To me the thing I like about Redis is that it gives you a storage engine very suitable for caches; it handles TTLs and memory pressure, as well as built-in serialization with the ability to get better performance by allowing for some data loss. At the same time, many users will be deploying small programs to individual machines. If you could just have Redis be embedded this would make it very operationally simple: no additional daemons and a single file to backup if you want to.

It would also be useful because of the ability to switch modalities. When running a multi node service, you can use Redis to share data between nodes and use Redis pubsub as a communication bus. If you wanted to support a simple single node configuration too, then it wouldn't need to be a special case, it could just go through the same mechanism but with an embedded Redis instance.

It's pretty similar to SQLite: being able to embed more or less a complete storage engine into your app can be very convenient and powerful.

Well, if you have a single instance than using language libraries and structures will be better in most cases.

If you use multiple nodes, then you probably want your redis lifecycle not be tied to application lifecycle.

I am not aware of an in-process alternative similar to what Redis offers.

Well the most basic redis replacement would be just a global hashmap to replace GET and SET, possibly with a background thread to periodically delete expired keys. But obviously that stops working as soon as you get a second node.

The entire value of redis IMO is that is ISN'T inside your normal application, but rather some shared storage that all nodes can use to coordinate and that survives deploys, but that provides more ergonomic data structures than SQL databases. Caches are only one type of such shared data, but things like feature flags, circuit breakers and rate limiters are also super common (and super useful).

Mnesia, if you’re using Erlang or Elixir.

Unfortunately I have never really used Erlang outside of deploying RabbitMQ. I mostly use Go, Rust, Python, sometimes C/C++.

However, Mnesia seems like it is quite a bit more of a complete distributed database engine than Redis. To me the nicest thing about Redis is just the convenience of what it offers: very fast data structures, serialized, optimized (at least by default) for cases where speed is more important than durability. It is simple on many levels and somewhat constrained in scope. Mnesia seems to be aiming more generally in the distributed database category.

So how do you feel they compare?

Really it would be more like Nebulex/Cachex which provide a really nice caching interface across ETS (what Mnesia is built off of) or other data stores.

I really struggle to believe you wrote text like:

> A simple distributional analysis of every rsync release with bug data. No model. No assumptions. Just placement.

No, I didn't write the text itself. I'm typically significantly more verbose and elliptical, and more than that, the numbers and methodology changed often enough over the course of the last couple days I was working on this because I was trying to get it to be as accurate and fair as possible that trying to keep the whole thing up to date manually would have been problematic.

That's interesting; IME, most people get equally angry and are as likely to disengage with a superior tone over my autism-infodump verbose essay prose as with LLM output.

At least when I write an autistic info dump people know I wrote it. Why give your voice over to a corpo slop factory?

Heck, I use LLM assistance for coding and I’ve even coded up whole features with the clankers, but giving it the right to speak for me is too much.

I should also add that I read and understand every line of clanker output that I publish for others, so I’m not a vibe coder either, just adhd.

I read it perfectly fine. I see content, not style.

Style is also part of the content. Word choice, grammar, register, and tone all affect meaning and communication of that meaning. The medium is part of the message.

So your statement betrays a significant misunderstanding - there is no neat clean divide between style and content.

Also, LLMs often generate text that is plausible, but wrong, in ways big and small.

When you say, "I see content, not style," you are separating what is being said from how it is being said. While it is great that you can extract the core message, you are missing a fundamental truth about writing: style and content are rarely completely separate. Writing involves both.

Poor prose does not just make writing ugly — it creates friction, obscures nuance, and introduces ambiguity.

You can eat a gourmet meal out of a dirty paper bowl. You still get the calories, but the delivery mechanism definitely impacts the experience and the perceived value of the food. Same food, different response.

See? I can write slop too, I don't even need to burn down a forest to do it. If you are OK with every fucking thing being written exactly like this, good for you. I am not.

In general, it seems HN does not like to read llm-generated articles. I ran into this myself when using an llm to edit some stuff I wrote.

At the time, I found this a bit irritating, but with a few weeks time I see the merit. The informational content tends to fall into “derivative” territory when LLM’s write stuff. And people are here for novelty and some socialization.

