You need 1 of the IT people you're paying already to do a couple of hours of allocating a server, running it, and setting up permissions.

We did that at my previous job during covid because we also though maintenance would only be a couple of hours of effort. It didn't work out that easy. It became a full time job so it was scrapped. People underestimate the amount of effort required maintaining on-prem infra across an org to match what cloud hypersacler providers offer.

That's the flow that California's age verification system uses. Personally, I'm opposed to any age verification beyond the current "pinky promise you're 18" type deals, but California's is the least intrinsically offensive to me.

Doing this doesn't accomplish anything in terms of protecting children from the harms of the internet. In fact it feeds your child's age to marketers and child predators.

Every website will get to decide how to handle the age data our devices will now be supplying them. In the case of facebook, it's not as if they had no idea the children endlessly posting selfies and posting "six seven" on their service weren't adults. Facebook was 100% aware that the children using their service were children. They knew what schools those kids went to, who their parents were, which other kids they hung out with. Facebook knew they were children and they took advantage of that fact.

The law California (and other states) passed doesn't define what content has to be blocked for which ages and doesn't give parents any ability to decide what content their children should or shouldn't be allowed to see. It takes control away from parents. As a parent, I might think that my 16 year old should be allowed to look up information on STDs but the websites that collect my child's age could decide they can't and I'll have no say in it.

No, but it's a framework that would allow other laws to do so. Because...

> it's not as if they had no idea the children endlessly posting selfies and posting "six seven" on their service weren't adults.

...you can make statements like that which sound like common sense, but it would be incredibly hard to regulate based on "if you know, you know" (or "you should have known"/"you had to have known"). The law has to provide (guarantee) a way for them to know in order to actually require them to take action based on it.

> As a parent, I might think that my 16 year old should be allowed to look up information on STDs but the websites that collect my child's age could decide they can't

This is a different problem. It sounds like you're essentially wanting to guarantee access to certain things, not just for your own 16-year-old, but for everyone else's, too (because if it was just yours, you could look it up for/with them if necessary). It'd be difficult to compel businesses to provide services to audiences they don't want to. But again, that's a separate problem that doesn't necessarily conflict with the rest of the system.

I worry that's it's the start of a lot of "other laws" which will limit the ability for children and adult's to maintain even pseudo-anonymity online.

> The law has to provide (guarantee) a way for them to know in order to actually require them to take action based on it.

That sounds like an argument for even stronger proof of age than what the law calls for. Online platforms should do what nearly every other publisher does and provide a rating for their content. Netflix doesn't need to know how old I am. They provide a "kids" profile populated with their own curated content if that's the kind of thing I want and for everything else they provide ratings (PG, R, TV-14, etc.) It would be easy enough to push a rating to clients, they could even use HTTP headers for it. If lawmakers really felt the need to interfere in all of our operating systems it could require some means to collect and act on those ratings.

> It'd be difficult to compel businesses to provide services to audiences they don't want to.

This is the norm. It's what every business does apart from those who demand ID for every transaction. It's useful for businesses to give people their opinion or intention for who they're targeting, but it's entirely inappropriate for every website and online service to force their opinion onto others. They aren't qualified to know what's appropriate for a specific child and platforms like facebook have repeatedly demonstrated that they absolutely can't be trusted to put our children's interests above their own.

That only happens to "publications" of particular forms where state regulation has mandated it, or enough noise was made about state regulation mandating it (or simply censoring content) was made that the industry adopted a rating system as a way to discourage that (and in the latter case, there are always plenty of publishers that don't make use of the industry rating system, either at all or at least for selected publications in the field to which the ratings nominally apply.)

> They provide a "kids" profile populated with their own curated content if that's the kind of thing I want and for everything else they provide ratings

Netflix does not provide ratings for "everything else". Most of what they carry has either MPAA or TV Parental Guidelines ratings, and if it has such ratings they provide them. But they have content which does not have such ratings, which is simply noted as not being rated. (Of course, if "not rated" as an option is a valid to comply with your "you must have ratings in an HTTP header" law HTTP header, then it is trivial to comply and provide the "not rated" header for every piece of content, but this doesn't actually achieve anything.)

That's fine, but it needs an enforcement mechanism, or we're back to where we currently are ("click here if you're 18").

> It would be easy enough to push a rating to clients, they could even use HTTP headers for it. If lawmakers really felt the need to interfere in all of our operating systems it could require some means to collect and act on those ratings.

I would completely agree it seems reasonable at a glance to have websites push ratings and have the enforcement be done e.g. at the web browser level (with the web browser knowing how to enforce based on the OS's supplied age bracket), rather than making websites read the age bracket and act on it directly. Although it does still run into questions about how you handle websites with content from multiple brackets (like Reddit or X)-- what's the UX supposed to look like if a child attempts to access adult content on one of those platforms? If the platform can't know what's happening (due to your privacy/safety concerns), then you're limited to the web browser entirely breaking the interaction or somehow redirecting them somewhere else.

