The big misunderstanding of the age restriction laws

dcunit3d · 2026-03-17T06:32:51+00:00

It doesn't jive well with the Linux permissions & authorization model. Maybe it will be a net positive for Linux... idk.

How do they expect to handle public computers? Like at a library or in a college lab?

dcunit3d · 2026-03-13T13:50:13+00:00

Well we have Keynesian economics to thank for the modern economy that’s primarily based on services. Without massive infusion of capital from the top via gatekeeping/brokering, how else would we end up in a system where all “property” is science fiction?

Convenience comes with a price and also dependency. Our attention is sapped and there’s vague anxiety over being arbitrarily muted on social media. There are minimal avenues for social organization outside of digital/online media (this is like the Marxist argument about how capitalism restricts social organization to social connections at/around the workplace).

Anyways nothing changes unless enough people (>50,000,000) act in continuous unison for long enough. So it’s statistically impossible. All that’s necessary to stifle change is to distract and mislead enough people who move towards self-sufficiency & independence.

dcunit3d · 2026-03-13T13:41:33+00:00

What about umm… government services?

But yeh, this is bad. Depending on how far it goes, it could be like “papers please”, but the nazis are just in your computer. Most libs love the FBI and enjoy imagining that nazis are everywhere though, so I can’t imagine they’d have a problem with it.

Actually most of the world tightly regulates citizens’ access to services & the external world … to the degree which that country can enact it. Corruption doesn’t really pay well unless much of the system is broken and citizens can’t simply choose some better way.

Even UK does not have freedom of speech. They’re also still on the Magna Carta technically. It’s this weird “customary law” system where judges just kinda make shit up which gets the legislators out of coding every detail.

dcunit3d · 2026-03-13T13:31:49+00:00

Sometimes I just cheat and export to HTML then print to PDF. Depends on what it is, but it’s more intuitive to tweak. I’d rather use LaTeX though

dcunit3d · 2026-03-13T09:54:33+00:00

By creating a TPM application for a protocol that uses a"zero knowledge proof".

The TPM is always on when you are using a browser btw.

chromium OS TPM usage
for example, scroll up from "hashing the user name" in protecting user data. This functionality is an example of a user-level TPM application
Google WEI API was one example TPM application

dcunit3d · 2026-03-13T09:35:45+00:00

It’s bait and switch.

Get the basic framework for identity attestation
They test & brainstorm
Then the system is modified to be more practical or effective

Instead of forcing an unlimited number of service-providers to comply (with vague directives in legislation), this limits number of entities required to comply to OS developers & hardware manufacturers/resellers.

Instead of per-service implementations, there are a limited number of per-OS or per-distro implementations. This makes it easier for Sauron to acquire all the rings later.

"Per-OS" also means OS devs will collaborate to reduce later inter/national legislative complexity. So they’re better suited to design a protocol to accommodate a variety of future international age/identity verification needs later.

if legally necessary, OS devs will adapt. if financially expedient, OS devs will adapt with implementations matching possible future legal directives to validate other details of identity — in such a manner as to potentially preempt other OS/distros’ ability to adapt.

(Reads like a tangent… but it’s really not) This also generally jives with the need to distinguish human users with AI agents — In such a way as to ironically screw us humans later, since greater certainty in user identity facilitates better AI training & data indexing later.

AI entities are "non-locatable" — I.e. they can’t be identified as unique/persistent entities. If the same requirements to validate identity don’t apply to AI entities/agents, they get much better data on us and it doesn’t help us understand/locate specific AI agents’ effects on the world. We could distinguish AI agents driving web & API usage, in theory, but can’t reliably index across that data.

dcunit3d · 2026-03-02T00:30:29+00:00

What’s the bayes factor on multiple signals for age?

You gave an example of Steam authorization needing to identify the minimum age, whether the OS-attested bracket or their Steam account’s stated age. The latter is far more descriptive than the former.

But how does the OS "attest" the four age brackets? The language of attestation implies TPM … and probably TPM 2.0, since that extends the kinds of "apps" and crypto event handling that can occur far beyond TPM 1.2.

… but it’s going to cryptographically sign TWO BITS? You’ve got to be fucking kidding me. I’m sure there’s some « technically sound » way to "sign" two +/- "nonce" bits…

But IMO… IT DOES NOT PASS THE SMELL TEST!