Also LLM prose seems optimized for engagement rather than concise communication. Takes longer to sift through linguistic boilerplate to get to the point. (The quoted bit being a case in point)

Why would anyone spend time reading something that someone couldn't even spend the time to write themselves?

I just find it to be utter dreck. It has one of the most agitating prose styles I've ever seen. I would legitimately rather read actual broken English than the cliché polished turds Claude pops out. I am not an LLM hater, I think these tools are pretty impressive and often even useful, but even if I didn't care about the fact that I want to read communication from humans and not robots (and I do care about that, FWIW) I just find the current LLMs are horrid at writing.

And while the comments are always flooded with people like me, the upvotes seem to tell a different story; clearly LLM writing really does appeal to some people. Or idk, maybe a lot of people who vote on stories and don't comment don't actually read them. Hard to say for sure.

I think it’s just people don’t read before voting, they upvote on the headline and then come to discuss it here.

I don't even know what "just placement" is.

(I need a better model to translate from llmese.)

Sometimes the things word generators say just don’t make sense.

I ran into some of these issues when working on IPv6 validation in a library. I found that if you just call system functions like inet_pton, you would also get OS-dependent restrictions on what zone identifiers are valid! This isn't ideal so I wound up just making an IPv4/IPv6 parser with a very liberal zone ID production. Said library also supported URLs, and I did not implement it to parse the IPv6 literal as percent encoded in this edge case, but it winds up working both ways anyways. Is this good? Maybe not: maybe it would've been better to pick a strict subset instead. However, whether or not that would be better depends on specific use cases. Unfortunately, there is just no perfect answer sometimes.

No, forcing everyone to verify their age is a terrible thing. That's not the same thing as keeping kids away from potentially harmful websites or people. That is positive, but it's awfully weird to enforce it by doing this terrible thing that hurts the open Internet when almost every single kid on the Internet is using a device and Internet connection provided by their guardian. Seems like we could figure something out that doesn't literally require every website to process your identification and completely destroy anonymity.

Idk why people are so obsessed with this issue. Having to verify your age to access adult content seems completely reasonable. If you go into a grocery store and you bought a carrot you dont have to show age verification. if you also buy a beer you do.

Why is everyone so opposed to the internet working this way?

1. Because it isn't what you are saying it is.

You are suggesting it's simply a matter of adults verifying their ages to access adult content. But it isn't! We're being asked to either scan our faces or provide our government IDs, to access basic online interactivity we already have, on the likes of Discord and Playstation Network, in an effort that is rolling out slowly worldwide. No need for porn or sex at all. These things aren't even required by governments yet. Companies are so eager, they're jumping ahead of schedule.

But would I scan my face to be able to watch porn? Of course not, that's insane. This isn't real life where someone can take a look and go "sure he looks 18" and do no real verification at all. This is the Internet. I'm not going to send a live stream of my face to some company, and by the way we have some real true five star companies stepping up to the plate to provide verification services, and have it literally be associated with my intention to download porn. Firstly, why would I want the site operators to even have any more information about me than necessary? Aren't sex stores awkward enough as it is? Secondly, it's the Internet, as soon as that information leaves my computer "encrypted in transit" I may as well treat it as potentially compromised already.

(Though just to be clear, real life is getting spookier too. With Flock cameras popping up everywhere, we can celebrate the death of privacy IRL while we celebrate it online, too! I am aware that certain countries killed privacy much earlier than others, no need to point it out.)

The long and short of it is that people will (and largely already have) just stop browsing porn sites when invasive "age" (often actually government ID) verification is required, which I reckon is the primary intent here. It seems to dovetail nicely with the other obvious PR campaigns against adult content, porn and sex work in the past decade. They've worked quite hard to try to make people forget "the internet is for porn" era.

What's crazier is there was Less age verification than what is being proposed right now back when people phoned in to order a VHS using your credit card. Remember when credit cards were a godsend for the adult industry? The funny thing is that now, you're lucky if you can use your credit card at all for porn, thanks to the anti porn movement that happens to coalesce suspiciously closely to this movement. And in some cases, it seems that merely providing a credit card is no longer seen as sufficient evidence of adulthood. True, you could just steal your parent's credit card... Just like you could 30 years ago. Or just like how you can get a fake ID. Does that mean we should treat everyone trying to buy adult content as if they may have stolen their parents credit card by default?

