Thu, May 11, 2023
- Kjartan19:43Like for example with dns servers. One might send evil replies, but as soon as I notice it being evil, I can just switch my DNS server and everything just works again
- 19:44I also see there some threat of the plc.reg not turning evil by choice, but by them getting controlled by their country
- goykasi19:47Also, the PLC isnt really the best way to ban a user anyway. Since its just a document repository, it doesnt have any bearing on authentication or authorization. Individual apps would still need to ban the target user. Modifying the PLC data doesnt really do much. It simply describes where a users data is stored (PDS) and public keys for modifying the doc
- Kjartan19:48It's fundamental for federation. If the plc dislikes you, you are limited to your pds
- 19:49If you are on a 1-person plc, you are basically banned
- 19:49(and even if you are on a big server, your reach can be significantly limited)
- goykasi19:50True. But the bluesky team doesnt have much incentive to just dropping a user like (they can simply ban them on the bluesky app). That would create a lot of unnecessary distrust in a decentralized network. It could be disastrous to reputation.
- Kjartan19:52
In reply to this message
They might have no choice. If the FBI or CIA (or whoever would be relevant here, I'm just a European, what do I know) enters the room and says that's how it's done, maybe even with a court order… they simply might have to obey - 19:53Would you feel comfortable as a Russian if the PLC would be located in Ukraine - or vice versa?
- 19:54Would Snowden have used Bsky while he was on the run?
- Aaron Goldman19:57
In reply to this message
We should make the decision between remove and take over. The directory is in the business of timestamping deltas. It can choose not to accept/reject a delta but it can't make a delta for a did:PLC it doesn't have the rotation keys needed to sign it. - Kjartan20:01I'm fine with things how they are as a temporary solution. But longterm a 1-PLC-reg doesn't do it. There needs to be at least some redundancy. So I can just switch to a different server if some server is not "a good choice" for whatever reason
- goykasi20:01I think the main concern is if the bsky org decided to go around the keys/deltas -- going to the database and explicitly removing the operation chain and then changing the code to reject a re-registration(edited)
- Aaron Goldman20:01Also there is a distinction between rejection of a delta and a later mutation of the history. Any alterations of the history are auditable.
- Kjartan20:02
In reply to this message
Couldn't the PLC just pretend that it has never heard of a did? Or that it was created with completely different keys in the very first place (really at creation) - Aaron Goldman
- goykasi20:02Going around the system would cause future distrust and fracture the larger ecosystem. New DID doc repositories would pop up and create separations based on policy and politics (not a great outcome)
- Kjartan20:03Or simply not reply to any requests for a specific did
- 20:03
In reply to this message
A government might not care about the future of the protocol because of reputation issues - 20:06I mean atp assumes at all times somewhat the worst of everyone in the network, users, their device, the pds,… I think especially for its core one may not just trust that they will always play nice. I know if I was a government I would totally go for the plc
- 20:10And this was probably fine, if it's simply unavoidable. But other protocols (not necessarily social media, just other protocols) were able to avoid this. And ATP is still in BETA - now is the time where nothing is written ins tone yet, and if this should be avoided, it can still be avoided
- Kjartan20:17I think it might be enough to just create enough redundancy - it doesn't need to be unlimited(edited)
- 20:18Like put already one plc.reg in basically almost every country. So I can connect to that country's plc I'm trusting the most at that moment
- 20:18it's not ideal, but would be already some improvement imo
- Kjartan20:24It probably would lead to inconsistency - but if that "ever" happens, it would be proof that it was good to have more than one in the first place
- Aaron Goldman20:27
In reply to this message
If they pretend they never heard of it two cases. One, from the beginning e.g. your doc is >4k so the directory rejects you. You can hand your delta to various PDSs so they can try submitting it and condense themselves that the directory is malicious. Two, they changed the history. You notify PDSs of the DIDs whose history have changed they pull them from the directory compare to local copy of log convince themselves the directory is malicious.
For "created with different keys" no the did:plc:<sha256(initial state)> means that a different set of keys will have a different hash. The only way to do this is to break sha256 and then a better use would be to win all the Bitcoin mining with that math instead of stealing a did:plc
- kcchu20:31
In reply to this message
I understand that PLC can be made auditable. But my point is that when PLC is controlled by a single party, that single party also control on the policy about what being a “valid” state. Bluesky can just change the rules arbitrarily and everyone else will have to either accept the new policy or not using PLC. Without a viable alternative, public auditability is meaningless.(edited) - Kjartan20:31
In reply to this message
I meant with the new keys, not to offer wrong, but seemingly correct data. Just wrong data, so a PDS can't do much with it (while I still think the easiest will be, just to return a 400 whenever the targeted did shows up in a request (no matter from which plc). And untill enough PDS get together to decide on a new PLC.register the user (who maybe depended on atproto) wouldn't need it anymore anyway - Kjartan20:38While it would be also very difficult for PDSs to decide on a new PLC register - once the protocol has been already running for a while. Especially when PDS realise that it is not something you can 100% rely on. Every PDS would like to see the next PLC closer to themselves (being it political, geographical, or whatever). And how would they even connect and find each other in the first place.(edited)
- kcchu20:41
In reply to this message
Exactly. In this situation the DID become highly fragmented and highly political. It will be worse than just using DNS - 20:43Also, I question the financial sustainability and incentive for running such public PLC registry. Since there are no venue to charge a fee, who and why would people operate a public PLC?
- kcchu20:48Let me clarify my position, PLC as a temporary stopgap is fine for now. But I can’t see it being a viable design for medium to long term. It is a single point of failure that defeat the whole purpose of decentralization in AT Protocol.
- Kjartan20:51
In reply to this message
Yeah, fine for now (one has to start somewhere) but not viable as a long term solution 😕(edited) - Aaron Goldman21:36Maybe I'm too optimistic but I think that replacement of the single server with a aBFT consensus algorithm is not that hard and that there will be enough PDS operators to invite to the consensus group. I just think it's too early to write the rules for who gets invited to join or what behavior gets you kicked out.
- 21:48Fi joined the room
- kcchu22:05This approach make sense to me. And if it is in bluesky’s roadmap it relieves my concerns. Will you guys write up this idea in a blog post or something?
- 23:39@ab27:matrix.org removed their profile picture
- 23:39@ab27:matrix.org removed their display name (ab27)
- 23:39@ab27:matrix.org left the room
Fri, May 12, 2023
- 02:01Freezlex changed their profile picture
- 02:02Freezlex changed their profile picture
- 02:32freezlex changed their display name to Freezlex
- kcchu03:49Hey guys. Sharing something that I am building. Currently in alpha.
bsky.directory- Like Linktree, for your Bluesky profile.
Example: https://bsky.directory/@kcchu.xyz
Features:
• Share your Bluesky profile with links to other social profiles and websites
• Host your profile page on your custom domain, example: https://kcchu.xyz (Mention @bsky.directoryto setup)
• Sign in to edit your links
Coming soon:
• Verify Twitter profile ownership
• Find your Twitter follows on Bluesky
• Private links: links that can only be seen by mutual friends, best for things like email addresses and phone numbers.
• Automatic DNS: setup custom Bluesky handle without managing DNS.
• Themes
The software will be open source when it is ready.
Your feedback is important to me!(edited) - 03:51lazyatom joined the room
- 03:54rht joined the room
- rht04:12
Hi Bluesky devs,
I'm interested in using the protocol as a tamper-proof means of publishing of data. My current way of doing this to a Git commit: first, I PGP-sign the commit, and I then persist the hash representing the commit to https://opentimestamps.org/ (along the line of NIP-03 in Nostr). I suppose the problem with this approach is that the identity tied to the Git commit and PGP key is not self-sovereign (an email address). And that using Git, PGP, and publishing the repo via BitTorrent/IPFS would require some technical expertise.
As such, my use case is more on the authenticated data part, where the social network part is not essential (or maybe it could be used for the trust network). What would be the easiest way to use the protocol for this use case? I have looked at an
unofficial Python SDK, but it seems to require using the entirety of the protocol. - 04:21Hinata Shouyou joined the room
- lazyatom04:26Is there any guide (official, unofficial, anything) about setting up/running your own PDS?
- rht
- lazyatom04:39Thanks
- 04:43Hmm, I get an error that seems to be because I'm not also running a Did Plc server on port 2582
- rht05:06
It works for me if I did
make run-dev-env
. I was able to ping the local PDS server. Sorry that I can't be of help, because I'm also new.1234567891011121314
██████╗ ██╔═══██╗ ██║██╗██║ ██║██║██║ ╚█║████╔╝ ╚╝╚═══╝ protocol [ v0.1.0 | created by Bluesky ] Initializing... [2582] 👤 DID Placeholder server started http://localhost:2582 [2583] 🌞 Personal Data server started http://localhost:2583 Test environment generated.
- lazyatom05:48Ah - the command is
make run-dev-env
- rht05:51You can do
mkuser("yourusername", 2583)
on the CLI to create a test user - 05:54Achal Jhawar joined the room
- 06:47@horiehitoki:matrix.org removed their profile picture
- 06:47@horiehitoki:matrix.org removed their display name (Hitoki Horie)
- 06:47@horiehitoki:matrix.org left the room
- Kjartan10:36What does the ctx.repoSigningKey as in https://github.com/bluesky-social/atproto/blob/deabb71da444bc7d56038089473d9d8c9d634e51/packages/pds/src/api/com/atproto/server/createAccount.ts#L51 represent? I think to have understood ctx.cfg.recoveryKey and ctx.plcRotationKey, but not this one!? 🤔
- 10:40I mean, it's what's ending up as "verificationMethods" but I don't get what this one stands for either
- 11:07nishioka_atsushi joined the room
- Aaron Goldman12:41
In reply to this message
You might want to think about that UI makes it look like a phishing site for Bluesky Social passwords - Kjartan12:43After the login? Because up to the login, I find it actually quite nice? (I didn't login though)… or imaybe it depends on the browser. but looks fine here(edited)
- Aaron Goldman12:51
In reply to this message
The verificationMethods are the keys that can sign the commits to the repo. - Kjartan12:53Shouldn't this be one of the keys of the array, we talked about a couple of hours earlier?(edited)
- Aaron Goldman12:54no. rotationKeys are about the DID Document. verificationMethods are about the AtProto repo
- Kjartan12:54ohhhhh. Thanks!
- Aaron Goldman12:56The DID Document deltas need to be a chain the only way to know it is valid is to replay from the beginning and have each step use a valid signature. The repo is very diffrent. You just need the latest Commit and then you follow the hashlinks to the data
- 12:57This allows the repo to have data removed without effecting the validity of the rest of the data. We need this so that PDSs can implement GDPR.
