I've been battling with locking down my kid's devices for much of my life.
I haven't found a parental control feature that works: we've tried several, but, generally, nothing survives the 'Hey, I'll just factory reset the device and start with a clean out-of-box-experience' bypass. Kids can figure this stuff out.
Even when we thought that things were under control, kids can easily procure new devices. Many families don't dispose of their old phones; it's not too hard for kids to find an older model that's been sitting around collecting dust, bring it to the schoolyard, and trade it like a baseball card.
I wish I had a good answer, and, distasteful as the age-verification might be, I'm open to such draconian measures at this point. If you say there are better ways to enforce this, I'd honestly love to hear the specifics.
I'm fairly sure that Android requires parent permission to reset a device if it's a managed child device. Overall, the parental controls on Android have been sufficient for what my family has needed.
It seems like it should be relatively easy to create a dead man’s switch that sends you a message after a factory reset, and then you just take away the phone for however long is appropriate. Do most parental control tools just not include that for some reason?
children should not be 1 or 2 clicks away from graphic internet porn at all times and your unwillingness to make any compromises in order to stop this is frankly embarrassing.
please explain in exacting detail how you can prevent a child from accessing the internet without living in the woods, homeschooling them, and not allowing them to have friends or interact with another human being that has access to the internet.
That is definitely a difficult battle to fight, but why do you think kids can't bypass these government-level restrictions just as easily as they can your own? Especially since governments are usually slow to respond to whatever method of bypassing it is used, if they respond at all (especially once it's no longer the topic of the minute).
People can bypass these restrictions with video game character creation tools, with generative AI, with a VPN (something that's very hard to ban in practice because corporations rely on them, and of which some are free), with copy-pasting random ID photos from the internet, with borrowing a parent's or teacher's or other adult's ID, with using a website scraping alternative (some of which can be self-hosted, or hosted by one child for many others) instead of the website itself, and so on. Heck, they can use websites hosted in Russia (or other countries), like a lot of pirates do.
And whatever the easy bypass method ends up being, they'll all end up knowing it, because they go to school and talk to each other, and because they'll always have at least some access to some parts of the internet no matter what.
Meanwhile, these age verifications laws are labeling all the children (who don't bypass it) as children, and that information WILL be leaked, inevitably, as it already has been (from Discord, for example - a service that shamelessly retains and processes every message it hosts, even after the user 'deletes' it).
When ID info is leaked, it leaks the child's age, their real name, and (often) their real address, their phone number, and their appearance. A surprising amount of information might be deducible from any selfie or video that was required. And in combination with an app's other data (or other data about them that has been included in databases and/or leaked and/or shared on the internet previously and which can be matched to them based on email or phone number or username or browser cookies or IP address or etc), it can leak their interests, hobbies, hopes and fears (discussed with friends), favorite hangout spots, the name and location of the school they go to, their regular routines or travel schedules, etc - anything at all that they might have discussed via the app, or whatever might be concluded just by their proximity to their friends (e.g. maybe they don't directly know that a kid lives in X location or plays Y video game, but if every day they talk to a bunch of other kids who definitely live in X location and play Y video game, then they probably live in X location and play Y video game too).
When all that data is leaked, all that data is now available to predators. And it's very, very hard to remove it from the internet after it's out there.
That data, even just from a single leak, could make it so easy for someone to target a specific child, contact them, tailor their lies to seem as trustworthy and likable to the child as possible, anonymously harass them online, threaten them, stalk them, or attempt to persuade them that yes, he does know their parents, and they definitely sent him to pick them up from school.
To me, all these laws seem realistically likely to do is unintentionally but significantly endanger the children they claim to protect. I don't see how it can be anything but a devil's bargain, even if we only "think of the children" and disregard other concerns.
At the least, it should have been proven to be more effective than regular parental controls before even being considered as an option, but so far, it doesn't seem to be so at all. And if there's little to no additional benefit, or we're not sure if there's a benefit or not, or if it's shown to be less effective, then why ever choose it over the regular parental controls that don't carry this huge additional risk?
As to enforcing age limits otherwise, well. I confess I don't think there is any way children won't just find a way around. I think the best defense is just educating children about how to navigate the internet and its potential threats, making sure the children don't see their parents as distrusting of them or oppositional (so that they feel comfortable enough to go to their parents for help or reassurance if there's a problem, instead of hiding the problem because they don't want to be yelled at for being on the internet or such-and-such website at all), and - an element I think a lot of parents miss - making sure they have a lot of appealing options for things to do or ways to socialize outside of the internet. If you occupy their time by indulging their non-internet-focused hobbies and interests (and maybe engaging in them with them, to spend time with them), or letting them visit friends in person, then that's time they're not on the internet and likely don't even want to be. I think that this is the option that best sets up the kid to continue having a healthy relationship with the internet after they turn 18 and are even more out of your control.
