Appreciated Daniel reaching out to the team about this! Hosting blobs is one of those things that will inevitably go through iterations as we understand the abuse vectors more and more, but for now it's really fun to see this kind of usage in action. The PDS is meant to be a database host in the same sense that a webserver is a website host.
sebmellen 1 days ago [-]
Are you ever going to bring back Beaker Browser? Used to love playing around with that! Didn't realize you'd gone on to Bluesky, very neat.
Doesn't the potential for abuse reduce when content is linked through user's own domain rather than a particular appview like bsky? Bsky already supports a user's domain ALIASed to redirect.bsky.com: https://bsky.app/profile/jacob.gold/post/3kh6rnpdzmp2v
philipwhiuk 21 hours ago [-]
If people use BlueSky as a magnet link for illegal content it will quickly become a problem.
moritonal 1 days ago [-]
Congrats on finding a role at Bluesky. Beaker was such an amazing project to follow, that experience must be so useful.
philipwhiuk 21 hours ago [-]
You're walking headfirst into the copyright, CSAM, pornography hole of content moderation here.
thesuitonym 21 hours ago [-]
How is this any different than the regular hole of content moderation they're already in?
chefandy 19 hours ago [-]
I don’t have a well-considered answer, but a) I imagine being able to host a phishing site on an official domain from them using their SSL cert is problematic, and b) my gut says that as soon as you start hosting arbitrary files— e.g. zip files— and browser executable JavaScript with your domain in there, that’s a different level of possible content. I guess the question is whether or not the disposition of a social media network makes that more problematic than it does with, say, Google drive.
preciousoo 18 hours ago [-]
It’s not possible for me, a non Google employee to create a file that’s hosted on Google.com, or any Google domain and have it read in the browser as text/html, bypassing many a firewall, for example
edm0nd 14 hours ago [-]
Yes it is. Via sites.google.com or Google Docs.
These are abused all the time for phishing and malicious threat actors.
nutanc 21 hours ago [-]
Agreed. I assume this will open up Bluesky to a lot of potential legal problems. But will it be any different from accesing the content using the app as the content is anyway hosted.
That said, just the other day I was thinking, is the reverse possible. I have a web site/blog. Use RSS and then the RSS updates are posted to a handle on Bluesky. I would assume that's a lot more useful?
diggan 19 hours ago [-]
> That said, just the other day I was thinking, is the reverse possible. I have a web site/blog. Use RSS and then the RSS updates are posted to a handle on Bluesky. I would assume that's a lot more useful?
This is trivial, I'm currently doing this for https://bsky.app/profile/aemet-bot.bsky.social which reads a bunch of RSS feeds from AEMET (Spain's national weather service basically) and posts warnings to the feed if there is any warning above Yellow.
The code for managing this is about ~200 lines of Rust code.
skiman10 18 hours ago [-]
Do you have that code posted somewhere by chance? I would be interested in browsing through it!
diggan 17 hours ago [-]
Not right now, no. It's fairly simple (login to Bluesky, read RSS, save item IDs to a text file, post if there are any new feed items, close program then systemd timers run this every N minutes) + pretty specific to AEMET and their formats.
If there is interest I guess I could spend some hours to make it a bit more generic and publish the source.
skiman10 15 hours ago [-]
Cool yeah. I think the thing I was most interested in was interacting with Bluesky through rust. Is there a decent sdk for that?
diggan 10 hours ago [-]
The meat is this, using bsky-sdk + atrium-api from crates:
let agent = BskyAgent::builder().build().await?;
agent
.login("username.bsky.social", "X")
.await?;
let rt = RichText::new_with_detect_facets(msg).await?;
let record = RecordData {
text: rt.text,
created_at: atrium_api::types::string::Datetime::now(),
facets: rt.facets,
};
agent.create_record(record).await?;
Works well enough. It's a bit on the lower end of the "abstraction ladder", there might be more user-friendly libraries for doing this even easier now.
nutanc 9 hours ago [-]
This is cool. Actually if bluesky can do this automatically where it can fetch RSS and show as handle updates it will be really useful. Will help a bunch of people who wouldn't need to maintain the services.
Or maybe there is a potential for a SaaS service?
pfraze 19 hours ago [-]
As opposed to running a social network? What else is new
starkruzr 1 days ago [-]
[flagged]
simonw 2 days ago [-]
I was curious as to the security context this runs in:
"access-control-allow-origin: *" is interesting - it means you can access content hosted in this way using fetch() from JavaScript on any web page on any other domain.
"content-security-policy: default-src 'none'; sandbox" is very restrictive (which is good) - content hosted here won't be able to load additional scripts or images, and the sandbox tag means it can't run JavaScript either: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...
benatkin 2 days ago [-]
Blocking/allowlisting all JavaScript is the only way [1] to have a CSP fully contain an app (no exfiltration) [2] and with prefetch that might not be enough. The author is correct at the end to suggest using WebAssembly. (Also, it still has the issue of clicking links, which can be limited to certain domains or even data: by wrapping the untrusted code in an iframe and using child-src on the parent of the iframe)
I didn't realize you could use CSP for preventing exhilaration now! How did they close the WebRTC loopholes?
benatkin 18 hours ago [-]
They haven't. That in the spec stops short of actually saying that it will stop all exfiltration. What it will do is make it harder because you'd have to put the data in a subdomain or in a username/password. It also could make it hard to deny that an attempt to exfiltrate was deliberate.
kmeisthax 1 days ago [-]
Why would WebAssembly provide more protection against exfiltration than JavaScript in this case?
benatkin 1 days ago [-]
By default WebAssembly doesn't have access to the DOM or JavaScript globals. You have full control of how it can access these things.
nightpool 2 days ago [-]
is the default-src necessary if you're using sandbox or is it redundant?
johncolanduoni 1 days ago [-]
`sandbox` doesn’t affect making requests via HTML (images, stylesheets, etc.).
nightpool 18 hours ago [-]
Right, but what would be the security impact of that compared to just plain HTML? I guess it allows for some form of view counting or IP exfiltration, but other than that anything you can do with an external request you could do with an embedded data URI.
brewmarche 17 hours ago [-]
As far as I understand CSP, since it’s set to `none`, no URIs are allowed, not even `data`. Inline scripts and stylesheets are not allowed either, since `unsafe-inline` (or nonces/hashes) is missing.