- Kjartan12:58I don't understand what "goes into" a did. I thought I understood alls teps involved to get the result of plc.createOP (which at creation returns the new user's did, doesn't it?) but I expected to get the same did for a new user, if I run it with the same arguments, but I get different a different DID for the new user (which is in general very good - but I don't understand why the results are different)(edited)
- Aaron Goldman12:59If the init state is difrent by even a single bit the did:plc will have a very difrent hash
- 13:00@kaddare:matrix.org joined the room
- Kjartan13:00
In reply to this message
What do you mean by init state? I GUESS it's not (only) the arguments to createOp!? - Aaron Goldman
- Kjartan13:03Ok, then I got it right, I guess. But have somewhere else my issue. The signature should be the always the same, for the same record, shouldn't it? Or wait I look for the two dids I compared, as an eample
- Aaron Goldman13:03
123456789
{ "sig": "v0Oilmbj4DmrKl8updN4a4RRy-W4KMkFbQgzeic5wWwIUNcv2MubGAcIcWorHO7ENfVMw277vsZ_8ElTLwyGww", "prev": null, "type": "create", "handle": "aarondgoldman.bsky.social", "service": "https://bsky.social", "signingKey": "did:key:zQ3shP5TBe1sQfSttXty15FAEHV1DZgcxRZNxvEWnPfLFwLxJ", "recoveryKey": "did:key:zQ3shhCGUqDKjStzuDxPkTxN6ujddP4RkEKJJouJGRRkaLGbg" }
is the initial state
123456789101112131415161718192021
{ "sig": "-HaOHhXggXNikMIh1gVY6mLcPgkroO9Q3l3wScUX2FQd1Z4Fp8OdOO4KYO5ZQJzF0aCDd1pKbVojCZJxTqCT8A", "prev": "bafyreie3v6g2tzcz5pjvvaoeygemqnvcmhr2q64pztthmgngab7gzspadq", "type": "plc_operation", "services": { "atproto_pds": { "type": "AtprotoPersonalDataServer", "endpoint": "https://bsky.social" } }, "alsoKnownAs": [ "at://aarondgoldman.bsky.social" ], "rotationKeys": [ "did:key:zQ3shhCGUqDKjStzuDxPkTxN6ujddP4RkEKJJouJGRRkaLGbg", "did:key:zQ3shpKnbdPx3g3CmPf5cRVTPe1HtSwVn5ish3wSnDPQCbLJK" ], "verificationMethods": { "atproto": "did:key:zQ3shXjHeiBuRCKmM36cuYnm7YEMzhGnCmCyW92sRJ9pribSF" } }
is the first delta
- 13:05the init is valid because the b32(Sha256(CBOR(init)))[:24] is toxy3kpelhv5gwubytayrsbw the delta is valid because it is signed by did:key:zQ3shhCGUqDKjStzuDxPkTxN6ujddP4RkEKJJouJGRRkaLGbg(edited)
- Kjartan13:05let's look here for both only at the initial state: https://plc.directory/did:plc:on2y73hnbsr7gslexig7hsc3/log https://plc.directory/did:plc:gvzdrflwlg7zfrh2pkqdcwx4/log I thought I could get them both to collide (and maybe have the second account taking over the first account). But I received different signatures both times (so, yeah, you are right, obviously different dids - I forgot about that). But why do they have different signatures, as the data is otherwise completely the same (seemingly)(edited)
- Aaron Goldman13:08Different sig value different hash, not surprising.
- Kjartan
- Aaron Goldman13:09The signature is not deterministic.
- Kjartan13:09Shouldn't it be the same, as it's the same pds, the same handle, the same keys
- 13:09oh…
- Aaron Goldman13:10same key different IV(edited)
- Kjartan13:11
In reply to this message
And now I know where my server implementation does something wrong. Thanks! - Aaron Goldman13:15Yes the init was not always signed but making the did creator sign it makes them prove that they have a rotationKey and are not totally broken. Also give more uniformity between the init and the deltas so it is simpler to parse. It is nice to always have the same shape.
- 13:17I bet my did:plc:toxy3kpelhv5gwubytayrsbw will run me in to bugs in the future when PDSs ignore that there was a difrent format for the first few hundred did:plc 🤔🤔😨
- Kjartan13:19
In reply to this message
Just delete them accidentally 🤣 "Ooops, good that it's still in beta 😀" - Aaron Goldman13:28just checked there are 2663 did:plc:s with unsigned inits 😨
- 13:29there are some pain points to an immutable ledger
- Kjartan13:31I wouldn't worry too much. That's exactly that kind of stuff that makes a beta. It's not great, but it can happen
- 13:33
In reply to this message
Regarding this. It's likely not an atproto issue I have, but I hope you can point me to the right direction anyway. So if I have a private key K then K.sign(someData) should always give different results? Because I thought I knew what I did wrong, but I always get the same results anyway :/ - Aaron Goldman13:39hmm just calling
keypair. Sign(encoded)
in the example server
https://github.com/bluesky-social/atproto/blob/deabb71da444bc7d56038089473d9d8c9d634e51/packages/repo/src/util.ts#L238-248 - Aaron Goldman13:44
return secp.sign(msgHash, this.privateKey, { der: false })
https://github.com/bluesky-social/atproto/blob/deabb71da444bc7d56038089473d9d8c9d634e51/packages/crypto/src/secp256k1/keypair.ts#LL55C10-L55C10 - Kjartan13:44Yeah, that's what I always use as a reference. But with that I'm able to produce overlapping dids (which also would make it into the database, and effectively take over an account - although the plc shouldn't accept it)
- 13:46msg would be the same, ergo msgHash as well; so if the signature should be always a different one, it would have to be somewhere in secp.sign which makes the difference. But I don't know secp keys at all and were just using a library (I tried it there with creating a new Secp context, but this didn't change anything)
- Aaron Goldman14:17The directory should reject it since for that DID it already has deltas and this one dose not have the last existing one as it's prev. It should tell you the current latest and ask you to update the prev to that CID. The users client's rotationKey should be diffrent but at the moment most clients don't upload a rotationKey that they keep in the local key chain.(edited)
- Aaron Goldman14:23
In my mind there are three non-malicious reasons for the directory to reject a delta.
- It is not signed correctly.
- It dose not have the latest delta as it's prev CID.
- It is too large or exceeded the rate limit.
- 14:26the
services.atproto_pds.endpoint
being on a blocklist now that we can argue about for the next few decades or until we move off did:plc 😛 - 14:51davidnoe set a profile picture
- 16:31Berk Selvi joined the room
- Kjartan16:44Yeah :/
- @kaddare:matrix.org18:15Message deleted by Aaron Goldman
- Chris Lace19:28Yes 👍💯
- kcchu19:31
In reply to this message
You mean because it ask for Bluesky password to sign in? Surely it is an issue. Any plan for a oauth style login flow soon? - Aaron Goldman19:38Well anyone with a DID should have a verification method key 😈
- kcchu19:40Even PLC DID? But I think the keys are managed by PDS (for most users). Can users use the keys in PDS to sign something?(edited)
- 23:02@leohoo_sdu:matrix.org joined the room
- 23:02@leohoo_sdu:matrix.org left the room
Sat, May 13, 2023
- 00:09@itspranitsingh:matrix.org joined the room
- 00:20@itspranitsingh:matrix.org left the room
- 01:18colbskysocial joined the room
- John Ngugi
- moved to @shreyan:beeper.com@shreyanjain:matrix.org01:41um, respectfully... what???
- 02:06ni5arga joined the room
- @louipc:matrix.org04:58
In reply to this message
it hardly works.. mods would need to manually add that tag to their notifications - citizenziggy
- Kjartan05:08
In reply to this message
https://github.com/bluesky-social/atproto - clone it, build it, and run the pds server - citizenziggy
- Kjartan05:11Nope
- citizenziggy
- Kjartan05:14
In reply to this message
Absolutely not. I guess soon, but also not within just a few days. Wild GUESS maybe 3-5 weeks? But there weren't any hints on the timing as far as I know. So it's really just a guess - 05:15Maybe even a too optimistic one. Nah, I really have no idea(edited)
- 09:43@farribeiro:matrix.org joined the room
- 11:09@zedzedzed:matrix.org joined the room
- @zedzedzed:matrix.org11:09vos docs, ça se translittère facilement avec des fichiers .po ou pas du tout ? bon week-end !
- 11:21@louis77:matrix.org joined the room
- Kjartan13:11Does anyone know the parameters the ts server uses for scrypt. I have the salt, I have the hash, but also a hard time, because I don't know N, r, p… (I assume N to be 64)?
- 13:11I'm fine with scrypt in general, but would be nice if my server could work as a drop-in replacement for the ts version
- @zedzedzed:matrix.org13:45question for the sysadmin : whom is behind the original original original original twitter handle ? ? ? ? :) :) :) :) ;) have a wonderful day ! - docsmanpage
- 15:16Tsotne Nakopia joined the room
- 16:40@matorix:matrix.org left the room
- @farribeiro:matrix.org16:52bluesky/at protocol will talk/integrates to activitypub?
- Kjartan
- Kjartan17:02But who knows what the future will bring 🤷♂️ but if so, I dont expect it to happen anytime soon
- @farribeiro:matrix.org17:03ok
- Chris Lace17:04Anymore invites anybody?
- @farribeiro:matrix.org17:05btw... how long does it take to send a code, when it enters the list? that's what i've been waiting for about two weeks
- Kjartan17:05Having or wanting? I don't have any, but would always appreciate some :)
- Kjartan
- @farribeiro:matrix.org17:05since october?
- Chris Lace17:06It’s been 2 weeks now 😞
- Kjartan
- 17:06My personal view - your only chance is to get in if you get a code by someone
- Chris Lace17:07I need to see the wizard about invites
- @farribeiro:matrix.org17:08I didn't even get an email that I was subscribed to the list
- Kjartan17:08I dont think there is such a confirmation email
- 20:30Antonio Cuccu joined the room
- Anonymous20:38I'm sure the chances are zero, but if anyone has an invite code to burn we'd appreciate it thanks.
- 22:03are there any other bluesky servers out there someone could sign up to?
- Aaron Goldman22:28I think https://stems.social is the second largest PDS
- xnf0k22:39
In reply to this message
Just adding to this, we've restricted invites to prevent a flood like last time. Since the aim is to show how other namespaces can work in bsky/atproto, now getting an invite requires an ENS name (*.eth specifically). These can be set as handles after registration.
https://invite.stems.social - 23:32austinha joined the room
Sun, May 14, 2023
- Chris Lace01:55I just purchased my name from Stems. How do I add and change it to (BlueSky) handle?(edited)
- xnf0k01:56Uh you mean bought an ENS name? Because stems doesn't charge anything
- moved to @shreyan:beeper.com@shreyanjain:matrix.org
- Chris Lace
- moved to @shreyan:beeper.com@shreyanjain:matrix.org02:01no you did recieve an ENS name
- 02:02but you can't use that with bluesky unless you're on the stems pds
- Chris Lace
- 02:04I’m just tryna verify my (BlueSky) account that’s all …!
- 02:05@logic-gate:matrix.org left the room
- xnf0k02:061. stems is a different server that doesn't federate with the mainbsky.socialinstance. 2. This is mentioned multiple times everywhere and even need to confirm on the website. 3. If you have an ENS name, the website lets you claim an invite code to stems. It also explains how to use it as a handle in stems.
- Chris Lace
- 02:08I’m Stemed as hell now lol ..
- 02:09I don’t have a website for my name
- Kjartan02:10
In reply to this message
When it happened back then, I didn't blame stems, because while they wrote it already back then, but I understood the confusion, as it probably wasn't obvious enough for the "average user". And I really like that you did the "I confirm bla bla bla" checkbox - kudos for that one! So I'm a bit surprised that obviously it still causes confusion (and I would have no idea or suggestion how to make it even more obvious) - 02:10
In reply to this message
You can still join stems so. It's still nice there. I'm there as well :D - xnf0k02:11Idk what else we can do other than a 10 second non-skippable full screen alert with sound
- Chris Lace
- 02:14But is there anyway I can change my (BlueSky) handle name without an website?
