Side question: why would having a male or female mascot be "a message in itself"? Why do people want to see a message, and especially a $currentDayPolitics one, in every single thing? A mascot can be a cute mascot without having to represent anything more than exactly that.
Just as a random example: Let's say some OG founder of a project had a cute dog named Laila, and the project makes this dog its mascot. Why should that be a problem, AT ALL?
And what's even worse, if you think this "everything has a message and we have to be super careful what the message is" thing through, the conclusion is: No project ever again can have a solely male or female mascot. Which is of course absurd.
And this whole "we need to send the RIGHT message" thing falls apart with time anyway, because what the right message is, WILL change over time. You're not at the end of all human enlightenment.
I mean it's not a HUGE issue by any means, just sort of inconvenient.
Like, most mascots aren't in gendered pairs normally (like your dog example!), you just have 1 option to represent the thing. People see Laila the dog and think "oh yeah, LailaOS".
But given you have 2 mascots, with 1 being pretty ambiguous, but the other being dressed in a pink dress with bows, it does mean you probably want to use both when presenting KDE, just so you're not accidentally saying "this is the KDE event for men" or "this is the KDE event for women". If you made your mascot the AIGA bathroom symbols, you'd have the same issue.
My thinking about the "right" message is just that... I don't think that's what they want to tell people right now, in our current time. Everyone can use KDE. It's not a historical impact sort of thing.
Again, not a huge issue really. Just seems practical. Hopefully I'm getting that across. Sorry if I'm not.
He's making a general point about "regardless of how something is presented to you, at the end of the day you have to look at the actual information, and if there is some truth in it, then it would be illogical to dismiss it".
at the end of the day you have to look at the actual information, and if there is some truth in it, then it would be illogical to dismiss it
sure, but the amount of nonsense (to avoid the b-word) i am willing to put up with depends on the amount of money i expect to make from the project. for unpaid work that amount is zero. if i am investing my free time and i allow you to benefit from it, you better be nice when you talk to me.
when i run a business then the information gained potentially makes my product sell better. for a volunteer project i may not care about popularity, so the information gained is not necessarily of any benefit.
> Even if we assume LLMs would consistently generate good enough quality code, code submitted by someone untrusted would still need detailed review for many reasons
Wait but under that assumption - LLMs being good enough - wouldn't the maintainer also be able to leverage LLMs to speed up the review?
Often feels to me like the current stance of arguments is missing something.
> Wait but under that assumption - LLMs being good enough - wouldn't the maintainer also be able to leverage LLMs to speed up the review?
This assumes that AI capable of writing passable code is also capable of a passable review. It also assumes that you save any time by trusting that review, if it missed something wrong then it's often actually more effort to go back and fix than it would've been to just read it yourself the first time.
A couple weeks ago someone on my team tried using the experimental "vibe-lint" that someone else had added to our CI system and the results were hilariously bad. It left 10 plausible sounding review comments, but was anywhere from subtly to hilariously wrong about what's going on in 9/10 of them. If a human were leaving comments of that quality consistently they certainly wouldn't receive maintainer privileges here until they improved _significantly_.
This is not even about capabilities but responsibility. In an open source context where the maintainers take no responsibility for the code, it's perhaps easier. In a professional context, ultimately it's the human who is responsible, and the human has to make the call whether they trust the LLM enough.
Imagine someone vibe codes the code for a radiotherapy machine and it fries a patient (humans have made these errors). The developer won't be able to point to OpenAI and blame them for this, the developer is personally responsible for this (well, their employer is most likely). Ergo, in any setting where there is significant monetary or health risk at stake, humans have to review the code at least to show that they've done their due diligence.
I'm sure we are going to have some epic cases around someone messing up this way.
It was maybe not quite clear enough in my comment, but this is more of a hypothetical future scenario - not at all where I assess LLMs are today or will get to in the foreseable future.
