So, what will be the proper technology to apply here? I have no problem with verification of my age (not the date of birth, just the boolean, >18yo), but I do have a problem with sending any party a picture of my face or my passport.
Discord got me to do this about 2 weeks ago (I'm Australian so they seem to be rolling this out here too), at least for the face scan the privacy policy said it occurred on device, so if you believe that you're not sending anyone images of your face.
we don't store your face [just the unique biometric metadata weights]. a computer doesn't need a picture to identify you, just store the numbers and you can legally claim you aren't "storing the picture".
Maybe someone like apple will make a "verify user looks over 18" neural net model they can run in the secure enclave of iphones, which sends some kind of "age verified by apple" token to websites without disclosing your identity outside your own device?
Having said that, I bet such a mechanism will prove easy to fake (if only by pointing the phone at grandad), and therefore be disallowed by governments in short order in favour of something that doesn't protect the user as much.
Apple lets you add IDs to your wallet in some jurisdictions. I wouldn't be surprised if they eventually introduce a system-wide age verification service and let developers piggyback on it with safe, privacy-preserving assertions.
This is a social problem and as such cannot be solved with technology. You would have to make social media so uncool that young people didn't use it. One of the easiest ways of doing this is associating it with old people. Therefore the fastest way to get young people off discord is to get geriatric on discord and en-mass.
The issue isn't social media is bad, the issue is that social media has no effective moderation. If an adult is hanging out at the park talking to minors, thats easy to spot and correct. there is a strong social pressure to not let that happen.
The problem is when moving to chat, not only is a mobile private to the child, there are no safe mechanisms to allow parents to "spot the nonce". Moreover the kid has no real way of knowing they are adults until it's too late.
Its a difficult problem, doing nothing is going to ruin a generation (or already has), doing it half arsed is going to undermine privacy and not solve the problem.
OIDC4VCI(OpenID for Verifiable Credential Issuance)[0] is what I think has the most promise.
My understanding is that an issuer can issue a Credential that asserts the claims (eg, you are over 18) that you make to another entity/website and that entity can verify those claims you present to them (Verifiable Credentials).
For example, if we can get banks - who already know our full identity - to become Credential Issuers, then we can use bank provided Credentials (that assert we are over 18) to present to websites and services that require age verification WITHOUT having to give them all of our personal information. As long the site or service trust that Issuer.
It doesn't have to be your bank if you don't want, have the DMV be an issuer or your car insurance, or health insurance or cell phone service etc.
You choose which one you want you want to have assert your claim. They already know you. It's a better option than giving every random website or service all of your info and biometric data so you can 'like' memes or bother random people with DM's or whatever people do on those types of social media platforms
For Australia (who will need something like this this year per current legislation), the only sensible location is the government my.gov.au central service portal. None of the other services have an incentive or requirement to do it (Medicare, drivers license issuers, Centrelink). And given the scope of the rollout (all major social media, as nominated by the gov), it would need almost all of the banks or super funds to implement the same API for the project to not fail.
But I don't think anyone has told my.gov.au that needs to happen, so we are either going to get some proprietary solution from social media companies (tricky, since they will need to defend it in court as they are liable, but maybe discord saying 'best we can do sorry' or 'better than our competitors' will let them off). Or just switching off the services for a few days until the politicians panic about the blow back and defer the rollout until some committee can come up with a workable solution (ideally in the next election cycle).
> It doesn't have to be your bank if you don't want,
"If I don't want"? I would get no choice at all about who it would be, because in practice the Web site (or whoever could put pressure on the Web site) would have all of the control over which issuers were or were not acceptable. Don't pretend that actual users would have any meaningful control over anything.
The sites, even as a (almost certainly captured and corrupt) consortium, wouldn't do the work to accept just any potentially trustworthy issuer. In fact they probably wouldn't even do the work to keep track of all the national governments that might issue such credentials. Nor would you get all national governments, all banks, all insurance companies, all cell phone carriers, all neighborhood busibodies, or all of any sufficiently large class of potentially "trustable" issuers to agree to become issuers. At least not without their attaching a whole bunch of unacceptable strings to the deal. What's in it for them, exactly?
Coordinating on certifying authorities is the fatal adoption problem for all systems like that. Even the X.509 CA infrastructure we have only exists because (a) it was set up when there were a lot fewer vested interests, and (b) it's very low effort, because it doesn't actually verify any facts at all about the certificate holder. The idea that you could get around that adoption problem while simultaneously preserving anything like privacy is just silly.