- moved to @shreyan:beeper.com@shreyanjain:matrix.org02:15only to other .bsky.socialhandles
- Kjartan02:15
In reply to this message
Especially for just checking it out, it will totally do. It's not as busy there, but this also means, it has more of a "family" vibe ☺️ - Chris Lace
- 02:30Vincent Kadar (@kooderor:matrix.org) joined the room
- 03:34kapek joined the room
- 07:13bobwiller joined the room
- 08:06Vincent Kadar (@foretyhop:matrix.org) joined the room
- 10:41@seiya133:matrix.org left the room
- 10:46@nica:matrix.cyber4edu.org joined the room
- 11:31pomeloop joined the room
- 12:15Matt Reider joined the room
- 16:35@neeg:nitro.chat left the room
- 16:58alphadec joined the room
- mikuhl18:30Daniel Holmgren: you might be able to close many issues at once with a simple change, could you look at this comment? https://github.com/bluesky-social/atproto/issues/330#issuecomment-1536562004
- 21:40Compy (@compy:envs.net) joined the room
Mon, May 15, 2023
- 01:10@l_tan:matrix.org removed their display name (dolciss)
- 01:10@l_tan:matrix.org left the room
- 02:03Kazuo “cazzbay” Iimura joined the room
- 02:04Kazuo “cazzbay” Iimura set a profile picture
- 03:33kate_nym joined the room
- salrides04:23+1 🙏🏼
- salrides
- Kjartan04:36
In reply to this message
I'm currently tinkering a lot with it. The last 48h It wasn't even running most of the time (as no one was logged in anyway). I just started it, but it might misbehave in some aspects. If you are going to use it, and it does misbehave, just send me quickly a message with the issue, and I'll look into it. - salrides
- Kjartan05:07Maybe someone knows it: when you click in the staging web client on search, it requestsapp.bsky.actor.getProfiles for some handles. Where does the list of handles it asks for come from? Like, to which earlier request were they the response?
- Kjartan05:35
In reply to this message
If someone else runs into this. If you wonder where alice bob and carla come from. They are hardcoded in the staging web client - 05:37(makes you somewhat question how useful those two requests are though)
- tolo08:20I deleted my account because I wanted a break from social media, not the best idea on a private beta ;-( any invites available my fellow aspirational internet users
- 08:37Kjartan changed their profile picture
- goykasi08:58
I have a question for the bsky/atproto devs. How do you imagine 3rd parties to develop apps? We would definitely work out a set of lexicons, generate the stubs and implement the business logic. But where is that code going to live? As a PDS?
The docs recommend providing the base atproto functionality along side new features (and a lot of it is needed/useful — auth and repo usage), but are we expected to build inside of the indigo/atproto repos? That doesnt seem very scalable.
Is there a dev guide in the works? I have a couple of apps in progress, but Im not sure the appropriate place for them to run. Currently, Im just dumping them in the api/pds subdirs for indigo.
(edited) - 09:24Freezlex changed their profile picture
- Compy@compy:envs.net11:05Curious, when someone reports a post on my own network, where does that report actually wind up?
- Chris Lace11:42Message deleted
- 12:42@seinlin:matrix.org joined the room
- Matthew13:07are bluesky folks doing dwebcamp this year?(edited)
- peterrood
- 13:51Getting an intermittent error when trying to add a link card onstaging.bsky.appin macOS Safari today
- snarfed17:12
In reply to this message
you'd develop and run that code yourselves, entirely outside of bluesky's repos and servers - moved to @shreyan:beeper.com@shreyanjain:matrix.org
- 17:17Maybe eventually sites will hardcode in exceptions for bsky the way I'm guessing they have for Twitter, Facebook et al
- Aaron Goldman17:32
In reply to this message
For apps that the PDS has no application specific logic for the application would need to submit the set of paths and record that the application wanted to be included in the repo to the PDS for signing.
One could imagen a UI from the PDS to the repo controller
"""
Applicationxyz
is trying to insert records to collectionabc
anddef
- Allow once
- Allow for 2 weeks
- Allow indefinitely
- view records and approve individually
"""
Weather the repo additions and commit signing happens on the PDS or in the repo controller's client there will need to be UI for granting any particular application the ability to insert into the repo.
An alternative architecture that was considered was to issue capabilities to aplication so they could sign the repos themselves but that would mean every client would need to do validation work to check that any given commit only changed the collections that the capabilities allowed them to. Probably better for them to propose a new commit and the validation only need to happen before the PDS or client signs the commit to make it the new head of the repo.
- 17:34Users have largely accepted the android permission model where applications ask for what they need. A similar model for which aplications get to edit which collections in the repo could also work.
- Chris Lace19:22Where do I go to purchase a Name Handle for (BLUESKY) verification?
- moved to @shreyan:beeper.com@shreyanjain:matrix.org19:23standard DNS
- 19:23just buy a domain name
- Chris Lace
- 19:23@farribeiro:matrix.org left the room
- moved to @shreyan:beeper.com@shreyanjain:matrix.org19:25yes
- 19:25regular
- 21:08louipc changed their display name to louipc.m
- 21:32@toriii:matrix.org joined the room
- goykasi22:33
In reply to this message
I think it would make more sense to keep record signing and repo mutations on the PDS side. That would cut down on code duplication, and the client code would stay more lightweight.
But how would you feel about separating the atproto and bsky apis? Since they are currently built/deployed together, there is not a clear barrier for integration. Separating these components would provide outside teams a better picture of where we hook into the systems. This would also serve as very thorough example application for the atproto protocol/network.
- 22:35aldebaranoz joined the room
- 23:30@ooooret:matrix.org joined the room
Tue, May 16, 2023
- 02:34@aryak:projectsegfau.lt joined the room
- 03:33kevin ✨ joined the room
- Patryk07:33Question to the team: is the ability for users to change emails on the near roadmap? Just noticed my email is wrong(I know admins can already change it)
- 08:25wonkey joined the room
- 08:44@yefeo:matrix.org joined the room
- 09:39@seinlin:matrix.org left the room
- 09:48@yefeo:matrix.org left the room
- 10:10Deny7217 joined the room
- 10:12-sysman- joined the room
- 11:53電子馬 changed their profile picture
- 13:07Eric Akira Sobrinho Hamabata joined the room
- Eric Akira Sobrinho Hamabata13:12Is it possible to build something with the ATProtocol atm? Like, can anyone do it or just some invited people can?
- Chris Lace13:22If we invite someone to the app. I hope we’re not responsible for the foolishness they bring. Will it affect us?(edited)
- Patryk13:30AFAIK it might, but prolly depends on the case
- Chris Lace13:31Message deleted
- Chris Lace13:31Ok just wanted to know Thanks!
- 15:56Compy (@compy234:matrix.org) joined the room
- 16:08Mateo C. joined the room
- 16:38raggi left the room
- 16:46Vincent Kadar (@toooutv:matrix.org) joined the room
- 16:58jannk joined the room
- moved to @shreyan:beeper.com@shreyanjain:matrix.org
- 17:32
In reply to this message
You can definitely play with unauthenticated GET endpoints right now. the docs are a great place to start 🙂
Of course, it's easier when you do have a BlueSky invite, because then you are able to test more things and verify against the client - 17:41p4bu1 joined the room
- 21:06@aryak:projectsegfau.lt left the room
Wed, May 17, 2023
- 07:30@4223et:chat.ccc-p.org joined the room
- Mateo C.10:21Hi, how can I get an invitation to BlueSky? I see it's very difficult if you don't know someone who already is.
- 10:21Mateo Costa Fusté changed their display name to Mateo
- 10:22Mateo changed their display name to Mateo C.
- @zedzedzed:matrix.org
- 10:22kidding ! 🙃
- damon/10:24You sign up for the waitlist
- Mateo C.10:26Yes, I did
- @louipc:matrix.org10:56find people who have invites and beg them
- 10:56:P
- 11:01@hiroyuki12:matrix.org joined the room
- 11:04@hiroyuki12:matrix.org left the room
- 11:07@hiroyuki12:matrix.org joined the room
- 13:23John Ngugi set a profile picture
- Mateo C.14:22
In reply to this message
I don't understand the system, it seems rather elitist to me. At some point it will have to be opened up to a wider circle of thought. Thank you - @louipc:matrix.org14:23well its just in beta testing
- 14:24you can probly help by testing your own instance and collaborating with dev..
- 14:24opening up means federation which is not enabled yet
- 16:15kg789 joined the room
- bnewbold20:06hey folks! wrote up some nitty-gritty notes on the cryptographic key types and encoding in atproto and did:plc. these are low-level details only useful to folks doing things like verifying signatures or parsing DID documents. this will all get folded in to more polished docs at some point, but there are some sharp edges and wanted to get these notes out sooner than later: https://gist.github.com/bnewbold/9edbeb62686f7218ff136de2ab68cf7f
- moved to @shreyan:beeper.com@shreyanjain:matrix.org20:08btw, can we do our own signing atm?
Thu, May 18, 2023
- 11:57@treecop:matrix.org joined the room
- Aaron Goldman
- @treecop:matrix.org13:41Message deleted by Aaron Goldman
- moved to @shreyan:beeper.com@shreyanjain:matrix.org
- 17:28although it would be cool to also sign the DID document deltas
- 18:08@nica:matrix.cyber4edu.org left the room
- 18:23@toriii:matrix.org removed their display name (XxTorixX)
- 18:24@toriii:matrix.org left the room
- 20:48@tachinosuke:matrix.org joined the room
- 20:59xb5krnf297 joined the room
- goykasi21:55
In reply to this message
Why not use the createRecord method that is implemented by the atproto api already? - moved to @shreyan:beeper.com@shreyanjain:matrix.org21:55bc i wanna sign my commits manually sometimes
- 21:55like i can in git or nostr
- goykasi21:58just curious, what would be the usercase for that? seems like you would still need to update the cstore/mst, db, push events, etc to keep the repo valid
- 21:58there would be a lot of code duplication
- moved to @shreyan:beeper.com@shreyanjain:matrix.org21:59for me, it's basically just for fun, lol
- goykasi22:00gotcha
- moved to @shreyan:beeper.com@shreyanjain:matrix.org22:00but also, i do think it's useful for much more fine-grained control over my repo
- goykasi22:00makes sense to learn about the signing mechnisms
- moved to @shreyan:beeper.com@shreyanjain:matrix.org22:01yep 👍
- Aaron Goldman23:01The value of client side signing it about choosing your risk. Twitter has had "Tweet as anyone" security but several times. All fixed relatively quickly after first exploitation. If you do the signing on the client and revoke the PDSs key then this class of bug can't happen. Now server exploit is less bad and client exploit is more bad. For the average user the risk of malware on your personal device is more likely than a well-managed PDS. A user that has a need for and willingness to do the work of securing their client can have a much more secure client running much less software than the typical personal device. Having the flexibility to disempower your PDS from publishing as you is not about a mode most users should use but about giving the user that choice.