1 days ago [-]
the-chitmonger 22 hours ago [-]
I wasn't around for this specific era, but the way users of BlueSky are able to dive deep into technological waters reminds me of how people talk about learning HTML for the first time while using MySpace. Social media is a more saturated market now than before, but I wonder if we'll see a new generation of programmers sprout from BlueSky.
crowcroft 19 hours ago [-]
MySpace and old forums walked you up a ladder of abstraction from, I'm adding some text into a box and it shows up on the webpage -> I'm adding some images as well -> I'm adding some BBCode/Markup and now things look really custom -> I'm writing HTML and CSS -> I'm writing complete scripts.
Bluesky does the first step and then it's a great big leap from there imo.
athrowaway3z 15 hours ago [-]
> 14-minute read
I see a dozen links I suspect are required reading to try out new ideas.
With HTTP/HTML you can show somebody who knows only the most basic Python, or any other PL, how to build a server from scratch in those 14 minutes.
I'm convinced we need hash-addressable communication protocols to redefine the relationship we have with the tech-giants, and stop them exploiting our communities.
I'm not convinced the ATProtocol has hit the mark well enough to kick start a revolution like HTTP did.
floor_ 21 hours ago [-]
[flagged]
SAHChandler 1 days ago [-]
I'm very hopeful for the possibility of using bluesky for blob data.
A friend and I had considered looking into storing DOOM WADs on bluesky so that "map packs" could be shared in the same way posts are. Follow an account, a list, or a starter pack, and you could theoretically modify GZDoom or some other client to know how to search and view any WADs posted by those accounts. Like how the Steam Workshop works, except it's via bluesky. :D
Rick76 21 hours ago [-]
This is a cool idea, are you thinking of self-hosting this or on their servers? Have they mentioned anything about any guidelines for what their blob storage can be used for? I know doom is small and that's a great idea, a workshop is a perfect example of how this can be used. I'm just wondering if this can be abused to outsource large server space.
You can define custom records for basically anything
A PDS would be a point in the network that decides if abuse is happening, also a place where competition can occur
dev0p 24 hours ago [-]
So, basically using Bluesky as an RSS feed for arbitrary data? Kind of?
pests 12 hours ago [-]
RSS is already an RSS feed for arbitrary data. :D
I joke but RSS does work for his use case just as well minus the distributed/federated points.
willscott 1 days ago [-]
One of the points that is made is that since the PDS that's being interacted with here is part of a 'Personal Data Server' rather than the Bluesky product, it ends up able to offer infinite free data storage.
This seems like one of the things that might be part of the references the bluesky team has made at time to introducing a subscription service - providing more space / bandwidth / higher quality video on your PDS seems like the type of hosting that could be offered at a premium tier.
hk1337 18 hours ago [-]
> 'Personal Data Server' rather than the Bluesky product
If I understood correctly, the PDS was hosted on Bluesky. I assume it could be hosted somewhere else, so yeah it could be interacted with more than Bluesky.
rsynnott 1 days ago [-]
There should really be a name for this phenomenon; put basically anything on the internet, and sooner or later people will try to host arbitrary files on it.
superzamp 1 days ago [-]
There's already "parasitic computation" so we could probably go for "parasitic data storage"
Suppafly 16 hours ago [-]
>and sooner or later people will try to host arbitrary files on it.
I'm pretty sure that's a key reason that google accounts are limited to 15gb now until you pay for more storage. When it was unlimited there were all these opensource projects coming up with ideas to backup your filesystem to gmail and such which got even worse when Drive came about. These free services need to foresee that that will be an issue and put in some basic limits.
miningape 1 days ago [-]
Johnson's Law: The more attention something receives, the bigger it's area of impact becomes.
marcosscriven 22 hours ago [-]
I thought that was the Streisand effect?
kingofheroes 20 hours ago [-]
The Streisand is "the more you try to hide something, the bigger its area of impact becomes".
ratamacue 12 hours ago [-]
Streisand may also be "the more you try to hide something, the more attention it receives", and then by Johnson's Law, the bigger its area of impact becomes.
sequoia 17 hours ago [-]
Is this comment intended to have a bawdy subtext or am I just reading to much into it?
The recent API changes in Strava reminded me of how limited our access is to the data stored on their platform. As a dominant player in the fitness space, they could gradually lock features behind a subscription wall.
While this might raise privacy or safety concerns, could the AT Protocol be a suitable platform for storing GPX or FIT files?
d-lo 17 hours ago [-]
I’d love a federated Strava replacement. Unfortunately I don’t believe that the AT Protocol supports private or limited visibility posts yet, which I think is a pretty key feature for Strava’s use case.
brw 14 hours ago [-]
Once atproto has first party support for private records I'm definitely expecting a massive increase in interest. It would open so many doors and is probably the main thing holding back many potential use cases as of now.
is there any hosting site that isn't? feels like a computing law at this point; if you build a hosting site, someone will try to use it for malicious purposes.
EGreg 2 days ago [-]
Can’t you just make the hosting site features only be for real purposes?
Like a link shortener which only forwards to a domain that matches the subdomain? Or only for watching videos and collecting metrics etc.
As long as content is authored by the administrator of the server, I don't see where there is a security issue.
It's like if you point to your own Apache server in your own domain where you host a scam page and say there's a security issue with Apache because you could do that.
Or are you saying that you can make this person's server serve third-party content?
ndjdjddjsjj 1 days ago [-]
> Or are you saying that you can make this person's server serve third-party content?
Http: yes see OP
Email: not sure. Hopefully not. But spoofing happens.
benatkin 2 days ago [-]
Lack of moderation combined with an offical-sounding domain name.
