Well, it may not be the industry standard definition, but it is the definition used in the actual regulation:
-------
Infrastructure as a Service product
or
IaaS product
means a product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of “virtualized” products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (
e.g.,
“virtual private servers”), and “dedicated” products or services in which the total computing resources of a physical machine are provided to a single person (
e.g.,
“bare-metal servers”).
---
So Dreamhost counts, any web host where you can run arbitrary PHP code would count. Wordpess.com -- where you cannot actually modify the PHP code yourself -- would not count as IaaS. But any web host that allows you to install applications on your own, or run any of your own code, would count as IaaS by this regulation.
> Wordpess.com -- where you cannot actually modify the PHP code yourself -- would not count as IaaS.
However, I am able to write a WP plug-in and install it on my Wordpress.com account. In that case, I am modifying PHP code and running it. Sure, it might not do "AI" stuff but it can do some stuff and I'm assuming that the law would transmute over time to include stuff other than "AI" stuff.
It affects all web hosts, so if you want to lease a server in order to install Wordpress or Mastodon you would need to submit your identification to the provider.
This would make it illegal to anonymously run your own Wordpress install or Mattermost/groupchat server, you would have to reveal your identity to the web host. Do you trust the powers-that-be to never use this information to find and punish dissidents?
IaaS is defined as a provider of computing resources the allows you to run software that is not predefined. So that would seem to include basically every web host. If you can install Wordpress or Mastodon on the servers they provide, they are an IaaS.
Skimming the regulations, this does not seem right. All IAAS providers (which is everyone who allows customers to run custom code, so it includes any web host like Dreamhost) to verify the identity of foreigners who open an account. This would seemingly entail the service provider needing to verify everyone's identity, in order to figure out who is a foreigner and who is not.
In other words, if you want to run your own Wordpress, or Mastodon node, or your own custom CMS web site or group chat or IRC or bitcoin node, you would need to reveal your identity to the hosting service that you want. This does seem quite bad and could obviously be used to identify political dissidents.
On top of that, the IAAS must report to the US Commerce department about foreigners who are using services to train large AI models.
AWS has my name and my credit card number. But they have never asked for a photocopy of my passport, my history of international travel, which nationalities I have and so on. Something tells me that for the goal of this law to be achieved, all those details would need to enter the database.
Amazon is certainly supposed to ensure that you are not a sanctioned person or a citizen of a sanctioned country. This was a concern decades ago when I was in shared web hosting.. don't know why it would have changed?
Not necessarily (although that doesn't necessarily mean I think this is OK). Payment-card-based verification is a longstanding method of doing prima-facie verification like this. When you give your credit card, you give your billing address and typically your phone number -- if the postal code is a US address and the phone number is a US area code and everything else is consistent with that, that might be all the KYC required. If you appear to be a foreign national operating outside the US, they can flag that and require additional paperwork only then.
This proposed rule looks to me like it basically requires providers to come up with their own verification plans, which may then differ from provider to provider, so as to be "flexible and minimally burdensome to their business operations".
[note for the following: I am not a lawyer. The following is not legal advice. Do not fold, spindle or multilate. Do not taunt Happy Fun Ball.]
The real danger, I think, with things like this is, there's an executive order that was issued, but it further specified a rulemaking process be conducted to determine the actual regulations that define compliance. The link in the title is to the proposed rule. There's nothing that says any amount of prior public input will necessarily influence the details of the final rule, or that rule can't change in the future through another rulemaking process, and if it does the only way to challenge it is either to sue the agency on the grounds that it exceeded its discretion (e.g. by making rules that require unconstitutional things) or that the enabling executive order is itself unconstitutional -- but these kinds of federal cases have a pretty high bar for what's called "standing" (the legal grounds to bring a particular lawsuit): you pretty much have to suffer concrete harm or be in obvious and imminent danger of suffering it to a grievous degree. (This is one reason you hear about "test cases" -- often somebody will agree to be the goat who is denied something, fined, or even arrested and convicted of a crime, so that standing to sue to overturn the law can be established.) Other times, if a lot of potential defendants already have standing, a particularly sympathetic defendant will be selected for the actual challenge. The US federal courts are also deferential to "agency discretion" by default, as a matter of doctrine.
What happens all too often with these things is, the initial rulemaking is pretty reasonable, and the public outrage (if there was any) dissipates. Then three years (or however long) on, the next rulemaking imposes onerous restrictions and strict criteria, and people suddenly (relatively speaking) wake up and find they're now in violation of federal regulations that they were in compliance with last week. (This is one reason public-interest groups are so critical -- they have the motivation and sustained attention to comb the Federal Register for announcements about upcoming rounds of rulemaking on various topics.)
I don't think that is a legal requirement in Germany. At least Hetzner lets you rent a German VPS or dedicated server without ID. Though Hetzner may require you to submit an ID if you are flagged by their automated systems upon registration.
It was actually Hetzner that didn't want to provision my VPS without Photo ID. I blanked out the SSN as our government tells us to do and they balked at that as well. After I showed them my government's website explaining how and why to do that they were OK with it but at that point the relationship was already soured and I started looking for alternatives.
Maybe they changed it now but they were asses about it then. I thought it was a legal requirement, they basically said as much though I don't recall the exact details, it was before the pandemic.