- 23:02This is why it is not an early priority
- 23:04The value of a PDS comes from being always online and thus available as a target. Doing your commit signing on the client is a different uses case then running your own PDS.
Fri, May 19, 2023
- 05:54Jens Gwen joined the room
- 06:57@nuhvi:matrix.org joined the room
- @nuhvi:matrix.org07:02
In reply to this message
Maybe this is orthogonal, but offline first authoring is definitely missing from most current solutions (DWNs will probably strive for that), and maybe it can be done without signing, by constructing the MST locally and submitting it to the server as a patch?
Anyways, we should do almost everything like Git until proven there is something that needs change, because it worked well so far.
- @nuhvi:matrix.org07:10I tried to understand how did:plc works, but even the Readme says that it is outdated. So my question is, is the PDS currently holding the did keys? If not, where are they? Is the revocation key generated from the password or something? Is it intended to be custodial by the pds for now and then somehow migrate to other solution? It is really hard to wrap my head around this setup, and I managed to understand did:ion!
- goykasi08:08Aaron Goldman: is client side signing a feature that the team has considered or targeting? I think it would be really interesting. Obviously, it comes with a lot of complexity (verification, repo management, correctness, trust, etc etc). But well established libraries could solve most problems. All repos writes still need to be verified server side, but it could be moderately streamlined if an actual “personal, single owner” PDS was campaigned.
- 08:11tobiastyler joined the room
- 08:50hasheddan joined the room
- 09:59cryptodad joined the room
- 15:51cosmicbull joined the room
- 15:54//ADB changed their profile picture
- cosmicbull15:55👋 all. New here, been trying to figure out as a developer how to start playing around with AT Protocol. Saw that the main app page eludes to working with a dev server. I found the documentatio,, but is there any deeper developer startup info?
- cosmicbull16:04Found the thread. Just had to go back in the threads.
- 16:20@porus99:matrix.org joined the room
- 16:49lukas joined the room
- 22:06Toan Tran Van joined the room
Sat, May 20, 2023
- 01:06@xinguankeli:matrix.org joined the room
- 08:28@itspranitsingh:matrix.org joined the room
- Chris Lace11:55Goodmorning happy Saturday
- 17:06atr1um changed their display name to lucidDaemon
- 17:18@ralph:fx45.in left the room
- 18:23@wertd:matrix.org joined the room
Sun, May 21, 2023
- 00:25@d0_0b23520:matrix.org joined the room
- 00:26@d0_0b23520:matrix.org left the room
- 01:49@itspranitsingh:matrix.org left the room
- 02:15MEMEBOI joined the room
- 02:21Shinji joined the room
- Shinji02:22hai
- 05:22Eren changed their profile picture
- 06:22@farribeiro:matrix.org joined the room
- 09:18@itspranitsingh:matrix.org joined the room
- curiouskoa17:03Message deleted
- 19:23giteauser changed their profile picture
- 19:52aceinpink joined the room
- @xinguankeli:matrix.org21:26hi
- mikuhl22:18
I was trying to figure out a way to write clients where you can pull in any lexicon that you want and came up with something like this
123456789101112131415161718192021222324252627282930
export class XRPCClient { procedure() {} } export class Lexicon { constructor(readonly client: XRPCClient) {} } export class AtProtoLexicon extends Lexicon { readonly server = new AtProtoServerLexicon(client); } export class AtProtoServerLexicon extends Lexicon { createSession() { return client.procedure(); } } export class BskyLexicon extends Lexicon {} export class GraphiteClient extends XRPCClient { readonly atproto = new AtProtoLexicon(this); readonly bsky = new BskyLexicon(this); // example: // readonly bitcoin = new BitcoinLexicon(this); } const client = new GraphiteClient(); client.atproto.server.createSession();
- moved to @shreyan:beeper.com@shreyanjain:matrix.org22:19i thought the atproto typescript api already lets you do that though
- mikuhl22:20If you use the "Agents" youll have to like make your own agent if you want to use something custom
- moved to @shreyan:beeper.com@shreyanjain:matrix.org22:20alr
- mikuhl22:21I feel like things will get quite jumbled, for example, if you use some lexicons from some third party, and some lexicons for some other third party
- 22:21then you will need two agents?
- 22:21not sure though
- moved to @shreyan:beeper.com@shreyanjain:matrix.org22:24
for xrpc lexicons i think you can do something like
123456789101112131415161718
const res1 = await agent.com.atproto.repo.createRecord( { did: alice.did, collection: 'app.bsky.feed.post', record: { $type: 'app.bsky.feed.post', text: 'Hello, world!', createdAt: new Date().toISOString() } } ) const res2 = await agent.com.atproto.repo.listRecords({repo: alice.did, collection: 'app.bsky.feed.post'}) const res3 = await agent.app.bsky.feed.post.create({repo: alice.did}, { text: 'Hello, world!', createdAt: new Date().toISOString() }) const res4 = await agent.app.bsky.feed.post.list({repo: alice.did})
(copy pasted from github)
- 22:25wait does that only allow already defined lexicons
- mikuhl22:26BskyAgent for example, defines the com, and app lexicons
- 22:26but what if you wanted some other lexicon
- moved to @shreyan:beeper.com@shreyanjain:matrix.org22:26yeah then i guess you need another agent - but that might be viewed as good for modularity
- mikuhl22:28i guess you could extend BskyAgent I guess, but then what if you wanted to combine stuff from a third party agent
- 22:28then youll need this weird agent with a ton of agents lol
- 22:28i think with my way everything will nicely inherit what it needs
- 22:29ill use it and see if I run into any problems lol
Mon, May 22, 2023
- 00:47kei1215 joined the room
- 01:14taks joined the room
- 05:43panic0 joined the room
- 06:36Noah Grose joined the room
- 07:41Luk changed their display name to Nox
- 07:41Shinji changed their profile picture
- 08:34@farribeiro:matrix.org left the room
- mikuhl14:56
I wonder if its possible to not even use a code generator for lexicon schemas
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
interface Schema { properties: { [key: string]: Property }; required: (keyof Schema["properties"])[]; } interface Property { type: keyof PropertyType; } type PropertyType = { string: string; boolean: boolean; number: number; }; type OptionalProperties<T extends Schema> = Partial<{ [key in keyof T["properties"]]: PropertyType[T["properties"][key]["type"]]; }>; type RequiredProperties<T extends Schema> = { [key in Extract< keyof T["properties"], T["required"][number] >]: PropertyType[T["properties"][key]["type"]]; }; type SchemaFunction<T extends Schema> = ( args: OptionalProperties<T> & RequiredProperties<T> ) => void; function createFunction<T extends Schema>(): SchemaFunction<T> { return (args) => { console.log(args); }; } interface Thingy { properties: { foo: { type: "string" }; bar: { type: "boolean" }; baz: { type: "number" }; }; required: ["bar"]; } const myFunction = createFunction<Thingy>(); myFunction({})
ChatGPT came up with this, but if you use intellisense on the function that gets created it just makes a whole function out of thin air that matches the simplified schema O_O
- Patryk17:45While it's a fun idea, I don't think it's great in terms of performance and it doesn't help wit xrpc
- 18:50@Daegalus:matrix.org left the room
- 18:59waxpancake joined the room
Tue, May 23, 2023
- 08:52@shellsharks:matrix.org left the room
- Marshal08:56🔥 Firehose data streaming is available for Python! Including support of CID, DAG-CBOR, and CAR. The most high-level interface that you can imagine. More info here: https://atproto.blue/en/latest/firehose.html
- justthisguyatx09:04
In reply to this message
Chris Lace: mmurat inanc And custom feeds! Great work, Marshal. Cheers! - Marshal09:06
In reply to this message
Lexicon has been added already in the last release! I’m working on it and I’m gonna provide a template project too. Thank you ☺️ - justthisguyatx09:07That's what I was referencing! Just read your v.0.0.8 release notes. 😃
- Marshal09:08Ah sorry. I read as “add custom feeds!” 😂
- justthisguyatx
- 10:08Chris Laux joined the room
- Kjartan10:28
In reply to this message
Actually, it probably shouldn't be deterministic - but it is (in all the libraries I used, as well as in the official TS server - took me the whole time, but yeah, the issue exists there as well) - 10:29Probably should have tried that earlier
- 10:57Mikala joined the room
- 11:34@matthewjohnsobolev:matrix.org joined the room
- 13:05@farribeiro:matrix.org joined the room
- 14:05astrolox joined the room
- 15:04james h jackson jr joined the room
- 15:18Marc Rijken joined the room
- @farribeiro:matrix.org15:55Message deleted
- 15:56@zedzedzed:matrix.org left the room
- @farribeiro:matrix.org15:56Message deleted
- 15:57Message deleted
- 16:00Message deleted
- 16:01Message deleted
- 18:26@tiaomu:matrix.org left the room
- 20:58@ooovi:matrix.org joined the room
- 23:03Shann | Livepeer joined the room
- Shann | Livepeer23:08Hi All! Is there a Dev Rel lead at Bluesky? Would love to connect about hackathons
- 23:36ericxtang-livepeer joined the room
- 23:51@matthewjohnsobolev:matrix.org left the room
- 23:59ericxtang_livepeer joined the room
Wed, May 24, 2023
- Chris Lace01:22May I receive a few invites please
- Yumeka
- james h jackson jr01:25If one joined the wait list now when approx will they get an invite?
- 01:54@ewan:gilchrist.scot joined the room
- james h jackson jr05:31I heard about this other service called masto something and they say that one dont need invites to join it
- @planetoryd:matrix.org05:32don
- Kjartan05:34
In reply to this message
Yeah, you mean mastodon; that's correct (at least mostly… there are MANY instances, which don't require an invitation (but some are restricted, too)) - Marshal05:35
In reply to this message
I published the link in Hacker News https://news.ycombinator.com/item?id=36056023 ✨(edited) - Kjartan
- james h jackson jr05:41That’s what I figured with over a million people on the list
- Kjartan05:43I've joined the waitlist end of October, and still haven't received the code - so, I guess it's fair to say, that joining the waitlist now will be somewhat pointless (but who knows, maybe they just don't do it in order but by some other criteria)
- james h jackson jr
- 05:47Stems Social is a new server on the Bluesky social network
- Kjartan05:49Stems is cool - just be aware, that it's a completely independent instance, and not related in anyway with Bluesky, except for the fact, that they use their protocol/software. Right now, if you register on stems, you won't be able to interact with the people on the bluesky instance (might be possible once federation arrives, but who knows for sure (if/when this will happen)
- 05:51(but to be fair: you don't really miss anything; there isn't much real content on the official instance either)
- james h jackson jr05:52Yeah true
- Kjartan05:52With real content, I mean, anything interesting. It's just the usual social media content, meaningless, but trying to attract a lot of likes
- 05:57So even if you were able to get a code - it would be boring af, as you can't just invite your friends over to interact with them, and you would be limited to some old memes and "omg - it's so much better here than on twitter", "I love that everyone is so nice here and that the bad guys can't join or get kicked if they make it here somehow anyway". If you try really hard, you might be able to find a few photos of some cute animals, which haven't been posted on all the other pages yet (but you would have to look really hard for those, and even then you'll be lucky to find even a dozen of those on a day)
- 05:58This will likely change as soon as more people join, which will happen when it will be easier to join => don't worry about not having an invite code yet
- james h jackson jr06:00I am not worried I have been on Mastodon since pretty much day one. I was just curious what made this project different than that one so that’s the main reason why I’m looking around here just seeing what makes it different.