Furthermore, unless you use an attestation protocol that's zero-knowledge in the identity of the certifier, which OpenID is unlikely ever to specify, nor are either issuers or relying parties going to adopt this side of the heat death of the Universe, you as a user are still always giving up some information about your association with something.
Worse, even if you could in fact get such a system adopted, it would be a bad thing. Even if it worked. Even if it were totally zero-knowledge. Infrastructure built for "of adult age" verification will get applied to services that actively should not have such verification. Even more certainly, it will extended and used to discriminate on plenty of other characteristics. That discrimination will be imposed on services by governments and other pressuring entities, regardless of their own views about who they want to exclude.
And some of it will be discrimination you will think is wrong.
It's not a good idea to go around building infrastructure like that even if you can get it adopted and even if it's done "right". Which again no non-zero-knowledge system can claim to be anyway.
Counterproposal: "those types of social media platforms" get zero information about me other than the username I use to log in, which may or may not resemble the username I use anywhere else. Same for every other user. The false "need" to do age verification gets thrown on the trash heap where it belongs.
> Don't pretend that actual users would have any meaningful control over anything.
You do have control, you just don't like the option of control you have which is to forgo those social/porn sites altogether. You want to dictate to businesses and the government how to run their business or country laws that you want to use. And you can sometimes, if you get a large enough group to forgo their services over their policies, or to vote in the right people for your cause. You can also wail about it til the cows come home, or you can try and find working solutions that will BOTH guard privacy and allows a business to keep providing services by complying with laws that allow them to be in business in the first place. It's not black & white and it's not instant, it's incremental steps and it's slow and sometimes requires minor compromise that comes with being an Adult and finding Adult solutions. I'm not interested in dreaming about some fantasy of a libertarian Seasteading world. Been there done that got the t-shirt. I prefer finding solutions in the real world now.
> The false "need" to do age verification gets thrown on the trash heap where it belongs.
This is something you should send to your government that makes those rules. The businesses (that want to stay in compliance) follow the government rules given to them. The ones that ask for more are not forcing you against your will to be a part of it.
I get you don't like it, I don't care for it either; but again, you can throw a fit and pout about it - or try tofind workable solutions. This is what I choose to do even though I made the choice long ago to not use social media (except for this site and GitHub for work if you want to count those) porn sites or gambling or other nonsense. So all these things don't affect me since I don't go around signing up for or caring for all the time wasting brain rot(imo) things. But I am interested in solutions because I care about data privacy
Those businesses also have control. They just don't like the option of control they have, which is to stay out of those countries altogether.
> This is something you should send to your government that makes those rules.
My government hasn't made those rules, at least not yet. Last time they tried, I joined the crowd yelling at them about it. It's easier to do that if people aren't giving them technology they can pretend solves the fundamental problems with what they're doing.
> Those businesses also have control. They just don't like the option of control they have, which is to stay out of those countries altogether.
Yes. ?
Apparently they don't want to leave and are happy staying there and complying. If you don't like a businesses practice, don't use them. . .
> Last time they tried, I joined the crowd yelling at them about it.
Good. I hope more people that feel as strongly about the subject as you will follow your lead.
> It's easier to do that if people aren't giving them technology they can pretend solves the fundamental problems with what they're doing.
No one is "giving" them technology that pretends anything. There is a community effort to come up with privacy focused, secure solutions. If you noticed the OIDC4VC protocols are still in the draft phase. If it's fubar no one will use it. Worse than that is, if nothing comes of any proposed solutions, the state won't just say oh well you tried.
Either we will continue to deal with the current solution of businesses collecting our ids and biometrics and each one having a db of this info to sell/have stolen, or, some consultant that golfs with some gov official will tell them the tech industry can't figure it out but they have a magic solution that's even better and will build a system (using tax dollars) that uses government IDs with the added bonus of tracking and then all of our internet usage can be tracked by the government.
Wantonly dismissing any effort to make things better in an acceptable way is not going to make it magically go away forever. That ship has sailed. You can resist efforts to find a privacy focused solution and get stuck with an even worse one from the state, or, get your crowd yelling hat back on and help make sure data and privacy protections are solidly baked into these solutions the tech community is trying to build.
I might be mistaking, but I don't see how this is novel. As far as I know, this has a proven DSP technique for ages, although it it usually only applied when a small amount of distinct frequencies need to be detected - for example DTMF.
When the number of frequencies/bins grows, it is computationally much cheaper to use the well known FFT algorithm instead, at the price of needing to handle input data by blocks instead of "streaming".
The difference from FFT is this is a multiresolution technique, like the constant-Q transform. And, unlike CQT (which is noncausal), this provides a better match to the actual behavior of our ears (by being causal). It's also "fast" in the sense of FFT (which CQT is not).