2. Because I am an adult.

Most of us are. Almost 80% of us are over the age of 18, at least going by U.S. demographics.

And, we're under 18 for less than around 22% of our lives.

The Internet is not some international daycare program. It is an interconnected network of computers. The connections are managed by adults. It's true that there's always workarounds like free Wi-Fi hotspots, but by and large to be online is to be connected to an Internet plan managed by an adult. That means we already should be able to prevent children from having unfettered access to harmful content with basically no modifications to how the internet itself works.

We've had the ability to do this for almost as long as the Internet existed, and Windows 2000 shipped with a fairly comprehensive system using PICS rules from third parties like RSACi. This system didn't require adults to monitor everything their children did 24/7, and it didn't require adults to constantly scan their face or provide their government ID to sketchy third parties to access chat functionality.

Nobody used it of course, because parents didn't actually give a shit in that era. I'd know, I grew up and had plenty of access to adult content long before turning 18. I am not suggesting this is necessarily ideal, but it also isn't this weird cataclysmic issue that it suddenly became literally like a year ago or so. The internet has worked this way since its inception and somehow only just now is everyone in a panicked frenzy. Now I hate to be dismissive, but that's a load of USDA Grade-A Horse Shit.

So I am wholly against kneecapping the concept of unfettered private communication on the internet because we can't get the parents of 20% of people to do their job for the first 20% of said people's lives.

--

This whole thing stinks rank to me. I get that big tech companies and social media platforms have not given parents very good tools to manage what their kids can see and do on the Internet, but everyone acts as if this is just Machiavellian evil as they twirl their mustaches and laugh. Don't get me wrong, I fully believe that they knowingly make money off of providing inappropriate content to children. The only problem is that a lot of those children's parents knew that too and simply didn't care. And now, instead of just finally making parental control work, something we've certainly had the technology to do since the 90s, we're going to institute mandatory ID laws for all unfettered communication. Hurray. Blast confetti in the street for this victory against evil.

But to me I look at this "activism" and debate in favor of online ID laws and all I can see are anti-abortion protestors at my local clinic.

(I wrote this as if I am an avid porn consumer, because writing it any other way felt cowardly. But that said, I am not. My true passion is Internet privacy, and if I have to go to bat for Internet porn to help that cause it is no problem for me.)

That's someone who is confident enough to have an evidently successful enough career to be able to access Mythos in its currently-limited rollout and yet not take themselves terribly seriously online.

Realistically their opinion deserves to hold more weight than the median HN comment.

I would prefer a pseudo-anonymous account if possible. Obviously if this is a marketing stunt the very not anonymous feedback is called into question immediately.

That said: I already was aware of Mozilla's account and despite what you are thinking, it essentially confirms everything.

> The biggest differentiating factor was the use of an agent harness, a piece of code that wraps around an LLM to guide it through a series of specific tasks. For such a harness to be useful, it requires significant resources to customize it to the project-specific semantics, tooling, and processes it will be used for.

Yep. Sounds exactly right. So the question is do we really need Mythos for this or can almost any reasonably close to frontier AI model accomplish similar results with a sufficiently advanced harness?

Jury's out but my vote is "probably most of the way". After all, alongside all of the splashy zero days dropped by eager AI companies, Greg Kroah-Hartman has been posting many useful, if minor patches to the Linux kernel produced by nothing more than a single 128 GiB Framework Desktop. So apparently, even small models can be very useful if you can find a way to get the noise out.

Mythos could still be very useful and effective and still be mostly a marketing ploy, and that's because until very recently investment in trying to make LLMs work for security auditing has been underserved. Without more substantial information, it's difficult to tell how much better at security research Mythos is vs say, Opus or DeepSeek 4 coupled with a good agent harness would be.

And in that sense, it's the same sort of crap as the GPT-2 and GPT-3 releases. A lot of hooplah about how dangerous it is to humanity. Then it turns out it's only dangerous enough that it needs to be gated behind an additional monthly subscription.

I definitely don't.

The main nice thing about the environment in systemd is that it is standard and mostly a blank slate, whereas at least for me I was always getting bit by the fact that the environment in Crontab was completely different from say, the environment inherited by supervisord or sysvinit scripts. In systemd the actual unit that gets executed is the same regardless of what triggers it, so there is no gap.

