Will FreeBSD be available in California in 2027?

Besides, FreeBSD is not child's play, it's a serious operating system without any kind of "app store" :D I'm not worried...
In fact, if children used FreeBSD (or even Linux) on a daily basis, there would be far fewer problems in the world in 1-2 generations.... Just my opinion
 
When asking Duck-Duck-Go the following question:

California age assurance act: what is the definition of an app store?

I received this answer:

Definition of an App Store​

An app store is defined as any publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, mobile device, or any other general-purpose computing device.

Key Characteristics​

  • Public Availability: The app store must be accessible to the general public.
  • Distribution of Applications: It serves as a platform for users to download applications developed by third parties.
  • Device Compatibility: App stores cater to various devices, including computers and mobile devices.

This definition is crucial for understanding the obligations and regulations imposed by the California Digital Age Assurance Act, which applies to these platforms in the context of age verification and user safety.

So when using this definition:
  • The FreeBSD pkg system uses a software application run on a computer that runs the FreeBSD operating system.
  • The FreeBSD pkg repository is an online service, publicly available on the internet.
  • The FreeBSD pkg packaging method, version control and service form a platform that distributes and facilitates the download of applications from third-party developers to users of a computer running the FreeBSD operating system.
I reckon that quacks like a duck!
 
Who is responsible if open source OS is modified by the child (before installation) and modification removes the age control? I don't see text in law that developer has to protect the software in some way to prevent this. After the modification, the author or "developer" is the person who made the change of open source software, right?
 
6502 said:
Who is responsible if open source OS is modified by the child (before installation) and modification removes the age control? I don't see text in law that developer has to protect the software in some way to prevent this. After the modification, the author or "developer" is the person who made the change of open source software, right?
Click to expand...
Indeed. This reminds me of one of the first DVD drives I had. It had a jumper sticking out trough a hole which would cause problems if you would slide it into a box from the front. The circuit board was visible and the jumper was labeled "RC enable". Pulled it, slid it in and was a happy camper.
 
6502 said:
Who is responsible if open source OS is modified by the child (before installation) and modification removes the age control? I don't see text in law that developer has to protect the software in some way to prevent this. After the modification, the author or "developer" is the person who made the change of open source software, right?
Click to expand...
The computer manufacturer providing the way?
 
As was said towards the beginning of this thread, the bill's already passed. On Governor Newsom's site you can't even leave a comment about it that I saw, there are limited means of web commumication.
I do wonder if it's worth writing a snail mail, pointing out that if he does run for another office, this is an opportunity for opponents to attack him--it will help no children, and seems like it may have been inspired by MS or someone similar with the sole object of stifling competition. I wonder if it would have any effect?

Here are other ways to contact the Governor. These may take longer.

Mail Governor Gavin Newsom
1021 O Street, Suite 9000
Sacramento, CA 95814
Phone(916) 445-2841

I feel as if snail mail might have the best result, but I'm lazy. And, I'd have to think about what arguments might catch the eye of whichever aide of his sees it.

Aha, there is an email.

Governor Gavin Newsom
Email: gavin.newsom@gov.ca.gov

I still have to figure out intelligent arguments. Saying this is moronic, or it will do nothing to protect children, is probably the wrong way to go. As someone once said, or maybe I made it up

When you call someone stupid, you've gone a long way towards closing their mind.
 
Espionage724 said:
Suddenly any computer without SecureBoot and TPM is illegal to buy :p Although it seems like Apple would be ahead of the game.
Click to expand...
They are trying this with the PC for a long time. I remember the Pentium boards that never heard of USB-boot while Norton Ghost had a 16-bit DOS USB driver to be able to restore a partition with only a bootfloppy. At 1 point they gave up because it was a MS+Intel monopolist trick and they just had the explorer antittrust case.
20 years ago the fear of non-commercial systens doing everything for nothing already existed.
 
scottro said:
When you call someone stupid, you've gone a long way towards closing their mind.
Click to expand...

If the intention of the law makers is that every package: pkg, deb, rpm, apk, docker container, npm, jar, gz, zip... contained code to comply with California law, these changes would have to be implemented soon. The law does not require a standards compliant implementation which has the advantage that application developers do not need to wait for the operating system developer to deliver one. Application developers and distributors can develop their own age assurance system to achieve 100% compliance with the law in readiness for the enforcement date. This eliminates the dependency on an OS development that is late or that never arrives. Compliant packages can easily be rolled out using conventional update processes between now and New Year's Day 2027. At 0:00 hour, on the first day of enforcement, all of California's software systems would be legally required to have compliant systems in operation.

California requires a human operator to manual enter the age of the primary user. Every compliant package repo and package used after the enforcement date will now require this task to be completed before use so that it can be verified on every execution. Each package developer will likely want to diligently record compliance from that date in their log files. Some may even wish to collect logging information remotely as proof of compliance for every execution.

Developers would need to be careful that compliance with California's law does not consume a considerable amount of additional storage for the multiple copies of geo-location databases as the law does not specify a standardised storage location. They will also have to be careful that remote logging for proof of compliance, does not unduly affect the performance of installed systems.

There is a risk that hundreds of hours could be lost in processing delays when systems are waiting for a human operator to acknowledge T's&C's and provide the age rating required for each package to be legally used.

A potential advantage for compliance is that there will likely be more job opportunities for human system administrators in California to manually enter the age of the primary user. However, this could also present a risk that the cost of doing so makes these systems less competitive when compared to other states that do not require age assurance.

I look forward to reading how FreeBSD Jails, Virtual Machine images, Docker/Podman/Kubernetes containers and the Java Application Servers will be implementing the methods required to collect the human entered declaration for every pull, instance creation and invocation. I am also interested in how these systems will provide proof of compliance in auditing for customers using application hosting services. I hope that the technical challenges do not result in these technologies becoming illegal to use in California next year.
 
