Personally, I think this is the answer too - rather than mandating it across all platforms, they could have created a service which provides scanning so that there was an additional app people could choose to install (and would, presumably, present as an accessibility addon so it could access content in other apps).
That's not without its own issues though - creating external deps is more or less what they did the first time they tried to mandate age verification.
Although their plans fell through, they created an industry who'd expected a captive market and started lobbying heavily. Eventually, it worked and we've ended up with mandatory age verification.
All of what you said could be true and it'd *still* be wrong for Grok to be allowed to generate it.
All Musk actually needed to say was "oh fuck, we'll fix that". Instead, he responded with laughing emojiis and nothing's changed.
> is not technically illegal in the US
Bully for you.
X is operating in the UK and it *is* illegal here (and not just here). X can either comply with our laws (and the associated moral standards) or it can cease operating here.
There's weird nerd diving in front of Musk to defend him and then there's defending his AI generating CSAM. Neither's a good look, but one is much worse than the other
Saying that Musk should stop his bot from generating underage waifus is fine and agreeable, but construing that with actual CSAM is plainly manipulative. Of course, the British media has long been known for ""nonce"" hysteria, probably because they know the government and royales are degenerate criminals but don't have the spine to go against the local establishment for it, so instead they redirect that energy in bizarre directions.
> We have small claims courts in every jurisdiction in the US. It costs $50 to file, and you do not need an attorney.
This particular example is in the UK though.
It's even easier here!
You can issue a Statutory Demand (https://www.gov.uk/statutory-demands) which gives the receiver 21 days to either pay or reach an agreement to pay. Failing to do that can lead to them being wound up.
Unlike the US, the fee isn't a flat fee, and is tiered depending on the amount being claimed (still cheap though).
I've had to use both in the past.
The developer in this case really has no excuse for airing dirty laundry in public. If they're hosting and not being paid, by all means suspend the site, but don't deface it so there's a message about not being paid carrying the customer's branding.
> His "don't move off 22 for ssh" is also just opinion. He argues "you will be found"
Worse than that, that post misunderstands it's own statement:
"Sure, you will see fewer attacks than before, but most of the attackers are no longer just stupid bots"
That's a *good* thing, because the move has reduced the signal to noise ratio. By getting rid of most of the crufty noise of the internet, you now know that anything hitting your logs now is more likely to be an actual threat than the poorly automated dictionary attack bots.
Moving SSH to a different port doesn't make the system much more secure (and definitely shouldn't be the only thing you do), but it does generally enable you to be more responsive.
True, but at the end of the post the author also explicitly rejects the idea of the DoH protocol in general on questionable technical grounds, so clearly their objection isn't just Cloudflare. I think the argument would be a lot clearer if they didn't conflate "using Cloudflare for your DNS" with "using the DoH protocol for DNS" even if they think both of them are bad.
DoH requests go to /dns-query so you only need that path to proxy onto your DoH handler.
Some DoH clients will also allow you to specify a custom path, so you can also obfuscate the path by configuring client and server to use /foobar instead.
But, re-using an existing site does come at the cost of generating a bunch of extra log noise (fine if it's just you, not so fine if it isn't). If you don't have some kind of auth in place, you might also find that you suddenly come under a lot of load (when I ran a public DoH service, I eventually started getting a lot of traffic from users in an authoritarian country)
If I format the page size, Libreoffice does offer "Letter" and "Legal". GIMP shows them as "US Letter" and "US Legal" but again they're not the default.
It wouldn't surprise me if most non-US users hadn't seen them at all, and certainly not that they don't realise the US uses a different size.
It's still problematic the other way around - you try to print that PDF on A4, but it's formatted for US Letter.
In most cases it still doesn't matter, either because software defaults to scaling to fit, or else because the margins are large enough that it works out even if printed in true size. But sometimes stars align and then you learn about those weird paper sizes.
> At some point people know if you don't care about them. If you cannot care about them why would they "follow you into battle?"
That's true, but it also works both ways.
If the "problem" person is impacting others on your team, you owe it to them to address rather than ignore the issue. After all, why would _they_ follow you into the trenches if you've shown that you don't care enough to deal with an issue that they're saying is making their lives difficult.
(Good) management is about striking a balance - between the business's needs (otherwise you're all out of a job anyway) and the welfare of everyone on the team (which IMO, should always benefit from a bit of priority over the other).
Sometimes that does mean making a hard decision about someone who's very technically capable, but damages the wellbeing or efficiency of the rest of the team.
As an extreme example - I once worked with someone who was a pretty good engineer and knew where a lot of the bodies were buried in the codebase (i.e. keeping him around would be beneficial), but one day he started regularly talking, quite inappropriately about schoolgirls in the team skype group (and even defended doing so). Good engineer or not, sometimes things have to change.
All of that being said, I think the article is too hardline, at least if those are intended to be the opening gambit. There's a ton of people engineering that you can do before you need to reach the point of making it sound like a PIP.
I had to deal with a horrendous skilled person who made every meeting hell for those concerned. It's hard to fire people where I am but in the end we managed it. I am delighted to handle all the problems this caused because they are far less than the daily massive row.
So I'm no stranger to the whole thing. There has to be something coming back from the team members and if they essentially don't give a stuff and treat the rest of the team like dirt then I don't care how great they are - I don't want them.
dotorg being run by a private citizen who receives no payments does not exempt it from GDPR, because GDPR doesn't make that distinction.