There exists the multiresolution FFT, and other forms of FFT which are based around sliding windows/SFFT techniques. CQT can also be implemented extremely quickly, utilising FFT's and kernels or other methods, like in the librosa library (dubbed pseudo-CQT).
I'm also not sure how this is causal? It has a weighted-time window (biasing the more recent sound), which is farily novel, but I wouldn't call that causal.
This is not to say I don't think this is cool, it certainly looks better than existing techniques like synchrosqueezing for pushing the limit of the heisenberg uncertainty principle (technically given ideal conditions synchrosqueezing can outperform the principle, but only a specific subset of signals).
“we’re back where we started four years ago, hard coding everything, except now in a much crappier language.”
Not sure if I agree with this. A proper designed DSL has the advantage of being much closer to the domain of the problem it is supposed to solve. Your code written in the DSL now might end up as 'hard coded' part of the application, but it likely conveys much more meaning in much less code because it is tailored to the core functionality of the application.
Design a DSL. But instead of implementing it, implement the same abstractions in the functions (or classes or whatever) of your code. Effectively, you are implementing the DSL without the parser and AST.
When you chain these functions together into business logic they will be just as readable as the DSL would have been. But you still get an IDE with code completion, debugging, etc.
Sure, I own a smartphone, it runs just plain android but without any google accounts or services because I do not agree to Googles terms of services. I never did, and as an European citizen especially with recent developments I feel that has been the right choice.
The thing is, without google account there is no play store, and without play store I am not able to install the majority of apps - no banking, no parking, and all the other services people complain about in these threads.
This is my choice, and I stick to it. I'm also pretty vocal about it and complain when needed. Doctors office informs me I only can get medicine with the app? Apparently they can make exceptions when you complain, because I'm allowed to get medicine with a simple phone call. My bank tried to force me to use their app, but apparently they still do have an alternative login method when you complain. Sure, I know it's a fight I will lose in the long run, but I enjoy it while it lasts.
It seems like the options are 1) MicroPython, which is really easy to use (use python for everything) but lacking in anything lower level to a quick restriction on what you can do. 2) C, which I've used before and understand, but going from the Arduino or PlatformIO experience would require a lot of learning as well. 3) Rust (with embedded_hal and embassy), which is newer, along with different language, but with ability to go lower level with complies, and seeming overall goal to be more widely used.
College was all C/C++ so I've used that before, so I can understand and pick up the code. Since I have brief experience rather than your experience, I'm betting that the time it'd take for me to get up to speed with C and fuller dev environments would take as long as with Rust, and since I can use rust in more applications for what I do professionally, I'm figuring to put the time there.
What have you built and with what in your 25 years? Too many posts and vids about these things are intro rather than more in depth. It's great to hear from people who actually do this into production rather than mini-projects.
I'm learning Ada next year. I'm not interested at all in doing low level programming with it, but the text books I have note that it's actually an area where it excels. Maybe worth a look.
> he wants to be able to express programs, and even an operating system, as a directed acyclic graph of logical binary operations, so that you can have consistent and deterministic runtime behavior.
So how is this different from digital logic synthesis for CPLD/FPGA or chip design we have been doing over the last decades?
FPGAs are (prematurely) optimized for the wrong things, latency and utilization. The hardware is heterogeneous, and there isn't one standard chip. Plus they tend to be expensive.
The idea is to be able to compile/run like you can now with your Von Neuman machine.
FPGA compile runs can sometimes take days! And of course, chips take months and quite a bit of money for each try through the loop.
With FPGAs I can sample a hundred high precision ADCs in parallel and feed them through DSP, process 10Gb ethernet at line rate, etc with deterministic outcomes (necessary given safety and regulatory considerations). They integrate well with CPUs and other coprocessors - heterogeny isn't wrong. Plus training a NN model also takes days! To be fair not always, but for the above applications my build time was hours to many-hours anyway.
I grant the hardware is absurdly expensive at the high end, but I really don't think application wise the comparison is apples to apples.
Hotzs saying literally everything with an io pin or actuator will be driven solely by NN (driven by tinygrad) seems to me maybe 1/3 self promotion, 1/3 mania, some much smaller amount incisive at best.
There is the excellent CAD sketcher plugin for Blender; this adds a basic 2D parametric/constraint based editor into your workflow, which can convert it's output into a mesh to integrate into your blender model. For more complicated models I typically make 2 or 3 2D constraint models, and use the blender boolean tools to combine this into the final 3D model.
