Sex offender registries are just registries. They only work if someone decides to actually do a query. It might prevent them from getting a childcare job, but it doesn't really prevent them from accessing children at all.
The registers are also massively bloated, some people get put on them for nothing more than public urination.
The only sex offenders who actually get regular checks that might identify this type of thing, are those on parole, or similar court ordered programs.
Other things that could get you on the registry include visiting a nude beach in California or being an 18-year-old high school student with a 17-year-old girlfriend and having your sexual activity discovered by a vindictive parent (that last one will get you the bonus bar of shame of criminal activity involving a minor). The registries are rather blunt tools and also end up doing things like making getting housing difficult (there was a news story I saw in the 90s about an encampment under a freeway in Florida as it was the only place people on the sex offender registry could legally live in a major city (I think Miami but this was 30 years ago). A more recent story in Chicago pointed out that a restriction on sleeping on the CTA would cause homeless people on the registry to end up being unable to meet the terms of their parole). I don’t really have much sympathy for child sex abusers, but if people are such dangers to society that they can only live under a freeway or will be reincarcerated on unavoidable technicalities, something is very wrong.
“I’m very, very bitter that the likes of Savile and the rest of them were allowed to continue. I did my bit, I said what I had to. But they didn’t air that.”
> an encampment under a freeway in Florida as it was the only place people on the sex offender registry could legally live
I listened to a podcast that talked about this encampment years ago. The people living there are quite literally trapped. They aren't allowed to move to another city because of their parole and the city they are in has no other location that isn't within some distance of schools, playgrounds, etc that they're forbidden from being near.
One person interviewed had some petty offense like peeing in public when drunk and talked about the violence and crime that occurred in the camp. Listening to him made me so angry at the injustice that people caught in edge cases are subjected to. He drinks too much, pees on the side of a building, and is now forced to live among rapists and predators.
The OP mentioned high school students in totally normal relationships being criminalized. Another example given in the podcast ep was teens sending nude selfies to their bf/gf that got charged and convicted for distributing csam. This is not how enforcement of these laws should work. I'm glad I grew up before smart phones cause I was really stupid when I was a teen.
The only case of public urination -> sex offender which people can point to is Juan Matamoros. He claims this, but the actual case is too old to verify it, and we should not take his word for it.
Arrested in Massachusetts in 1986, charged with two counts of open and gross lewdness, sentenced to two years.
As of [0] lived in Florida, and was in jail for violating probation on a charge of cocaine possession with the intent to sell.
From the article:
Paul Mishkin, the Boston lawyer who represented Matamoros in 1986, could not recall details of the case this week, but said it was clear the judge considered the incident very serious.
“He [Matamoros] told his side of the story to the judge, but clearly there was evidence that made the judge disagree,” said Mishkin. “A two-year sentence in this incident is a fairly severe sentence. You’d have to think there’s evidence to support that.”
It's a weird grey zone of laws where the beaches are not officially nude beaches, but they are advertised this way. Many are run by the federal park police. Most anti nudity laws are state laws and as a result, there is kind of a loophole with enforcing it.
Of course, the act of being nude in public can make many believe they have been assaulted when it's just nudity.
Right but I'll be honest, I've never thought about looking up the people I've dated in the past. No one really talked about it when I was younger. I don't remember my mother telling me to do criminal background checks on people I'm seeing.
Happened to me. Went out with somebody who turned out to be a serial shop lifter who operated with a small gang of other shop lifters. Everything looked fine up front until they disappeared when we had plans without contact for days. Thought I was ghosted. Turns out they were arrested.
A friend went out with someone who destroyed his car after he broke up because she was violent twords him. He had to get a restraining order. A friend of his dug up a link to a FL police site. Turns out she did a little time down there for assaulting another woman, beating her with a coat rack during a fight. He never thought to look her up either and she seemed nice at first. Shit happens. Don't blame the victim for not being paranoid that everyone they're dating might be a criminal. Especially when there are damn good liars out there.
Back when my wife and I were renting, we only found out our landlord was on the list because his parole officer stopped by and asked if he'd informed us as he was legally required to do.
We moved out rather quickly after that. If we were in a situation where we had to rent again, and went with an individual renting their own house rather than a company, checking out the registry is on the checklist of things to do.
Honestly I am surprised more real estate agents don’t already bake this into the workflow. Thinking about Zillow as well. There should absolutely be a way to identify all the folks during your home search (buying or renting) that are on the registry.
Of course everyone is ultimately responsible for what they purchase but with the commission earned on a few % off a 500k+ transaction I would expect them to do it.
I had a friend threatened with this by a cop. I was there. We had been drinking and he wanted to change his oil at a Jiffy Lube. Unbeknownst to us there was a park on the other side. He just got a ticket but the cop made the threat. It doesn't disprove your claim but it is an example of why the belief might persist
> I challenge you and anyone else reading this to find an example of someone who is on the sex offender registry due to public urination.
When I was in high school, our school police officer once gave our class a talk about how to stay off that list. He strongly warned us against sending nudes, because he claimed 18-year-olds getting nudes from their 17-year-old girlfriends was a common way for 18-year-olds to get on the registry.
So, no it's not a concrete example and it's not as non-sexual as public urination but it's still a thing cops are telling young adults to take seriously.