This would have to get the user to follow a link or call a phone number or something though. These are plausible. It's too bad the content-security-policy can't prevent following links.
extraduder_ire 1 days ago [-]
Bluesky seems to use a lot of totally different domain names for each part of their infrastructure, maybe for this reason. e.g. this one is bsky.network
While they're nowhere close on volume, they're certainly beating microsoft in terms of the rate they're adding similar looking official URLs.
whywhywhywhy 23 hours ago [-]
> bsky.network
Shortening your brand to 4 letters when your chosen TLD is the same length as your full brand name is such a weird choice.
wise_young_man 19 hours ago [-]
I guess bsky.net and bluesky.net were taken. What’s weird is why ICANN allowed .network TLD at all when .net already existed, was shorter, and meant for that.
Symbiote 15 hours ago [-]
I can't be the only person who visited bluesky.com, assuming that was the thing everyone was talking about.
tomrod 20 hours ago [-]
This is why you and I aren't in charge of marketing I reckon.
1 days ago [-]
anon7000 1 days ago [-]
I mean, the way AT Proto is designed, moderation primarily happens on the app layer, not the protocol layer. So on an app like Bluesky, you can have a lot of moderation. But the protocol itself allows hosting arbitrary content in a distributed/decentralized way.
1 days ago [-]
ineedaj0b 1 days ago [-]
hehehe. I pinned it to the top research ideas. I'll get back to you on this
hi_hi 1 days ago [-]
Could some awesome person possibly summarise any limitations or use cases where this might not work well?
The example provided is quite basic static text, so I'm wondering if there's a reason for that?
Retr0id 2 days ago [-]
The CSP headers didn't used to be there, which I used to pop an alert(), way back. (at the time there was also a MIME whitelist, but that whitelist included image/svg+xml, which allows script execution)
steveklabnik 2 days ago [-]
Ah this is super cool! I’ve been thinking about doing this with my website, but was going to leverage the whtwind lexicon, since my site is mostly a blog. But for the front page, and anything else, I may have wanted something else.
This is more of an unstructured approach, which is cool because it needs less specialized tooling. It has the disadvantage of being… well, just a blob. No semantic information there.
How exactly is the personal data server used? Examples and such?
The link gives a nice high level explanation but I still am not sure of its purpose.
srg0 20 hours ago [-]
My first reaction was like -- wow, a site that runs on a reverb pedal.
code_for_monkey 19 hours ago [-]
this website has the toan
skybrian 2 days ago [-]
I'm wondering whether a third-party PDS implementation should support other protocols as well. Would a combined git/PDS repo make any sense at all? (That is, it's a PDS, but it also implements enough of git to do read-only access via git commands.)
I have a lot of hope for AT. I'm sure there's lots of smart people on HN that have done great things with the Fediverse, but this whole paradigm just seems more sustainable + realistic. Basically it gives us centralization by default, but with real decentralized support when you need it / for power users.
jazzyjackson 2 days ago [-]
As far as sustainability goes I'm hoping for a better business model than "accept funds from Blockchain Capital" [0], some return on investment in mirroring the firehouse. I can muse, a Discord alternative where some users pay to host longer videos (current limit is 60sec [1]) or Patreon where a relay takes a cut in exchange for managing access/decryption keys, or Bandcamp or some other kind of social marketplace - as it is theres no reason I couldn't do this, it is an open platform after all.
Im hoping that most of the infra costs get amortized by people bringing on their PDS’s, while some of the core stuff (app layer, iOS app etc.) is maintained by a small team funded by donations/subscriptions.
bbor 2 days ago [-]
Yeah I’m also worried about profitability, tho not particularly concerned about that particular investor, personally; all VCs are inherently amoral profit generators. They are a “benefit corporation” like anthropic, which gives them some leeway to deny shareholder requests in the name of public good. Which is nice!
In general I feel like social media is in the perfect spot for a huge shakeup as display ads breathe their last breath. Even if Google wins/draws out its Display Ads antitrust case and successfully implements some new interest-tagging system, I think anyone with a calculator and a newspaper subscription can read the leaves at this point; people are concerned about their data, and the money it generates is peanuts compared to more traditional advertising schemes. All of this is of course not even mentioning what I think intuitive algorithms will do (cynical or no, there’s lots of credentialed scientists saying that AGI (!!) is within reach in the coming decade, if not the coming few year).
All that to say: I feel like they can find a way to make it work. Revenue doesn’t need to be as high anyway if you a) don’t have 1000 devs optimizing Display Ad A/B tests all day, and b) have the support of the open source community.
yokem55 2 days ago [-]
If they can get ~100k subs to a $10/mo premium service similar to discord nitro, they are probably close to breaking even at the current scale and ops methodology. Which seems feasible.
genem9 1 days ago [-]
“Hosting websites” has been possible on nostr for some time already with npub.pro …
Based on https://bsky.social/about/support/tos#user-content , I would answer yes. While it's not expressly called out (permitted or forbidden), my reading of the above would indicate that it's not forbidden per se, and probably permitted ("Modify or otherwise utilize User Content in any media. This includes reproducing, preparing derivative works, distributing, performing, and displaying your User Content."). I believe training an LLM falls under "utilize" and "preparing derivative works".
jamilton 1 days ago [-]
That's about your user content, not others'.
la64710 2 days ago [-]
I think the AT protocol is versatile in that users can acces each others data once authenticated without any centralized service (granted the aggregators and some other things may still be centralized).
jazzyjackson 2 days ago [-]
Is there any auth necessary to pull data from a PDS? I know the main relay is a public firehouse so I would be surprised, but maybe the PDS can put relay servers on an allowlist?
anon7000 1 days ago [-]
As far as I can tell, all content on ATProto is fully public without auth
unshavedyak 1 days ago [-]
Does it federate or anything? Wonder what up to date summaries exist of it’s capabilities
jazzyjackson 1 days ago [-]
If by federate you mean "is stored on content addressed, signed merkle trees that can be mirrored and served from more than one domain" then yes
Also it's uh, atproto.com
irusensei 1 days ago [-]
So the recent push to artists to move there to protect their rights against AI training is not only false but a trap since anyone can point their cannons to train data on Bluesky.
