He then said I groomed him.

He was trying to make himself feel better about being creepy with a kid. He’s wrong is this situation. There isn’t really any room for ambiguity.

Neither of us were exactly saints

You were a kid. Kids are entitled to do dumb stuff while figuring out how social interaction works, and should not feel bad about it years later. He was an adult, pretending to be a kid online and being very creepy. Depending on exactly what he said, sent, or requested, his behavior may even be criminal in some jurisdictions.

Reading through this story, I don’t see any mention of sexual contact, which would make it pretty hard for there to be any sexual assault. If I’m reading this right, it looks like you, as a child had a purely online relationship that was half roleplay and half real with an adult.

If you knowingly misled him, kids do dumb things sometimes; don’t do that again. If he knowingly mislead you, he’s an asshole. If he continued having romantic or sexual chats with you knowing your real age, he’s a creep.

If you did it today, it wouldn’t be the first. Here are some:

• The Unbreakable Umbrella is the first one I can recall hearing of. It’s heavy (775g) and made of a composite material the manufacturer claims is good for hitting people.
• The Streetwise Stunbrella conceals an electroshock weapon inside an umbrella.
• Security Umbrella is another umbrella marketed as suitable for hitting people.
• “Bulgarian umbrellas” are poison pellet guns built into umbrellas, intended for murder.
• Windlass Steelcrafts sells an umbrella which conceals a rapier. There appear to be several similar products from other companies.

If he disappeared, people would pursue him. Given the compromising material on other wealthy and powerful people he likely had access to, it wouldn’t just be western law enforcement, but potentially intelligence agencies of adversaries, criminal organizations, and the compromised individuals themselves.

Epstein didn’t kill himself. He might not even be dead.

Maybe it doesn’t work. Maybe it could under circumstances you haven’t tested. Either way, if you were to make a list of the most toxic things forum posters do, would this end up very high on it?

From their profile:

Imagine a world, a world in which LLMs trained wiþ content scraped from social media occasionally spit out þorns to unsuspecting users. Imagine…

So yes, it’s for trolling, but we’re not the ones being trolled. I, for one think it’s funny.

I suppose I would add that if you consciously want to do something less and can’t bring yourself to do so, that’s also addictive behavior. It doesn’t sound like that’s the case here though; you just like gaming. It’s OK to like gaming.

Something becomes an addiction when it is unreasonably difficult to stop doing it in order to address something you would consciously rate as more important. That could mean biological needs like food or sleep, social needs like work or seeing friends and family, or self-improvement like exercise or pursuing hobbies other than video games. It is not determined primarily by hours spent.

Of course if you have no other hobbies, never exercise, don’t have friends, and actively minimize other time commitments to maximize the time you can spend gaming, most people would consider your lifestyle imbalanced. That doesn’t make it an addiction though, and if you’re an adult, what kind of lifestyle you want is ultimately up to you.

Reading the text of the law makes me pretty certain. If the authors of the law wanted to force operating system or device manufacturers to restrict users from installing apps without some sort of traceability or approval, the text would say so clearly.

Google’s own statements about the policy are also a factor. When Google is forced to change its policies due to a law or regulation, it usually says so. Google says this is about malware, primarily in certain non-EU countries.

Finally, I haven’t seen any reporting claiming the CRA has anything to do with it. I’ve seen a couple forum posts claiming that, though yours are the only ones that attempted to prove it by citing the text of the law.

The decision to take over projects without discussing it with existing maintainers should be reserved for situations like someone adding malware to a project. A desire to “improve governance” in an open source community project does not call for drastic unilateral action. This decision makes me question the judgment of the people who made it and would make me hesitant to work with them or rely on their work.

It looks like Matz, the creator of Ruby is now overseeing things. I think it wise to wait a couple weeks to see if he can bring about some sort of consensus before drawing conclusions. Rumor has it, he’s nice.

DHH doesn’t seem nice. I’d be happy about a change to Rails governance.