Eventually I just moved to Scaleway in France which is much nicer and cheaper and you can even talk to their support on slack.
PS: I don't do anything nefarious on my servers but I just don't want my ID on file anywhere it's not needed.
There are IaaS services out there that accept bitcoin, monero, or anonymous prepaid charge cards. They aren't an IaaS but Mullvad even accepts cash mailed to them in an envelope.
Is it fair to assume, that one can engage in a business relationship with these services outside the US? I'm not sure I see the effect that you are implying. AWS, GCP, Azure don't accept crypto. Mullvad is as you point out not an IaaS provider.
Namecheap, Vultr, BuyVm all operate in the U.S. and at times in the past (I don't know if they still do) have either accepted crypto or anonymous charge cards (available for cash at a convenience store), thus making it possible to get a dedicated server or VM totally anonymously. This new regulation would seem to prevent this.
Some hosts accept alternate payment systems, like gift cards or cryptocurrency. You can also have someone else pay for it with a credit card or bank transfer without giving your name, which can be quite important in some cases. The new rules would presumably make that a crime.
It would not. They're financially motivated to do what they want. They will find a way around it. i.e. scaming the elderly to sign up for cloud services and proxying their KYC requirements.
There are scamers who walk seniors to sign up through Coinbase, the KYC requirements, to order bitcoin.
> Supercentenarian birthdates also exhibit ‘age heaping’ distributional patterns that are strongly indicative of manufactured birth data. Finally, fewer than 15% of exhaustively validated supercentenarians are associated with either a birth certificate or a death certificate, even in populations with over 95% death certificate coverage.
> As such, these findings suggest that extreme age data are largely a result of vital statistics errors and patterns of fraud, raising serious questions about the validity of an extensive body of research based on the remarkable reported ages of populations and individuals.
There are an infinite number of lousy and p-hacked studies showing that every single possible diet is both good and bad before.
What are the one to three highest quality, most convincing studies showing that eating unprocessed ruminant meat (ie, beef and lamb) is bad for your health?
Instead parents insist on this "no drugs, no sex" policy. Of course both of those things can present major problems, which is why they should be discussed but not forbidden. Even sex ed today is maximizing fear and pushing waiting until marriage which is just as bad.
My impression is that there is far less of this now than there was thirty years ago or fifty years ago.
Around this time of day, I’d be taking my time walking home with my friends from Most Blessed Sacrament School, or “MBS” as everyone called it. Once home, I’d quickly get out of my school clothes, put on my play clothes, and be on my way to my favorite place in the world, Myers playground.
I always felt so safe on Cecil Street. On warm summer nights, lots of adults would sit on soft cushions on the top step of the four concrete steps that led from the edge of our front porches down to the sidewalk. Neighbors would sit out for hours, talking with other neighbors, many of them enjoying a cold beer or some other cold drink. At least one neighbor would have the Phillies game blasting on their transistor radio. So we’d be able to keep track of the Phillies game while we were running up and down the street having fun. I knew everybody on Cecil Street, and they all knew me. In fact, I knew almost everybody in our section of the neighborhood. And I felt safe no matter where I went. All us kids knew that most parents around here looked out for all the kids, not just their own.
The way I heard it: right after I was born, Dad simply didn’t renew his license, sold his big black Chevy, and never drove again.
Years later, when I asked Dad about it, he said, “Kev, I could take the “13” trolley on Chester Avenue to work. I could walk to the grocery store. I could walk to the bar. And I was tired of driving your mom and Nonna all over the city. What the hell did I need a car for?”
I have heard personal anecdotes from family relating similar stories.
This was my immediate thought. "The church" sounds like a specific cult, sect, or denomination. There's a wide spectrum of beliefs across these and one cannot act like they've been to them all
Not necessarily: in much of American Christianity, "the church" just means the collection of all Christian believers [0][1][2]. It would typically be read to exclude non-Christians, but include all mainstream sects and denominations.
Baptists are very different from Catholics which are very different from Protestants which are very different from Church of Christ. Sure they’re all Christian, but the beliefs/cultures vary a lot between different denominations which is what I assume the two parent comments are pointing out. If you think you can collectively call American Christianity one religion, then you haven’t experienced different sects of the church. Believing in Jesus is the only common denominator.
All I'm saying is that when the grandparent used the phrase "the church" they probably meant it in the broader "followers of Christ" sense and not a specific denomination as OP assumes.
I'm very aware of the differences between denominations, and the degree to which the grandparent comment generalized across these disparate denominations is definitely problematic, but what I said is accurate: much of American Christianity uses the phrase "the church" in a highly inclusive way that is different than what OP assumed was meant.
-------
Infrastructure as a Service product
or
IaaS product
means a product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications. The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer. The term is also inclusive of “virtualized” products and services, in which the computing resources of a physical machine are split between virtualized computers accessible over the internet (
e.g.,
“virtual private servers”), and “dedicated” products or services in which the total computing resources of a physical machine are provided to a single person (
e.g.,
“bare-metal servers”).
---
So Dreamhost counts, any web host where you can run arbitrary PHP code would count. Wordpess.com -- where you cannot actually modify the PHP code yourself -- would not count as IaaS. But any web host that allows you to install applications on your own, or run any of your own code, would count as IaaS by this regulation.