Some of it is pure backlash against AI, but there's still solid reasoning for not allowing it.
A lot of the little vibe coded self hosted utilities were made by folks with zero software development experience, over a weekend. These are apps where people need to be able to trust them to be exposed to the internet, and trust them with their data. Allowing zero-experience, purely vibe coded software in this environment is a recipe for disaster.
I've no problem with folks vibing their own little tools for use at home, but that doesn't mean it needs to be shared, and it a lot of cases, it probably shouldn't unless you really know what you are doing.
Job's thermonuclear threats were about Android & Google, not Samsung because Schmidt was on Apple's board during the development of Android.
> "I will spend my last dying breath if I need to, and I will spend every penny of Apple’s $40 billion in the bank, to right this wrong. I’m going to destroy Android, because it’s a stolen product. I’m willing to go thermonuclear war on this."
The falling out with Samsung was related, but more about the physical look of the phone
> So, Schmidt had inside knowledge of before following Apple into the smartphone category?
That's the theory/assumption. Android started as an OS for blackberry-style phones with physical keyboard, non touch screens.
Almost as soon as the iPhone launch, Schmidt left the board, and Android pivoted to a multi-touch interface almost immediately, and a year later the HTC Dream came out.
I don't think anyone has any real proof of wrongdoing but the timing is certainly suspicious
> I truly fear the harm that will be done before legislators realize what they’ve created.
Not defending the legislation as I overwhelmingly disagree with it, but if I recall, I don't think any of the age verification legislation specifies a specific implementation of how to verify age.
Requiring photos, or photo ID, or any other number of methods being employed, were all decided on by the various private companies. All the legislators did is tell everyone "you must verify age." The fault here is on Roblox as much as it is on the legislature and they should equally share blame.
> Once issued, the e-ID will be stored in a secure digital wallet application on the user’s smartphone or other compatible device.
That sounds like Apple & Google-blessed Android only, open source gadgets and non-Microsoft desktops not supported. Estonia at least used smart cards where a reader can be plugged into just about anything.
The problem with e-ID is its focused on identity verification, not just age verification and that's where the problem lies.
We still need the ability to be psuedoanonymous online. We should be able to verify age without divulging any identifying information to the service requesting age verification.
An e-ID registry could work on a sort of public/private key system so long as the services requesting informatino from the registry only receives a yes or no of "is this person old enough" and no further information.
If an e-ID can vouch you are citizen number #3223423, it should be able to use the same crypto to vouch that your birth date predates a threshold, without revealing anything else. It's more a question of requirements gathering & UX (and political will).
I'm obviously not going to show my id to Zuckerberg's website or any porn sites, casinos because I don't trust those bastards. They're also not the police, so they lack the proper autoritah to request my an id.
I think the point of the comment you are answering to is that in Switzerland, they are building a system where you can prove your age without telling who you are to the website, and without telling which website you visit to your government.
The government might not know which website exactly, but the fact that you are looking to verify your age is in itself a datum that you might not want the government to know. "Palata was either looking at porn or buying drugs in January 2026" is probably not something you want the government to know, even if the specifics are obscure.
It doesn't have to be exclusively digital. You can be psuedoanonymous using some form of key as verification. To get a key, you have to present your ID in person at, for example, the social security office or local DOL.
All the key does is attest that "this person is over X years old" with no other identifying information associated with it.
I think blending in person & digital together is going to be the best way forward. Like going to the store and buying alcohol. I have little privacy risk from the cashier glancing at my ID for a second to check my birth date.
> I have little privacy risk from the cashier glancing at my ID for a second to check my birth date.
Imagine your abusive ex is looking for you. She could go to a few alcohol vendors in the area and tell them "Respectful cashier, I suspect that my husband is reverting back to being an alcoholic. If you see the birthdate 1971-06-21 then please phone me after he leaves".
To which the vender replies "Why on earth would I check if someone over the age of 50 might be under the age of 18 (or 21 in some parts of the world)".
Well, I did have many more recent exes in my early twenties than I do in my fifties.