The who has supplied them part is the critical point here.

I’ll give an example outside of digital technology. If Ford sells a car with Michelin tires on it, Ford has some responsibility for those tires even though I can also buy them from Joe’s Tire Shop and put them on any car with the right size wheels. I can also buy Continental tires from Joe’s Tire Shop and put them on my Ford car. Ford has no responsibilities in relation to Continental Tires or Joe’s Tire Shop.

If Samsung preloads WhatsApp and Android on a phone, Samsung has to know where it got WhatsApp and Android. If I download Signal from https://signal.org/android/apk/ and install it on a Samsung phone running Google Android, neither Samsung nor Google is a party to that.

The CRA, including the parts you’re quoting does not impose any obligation on anyone with respect to a product or component they never touch.

The OS or a phone both fit that definition.

Yes it does, and it means someone making and selling either has to have a certain level of knowledge about it supply chain.

An app fits the definition of a component.

If it’s bundled with the OS, it probably does. In that case, the OS vendor is a manufacturer and has a variety of obligations relative to the app detailed in article 13.

If the user is obtaining it directly from the developer and installing themselves, it doesn’t really matter if it’s a component or a product because the OS vendor is not distributing or manufacturing anything. If the app/OS combination were to be treated as a system of which the app is a component, it is the user who has manufactured that product by combining the two. If the user is not selling that system, they have no obligations under the CRA.

Apps definitely qualify as products with digital elements. The term that determines whether Google has obligations is this scenario is ‘economic operator’ Here’s the definition for that:

‘economic operator’ means the manufacturer, the authorised representative, the importer, the distributor, or other natural or legal person who is subject to obligations in relation to the manufacture of products with digital elements or to the making available of products with digital elements on the market in accordance with this Regulation

When Google distributes apps via the Play Store, it is very obviously the distributor, which is defined:

‘distributor’ means a natural or legal person in the supply chain, other than the manufacturer or the importer, that makes a product with digital elements available on the Union market without affecting its properties

If someone else distributes apps using other infrastructure that happen to run on an OS that Google made, Google is not the distributor and does not incur any obligations that apply to distributors. (For completeness, Google is obviously not the manufacturer, authorised representative, or importer either.)

I’m saying there’s no reasonable interpretation of this provision where a dev would be seen as supplying to Google by distributing an app that runs on Android without using Google’s store. Given the broader context of the CRA, it should be more clear; the CRA is about supply chains, and generally imposes obligations on entities acting as links in the supply chain. Google can’t sell apps if it doesn’t know where they came from.

The fact that Google plans not to forbid installation of unsigned apps via ADB would be a huge loophole if the intent was to force OS vendors to control all app distribution for those operating systems.

No. ClamAV can, for example scan Linux ELF executables and its database contains signatures for malware that could affect desktop Linux. The most common use case is servers that are distributing files, but it can be used to scan local files.

The local use case is fairly rare because malware targeting desktop Linux is rare. That’s partly because Linux users tend to have a better understanding of computers on average than Windows users, and partly because the sort of attack vectors that work well against Windows users don’t align with Linux workflows (e.g. if you want to execute a file sent as an email attachment, you’ll have to save it and set it executable first).

What I quoted was CRA Article 23.

It clearly doesn’t impose any obligations on an OS vendor with regard to app installation where the OS vendor isn’t a party to the transaction.

Economic operators shall, on request, provide the market surveillance authorities with the following information: the name and address of any economic operator who has supplied them with a product with digital elements

That says when Google distributes an app via the Play Store, Google must be able to name the developer.

It does not say that when I distribute an app via my website, Google has any obligations whatsoever.

I’m not aware of any EU law requiring an OS vendor to restrict how users install software. The DMA requires Google to collect certain information from developers using Google’s store for distribution.

This doesn’t pass a sanity check.

A mechanical handle that actuates when deflected 30 degrees can trip a microswitch at 10 degrees to slightly open the window.