I'm not sure that's what you meant to link to. The description there is beyond lurid, and that guy only ended up on a registry after a lot of shenanigans.
Are you talking about the link in your parent comment? It's a judgment that overturns the guy's placement on a public registry. (He does seem to be placed on a different registry not accessible to the public.)
He is appealing his placement on the registry on three grounds:
1. He can't be guilty of a qualifying offense, because he has no prior conviction;
2. The officer who put him on the registry did so solely on the basis that his risk of reoffending was "moderate", when it was also necessary to find that he posed a "moderate" danger to the public;
3. He did not in fact pose a danger to the public.
And the judgment rules against him on argument 1 while ruling for him on arguments 2 and 3, nullifying his registration.
Given that this judgment overturns a judgment below, it is evidence that you can be placed on a public registry for purely spurious reasons. That's what happened originally, and it's what was affirmed in the judgment below.
A peer message quoted the PDF of the things he did, before finally getting put on a registry. It wasn't just being naked in his home to say the least. The message was auto-flagged because of its content.
Right, the registry is public in most places, you can just check. When I open it for some of the places I've lived & surrounding areas it is overwhelmingly very serious crimes, the majority of them against minors, a large percentage minors under 13 which is a different category of offense here.
You sometimes need to get familiar with the local legal jargon to interpret it correctly, for example where I live there is no crime "rape" it is recorded as "sexual battery," things like that. And don't assume something is not serious because it is "second degree" or whatever, look up the statutes or sentencing guidelines. I have to seek pretty hard to find anything that could even plausibly be something like an overcharged public urination.
The first one I found, I looked up the case, and the offense took place at 3:40 pm at a city bus stop two blocks from a high school. Pretty decent odds that guy tells all his friends he got booked for trying to take a piss. He might even say that on reddit and HN.
I think you only see the high level offenders in the stuff you can search.
And you say it occurred in the middle of the afternoon at a city bus stop. Pretty hard to do anything serious there without a million people calling 911.
It's a stupid meme. Public urination, like actually taking a piss in public while no one is around you, is likely going to be a ticket for disorderly conduct if a specific charge for it doesn't exist. You won't get an indecent exposure charge unless you're purposely exposing yourself to others, it requires intent. Sometimes flashers will use the excuse of urinating for their intentional exposure or will lie that their indecent exposure charge was due to public urination and not because they were really masturbating in plain view. There probably have been prosecutors that have tried to slap an indecent exposure charge on an innocent public urinater but like everyone else says, they can't find any proof of it actually sticking.
About 0.3% of the adult population is on registries in the US.
With 40,000 couch sales, there would be roughly 120 sex offenders would have bought that couch. You can see what I mean about the registries being bloated.
Doesn't really narrow things down until you add the brick factory, but then they already had it down to 40 houses.
But it's a mistake to even assume the couch was bought by the same house as the offender. The offender could just be visiting, or the couch could have been moved to a different house since purchase (sold second hand, or the owner moved). And you are assuming the offender had been caught before, or was even on the sex offender registry for abusing children.
> But it's a mistake to even assume the couch was bought by the same house as the offender.
It’s not a mistake, it’s a convenient assumption to make until it’s proven otherwise, especially when you have basically no other information to go on.
I have no doubt these investigators are intelligent enough to have considered that possibility.
There was an infamous case in the Netherlands were two children were horrifically attacked in a park and it turned out that TWO pedos were at that location at the time. They got the wrong one.
I think what is confusing is likely that the investigators/detectives were probably trying to make sure that the girl was actually in the house where the sex offender was registered or technically living, and not maybe kept somewhere else. A lot of detective work is building the case, but also confirming what you believe is actually true and you need the evidence to also request the warrant on factual grounds. They could have busted in the door of that house and found that there was no such brick to be found anywhere and the girl was sold off to someone else or something like that.
It’s really rather sick and deranged though that this kind of dynamic of women with children associating with sex offenders is not exactly rare. Frankly, I hope the mother was also charged.
Would you want her charged if she didn't even know?
There is nothing in the article suggesting that the mother conspired with her boyfriend, or that she even knew he was a sex offender. I can imagine a scenario where the mother blames herself for not knowing and is utterly destroyed by misplaced guilt. Who knows what actually happened? The article wasn't about that.
No, parents do not always "know" about child sexual abuse.
I cited a study about this elsethread[1]. And "Lucy" was young (no older than 12, possibly as young as 7) when the rapes began, which correlates with a reluctance to disclose.
It is possible that the mother knew, but it is far from certain. The article didn't provide that context, because it chronicled detective work that led through a different chain of clues to crack the case. An obsession over maternal guilt has arisen here in the comments that was not present in the article.
No one wants to admit that their child was raped, even if they are open to the possibility — so your assertion reduces down to "there often is a realm where they should have known".
Because the article doesn't give detail, we don't know. The mother could have forcefully spurned explicit disclosures from her daughter. She could even have participated in the abuse.
But there's also a possibility that since the perp was clever enough to hide identifying details while publishing CSAM online that he was clever enough to hide abuse from those close by.
I would condemn participation but forgive ignorance. Other commenters here will never forgive the mother no matter what.
> Would you want her charged if she didn't even know?
