That sounds like an unnecessary EU standardization. Having the same timezone in Poland and Spain possibly made sense 30 years ago, but now that all communication goes through computers of one kind or another, time conversion is seamless.
For those companies that have offices in both countries, and for which the synchronicity matters, it is not that difficult to just have special office hours.
> [The same timezone in Poland and Spain] sounds like an unnecessary EU standardization.
Well, if you look up the histories of the time zones in the respective countries ("Time in Poland" and "Time in Spain" on Wikipedia, I have no reason to doubt their accuracy) you'll see that both settled on CET, with or without daylight savings, long before the EU was even an idea.
It is sad that FreeCAD gets all the attention. If Solvespace had some of it, and the development time following from it, it could get improvements and some of the cool stuff in their pipeline. That would IMO make it a much better CAD program than FreeCAD could ever become.
I know, it's just that in this particular blog post, the designs mostly seem to be extruded 2D sketches which solvespace is particularly good at with its sketch interface.
Solvespace can also do a lot of useful 3D stuff, but it's also missing a lot so I can't in good faith recommend it for any arbitrary CAD work.
I really loved Miranda back when I learned about it. I still have the book. I think it never took off because it was quite expensive for universities to use. Im sure David Turner regrets his price model today. Now he has made Miranda available here https://www.cs.kent.ac.uk/people/staff/dat/miranda/
Yes, the open-source release he did is what introduced me to Miranda. I rewrote a lot of my previous Haskell solutions to Advent of Code puzzles with it, and liked it so much I decided to try to improve on it ;-)
That's what led to Admiran. I originally wrote Admiran in Miranda, then bootstrapped from that to self-hosting when it was stable enough to do so. The original Miranda combinator compiler / interpreter took 20 minutes to compile all of Admiran, while the self-hosted version now takes 20 seconds.
One of the grad students of David Turner has taken up maintenance on the original Miranda source; the repository is now at https://codeberg.org/DATurner/miranda
I think you are right that the shady actors pretty much can use existing bugs.
But you are also right that this is not the only way they work. With the XZ Utils backdoor (2024), we normal nerds got an interesting glimpse into how they create a zero-day. It was luckily discovered by an american developer not looking for zero-days, just debugging a performance problem.
According to the layouts on this site, there're more European layouts with parenthesis on 8, 9 than on 9, 0. (I had to zoom out to see the right-side of the comparisons.)
I have mentioned this before, but age verification can be solved by hash chains. They can prove age without compromising privacy.
It is crazy that the solutions Discord goes for are IDs and selfies. It definitely gives the impression that there are shady ulterior motives.
Hash chains are simple. If they were adopted, Discord would clearly be in bad faith taking the steps that they do now. If you search you will find quite a bit of information. My introduction to hash chains is for for age verification specifically:
https://spredehagl.com/2025-07-14/
The EU is working on a actual privacy-preserving initiative [0] that allows owners of ID wallets to verify their age, without their actual age or personal data being transmitted. The standard and reference implementations are open source on GitHub. Yet everybody screams uploading IDs and total government surveillance.
Dear littlecranky67, as overseer for your digital wallet, I am happy to inform you that the owner of the discord server kinkydwarfporn doesn't know who you are and your privacy is protected.
Signed your friendly EU official.
As long as someone in the chain is able to physically connect the dots it is game over for privacy.
Your comment assumes there is an "overseer". There is not. Guys, read the technical documents. It is all standardized and open-source. I can code my own wallet.
>Тhe EUDI Wallet notifies the user of a pending request to prove their age, including: the name and identity of the requesting party.
>She consents to share the requested info and her wallet uses verifiable credentials issued by a trusted authority (e.g., national civil registry) to generate a cryptographic proof that she meets the age requirement.
I am fairly sure that here is enough info to be deanonimized by the authorities issuing the EUDI and the wallet app developers.
You first quote reads: "You, the end user, get a notification that a party (probably the porn website you visited) wants to request your age and you, the USER, get the identity of the website (not vice versa).
As for the second quote: Yes sure, you credentials need to be signed by a trusted authority, someone has to establish you are an adult. But it is a cryptographic signature. Same as https certificate needs to be signed by a third party vs. self-signed certificates.