That said, as far as device parental controls go: instead of focusing on phone-level controls, I recommend using your router's network-level parental controls, as well as the phone line controls for whatever company you get your data form (if they have a regular smartphone, as opposed to a more limited one, which do exist as an option). For your own wifi network, you can even set it up to use a whitelist of devices so that your kid can't even connect to it from a non-approved device. That doesn't stop them from potentially still sometimes accessing the internet using a friend's phone, but it'd cut down on how the amount time they have that access, and do so more effectively than government age restrictions. And in any case, you also can't always stop them from looking at a dirty magazine that they find at a friend's house, or from reading a hateful tract that someone hands them on the sidewalk, or from watching a terrible channel broadcast on a TV in a diner. But you can potentially influence how they handle it when they encounter these kinds of things.
The quote resonates with me, even though I haven't experienced the exact "set a vibe on a date" scenario.
I have multiple bluetooth headsets that I use with multiple devices. I have collected a series of tricks that I use when I can't get bluetooth to operate the way I want it to: turning bluetooth on/off, restarting the bluetooth device. "Forget the network" is not one of those tricks, but I wouldn't be surprised if others have learned to use it.
I haven't kept aware of changes to Java in the last decade, but the things I didn't like about it then were:
1. The overall architecture (with the JVM) made it slower than the equivalent C# code.
2. C# really started embracing modern language features at a time when Java was kind of languishing (lambda functions, async patterns). Java seems like it's been in perpetual catch-up since then.
(Not OP, disclaimer, I work for Microsoft and this is only my opinion).
> I haven't kept aware of changes to Java in the last decade, but the things I didn't like about it then were:
It's almost a shame. I am genuinely impressed with the gains the team has made in both, language aspects as well as JVM technology. They have some brilliant people working on it and I love to hear their talks (Brian Goetz and Mark Reinhold, mostly).
But I suppose I would say the same about .Net, it's just that you guys have much less public exposure of your internal reasoning.
I've seen the gains in Java; the main things that would close the gap are not yet there in Java. .NET code, especially when tuned, still has significantly more knobs in your code to tune and make faster. An example would be proper generics with value types together means less boxing in generic code in general overall but there's a lot more I can think of. I've seen almost 50% of gains, particuarly when doing math like code, of moving away from Java to .NET especially if the jump to C/C++/Rust is too much for the team in question due to other requirements.
> What do you want for the USA? Completely open borders? Closed borders, but we don't enforce it very well? Something else?
The 2024 bipartisan border bill (https://en.wikipedia.org/wiki/Mexico%E2%80%93United_States_b...) seemed like a good compromise to me. Of course, it wasn't brought to a vote by the house (for reasons that I won't elaborate on), so it's mostly a hypothetical.
And, if I had to choose between the two, I'm more supportive of the Biden era immigration policy than I am of the current Trump policy.
If an executable isn't code-signed, Windows SmartScreen displays a big scary "This file may harm your computer" warning box, requiring multiple clicks to get past. Been like that for years.
Code-signing certs used to be very expensive and annoying to obtain. The situation has improved a lot since the launch of Azure Trusted Signing, and now it's roughly on par with the cost and annoyance level of code-signing for Mac binaries.
Big scary box might as well be outright disallowing, since someone who isn't 100% sure about your software will likely be dissuaded by the warning. But if they want to install it, then they can.
My understanding of the article is that there is nothing that a user will be able to do to install your software.
> “developers [that we approve] will have the same freedom to distribute their apps directly to users through [installation] or to use any app store they prefer.”
> Why doesn't the README file explain what this repository is doing?
It explains exactly what it's doing.
"Microsoft Store package for Windows LTSC."
It provides a Microsoft Store package for LTSC builds, and an install script that allows it to actually work. Windows LTSC builds don't have Microsoft Store preinstalled, and Microsoft offers no official way to re-enable it.
> Windows LTSC builds don't have Microsoft Store preinstalled
No, it's not that it isn't "preinstalled", the Microsoft Store is literally not supported on LTSC, by design. LTSC was never intended to run the Store. The original use case for LTSC was for ATMs, industrial control equipment, hospitals, and the like, where IoT wasn't appropriate, where you needed the ability to run full desktop applications.
> Microsoft offers no official way to re-enable it.
Yeah that's because the Store was never supposed to run on LTSC. It's not supported. Why would they offer an official way to re-enable it? The whole point of LTSC is that it doesn't include the store.
If someone cobbled together an ugly hack to shoehorn it in, by definition it could break at any time.
If by "customer" you mean "way of making money", I agree, since I didn’t pay for it. OTOH, I have been running LTSC on my desktop for years because it's the best edition of Windows, and I haven't had any issues with the Store, which I had to install manually, thus far.