So it becomes a bit theoretical, but I guess if we had a future where LLMs could consistently write perfect code, it would not be too far fetched to also think it could perfectly review code, true enough. But either way the maintainer would still spend some time ensuring a contribution aligns with their vision and so forth, and there would still be close to zero incentive to allow outside contributors in that scenario. No matter what, that scenario is a bit of a fairytale at this point.
You can not trust the code or reviews it generates. You still have to review it manually.
I use Claude Code a lot, I generate a ton of changes, and I have to review it all because it makes stupid mistakes. And during reviews it misses stupid things. This review part is now the biggest bottleneck that can't yet be skipped.
An in an open source project many people can generate a lot more code than a few people can review.
> Sometimes I just bookmark things because I think to myself “Maybe I’ll try this out, when I have time” which then likely never happens.
For me that’s 100% of the time. I only bookmark or star things I don’t use (but could be interesting). The things I do use, I just remember. If they used to be a bookmark or star, I remove it at that point.
You forgot one (the sane one, which is coming soon anyway):
Using a government issued eID system. The EU is going to rollout eID in a way that a site can just ask “is this person > age xy?”. The answer is cryptographically secure in the sense that this person really is this age, but no other information about you has to be known by the site owner.
Which is the actual correct way to do it.
I don’t understand why all the sites go crazy with flawed age verification schemes right now, instead of waiting a until the eID rollout is done.
EDIT:
I forgot to mention that it’s only the correct way if the implementation doesn’t give away to your government on which sites you browse…
Which I believe is correctly done in the upcoming EU eID but I could be wrong about it.
What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.
One possible solution idea I just had is having the option of registered providers (such as Discord). They would have a public key, and the user has a private key associated to their eID. They could be mingled in such a way to create a unique identifier, which would be stored by the provider (and ofc the scheme would be such that the provider can verify that the mingled identifier, was created from a valid private key and their public key).
This would in total make sure that only one account can be created with the private key, while exposing no information about the private key aka user to the provider. I am fairly certain that should work with our cryptographic tools. It would ofc put the trust on the user not to share their eID private key, but that is needed anyway. Either you manage it or it gets managed (and you lose some degree of privacy).
The hole is closed with per-site pseudonyms. Your wallet generates a unique cryptographic key pair for each site so same person + same site = same pseudonym, same person + different sites = different, unlinkable pseudonyms.
"The actual correct way" is an overstatement that misses jfaganel99's point. There are always tradeoffs. EUDI is no exception. It sacrifices full anonymity to prevent credential sharing so the site can't learn your identity, but it can recognize you across visits and build a behavioral profile under your pseudonym.
I fail to see how that solves the problem? That's what I'm saying my service would provide. Unless the eID has some kind of client side rate limiting built in I can generate as many of them as I want. And assuming they are completely privacy preserving no one can tell they were all generated by the same ID.
> Since Proof of Age Attestations are designed for single use, the system must support the issuance of attestations in batches. It is recommended that each batch consist of thirty (30) attestations.
It sounds like application would request batch of time-limited proofs from government server. Proofs gets burned after single use. Whether or not you've used any, app just requests another batch at a set interval (e.g. 30 once a month). So you're rate limited on the backend.
Edit: seems like issuing proofs is not limited to the government, e.g. banks you're client of also can supply you with proofs? (if they want to partake for some reason). I guess that would multiply numbers of proof available to you.
Ok I have been convinced this is a technically feasible solution that could preserve privacy while reasonably limiting misuse. That said I'm worried that the document you linked does not require relying parties implement the zero knowledge proof approach. It only requires that they implement the attestation bearer token approach which is much weaker and allows the government to unmask an account by simply asking the relying party which attestation token was submitted to verify the account.
> Relying Party SHALL implement the protocols specified in Annex A for Proof of Age attestation presentation.
> A Relying Party SHOULD implement the Zero-Knowledge Proof verification mechanism specified in Annex A
the solution to this seems to be to issue multiple "IDs". So essentially the government mints you a batch of like 30 "IDs" and you can use each of those once per service to verify an account (30 verified accounts per service). That allows for the use case of needing to verify multiple accounts without allowing you to verify unlimited accounts (and therefor run into the large scale misuse issue I pointed out).