Yes. She is responsible for making sure her children is safe and well taken care of. I say this morally, not as a legal fact. She should know what they are up to, and she should notice if any of them are regularly abused over an interval of years.
Bringing the full weight of the legal system down on all parents whose children were harmed by third parties, regardless of whether the parents even knew anything about it, is monstrous cruelty.
> Would you want her charged if she didn't even know?
Yes? There are laws against child endangerment for a reason, and giving someone unrestricted accsss to your child without performing a basic background check very much falls into that territory.
I dunno. The skeeziest people I know would show up squeaky clean on paper, and several of the ones I trust the most have some kind of shit in their past, at least on paper.
I agree that the singling out of the mother for condemnation in this comment section is conspicuous and dismaying — thank you for pointing it out. Nevertheless, I would offer the father the same grace that I think the mother deserves, and I think you will be sympathetic.
We know little of the mother's circumstances, and we know basically none of the father's. He may not even be alive. He could be an "absentee", or even an abuser himself — we have no information. But he might also be active in Lucy's life yet tragically unaware of his daughter's plight.
> some people get put on them for nothing more than public urination
When minor offences can get people put on the register, this dilutes the meaning of being on the register.
Every actual sex offender will claim they're on there not because of the serious crimes they committed, but because they went nude on the wrong beach, or something similarly minor.
Queensland allows residents to see the details of offenders in our local area, but you need to provide extensive ID to do so, and leaking that information is itself a crime. Daniel's Law was introduced in 2025 so this is pretty recent.
The whole thing about people getting put on the sex offender registry for public urination is a myth and there's no verifiable cases of it happening. There are two cases that are relatively close. The first is James Birch, who pled guilty to indecent exposure for peeing on a Taco Bell because he was representing himself and didn't understand that meant he'd have to register as a sex offender. He realized his mistake and the court let him undo the plea and the charges were dropped. The second is Juan Matamoros, a meth dealer from Florida who claimed in the mid-2000s that the reason why he got put on the Massachusetts sex offender registry in the 80s was public urination. Due to the age of the case and Massachusetts privacy laws the court records aren't publicly available and his lawyer from the 80s responded to a request for interview about the case with "no judge I am aware of would allow someone to be put on the sex offender registry for peeing in public".
If anyone tells you that's why they're on the sex offender registry, it's extremely likely they're lying about it and you should really look them up.
It was standard practice by the police and DA in 2000s Massachusetts.
Neighbors were annoyed at loud college parties at the school I went to, so local police waited in bushes to catch people peeing in them, arrested them, and one of the charges was indecent exposure.
Happened to one person I knew personally so it must have happened to several others at just this school.
My friend plead out to some lower charge or probably got a continuance, but it massively increased the leverage they had over him and the fees and fines they could collect, and it massively lowered the chance of him doing any pushback that could have lead to a jury trial, which at least as far as he understood at the time would have put him on the registry, and which is why they abused the law and charged people this way.
Are you entitled to a jury trial for peeing in the bushes in the USA?
That isn’t the case here in Australia.
You can go to trial, but it will be a judge-only trial, and is typically conducted by the magistrate who saw you for your first appearance on the matter, in the magistrates court, which is the lowest court here.
I believe most of the colonies are approximately the same.
95% of cases are settled before reaching jury trial. Usually a plea bargain for criminal cases. Settlement for civil cases. Or dismissal. The other 5% are expensive.
Generally speaking, there are two levels of crime in the US; misdemeanors and felonies. Both will land you with a criminal record, but a misdemeanor-only record will not show up on some standard background checks and does not remove your right to bear arms or vote, for example. Felonies are much more serious, and generally mandate a minimum prison sentence of 1 year unless plead down, while the sentencing for misdemeanors generally caps out at a year and typically just gets reduced to fines and community service, or a short stint (e.g. a couple weeks) in the local jail instead of a prison.
In some states, first offense non-violent felony convictions (e.g. exceeding the speed limit while fleeing police in a vehicle) can be expunged from your record when you turn 21 (if you were convicted and served out your sentence before turning 21). Otherwise felonies generally stay with you for life.
We have civil offenses, the most common example would be minor traffic offense (speeding but not recklessly, etc). These were criminal at one time, but arresting people for minor speeding was deemed inappropriate.
Then we have misdemeanors - everything from reckless driving through basic assault (no injuries, no weapon). Usually/always <1 year in prison as the max punishment. Some financial crimes. Usually don't appear on basic background checks, but might on details checks (like when working for a bank or the government).
Then there are felonies - assault with a weapon, major financial crimes, etc. Typically >1 year prison sentences. As noted, these can impact your rights as a citizen and they will appear on most background checks.
As I mentioned in another comment, district attorneys frequently charge as many individual crimes as possible as a tactic to get cooperation/plea from the accused.
For example, you get pulled over for DUI/drink-driving. You're blotto, and you get out of your car and try to walk away. Police tackle you. The chargeable offenses would be at least...
- whatever initial infraction caused the traffic stop (speeding, swerving, whatever) - that was probably civil.
- The DUI - a misdemeanor unless it was excessive or a repeat offense
- "Fleeing and eluding" or equivalent for walking away - misdemeanor, usually.
