EFF is more like classical liberal. They generally oppose regulation of speech/tech and oppressive laws like DMCA 1201 (anti-circumvention) but promote things in the nature of antitrust like right-to-repair. Everything is required to be crammed into a box now so that often gets called "left" because the tech companies (also called "left") have found it more effective to pay off the incumbents in GOP-controlled states when they don't like right-to-repair laws, although Hollywood ("left" again) are traditionally the ones pressuring Democrats to sustain the horrible anti-circumvention rule when they're in power.

It turns out trying to fit everything into one of two boxes is pretty unscientific.

In practice they essentially got replaced with the Model 3 and Y, which didn't exist when the models being discontinued first came out.

It's because of the decline in battery prices. When the Model S came out, an electric car with that range had to be that price. Now it's overpriced for what it is so they'd either need to design one which is significantly more premium while still selling into an inherently lower volume market segment, or lower the price to reflect the current battery costs and then have it be too close to the Model 3.

What they really need to do is continue to move down, i.e. release a subcompact with less range than the Model 3 but on the cheap.

Or build a truck people actually want.

If the whole thing goes through the computer then there are lots of new ways to fail. Steering wheel position sensor goes bad on the highway? Computer gets bad data. Control wires get disconnected or damaged? No data. Completely unrelated wires get shorted and fry the computer? No steering. Anything pops the wrong fuse? No power, no computer or steering motors.

Some of those can be mitigated with redundancy but you're still vulnerable to common causes. You have three position sensors and someone dumps their beverage down the steering column, are there any left and do you have any good way to determine which one(s)? The vehicle took some minor damage allowing water to get somewhere it's not intended to, any way to guarantee you're not about to lose both sides of a redundant electrical system the next time it goes through a puddle infused with conductive road salt?

Content generation is the thing copyright applies to. If you want to create a reward system for verification, it's not going to look anything like that.

It mostly looks like things we already have, like laws against pretending you're someone else to trade on their reputation so that people can build a reputation as trustworthy and make money from subscriptions or ads by being the one people to turn to when they want trustworthy information.

> However, people are happy to consume unverified content which suits their needs. This is why you always needed to subsidize newspapers with ads or classifieds.

I suspect the real problem here is the voting thing. When people derive significant value from information they're quite willing to pay for it. Wall St. pays a lot of money for Bloomberg terminals, companies pay to do R&D or market research, individuals often pay for financial software or games and entertainment content etc.

But voting is a collective action problem. Your vote isn't very likely to change the outcome so are you personally going to spend a lot of money to make sure it's informed? For most people the answer is going to be no, so we need something that gives them access to high quality information at minimal cost if we want them to be informed.

Annoyingly one of the common methods of mitigating collective action problems (government funding) has a huge perverse incentive here because the primary thing we want people to be informed about is political issues and official misconduct, so you can't give the incumbent politicians the purse strings for the same reason the First Amendment proscribes them from governing speech.

So you need a way to fund quality reporting the public can access for free. Advertising kind of fit but it never really aligned the incentives. You can often get more views by being entertaining or inflammatory than factual.

The question is basically, who can you get to supply money to fund factual reporting for everyone, whose interest is for it to be accurate rather than biased in favor of the funder's interests? Or, if that's not a thing, whose interests are fairly aligned with those of the general public? Because with that you can use a patronage model, i.e. the content is free to everyone but patrons choose to pay money because they want the work to be done more than they want to not pay.

The obvious answer for "who" is then "the middle class" because they're not so poor they can't pay a few bucks while still consisting of a large diverse group that won't collectively refuse to fund many classes of important reporting. But then we need two things. The first is for the middle class to not get hollowed out, which we're not doing a great job with right now.

And the second is to have a cultural norm where doing this is a thing, i.e. stop teaching people illiterate false dichotomy nonsense where the only two economic camps are "Soviet Communism" in which the government is required to solve everything through central planning and "greed is good" where being altruistic makes you a doofus for not spending all your money on blackjack and cocaine. People rather need to be encouraged to notice that once their basic needs are met, wanting to live in a better world is just as valid a use for free time and disposable income as designer shoes or golf.

That literally is what centralization means:

> cen·tral·i·zation: the concentration of control of an activity or organization under a single authority.

I mean people try to motte and bailey this all the time. You have someone proposing or defending a monopoly by putting it up against the false dichotomy alternative where no party trusts any other party whatsoever and then everyone is required to do everything on their own because no delegation is possible.