That does require you to still know what the default environment is, but it is a mostly completely clean environment, without any influence from any shell.

I'd have to concur that I agree this is an advantage of systemd.

> That does require you to still know what the default environment is, but it is a mostly completely clean environment, without any influence from any shell.

Odd. This script

  #!/bin/bash
  
  set > /tmp/set.txt

when scheduled like so

  * * * * * $HOME/bin/testCronScript.sh

Produces this file in /tmp/set.txt which has had a handful of values (HOME, UID, etc) lightly redacted prior to posting here -to remove PII or for length- but its keys are entirely untouched:

  BASH=/bin/bash
  BASHOPTS=<redacted because long>
  BASH_ALIASES=()
  BASH_ARGC=()
  BASH_ARGV=()
  BASH_CMDS=()
  BASH_LINENO=([0]="0")
  BASH_LOADABLES_PATH=/usr/local/lib64/bash:/usr/lib64/bash
  BASH_SOURCE=([0]="/home/user/bin/testCronScript.sh")
  BASH_VERSINFO=<redacted bash 5.3.x>
  BASH_VERSION=<redacted bash 5.3.x>
  DIRSTACK=()
  EUID=13370
  GROUPS=()
  HOME=/home/user
  HOSTNAME=hostname
  HOSTTYPE=x86_64
  IFS=$' \t\n'
  LANG=en_US.utf8
  LOGNAME=user
  MACHTYPE=x86_64-pc-linux-gnu
  OPTERR=1
  OPTIND=1
  OSTYPE=linux-gnu
  PATH=/usr/bin:/bin:/usr/sbin:/sbin
  PPID=1337
  PS4='+ '
  PWD=/home/user
  SHELL=/bin/sh
  SHELLOPTS=braceexpand:hashall:interactive-comments
  SHLVL=1
  TERM=dumb
  UID=13370
  USER=user
  _=/home/user/bin/testCronScript.sh

Seems pretty clean to me. Even when I run this via /etc/crontab, rather than as a user cron job:

  * * * * * root /home/user/bin/testCronScript.sh

I get effectively the same results.

Maybe your distro's default cron environment was bad, and you never bothered to check and unset the badness? I'd be surprised if they were unable to make the default environment for Timer Units to be bad.

Regardless of exactly how clean the environment is, my favorite part of systemd is the fact that there is only one regardless of how something was triggered. Whether a unit is triggered via a mount unit, timer unit, udev rule, it's the same units at the end, so it's the same environment.

The same problems that could be caused by a polluted environment in cron can be caused in reverse by a polluted environment elsewhere, when you unwittingly copy a command that depends on some environment being set. If you are using systemd as the service manager, this necessarily doesn't happen because it's all units. (Well, you could still copy something from outside of systemd and run into a similar problem, but at least there's essentially only one set of caveats you have to learn for whatever thing you want executed in the background.)

So I guess this isn't so much cron vs systemd timers, but more cron + other init and service supervisors vs systemd init in general.

I use cron in OpenBSD and it's a deterministic environment and mostly clean[0]. I like that instead of having other subsystems creep in.

[0]: https://man.openbsd.org/crontab.5#ENVIRONMENT

There is something amusing about the fact that WinDirStat, as far as I know, was based on KDirStat (now QDirStat), yet this doesn't even get mentioned on their Wikipedia page, and by and large a lot of people don't even know QDirStat exists. One time someone even asked me if they knew of a good alternative for Linux; good news!

It is actually mentioned on the Wikipedia page [1] - and of course, you could add it yourself if that's not enough.

https://en.wikipedia.org/wiki/WinDirStat#Version_history[10]

Okay, I stand corrected, but I also stand by that it is interesting that it is pointed out that "The project was inspired by SequoiaView" in the lead section, but not that it was a direct port of KDirStat. It feels odd but also intentional, so I never bothered to change it. I'll leave it up to if anyone else feels similarly enough to do so, because then at least that means there are two of us.

Same. My experience with the “concept” of Wikipedia was very high until I had the “direct experience” of Wikipedia, and I realized that the encyclopedia of the commons may not have planned for me to be in the commons.

I'm sort of in the middle on this.

Some pages have somebody guarding the party line, anything that goes against that gets reverted. (How can putting an accurate link behind a piece of text be wrong??)

Pages without such guardians I've never had an issue.