What I remember about that whole affair is that I'd really respected Jack for starting Bluesky, allowing it to be independent of Twitter (and Jay deserves a heaping of credit for pushing that!), and then losing that respect when he seemed to totally misunderstand what Bluesky had gone on to achieve.
Jack was pushing Nostr at the time which... seems ok if you're into that. But his arguments in his interview with Mike Solana really didn't make sense to me.
strogonoff 1 days ago [-]
Bluesky’s attitude seems logical and their reasoning aligns with my thoughts exactly.
If techdirt’s article is to be believed, Dorsey’s departure has to do with going from an extreme to an extreme—from a traditional social monolith to a pure protocol—whereas Bluesky chose to pursue not only the protocol, but also “the app” as the face of that protocol for the ordinary user, and let’s face it: the ordinary user does not really care about protocols.
My speculation about him suggesting people “stay on Twitter” is that Nostr (which he apparently is invested in now) and Twitter are orthogonal, so there is no conflict there, but Bluesky competes with both.
Not a Bluesky user (the invite-only period has put me off for a while), but if they do not compromise on the protocol part (and there are no shenanigans unfolding, who knows, maybe Dorsey found something) their attitude seems to me to be the most reasonable for a mainstream social platform.
apitman 1 days ago [-]
What's your issue with invite-only periods? Is there a better way to throttle signups while you scale a system early on?
wesleytodd 20 hours ago [-]
But if you use web scale tech you can scale to infinity on day one right? :eye-roll:
irusensei 1 days ago [-]
The invite-only system established the main Bluesky instance as a big circlejerk.
It worked with Orkut back in the day where the internet was new and untainted by culture wars.
Bluesky is lefty twitter now and I want no business with that platform.
tomrod 19 hours ago [-]
> Bluesky is lefty twitter now and I want no business with that platform.
I love hearing people say this, because in reality Bluesky covers most of the political dimensions one wants to subdivide a population by except the most toxic of participants. Also, most of the academics have moved to Bluesky because Twitter became toxic / suppressed speech dramatically and at the whims of one Mr. Musk. As per usual, where the "lefties" are the "righties" follow (to use the parlance of the prior comment) be is social media, good policy, you name it.
Plenty of conservatives are there, such as Lincoln project folks, right libertarians, and even National Review & Reason IIRC. But I guess these folks don't count these days as conservative (despite definitionally being so, just not aligned with modern US Republican policy planks)? Not sure.
Anyhow, I'm enjoying Bluesky for what it is -- a new social media platform that isn't fully encumbered by bots and nonsense for a bit.
natoliniak 18 hours ago [-]
> Twitter became toxic / suppressed speech dramatically
But what kind of speech is supressed nowadays on X?
what about Bluesky?
does Bluesky not supress any speech?
BryantD 17 hours ago [-]
Sure. CSAM.
Meanwhile Twitter is now openly suppressing links off-site. For financial reasons rather than ideological ones (although the latter may also be occurring).
rsynnott 1 days ago [-]
I mean, honestly, losing Dorsey was probably a big part of its success.
rpastuszak 18 hours ago [-]
Just a (very unserious) reminder that you can host +7kb of data in a single tweet using data URIs + gzip.
unrelated probably, but it made me realize how I don't really see Hugo/Jekyll type websites anymore.
hipadev23 2 days ago [-]
How do you even know? Don't those both just generate static html?
tr1ll10nb1ll 2 days ago [-]
Footer. also Jekyll/Hugo sites use generator so you can mostly find it in the meta generator tag.
Next.js sites are also a super easy find like this.
veqq 2 days ago [-]
You can trivially remove it e.g. `disableHugoGeneratorInject = true` in `config.toml`.
thesdev 2 days ago [-]
It says "Powered by Hugo" at the bottom of the page.
Zambyte 2 days ago [-]
Depending on the theme.
rahkiin 2 days ago [-]
I build my own themes and don’t include that either
mikae1 2 days ago [-]
Same here
2 days ago [-]
2 days ago [-]
teitoklien 2 days ago [-]
I build my own with Jinja2 templates my custom python script + mistune library to parse markdown to html, and a YAML file in similar format to Hugo (the previous generator i used to use)
I found building my own custom one with python3, much more freeing in all sorts of interesting ways, I also exposed the static site generator with a FastAPI based API to auto build my website from my notes, my cooking recipes, database records, financials, git commits, etc to build me a private protected website (via nginx auth) from anywhere, whether via sending a text message to my telegram bot, or running a Shortcuts command on my iPad, or just directly running a command from my terminal.
It took barely a day to setup, and allows me to run interesting custom extensions in all sorts of interesting ways, and builds me a personal website curated to my interest, where the primary viewer is supposed to be me. and it exposes a public barebones website with barely any content for everyone else.
One of these days I think i’ll expose more of it to the world.
zahlman 2 days ago [-]
I see plenty of blogs generated from Markdown with tools like that.
Has something overtaken Hugo and Jekyll in that space?
aryonoco 1 days ago [-]
If you like JS/TS, then Astro.
I maintain a blog on Hugo but also host a couple of Astro ones. I think Hugo is great but to my eyes at least Astro has more active development behind it, and I also enjoy it more (probably because I know Typescript more than golang)
edm0nd 14 hours ago [-]
We use Github to Jekyll to host a few websites. Works awesome.
dangerlibrary 2 days ago [-]
I just use mkdocs for everything.
dv35z 1 days ago [-]
Have you found a decent bare bones starter theme? I've been using MkDocs Material, and I find the theme too complicated (HTML etc) - hoping to find a super simple one that looks decent - plain - and is a good base for theming / styling. Thanks & take care.
Why was it decided not to build on any existing content-addressable networking system (IPFS or whatever)?