There is an alternate which is neither of those things, and it's a competitive market. You have neither a single authority nor the total absence of trust. Instead there are numerous alternatives that each try to maintain a good reputation for themselves because people can choose freely among them without their choice being coerced by tying it to numerous otherwise-unrelated factors.

Notice how this is importantly different. If you have a PC, you can install Debian or Arch or Windows; if you install Debian, you can install software with apt or flatpak or snap; if you use apt, you can use the official repositories or numerous third party ones. If you have an iPhone, you get iOS and you get Apple's store and everything else is anti-competitively excluded.

Notice that if they can modify/replace the device without you noticing then they can leave you one that displays the same unlock screen as the original but sends any credentials you enter to the attacker. Once they've had physical access to the device you can't trust it. The main advantage of FDE is that they can't read what was on a powered off device they blatantly steal, and then the last thing you want is for the FDE key to be somewhere on the device that they could potentially extract instead of on a remote system or removable media that they don't have access to.

Then you tether to your phone or visit the local library or coffee shop and use the WiFi, or call into the system using an acoustic coupler on an analog phone line or find a radio or build a telegraph or stand on a tall hill and use flag semaphore in your country that has zero cell towers or libraries, because you only have to transfer a few hundred bytes of protocol overhead and 32 bytes of actual data.

At which point you could unlock your laptop, assuming it wasn't already on when you lost internet, but it still wouldn't have internet.

> The OS can verify everything being executed prior to its startup back to a trusted root.

Code that asks for the hashes and verifies them can do that, but that part of your OS was replaced with "return true;" by the attacker's compromised firmware.

So the apt binary on your system comes with the public keys of the Debian packagers and then verifies that packages are signed by them, or by someone else whose keys you've chosen to add for a third party repository. They are the pre-established root of trust. What is obtained by further centralization? It's just useless indirection; all they can do is certify the packages the Debian maintainers submit, which is the same thing that happens when they sign them directly and include their own keys with the package management system instead of the central authority's, except that now there isn't a central authority to compromise everyone at once or otherwise introduce additional complexity and attack surface.

> PKIs like the Web PKI mediate this by having multiple central authorities (each issuing CA) and forcing them to engage in cryptographically verifiable audibility schemes that keep them honest (certificate transparency).

Web PKI is the worst of both worlds omnishambles. You have multiple independent single points of failure. Compromising any of them allows you to sign anything. Its only redeeming quality is that the CAs have to compete with each other and CAA records nominally allow you to exclude CAs you don't use from issuing certificates for your own domain, but end users can't exclude CAs they don't trust themselves, most domain owners don't even use CAA records and a compromised CA could ignore the CAA record and issue a certificate for any domain regardless.

> It's worth noting that the kind of "small trusted keyring" topology used by Debian, Arch, etc. is a form of centralized signing. It's just an ad-hoc one.

Only it isn't really centralized at all. Each package manager uses its own independent root of trust. The user can not only choose a distribution (apt signed by Debian vs. apt signed by Ubuntu), they can use different package management systems on the same distribution (apt, flatpak, snap, etc.) and can add third party repositories with their own signing keys. One user can use the amdgpu driver which is signed by their distribution and not trust the ones distributed directly by AMD, another can add the vendor's third party repository to get the bleeding edge ones.

This works extremely well. There are plenty of large trustworthy repositories like the official ones of the major distributions for grandma to feel safe in using, but no one is required to trust any specific one nor are people who know what they're doing or have a higher risk tolerance inhibited from using alternate sources or experimental software.

But then you're screwed regardless. They could extract the FDE key from memory, re-encrypt the unlocked drive with a new one, disable secureboot and replace the kernel with one that doesn't care about it, copy all the data to another machine of the same model with compromised firmware, etc.

If your threat model is Iran and you want the device to boot with no internet then you memorize the long passphrase.

> heavily monitored internet (e.g. China, USA)? It's probably easy enough for the government to snoop your connection metadata and seize the physical server.

The server doesn't have to be in their jurisdiction. It can also use FDE itself and then the key for that is stored offline in an undisclosed location.

> no security at all against hardware implants / base firmware modification. Secure Boot can cryptographically prove to the OS that your BIOS, your ACPI tables and your bootloader didn't get manipulated.

If your BIOS or bootloader is compromised then so is your OS.

Except that it's on the encrypted partition and the attacker doesn't have the key to unlock it since that's on the removable media with the boot loader.