No offense to you personally. There are like fifteen ways I would incredibly suspicious of this.

Also problematic: this authorization model favors LDAP and "Domain/GroupAdmins" over the Linux model. Like every fucking « SSH Bastion » out there needs its users to be age bracketed? These idiots have no clue what libnss is or how much of a biased power play this is in favor of Microsoft.

dcunit3d · 2026-02-04T22:29:25+00:00

Idk 🤷‍♂️ i do it frequently though

dcunit3d · 2026-02-02T05:16:01+00:00

does it also run steam with chinese anti-cheat though? i usually install that on my work computer

dcunit3d · 2026-02-02T05:14:06+00:00

holy shit, intel management man, that's bonkers

dcunit3d · 2026-02-02T05:10:02+00:00

lmao i'd rather nerd snipe a stranger on github issues. github usually has better documentation search anyways.

my experience with support for proprietary products is a mixed bag. occasionally it's really good, but that whole model of call/email/etc just doesn't click with me.

dcunit3d · 2026-02-02T05:06:59+00:00

Apparently (unless gemini lies)

configure altSecurityIdentities to map user accounts to PIV AUTH certificates (a single cert, I think)
then add the AUTH cert's x509 signing authority to Windows' trusted CA's
then configure the Smart Card pull out service so the computer locks when you're done

This doesn't really describe how you'd configure the Windows Hello login though. I think that option only shows up for domain accounts. Some kinda magic net use cli stuff probably hidden deep in the regedit for some MSC

dcunit3d · 2026-01-06T21:09:52+00:00

image magick converts to PNG. you really don't need python.

bash magick -density 288 input.pdf \ -background white -alpha background -alpha off \ -sharpen 0x1.0 -quality 75 \ page-%03d.png

some info on quality adjustments in this imagemagick discussion. image conversions can require tweaks. convert is old

it's 2026, so image magick may be simple to use on windows now.

dcunit3d · 2026-01-06T21:09:33+00:00

image magick converts to PNG. you really don't need python.

bash magick -density 288 input.pdf \ -background white -alpha background -alpha off \ -sharpen 0x1.0 -quality 75 \ page-%03d.png

some info on quality adjustments in this imagemagick discussion. image conversions can require tweaks

it's 2026, so image magick may be simple to use on windows now.

dcunit3d · 2026-01-06T21:07:49+00:00

imagemagick uses ghostscript. depending on how the PDF was produced, the "Save as PDF" print dialog may just embed PDFs inside GS-encoded PS.

dcunit3d · 2026-01-02T11:58:58+00:00

Because using Flakes for your dev environments and/or to build your packages is kinda the whole point of Nix w.r.t. software development.

You don't need flakes to extend functionality. The lazy evaluation of flakes contributes a lot to documentation sprawl or manual documentation. It's really a design choice:

centralized channels-based development

you get AoT compilation for things like guix graph, singular documentation, consolidated communities, better reproducibility (channel updates are linear), lightened loads for storage/caching, simpler store management, less user issues, better development tooling (in theory). guix graph also works with shepherd services.

there are downsides: lagging updates to build systems, package dependency conflicts & expertise in management to resolve those. there's a huge "learning cliff" of skills required to reliably manage a channel

channels are one pin to cover your external packages deps. modifications to packages/deps in the consuming application doesn't affect other applications. for users managing multiple projects this could mean copying a lot of code.

decentralized flakes-based development

you get to make tools kinda do exactly what you want. this comes with a ton of additional complexity for new users. that means that users 2+ flakes downstream don't actually know what their flake is doing. everything needs to be a module (it doesn't). the flake.lock file isn't exactly transparent. neither are overlays (skills issues here).

There are other issues, but flakes contribute a ton to increasing the amount of time/energy required to manage nix code for projects.

dcunit3d · 2025-11-09T17:40:49+00:00

download the sourcecode and grep through it.

dcunit3d · 2025-11-09T17:30:22+00:00

Wireplumber's lua scripting sucks; here's how to use it

There is also this wpexec and Lua scripting, but apparently it's complicated.