But also the mechanics of the check might be important. For instance, I always go to take the baby out of the back seat when I park, even though I have not driven a baby in years. Because I do not want to ever risk leaving a baby unattended in a car. The store policy might be to check every ID, even in seemingly obvious cases.
But that would require the government to set up the system that lets you present your ID and get a key. They haven't done that, so it's not valid to blame businesses for not using it.
> with no other identifying information associated with it
Not possible, the key itself becomes identifying information similar to how an IP address + timestamp is identifying information even though their is no information abut you stored in the IP address or timestamp.
A digital ID, like someone said below. But people (in the UK at least) go mental about that, despite the government already having all the information anyway. Creating a easy way to securely share that information with a 3rd party for online verification is apparently the work of the devil.
In the real world you turn up in person with a passport, or maybe use snail mail as a way to verify an address which is hard to fake.
Online we have to pretend it is still the internet of the 90s where it's all just chill people having a fun time using their handle...
Shamir's secret sharing. In that scenario, capturing me alone isn't going to get you anything even if I divulge my piece of the secret. You'd still need to find out who has the other pieces, find them, and convince them to divulge as well.
Maybe there's 3 of us, and the 4th part of the password/secret/private key is on a server of mine somewhere. If I don't check in for x duration, it wipes itself.
Yeah it means my Monero is gone now, but at least my attacker didn't get it.
You can design in ways such that there isn't a password to give up in the first place. Maybe the key is distributed and you need all x number of people to decrypt. Sure, maybe the state can capture everyone but it becomes significantly harder than targeting a single person and threatening them with torture.
Combine that with rate limiting and a dead man's switch.
Hard power still matters. It gets access to things like fiber closets, upstream dependencies, subtle flaws in encryption schemes that take years to figure out, information linking your networks, and more than I can think of.
Cute tech can slow them down until they go through the effort of controlling most of TOR's exit nodes and point the Eye of Sauron at you.
> If you want the AI to do anything useful, you need to be able to trust it with the access to useful things. Sandboxing doesn't solve this.
By default, AI cannot be trusted because it is not deterministic. You can't audit what the output of any given prompt is going to be to make sure its not going to rm -rf /
We need some form of behavioral verification/auditing with guarantees that any input is proven to not produce any number of specific forbidden outputs.
Determinism is an absolute red herring. A correct output can be expressed in an infinite amount of ways, all of them valid. You can always make an LLM give deterministic outputs (with some overhead), that might bring you limited reproducibility, but that won't bring you correctness. You need correctness, not determinism.
>We need some form of behavioral verification/auditing with guarantees that any input is proven to not produce any number of specific forbidden outputs.
You want the impossible. The domain LLMs operate on is inherently ambiguous, thus you can't formally specify your outputs correctly or formally prove them being correct. (and yes, this doesn't have anything to do with determinism either, it's about correctness)
You just have to accept the ambiguousness, and bring errors or deviation to the rates low enough to trust the system. That's inherent to any intelligence, machine or human.
This comment I'm making is mostly useless nitpicking, and I overall agree with your point. Now I will commence my nitpicking:
I suspect that it may merely be infeasible, not strictly impossible. There has been work on automatically proving that an ANN satisfies certain properties (iirc e.g. some kinds of robustness to some kinds of adversarial inputs, for handling images).
It might be possible (though infeasible) to have an effective LLM along with a proof that e.g. it won't do anything irreversible when interacting with the operating system (given some formal specification of how the operating system behaves).
But, yeah, in practice I think you are correct.
It makes more sense to put the LLM+harness in an environment which ensures you can undo whatever it does if it messes things up, than to try to make the LLM be such that it certainly won't produce outputs that would mess things up in a way that isn't easily revertible, even if it does turn out that the latter is in principle possible.
You need both. And there AI models where it's input+prompt+seed that are 100% deterministic.
It's really not much to ask that for the exact same input (data in/prompt/seed) we get the exact same output.