- Assaulting a law enforcement officer (by forcing the police to tackle you) - automatic felony in many states.
The DA will often accept a guilty plea on everything up to the felony assault, or reduce the assault from "against a LEO" to normal assault (non-felony) to clear their plate.
No idea if this is common in the rest of the anglo-sphere, or anywhere else.
Unfortunately in the US we do in fact go so far as to criminalize urinating in public. It's weird to me that speeding (up to some limit) in a school zone is ranked below pissing in a shrub along the road.
I think you can get most of the benefit by just banning targeted advertising.
Require that every user must be shown the exact same ads (probabilistically). Don't allow any kind of interest or demographic based targeting for paid content.
Advertisers would still be able to place Ads on pages they know there target audience goes, but wouldn't be able to make those same Ads follow that target audience around the internet.
If the ads content depends on a social media company seeing your posts and analyzing them, it’s probably fair to say it’s targeted advertising.
Browsers typically send Accept-Language headers so you could easily return ads in languages matching that header, without having to analyze your posts.
It’s like switching on to a Spanish TV channel and getting Spanish speaking ads. It’s not targeted because you are signalling you probably understand Spanish.
Correct. The proposal is to not be able to use your posts to determine which ads to show. But showing you ads in Spanish because you’re in southern Florida or Puerto Rico would be acceptable.
Such a law will probably allow targeting based on the browser's language (browsers already send a "Accept-Language" field, doxing you with every single http request), or whatever language you have configured a website/app interface to be shown in.
But not guess a language based on the content of posts.
In this hypothetical scenario, why are you assuming in-app advertising would be any different from browser advertising? Re-read @phire’s comment above; the proposal was to get rid of targeted advertising that uses your personal data to make advertising decisions. I assumed that would apply to all advertising channels, including both web and in-app ads, otherwise you’d be right and it probably wouldn’t work.
Why are you assuming that the hosting locale is even relevant? I’m not going to ban anything, but if @phire’s idea was law, it would probably ban anything advertiser from choosing which ads to show you based on your personal data. It’s irrelevant where the ads or site is hosted, I assume. If ads from foreign countries don’t target individuals, their ads would be legal. If ads from foreign countries, or from the US, use your posts to choose which ads they think you’ll engage with, that wouldn’t be allowed under @phire’s proposal. Is @phire’s suggestion confusing?
I don’t know, maybe by not showing the targeted ads? By putting legal liability on the US based advertising channels & distributors? By making it illegal for US sites to share an individual’s tracking and history information with advertisers? I can imagine a lot of ways this might work.
Again, why are foreign sites relevant, and why does this idea seem hard to grasp?
Because the internet exists outside of the US and you can get to foreign sites on the Internet?
Do we tell US companies they can’t buy advertising on foreign sites and that those foreign sites can’t be accesed from the US?
We have an existence proof of what happens when a government tries to restrict what people can see on the internet. I live in one of the states that require porn sites to validate ID. If you add all of the sites that ignored the law completely and all of the sites that you can access via a VPN, the number you get is 100%
How has the GDPR changed the practices of any company outside of the EU? If you think the GDPR and cookie banners on every website is an argument for more government regulating, is that the argument you really want to be making?
Nearly all large U.S. corporations adhere to the data retention rules and right to delete GDPR rules for EU citizens because they also operate in the EU, and nearly all of them proactively adhere to the GDPR for US citizens just to keep things simpler. Fixating on cookie banners is naive. Here’s just one example: https://www.apple.com/legal/privacy/en-ww/governance/
Isn’t hearing some Spanish from time to time expected in Miami, whether you speak it or not? I expect to hear Spanish and I live nowhere near a coast… And you prefer that advertisers read through your posts/emails/history/everything to make ads targeted at you? If you don’t care about the risks of targeted advertising, and don’t agree with the EU’s decision to ban manipulative behavior, then the proposal we’re discussing maybe isn’t for you. But at least consider that having an ads language setting is not ruled out by this idea, so if you can’t stand Spanish, then you can have your ads in English without the advertisers reading all your posts.
I know some Spanish. But if I were an advertiser, I wouldn’t want to waste my money on ad impressions on people who couldn’t understand a word I was saying. I also as a business person who targets Spanish speaking people - like you know immigration assistance or when mask thugs think I’m here illegally when I was born in Puerto Rico (hypothetically).
So what if I have a website based out of the counter and accept advertisements? Are you going to tell ISPs to block those foreign websites?
Let me tell you a little story. The state I live in just passed a law requiring all porn sites to verify age. Guess how many porn sites not based in the US ignored the law entirely? Guess how many who did folks the law can be viewed over a VPN? If you guessed “lesser than 100% between both, you would be wrong.
Obviously sites not based in the US don’t have to follow US laws. And obviously using a VPN circumvents local laws. Again, I’m not going to do any of this, but you answered your own question: one way the US could enforce this would be to require ISPs to block targeted advertising, regardless of where the originating site is located.
No, that’s a straw man. For the fifth(?) time, whether it’s foreign or not is irrelevant, and only you suggested they’re evil. The criteria proposed was whether it’s targeted based on personal content or not, and I’m not alone in not liking where we already are in terms of privacy. Are you suggesting that we need to protect foreign advertiser’s rights to your personal content so they can target ads personalized for you? Why? Are you a foreign advertiser?