If you need to verify even more accounts the government can have some annoying process for you to request another batch of IDs.
Sites need to deal with Australia, which punted all responsibility to the platforms and provided no real assistance (like say the government half of the eID system that manages all the keys and metadata)
All publicly-listed ad delivery systems like Meta do in fact need to deal with high-income countries.
They can't afford to and will never strike off 100m Brits and Aussies, and that number will only rise with more high-income countries making regulation.
There are also alternatives that can be good enough, such as the Swedish BankId system, which is managed by a private company owned by many banks. They provide authentication and a chain of trust for the great majority of the population on about all websites (government, healthcare, banking and other commercial services) and is also used to validate online payments (3D Secure will launch the BankId app).
While it's not without faults (services do not always support alternative authentication which may support foreigners having the right to live in the country), it has been quite reliable for so many years.
So just to say, you can have successful alternatives to a government controlled system as many actors may decide it is quite valuable to develop and maintain such a system and that it aligns with their interest, and then have it become a de-facto standard.
I see most people stating that the internet as we know it could be gone because of AI.
I’m asking you: Why not? The internet is not even a typical human lifespan old. It’s crazy young on a large scale. Why would anyone assume that it will (and has to) stay the way it is today?
There are so many downsides of the current web. Slob everywhere (even long before AI) because of all sorts of people trying to exploit it for money.
I welcome a change. An internet with less ads, more genuine information. If AI will lead to this next phase of the internet, so be it. And this phase won’t be the last either.
> all sorts of people trying to exploit it for money
Because they could. In AI-first web, people can't really do anything about anything - only those in control of training the handful of "big popular AI models" are the gatekeepers of all knowledge.
> with less ads, more genuine information
That's orthogonal to AI. Models are already being trained to favour certain products/services and they already (re)produce factually incorrect information with no way to verify or correct them.
> only those in control of training the handful of "big popular AI models" are the gatekeepers of all knowledge.
I think that's certainly the case now, and it will be for a while, but slowly we're getting closer to that "AI personal assistant" sci-fi inspired future, where everything runs on "your" infra and gathers data / answers questions locally. You'd still need "raw" data access for that. A way to micro-pay for that would certainly help, imo.
You're missing the bigger picture. It isn't free to put content on the Internet. At a bare minimum, you have infrastructure and bandwidth costs. In many cases, a goal someone may have is that if they publish content on the internet, they will attract people to return for more of the content they produce. Google acted as a broker, helping facilitate interactions between producers and consumers. Consumers would supply a query they want an answer to, and a producer would provide an answer or facilitate a space for the answers to be found (in the recent era, replace answer with product or store-front).
There was a mostly healthy interaction between the producers and consumers (I won't die on this hill; I understand the challenges of SEO optimization and an advertisement-laden internet). With AI, Google is taking on the roles of both broker and provider. It aims to collect everyone's data and use it as its own authoritative answer without any attribution to the source (or traffic back to the original source at all!).
In this new model, I am not incentivized to produce content on the internet, I am incentivized to simply sell my data to Google (or other centralized AI company) and that's it.
A clearer picture to help you understand what's going on: the internet of the past few decades was a bazaar marketplace. Every corner featured different shops with distinct artistic styles, showcasing a great deal of diversity. It was teeming with life. If you managed your storefront well, people would come back and you could grow. In this new era, we are moving to a centralized, top-down enterprise. Diversity of content and so many other important attributes (ethos, innovation, aestheticism) go out of the window.
> You're missing the bigger picture. It isn't free to put content on the Internet. At a bare minimum, you have infrastructure and bandwidth costs.
While it technically isn't free, the cost is virtually zero for text and low-volume images these days. I run a few different websites for literally $0.
(Video and high-volume images are another story of course)
> An internet with less ads, more genuine information. If AI will lead to this next phase of the internet
How is AI supposed to create an internet "with more genuine information", based on what we have seen so far? These two statements appear to be mutually exclusive.
