So what do you do for "okay, we need to run this script that we've decided is a necessary operation". Special account? Everything go through the build server? I've been looking for tooling for "I need to do a production operation but I want it to have proper interlocks and reviews".
That's what I'm getting at - so in the end, somebody really does need to have access to a regular sysadmin account on the server, even if it's not their default login. I was hoping that there was an option that didn't involve that sort of workflow, or abusing migration tools (since this isn't exactly a migration).
You can use something like flyway on top of your existing git/cicd stack. Write the query as a migration, have it reviewed using your git code review process, and merge to run the migration.
Down again, now complaining about rate limit exceeded.
Considering how FB was ruined by enshittification and Twitter was ruined by its new owner, I'm worried about how BSky has no apparent plan for money, and hitting a rate limit is not a great sign.
My compromise pitch, since the "You need ID from your users" ship has sailed:
Companies are not liable if they have proper ID of the person who submitted the content and can provide that to a plaintiff. If they have not made a good-faith effort to know who submitted this info (like taking ID, not just an email address) then they're taking responsibility for the submitted content.
Which means sites that have responsible moderation can still allow anonymous contributions.
The real problem is the inherent asymmetry of legal battles, where the wealthiest can fight forever with endless motions and have near-total impunity while a legal action would basically nuke a normal person's life. Not to mention the fact that an international border can often make this whole conversation moot.
> Which means sites that have responsible moderation can still allow anonymous contributions.
Anonymous contributions, up to the point of somebody compromising the service? With the quantity of password hash thefts, I suspect we'll see even more ID thefts this way.
I can't imagine using any service that asks for ID, except perhaps from the well-established giants, so an exception for identifiability would effectively be a gigantic moat granted to the largest internet companies to keep out competition. Anything like that would need to be paired with massive anti-trust changes, as well as perhaps government take-over of the giants as utilities, none of which sounds very appealing...
That said, don't take any of my rambling as discouragement, your type of thinking is exactly what we need, we need massive amounts of policy discussion and your suggestion is very innovative.
That's basically how things used to work in Germany. It used to be that if someone torrented movies on your internet connection, you were fined. No ifs, no buts, they monitored 100% of the public torrents and courts agreed with 100% of the fines. And they didn't care who did it - if they didn't know (which is almost always true) they fined the owner of the internet connection. It was a really really bad law. For 10-15 years after every other country had public wifi hotspots, Germany didn't because the owner would get fined for every torrent. After a very long time, they eventually passed a law saying public wifi operators didn't have to pay.
One of my issues is the lack of liability in practice. The poster is technically liable but they're anon, behind proxies, foreign, etc. and unaccountable. It results in people being harmed online without recourse.
These companies should have a duty to know who their users are.
reply