Everything I've ever added was kept.

Not absolutely everything I've ever contributed was kept, but definitely a lot of it. I genuinely get the feeling that the modern Wikipedia hatred comes from somewhere other than a few unfortunate edit wars, but I'm not in-tune enough to know.

I’ve seen the nit-pick reversions and I’ve seen clear ones.

But when I hear people really complain somewhere I do tend to assume they were trying to smuggle in some specific messaging and got caught.

This comment is a little light on the reasoning for why you were permabanned.

Someone did the research-digging a while back about this, if you want a third-party view: https://news.ycombinator.com/item?id=45136376

I commented on BrownHairedGirl’s RFA. The most toxic user ever on Wikipedia.

I can assure you, there are those on Wikipedia who committed far worse offenses and they remain.

Like I say - a cesspool that doesn’t respect article writers.

Ah, I see, you were instigating constantly and people were sick of your shit. Seems like a reasonable ban, especially when you violated an IBAN already.

Were you Chris.sherlock/Aussie Article Writer on Wikipedia? Sounds like pot calling the kettle black re: toxic. You had an interaction ban against her FFS.

https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_no...

Same. Even a single sentence with an easily verifiable fact. Reverted in seconds.

To my knowledge, SequoiaView[0] predates even KDirStat - it just didn't have the tree view paired with it.

[0] https://sequoiaview.win.tue.nl/

No doubt KDirStat was based on SequoiaView, but WinDirStat was based directly on KDirStat, as in it was a port of it to Windows. I don't think it is incorrect to mention SequoiaView as the original, but it nonetheless feels weird to skip a hop too. It got not just the tree view but even the name from KDirStat.

SpaceSniffer is an even better version of WinDirStat but I rarely see people talk about it, too.

I never had to get my ID checked to be able to talk to strangers.

Did you to talk to the strangers in the night club when you were 11? Or were there several completely separate reasons for why you couldn't?

The internet has explicitly R-18 chats. Random IRC channels are not nightclubs. I am moving the goal posts back, if you touch them again we're escorting you off of the field.

Most things that happen at nightclubs are not R-18 either.

That doesn't make adult spaces equivalent to family friendly spaces, off the field now sir.

in real life people can see you and determine your age at a rough estimate and be able to tell if you're an adult or not. Do you support having to turn on your webcam and show your face in real time then, to talk to strangers on the internet? many age verification sites are doing just that.

Did you mean to reply to me? I evidently do not support the age verification regime, so no...

maybe?

I get that you don't, all I'm trying to do (and failing) is have a discussion, apply critical thinking and be able to articulate a position. I'm neither fully opposed to it, nor fully in support of it. I'm always seeking nuance. I've found out lazy reductionism is the cause of much suffering and loss in the world, I can be bothered with the tedious nuance, especially for a topic I know a thing or two about in my own view.

Unfortunately karma systems on sites like this are not conducive to such a discussion. I want to challenge your opposition to the age verification regime, so that I can be better informed, and you will stand on a more firm ground, articulating your views with solid arguments instead of "i don't like it".

Oh, okay. Well in that case then the answer is no, I don't support any of this.

Of course I'm happy to talk about my positions but there is little nuance to my position tbh: I remain entirely unconvinced by the justification for proposed measures and believe that the entire discussion even happening is essentially a framing error. We're all talking about what should be done about this. About what, specifically? And, well, why now?

I grew up on the Internet. I've had essentially unfettered and unmonitored access to it since I was maybe 11 or 12. Me and my cohort of classmates often talked about sites like Rotten or Motherless at the lunch table, and certainly age inappropriate content like on Newgrounds and Lord help us, Ebaum's World.

Now okay, things have changed. (I'm still quite online for better or worse, so please don't get the idea that I don't see that the modern internet has different child safety concerns than the one I grew up on.) But somehow, the rhetoric is exactly the same as always. It's the same damn thing. No matter how the times change, it's the same "protect the children against the evils of sex and pornography!"

Uh huh. I realize not everyone has a universal shared experience, but from my point of view, the problem with kids and inappropriate content isn't just a story of negligent platforms. It is the story of 1. Hormonally unstable kids going through puberty who will often stop at nothing, 2. Platforms that are more or less indifferent and will do whatever gets them money, and 3. People who take on the immense responsibility that parenthood entails then expect the whole of society to take care of them.