It'd be dead simple to tell if a website returned a rating or not, just pull the http headers and if it isn't there fine them or warn them first and then fine them or whatever. You could even have browsers just refuse to load pages that didn't include a rating header in their response and enforcement would take care of itself.

> it does still run into questions about how you handle websites with content from multiple brackets

I think it'd be up to reddit (or mods) to either set ratings for each subreddit and moderate accordingly. Pages at /r/MsRachel/ would return a different rating than /r/watchpeopledie.

Same with twitter I guess. Every user can specify if their account was intended for children or not. Elmo's twitter account would be shown to everyone, while accounts that don't intend to self-censor wouldn't.

> what's the UX supposed to look like if a child attempts to access adult content on one of those platforms?

browsers that detect a rating higher than authorized can just throw up an about:blocked page telling kids to talk to their parents for access to the page they wanted or click the back button to return to the page they were on.

The platforms would see that a page was requested, and they'd transmit the data to the client along with the rating header. They wouldn't get any signal that the page was blocked. It'd look no different on the server side than it would if the user had clicked a link and then closed their browser/tab/window. If you wanted to be sneaky, you could actually have the browser load the page in the background to avoid platforms guessing between a closed tab and blocked access.

This not only solves the privacy/safety concerns, most importantly it puts parents back in control of what their children can access. Parents would even be able to run software that would log the times/urls of blocked pages, and let them override a rating based on URL or domain. Parents could block roblox.com even though it returns a "for kids" header if they didn't want their 8 year old playing in an ad infested online pedo playground but still allow their mature 10 year old access to plannedparenthood.org even though it has an adult rating without exposing them to adult everything else on the internet.

There are countless better alternatives to what facebook wants us all to be subjected to, but facebook couldn't care less about our interests they are only looking out for themselves and lawmakers are happy to take their bribes and eager to erode our ability to browse without an ID attached to our every action.

If the goal really is to just help parents prevent their kids from accessing inappropriate material, that's plenty. Anything else, and you're admitting the real goal is Big Brother style surveillance.

Roblox, in contrast, has been extremely popular with 7-16 year olds for 20 years. They're funneling in new players faster than old players age out. It's pretty wild.

My personal theory is that Roblox largely stepped into the amateur game dev hole that Flash left.

It doesn't take a lot to recreate the capitalism to feudalism pipeline. If you have currency, small imbalances in resources and needs compound over time, creating imbalances in wealth. Imbalances in wealth provide the opportunity to leverage that imbalance for further wealth by way of rentseeking. Wealth provides power which provides more wealth and more power. Eventually your landlords drop the "land" prefix and simply become nobility.

Prior to the invention of currency, we had reputation economies. One might be tempted to model such economies as just money economies with implicit ledgers, but that isn't how reputation works in the real world. Being implicit, reputation captures a lot of activity that doesn't warrant an overt exchange of currency. Think of all the things that you appreciate, and make you value a relationship with someone more, that would be terribly inappropriate to pay them for: the friendly guy at the pub who tells you stories of questionable accuracy, a fellow parent watching your kid during a playdate, anything in the romantic sphere at all. Reputation also doesn't add up in anything close to a linear way: The guy who did something really big once and the guy who did something small with extreme regularly over a long period of time both likely have stronger ties with others in their community than the one who sporadically provided middling value. Reputation also isn't particularly inheritable: I might feel some obligation to someone's kid because of my relationship with their father, but that obligation fades rapidly as they entire adulthood, and nobody owes you shit for who your grandfather was. Likewise, gifts from someone who has an embarrassment of excess are valued much less than the same thing offered by someone who has barely enough.

All told, reputation economies act as a damping function on wealth and power accumulation, whereas currency economies provide positive feedback on the same.

And currency (given that we make it up and have a reasonable degree of control over its worth and distribution) does not have to be a static cumulative ledger

There are models of currency that try to include such dampening intrinsically (Tankies love talking about various experimental forms of currency as "labor vouchers" to try and sidestep the "moneyless" pitch of Communism), but I've yet to see one that really addresses the "wealth begets wealth, hierarchy begets hierarchy" problem.

We are not talking about exceptions either. This is pretty standard stuff when you work outside of the IT-literate companies.

At one client, they provided me with a part time tester, they neglected to give him the permissions to install git. Took 3 weeks to fix.

The same client makes us dev on Windows machine but deploy on Linux pods. We can't directly test on the linux, nor connect to them, only deploy on it. In fact, we don't even have the specs of the pods, I had to create a whole API endpoint in the project just to be able to fetch them.

Other things I got to enjoy:

- CTO storing the passwords of all the servers in an libre office file

- lead testing in prod, as root, by copying files through ftp. No version control.

- sysadmin that had an interesting way of managing his servers: he remote controlled one particular windows machine using team viewer which ones the only one that could connect through ssh to them.

The list is quite long.

This makes you see the entire world with a whole new perspective.

I always thought that all devs should spend a year doing tech support for a variety of companies so that they get a reality check on what most humans actually have to deal with when working on a computer.

If you are on HN, you are the 1%.