So, right now there seem to be two federations: one called Bluesky and another called Sandbox.

https://atscan.net/pds

I'd like to know, can one PDS be part of more than one federation?

One more question, if I may. On Mastodon, the server hosts not only the content created by its users, but also the content created by everyone followed by its users. Which results in lots of duplication.

Does that happen on Bluesky too?

Let's suppose the BGS Alice is using does not consume the whole thing, only whatever is necessary for it to function.

Would Alice's client download any necessary data from the original PDS?

Your User Agent always talks to your PDS. Your PDS then ether serves that data from cache or dose the request to Alice's PDS

1. Your PDS cache
2. Your PDS's BGS
3. Alice's PDS

The assumption is that your PDS has much cheaper bandwidth than your User Agent.
If it can download and filter content only sending down content that did well in the ranking algorithm you will save client battery and bandwith.

Quick Q about custom feeds: https://github.com/bluesky-social/feed-generator

I've got the feed generator hosted with the whats-alf example (but I renamed mine to elixir, all the code is the same though), and I've filled out all the env vars set correctly. I ran the publish script, and got the Done message with no errors. But I don't see the feed in the bigsky app. Do folks who have done this before have any good debugging tips?

EDIT: The url for the feed is https://elixir-bluesky-feed.replit.app, and I kept the feedgen port to 3000, but the docs also say that the app needs to respond on port 443, so I'm not sure if I'm supposed to change that env var to 443? My replit logs do say forwarding local port 3000 to external port 1104, which I didn't specify, but trying that port doesn't seem to work either.

If I do a GET for https://elixir-bluesky-feed.replit.app:3000/xrpc/app.bsky.feed.getFeedSkeleton?feed=at://did:example:alice/app.bsky.feed.generator/elixir my request just times out.

DNS has very elaborated structure to separate power of each individual entity. Each TLD registries operates independently (e.g. .com is Verisign). ICANN approves and oversees individual registry’s policy.

ICANN controls the root zone but does not participate in day-to-day registration and dispute resolution. It adopted a multistakeholder model for governance to restrict influence from governments. Since 2016, it is freed from any oversight from US gov.

Individual domain name could be removed by a registry due to its policy or local law, but banning a user to have a DNS name in ALL TLD is very unlikely.

But it is better than git.

git is broken because the branches don't have identity. If I give you a git hash and ask you to get the latest for that branch you can't
In theory you could have an index and find all commits that have your commit as a parent and recur to find all descendants but that would not give you an authoritative latest.

This is why we end up in centralized services like git hub.

I can reference a file like
https://github.com/bluesky-social/atproto/blob/318736816c65e86a554e09cb9dc2e095dff636c4/README.md
but that is only a moment in time.

I can reference a file like
https://github.com/bluesky-social/atproto/blob/main/README.md
but that is only the branch name and dose not commit to any particular state

I wanted a way to have all the commitment of a git hash and all the authoritative latest of a GitHub.com/user/repository/branch/path
at://controller@commit/path the controler means cryptographically strong authoritative updates and commit hash means a cryptographically strong commitment to the exact bytes of the whole repo. The web gets a new href for committed to bytes and authoritative updates. Without fear of losing your name because you didn't pay the name bill on time.
If I want to move from github to gitlab or

Authenticated Data eXchange gives the opportunity for linked web of documents that have the git like powers of distributed version control and the http like powers of authoritative updates. Let's do to the web what git did to source code

The power of http by letting people register and control names.
The power of git by atomically moving from one commit to the next.
The ability to handle large fanout trees becuse MST avoids large directory problem.
The ability to handle very deep trees becuse MST avoids deep directory problem.
The ability to handle large files becuse we can brake in to a tree and MST is good at breadth and depth.

Authenticated Data eXchange is a powerful primitive to build on.

Well this was a fun bug to find in did:web resolution

https://github.com/bluesky-social/atproto/issues/1338

Actually with a repl, doing a get on an ipv6 only host works just fine

axios.get('https://ipv6.google.com')

So maybe this really is an edge case with link local resolution

The PDS won't help you with the dynamic DNS. As you say you would need your own script for that. When your PDS is unreachable other PDSs won't be able to fetch the heads of your user's repos but once they have repos catched locally they will have the data.