- Kjartan06:04On the surface - it's the typical "micro blog" thing. Kinda absolutely comparable to twitter or mastodon (at least for now - while it's limited to one server, on the surface it's exactly the same). In the background it works very different to mastodon - but those details you can already look at in their github repo (if the technical details are your thing at all - if you are just interested in it just as an average user - it's right now absolutely comparable to twitter, except for far less content)
- james h jackson jr06:05Message deleted
- 06:05Message deleted
- 07:13Karl Abbott changed their display name to Karl Abbott (afk)
- 07:31Hash joined the room
- 10:04Karl Abbott (afk) changed their display name to Karl Abbott
- Yuki10:28Message deleted
- 10:28Message deleted
- 10:32Buy Dogecoin changed their display name to Yuki
- Yuki10:37test
- 12:28Shihyu | Livepeer joined the room
- 12:32@tahashafi:matrix.org joined the room
- 12:32@tahashafi:matrix.org left the room
- 13:06Nox changed their display name to Shinji
- 13:06Shinji changed their profile picture
- 13:15Shinji changed their profile picture
- 13:44John Paul joined the room
- Aaron Goldman
- 22:50@itspranitsingh:matrix.org left the room
Thu, May 25, 2023
- 00:56@anond:matrix.org left the room
- 01:28Vincent Kadar (@uttesv:matrix.org) joined the room
- 06:57and wonders again if it'd be possible to sync about using matrix one way or another for DMs in bsky
- 06:57whether that's by deeplinking into matrix clients, using DIDs in Matrix, expressing Matrix as an ATproto lexicon, or whatever
- @farribeiro:matrix.org08:33I don't mean to be rude, but posts on bluesky are not publicly viewable
- 08:38One thing I'm noticing will soon be mastodon angry users, as well as xmpp/Matrix drama(edited)
- 09:41Michael “MWags” Wagner joined the room
- 13:43Shinji changed their profile picture
- 13:44Shinji changed their profile picture
- 13:47Shinji changed their profile picture
- 13:48Shinji changed their profile picture
- 17:37@rimuru:gentoo.chat changed their profile picture
- Aaron Goldman
- 18:19
In reply to this message
did:plc has a verificationMethod EcdsaSecp256k1VerificationKey2019 how hard would it be to make all did:plc's and transitively all bluesky handles valid Matrix ids? - 18:19I don't remember how Matrix gets from a ID to a set of keys
- @farribeiro:matrix.org18:29thanks
- 18:31cool the wrapper and the pulse
- 18:31btw is federation working?
- 18:34I'm thinking of using a federation servers instead of waiting for waitlist(edited)
- Matthew18:54
In reply to this message
i think the way to do it would be the other way round - we’re making matrix ids keys under the hood (albeit curve25519) and then have other mechanisms like did:plc indirect to them - 18:55https://github.com/matrix-org/matrix-spec-proposals/blob/kegan/pseudo-ids/proposals/4014-pseudonymous-identities.md is where we’re at (although assumes a bunch of matrix knowledge)
- 18:56but i love the idea of supporting did:plc as a way to map to the ids (in parallel to today’s matrix IDs, or other ids like emails or msisdns or whatever)
- 18:58and that could then give super easy dms in parallel with atproto itself (and then migrate in future to matrix-as-a-lexicon-over-atproto)
- joelghill19:30Hey, I have a technical question about custom feed development. Is this a good place for that? Or should I ping a specific person?(edited)
- joelghill21:35
Wondering about how to create a DID for the custom algorithm. Do we use our own account’s DID or do we make an API call to create one first? The did:web is provided but I may want to use did:plc
Is it possible to change the DID after publishing the custom feed?
Fri, May 26, 2023
- Chris Laux10:32I have a question about connecting an App to the Bluesky network: Underwww.trendbowl.appI display emerging trends on the Web, from sources such as Mastodon or Twitter. For the former I bring in statuses (toots) from many nodes in the peer-to-peer network of Mastodon, which I then use as a data base for trend identification algorithms. I want to do something similar for Bluesky, with the final goal of displaying trends emerging on Bluesky. My preferred way of doing this would to again establish a flow of posts, or at least a sampling thereof, into my server. So what is the best way of going about this? Is such a service acceptable at this stage of the beta?
- Aaron Goldman10:42Daniel Holmgren: Would you like to route this?
- 17:01Im not on bluesky yet so i dont know if thats true or not
- 17:32Aaron Folmer joined the room
- Skyler Hawthorne
- retr0id20:57
and even extracting the block list for a user can take up to 80 seconds (!) if the account is following a lot of users.
This is straight up wrong, you can download an entire repo in mere seconds, even for the largest repos in the whole network
(edited) - 20:59I'm not sure which mechanism they were using for enumerating blocks (they don't say!), but it sounds like it was inefficient
- 21:01although I have to agree with their conclusion, people aren't getting along, but that's what I'd expect from shoving 100k people in the same room together
- 21:02but their presented data does not support their conclusion. blocks are healthy, it's how conflict is avoided
- Chris Lace21:30Wow’ 😮 it’s sad that ppl are already blocking others on the app. 🤔
- retr0id21:34I can't tell if that's sarcasm or not lol
- Skyler Hawthorne21:40The invites add a lot of random people together, people can't form their microcosms. There's also selling of invites and such. Really not surprising
Sat, May 27, 2023
- ericxtang_livepeer00:11Anyone based in New York and going to BlueSky Hack NYC tomorrow? Join me at Bluesky Hack NYC </> https://meetu.ps/e/M8mwp/15XcS/i
- 01:27edisonlee55 joined the room
- 07:34Robert RSGT joined the room
- 09:59kramlich joined the room
- 11:31chinchilla optional changed their profile picture
- 14:21n-three joined the room
- n-three14:36
In reply to this message
Why? I think it just usual behaviour to not want to talk to or disturbed by someone. There is nothing negative for the blocked person, is it?
Maybe I just don't get the downside. I also didn't get what that article wants to say me. People are blocking each other, so what.
I am INCREDIBLY hyped about the AT protocol and really would like to build something using it. Hopefully I won't need to wait that long for a bluesky code so I can start messy around. I got some kind of excitement like a small child waiting for something. 😊
Really would like to see an unsullied place like the early 2000s internet. It is incredibly exhausting nowadays - james h jackson jr
- Chris Lace14:48I’m hyped about New Platforms, but Will this Block cause division ➗ and discrimination amongst people on social media when they don’t get along? 🤔(edited)
- @samme:schizo.cafe14:49If anything new competition will breathe new life in stagnant platforms to either compete or fall into obscurity
- Chris Lace14:49Message deleted
- moved to @shreyan:beeper.com@shreyanjain:matrix.org
- james h jackson jr14:52Exactly on mastodon you can block whole instances
- 14:52As well as individuals
- n-three14:53
In reply to this message
I don't know ActivityHub but I like the idea of a decentralized authorisation method and the possibility to keep "something" between different services. I like the idea of decentralization in general but mostly it's sadly not that successful on the level of a broader audience. I think bluesky has the chance to make a change and the AT protocol generally enables a larger usage of the same technology at different platforms. I think people will have different entry points to it depending on their individual needs (bluesky as a twitter clone, service X as a Facebook, service Y as an instagram clone and so on) but as they already got their at proto identity they are loosely connected to those other services even though they don't have an account there yet.
From my perspective as a dev such an global platform with many users is great to make it easy for new people to just try your service and I'm also pretty impressed by the protocol so maybe it is also just hyped to work with it. I also like the reliability you are not in control of a larger central party and the idea of everything is beeing connected somehow. - james h jackson jr14:53Thats activity pub as well decentralized
- moved to @shreyan:beeper.com@shreyanjain:matrix.org14:54hmm not quite - AT Proto keeps your account a bit more independent from apps and services
- n-three14:55
In reply to this message
I understand a block more as a disagreement to another person, which seems pretty usual me. People be banned because of their opinion is discriminating but I think this won't happen but just an distinction between two individuals - james h jackson jr14:57Not my project just been using it for the last six years they have an Instagram type app blogging apps, and they all use the same underlying activitypub technology like you can share pictures with people that are on the Twitter like service from the Instagram lo
Iike service because they all use activity pub - 14:57No, I’m just trying to figure out what makes this different than that because I don’t know that much about this. It seems redundant in a way.
- moved to @shreyan:beeper.com@shreyanjain:matrix.org14:58account portability in ATProto - imagine not just interacting across instagram and twitter but using literally the same identity across both
- 14:58and super easy account transitions across servers
- 14:58Plus much more "big world" stuff compared to ActivityPub, like global trending etc
- damon/14:59You described ActivityPub just without the big world
- moved to @shreyan:beeper.com@shreyanjain:matrix.org15:00🤔 I'm gonna need examples
- 15:00I love ActivityPub but using various implementations of it I've yet to see any of those things(edited)
- n-three15:00
In reply to this message
Sounds great, I think I will have a look. I think I've read that name earlier as one of the bluesky members was a former team member (?) and I understood ATProto as an evolution of existing technology, so it might be a bit more interesting to develop stuff on that, which is also just lovely connected to bluesky and seems more like an open technology. But as said, I don't know activity hub - damon/15:02How? You’re the one claiming it’s ever so different without much data to back up what you are saying. There’s infinitely more information on AP than there is AT.
- 15:02What AP projects do you use?
- moved to @shreyan:beeper.com@shreyanjain:matrix.org15:03Mastodon, Mitra, Write Freely, PixelFed, Hubzilla, the list goes on
- damon/15:04So, then what are you talking about in terms of interoperability? Most that you list functions well with one another. I will admit it is not a smooth experience across the board that AT Protocol is promising
- moved to @shreyan:beeper.com@shreyanjain:matrix.org15:05Can you log in to, say, PixelFed with the same account as you use to login to Mastodon?
- damon/15:07
There’s two majors differences/ benefits of AT over AP
You'll be able to port your account between servers including content.
The way the data is structured you don’t have to fear losing all of your data in the event an instance doesn’t give you enough time to migrate your account. This happens often with MastodonCustom algorithms. You'll be able to choose what algorithm you use.
- damon/
- james h jackson jr15:28
In reply to this message
I dont think so but you can follow people on pixelfed from mastodon(edited) - james h jackson jr15:35So thats a definite advantage AT has
- 15:35One id across multiple apps
- @samme:schizo.cafe15:41If there's anything AT can bring it's a hope that it will be less cliquey than ActivityPub is, AP has a huge problem of niche communities that all block each other for existing
- james h jackson jr
- 15:51I hope s protocol can change people’s habits
- Aaron Goldman17:00I don't know if it answers your questions but I tend to think of two main differences between AtProto and AP. And feel free to correct me if I get something wrong about AP. AtProto is content addressed data in a signed repo. If you had a hard drive with the repo blocks it would be just as authoritative as if you read it directly from the PDS. This means repos can be cashed anywhere. Activity Pub uses connections to servers that have DNS names and TLS certificates. You trust that the post is authentic because you're AP server got it from their AP server. The trust model is the CA system. If you need to move your identity the AP server first needs to ask the server who's DNS name is in your name who your server is. Then ask them for your content. If that DNS name goes away then you identity is dead and your content is dead. With AtProto if you're PDS gose away if anyone still has a copy of your repo they can serve it to anyone looking for it. It puts indexers, achieves, and CDNs as top priorities. Drastically reducing the power of PDSs over their customers.
