Notices by Blake Leonard (blake@infosec.town)

@nemobis I don't think there's any particular movement I want to see, other than away from X and Threads.

It's not busting, by the way. It's bustling.

I'm reading @cwebber's Re: Re: How decentralized is Bluesky, really?, and something she said leapt out to me here: If the only options in town are Burger King and McDonalds for food, one may have a degree of options and choice, but this really isn't satisfying to assuage my concerns, even if Taco Bell comes into town.This comparison here strikingly reflects, on the nose!, where the very real and valid concerns about Bluesky come from. ATProto in general does not fit this analogy, but the ATProto microblogging space is the exclusive domain of Bluesky. It's incredibly expensive to run, with all of the practically-centralized parts that the microblogging profile requires. Tracking replies, for example, is quite difficult to do in ATProto, and they solve this by having the Bluesky AppView (the hosted server) remember every post it comes across. That's how it knows about things like the "real" creation date of posts.

Yes, you can host your own PDS (which is the "home" for your data). You cannot run your own relay or Bluesky AppView, so to effectively microblog on ATProto you NEED Bluesky. This need not be true, but at present it is. It will take, at least, a new AppView project with a rethought architecture to create a resource-efficient alternative.

(Northwood, a new toy project of mine which is an ATProto-based forum software, is planned to approach this differently: each Northwood instance hosts some tracking metadata for each post, such as what category it's in, when it was "added" to the forum, what the last known state was, etc. It'll cache posts for a short time, to make things smoother, but it doesn't store them, and it never needs to pull the full repository.)What's missing from Mark's piece altogether is "Enable Participation". Yes, email has re-centralized. But we should be upset and alarmed that it is incredibly difficult to self-host email these days. This is a real problem. It's not unjustified in the least to be upset about it. And work to try to mitigate it is worthwhile.🎯🎯🎯

---

I'm down to the part where she started using math and I feel completely lost, but I think there's a fundamental misunderstanding of how these protocols work and are used in practice -- either mine or hers. My understanding is: for the distribution of posts on Fedi, distributing 1 post to followers on 30 different instances means that the instance has to send the post at least 30 times (or just hope that any of the instances you DO send it to, are able and willing to re-forward to the other ones). The receiving instance then has to save it to their database and distribute notifications to users. On ATProto, making 1 post means you have about 2 round-trip network requests: one from the client to the PDS, and one from a relay to the PDS. Let's pretend there are 30 Bluesky AppView instances that each of your followers are on. Each instance receives the post from whatever relay(s) they're connected to, and saves it to their database. Nothing is outgoing from the AppViews, but EVERYTHING is outgoing from the relay.

This is pretty similar to Nostr's model, and the only bit of it that I actually liked (okay the addressing thing was nice too, but ATProto's and Bluesky's approach to domain-based handles beat that out), except there is only one relay and for some reason relays are also expected to archive/copy full repositories (account data)? Although they have realized that's unsustainable and I think they've turned off their archival bits, last I've heard.

I think a lot of the problems here stem from Bluesky, not ATProto, being poorly designed. There may yet be more efficient alternative approaches -- maybe my understanding is wrong but still a better approach?

Ideas:
* Relays should mirror/fanout other relays.
* Investigate everything that requires a full copy of a repository. This should not be needed for anything, not even storage. Matrix (disclaimer: my article) and Git (MS blog) are fantastic examples of why this type of storage is a bad idea.
* AppViews need not be ready to handle every user. They should handle the posts, notifications, and followed posts of the people who actually use it -- Mastodon does this, where it stops building feeds for people who haven't logged on in a month.
* For small-world use cases, an architecture where an AppView directly crawls the repos of the follows of its users. The only thing this doesn't account for is notifications ("no missed messages"), I think...

this is giving me a headache

@cwebber i haven't finished it yet because I have a headache now and good god is it dense and long. is this how other people see my writing? no wonder nobody ever reads it. anyway.but I still do think it was one of the things that lead AP to be successful.ActivityPub is only successful because Mastodon made an incompatible profile of it to solve problems that weren't foreseen when AP was made. Nobody actually implements ActivityPub. I don't remember whether Evan or Christine said that, but one of them did, I'm sure.

To address the broader section that quote was in: I think they've failed at a few of those goals, but that's because of the Mastodon profile. I'd vote that it doesn't meet "Flexible and extensible," because extensions break compatibility, and while there's quite a lot defined in AS2, that's really all you have to work with. Or you start a brand-new type, and Mastodon doesn't understand it so for most developers, that's a non-starter. JSON-LD turned out to be a poor choice. That ended up making AP damn near impossible for anyone to implement. I tried, and I gave up. The entire C2S is really just a relic. Unless you're self-hosting, "User control of personal data" also falls completely flat: you're completely at the whims of your server administrator. (For Bluesky: they own the PDS keys by default, but you can currently take them back to move to a different PDS. This can be mitigated at sign-up but isn't for anyone except PDS self-hosters, because it's a bit complicated for the average person.) Also, "Embedded Experiences"????