And the ID app developer logs that the porn site has requested my ID. So there is no privacy from the government. Which is much more important privacy.
This is just pointless whataboutism. There are smart devs and crypto experts designing a sound, privacy-friendly system that is open source. It does what is supposed to do and how everybody would want it to be implemented. Yet people reject it on irrational grounds for whatever negative aspect they associate the EU with.
No matter how open source something is, as long as you can only run it on a non-rooted Google or Apple device, and it’s hardcoded with remote attestation features exclusive to these two platforms, it suddenly isn’t much better than a bro asking you to trust him.
Btw the other guy has a point, by definition you can’t support both privacy and something that obliterates it.
It's funny how pointing a fact is called whataboutism.
You trust the EU's pinky promise a keep their word that your ID will be safe and secure and never tied to what you say, the content of your messages or who you send them to. If that is so, then go ahead and use it. That's your business.
> whatever negative aspect
The EU literally wants to read your personal messages because it doesn't trust that you are not some criminal in disguise. Instead of the state having to prove that you are criminal breaking the law, it wants to read everything you send and store the data permanently in case you break the law one day. If you think that is acceptable and that is an entity that can be trusted, then I don't know what to tell you.
If I understand correctly how this works, it doesn't require trust or knowledge. The service gets exactly 1 bit of information (over/under the required age), the government system gets nothing.
"Don't trust, verify". It is an open protocol based on cryptography for everyone to verify that simply does not allow to submit identity information when you perform the age verificaiton check. There is no opinion here, no "you have to trust X not to do that later" - it is the property of the used technology to just submit the verified age. You can't derive identity information now or in the future just if you age-verified yourself. You are being paranoid and talking about a fantasy, non-existing system that is not the one I linked to.
On a side note, whataboutism is not about "stating a fact". It is when the stated fact has nothing to do or does not interfere with the original point being made. As in "Why would I trust the EUDI act when the EU does shenanigans like come up with stupid norms of the shape of bananas" - Stated is a fact, but it has nothing to do with the actualy EUDI act.
At this point, it's just something stupid people say. It used to mean that when you pointed out that my people were desperate for the freedom of living under capitalism, I would point out that you lived in an apartheid state.
Somehow, here, "whataboutism" means that if after you point out that the EU is coming up with an age verification system that they claim preserves personal privacy, I point out that the EU is also very much, openly, against any sort of personal privacy. Somehow that's some form of communist propaganda. Or Russian propaganda. Terrorist? Whatever. The important part is that I'm someone who should be watched or arrested if I continue to question your motives on behalf of our enemies.
If the input is "give ID", what the software claims to do is almost meaningless since you cannot prove that software was running. What do I care that someone can tell me they built a privacy-first way of validating IDs/age if I cannot be sure that is the software they are running?
They can just as easily save the ID to disk and return "all good" for all I know.
It requires that Bob proves posession of a private key, that only he has ever had. That private key could be generated specifically for the commitment that he got from Alice.
Well your solution includes handwritten signatures and everyone being a handwriting expert so that they compare handwritten signatures. I wouldn't call this an elegant solution.
That is what the example uses. In the real world that would be a digital signature. Look under the heading "Fitting the parts together" to see what the real world solution could be like.
Even easier, just get tokens that carry no other information from ones government, and the government runs an API, that for a given token tells whether that token is valid. Can tokens be stolen? Maybe. Can your face be stolen? Today yes.
Hash-chains allows the solution to be token-less. You no longer need those per transaction information leaking API calls. You also avoid dependency on a single provider.
The communication in connection with a transaction would only go between the identity owner (Bob) and the provider (Cycle shop).
No API, they sign the tokens with the government's private key and you verify them with the government's public key
If discord needs to contact an API, then the government can associate the token with you, and you with discord, and know what you browse online. No thank you.
No, using another ID has a much higher barrier: more likely to get caught (it's the same ID, after all - tokens might (or should) be better anonymized so services don't build user profiles just using the age tokens), more likely to get punished (there's a real name attached to it), more likely to lead to a video verification request to compare ID picture with actual face.