- Aaron Goldman17:15Using a feature like blocking is a tool to balance your right to speak with your lack of any right to my attention. This is present in AP, AtProto, and probably any usable social network. I see the goal of AtProto as minimum trust in the necessary trusted infrastructure. DNS names but you can leave the name without needing to control the domain or don't use one at all and rely on it DID. PDS hosting you can leave the PDS without meeting its permission or cooperation. did:plc directory but anyone cannot at the log and prove if it's duplicitous. Repository signing keys that if they are leaked or if you get a new device can be rotated. I should be able to recover from losing my phone, losing my domain name, losing my PDS, or forgetting my recovery phrase. I just hope not to lose all four simultaneously.
- james h jackson jr17:17
In reply to this message
Thanks that answered my Question and then some has me excited for AT now - Aaron Goldman17:18I suspect if it becomes popular people will start signing their activity pub posts that will change the nature of activity pub
- james h jackson jr17:26Yeah i think so too Aaron now i have a better understanding of it all
- Chris Lace19:08What is (SimpleX- Chat) is it like a inbox 📥 message for BlueSky? 🤔
- Marshal19:21🍿 Example project with custom feed generator powered by Python SDK! https://github.com/MarshalX/bluesky-feed-generator
- retr0id
- Quetzalcoatl23:48hello, how long did you wait for an invite to bluesky? I sent a request a few months ago - no result yet
- james h jackson jr23:49People i know signed up back in October and they still haven’t got one yet. It’s a long list.(edited)
Sun, May 28, 2023
- Quetzalcoatl00:09Thanks, I'll wait for the invite
- Aaron Goldman01:27Hoping the invite problem will be solved by federation and many PDSs that are not run by Bluesky PBLLC.
- 02:14Sam Beckham joined the room
- Chris Lace02:36Why is it so hard getting invites now? I understand the overload but dang ..
- Skyler Hawthorne06:42
In reply to this message
I know I'll be running my own PDS as soon as federation is on. (Actually I'd probably stand one up before that if there were docs.)
Not pushing for a timeline at all because I know that's not how software dev works, but do you have any insight into how far along federation is?
- Aaron Goldman11:14Looking forward to the first blog post from someone here who gets the PDS running on one of these things. https://www.newegg.com/synology-ds220/p/N82E16822108743?item=N82E16822108743 And how many users they can support.
- 11:19Should not be to bad but what do I know never owned one so don't know how well it runs containers. https://www.synology.com/en-us/dsm/feature/docker
- Brad Brown11:59I’ve got a DS220+, and I’m definitely planning to spin a PDS up once federation is live. Maybe I should do a writeup or something.
- 12:00(I do have a bunch of other dockerized stuff running in it and performance is pretty good for what it is)
- Aaron Goldman
- n-three13:18Too bad, seems I will never get mine. Hope a public release won't take that much time from now :/
- valka15:26How does amount of storage look for a pds? (now/future)
- Skyler Hawthorne16:01I have no idea what it's actually used for because I didn't go digging to find out, but I did see from a quick peruse of the ATproto source that there was a config option for an S3 bucket. So I'm hoping that means offloading storage to s3 is possible
- james h jackson jr16:03I wish meta had chose AT
- 16:04Vs Activity Pub
- Skyler Hawthorne16:08
In reply to this message
I mean ATproto is not even minimally functional yet. I would not choose to use such an early project for a production service, no matter how personally excited I was by it - Brad Brown16:09there’s also nothing i can think of that would preclude them supporting both protocols (eventually) in their implementation
- Aaron Goldman16:38
In reply to this message
The only insight into the federation protocol is to point you at some reading.
https://github.com/fission-codes/spec/blob/main/car-pool/car-mirror/SPEC.md
There are at least three problems to think about.
- Know if a repo I follow has an update?
- Sync a repo when you have an old version of that repo.
- Firehose of all blocks from all repos that have this PDS as a host.
The first two can be done agents any PDS with a cache of the repo. The last is PDS specific but indexers really want to ask the question. "Give me everything that has happened since the last time I talked to you."
getAll(since="2023-05-28T21:31:21.157010")
getRepoHeads(since="2023-05-28T21:31:21.157010")
syncRepo(did="did:plc:toxy3kpelhv5gwubytayrsbw", since="bafyreic4iq5quhattt5ghdidl6smeqmrknfal4mdggvjtrvefivggzucjm")
car-mirror is not the federation protocal but the need for a federation protocal is to be able to mirror a car file as the repo is just a car file with the blocks of the repo.
- valka
- 19:01@nobodyu:matrix.org left the room
- 19:11thecubic joined the room
- Aaron Goldman20:28
In reply to this message
That is a little hard to answer. We need to store the n bytes that is the user content. There is nothing we can do about that. I addition to the raw data there is the intermediate blocks from the Merkel tree. It is a mostly balanced tree with a fanout of 32 so most of the nodes are the leaves with about 1/32 < .04 blowup in size for the first layer of inodes. The second layer is 1/(32^2) < .001 blowup. The root is signed so about 64 bytes per commit for the signature. On average the Merkel tree + signature will use less space than signing each record with its own 64 byte signature.
My general rule of thumb is that for the amount of data being stored expect a 4% size blowup for the repo over the raw data in the repo.If the repo is posts 1 kiB per post is a reasonable guess. For images 1-10MiB. For video 1-3 GiB per hour.
Now for the Wild guessing part.
Most users will upload less than an hour of video a week, let's call it 2.5 GB. That is enough to totally dominate the text and photo data.
If you have 2,000 user on your PDS that average 2.5 GB/week you would get something like 5 TB / week. Fortunately, most of your users are using much less than that. https://www.amazon.com/dp/B08V13TGP4/ a simgle drive could hold 1,000 hours of video - Skyler Hawthorne
- Aaron Goldman22:01
In reply to this message
So a repo controller certainly can delete content. The PDS can then garbage collect at its convenience.
But if they don't delete anything the PDS needs to keep it around as it is the content host of last resort.
That said offloading unpopular content to a glacier/tape store like store could help a lot.
- kcchu22:15
In reply to this message
It probably better to externalize large blob like video out of the repo. It makes transferring between PDS easier. And most BGS are probably not interested in processing the blob - valka22:34Thank you for the thorough answer, something for me to think about
Mon, May 29, 2023
- Aaron Goldman00:57
In reply to this message
Maybe but part of the value of a Merkel tree is that you don't have to download the whole tree to validate it. If I have a collection for post, one for pictures, and one for video there is nothing to stop me from only pulling the collections I care about. A BGS may well ignore the collections that they know are not text data.
This is one of the places I hope we can do better than git did. - retr0id
- retr0id03:00
In reply to this message
btw blobs (e.g. images) are already stored separately from the main repo (I suppose that's just an implementation detail, other than that they're not returned by getRepo) - 04:51nakasyou changed their display name to nakasyou(Shotaro N.)
- Aaron Goldman
- 10:32Same math with a fan-out of 4 just more overhead.
- 10:33p.s. I know the tree is not actually infinitely deep but only the leaves matter so it's a good approx.
- Aaron Goldman10:44Guess I didn't need the when the fan-out would never be less then 1
- 10:46Also most people in this room probably don't care about the theory behind the overhead introduced by the MST just that the content is most of the storage overhead. 🤷♂️
- 11:35Jack McDermott joined the room
- Jack McDermott11:37Hi all! I'm Jack, the Growth Lead of Yup, a new Bluesky client that allows Bluesky users to crosspost to Bluesky and Twitter at the same time 😎
- 11:37Jack McDermott set a profile picture
- Aaron Goldman11:43
In reply to this message
Would be cool if you could import the Twitter take out my data zip file. - 15:36R1 Airport joined the room
- @farribeiro:matrix.org16:38Hi, someone on discord said that the Matrix has a room for exchanging codes, could anyone tell me which one it is? Thanks
- aceinpink19:24Hi, what kinds of did:keys are acceptable/standard for thefor the did:plc method?
signingKey
and therecoveryKey
(edited) - 19:27I can see on the atproto typescript implementation that secp256k1 and p256 are being used
- goykasi
- 19:35The two that you mentioned will likely be the standard. But I don’t think atproto imposes any inherent restrictions — except by the default implementations
- aceinpink19:58
In reply to this message
Ok that's good to know. I'm leaning towards using Ed25519 for my atproto implementation and just worried about interoperability with other PDS' - goykasi20:36But Im wondering what would happen if a PDS implementation supports/uses non-standard key types. Does it become ignored by other PDS/BGS instances since they wouldnt be able to verify signatures?(edited)
- Aaron Goldman21:51
In reply to this message
The only thing to keep in mind there is wether you care about using the web crypto APIs to get non-extractable keys stored in a TPM, Fido key, or OS keychain. The web crypto APIs have a very limited set of cyphers Tue, May 30, 2023
- retr0id07:22last time I checked the web crypto apis don't support signing ops for any non-extractable key types
- 07:22webauthn gets half way there but you don't get to control what you sign precisely enough
- 07:25maybe I'm conflating non-extractable with hardware-backed
- 07:52LP joined the room
- 10:14@enapiuz:envs.net left the room
- Jack McDermott10:26
In reply to this message
Yeah! Well you can connect your Twitter on our app which brings in your Twitter data into a feed that shows posts from accounts you follow on Twitter as well as Bluesky in that same feed! And when you crosspost to Bluesky and Twitter it goes to all of your Twitter followers' feeds! - 10:53@germaingermain:matrix.org left the room
- pepijndevos13:07Is there documentation how to take part in the federation sandbox?
- @farribeiro:matrix.org15:48Aaron Goldman: are you Golda in discord?
- Aaron Goldman15:50@aarondgoldman:matrix.orgis AaronDGoldman#8819 on discord,
- @farribeiro:matrix.org15:51oh... ty
- Aaron Goldman15:52you may be looking for@gvelez17:matrix.org
- @farribeiro:matrix.org15:52I was trying to identify a user who had messaged me
- 15:53Golda on discord suggested a room to talk about the codes -- in the matrix -- because it's busier
- Aaron Goldman15:53I try not to send too much spam to people. 😛(edited)
- @farribeiro:matrix.org
- 15:55Discord seems to have a lot of people but... little agitation
- 17:36Yellowsky joined the room
- 17:37Yellowsky set a profile picture
- moved to @shreyan:beeper.com@shreyanjain:matrix.org
Wed, May 31, 2023
- 02:49chris@machine joined the room
- 06:35@nasudonguri:matrix.org joined the room
- 06:55Lumen Acab Freitas (She/Her) changed their display name to Lumen (She/Her)
- 06:59Lumen (She/Her) changed their profile picture
- 08:30jcgoodwin joined the room
- 09:35@dym-sh:matrix.org left the room
- sylphrenetic09:54what's the plan to handle bots on other servers once federation comes up? like, if I as a bad actor wanted to create bots to spam people so I create another server just to host my bots, is there any mechanism for ordinary people to protect themselves from them? I think blocklists/mutelists maintained by the community is great for some things (when carefully maintained) but those lists can't keep up with bots who can create new DIDs/accounts at will.(edited)
- 10:39@confidant1118:matrix.org set a profile picture
- @confidant1118:matrix.org
- sylphrenetic
- @confidant1118:matrix.org11:00Basically the same systems as email, some kind of AI spam filter, a blacklist run by a trusted third party, and the ability for users to mark certain content as SPAM to train a personal AI to junk stuff the user considers SPAM.