November 1, 2024 at 12:39 PM
Leo R. Comerford @leocomerford.bsky.social
·
23d
(Not implying that this was the wrong decision, it’s a genuine question.)
dan @danabra.mov
·
23d
actually not sure i can answer this well. paging @bnewbold.net or maybe @why.bsky.team (who worked on IPFS btw)
dan @danabra.mov
·
23d
my guess is that we’d want data hosting to be under direct control of the user (same as web hosting) rather than peer-to-peer, want instant deletion/edits at the source, need ability to move to a different host or take content down, need grouping into collections. not sure how much IPFS could adapt
dan @danabra.mov
·
23d
we do use some pieces from IPFS through (aside from the actual peer to peer mechanism)
bryan newbold @bnewbold.net
·
4mo
you can basically ignore it, we don't use "IPFS" proper anywhere.
there are strong social connections, and we borrow some tech components like CIDs (flexible hash/digest syntax) and DAG-CBOR (more-deterministic subset of CBOR, good for signing+hashing)
Bumblefudge @bumblefudge.com
·
1d
yeah this is all accurate. bluesky remixed a lot of IPFS components and patterns in interesting ways, but the monolithic global IPFS network (with chatty DHT distribution) wouldn't make sense here, BS made an infinitely more efficient/performant distribution of bytes tailored to its use case.
Bumblefudge @bumblefudge.com
·
1d
FWIW the IPFS foundation is working on making IPFS more modular and easily remixed for future BlueSkies, but it's a big task decomposing the monolith and reorienting the documentation and ergonomics...
[a second reply to the first skeet:]
Uai @why.bsky.team
·
23d
As far as im concerned (and i led ipfs development for a number of years) we are using ipfs, just a specific streamlined implementation of it.
All your repo data can be imported into an ipfs node and addressed via cid
Uai @why.bsky.team
·
23d
We dont use libp2p because for a consumer mobile app we didnt want to futz with nat traversal and connectivity and the like, but its definitely possible to build a p2p version of bluesky
echelon 1 days ago [-]
"skeet" is such a terrible term for this. It's like mastodon "toot"s.
Using bodily functions as core infra terminology is off-putting and feels like a bit like a juvenile boy's club. I get that some people find it funny, but it alienates people. We should just call these "posts".
Eevn better: call them tweets. That's what they are.
leoc 1 days ago [-]
Sure, whatever: I had certainly given it approximately no thought in this case, and my personal investment in 'sk**t' is zero. I'd edit my post but I seem to have hit the timeout. I will also say that I don't think this is the most interesting or on-topic thread to pull on from my comment.
mjmsmith 20 hours ago [-]
Huh, I thought it was a reference to shooting: fling your hot take into the sky in front of an audience ready to blow it to smithereens.
bbor 1 days ago [-]
Hard agree -- this one is especially bad because it's gendered. We'll see what happens, but I'd put my money on "post" winning out. There's some people on Bluesky who feel absurdly strong about this because of the history (the CEO asked them not to use it so they used it more often as a joke), but they're simply outnumbered already. Such is exponential growth...
bargainbot3k 2 days ago [-]
[flagged]
steveklabnik 2 days ago [-]
In what sense?
bargainbot3k 1 days ago [-]
[flagged]
noirbot 1 days ago [-]
What is there to respond to? "This thing may happen at some point in the future" isn't insight or commentary.
I can formulate a response, but it's already required more thought and effort than you seemed to have put into your comment. Engagement farming and bait isn't what HN is generally for.
bargainbot3k 1 days ago [-]
[flagged]
noirbot 1 days ago [-]
I just cannot imagine being this upset about someone else doing something they enjoyed that hurt no one. This is pure gatekeeping at its finest.
It's a cool use of technology! Maybe this is Bobby's first API. Why the need to tell Bobby that you're too cool to appreciate it? As the opening of the OP points out, this has very little to do with ${new_propaganda_platform} as you so dismissively put it. They're self-hosting their site on a protocol not intended to exactly do that! That's cool even if you've been able to do that since whenever you discovered you could do that.
They don't seem to be doing any of the things you're throwing at them as negatives. They're not saying this is the future of the internet or something everyone should do or forcing all their friends onto it. It's just an interesting demonstration of the underlying tech of a protocol and what you can do with it.
If you seem to think people talking online about their joy about technology and the things they can do about it is "shit spewing" onto your beloved "WWW" then I'm not sure why you're here. You definitely don't seem like you actually read any part of the OP you're "shit spewing" all over.
bargainbot3k 1 days ago [-]
[flagged]
blackqueeriroh 1 days ago [-]
This is a pretty pitiful comment. It fails (again) to actually make any salient points (what “propaganda platform” are you talking about? How did you reach that conclusion? Based on what?) and instead just does the “anti-interest negativity dance” that so many edgelords are into these days.
naught0 20 hours ago [-]
It sounds like they don't even understand Bluesky or the OP. OP is certainly not recommending hosting serious websites from Bluesky's arbitrary blob storage, as though it's the "hot newness." This was a fun blog post exploring something that resembles a hole in Bluesky's defenses if anything.
ziddoap 1 days ago [-]
>Not sure why my parent comment was flagged. I guess when you can’t formulate a response, you flag and downvote? Is that the HN way?
It was a vague and negative one-liner, with no indication of what you were insinuating or why you think that way, from a brand new account.
If you spent 30 more seconds to expand on what history you were referring to and why you think history is repeating, it would not have been flagged.
bargainbot3k 1 days ago [-]
Are you a mod/admin here?
ziddoap 1 days ago [-]
No, just someone who spends too much time here and am familiar with the trends.
dgfitz 1 days ago [-]
I’d have at least said something like “it reminds me of app.net, but with a lot more traction” or something to poke at a conversation.
paulvnickerson 21 hours ago [-]
[flagged]
nerdjon 21 hours ago [-]
I would be very curious how exactly this is being said and if it is just simply stating an "opinion" or if it is being used as a way to attack people and purposefully start a fight.
If it is the later 2, than them being "eager" is a good thing since that just feeds to toxicity and is a major reason that people have been pushing to move away from Twitter in the first place.
Even the first one I can understand since I really struggle to figure out why you would feel the need to repeat this if it was not an attempt to stir up an argument.
> I would be very reluctant to store anything important there.