To be fair, the headline could have been better worded. The convention for something like this is
“Show HN: Title of Repo”
I could understand how one might not understand what the aim of this post was. Maybe the ensuing conversation could have been handled better, but I would certainly include the parent comment in that indictment.
The store is also an app on windows and is sometimes an hard dependency to install apps that only exist on the windows store without having to jump through many hoops. It's usually part of windows itself in the regular retail builds of windows, but LTSC which is meant for enterprise and embedded system does not include it. Installing it is not straightforward which is what this repo provides.
There's no source code, it's a just a bunch of binaries and an install/uninstall script.
Edit: I should clarify that the link provided in the repo is not the microsoft store that the apps refer to. This would be a better link https://apps.microsoft.com
I don't think there's anything nefarious going on here but to someone just quickly looking over the page it has the impression of being an official Microsoft project, given the gratuitous use of their trademark and zero mention of it being a "community" effort.
> The lack of support on LTSC is the least baffling thing going on here but I'm open to the possibility that I'm misunderstanding something....
And yea, you're right, but Indeed, many people need to use the store on LTSC, especially after Microsoft migrated many ecosystem attempts to the store, for example Microsoft Photos and some extensions like HEIC, and now not only UWP applications can enter the store; regular applications can also do so. It actually poses a very big problem that we cannot use the store anymore, at least that's what I think.
Furthermore, it is not just LTSC 2019 that cannot be used; this means that older versions of Windows (at least 1809 or older) are also no longer able to use it. In other words, we can no longer use the store on older versions of Windows. You might say that Microsoft itself didn't intend to provide support for older versions, and yea, I agree, that's true. However, the fact is that many people use Windows largely because of its compatibility advantages. I believe everyone should at least be aware that Microsoft is not as compatible with older programs, especially its own, which is what I want to express.
As for the license, I would like to clarify that it is only to prevent the packaging scripts from being used for commercial purposes and promotion. As you can see, this repository is not specifically intended for hosting store programs, so it does NOT apply to the store programs themselves, but only to the deployment scripts :)
I agreed with a lot in the article, but I was a bit baffled by the DEI name-drop in the opening.
> "... the guys who had big tech startup successes in the 90s and early aughts think that 'DEI' is the cause of all their problems."
Who is the author referring to here?
(I realize that DEI has been rolled back at some companies, and Zuckerberg in particular has derided it, yet I still feel like the author is referring to some commonly accepted knowledge that I'm out of the loop on.)
certainly Andreessen has gone on many public rants about how he thinks dei and other "woke" initiatives are killing american tech innovation. Here's one interview - https://www.nytimes.com/2025/01/17/opinion/marc-andreessen-t... About halfway through he really lets it fly
Suppose user U has read access to Subscription S, but doesn't have access to keyvault K.
If user U can gain access to keyvault K via this exploit, it is scary.
[Vendors/Contingent staff will often be granted read-level access to a subscription under the assumption that they won't have access to secrets, for example.]
(I'm open to the possibility that I'm misunderstanding the exploit)
My reading on this is that the Reader must have read access to the API Connection in order to drive the exploit [against a secure resource they lack appropriate access to]. But a user can have Reader rights on the Subscription which does cascade down to all objects, including API Connections.
But also the API connection seems to have secret reader permissions as per screenshot in the article… Giving secret reader permission to another resource seems to be the weak link.
The API Connection in a Logic App contains a secret in order to read/write (depending on permission) a resource. Could be a Key Vault secret, Azure App Service, Exchange Online mailbox, SharePoint Online site..., etc.
The secret typically is a user account (OAuth token), but it could also be an App Id/Secret.
But somebody gave the API Connection permissions to read the KV secrets from, Exchange Mailbox, SharePoint folder etc… And anybody who has access to the API Connection now has access to the KV, SharePoint folder, etc… I do not think this is a problem with Azure, this is just how permissions work…
The API Connection in the example has permissions to read the secrets from the KeyVault -as per screenshot.
It seems to me the KeyVault secret leak originated when KeyVault K owners gave secret reader permissions to the API Connection. (And I will note that granting permissions in Azure requires Owner role-which way more privileged than the Reader role mentioned in this article.)
[edit - article used Reader role, not Contributor role]
I haven't found a parental control feature that works: we've tried several, but, generally, nothing survives the 'Hey, I'll just factory reset the device and start with a clean out-of-box-experience' bypass. Kids can figure this stuff out.
Even when we thought that things were under control, kids can easily procure new devices. Many families don't dispose of their old phones; it's not too hard for kids to find an older model that's been sitting around collecting dust, bring it to the schoolyard, and trade it like a baseball card.
I wish I had a good answer, and, distasteful as the age-verification might be, I'm open to such draconian measures at this point. If you say there are better ways to enforce this, I'd honestly love to hear the specifics.
reply