- 11:01@jbrooks:matrix.org joined the room
- damon/11:52Do you guys know where I can find any of the Infra documentation?
- valka11:54There's a docker-compose file here if that helps https://github.com/bluesky-social/indigo/blob/main/cmd/fakermaker/docker-compose.yaml
- 17:20denis joined the room
- 17:57peppersghost joined the room
- 23:28DL joined the room
Thu, Jun 1, 2023
- 05:00@aragorndr:matrix.org joined the room
- 16:26aaronpacheco joined the room
- 17:46@rimuru:gentoo.chat changed their profile picture
Fri, Jun 2, 2023
- 00:36AlbertoV joined the room
- AlbertoV00:56Hi i'm e Italian project manager and developer so could you send me an inviation code for #BluesSky because I have designed a disruptive project on his protocol. Thank you, bro !
- @planetoryd:matrix.org
- AlbertoV01:24Implement a closed business social integrating Slack + Facebook Workplace features for software company based on AT Protocol
- 01:24My github link https://github.com/AlbertoVari
- retr0id01:57How do you plan to make a closed network on top of atproto?
- @nasudonguri:matrix.org02:02Message deleted
- @nasudonguri:matrix.org02:07Message deleted
- @nasudonguri:matrix.org02:13Message deleted
- 02:14Nad changed their display name to Nad // away
- @nasudonguri:matrix.org02:14Message deleted
- 02:17Message deleted
- DL03:37Any one have bluesky invite?😜 If have sent me DM
- Chris Laux03:45
In reply to this message
I'm looking for an invite too! I want to develop for Bluesky, and won't be a spammer or such... - 04:52Freezlex changed their profile picture
- 05:38Karl Abbott changed their display name to Karl Abbott (afk)
- 06:28@aragorndr:matrix.org left the room
- 09:12divan joined the room
- 09:43Karl Abbott (afk) changed their display name to Karl Abbott
- @farribeiro:matrix.org
- 12:51Better get on the waitlist. By the way I was excited to get on the platform. But he lost interest when he asked others after getting a code and now?
- 12:52I didn't get a code
- james h jackson jr
- n-three15:00What do you think about an imageboard ontop of bluesky? Imagine a 4chan overview, including filtering categories/feeds, linked to respective bluesky posts?
- 16:19Xeyn changed their profile picture
- @farribeiro:matrix.org17:28The bluesky app will have a list of servers to register? Similar has the fluffychat app(edited)
- damon/17:29Similar to mastodon, yes
- @farribeiro:matrix.org17:37i think mastodon is different... a website
- 17:37not a "json" database in app
- @farribeiro:matrix.org19:59I noticed that bluesky can be a pwa like twitter
- @steve_coldham:matrix.org20:00Message deleted by Aaron Goldman
- @farribeiro:matrix.org20:02Admin
- @planetoryd:matrix.org
Sat, Jun 3, 2023
- Yellowsky06:19Is there a character limit for posts, if so what's the limit?
- Patryk06:20
In reply to this message
There's no character limit, but there's a grapheme limit, unfortunately I don't remember what's it - moved to @shreyan:beeper.com@shreyanjain:matrix.org06:28300 I think
- Skyler Hawthorne06:59Wait really? This is the single most common complaint of Mastodon. And 300 is even smaller. I hope it's configurable on self hosted PDSs
- Aaron Goldman08:55Hosts should all treat the same lexicon the same. That is key to the federation. However anyone can make a lexicon. If too_stort_post is not a good lexicon better_length_post will out-compete it. Applications will choose which lexicons they want to support. Evolution will lead to a few winners for profile, posts, poll, collaborative art project ... whatever.
- Skyler Hawthorne09:14
In reply to this message
Yeah I get that but this seems like common sense to me. It was the number one complaint about Twitter for literal decades, and even they finally relented. And Eugene Rochko made the same mistake, and now it's the number one complaint on Mastodon. Why start right out of the gate with something you know everyone is going to hate? - n-three
- Skyler Hawthorne09:45To a regular user, there's no meaningful distinction. It's basically a "visible character", which can be composed of multiple Unicode scalar values (i.e. characters)
- n-three
- 09:49*your explanation
- 09:56@xsandr10:grin.hu joined the room
- 09:58@xsandr10:grin.hu left the room
- Chris Lace10:32BlueSky invites are like Bitcoins, hard to get now 🤔
- retr0id
- 10:40can't remember if that's codepoints or utf8 bytes
- Aaron Goldman11:03https://github.com/bluesky-social/atproto/blob/main/lexicons/app/bsky/feed/post.json#L12 ``` "text": {"type": "string", "maxLength": 3000, "maxGraphemes": 300}, ```
- 12:21Midou changed their display name to Midou (Away, coming back at 10/6)
- Yellowsky12:35Thank you!
- Aaron Goldman13:40retr0id: What do you think https://plc.directory/did:plc:m2o63tpnlwrfj43nrqzxyrry is?
- retr0id13:40hah I know exactly what that is
- 13:41but I can't say (it wasn't me though)
- moved to @shreyan:beeper.com@shreyanjain:matrix.org13:42Umm 🧐
- 13:46That's a very interesting choice of data to put in a DID
- Aaron Goldman13:51`x/c` is not a mimetype I know
- moved to @shreyan:beeper.com@shreyanjain:matrix.org13:55Yes there's a lot of invalid data in there
- Chris Lace14:05So when will (BlueSky) have inboxes, or dm? 🤔
- moved to @shreyan:beeper.com@shreyanjain:matrix.org14:08Not soon if ever
- 14:09It's a very public data oriented protocol
- 14:12Chris Lace set a profile picture
- Yellowsky14:48
In reply to this message
I think it is possible as A can use B's public key to publish a message only visible to B. - Yellowsky
- 14:56
In reply to this message
Just a small draft. This is design only (so mock images and text) as I cannot access bluesky data yet.
Basically it is just a different looking and filtering client for bluesky but I think a small pr0gramm on top of bluesky would be dope.
It lists all posted images, offers liking and commenting and shows all replied comments.1 reply - 19:06Taiwan Brown set a profile picture
- @farribeiro:matrix.org
- 22:39damon/ set a profile picture
- 23:43knksm5 joined the room
Sun, Jun 4, 2023
- 05:03@oliveolive111:matrix.org joined the room
- 11:13HIGHGAG joined the room
- 18:36ashley joined the room
Mon, Jun 5, 2023
- retr0id03:32
In reply to this message
Not really viable for strong e2e security guarantees, since right now the PDS is assumed to be fully trusted (it holds the user's DID keys) - 03:35I'm hoping they specify some kind of message relaying mechanism, to let me send some data to another user without having to put it in a repo first
- 03:36you could build a more robust e2ee layer on top of something like that
- damon/05:49
In reply to this message
They’ve spoken on this. It will be quite some time as it’s not on the priority shortlist. They want it to be fully E2EE. Right now the primary focus is federation and moderation - 07:04manaken0522 joined the room
- 11:30shmeat joined the room
- 12:29GoldyyDev set a profile picture
- 13:10keithamus joined the room
- Chris Lace13:37The mission is to further Technology
- 17:08@aronkvh:matrix.org joined the room
- 17:08@aronkvh:matrix.org left the room
- 18:00@olu:memoryandthought.me left the room
- Aaron Goldman18:38
Daniel Holmgren: it is probably time for a byte limit on the operations
https://plc.directory/did:plc:zdbn3pxqjutt7o5rhh7ww52v
I would start with 1 KiB.
many of the"alsoKnownAs": ["at://data:x/c;base64,AAA...="]
are less then 4 KiB but some are closer to 7500B.
Also some rate limit per IP not just the limit per put. 🤷♂️(edited) - 21:37Sean joined the room
Tue, Jun 6, 2023
- 13:39Sabir Ibrahim joined the room
- Sabir Ibrahim13:47Hi Everyone... I'm just here looking to learn more about AT Protocol. I'm an attorney with a technical background who specializes in technology-related issues and I think AT Protocol has the potential to be revolutionary. I can perhaps chime in with legal expertise or a legal perspective on issues (whether it's open source, IP, data privacy, etc) when the need arises. Happy to be here!
- 13:51Sabir Ibrahim set a profile picture
- Sabir Ibrahim13:51Standard disclaimer: Nothing I say here should be construed as legal advice 🙂
- Aaron Goldman14:45
In reply to this message
The interesting one for me is when the publisher's PDS is different from the Repo controller is different than the indexers is different from the timeline ranking service is different from the client PDS, who has what section 230 protections? - Sabir Ibrahim17:47
In reply to this message
Assuming that all are based in the United States, Section 230 would apply to all of them... for now (I'll get to that in a moment). The overarching purpose of Section 230 is to ensure that only the creator and publisher of content (i.e., the "information content provider," in the terminology used by the statute) should be subject to criminal or civil liability for content that violates the law or third-party rights. In fact, Section 230 is an even better fit for platforms built on decentralization protocols, since part of the purpose of AT Protocol, ActivityPub, et al is to return the Internet to its decentralized heyday of the 90's (when Section 230 was enacted) and away from the predominance of centralized platforms controlled by corporate behemoths. - 17:51
In reply to this message
However, the reason I say "for now" is that the Gonzalez v. Google case challenged the traditional understanding of Section 230. The plaintiffs in that cass wanted to hold Google liable for its recommendation algorithm that surfaced pro-ISIS videos and other content that glorified terrorist violence. The case made it all the way to the Supreme Court, which ruled for Google on unrelated grounds and punted on the Section 230 issue. The fact that the case made it as far as it did and SCOTUS essentially refused to touch that issue is an indication that the issue might not be so cut-and-dry in the AI-driven future we're moving towards. - 17:54By way of background, for those who are unfamiliar: Section 230 is a 1996 American law that essentially shields platforms owners and service providers from liability for content their users post that may violate the law or third-party rights.
- 17:55pluwshy changed their display name to Lulu
- Aaron Goldman
- Sabir Ibrahim18:13Another interesting issue is GDPR compliance for platforms built on decentralization protocols, given the GDPR's specific requirements around data deletion and (increasingly) data transfers to non-EU countries. The ActivityPub and Mastodon dev communities have grappled with these issues for years, but to my knowledge, there's no consensus on how to handle compliance. And the regulatory landscape in the EU is itself still evolving.
- shmeat18:30What's the attitude towards brands on bluesky? Are they allowed to talk about what they do at all?
- Aaron Goldman18:33The analogy I like to use is Twitter and the library of congress. The library of Congress subscribes to the firehose and keeps a complete copy of tweets. If you delete a tweet Twitter will delete it from its servers. However it does nothing to attempt to delete the copy at the library of Congress. AtProto allows you to remove a record from your repo. And you can ask your PDS to delete. On the other hand there's nothing your PDS can do to ensure that either an indexer or another PDS deletes your record. The best we can do is send a purge request and see if the other servers would like to honor it. It's not currently clear what GDPR requires.