People accessing sites in other countries via VPN proves absolutely nothing. We are talking about what would happen on US based sites like Google and YouTube, sites that don’t and can’t ignore US law.
Use 0.01% of brain power? How is it that Fox News always has the buy/sell gold ads? Hyper-segmenting society into advertising bubbles is about the same as if you hyper-segmented your body into cell clumps. You need unintentional cross-pollination, otherwise there is no more society.
Humans aren't very diligent in the long term. If an LLM does something correctly enough times in a row (or close enough), humans are likely to stop checking its work throughly enough.
This isn't exactly a new problem we do it with any bit of new software/hardware, not just LLMs. We check its work when it's new, and then tend to trust it over time as it proves itself.
But it seems to be hitting us worse with LLMs, as they are less consistent than previous software. And LLM hallucinations are partially dangerous, because they are often plausible enough to pass the sniff test. We just aren't used to handling something this unpredictable.
This is a first degree expectation of most businesses.
What the OP pointed out is a fact of life.
We do many things to ensure that humans don’t get “routine fatigue”- like pointing at each item before a train leaves the station to ensure you don’t eyes glaze over during your safety check list.
This isn’t an excuse for the behavior. Its more about what the problem is and what a corresponding fix should address.
I agree. The role of an editor is in part to do this train pointing.
I think it slips because the consequences of sloppy journalism aren’t immediately felt. But as we’re witnessing in the U.S., a long decay of journalistic integrity contributes to tremendous harm.
It used to be that to be a “journalist” was a sacred responsibility. A member of the Fourth Estate, who must endeavour to maintain the confidence of the people.
And too easy on the editor who was supposed to personally verify that the article was properly sourced prior to publication. This is like basic stuff that you learn working on a high school newspaper.
The words on the page are just a medium to sell ads. If shit gets ad views then producing shit is part of the job... unless you're the one stepping up to cut the checks.
There's a weird inconsistency among the more pro-AI people that they expect this output to pass as human, but then don't give it the review that an outsourced human would get.
The irony is that while from perfect, an LLM-based fact-checking agent is likely to be far more dilligent (but still needs human review as well) by nature of being trivial to ensure it has no memory of having done a long list of them (if you pass e.g. Claude a long list directly in the same context, it is prone to deciding the task is "tedious" and starting to take shortcuts).
But at the same time, doing that makes it even more likely the human in the loop will get sloppy, because there'll be even fewer cases where their input is actually needed.
I'm wondering if you need to start inserting intentional canaries to validate if humans are actually doing sufficiently torough reviews.
Not so much in the 90s; But during 2003/2004, with a 56k modem, an unlimited dialup plan, a second phone line, software to redial when the internet dropped, and bittorrent: I was managing to download roughly 150-200MB of data per day (sometimes more)
I could download one of those 350 DivX/Xvid rips every second day. At one point, someone was posting 60MB .rmvb encodes of Stargate SG1. From memory, the quality wasn't great, but I could download 2-3 per day.
I wish I still had some of those 60MB .rmvb encodes, just so I could see exactly how bad the quality was. But I deleted them all, and they seem to have disappeared from the internet.
The "RealMedia Variable Bitrate" codec was essentially a prototype of H.264 (which is still widely used today) but predating it by a year or two.
I remember getting my hands on a rip of Titanic, burned onto 3 CD-ROMs in 1997/1998 before it was released to video. I used the CD burner at school to sell copies to other students, and got in trouble for it lol. Just having a copy of the movie before it was released was really something.
I just went through a bunch of old CDs that had DivX rips on them a couple of years ago. Binders with hundreds of CDs. I thought that they would still look decent and I was going to back them up... back to my hard drive. But no they were really terrible. I donated the binder to Goodwill, hoping that someone might find the surprise...
They were fine when you had a CRT TV to play them on, we even had a DVD player from LiteOn that would play DivX videos back then.
Blackmail an Executive? That's a complete overkill.
It's so much easier just to "recruit" the direct manager of the firmware engineering team. Convince them it's their patriotic duty to add "tracking dots" to the design requirements without drawing attention to where the requirement came from.
The engineers implementing it will assume the requirement came from somewhere above, or another engineering team. And if the executives ever notice, they will assume it came from somewhere below. Both will probably assume the legal department was responsible, and that there is some kind of law somewhere requiring them to implement that functionality.
Yea, just include "All printers bought by US government must have Tracking Dots" and Executives will move that feature to top of backlog without any other concerns.
Big company executives are easiest to control; they want money and all of it. US Government luckily has plenty of it to throw around.
As far as I can tell, Data centres in space only seem viable because their advocates insist on comparing them to standard terrestrial data centres.
And nobody ever calls them out on it.
Today's data centres are optimised for reliability, redundancy, density, repairability, connectivity and latency. Most of advertised savings come not from placing the data centre in space, but the fact that advocates have argued away the need for absolutely everything that modern data centres are designed to supply, except for the compute.
If they can really build a space data centre satellite for as cheap as they claim, why launch it? Just drive it out into the middle of the desert and dump it there. It can access the internet via starlink, and already has solar panels for power and radiators for cooling. IMO, If it can cool itself in direct sunlight in space, it can cool itself in the desert.