Regardless of the reason, you should always be reluctant to store anything important on a platform you don't own. Focusing on this particular topic as the reason however is really just trying to start an argument that does not need to happen.
aniforprez 20 hours ago [-]
Obvious trolling attempt aside, on the topic of uploading files to third party platforms, people should have really learned their lesson when uploading files to Discord and using that as a CDN and Discord completely killing that and hundreds of thousands of links by adding timeouts to the files hosted on their servers. It's really annoying because there are a bunch of mod servers that refuse to put their files anywhere else and so many links were completely lost to the ether. Now you need to join so many servers just to get files and it gets very annoying very fast. Please just use a file hosting solution or make a website.
nerdjon 20 hours ago [-]
I actually did not know about what happened with Discord. I mean I think its still a cool concept but no reason to rely on it.
Especially when its so easy and cheap to store something in S3 and stick a domain in front of it for example.
aniforprez 20 hours ago [-]
They said in their official statement[1] that it was to "block malware" but clearly they did not want to serve file traffic off-site. And yes I am very much in favour of using S3 or at least some file hosting service to dump the files where it's their job to do so. I am not sure why they were all using a chat application's file hosting as a CDN with gleeful abandon.
Some people want to live their lives without having to justify their existence to strangers every time they appear in a public space. It's exhausting. There are plenty of spaces where you can have those arguments. It's OK to have spaces where those kinds of arguments are not welcome, too.
aniforprez 20 hours ago [-]
This is not an argument or a discussion. That would require two parties willingly engaging. This is someone trolling and simply being hurtful/aggressive for kicks. I don't know if the BlueSky moderators are banning such accounts but it's an insta-block from me.
nerdjon 20 hours ago [-]
There is nothing wrong with an argument, but as the other person said this is not really being posted just for the sake of having an argument. On topics like this neither side cares what the other has to say because they have made up their mind.
This isn't like saying "Mexican is the best food". Which sure may get a bit heated but at the end of the day is a personal opinion argument.
Attempting to "argue" about someone else's life, who's existence doesn't impact you in the slightest, isn't an argument that deserves to happen. At the very least not in a public space and not without expecting the repercussions of it happening.
diggan 21 hours ago [-]
> Bluesky has demonstrated a strong eagerness to censor content based on political ideology
Can you demonstrate where/when this has happened? I've been on Bluesky since 2023 and yet to see any concrete examples of people getting banned for saying anything like that.
I've seen plenty of examples of users getting a ton of pushback from others when saying something like that, and ending up on block lists that others can (optionally) subscribe to, but never seen anyone permanently banned over it.
enterpriss 20 hours ago [-]
Would be curious if you have any sources or publications to backup this claim?
code_for_monkey 20 hours ago [-]
thats because thats a dogwhistle that people post to start fights. Its the posting equivalent of an 11 year old saying 'im not touching you!' and its good to ban it. its annoying.
altcognito 20 hours ago [-]
Bluesky is decentralized and has no central algorithm, so I'm not sure where you're getting this misinformation from. I'm happy to be shown otherwise.
verdverm 20 hours ago [-]
A PDS can refuse to host someone's data, an App View can refuse to serve content or specific users.
But, being decentralized, they cannot "remove them from the platform" depending on how we define this phrase
Being removed by Bluesky can certainly happen, in the sense that most people who are unaware ATProto is different from what came before, think about these things.
I too would like to see such claims backed up. Too many flags being planted to stake out ideological territory...
davexunit 19 hours ago [-]
While I definitely don't agree with the GP here, Bluesky is not decentralized in any meaningful way, but they aspire to having a "credible exit" if Bluesky the company falls into the wrong hands.
These are abused all the time for phishing and malicious threat actors.
That said, just the other day I was thinking, is the reverse possible. I have a web site/blog. Use RSS and then the RSS updates are posted to a handle on Bluesky. I would assume that's a lot more useful?
This is trivial, I'm currently doing this for https://bsky.app/profile/aemet-bot.bsky.social which reads a bunch of RSS feeds from AEMET (Spain's national weather service basically) and posts warnings to the feed if there is any warning above Yellow.
The code for managing this is about ~200 lines of Rust code.
If there is interest I guess I could spend some hours to make it a bit more generic and publish the source.
Or maybe there is a potential for a SaaS service?
"access-control-allow-origin: *" is interesting - it means you can access content hosted in this way using fetch() from JavaScript on any web page on any other domain.
"content-security-policy: default-src 'none'; sandbox" is very restrictive (which is good) - content hosted here won't be able to load additional scripts or images, and the sandbox tag means it can't run JavaScript either: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...
1: https://github.com/w3c/webappsec/issues/656#issuecomment-246...
2: https://www.w3.org/TR/CSP3/#exfiltration
Bluesky does the first step and then it's a great big leap from there imo.
I see a dozen links I suspect are required reading to try out new ideas.
With HTTP/HTML you can show somebody who knows only the most basic Python, or any other PL, how to build a server from scratch in those 14 minutes.
I'm convinced we need hash-addressable communication protocols to redefine the relationship we have with the tech-giants, and stop them exploiting our communities.
I'm not convinced the ATProtocol has hit the mark well enough to kick start a revolution like HTTP did.
A friend and I had considered looking into storing DOOM WADs on bluesky so that "map packs" could be shared in the same way posts are. Follow an account, a list, or a starter pack, and you could theoretically modify GZDoom or some other client to know how to search and view any WADs posted by those accounts. Like how the Steam Workshop works, except it's via bluesky. :D
You can define custom records for basically anything
A PDS would be a point in the network that decides if abuse is happening, also a place where competition can occur
I joke but RSS does work for his use case just as well minus the distributed/federated points.
This seems like one of the things that might be part of the references the bluesky team has made at time to introducing a subscription service - providing more space / bandwidth / higher quality video on your PDS seems like the type of hosting that could be offered at a premium tier.
If I understood correctly, the PDS was hosted on Bluesky. I assume it could be hosted somewhere else, so yeah it could be interacted with more than Bluesky.
