, however at my last job when we tried using instance local SSD's on GCP, there were serious reliability issues (e.g. blocks on the device losing data). Has this situation changed? What machine types are you using?
Neat workaround! We only started working with GCP Local SSDs in 2024 and can report we haven't experienced read or write failures due to bad sectors in any of our testing.
That said, we're running a redundant system in which MySQL semi-sync replication ensures every write is durable to two machines, each in a different availability zone, before that write's acknowledged to the client. And our Kubernetes operator plus Vitess' vtorc process are working together to aggressively detect and replace failed or even suspicious replicas.
In GCP we find the best results on n2d-highmem machines. In AWS, though, we run on pretty much all the latest-generation types with instance storage.
Except this article is about how their efforts to prompt the LLM didn't end up working and how they used embeddings / vector search to filter out comments that the LLM generated based on user feedback.
If one doesn't know how to prompt the LLM, or if one uses an inferior LLM, then it's one's own fault. The prompt shown in the article failed to convey to the LLM the reason behind the ask. The LLM can behave better once it internalizes the reasoning. The low-importance comments could alternatively also have been easily filtered out using a second use of the LLM without needing any voting. The approach used in the article isn't something to celebrate.
This is rarely a problem in practice however.