The main thing that space gains you over setting up the same satellite in the desert is ~23 hours of power, vs the ~12 hours of power on the ground. And you suddenly gain the ability to repair the satellite. The cost of the launch would have to be extremely cheap before the extra 11ish hours of runtime per day outweighed the cost of a launch; Just build twice as many "ground satellites".
And that's with a space optimised design. We can gain even more cost savings by designing proper distributed datacenter elements. You don't need lightweight materials, just use steel. You can get rid of the large radiators and become more reliant on air cooling. You can built each element bigger, because you don't have to fit the rocket dimensions. You could even add a wind turbine, so your daily runtime isn't dependant on daylight hours. Might even be worth getting rid of solar and optimising for wind power instead.
An actual ground optimised design should be able to deliver the same functionality as the space data centre, for much cheaper costs. And it's this ground optimised distributed design that space data centres should be compared to, not today's datacenter which are hyper-optimised for pre-AI use cases.
-------------------
Space data centres are nothing more than a cool Sci-Fi solution looking for a problem. There have been mumblings for years, but they were never viable (even bitcoin mining was a bit too latency sensitive). Space data centre advocates have been handed a massive win with this recent AI boom, it's the perfect problem for their favourite solution to solve.
But because it's a solution looking for a problem, they are completely blind to other solutions that might be an even better fit.
Not to go all Ian Malcolm, but half this comment section is spending so much time wondering if we could build a space data center, without stopping to ask if it made any goddamn sense whatsoever to do so.
You don’t even need the desert. Just put it in India and use coal power or whatever. AI training doesn’t care about latency to the data centre, so you could put it anywhere, as long as it is cheap.
I mean, I'd prefer they used some form of renewable energy.
But there should be plenty of options once you start actually optimising for the same use-case as space data centres. Many places have very predictable wind (especially off-shore, which gives you bonus access to cooling water). Or maybe you could set up small hydro power schemes along remote rivers.
After the last round of this a few weeks/months ago I realized: Assuming the investors for this are too stupid to do the figures seen here themselves is folly. So, they must be factoring in something else-
Perhaps space based DCs allow for expansion into ITAR controlled countries and/or sanctioned countries/individuals.
Maybe throw in the fact that nobody can REALLY verify system behavior once its up there. So NSA/CIA etc sure are chomping at the bit to allow it.
I'm sure there's others I haven't thought of- probably less outlandish/tinfoily as well.
By keeping the whole thing on earth we can also reclaim the gold, copper, and rare earth metals when it’s financially viable to do so, rather than just letting them burn up on reentry.
The strategies used to cool something in space are not going to work at all in the desert. The amount of solar power you'll get in the desert is orders of magnitude less, and intermittent. In the desert you will have to deal with rain, weather, and other parts of nature.
Elon has already built tons of data centers here on earth. He knows how to build them quickly. People even build them in tents these days.
The firewall on your typical IPv4 router does basically nothing. It just drops all packets that aren’t a response to an active NAT session.
If the firewall somehow didn’t exist (not really possible, because NAT and the firewall are implemented by the same code) incoming packets wouldn’t be dropped, but they wouldn’t make it through to any of the NATed machines. From the prospective any machine behind the router, nothing changes, they get the same level of protection they always got.
So for those machines, the NAT is inherently acting as a firewall.
The only difference is the incoming packets would reach the router itself (which really shouldn’t have any ports open on the external IP) reach a closed port, and the kernel responds with a NAK. Sure, dropping is slightly more secure, but bouncing off a closed port really isn’t that problematic.
NAT gateways that utilize connection tracking are effectively stateful firewalls. Whether a separate set of ‘firewall’ rules does much good because most SNAT implementations by necessity duplicate this functionality is a bit ignorant, IMO.
Meanwhile, an IPv6 network behind your average Linux-based home router is 2-3 nftables rules to lock down in a similar fashion.
It's also trivial to roll your own version of dropbox. With IPv6 it's possible to fail to configure those nftables rules. The firewall could be turned off.
In theory you could turn off IPv4 NAT as well but in practice most ISPs will only give you a single address. That makes it functionally impossible to misconfigure. I inadvertently plugged the WAN cable directly into my LAN one time and my ISP's DHCP server promptly banned my ONT entirely.
> In theory you could turn off IPv4 NAT as well but in practice most ISPs will only give you a single address
So, I randomly discovered the other day that my ISP has given me a full /28.
But I have no idea how to actually configure my router to forward those extra IP addresses inside my network. In practice, modern routers just aren't expecting to handle this, there is no easy "turn of NAT" button.
It's possible (at least on my EdgeRouterX), but I have to configure all the routing manually, and there doesn't seem to be much documentation.
You should be able to disable the firewall from the GUI or CLI for Ubiquiti routers. If you don't want to deal with configuring static IPs for each individual device, you can keep DHCP enabled in the router but set the /28 as your lease pool.
In the US many large companies (not just ISPs) still have fairly large historic IPv4 allocations. Thus most residential ISPs will hand you a single publicly routable IPv4 regardless of if you're using IPv6 or not.
We'll probably still be writing paper checks, using magnetic stripe credit cards, and routing IPv4 well past 2050 if things go how they usually do.
