Rivalarrival

Worse, they’ve grown up on a steady diet of media telling them that “if you say the wrong thing” to a girl, “she’s going to accuse you of something,”

There's a big problem with the premise of this argument.

The article accepts this "steady diet of media" as fact, but implies that it only affects "guys".

If there is, indeed, a "steady diet of media" saying this to a guy, then that same "steady diet of media" is saying the same thing to a girl: "If a guy says something wrong, it is reasonable for a girl to accuse him of something". Girls are hearing the exact same message that guys are hearing.

If that "steady diet" actually exists, then the guy's concerns of accusations are valid, and he should be praised for ensuring he doesn't "say the wrong thing".

Suppose Microsoft adds this capability to Windows, and you edit the registry to disable it. How is that any different?

By allowing the end user to change it instead of locking it down, they are not making a good faith effort to comply, and they lose their liability protection. To maintain their immunity, at the very least they will need to prohibit Californians from disabling the feature.

Canonical is prohibited from adding comparable terms.

I can see the argument for something like iOS.

How is iOS any different from Windows here?

Let's say you own a computer store in California, you sell Windows laptops, and you setup your preinstalled Windows image with the registry edit made, because customers don't like the silly age prompt. How are you not the OS Provider?

Again, to maintain their immunity under this law, they would have to prohibit me from doing this in their licensing agreement. My violation is what protects Microsoft. I would, indeed, be the OS provider in that scenario.

But in the scenario you describe, I'm not the end user.

Neither Canonical nor I can include the same restrictive terms in our OS offerings. We can simply inform our users that the OS is not California compliant. Our users become their own OS Providers as soon as they decide to use them in California.

And a user of Ubuntu only has access to the functions that Canonical has provided.

That is not at all accurate.

Administrator access to Windows is not at all comparable to root access on Linux. Windows "root" access is held solely by Microsoft, and granted only to Microsoft employees and contractors. They are the only ones with the capability of changing Microsoft's binary blobs.

Canonical doesn't restrict root access. Everyone who installs Ubuntu has root access by default.

Suppose Canonical adds this capability to Ubuntu. Suppose I take an Ubuntu install, and remove this capability. Who is the provider of the resulting OS, Canonical, or me? Obviously, I am responsible for the changes; I am obviously the OS Provider in this scenario.

What I am saying is that I was the OS provider before I made the changes.

Let's remember that the law distinguishes between the OS and Applications running on that OS. They require that the signalling apparatus be included in the OS. Technologically, the distinction between OS and Application is somewhat arbitrary. For commercial OSes, it's pretty simple: The OS is what Microsoft declares to be part of "Windows" is the OS; everything else is an application.

Suppose Microsoft refuses to include this signaling apparatus. The end user cannot modify Windows, so does not become liable as the "OS Provider". The user can bolt on the functionality as an application, but cannot make it part of the OS. Microsoft is the one facing the fines under this law.

For FOSS software, the end user's root access gives them the ability to add this signaling capability to the OS running on their machines, even if Canonical refuses to distribute a compliant OS. The user's ability to make their own OS compliant with California law makes them the party liable for non-compliance.

The windows user uses the OS. The windows user does not control the OS. They only have access to the functions that Microsoft has provided. The Attorney General of California won't be able to argue that the sysadmin is the OS Provider of a Windows installation. The OS Provider of Windows is Microsoft.

The Attorney General of California would easily be able to argue that the OS Provider of a particular Linux instance is the sysadmin of that instance.

If your code is installed on a general purpose computing device that is provided to a child, you can be fined.

If you provide code to the general public without requesting an age signal from the receiver's OS, you can be fined.

The attorney general of California might consider the JavaScript in your web page to be "content". They might consider it to be an "application". There is no clear distinction. If you request an age signal before providing content, you can be fined. If you fail to request an age signal before providing an application, you can be fined.

The more I read about this law, the less I think it will actually go into effect. It's going to face a whole series of injunctions. The lawyers are going to bill thousands of hours, but the whole thing is going to be scrapped.

The law doesn't require anything of users, it requires something of OS providers.

For a FOSS OS, any user with root access would be considered an "OS Provider" under the definitions provided in this law. With FOSS, there is no real distinction between "user" and "developer".

No... The law literally says that if you make a good faith effort then you are not liable.

It used to be that my liability was to the people using my code. If I code badly, they won't use it, and I might be blocked from contributing to a project. That was the worst penalty that I faced for providing bad code.

Now, I might have to argue against a lawyer claiming my mistakes are negligence, and my efforts are in less than good faith, with financial penalties should they prevail.

They merely need to point to my opposition to this law as evidence that I am not acting "in good faith" to support it.

Throwing up our hands and exiting California and Colorado is playing into Microsoft's desires. It is also the only rational response should this law go into effect as planned. Which means the proper course of action is to denounce this idiot law, not lend it our support or rationalize the harm it causes.

And if I make a good faith effort, but it doesn't work right, that's a $2000 penalty. Every time that snot-nosed, unsupervised kid opens an app.

You could of course decide to not provide to residents of California and Colorado.

Yes, that's exactly what Microsoft and Google want. They don't want my FOSS OS competing with their commercial offerings.

The law effectively only applies penalties to the parents.

This applies penalties to far more than the parents. If I provide an operating system to a California parent, and my operating system does not include this "signal" apparatus, I can be fined $7500 every time a kid launches an application on my OS, for my deliberate decision not to implement their asinine horseshit.

I highly doubt it's ever going to come into effect. We'll see injunctions later this year.

A windows sysadmin does not need to be granted the authority to alter or disable the binary blob that performs the age verification. Microsoft can restrict that access and maintain control over that aspect of the OS. As they will be held liable for allowing it to be disabled, they are not likely to do so.

Canonical cannot compel a similar restriction in its users and sysadmins, due to the FOSS-ness of the software. They cannot be held responsible for what that sysadmin does with their software. The sysadmin, then, becomes the OS Provider.

They control the OS the same amount under either windows or Linux.

That is false. The Windows sysadmin does not fully control the binary blobs of the OS, including (presumably) the blob that performs this age verification process. If Microsoft is going to be held responsible should that feature be absent, Microsoft is not going to allow that feature to be disabled, unless responsibility for compliance transfers to another "OS Provider". This restriction is well within Microsoft's power and control: they do not grant full and total control of the OS to the end user.

The age-signaling apparatus will be well within the the Linux sysadmin's control. This is simply the nature of FOSS. The Linux sysadmin can't be stripped of that control: they control the source code to the OS. They always have the power to determine what functions their OS will and will not perform. Their decision to use such an operating system qualifies them as a "developer" under this law.

But it isn’t like Canonical and RedHat are just some guy in a basement - these are commercial entities developing and licensing software just like Microsoft.

Canonical produces a version of Ubuntu with the age signalling apparatus. A California sysadmin installs it on a child's computer and removes or bypasses the signalling apparatus. Is Canonical still the OS Provider?

What if he doesn't disable it, but a bug in the age verification app causes it to fail. Canonical puts out a bug fix in an update, but the sysadmin's update policies block that update. Canonical can't force an update in the way that Microsoft can. It is the sysadmin's choices that are preventing the patch from being applied. Is Canonical still the "OS Provider" under this law? Or is the sysadmin the responsible party?