I don't know what to tell people, I get that this is a terribly uncomfortable fact, but the number one reason why adolescents get involved with porn and sex is because they explicitly are seeking it out and want to be. It is nothing to do with the porn industries or lack of Internet regulation, it's their goddamn bodies.

It's absolutely true that I had access to content far more disturbing in all metrics than the old playboys under the mattress of yesteryear. I am not claiming this is ideal or that it should be the case. I'm just saying that it happened and the generation that was there is here right now, and we're fine.

But maybe social media is just simply too much. It puts kids at too much risk and they can't handle it. I think we're selling a lot of adolescents very short here without at least giving them a chance to have a bit of freedom, but fine. Let's fix this.

How? It's simple. When you are a kid, the first computer and phone or whatever kids get these days, is given to you by a parent. What we can do is make decent parental controls. We don't even need strong identity verification. We just need to be able to provide a way for apps and sites to voluntarily block children.

This sounds eerily similar to California AB 1043, and it is. I think that California AB 1043 is also bad for many reasons. Firstly, I know this is going to be expanded in many uncomfortable directions; it doesn't take a genius to make basic extrapolations. Secondly, I feel it is poorly written and confusing; what's an app store? Why does the law require all apps to request and store the age bracket information? What is an app? Does GNU sed now need to, by law, request the age bracket information from systemd and store it somewhere? And no, it isn't acceptable to just try to "do what they mean", it's a badly written bill. We shouldn't accept badly written legislation, but apparently in the past couple years or so the situation that had been ongoing for the past 3 decades or so with the Internet suddenly became extremely urgent to fix Right Now (in a couple of years) so we had to rush out shitty legislation that makes no sense.

So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.

So we won't even just get sensible parental controls. We'll get weird parental control like legislation, having to send a live stream of our faces to sketchy companies who pinky swear to not leak it by accident, enter our credit card information into sites that definitely won't get breached, and scan our goddamn government IDs to access basic chat functionality that we already use today, in some cases. Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is. (It sure was helpful for one of my friends who was gay and could access resources on the internet when his conservative parents were unhelpful. I suppose everyone is allowed to raise their kids how they like, but I can see the duality of how it's also not always the case that the parents know best.)

To say that I think this is all beyond farcical is a massive understatement. So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place and I don't like engaging with things that I know are coming from the wrong place. I'm not saying you or anyone in particular actually has bad intent by any means, just that I don't believe this entire movement at all.

> We're all talking about what should be done about this. About what, specifically? And, well, why now?

There is a seemingly endless lists of victims to crimes happening online. Not only that studies that are coming out in recent years are showing lots and lots of adverse effects against children that grew up with unfiltered access to the modern internet. The internet you grew up in as you probably know is long gone, the iPhone-era internet, with tiktok, instagram, youtube,etc.. is a whole other ballgame. Not only that, people depend on it a lot more, it is not a whole lot different than any other real-life infrastructure, except it was built without any planning around how it impacts those that it affects. When you open a business you need a permit, when you accept or reject customers in a real world business there are laws, even when you simply have a gathering in a public park, above a certain number of people you need a permit. All these laws originated as a result of people getting harmed.

Why? To be frank there are lots of whys. The big-tech companies like Meta and OpenAI are using this valid concern and narrative, so that they can swoop in, save the day and then do some really nasty evil crap (not just profiteering). and like so much else these days, these ghouls win because people like HNers can't be bothered with critical thinking, they're allowed to get away with what they do because the alternative those who can actually solve this present is preservation of the status-quo (I can rant a lot about how this is also how the downfall of America is being orchestrated, but that's a distraction).

> I grew up on the Internet.

That internet is gone, dead, a thing of history. Your experience is invalid. Take some time to see how r/Teachers in subreddit is observing the change in kids these days. The internet you grew up in was young, it was not widely adapted at a global scale, you didn't rely on ebaum's world to function day to day but you'd be hard-pressed to even get vital medical care these days without a smartphone on hand, logging into random sites and installing random apps. Even with porn, it was one thing over a slow connection with not a whole lot of awareness, you have kids even under 12 watching porn on smartphones.