Went to double check what my static IP address was, and noticed the router was displaying it as 198.51.100.48/28 (not my real IP).
I don't think the router used to show subnets like that, but it recently got a major firmware update... Or maybe I just never noticed, I've had that static IP allocation for over 5 years. My ISP gave it to me for free after I complained about their CGNAT being broken for like the 3th time.
Guess they decided it was cheaper to just gave me a free static IPv4 address rather than actually looking at the Wireshark logs I had proving their CGNAT was doing weird things again.
Not sure if they gave me a full /28 by mistake, or as some kind of apology. Guess they have plenty of IPs now thanks to CGNAT.
More like even if they looked at the logs they aren't about to replace an expensive box on the critical path when it's working well enough for 99% of their customers.
I once had my ISP respond to a technical problem on their end by sending out a tech. The service rep wasn't capable of diagnosing and refused to escalate to a network person. The tech that came out blamed the on premise equipment (without bothering to diagnose) and started blindly swapping it out. Only after that didn't fix the issue did he finally look into the network side of things. The entire thing was fairly absurd but I guess it must work out for them on average.
Did you even read the second paragraph of the (rather short) comment you're replying to? In most residential scenarios you literally can't turn off NAT and still have things work. Either you are running NAT or you are not connected. Meanwhile the same ISP is (typically) happy to hand out unlimited globally routable IPv6 addresses to you.
I agree though, being able to depend on a safe default deny configuration would more or less make switching a drop in replacement. That would be fantastic, and maybe things have improved to that level, but then again history has a tendency to repeat itself. Most stuff related to computing isn't exactly known for a good security track record at this point.
But that's getting rather off topic. The dispute was about whether or not NAT of IPv4 is of reasonable benefit to end user security in practice, not about whether or not typical IPv6 equipment provides a suitable alternative.
> But that's getting rather off topic. The dispute was about whether or not NAT of IPv4 is of reasonable benefit to end user security in practice, not about whether or not typical IPv6 equipment provides a suitable alternative.
And, my argument, is that the only substantial difference is the action of a netfilter rule being MASQUERADE instead of ALLOW.
This is what literally everyone here, including yourself, continues to miss. Dynamic source NAT is literally a set of stateful firewall rules that have an action to modify src_ip and src_port in a packet header, and add the mapping to a connecting tracking table so that return packets can be identified and then mapped on the way back.
There's no need to do address and port translation with IPv6, so the only difference to secure an IPv6 network is your masquerade rule turns into "accept established, related". That's it, that's the magic! There's no magical extra security from "NAT" - in fact, there are ways to implement SNAT that do not properly validate that traffic is coming from an established connection; which, ironically, we routinely rely on to make things like STUN/TURN work!
> Dynamic source NAT is literally a set of stateful firewall rules that have an action to modify src_ip and src_port in a packet header, and add the mapping to a connecting tracking table so that return packets can be identified and then mapped on the way back.
Yes, and that _provides security_. Thus NAT provides security. You can say "well really that's a stateful firewall providing security because that's how you implement NAT" and you would be technically correct but rather missing the point that turning NAT on has provided the user with security benefits thus being forced to turn it on is preventing a less secure configuration. Thus in common parlance, IPv4 is more secure because of NAT.
I will acknowledge that NAT is not the only player here. In a world that wasn't suffering from address exhaustion ISPs wouldn't have any particular reason to force NAT on their customers thus there would be nothing stopping you from turning it off. In that scenario consumer hardware could well ship with less secure defaults (ie NAT disabled, stateful firewall disabled). So I suppose it would not be unreasonable to observe that really it is usage of IPv4 that is providing (or rather forcing) the security here due to address exhaustion. But at the end of the day the mechanism providing that security is NAT thus being forced to use NAT is increasing security.
Suppose there were vehicles that handled buckling your seatbelt for you and those that were manual (as they are today). Someone says "auto seatbelts improve safety" and someone else objects "actually it's wearing the seatbelt that improves safety, both auto and manual are themselves equivalent". That's technically correct but (as technicalities tend to go) entirely misses the point. Owning a car with an auto seatbelt means you will be forced to wear your seatbelt at all times thus you will statistically be safer because for whatever reason the people in this analogy are pretty bad about bothering to put on their seatbelts when left to their own devices.
> in fact, there are ways to implement SNAT that do not properly validate that traffic is coming from an established connection; which, ironically, we routinely rely on to make things like STUN/TURN work!
There are ways to bypass the physical lock on my front door. Nonetheless I believe locking my deadbolt increases my physical security at least somewhat, even if not by as much as I'd like to imagine it does.
The difference is that with IPv4 you know that you have that security because there is no other way for the system to work while with the IPv6 router you need to be a network expert to make that conclusion.