Something like half of Israel's economy is intelligence gathering wtf do you think is happening here it's pretty obvious. economic leverage, surveillance, foreign influence, tech exports being used politically, etc.
I'm not sure how hash chains would resolve the fundamental issue of needing to send your ID or similar to some random third-party company that does god-knows-what with it (probably stores it in a publicly accessible path with big "steal me" signs pointing at it). That they need to attest to your age means that they need to trust what your age is, which has really just moved the problem one layer deeper (as far as I can tell).
I assume by third party you mean the authority, and yes, the authority would need to know your personal information. At least enough of it to verify your age. So the ideal is that the authority is the entity that already knows your personal information. Like the entity that issued your passport to you, or the one that issued you drivers license.
But even if the authority was a private company, I think it would be an improvement compared to the current situation. In this situation your personal information would be held by this one company, and not whatever provider that needs to verify your age. Also, you would be able to use the commitments, that this private authority gave you, without any coordination afterwards. The authority would not know about your transactions.
How would that mechanism work in practice, though? If every parent needs to become a trusted authority, wouldn’t that just move the goalpost? Who would be the trusted authority, and who would implement that?
I agree that the mechanism is elegant, but figuring out which entity should be trusted in a way that scales globally is somewhat difficult.
It works quite well in Czechia. Upon verification request, you are redirected to a government site, where you select exactly what data (Full name, DOB, address ... ) you intend to share with the entity requesting the information.
I can imagine you could share just your DOB in such a case, while keeping your real identity private. In such a way Discord would learn only your age, keeping everything else from them.
Government learns that Discord was provided your data, but this is supposedly a trusted, regulated entity.
A better system is in beta in Switzerland. Government is the root of trust, but only signs your private cert regarding your ID. All the interaction with third parties is local to your device, the government doesn’t get to know you interacted with Discord. Discord gets a single bit “is the user of this device 16/18 (restricted/full legal autonomy age) years old?” With chain of trust to the government.
Yes. I think that wahtever organization that issues your passport, would be a natural choice for setting this up.
But nothing prevents it from being a private company, although I cannot see a sound business model for it. Also it would need to project great credibility for customers to trust them with their information.
How difficult would it be to add further anonymization? Let's say I want to prevent the bike shop from building a usage profile on the basis of the age check (e.g. because I'm buying booze). Would I just need to get more chains from Alice, or is there an easy way to integrate e.g. group signatures into the scheme?
I think that whatever organization that issues your passport, would be a natural choice for setting this up. But it could be some other authority. In a way it is the identity owners and the providers that decide who they will trust as authorities.
Another fun fact: German registration plates use a font for which it is difficult to change one digit to another, for example by adding a bit of tape. The font is called FE-Schrift.
https://en.wikipedia.org/wiki/FE-Schrift
Interesting. I’ve heard that in the states, some police department plate lookup software will treat similar shapes the same. So if you search “B5-004” it will also match BS004, B5O04, etc
But they left S, X, and Z rotationally symmetric, so if you choose a non-palindrome vanity plate with only those characters, you can mount it upside-down and fool plate-readers.
Manuals are fairly easy to find, but in my experience they are dumbed-down. They mostly contain simple Ikea-like instructions and a lot of legalese CMA warnings. That is not a dig at Ikea. Their instructions are great for assembling flatpack furniture. But servicing a faucet, a garage door or a lawn mower is on another level.
This state of affairs is partly due a change in the nature of products. They are in general more complex and no longer meant to be repairable. They are meant to have shorter life spans, and if serviceable are meant to be serviced by professionals. How much that is an improvement for the consumer, is questionable IMO.
> Manuals are fairly easy to find, but in my experience they are dumbed-down.
I just linked to the full CAD library for the modern version of these parts, though. It’s not dumbed down.
Use the search phrase “service manual” and you can find documentation for every appliance in your house. I frequently fix appliances for friends and even neighbors and have yet to be unable to find the service manual.
Same for cars.
I’m so confused by this comment section. Why is everyone convinced that the situation is so much worse today?
For those companies that have offices in both countries, and for which the synchronicity matters, it is not that difficult to just have special office hours.