Take a step back and think about this, someone who is unable to consent to sexual activity is partaking in one, and the people that are particpants on the other side of the sexual experience are adults who can consent. Sex is used because it's a lazy of making an argument, but the point remains, it doesn't matter what your anecdotal experience is, many for example say they were fine having sex with their hot teacher in highschool, but we send such teachers to decades in prison for grooming and sexual abuse of a minor. It is the simple fact that society has decided consent is required for certain activities, and age of consent has been established. The means of the interaction is irrelevant, non-consensual participation of certain activities is illegal, and laws must mean something and must be enforced equally.

> Hormonally unstable kids going through puberty who will often stop at nothing

That is irrelevant. If we can stop one kid from interacting with a pedophile or having life-long psychological issues, it's a win. and honestly results are irrelevant here, the means is not a way to justify the ends. the means here exist because it's the law, society has decided it's wrong. If you think kids should watch porn, that's a different story and it would be same as agreeing they should be sleeping with adult prostitutes or get into strip clubs. The internet doesn't change what's happening. Watching a naked stripper in person and watching that same woman do the same thing on a screen are not different types of non-consensual sexual activities.

Your argument about "they'll just want it more" is not correct either. The same argument has been tried with alcohol and cigarettes. Right now the alcohol industry is suffering because Gen-Z don't want to drink, same with smoking. All the efforts to curb those are paying off. Gen-Z are much more prudish and seek out social conservatism because they're seeing the penalty of this reckless disregard to the harms being done to a person's mind.

It used to be boomers and older generations would say "look at me, i grew up being beaten near-death and I turned out ok" too, anecdotal experience doesn't make things right.

> California AB 1043

I don't know much about it, but restricting social media and internet access to kids is happening globally, and for a good reason too.

Just consider one thing in this discussion: it isn't about being a prude, but about actual harm, actual suffering, actual abuse that's happening.

> So while I would love to just have sensible parental controls, nobody is actually really trying to enshrine this into law. It seems like they're mostly concerned about lobbying to push the responsibility elsewhere.

Parents have a responsibility, but so does every member of society. You have a responsiblity to not hand over a child a gun, poison, alcohol, keys to your vehicle,etc.. when you interact with others you are responsible for your part of that interaction. You don't get to flash your private parts at children, and you don't get to do that same thing through a screen either. Being over the internet, again, does not change what's happening. Things being terrible since the dawn of the internet because laws not catching up to tech, doesn't make those terrible things acceptable.

> So I do apologize for maybe seeming a bit dismissive about this issue, but personally I already know it's coming from the wrong place

I don't disagree that this is coming from the wrong place, at least in the US. But the only reason we're talking about it is because the problem it is solving is very real and extremely pressing. It has widespread societal support. As I keep mentioning on HN, there are privacy preserving ways that don't involve 3rd parties or the government tracking what sites you visit. But we're not having that discussion, we're letting Meta and Elon musk solve the problem and destroy what little is left of the good side of the internet. Law makers are not being presented with alternatives. I demand my lawmakers solve this problem one way or the other! it is not ok, if I can stop one vicitm of sex trafficking, one victim of pedos, one person from forming an unhealthy sexual mindset and runing their lives (see all the "looksmaxing" people now for example), it's worth it. I wish I won't have go give up my privacy and what little I cherish about the internet, but I am fine doing only work on a computer and going back to the pre-internet way of doing things if that is the price. But there is no need for that, there is a way everyone arguing in good-faith wins. We can pay anonymously with crypto, and authenticate with fido2/yubikey just fine, homomorphic encryption exists, EMV payment cards already implement a challenge-response authentication, the tech is there to solve this and a whole lot of other things but we're letting Meta solve it with a 3rd party id verification system that involves passports and id cards, and facial recognition, and surveillance instead.

> Because we can't get a handle on how to stop the 20% of people in the first 20% of their lives from accessing inappropriate content on devices and internet connections that WE FUCKING GAVE THEM! Before we've even attempted to quantify how harmful unfettered Internet access is to adolescents, or hell, how Helpful it is.

Harmful content, not merely inappropriate. You can't reasonably prevent access to an internet connected device. To say that parents should do something but not anyone else silly, both parties have a responsibility. if someone interacts with you, you are responsible for how you respond. And it isn't only children, same applies with those that are mentally incapacitated (we just use "but the kids" because it's easier to make the same point). The problem is there, your response being "we shouldn't solve it" is only letting those with bad intentions solve it in a way that benefits their evil intent.