There _is_ an exemption for household processing (recital 18) - which means that I don't need to worry about taking a neighbour's contact number etc - but wordpress.org wouldn't fall under that.
Given Matt's actions (and statements made by his own team so far in the case), I think he'd struggle to claim that wordpress.org is not linked to "professional or commercial activity".
It might be quite difficult to enforce against a private citizen, but that's not the same as it not applying.
> dotorg being run by a private citizen who receives no payments does not exempt it from GDPR, because GDPR doesn't make that distinction.
The dot org being run by an American citizen who does not operate within the UK that country 100% means UK courts do not having standing. Remember GDPR UK is not GDPR. It's based on it but case law is different and other stuff. Remember, just because one country does not allow something or requires something does not mean everyone whose website is accessible within that country has to follow that law. But for UK law to apply to someone there has to be a connection. Not just "I can connect to that website" or they're processing my data.
Legal opinion has also been shared from lots of sources that small businesses operating out with the EU aren't covered by GDPR. I believe there is EU law that says EU law only applies to companies with a significant number of customers who are EU citizens.
> There _is_ an exemption for household processing (recital 18) - which means that I don't need to worry about taking a neighbour's contact number etc - but wordpress.org wouldn't fall under that.
Fun fact, in the UK data protection laws will still cover cameras and whatnot taken from a household. That is UK case law. But again, there is no standing for even the Data Protection Act to apply because there is no connection.
> Given Matt's actions (and statements made by his own team so far in the case), I think he'd struggle to claim that wordpress.org is not linked to "professional or commercial activity".
Yea, but there is no standing for the UK to apply its laws on Matt. The EU may have a better claim since he has servers in the EU. However, as pointed out GDPR does not apply for that person because he is neither an EU citizen or a resident as far as I can tell. Their entire claim would be to apply UK law to someone not operating within the country.
The entire point of commercial activity is that there would be a connection and would give UK courts standing is silly. It's basic law 101. Hence, why I said in my first comment that OP didn't understand the law.
GDPR (including the UK GDPR) is extra-territorial by design.
It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen.
I suspect that you and I would agree about the wrongs of any law being extra-territorial, but it's where things on both sides of the pond have landed us.
You already linked to the relevant part of the ICO's guidance but *appear* to have misunderstood it: you've inserted an extra requirement - that it requires taking payment.
That's not the case, it applies just as much to free services.
Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) *collecting and processing data* is offering a service.
> Fun fact, in the UK data protection laws will still cover cameras and whatnot taken from a household
They do indeed. In fact, it's not just cameras: as soon as you publicly share information you can't rely on the exemption because it doesn't cover it.
> Yea, but there is no standing for the UK to apply its laws on Matt.
You keep using the word standing, which is very much as US-centric term. I'm not, for a second, suggesting that anyone would try and enforce this in a US court.
Being able to enforce is (as I've already said) an entirely different kettle of fish.
> Their entire claim would be to apply UK law to someone not operating within the country.
Yes. Welcome to the intended design of GDPR.
Although you're right that EU GDPR and UK GDPR are now two seperate things, they're not actually particularly different things: we didn't really amend it after leaving the EU - the two are seperate since Brexit, but the way that they work is the same, albeit absent a few years of caselaw.
In fact, it's not GDPR that's extra-territorial (or intended to be). Have you seen the stuff they've been trying to bring it to make the internet "safe"? That's extra-territorial in nature too.
Ever since the US passed the CLOUD act, politicians on this side of the pond seem to have decided that what's good for the goose is good for the gander.
> GDPR (including the UK GDPR) is extra-territorial by design.
> It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen.
That is now how the law works. A court must have standing or jurisdiction or whatever word you want to use since you seem to think semantics are at the core of this issue here.
> You already linked to the relevant part of the ICO's guidance but appear to have misunderstood it: you've inserted an extra requirement - that it requires taking payment.
No, that's UK case law. Basic law 101. That is what the legal definition of goods and services is within the UK. If you don't understand that there are legal definitions for things then we're at the crux of your complete misunderstanding of law. And really we won't get anywhere.
>Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) collecting and processing data is offering a service.
Not under UK law. UK law defines a service as something that is being paid for. This is hundreds of years old.
You would be heavily rebuked by a judge if you tried this nonsense in court of trying to redefine hundreds of years old case law to suit your opinion.
> Being able to enforce is (as I've already said) an entirely different kettle of fish.
No, that's the entire point. THE ENTIRE POINT. A court will not take up a case where it can't do anything.
Quite simply, your entire argument fundamentally depends on you not understanding UK GDPR, GDPR, or even basic law fundamentals.
There's no justification for this whatsoever - it was your actions which meant that the ACF team couldn't manage the plugin on dotorg, and the issue you fixed was unbelievably minor.
IF you even had a point in the beginning, you've fatally undermined it. Hell, WPE's motion for a preliminary injunction even now notes that your actions here have potentially fallen into CFAA territory - https://storage.courtlistener.com/recap/gov.uscourts.cand.43...
Given you've been banning dissenters from Slack, I wonder "why" people might not be reporting issues where you can see them?
That's not without its own issues though - creating external deps is more or less what they did the first time they tried to mandate age verification.
Although their plans fell through, they created an industry who'd expected a captive market and started lobbying heavily. Eventually, it worked and we've ended up with mandatory age verification.