I'm willing to bet that it's going to be the exact same as 100% reproducible builds: people have complained for years "but timestamps about build time makes it impossible" and whatnots but in the end we got our reproducible builds. At some point logic is simply going to win and we'll get more and more models that are 100% deterministic.
And this has absolutely no relation whatsoever to correctness.
> I get zero joy out of wrestling build tools or figuring out deploy scripts to get what I've built out onto a server.
And for me (and other ops folks here I'd presume), that is the fun part. Sad, from my career perspective, that it's getting farmed out to AI, but I am glad it helps you with your side projects.
I am one of those, but that's why I went into the ops side of things and not dev, although the two sides have been merging for a while now and even though I deal with infrastructure, I do so by writing code.
I don't mind ops code though. I dislike building software as in products, or user-facing apps but I don't mind glue code and scripting/automation.
Don't ask me to do leetcode though, I'll fail and hate the experience the entire time.
This goes for coping with a lot of executive function problems and disorders.
Part of how I have to manage my rather severe ADHD is specifically crafting an environment that's as ADHD friendly as possible, much to my wife's dismay.
That means nothing can ever be hidden away or out of sight, otherwise I will immediately forget it exists. It means every bill must be on autopay, or it will not get paid. It also means living as minimally as possible, for me. Even something as "simple" to a neurotypical like washing dishes or doing laundry is a seemingly impossible mountain for me to climb. I solve that by owning as little as possible, and I also remove choices by, for example, just owning multiples of the same exact outfit.
The moment any sort of friction or context switching is involved in a task, I am going to fail, so I have to architect my life in a way that reduces friction as much as possible.
I also have ADHD and i also find living as minimally as possible very helpful. Could you elaborate on more of those tactics that work for you? I am also curious how you apply this to your work life
Basically things that eliminate friction. I wear only slip on shoes because having to tie & untie is friction. I replaced our kitchen cupboards with those glass window ones so I can see whats inside every cabinet without opening it. I have multiple laundry bins, so I actually don't put clothes away in a dresser when done. I just leave them in the bin, pull out what I'm going to wear, and then have separate bin(s) for dirty. Eliminates a huge friction point (folding & hanging) when it comes to doing laundry.
For work, that's mostly just luck. I'm a solo sysadmin for a non-tech company, and I work from home so I have a great deal of freedom. Outside of interruptions for help desk level tickets/emails (which suck and do throw off my flow), no one really oversees what I do and I set my own deadlines for the most part so I can work when and however it suits me to take advantage of days where I have good flow state.
Thanks. I'll also add a couple of my tactics for other ADHDrs out there: I only have black same socks, underwear and T-shirts so I never have to bothered by them. I replaced my coffee machine with a simple French press, so the cleaning and maintenance is quick and easy. I add every fixed-date event to my calendar so that I get a notification when something is due and don't have to remember it. I write everything down and make lists so I keep track of stuff. I try to reduce all the fluff from my life to simplify it, and I am extremely weary of getting new things, because each thing comes with responsibilities such as maintenance, cleaning, storing and of course using it. I basically want daily stuff to leave me the fuck alone and I feel like this frees up a lot of mental resources for me
> If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons. If you cover them in giant warning labels the scammers simply add explanations into their patter. The buttons must physically not exist, for gullible people to not get scammed out of money.
We shouldn't be protecting someone that gullible at the expense of everyone else who is smart enough to actually read whats on the screen and not fall for such simple scams.
Not that long ago most of this forum was very much against giving up freedoms in favor of catering to the lowest common denominator. What happened?
People need to take responsibility for their own actions and educate themselves, not rely on a lack of freedom to protect them.
A lot of the little vibe coded self hosted utilities were made by folks with zero software development experience, over a weekend. These are apps where people need to be able to trust them to be exposed to the internet, and trust them with their data. Allowing zero-experience, purely vibe coded software in this environment is a recipe for disaster.
I've no problem with folks vibing their own little tools for use at home, but that doesn't mean it needs to be shared, and it a lot of cases, it probably shouldn't unless you really know what you are doing.
reply