Sam :verified:
Fucking Christ the @protocol is the most obtuse crock of shit I've ever looked at. It is complex solely for the sake of being complex and still suffers from *all* of the same problems as Mastodon.
Your server goes down? Sorry, all of your followers are lost. Account portability is no better than Mastodon. 'DIDs' serve literally no purpose. And none of the API code that Bluesky uses in their own app validates ANY of the crypto they're doing on the server. NONE OF IT.
Sam :verified:
Obviously mastodon isn't perfect, I don't think it is. There's definitely a general 'NIMBY' vibe here of "this is how things are and we refuse to change", and we have work to do to fix that.
But I think what's key is to keep an anticapitalist mindset. We can make things easier for users without allowing in what makes social media so fucking awful: capitalism.
Sam :verified:
There's a fundamental lack of trust in people with these protocols. That's exactly it.
Crypto assumes that everyone is an attacker and that nobody can be trusted, and so we need 'proof' of your actions.
Bluesky assumes the same, that you should have to prove that each social media post is yours cryptographically.
And the fact is just that that's not necessary. Mastodon's system works while requiring trust, and it scales remarkably well in an anticapitalist way.
Sam :verified:
I think the fundamental reason why we keep seeing more and more bullshit protocols and projects pop up like this is one fundamental mindset: a refusal to attribute the problems of the modern internet solely to capitalism.
The fact is that our protocols we have today generally work pretty great. The choice of protocols hasn't made the internet what it is today. It's the fact that unrestrained, late-stage neoliberal capitalism is reaching its logical conclusion: corporate control of commons.
feld
Maxi 10x 💉
@sam You’ve made an excellent analysis here! I recommend you to blog this standalone as a blog article. Would be better to link to on Twitter and … Bluesky, I guess? The message that the protocol is designed around a main instance etc. is very important.
Sam :verified:
WHY DOES A FEDERATION PROTOCOL NEED USER AUTH API METHODS IN IT???? WHY DOES A FEDERATION PROTOCOL NEED A CONCEPT OF 'INVITE CODES'??????
Oh wait, BECAUSE IT ISN'T A FEDERATION PROTOCOL!!! It's literally JUST the API for Bluesky. That's it.
It's quite literally impossible to use this in more flexible environments. You just can't. You cannot build anything on this because it is so poorly designed and isn't generic enough.
Sam :verified:
And because things must be strongly consistent, AND because any user can REWRITE THEIR OWN FUCKING HISTORY AT ANY TIME, you have to, as an indexer, account for lots of different edge cases where your recorded history diverges.
The protocol for federation is built to make federation as difficult and painful as possible. It is built so that Bluesky, the private company that makes the protocol, is the only 'indexer', the only one with a whole view of the network.
Sam :verified:
Not only that, but instead of just... making a simple Rest API spec or something simple, they REINVENTED THE FUCKING WHEEL and made 'XRPC' and 'Lexicon', AKA a shittier, less flexible version of OpenAPI and JSON Schema (respectively) that works with absolutely NO existing tooling.
Sam :verified:
The actual protocol itself is poorly confused and incredibly awfully designed. Because of the useless bullshit crypto they're putting into it, it requires you to write a server that's strongly consistent with other servers. THAT IS EXTRAORDINARILY HARD TO DO!! And BLUESKY'S OWN SERVERS DON'T HANDLE THE EDGE CASES!!!
It uses pull-based federation instead of push-based like Mastodon. You have to write a separate 'indexer' that has your 'feed' on it. That requires a LOT more resources.
Sam :verified:
@mmasnick @husbandpanda That alone should be enough to tell you that these people don't know what they're doing. But even if you go back to basic stuff like the DID:PLCs, it's literally just shittier DNS. And the crypto is 'necessary' because of that shittier DNS that does nothing and serves no purpose. And there is not a single thing in their FAQ about ActivityPub that is accurate or true.
Mike Masnick ✅
@husbandpanda i read it earlier. some interesting points. but in my experience it's not "crypto idiot" thinking. they have a plan, and explored lots of tradeoffs. there were reasons for the decisions they made. they've been pretty open about them.
Sam :verified:
@mmasnick @husbandpanda Thanks for reading! The entire point is that those reasons are circularly justified and are not valid.
The sole thing you need to know is that instead of just doing an OpenAPI spec, which is the standard for documenting HTTP APIs, they invented their own that has no language support and can be expressed as a subset of OpenAPI + JSON Schema!
husbandpanda
@sam @mmasnick it's worth reading Sam 's analysis of bluesky. It's got the same crypto idiot bigbrain problems I see with lots of shitty crypto things.
Sam :verified:
Also I don't care if I'm spreading FUD or if I'm wrong on some of this stuff. I spent an insane amount of time reading the docs and looking at implementation code, moreso than most other people.
If I'm getting anything wrong, it's the fault of the Bluesky authors for not having an understandable protocol and for not bothering to document it correctly.
Admin
@Loukas @sam @failedLyndonLaRouchite
Yep, people are lifting the lid and finding smoke and mirrors - I hope we are not wasting our focus and time on Fear, uncertainty, and doubt with this.
On a positive note, the “protocol wars” - has pushed creativity in the #activertypub world and siphoned off some of the worst #fahernistas to the other networks. Let’s keep planting #openweb spaces to become more of what we need, #4opens in the era of #climatechaos
Loukas Christodoulou
@witchescauldron @sam @failedLyndonLaRouchite In a time when more and more countries are worried about cybersecurity, and public institutions are being told to harden up against cyberwarfare I hope that these institutions will choose the most robust and resillient options. Maybe only after a few security scares elsewhere.