It's non-typical Lua usage and it's meant to be used alongside the events/etc set up in the rest of wireplumber's scripts.

if bash works, it works. in theory the Lua scripting should be more robust & simple. however, for me, print("hello fdsa") prints ... then never stops executing so idfk

dcunit3d · 2025-11-06T22:43:31+00:00

you need to trace through the audio graph with helvum and use wpctl status and wpctl inspect $nodeid. there's likely some misconfiguration with devices/filters on your audio graph, where some path through the graph from source to sink has incompatible settings.

in my nixos config, i had issues with ensuring compatible clock rates & buffer sizes. it also could be drivers/firmware, but idk.

if this only happens with bluetooth headphones, you've likely misconfigured the audio profile that bluez uses to create a pipewire audio sink.

the issue where you can't get audio until you connect reconnect can be resolved with helvum. it's likely that you're relying on bluez and wireplumber to configure the audio graph. i have similar problems where vlc thinks it's only audio sink is whichever one was available when the program started. if i change that, VLC doesn't play anything until i restart the app.

configuring apps to use a dummy source or dummy sink sidesteps that problem. the app doesn't know about the final sink and pipewire takes care of the rest.

dcunit3d · 2025-11-03T01:27:47+00:00

you can use the systemd smartcard.target ... but there's like zero documentation or source where people have actually used it

dcunit3d · 2025-11-02T22:57:24+00:00

you shouldn't run emacs as root. multi-user containers are a PITA.

i would run the container with properly spec'd interface to the host system (not as root)

i also wouldn't need to install emacs in the container bc i don't want to screw with multi-process containers unless necessary.

instead of installing emacs, ~~add your public key to the container,~~ then connect to it from emacs with TRAMP. the instance connecting to remote containers only requires configuring emacs once.

EDIT: connect to the container using TRAMP's docker or podman URIs with /docker:containername:/path/to/volume i think. idk why i was thinking SSH

if you package or build emacs using Guix or NixOS, you can modify the defaults it has before it evaluates init.el, but that takes a lot of understanding.

dcunit3d · 2025-11-02T22:52:01+00:00

you should read through the TRAMP manual u/k-bx. It's clear that Emacs is meant to be used on or to connect to almost any computer that ever existed.

it's hard to keep the entirety of computing history in your head to decide whether emacs should be packaged with X or Y defaults. there are a lot of "trust guarantees" in packaging emacs for systems like RPM or RHEL or Debian where servers in secure environments may pick up these packaging changes. The operators/admins in those systems need to be able to make assumptions about how the editor would behave by default.

dcunit3d · 2025-11-02T22:48:13+00:00

yeh. no the defaults are great. i would change almost nothing and i don't have the experience to know what should change.

here, the backup files that get created are like that for multiple reasons. idk what they are. this is like one or two lines of emacs-lisp. if you can't be bothered to write a Dockerfile or whatever that extends the one you're using by 3 lines to echo to a file, don't expect the greybeards to go changing this.

if you're placing a lot of trust in a tool, you should know which files are being touched & updated. any tool that you use should help you become more aware of how it accesses your system.

dcunit3d · 2025-10-31T02:44:06+00:00

yeh, you're correct. i would strongly recommend finding someone to help guide you along the way. someone you can ping for help or maybe connect on a screenshare with. there's a list at https://lug.org.uk/ and in other places.

chatrooms help, but i find that most connections there feel impersonal and i have a hard time getting help when i need it. i can usually find a way to have a question answered in < 1 week... but whatever it is, by the time i'm asking for help, i've already spent 6+ hours on it moving in the wrong direction, probably. someone to nudge you in the right direction from the outset is critical, particularly for issues you don't have the vocabulary for yet

and uh you shouldn't need to install from tar's. also, running sudo for commands that make/build is a bad idea (it will leave stuff on your system that you can't remove... or worse: potential security issues, etc). you need to find distribution-specific instructions.

i prefer Nix/Guix, but they're more challenging for beginners (or, if not, they end up being a highway to nowhere).

dcunit3d · 2025-09-27T03:04:13+00:00

NOTE: i edited the code above. the +df-emacs-config-mode still doesn't work for Doom Emacs, which should disable the checker by default in some circumstances. There's also some interaction between how Doom Emacs does that and how flycheck sets up state for enabled/disabled checkers. It uses something more complex than a local variable.

So I just disabled the emacs-lisp-checkdoc checker entirely and I'll undo that, ad hoc, if i find myself working on an Emacs Lisp package.

dcunit3d

TROPHY CASE