Set up with flakey connectivity to a PDS is a good test case for the federation. The ideals of authenticated data is that once you give the repo to anyone they can share it around so following a repo on a flakey PDS should not be a problem.

Obviously the users of your PDS can't publish new posts when the PDS is not reachable.

So far, my understanding is that a PDS signs your posts and hosts them, and that your DID document contains the public key of the repo signing key, which is shared across all accounts of the PDS.

If you were to move to a different PDS, e.g. move to your own after Bluesky's instance is federated, what happens to your data? Does it somehow get copied to the new PDS and re-signed with the PDS's key, or is all content left in the original PDS and still referenced whenever old posts are queried?

Hi folks. We are working on our implementation of ATProto.

We checked Bluesky FAQ and there are some interesting answers to our questions. Currently the main problem for us is Bluesky team decision to use lexicon and xrpc. 

Unfortunately, DX of those new custom protocols is not good enough for us. So we prefer to see OpenAPI spec for the protocol. It will allow us to use rich ecosystem of tools built around it.

So we started kinda fork of the protocol to define resources in terms of OpenAPI. But maybe there are some projects which already are doing something similar? We would like to avoid double efforts.

Thanks 

we don’t have a public room yet because it requires more collaboration efforts and we are super limited in resources. 

but we plan to launch it in September 

btw I’m a person who sent you the email about customising typify from oxide for ATProto a while ago

https://github.com/oxidecomputer/typify

My advice is to focus more on interoperability at the repo layer than the API/xrpc layer.

As long as repos are signed it's an implementation detail of how you got the blocks. xrpc, Open API rest API, mailed a hardrive full of repos to someone, ... whatever.

Asking if you’re allowed to ask for invites? Interesting strategy lol

Edit: don’t mind my bad grammar, I am a native English speaker educated in the US.

So let’s say Bluesky uses ACLU or any org, doesn’t matter really, for its content moderation. Why does that org have access to my content? Unless they are given some kind of special permissions by Bluesky.

Alternatively, I saw something about community moderation. What’s to stop a country’s government from using this to silence dissidents.

Meaning it can join those rooms because the content owners have made the decision to allow anyone to join.

I can create private rooms on

That's kind of an inherent aspect of it though. You simply can't escape centralization entirely. There can't be spokes without hubs. For example, there are extremely few people who host their own email server. Most everyone just relies on third parties like Google, Microsoft, et al.

The whole point of data portability is that if you don't like the policies of the server you're on, you can pack up, go elsewhere, and not miss a beat. My understanding is that's part of the reason Bluesky decided to create a new protocol instead of just building on top of ActivityPub.

One analogy I like for why you might want authenticated data is the comparison between a phone call and a bookstore. If you ask everyone that wants to learn from you to call you then you can give custom answers to each caller. For example not sharing with one specific person. But it is inherently expensive as you have to have enough bandwidth to talk to each and every individual that wishes to learn from you.

If you publish a book you record the ideas once. Someone who gets a copy of your book can make a copy. There's a lot of ancient wisdom where we don't have the originals. We do have the copies of the copies of the copies of the copies of the copies. But this comes at a cost. If you publish a book and it is in bookstores newsstands and libraries you can't then say "but that one guy I don't like is not allowed to read it".

AtProto is a protocol for authenticated data exchange.
Does my belief that this can fundamentally change the economics of content distribution.
HTTPS gives you nice properties that AtProto does not have. However the unlimited ability to cash the data anywhere and index the data anywhere without losing authenticity changes the Nash equilibrium that led to a small number of very large social media providers.

Exactly. There is a dozen of large spam filtering services (plus many smaller services), not one service. And users could easily switch to another service if what they are using become too shitty. Companies may also enter the market without much barrier. Users may also choose to not use any spam filtering service if they want to.

I think this model is pretty good for social network moderation too

Build your own PDS, then federate with the staging environment. If you can do that and make a meaningful commit to the project you’ll probably get one.

Disclosure: I have no interest in actually getting you an invite, the whole thing reminds me of Ello, I just wanna see as many PDSs built as possible as quickly as possible.

In reply to

ThatLinuxUser
To refer to Sabir's statement

In reply to

What do you mean? I don't follow.