They could write garbage to it, but then it's just going to crash, and if all they want is to destroy the data they could just use a hammer.

Both of these are super easy to solve without secure boot: The device uses FDE and the key is provided over the network during boot, in the laptop case after the user provides a password. Doing it this way is significantly more secure than using a TPM because the network can stop providing the key as soon as the device is stolen and then the key was never in non-volatile storage anywhere on the device and can't be extracted from a powered off device even with physical access and specialized equipment.

You also have the verification happening in the right place. The person who maintains the Arch curl package knows where they got it and what changes they made to it. Some central signing authority knows what, that the Arch guy sent them some code they don't have the resources to audit? But then you have two different ways to get pwned, because you get signed malicious code if a compromised maintainer sends it to the central authority be signed or if the central authority gets compromised and signs whatever they want.

The analogy seems to be backwards though. It would be as if we previously had a scarcity of land and because of that divided it up into private property so markets could maximize crop yield etc. and then someone came up with a way to grow food on asteroids using robots, and that food is only at the 20th percentile of quality but it's far cheaper. Suddenly food becomes much more abundant and the people who had been selling the 20th percentile food for $5 are completely out of the market because the new thing can do that for $0.05, and the people providing the 50th percentile food for $10 are also taking a hit because the price difference between what they're providing and the 20th percentile stuff just doubled.

The existing plantation owners then want to put a stop to this somehow, or find a way to tax it, but arguments like this have a problem:

> Why would a writer put an article online if ChatGPT will slurp it up and regurgitate it back to users without anyone ever even finding the original article?

This was already the status quo as a result of the internet. Newspapers were slowly dying for 20 years before there was ever a ChatGPT, because they had been predicated on the scarcity of printing presses. If you published a story in 1975 it would take 24 hours for relevant competitors to have it in their printed publication and in the meantime it was your exclusive. The customer who wants it today gets it from you. On top of that, there weren't that many competitors covering local news, because how many local outlets are there with a printing press?

Then blogs, Facebook, Reddit and Twitter come and anyone who can set up WordPress can report the news five minutes after you do -- or five hours before, because now everyone has an internet-connected camera in their pocket so the first news of something happening now comes in seconds from whoever happened to be there at the time instead of the next morning after a media company sent a reporter there to cover it.

The biggest problem we have yet to solve from this is how to trust reports from randos. The local paper had a reputation to uphold that you now can't rely on when the first reports are expected to come from people with no previous history of reporting because it's just whoever was there. But that's the same thing AI can't do either -- it's a notorious confabulist.

And it's the media outlets shooting themselves in the foot with this one, because too many of them have gotten far too sloppy in the race to be first or pander to partisans that they're eroding the one advantage they would have been able to keep. Damn fools to erode the public's trust in their ability to get the facts right when it's the one thing people would otherwise still have to get from them in particular.

Bitcoin has the same problem. There is no inherent reason you can't have a cryptocurrency where there is no maximum number of coins to ever be mined and instead the limit is that mining them requires a fixed amount of computation.

That would give you the characteristics you want from a medium of exchange, because there is a rate limit on how much can be created (doing so requires e.g. electricity). Then the value is relatively stable, if you accept it as payment on Monday it would still be worth around the same amount on Friday, but the long-term result is a slow reduction in value on multi-year timescales as compute gets cheaper, so you don't get the speculation that results in high volatility and it doesn't strongly compete with real economic activity for investment resources.

The argument you'll get from goldbugs and whatever is that nobody would want a currency which is inherently inflationary like that, but that's clearly contrary to evidence. Most government currencies are inflationary, even on purpose, and it doesn't matter as long as the rate of inflation isn't so high that people holding it transiently for use as a medium of exchange are losing a significant amount in that short period of time. Especially when the rate of inflation is predictable (the rate at which computers get faster is reasonably consistent) so that anyone entering into a long-term contract denominated in that currency can reasonably predict its future value on the delivery date. Or people could just use it as a medium of exchange and denominate their contracts in something else.

The name for that is deflation.

The problem here is, what if the demand for dollars increases?

In principle the US would get more gold and mint more currency, but gold is a finite resource. "All the gold ever mined" is around 200,000 metric tons, ~32k troy ounces per metric ton is ~6.4B troy ounces.