It HAS achieved "Cross-Organization Ad-hoc Federation," "Feasible to self-host without relying on big players," and "Social network domain agnosticism" though. Those are pretty good, and definitely important.However, the credibility of that exit currently predicates on another organization of the same cost and complexity of Bluesky standing in if-or-when Bluesky ends up becoming unsatisfying to its users.🎯🎯🎯

NOW I've reached the end. Wow that was a doozy

@evan I wouldn't equate this with an attempted coup with the stated goal of installing an authoritarian leader despite the evidence that the claims they used to justify said coup were completely unfounded.

@jsit @evan They put at least two "soon"s in there so I assume it's not ready yet.

I wonder how they'll federate their paid profiles feature.

@evan I think I'd have to travel to see the total eclipse in person. Something I'll probably never be able to afford to do.

@evan @evanprodromou So it's like a custom like animation when that hashtag is present? Neat!

@evanprodromou @evan minor curiosity: what's the cherry blossom animation you speak of?

After seeing how the XZ maintainer's burnout and mental health decline was exploited to the potential detriment of the whole world, we're totally going to be supporting our developers more, right guys? We're totally going to fund critical OSS and pay maintainers enough to hire on other maintainers to take the burden off of them and reduce burnout, right? Right?

@evan This has got to be satire. Right?

@byjp @zatnosk @activitypubblueskybridge @fedidevs @fediversenews @snarfed@hachyderm.io If you want to block just Bridgy's Bluesky bridge, or just their (upcoming) Nostr bridge, or whatever, you can do that. If you want to block specific PDS's, I don't think there's a way to do that.

@snarfed.org@snarfed.org @snarfed @activitypubblueskybridge @fedidevs @fediversenews I'm a big fan of bridges and this is the big one I've been eagerly waiting for. I'll probably add it to my wizard soon after it's available. Once the moderation issues get sorted out, I firmly believe that in the end, this will be a net positive for both networks, since Bluesky users will be able to follow and engage with the vibrant and growing communities and services here, and we'll be able to follow and engage with shitposters from Bluesky.

The moderation issues should be sorted out promptly, and I'm a little disappointed that you're going to open it up with little consideration about mod tooling, especially considering the lists and lists of known problematic users on Bluesky, from mere crypto-shills and scammers to bigots, transphobes, racists, fascists, and genocide supporters. I don't have any way to find or use Bluesky's mod lists from here so there needs to be some other way.

Plus, I'm sure Bluesky users want a way to mass-mute and mass-block bridged users, maybe even from particular instances, especially considering our ongoing tone police and reply guy problems, which have driven numerous people from here to there. I feel like this part is imminently solvable with automatically-populated moderation list(s), though.

@bou @snarfed@liberdon.com @activitypubblueskybridge @fedidevs @fediversenews Yep.

@byjp @zatnosk @activitypubblueskybridge @fedidevs @fediversenews I think the main difference is that, like Nostr, Bluesky is just one big monolith with known problematic users (that have to be "filtered" out), so it's hard to moderate effectively. It's the same as any other large Mastodon instance, like dot Social or Gab.

@CStamp @snarfed@mastodon.social @activitypubblueskybridge @fedidevs @fediversenews This will allow two way interaction.

@tchambers @buttondown It already uses email and I think RSS, so doesn't it already federate, in some limited capacity?

@evan Evan you're drunk go home /hj

#Kagi picked its side: it's a search engine for the alt-right. It has done so by refusing to listen to subscribers who are endangered (!!!) by their decision, by playing the AI card some time back, and by refusing to do remotely the right thing in other scenarios (i.e. fighting COVID misinformation).

Not to mention, declaring COVID or gay rights "political" is a tell tale sign that you're closeted right wing. Which is what the founder did. He's no different from Eich, he just doesn't want to admit it.

@Seirdy was the shining beacon of ethics and reason in that thread. I love and appreciate that they framed it as a business growth decision, something that they could maybe understand, but unfortunately it seems like they decided queer folk are not their intended audience.

It was a real shame, too, since up to a couple days ago it was supposedly a good quality, somewhat spam-fighting, ad-free, independent-supporting search engine. Now it comes out they're paying bigots and thinking that's not a political statement, and my support for them vanished.

I was almost considering paying for it!

Now they're putting ads into my Mastodon feed.

No thanks. Goodbye.

RE: mastodon.online/users/9to5google/statuses/111540630284327333