Well, I did send an email and got it returned with a 550 error. The address was correct, so, perhaps he no longer receives messages there. I'll try snail mail.
 
vmb said:
I look forward to reading how FreeBSD Jails, Virtual Machine images, Docker/Podman/Kubernetes containers and the Java Application Servers will be implementing the methods required to collect the human entered declaration for every pull, instance creation and invocation. I am also interested in how these systems will provide proof of compliance in auditing for customers using application hosting services. I hope that the technical challenges do not result in these technologies becoming illegal to use in California next year.
Click to expand...

I believe that FreeBSD updated their license to add "Not for use in California." So they are going to refuse to implement it. I read somewhere that in the Linux world, someone was going to update SystemD to implement this, but the same issue applies: You cannot stop people from removing the required code.

vmb said:
Developers would need to be careful that compliance with California's law does not consume a considerable amount of additional storage for the multiple copies of geo-location databases as the law does not specify a standardised storage location. They will also have to be careful that remote logging for proof of compliance, does not unduly affect the performance of installed systems.
Click to expand...

They could just simply not add the code at all and tell California to go pound sand. OpenBSD is based in Canada, so good luck trying to get them to comply with it.
 
I am not expert at US law, but I would be confident (bet money confident) that deeming a package repository as app store would fall flat at the court.

Package repositories predate app stores; they're not open source app stores, but package sites. The two may be similar to lay people, but not to experts. An app store forces ultimately higher level of standards upon hosted applications, the iPhone store won't even accept apps that aren't written using Apple's design guidelines, giving lawmakers free power over this - if you can force your 'customers' to have exact design, force them to comply with this bit too.
 
Maelstorm said:
They could just simply not add the code at all and tell California to go pound sand.
Click to expand...
Yes, but think of all of the new system admin jobs that will be created in California as every pkg update installed will need a responsible human to check that the primary user's age is still correct and that the non-standardized age assurance mechanism is still functioning when the application is launched. That could mean thousands perhaps millions of minutes of human labor required each year at every data center in California.

Fully automated orchestration of operating systems will no longer be legal in California as each instantiation will require a human to declare the age of the primary user. There is no exemption for declaring the primary user's age just once and having that be applicable for the next million instances. The primary user is likely to be different for each instance.

I guess if California labor costs are too expensive for this type of work, the Docker and Kubernetes hosts will move out of California to stay competitive.
 
Zare said:
I am not expert at US law, but I would be confident (bet money confident) that deeming a package repository as app store would fall flat at the court.
Click to expand...
That would depend on a legal definition of a 'Covered App Store' existing and that the definition being unambiguous. If the definition is ambiguous or cannot be used precisely, a court judgement would establish a legal precedent. The new law does very loosely define what is a 'Covered App Store', but it doesn't state that a package repo isn't an app store. This type of issue is usually clarified after the first unfortunate victim has found themselves in court.
 
The past cases in USA e.g. somebody vs Apple or Google store, don't exactly define an App Store. There is a notion of it being a "distribution channel" however App Store was treated as a marketplace and these cases were based on transactions and monetary stuff.

In some other states the App Store is a legal term strictly tied to mobile phones.

Ruling that package sites need to comply, implies all distribution should comply. I should not be able to give away my software on USB sticks in California unless it complies. This is insanely absurd.

Also in legal context "service" is not an public open Internet endpoint. One accesses FreeBSD pkg sites without accepting any agreement whatsoever, there is no relation between customer and provider, there is no service.

Otherwise, it is implied that anyone with an open Internet facing port is a service provider bound to law. Again, this is insanely absurd.
 
vmb said:
That would depend on a legal definition of a 'Covered App Store' existing and that the definition being unambiguous. ... This type of issue is usually clarified after the first unfortunate victim has found themselves in court.
Click to expand...
This is a question of law, which is decided by a judge. As you said, it would require a law suit. A lower level court case (in California court called "superior court" does not usually create precedent though.

Zare said:
Otherwise, it is implied that anyone with an open Internet facing port is a service provider bound to law. Again, this is insanely absurd.
Click to expand...
The fact that the law is insane or absurd does not make it invalid.

Here is the real problem with this law: It is indeed insanely vague. But that doesn't make it invalid; it just creates FUD (fear, uncertainty, doubt). It is extremely difficult to sue without being affected negatively by the law. So we need to wait for either the California state prosecutorial authorities (in this case the AG = attorney general) to start a criminal prosecution, or for someone to sue for civil damages. Once an entity such as the FreeBSD foundation (or a distributor or Linux foundation or a company that makes distributions) is being sued, then they can make the argument that (a) the law doesn't apply to them, (b) it is unconstitutionally vague.

This is why the foundation needs to consult with lawyers (not armchair lawyers, like we are), and get them to evaluate how big the real risk is. In my (not at all humble!) opinion, the risk to FreeBSD is somewhere between zero and none. Why? This law is designed not to be enforced, but to be used by the state AG to apply pressure to the big companies (Facebook, TikTok, whoever has installable apps on cell phones) to behave.
 
scottro said:
Here are other ways to contact the Governor. These may take longer.
Click to expand...
I used to live in both the Sacramento and San Francisco areas before I eventually left California for some place else. But I do remember that there is an AM radio station in Sacramento called AM 1380 The Answer, and that perhaps people from the state government may occasionally listen to this station in order to find out what the public is thinking. If someone had a background in public relations, or perhaps in the technology field, then perhaps such a person might be able to contact the station and get them to do a story on this issue.
 
You must log in or register to reply here.
Back
Top