Admin
@Loukas @sam @failedLyndonLaRouchite
I think they will look more at the #dotcons smelling #bluesky than the wildflower smelling #ActivityPub as culture pushes over tech, and we are working in a broken culture. Not saying the #openweb is bad, just it's a hard sell to head down #deathcult worshippers, this is why we have #bluesky they are selling, it's not tech.
Loukas Christodoulou
@sam @failedLyndonLaRouchite Something I wonder about, given your analysis. When public institutions think about where to host their own social media, they will want as much control over the process as possible. Does this mean they and the technical people who are advising them will feel more comfortable using activity pub
Sam :verified:
@failedLyndonLaRouchite @Loukas The reason this matters is that it poses a very real threat to the existence of a Fediverse. The Fediverse allows you to follow and communicate with people *across social networks*. And this protocol completely removes the ability to do that.
If this gains popularity, it has the potential to become the norm, and that would not be a good thing. Because that interoperability aspect would be lost.
OddOpinions5
Dear Mr Wright
for the 99% of social media users who, like me, don't really understand any of this:
Does this matter in any real way to users like me ?
remember, revealed preference is that almost no one actually cares about privacy, although things like time to load a webpage are imp
Sam :verified:
@failedLyndonLaRouchite @Loukas I think the thing to take out of all of this is that, objectively, the functionality the Bluesky authors wanted could've been built on ActivityPub. And that would've allowed it to interact with Mastodon and the rest of the Fediverse.
But they specifically built this in a way so that it doesn't do that. Meaning that I can't follow my friends on Bluesky, and they can't follow me. There is no good reason for them to have done that.
Sam :verified:
@Loukas It is just extraordinarily complicated and not immediately obvious how to build one. ActivityPub allows you to build a 'feed' however you want in your app, but Bluesky requires a certain structure and way of pulling information in. The way you get all the posts is extraordinarily resource intensive and complicated to write correctly (because it needs to be consistent), which will make it so that there are few community-based alternatives.
Loukas Christodoulou
@sam and the indexer is the thing that seems to be controlled by the original bluesky people and you couldn't work around?
Sam :verified:
@Loukas No, your data is stored in a server that can be a community or an individual person. But that doesn't store your feeds, like Mastodon does. So like your feed on here exists on your server, and it's built by people sending messages to and from your server.
On Bluesky, there is a single, more 'global' feed called an indexer. That builds your feed.
Loukas Christodoulou
@sam Am I understanding it right, then that they are building an individualist kind of portability as compared to Mastodon's more collectivist kind? They want to make each user a kind of sovereign citizen who owns their own profile, while Mastodon is predicated on you being part of something, a community on a server?
Sam :verified:
And if you're wondering why this senseless overcomplication wreaks of the same crypto overcomplication, it's because THE CEO IS A CRYPTO PERSON!!!!
The entire protocol is just layering on top of a lot of some useless, bullshit standards that the crypto community built.
Sam :verified:
Additionally, the domain name is NOT your identifier. If you have a custom domain, that is NOT your identifier. Instead you have a 'DID:PLC', which is a kind of 'DID' (invented by, not a surprise, CRYPTO PEOPLE).
There is NOTHING FUNDAMENTALLY USEFUL ABOUT THIS IN FEDERATION. Because this DID is never made visible to a user, it is not human readable (it's a hash), and it doesn't do anything!!!
Sam :verified:
Imagine if I had to store the 50k+ tweets I've made on Twitter on my device, and upload ALL of them to a new server whenever a community server went down. Imagine being a server admin having to deal with people uploading tons of JSON data and media a whole bunch at a time. And if you're implementing the protocol correctly, EACH JSON BLOB REQUIRES VERIFYING THE SIGNATURE!! So you'd have to do 50K SIGNATURE VERIFICATIONS! WHICH IS CPU INTENSIVE!!! AND SLOWS DOWN THE SERVER!!!
Sam :verified:
The 'account portability' piece is bullshit! The way 'account portability' works is by having two separate keys, one for signing and one as a 'recovery' key. You're supposed to be able to use the 'recovery' key to rewrite history if your account gets hacked or some shit.
WE HAVE THE ABILITY TO DO THAT AS SERVER ADMINS!!! MASTODON HAS THIS ALREADY!!
Additionally, if a Bluesky server goes down, their way of keeping access to your data is by STORING ALL OF IT ON YOUR DEVICE!!!!
Sam :verified:
The ONE thing that this protocol brings to the table is the idea of strong consistency in federation. The only issue is, it makes that strong consistency so resource intensive and so hard to implement that it decreases community servers' ability and ease of federation!!!!
And also, NOBODY CARES ABOUT STRONG CONSISTENCY IN SOCIAL NETWORKS!!! Social networks are built on the idea that we all have a different view of things. We care about seeing stuff from our friends, not seeing EVERYTHING.
Sam :verified:
What this comes back to is... who cares about any of the crypto bullshit? Having a private key and signing everything with it proves nothing because that private key must have a reputation.
You can verify a domain on Mastodon. You can point a domain to a Mastodon server. You can do that with Pleroma. You can make your own alternative to Mastodon that works exactly like how Bluesky works with domains, but it would take a 4th of the time because ActivityPub is simple to implement!!!!
Sam :verified:
And I went into this with an open mind. I was like "I'll just make a simple alternative to the BlueSky server in Elixir". But it CAN'T be a simple implementation like ActivityPub can be, because it is extraordinarily complex and requires you to make guarantees about your storage and how your application works.
It turns out using Git, which is almost always used with a centralized 'remote', to do federation, which needs to be weakly consistent, IS A BAD IDEA!!!!!
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.