We are in agreement that AI will destroy the current one. I don't see how the new iteration that AI would produce would have "more genuine information" seeing as how LLMs are just predicting what word follows the previous word. How is that genuine?
The current state of the internet brought the Fediverse, a new breed of social network(s) that, by design, has evaded corporate/government/salesmen capture so far.
Nevertheless, I can't say if the Fediverse will become irreversibly captured using new tactics. If that happens, a new iteration will happen.
I agree with the premise about impermanence. But moving in the direction of "less ads, more genuine" is comical if not tied to the userbase completely falling out and most never coming back.
this. it's changed several times over its lifetime and every change until recently has made it a better thing for the average person to use. We're out of the discovery phase and into the encirclement and exploitation phase.
“A recent study in Frontiers in Psychology monitored brain activity in students taking notes and found that those writing by hand had higher levels of electrical activity across a wide range of interconnected brain regions responsible for movement, vision, sensory processing and memory. The findings add to a growing body of evidence that has many experts speaking up about the importance of teaching children to handwrite words and draw pictures.”
Absolutely but this is not “recent” knowledge. This is known in neuro sciences for at least a decade.
My biggest hope is many western countries that see a decline in education results since the 90s/00s will finally start to reform education and use scienctific knowledge as a bases for how to structure it.
If you can - it’s German, maybe there’s some Auto translation available these days - watch Manfred Spitzer’s talk about “Digitale Demenz” (digital dementia). It’s eye opening!
> “A recent study in Frontiers in Psychology monitored brain activity in students taking notes and found that those writing by hand had higher levels of electrical activity across a wide range of interconnected brain regions responsible for movement, vision, sensory processing and memory. The findings add to a growing body of evidence that has many experts speaking up about the importance of teaching children to handwrite words and draw pictures.”
If this "recent study" is the one posted a few weeks ago here, then the methodology was shoddy at best. They compared handwriting to typing but constrained to "one finger typing". Monitoring brain activity on that task is surely flawed. No idea why they did it like that, but I'd wait till better tests are done.
I think your comment comes from a very specific point of view. Like software/tech jobs. (Even there you have long term stuff that we all would definitely benefit from).
There are so many things where short-term only thinking is counter-productive. It swallows money, creates frustration and leaves an overall net-negative to society and the world.
Just one example would be city planning. Repairing a road? What else is there like fiber cables, maybe some tram tracks, and so on, long term planning would be to acquire a holistic picture and to plan one timespan where everything is done fast but with quality. It’s a few months construction, after that everything is fine for years or even a few decades to come. But what you see instead is one part of the state that manages fiber cables doing there own thing, another part that manages street quality do their own thing. So the street has a construction site for a year (for just improving one part) then a few months nothing then another year of construction again, nothing, construction and soon you have over a decade of constant on and off construction work on this one street. Something that could’ve been done in 6-12 months once and be done, if planned correctly and with long term and holistic picture in mind.
And this is just one example. The world is full of stuff like this. Short term might be a good thing for very specific types of projects, but I hard disagree that short term is overall better in any way.
In my opinion this shortterm thinking is a huge negative factor of modern societies. Because not everything is a tech startup where things change super fast.
I never read any discussion about the obvious question: Who guarantees that enabling Privacy-Preserving Ad Measurement will keep all the other tracking away from me? No one! I've never read anything at all about the thought process behind this.
As you said, with current (EU) law and regulations, it's just one more data point.
Side question: why would having a male or female mascot be "a message in itself"? Why do people want to see a message, and especially a $currentDayPolitics one, in every single thing? A mascot can be a cute mascot without having to represent anything more than exactly that.
Just as a random example: Let's say some OG founder of a project had a cute dog named Laila, and the project makes this dog its mascot. Why should that be a problem, AT ALL?
And what's even worse, if you think this "everything has a message and we have to be super careful what the message is" thing through, the conclusion is: No project ever again can have a solely male or female mascot. Which is of course absurd.
And this whole "we need to send the RIGHT message" thing falls apart with time anyway, because what the right message is, WILL change over time. You're not at the end of all human enlightenment.
reply