Look at this nftables setup for a standard IPv4 masquerade setup
table ip global {
chain inbound-wan {
# Add rules here if external devices need to access services on the router
}
chain inbound-lan {
# Add rules here to allow local devices to access DNS, DHCP, etc, that are running on the router
}
chain input {
type filter hook input priority 0; policy drop
ct state vmap { established : accept, related : accept, invalid : drop };
iifname vmap { lo : accept, eth0 : jump inbound-wan, eth1 : jump inbound-lan };
}
chain forward {
type filter hook forward priority 0; policy drop;
iifname eth1 accept;
ct state vmap { established : accept, related : accept, invalid : drop };
}
chain inbound-nat {
type nat hook prerouting priority -100;
# DNAT port 80 and 443 to our internal web server
iifname eth0 tcp dport { 80, 443 } dnat to 192.168.100.10;
}
chain outbound-nat {
type nat hook postrouting priority 100;
ip saddr 192.168.0.0/16 oiname eth0 masquerade;
}
}
Note, we have explicit rules in the forward chain that only forward packets that either:
* Were sent to the LAN-side interface, meaning traffic from within our network that wants to go somewhere else
* Are part of an established packet flow that is tracked, that means return packets from the internet in this simple setup
Everything else is dropped. Without this rule, if I was on the same physical network segment as the WAN interface of your router, I could simply send packets to it destined to hosts on your internal network, and they would happily be forwarded on to it!
NAT itself is not providing the security here. Yes, the attack surface here is limited, because I need to be able to address this box at layer 2 (just ignore ARP, send the TCP packet with the internal dst_ip address I want addressed to the ethernet MAC of your router), but if I compromised routers from other customers on your ISP I could start fishing around quite easily.
Now, what's it look like to secure IPv6, as well?
# The vast majority of this is the same. We're using the inet table type here
# so there's only one set of rules for both IPv4 and IPv6.
table inet global {
chain inbound-wan {
# Add rules here if external devices need to access services on the router
}
chain inbound-lan {
# Add rules here to allow local devices to access DNS, DHCP, etc, that are running on the router
}
chain inbound-nat {
type nat hook prerouting priority -100;
# DNAT port 80 and 443 to our internal web server
# Note, we now only apply this rule to IPv4 traffic
meta nfproto ipv4 iifname eth0 tcp dport { 80, 443 } dnat to 192.168.100.10;
}
chain outbound-nat {
type nat hook postrouting priority 100;
# Note, we now only apply this rule to IPv4 traffic
meta nfproto ipv4 ip saddr 192.168.0.0/16 oiname eth0 masquerade;
}
chain input {
type filter hook input priority 0; policy drop
ct state vmap { established : accept, related : accept, invalid : drop };
# A new rule here to allow ICMPv6 traffic, because it's not required for IPv6 to function correctly
icmpv6 type { echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept;
iifname vmap { lo : accept, eth0 : jump inbound-wan, eth1 : jump inbound-lan };
}
chain forward {
type filter hook forward priority 0; policy drop;
iifname eth1 accept;
# A new rule here to allow ICMPv6 traffic, because it's not required for IPv6 to function correctly
icmpv6 type { echo-request, echo-reply, destination-unreachable, packet-too-big, time-exceeded } accept;
# We will allow access to our internal web server via IP6 even if the traffic is coming from an
# external interface
ip6 daddr 2602:dead:beef::1 tcp dport { 80, 443 } accept;
ct state vmap { established : accept, related : accept, invalid : drop };
}
}
Note, there's only three new rules added here, the other changes are just so we can use a dual-stack table so there's no duplication of the shared rules in separate ip and ip6 tables.
* 1 & 2: We allow ICMPv6 traffic in the forward and input chains. This is technically more permissive than needs to be, we could block echo-request traffic coming from outside our network if desired. destination-unreachable, packet-too-big, and time-exceeded are mandatory for IPv6 to work correctly.
* 3: Since we don't need NAT, we just add a rule to the forward chain that allows access to our web server (2602:dead:beef::1) on port 80 and 443 regardless of what interface the traffic came in on.
None of this requires being a "network expert", the only functional difference in an actually secure IPv4 SNAT configuration and a secure IPv6 firewall is...not needing a masquerade rule to handle SNAT, and you add traffic you want to let in to forwarding rules instead of DNAT rules.
Consumers would never need to see the guts like this. This is basic shit that modern consumer routers should do for you, so all you need to think about is what you want to expose (if anything) to the public internet.
Content farms, whether AI generated or not their incentive is to pump out low quality high output. Most of their content even it involves a human narrator are heavily packed with AI generated media.
I also notice that people with lots of experience with computers will automatically reboot when they encounter minor issues (have you tried turning it off and on again?).
When it then completely falls apart on reboot, they spend several hours trying to fix it and completely forget the "early warning signs" that motivated them to reboot in the first place.
I've think the same applies to updates. I know the time I'm most likely to think about installing updates is when my computer is playing up.
I try to do the opposite, and reboot only as a last resort.
If I reboot it and it starts working again, then I haven't fixed it at all.
Whatever the initial problem was is likely to still present after reboot -- and it will tend will pop up again later even if things temporarily seem to be working OK.
> Whatever the initial problem was is likely to still present after reboot
You only know this after the reboot. Reboot to fix the issue and if it comes back then you know you have to dig deeper. Why sink hours of effort into fixing a random bit flip? I'll take the opposite position and say that especially for consumer devices most issues are caused by some random event resulting in a soft error. They're very common and if they happen you don't "troubleshoot" that.
The registers are also massively bloated, some people get put on them for nothing more than public urination.
The only sex offenders who actually get regular checks that might identify this type of thing, are those on parole, or similar court ordered programs.
reply