In 2022 (just before the recent gold rally) the price was ~$2000 per troy ounce, i.e. "all the gold" was worth ~$13T. Meanwhile the M3 money supply in the same year was ~$20T. What happens if you try to buy $20T worth of gold to mint currency when only $13T worth has ever been mined, and not all of that is even on the market? The answer is that you can't, so instead the result is deflation, which is bad.

Or to put it a different way, what do you think the economic effect of the recent gold rally would be for a country whose currency was still pegged to gold? It just got way cheaper to import foreign products than buy domestic ones, and way more expensive for foreign countries to buy your exports, so how's the unemployment rate looking? The amount everyone owes on their mortgage hasn't changed but the nominal value of their houses just got cut in half so now they've lost their jobs and are underwater. What happens when they start to default and foreclosures don't allow the banks to recover the principal?

There are also other reasons to do it, like if you want a device on the local network to be accessible via HTTPS. Getting the certificate these days is pretty easy (have the device generate a random hostname for itself and get a real certificate by having the developer's servers do a DNS challenge for that hostname under one of the developer's public domain names), but now you need the local client device to resolve the name to the LAN IP address even if the local DNS refuses to resolve to those addresses or you don't want the LAN IP leaked into the public DNS.

Or the app being installed is some kind of VPN that only provides access to a fixed set of devices and then you want some names to resolve to those VPN addresses, which the app can update if you change the VPN configuration.

How about, sell the product without restricting retailers from replacing the vendor's browser with another one, or give the customer a choice which browser they want the same as they choose how much RAM they want etc.

> And famously what bankrupted Netscape was because it “did things you should never do”.

Internet Explorer was bundled with Windows 95. The Netscape release before they attempted to rewrite was released in 1997. The rewrite was a failed attempt to make their browser good enough that people would pay for it when Microsoft was already bundling IE with Windows.

> And there has never been a point that Microsoft had to unbundle their browser in the US and there was never a browser choice screen.

Indeed, Microsoft successfully paid off the Bush administration to settle the case for a slap on the wrist after they'd already been found guilty by the court.

> This is about as bad of an argument as saying that Fors ties its motor to its cars or Nintendo forcing you to use their OS with their consoles.

Ford will happily sell you a motor without an entire car, or a frame or any other part of the car without a motor. Nintendo is forcing you to use their OS with their consoles.

> Force Apple to create versions of its operating systems that run on other computers?

This makes it sound like it's someone making Apple do something instead of Apple making someone do something.

What stops you from running macOS in qemu or a virtual machine on any non-Apple hardware with the same architecture? What stops Samsung from writing iOS drivers and offering iOS on Galaxy phones? Only Apple's refusal to sell it to you without making you also buy hardware.

> Anyone is free to choose an x86 PC and 90% of the market does

60% of phones in the US are iOS.

> Firefox is also free to bundle an ad blocker with Firefox even if it does use WebKit and when you download Firefox for iOS - they get money from searches.

The Firefox ad blockers are extensions, e.g. uBlock isn't from Mozilla, but the ability to use it is a reason to use Firefox. The iOS browsers can't use extensions. Then you can't use uBlock on iOS and fewer people use Firefox.

> Absolutely no computer operating system comes bundled with Chrome besides ChromeOS

Android. And then people who want to use the same browser on desktop and mobile for sync.

> yet Chrome still has the majority of the market share on desktop computers. Firefox competes with Chrome on an equal playing field on computers - people choose Chrome

Chrome is made by the largest advertising company in the world. For years if you opened google.com, gmail or their other services in a non-Chrome browser you would get a huge banner imploring you to install Chrome. This was a successful strategy to overcome the inertia of the default browser on desktop operating systems, but Mozilla never had anything like that available to them, and then the two-front assault from Microsoft/Apple on one side and Google on the other resulted in declining Firefox market share and correspondingly declining revenue with which to improve it.

Mozilla the organization also suffers from significant mismanagement, but that doesn't explain why no one has been able to establish a popular fork or new independent browser, whereas the OS vendors successfully impeding anyone who can't command the equivalent of billions in advertising explains it really well.

The rest of the service isn't. Transit is a fairly competitive market. You may also have providers willing to use more expensive terminating equipment and then offer higher-than-gigabit speeds on the same piece of fiber. You want the competitive market for every aspect of the system where it can work and to keep the monopoly as narrow as possible.

Notice that the point isn't to let just Comcast use the municipal fiber and then get ~100% of the customers again, it's to let this happen with fiber to the home:

https://en.wikipedia.org/wiki/List_of_mobile_virtual_network...