Lastly, don't believe in any movement, the whole idea that you have to be for or against a thing wholesale is severe epidemic. Things get worse and worse because of it. Democracy is dying because of this as well. Find the courage and endurance to keep asking critical questions, keep debating, keep convincing your peers of not just this but so many other topics. Either we are governed by those who appeal to our emotions, or by those who appeal to our reason.

JA3 fingerprinting is really not a serious deterrent, there are many ways to get around that. curl-impersonate works. You can even just use an actual Chrome instance with the devtools protocol, seems to pass as long as you don't use headless mode.

The WebGL fingerprinting thing is cute, too. I guess it'll buy them some time since off-the-shelf solutions are going to probably not handle this well yet. That said, as long as the reward for bypassing turnstile and other anti-bot protections remains high, these things really can't do much. A decently resourced adversary can probably come up with a dozen different approaches to make this less useful. Without really looking into it much, my kneejerk is you could probably tweak Mesa to have deterministically random behavior for whatever edge cases it looks for, but you could also just have lots of different GPU/driver combos to proxy to. The web gets less open, but in an asymmetrical way. If you really have an incentive to keep botting, you'll surely find a way.

The next step is to fully give up and just essentially implement WEI. And then the bot problem disappears?

Nope. Botting will still hold tremendous value, so likely there will be many crafty workarounds and bypasses over time. And there will be countermeasures for those and workarounds for that. Guess we'll start to find out who actually has the resources and incentives to keep botting in this environment.

So what's the real solution? Well the most obvious thing to do would be to make botting less valuable. Can we? I dunno. It may have been a mistake to move so many important things to the Internet after all. I mean, some of this is just threat actors catching up with what's possible and was inevitable to begin with. But, some of it is just trying to find solutions to problems that were unnecessary to begin with. Or failing to implement solutions despite an obvious need to do so.

There are a lot of threads to pull on, here. Account takeover still holds tremendous value to threat actors. Why? In my opinion, it's because passkeys were a tremendous failure, no matter what adoption shows. If we wanted to just improve security for users, I think we didn't need to restructure the internet around another authentication mechanism that of course, provides attestation capabilities, we could've just improved on passwords. For more secure handling of passwords, PAKEs exist. Password managers exist. For anti-phishing, TOTPs exist. What if you could have the exact same passkey experience, but in such a way that everything can gracefully fallback to just passwords and TOTP, because they're the real keymatter at the end of it? Add a web standard that lets browsers and browser extensions hook into the login process, standardize PAKEs as part of the web. Cross-vendor syncronization? A problem easily solved if we ever wanted to.

Instead of that, we got the dumbest possible world. Passkeys are sometimes available, but often not. Can you sync your passkeys across devices? Probably, maybe they have blacklisted KeepassXC by now so maybe I can't :)

But a lot of stuff doesn't even offer me the option to use passkeys, so they still use passwords. Can I enter my password to log in still? No, of course not. See, I will helpfully get the option to enter my password, in addition to the option to use email or SMS, the most secure authentication scheme known to Man, but if I actually select password and enter my secure password from my secure password manager, what I get to find out is that the password option is actually password and email or SMS and there's no option to use TOTP. Oh, and you randomly get logged out for no reason sometimes.

Some of the bots will probably disappear. Like, whatever bot is throwing me several terabytes of nonsense traffic every month will probably eventually disappear since they're wasting so much bandwidth on doing literally nothing. I have no idea what the point is, but I know it can't be terribly valuable for them, and it's not terribly expensive for me. I'd love to know who the hell is doing that and why, though.

But since the web is ran mostly by crap companies like Google, it will never get its shit together, and we will get solutions like WEI and identitity verification to solve problems that were entirely manufactured (or caused by a significant lack therefore of) in the first place.

It's completely fucked.

By virtue of incompetent and ignorant Devs and middle managers. Our by virtue of greed and maliciousness.

Yeah yeah never attribute to malice what can be explained by stupidity... This time no. It's both.

VC++6 was the first IDE I ever used: as a kid, I was gifted a CD that had a version of it included. What a great tool to have for the time.

I would go on to use Bloodshed Dev-C++ next. Which was also quite great for the time.