I'm pretty sure that's a key reason that google accounts are limited to 15gb now until you pay for more storage. When it was unlimited there were all these opensource projects coming up with ideas to backup your filesystem to gmail and such which got even worse when Drive came about. These free services need to foresee that that will be an issue and put in some basic limits.
https://en.wikipedia.org/wiki/Inner-platform_effect
While this might raise privacy or safety concerns, could the AT Protocol be a suitable platform for storing GPX or FIT files?
Tbh, I still haven't figured out how my IRC client is supposed to fetch avatars of bridged matrix users now.
Previously I was able to special case bridged matrix users and access their avatars through
Like a link shortener which only forwards to a domain that matches the subdomain? Or only for watching videos and collecting metrics etc.
$inane_marketing_trope
...
Click here to Unsubscribe from Bluesky
https://porcini.us-east.host.bsky.network/xrpc/com.atproto.s...
...
Redirects to bad site.
It's like if you point to your own Apache server in your own domain where you host a scam page and say there's a security issue with Apache because you could do that.
Or are you saying that you can make this person's server serve third-party content?
Http: yes see OP
Email: not sure. Hopefully not. But spoofing happens.
This would have to get the user to follow a link or call a phone number or something though. These are plausible. It's too bad the content-security-policy can't prevent following links.
While they're nowhere close on volume, they're certainly beating microsoft in terms of the rate they're adding similar looking official URLs.
Shortening your brand to 4 letters when your chosen TLD is the same length as your full brand name is such a weird choice.
The example provided is quite basic static text, so I'm wondering if there's a reason for that?
This is more of an unstructured approach, which is cool because it needs less specialized tooling. It has the disadvantage of being… well, just a blob. No semantic information there.
How exactly is the personal data server used? Examples and such?
The link gives a nice high level explanation but I still am not sure of its purpose.
What other protocols would make sense?
I have a lot of hope for AT. I'm sure there's lots of smart people on HN that have done great things with the Fediverse, but this whole paradigm just seems more sustainable + realistic. Basically it gives us centralization by default, but with real decentralized support when you need it / for power users.
[0] https://www.blockchaincapital.com/blog/bluesky-13m-users-and...
[1] https://bsky.social/about/blog/09-11-2024-video
In general I feel like social media is in the perfect spot for a huge shakeup as display ads breathe their last breath. Even if Google wins/draws out its Display Ads antitrust case and successfully implements some new interest-tagging system, I think anyone with a calculator and a newspaper subscription can read the leaves at this point; people are concerned about their data, and the money it generates is peanuts compared to more traditional advertising schemes. All of this is of course not even mentioning what I think intuitive algorithms will do (cynical or no, there’s lots of credentialed scientists saying that AGI (!!) is within reach in the coming decade, if not the coming few year).
All that to say: I feel like they can find a way to make it work. Revenue doesn’t need to be as high anyway if you a) don’t have 1000 devs optimizing Display Ad A/B tests all day, and b) have the support of the open source community.
However, data on AT Proto is fully public and it’d be trivial for someone to extract the data for AI to train.
For example, this app shows you entries hosted on the protocol: https://atproto-browser.vercel.app/at/nytimes.com
Also it's uh, atproto.com
https://amp.theguardian.com/technology/article/2024/may/07/j...
What I remember about that whole affair is that I'd really respected Jack for starting Bluesky, allowing it to be independent of Twitter (and Jay deserves a heaping of credit for pushing that!), and then losing that respect when he seemed to totally misunderstand what Bluesky had gone on to achieve.
https://www.techdirt.com/2024/05/13/bluesky-is-building-the-...
Jack was pushing Nostr at the time which... seems ok if you're into that. But his arguments in his interview with Mike Solana really didn't make sense to me.
If techdirt’s article is to be believed, Dorsey’s departure has to do with going from an extreme to an extreme—from a traditional social monolith to a pure protocol—whereas Bluesky chose to pursue not only the protocol, but also “the app” as the face of that protocol for the ordinary user, and let’s face it: the ordinary user does not really care about protocols.
My speculation about him suggesting people “stay on Twitter” is that Nostr (which he apparently is invested in now) and Twitter are orthogonal, so there is no conflict there, but Bluesky competes with both.
Not a Bluesky user (the invite-only period has put me off for a while), but if they do not compromise on the protocol part (and there are no shenanigans unfolding, who knows, maybe Dorsey found something) their attitude seems to me to be the most reasonable for a mainstream social platform.
It worked with Orkut back in the day where the internet was new and untainted by culture wars.
Bluesky is lefty twitter now and I want no business with that platform.
I love hearing people say this, because in reality Bluesky covers most of the political dimensions one wants to subdivide a population by except the most toxic of participants. Also, most of the academics have moved to Bluesky because Twitter became toxic / suppressed speech dramatically and at the whims of one Mr. Musk. As per usual, where the "lefties" are the "righties" follow (to use the parlance of the prior comment) be is social media, good policy, you name it.
Plenty of conservatives are there, such as Lincoln project folks, right libertarians, and even National Review & Reason IIRC. But I guess these folks don't count these days as conservative (despite definitionally being so, just not aligned with modern US Republican policy planks)? Not sure.
Anyhow, I'm enjoying Bluesky for what it is -- a new social media platform that isn't fully encumbered by bots and nonsense for a bit.
But what kind of speech is supressed nowadays on X? what about Bluesky? does Bluesky not supress any speech?
Meanwhile Twitter is now openly suppressing links off-site. For financial reasons rather than ideological ones (although the latter may also be occurring).
Here's Pong (HTML + JS) and the Epic of Gilgamesh: https://x.com/rafalpast/status/1316836397903474688
(brought to you by the ad tracking pixel parameters ignoring the tweet length limit)
More links + the "Twitter CDN" editor™: https://sonnet.io/projects#:~:text=Laconic!%20(a%20Twitter%2...
Next.js sites are also a super easy find like this.
