We need a system like a RockChip processor based single board computer, paired with a trusted protection module, and all fediverse services prepackaged for minimal user input required to self host any fediverse services. All updates should be safely installed over the air via the TPM chip based encryption just like with Graphene OS. All of the necessary connections should be preconfigured to punch a hole for the port into the internet. The hardware should be completely locked down with an immutable base system and SE Linux fully configured. There shouldn’t be any accommodations for obscure edge cases outside of the base configuration. It should not require any further payment or services.
A RockChip RK3588 is fully documented with a 3k3 page long full datasheet. As I understand it, this chip is open hardware, though it still has the ARM proprietary blob (TrustZone), similar to the x86_64 Intel Management Engine, and AMD Platform Security Processor. I have not heard of a similar system present in RISC-V processors, but I also have not seen RISC-V SBCs that are more than alpha prototype dev kits. Unlike other single board computers, the RK series has the documentation required for community based Linux kernel support. No one could pull kernel support that they are the only ones providing using a proprietary datasheet.
There are many RK3588 single board computers available for around $100 already. As a back of the napkin quality idea using baseless imaginary statistics, I bet we could get around 3-5% of regular users to purchase hardware within a year if it was within a $250 price point. This should be set up for one click image and video hosting, threadiverse, mastodon, file sharing, git, blogging, etc.
This is way outside of the scope of a project I am qualified to manage; I am no real developer, just a sloppy hacker type. I’d volunteer to do a hardware design, or at least the bulk of the tedium for someone more experienced with production stuff to review. I would not mind playing the glue between those that have more limited time. If LW has 6k plus active daily users, and 3-5% of these purchased the hardware, the rough margins are nowhere near a viable business. Still, something in the back of my head says the only thing actually impeding internet freedom with the fediverse is the challenge of self hosting, and this is like the issue that Android addressed with mobile hardware. If people could one-time purchase the hardware, and only pay for their regular internet connection, I think they would buy straightforward honest open hardware they fully own.
I don’t know if it is possible, or if the fediverse projects would participate in some kind of automatically updated end point. This was just a fantasy shower thought that I have been mulling over all day. It addresses all of my personal hesitations and insecurities about self hosting, and is simple enough I can imagine my techno illiterate family giving it a try. It is the kind of project I would like to be a part of.
What’s the encryption and signing on a hardware level for? I mean dependent on what’s that good for and who controls it, it’s trusted computing, or treacherous computing as Stallman calls it…
(I mean it’s not working out great for GrapheneOS either. Back in the day I had a phone I owned, with privacy features added and alternative background services so I had a pretty much Google-free experience. These days it’s all locked down, I hand out my private metadata to Google, can barely ride a train without, or get a discount in the supermarket. I can’t do backups and I’m f***ed if I want to cross a border to a more restrictive country because these guys are in on it as well. They’re probably going to use it to limit what I can install. And more and more manufacturers lock down bootloaders etc and I thought we were past this. Graphene itself advised me to switch to proprietary code in the name of security and they’ll have a look at the code later, once Google eventually releases it. All of this is due to (or related to) these security measures working way too well and that’s also why they’re being used. I wish my phone didn’t have a TPM but a simple disk encryption like LUKS on Linux instead. And I don’t see many reasons why we should copy these very bad dynamics.)
I think the overall idea is nice, though. We had these project ideas to just plug in a box and be self sufficient in the self-hosting community since the SheevaPlug. Or the FreedomBox. There are some hardware projects as well like the Home Assistant Green or back in 2019 they tried to sell a Pioneer-FreedomBox. None of those match exactly with your proposal, but I think they’re pretty close. Maybe get in touch with them and see if you can participate in a new iteration, or read about their past experience with the proposed target audience. Especially FreedomBox seems like a good fit to me. They’re not very loud, but afaik still around. And they’re Free Software nerds, which seems to align with your idea, minus the locking it down and transferring control to other parties via the TPM.