Come on, don't hand wave over the obvious. Think about how much it would actually cost to run a social media website that competes with the big social media on the core product of sharing and communicating with friends. It would be extremely realistic to build something that's both free and sustainable with just regular ads, as was done decades before.
(EDIT: to clarify, I don't mean to build an alternative monopoly, I mean to build alternatives that are big enough to survive as a business, and big enough to be useful; A few million users as opposed to the few billions Facebook and Youtube (allegedly) have)
The reason it's hard to imagine such a thing today is because the tech giants have illegally suppressed competition for so long. If Google or Meta were ordered to break up, and Facebook/Youtube forced to try and survive as standalone businesses, all the weaknesses in their products would manifest as actual market consequences, creating opportunity for competitors to win market share. Anybody with basic coding skills or money to invest would be tripping over themselves to build competing products which actually focus on the things people want or need, because consumers will be able to choose the ones they like.
> Think about how much it would actually cost to run a social media website that competes with the big social media on the core product of sharing and communicating with friends.
It would cost tons man. You don't understand the scale these apps operate on at all. Meta has their own data center footprint that rivals AWS or any other cloud company and they had that before AI, and it's not just all to run ads on. On demand photo and video streaming and storage for free for all of humanity is incredibly expensive.
Social media with only millions of users is basically worthless because it won't capture enough of an average person's circle to be useful to them
> On demand photo and video streaming and storage for free for all of humanity is incredibly expensive.
Maybe you missed my edit? I specifically said not a clone of the monopolies, but a competitor big enough to be a sustainable business. The economics of a monopolist's empire are irrelevant.
> Social media with only millions of users is basically worthless because it won't capture enough of an average person's circle to be useful to them
There's so much wrong with this statement. First of all, I will never meet anywhere near a million people in my lifetime. A regular human being's real social connections won't be anywhere near that big.
But even if it is (or users want to discover/follow random people), it doesn't take a computer science genius to discover how to interoperate between social networking apps. Meta and Google would never do this, but that's because they're anti-competitive monopolists; if you're a startup trying to gain marketshare and win on your product's quality, interop with other networks is a no brainer. We probably don't even need regulation to require interop, as the market will see it as a useful thing to develop on its own.
Sounds like you're applying scifi tropes to real life. Don't do that. That's why some people are developing "AI psychosis" today after playing with LLMs.
The fear is that we don’t really understand what causes consciousness. I think that’s a valid fear, because we can’t know ahead of time whether we will inadvertently create a “person” inside the machine.
Unless your proposition is that no collection of human neurons outside of live birth can become sentient, and I’m not sure how you’d arrive at that conclusion without invoking some kind of spiritual argument.
> Realistically for a home server what you are worried about is someone breaking in and selling your drives on Facebook marketplace
If someone steals the entire machine, the drives will unlock themselves automatically. I don't think it's worth the risk to assume a hypothetical thief is too lazy to check if there's any valuable data on the disks. At the very least, they'll probably check for crypto wallets.
With something like Clevis and Tang, you can set it up so it only auto unlocks while connected to your home network, or do something more complex as needed
The hope with the TPM is that the system boots to a standard login screen, and the thief doesn't know any user's password. Much like someone snatching a laptop that's in 'suspend' mode.
Of course, a thief could try to bypass the login screen by e.g. booting with a different kernel command line, or a different initramfs. If you want to avoid this vulnerability, TPM unlock can be configured as a very fragile house of cards - the tiniest change and it falls down. The jargon for this is "binding to PCRs"
TPM is good when combined with secureboot and these hashes being part of the attestation, that eliminates initramfs swapping.
Still with Physical access being a factor bustapping can happen, ftpm - if available - is much harder to crack then than a discrete module.
The fallback is you have to manually unlock the drive, the same as you did without a TPM. But the benefit is while things remain unchanged, the system can reboot itself.
You can reduce the frequency with which things change by adding an additional layer before the "real" kernel is loaded. A minimal image that does nothing but unlock any relevant secrets, verify the signature of the next image, and then hands off control.
They will unlock in to a password protected system. Unless the junkie who stole your server has an unpatched debian login bug, this won't be much use to them. If they remove the drive or attempt to boot off a USB, the drive is unreadable.
What's the difference when booting off a USB drive? That's been my goto in the past when I forgot my login password; does the TPM only unlock boot devices?
Generally you'll have your drive only unlock against certain PCRs and their values. It depends on which PCRs you select and then how exactly they are measured.
E.g. systemd measures basically everything that is part of the boot process (kernel, kernel cli, initrd, ...[1]) into different PCRs, so if any of those are different they result in differen PCR values and won't unlock the boot device (depending on which PCRs you decided to encrypt against). I forgot what excatly it measures, but I remember that some PCRs also get measured during the switch_root operation from initrd -> rootfs which can be used to make something only unlock in the initrd.
The TPM holds the decryption keys and will unlock as long as all checks pass. Booting off the previously registered drive/kernel being one of them.
If this fails you can always manually input the decryption key and reregister with the TPM. The whole point of this setup is you can't just use a bootable USB to reset the devices password.
If properly configured and the TPM implementation is good, no it shouldn't unlock the drive. Changing boot devices, and depending on how configured even changing boot options, can prevent the TPM from releasing the key and require a recovery key.
This is pretty much exactly why copyright laws came about in the first place. Why bother creating a book, painting, or other work of art if anyone can trivially copy it and sell it without handing you a dime?
I think refusing to publish open source code right now is the safe bet. I know I won't be publishing anything new until this gets definitively resolved, and will only limit myself to contributing to a handful of existing open source projects.
There is an app called Be My Eyes where blind people can use the app to be connected to someone who can see and ask questions. An example might be, “is this a red or brown sweater.”
It actually looks like it added AI functionality, so not every question goes out to a live helper, but they still do have that option.
Something like the Meta glasses could mean a lot less reliance on app that reach out to actual people, or looking for the phone all the time, for day-to-day help with things like this.
Trust me bro this API is just temporary, soon™ they'll be able to do everything without help... I just need you to implement this one little API for now so NON-VISIONARY people can get a peek at what it'll look like in 3 months. PLEASE BRO.
reply