I found building my own custom one with python3, much more freeing in all sorts of interesting ways, I also exposed the static site generator with a FastAPI based API to auto build my website from my notes, my cooking recipes, database records, financials, git commits, etc to build me a private protected website (via nginx auth) from anywhere, whether via sending a text message to my telegram bot, or running a Shortcuts command on my iPad, or just directly running a command from my terminal.
It took barely a day to setup, and allows me to run interesting custom extensions in all sorts of interesting ways, and builds me a personal website curated to my interest, where the primary viewer is supposed to be me. and it exposes a public barebones website with barely any content for everyone else.
One of these days I think i’ll expose more of it to the world.
Has something overtaken Hugo and Jekyll in that space?
I maintain a blog on Hugo but also host a couple of Astro ones. I think Hugo is great but to my eyes at least Astro has more active development behind it, and I also enjoy it more (probably because I know Typescript more than golang)
Not sure if that fits the bill for you, but I like it.
Leo R. Comerford @leocomerford.bsky.social
Why was it decided not to build on any existing content-addressable networking system (IPFS or whatever)?
November 1, 2024 at 12:39 PM
Leo R. Comerford @leocomerford.bsky.social · 23d
(Not implying that this was the wrong decision, it’s a genuine question.)
dan @danabra.mov · 23d
actually not sure i can answer this well. paging @bnewbold.net or maybe @why.bsky.team (who worked on IPFS btw)
dan @danabra.mov · 23d
my guess is that we’d want data hosting to be under direct control of the user (same as web hosting) rather than peer-to-peer, want instant deletion/edits at the source, need ability to move to a different host or take content down, need grouping into collections. not sure how much IPFS could adapt
dan @danabra.mov · 23d
we do use some pieces from IPFS through (aside from the actual peer to peer mechanism) bryan newbold @bnewbold.net · 4mo
you can basically ignore it, we don't use "IPFS" proper anywhere.
there are strong social connections, and we borrow some tech components like CIDs (flexible hash/digest syntax) and DAG-CBOR (more-deterministic subset of CBOR, good for signing+hashing)
Bumblefudge @bumblefudge.com · 1d
yeah this is all accurate. bluesky remixed a lot of IPFS components and patterns in interesting ways, but the monolithic global IPFS network (with chatty DHT distribution) wouldn't make sense here, BS made an infinitely more efficient/performant distribution of bytes tailored to its use case.
Bumblefudge @bumblefudge.com · 1d
FWIW the IPFS foundation is working on making IPFS more modular and easily remixed for future BlueSkies, but it's a big task decomposing the monolith and reorienting the documentation and ergonomics...
[a second reply to the first skeet:]
Uai @why.bsky.team · 23d
As far as im concerned (and i led ipfs development for a number of years) we are using ipfs, just a specific streamlined implementation of it. All your repo data can be imported into an ipfs node and addressed via cid
Uai @why.bsky.team · 23d
We dont use libp2p because for a consumer mobile app we didnt want to futz with nat traversal and connectivity and the like, but its definitely possible to build a p2p version of bluesky
Using bodily functions as core infra terminology is off-putting and feels like a bit like a juvenile boy's club. I get that some people find it funny, but it alienates people. We should just call these "posts".
Same thing with names like CockroachDB and GIMP.
>What is a post on Bluesky called?
>The official term is “post.”
https://bsky.social/about/blog/5-19-2023-user-faq
I can formulate a response, but it's already required more thought and effort than you seemed to have put into your comment. Engagement farming and bait isn't what HN is generally for.
It's a cool use of technology! Maybe this is Bobby's first API. Why the need to tell Bobby that you're too cool to appreciate it? As the opening of the OP points out, this has very little to do with ${new_propaganda_platform} as you so dismissively put it. They're self-hosting their site on a protocol not intended to exactly do that! That's cool even if you've been able to do that since whenever you discovered you could do that.
They don't seem to be doing any of the things you're throwing at them as negatives. They're not saying this is the future of the internet or something everyone should do or forcing all their friends onto it. It's just an interesting demonstration of the underlying tech of a protocol and what you can do with it.
If you seem to think people talking online about their joy about technology and the things they can do about it is "shit spewing" onto your beloved "WWW" then I'm not sure why you're here. You definitely don't seem like you actually read any part of the OP you're "shit spewing" all over.
It was a vague and negative one-liner, with no indication of what you were insinuating or why you think that way, from a brand new account.
If you spent 30 more seconds to expand on what history you were referring to and why you think history is repeating, it would not have been flagged.
If it is the later 2, than them being "eager" is a good thing since that just feeds to toxicity and is a major reason that people have been pushing to move away from Twitter in the first place.
Even the first one I can understand since I really struggle to figure out why you would feel the need to repeat this if it was not an attempt to stir up an argument.
> I would be very reluctant to store anything important there.
Regardless of the reason, you should always be reluctant to store anything important on a platform you don't own. Focusing on this particular topic as the reason however is really just trying to start an argument that does not need to happen.
Especially when its so easy and cheap to store something in S3 and stick a domain in front of it for example.
[1] https://www.bleepingcomputer.com/news/security/discord-will-...
This isn't like saying "Mexican is the best food". Which sure may get a bit heated but at the end of the day is a personal opinion argument.
Attempting to "argue" about someone else's life, who's existence doesn't impact you in the slightest, isn't an argument that deserves to happen. At the very least not in a public space and not without expecting the repercussions of it happening.
Can you demonstrate where/when this has happened? I've been on Bluesky since 2023 and yet to see any concrete examples of people getting banned for saying anything like that.
I've seen plenty of examples of users getting a ton of pushback from others when saying something like that, and ending up on block lists that others can (optionally) subscribe to, but never seen anyone permanently banned over it.
But, being decentralized, they cannot "remove them from the platform" depending on how we define this phrase
Being removed by Bluesky can certainly happen, in the sense that most people who are unaware ATProto is different from what came before, think about these things.
I too would like to see such claims backed up. Too many flags being planted to stake out ideological territory...
https://bsky.app/profile/dustyweb.bsky.social/post/3lbkecsk3...
https://www.youtube.com/watch?v=GZ5XN_mJE8Y