- Aaron Goldman22:41Repos are simply much more archivable. It is like asking the publisher to remove a page from a book you published last year. They can stop selling new copies of the book but they can't go into the homes of every purchaser and tear out the page, even with GDPR. The best they can do is to issue a recall and hope the purchasers tear out and burn the page themselves.
- 22:45“memory hole.” dose not work well here
Wed, Jun 7, 2023
- 04:49aetherize joined the room
- 06:44Nad // away changed their display name to Nad
- @nuhvi:matrix.org07:05Is there a significant use of PDS's MSTs yet? as far as I understand, clients do not do any fancy syncing with PDSs or BGSs, nor do they verify signatures, and currently there is no federation so there aren't other PDSs to sync with each other, so is the MST currently purely an overhead?(edited)
- 09:58j' joined the room
- 11:27@rimuru:gentoo.chat changed their profile picture
- retr0id13:07It is vaguely useful if you're trying to keep your own mirror of a given repo, since you can get the initial repo state with getRepo and then keep it updated through the firehose(edited)
- 13:07the MST isn't strictly needed but it lets you know whether you have all the blocks or not for each commit
- 13:08relevant github discussion: https://github.com/bluesky-social/atproto/discussions/1072
- 14:25@tachinosuke:matrix.org left the room
- Aaron Goldman15:16
In reply to this message
1234
get repo for did:plc ${services.atproto_pds.endpoint}/xrpc/com.atproto.sync.getHead?did=${did} ${services.atproto_pds.endpoint}/xrpc/com.atproto.sync.getRepo?did=${did} https://bsky.social/xrpc/com.atproto.sync.getHead?did=did:plc:toxy3kpelhv5gwubytayrsbw
It is useful if you want a repo to outlive the PDS it is currently hosted on. The expectation is less that clients will verify the MST, which they certainly could, than your PDS would. If I follow several repos that are on several difrent PDSs my client should not need to call each of the PDSs intern. My PDS, that has much cheaper and more reliable internet than my phone, would sync the repos. It would build my home timeline and then send my client the posts that are interesting to me. In the event that the original PDS disappears the repo is still on your PDS with all the authenticity it ever had. If I wish to move my repo to a new PDS I don't need anything from my old one. I can point my DID Document to the new PDS with my rotation key and upload my Repo to the new PDS.
It also enables deferred retrieval of parts of the repo. If I retrieve
https://bsky.social/xrpc/com.atproto.sync.getHead?did=did:plc:toxy3kpelhv5gwubytayrsbw
and learn"root": "bafyreign4apdgdlqwbdy2h2uotlptng2hkbgz3khqbwygnc5u5hawqfvc4"
I can get the block later that the PDS committed to and know that is what the repo was at that time. I could get the block from other PDSs or BGSs and not worry about trusting where ever gave me the blocks.When http sites' servers stop serving a website it is gone. When a PDS stops serving a repo it just stops updating until a new PDS is pointed to by the DID Document. Even if that never happens the Repo can live on as long as someone thinks it is still worth storing and serving.
12345678910111213141516
ipfs dag get bafyreign4apdgdlqwbdy2h2uotlptng2hkbgz3khqbwygnc5u5hawqfvc4|jq { "data": { "/": "bafyreiai44xlyde6cxukvvoesq5ur7rzxpom22a6pu7uupzddap2n2l6ra" }, "did": "did:plc:toxy3kpelhv5gwubytayrsbw", "prev": { "/": "bafyreiezfiavrtycuin2b7xglueekxsjxfh42mw52afutjekacd356yhau" }, "sig": { "/": { "bytes": "heMb7qW3w25/3x4L9tQLRa4Kn1f0tYpV6OJwiIx0/WlxAEKQDDw4bI/qZkdl1OyAax0FquIDF9o2tdSudkT8sw" } }, "version": 2 }
follow the
data
pointer to find all my record.
follow theprev
pointer to find all my previous commits of my repo.
validatesig
to validate all current and previous content in the repo.The repo is just as trustworthy in a CAR file as on the server http can't do that. The MST currently is not purely an overhead. It is an insurance payment to enable the repos to live far longer and in far more diverse environments than PDSs. Geocities proved less durable than Yahoo! A AtProto repo should be much more durable than
bsky.social,bsky.app, or Bluesky PBLLC. - 15:20I recognize I am an outlier that when I look at a AtProto I am thinking how will the archeologists know the author of a post.
- @nuhvi:matrix.org22:41
Aaron Goldman: Thanks for the reply, but I wonder if MSTs are too complex in comparison to individually signed blobs that are efficiently synced between PDSs with a set reconciliation algorithm, some can be extremely fast and cheap https://github.com/AljoschaMeyer/set-reconciliation
So the only two things I see MSTs doing better would be:
1- overall snapshot of the repo at any point in time
2- efficient signature verificationHowever, you can replicate both 1, and 2, with individually signed blobs if without being the base requirement, for example one blob can be a big list of all the other blobs and their hashes at a given point of time, or you can make a tree if a big list is not desired.
On the other hand, MST makes it impractical for clients to sign their own data, and forces PDSs to be custodial of signing keys, which wouldn't be the case, if clients can just sign their blobs individually.
- 22:43I love how MSTs are very much like Git, and that is awesome, but it is definitely not the simplest most versatile solution, and the fact that clients don't verify signatures nor sync with PDSs, make their utility much lower than it could be.
- 22:44Also, MSTs seem to force the entire AtProto to be hostile towards "offline-first" apps, because the PDS being the only signer, is the reason this works smoothly, otherwise it will open the door for merge conflicts and at best you will use LWW and lose a lot of user's intent.
- Aaron Goldman22:49There's no reason a client can't sign its own MST.
- 22:51The PDS is serving as a timestamp service so we can have finality but it would be totally reasonable to sign all commits in the clients and have the PDS only sign ticks.
- @nuhvi:matrix.org22:52The reason would be that two clients offline signing their own MSTs, will be hard to merge, and even after merging, the PDS will have to sign that merge, it will be like each client writing to Git, and dealing with conflicts, and data gets lost if clients aren't careful.
- 22:53You will be trusting app developers to write programs that can deal with merge conflicts, something that even humans struggle with in Git every day, no?
- Aaron Goldman
- 22:54an early sketch of the repo design
- @nuhvi:matrix.org22:55If clients can work offline-first, and prepare their own MSTs and sign their roots, then not only that is very big overhead for app developers, but it also gurantees that pushing these roots to the PDS will result in conflicts, because other apps somewhere else are submitting a conflicting tree.
- Aaron Goldman22:56
In reply to this message
You are trusting apps to know their data model. Some lexicon would be CRDTs. Some would be CaS(Compare and Swap). Some would need to do a two phase commit where the first locked a resource and the second modified it. - 22:58I you are doing something that needs strict serializable consistency you would need to talk to the PDS. If you are doing something with only transactional causal consistency the local first is fine.
- 23:01Now you are in the confluent invariant game https://youtu.be/JVEwJyTIjcE
- 23:04But yes, this requires a good library in many languages to do repo manipulation and signing. Most users should just interact with provided CRDTs like the grow only set or last writer wins.
- 23:05or atomics like mutual exclusion sets.
- 23:07If the apps only use confluent invariant constraints, then they get local first. If they use non confluent invariant, then they get server round trips.
- 23:08Granted we are no where near that today but it is not a limitation of the MST.
- @nuhvi:matrix.org23:10Ok but what do we get in return of all this complexity? I can only think of authenticated ranges, meaning that PDS2 can get data from PDS3 and verifying that it didn't mess anything that was authored by PDS1 But for many usecases that is an acceptable price to pay for less complexity, and if you really need range authentication, then some collections may opt in creating a signed index or even a tree. This answer might explain my point a bit better: https://github.com/AljoschaMeyer/bamboo/issues/11#issuecomment-1443643502
- 23:13dandyandy3 joined the room
- dandyandy323:14How do I host my own AT Protocol provider? I can't tell if the AT protocol docs are intentionally obfuscating it, or if it's not something that's easy for anyone to do and it's not yet documented, or if i'm bad at reading
- Aaron Goldman23:19For the sign a repo vs sign a record. I obviously think there is value in that model as I work on https://ceramic.network/ which signs each event. That said the value of a repo is affirmative non-existence. If I know that the root is
bafyreign4apdgdlqwbdy2h2uotlptng2hkbgz3khqbwygnc5u5hawqfvc4
then not only can I verify that a particularat://
uri exists in the repo I can verify that the uri does not exist in the repo. If we sign individual record and I give you a made up uri then you must go back to the host of record to get the negative existence of the uri. This was the pattern used for ssh over dns to force all requests all the way back to the authoritative DNS server.at://
wants full repo caching that means we never need to ask the authoritative PDS anything but did the root change until it does. If we subscribe to a 24-hour call back then we don't even need to do that much because if the root changed, we would have been notified. - Aaron Goldman23:26
In reply to this message
Ah, thanks for the link I had misunderstood your question. Look like it was less "Why a Merkle tree over signed records?" and more "Why a MST over other Merkle tree shapes". - 23:27The logical repo shape is
- 23:28so the obvious Merkle tree would be
- 23:29but that can go pathological
- 23:29a b-tree fixes this
- @nuhvi:matrix.org23:30I was mostly trying to confirm that this "affirmative non-existence" or proof of exclusion, is indeed the main and mostly only big advantage of MSTs. Whether that is worth the cost of it is obviously a subjective and per app question. My intuition is that I can build an MST over an S3-like storage, but not the other way around (not without the cost of MSTs built in). Framing MSTs or any authenticated data structure's value as: better caching, is valuable for thinking about the tradeoffs clearly.
- Aaron Goldman23:30but balancing the b-tree gives poor structural sharing
- @nuhvi:matrix.org23:30Yeah I am a fan of balanced merkle trees, and MSTs seem to be even better than Prolly trees
- Aaron Goldman23:30a hash gives us structural sharing
- 23:31but not range queries
- 23:31So a MST or Prolly tree is the way to go
- 23:32don't know if that clears up my thinking at the time
- 23:32or if I even understood the question
- @nuhvi:matrix.org23:33No I definitely agree that MSTs are great for the goal you expressed, it was hard to understand from reading the paper, but when I wrapped my head around it it was clear to be the best solution.
- Aaron Goldman23:34only if we can get most of the complexity hidden behind a library or service worker
- @nuhvi:matrix.org23:34I have been working on (read using) append-only btree on top of Hypercore, and there are so much complexity that I am in the phase of: ok how much can I cull and still be open and censorship-resistant
- Aaron Goldman23:35For the browser having a service worker at the PDSs domain could provide intresting services to the domains that the repo controller authorizes.
- @nuhvi:matrix.org23:35I hear you, but there is a lot of value in just pure HTTP API, so I would actually rather let the PDS handle MSTs and me as a client dev never dealing with it.
- Aaron Goldman23:35on mobile an app could handle intents
- @nuhvi:matrix.org23:36Adding PDSs at client side, would be very much like DWNs architecture, interesting, but I am scared of the conflict resolution work still.
- dandyandy323:36
In reply to this message
I mean getting onto Bluesky by entering my own provider URL. How do I run that? What is your link to? the AT protocol repo doesn't mentio