Interop is a tricky topic. Activity Pub thinks in terms of connection and AtProto thinks in terms of signed content.

The AtProto repo is self authenticated data so if you distributed the repo using Activity Pub it should just work but when putting Activity Pub events into an AtProto repo who signs that repo?

You could have a bridge that witnesses that the events were retrieved with https and trust the testimony of the bridge but it is still a little awkward.

I am experimenting with an idea of multiple user "personas" all under the umbrella of a single identity, which is represented by a did.

Each persona has its own display name, user name, domain name, and profile information (description, avatar, banner).

The identity did holds the single hashed password for authentication. Any of the personas linked to the did can use this password for authentication.

The thing I'm finding difficult to understand from the Bluesky protocols, is where the private keys for the "signing key" (a public-private keypair) and for the "rotation keys" (each one a keypair) come from, and if and where they need to be stored.

The

When user accounts are created in the pds.handlers.handleComAtprotoServerCreateAccount function, the recovery key is optional and is passed in via arguments.
Its did (public key, potentially empty) is stored with the user, and if the key is not given in the command input, the server-wide signing key is used as the single rotation key for the did that is created for the user.

The command-line command gosky newAccount does not parse or send a recovery key, so in effect the user always has an empty string its recoveryKey field.

To sign documents and verify documents, indigo uses a KeyManager interface. When signing, the KeyManager must hold a valid private keypair in its signingKey field, although this seems never to be set. Instead, the only signing is inside the api.plc.CreateDID function, which gets passed the server-wide signing key as an argument.

To verify did documents, the document is resolved and the KeyManager extracts the public key from the "#atproto" verification method.

Thus no private key is ever stored in a database, but is it safe to use a single site-wide key this way?

To be honest I am thinking more about nomadic identities for the Fediverse, but at some point maybe there would be a merging of sorts with wherever the AT protocol goes.

One did could have a bunch of alsoKnownAs handles, some with the at:// scheme and others with Mastodon-like https://instance/users/xxx handles. Each handle = a persona. The personas would all be under the control of one human being (“user”) but would represent different presences: home / work / hobby / focus; or perhaps “repos” / content managed by servers with different capabilities: text / photo / video / project management, etc.

123456  PDS                                did count   delta count    sum bytes     first                      last
| https://bsky.social              |   406,600 |     479,100 |  331,216,195 | 2022-11-17T00:35:16.391Z | 2023-07-27T21:34:56.038Z |
| https://uwu                      |    11,714 |      11,714 |   86,648,128 | 2023-05-30T06:32:05.019Z | 2023-06-30T18:52:10.965Z |
| https://stems.social             |     5,044 |       5,897 |    4,048,359 | 2023-04-16T09:28:40.041Z | 2023-07-05T17:31:28.795Z |
| https://boobee.blue              |     1,601 |       3,016 |    2,137,698 | 2023-03-12T15:11:56.675Z | 2023-07-27T04:54:07.696Z |
| https://atproto.forza7.org       |        51 |          61 |       42,236 | 2023-04-13T14:10:14.176Z | 2023-06-05T09:50:10.998Z |

oh look there are more than 400,000

Let's split the question in two.
Is it proprietary?
In increasing proprietary order:

• The protocol is an open protocol that anyone could implement.
• The PDS written by Bluesky PBC is open source. You can fork it but need Bluesky PBC's permission to contribute.
• The
  bsky.social
  PDS is a service run by Bluesky PBC like any web2 service operator.

Is it spyware?
AtProto in general and Bluesky in particular is a publication protocal.
The repos are public and can be mirrored with or without your co-operation.
As an effect of this there is no true delete. Instead, there are three concepts.

• Retract: Take a record out of your repo. Will remain in your history.
• Unpin: Tell your PDS you don't want a record to count agent your storage quota. May be deleted at any time.
• Purge Request: Affirmatively request that a record be deleted. A PDS may charge for Purge as it will force them to access the data to remove it timely. Indexers may honor the request by deleting the record or hiding the record from search results. Or they may ignore the request. Local laws and contracts will determine what any one indexer does with the data after a Purge Request. Purge Request can't be technologically enforced.

So different parts are varied levels of proprietary. With the open protocal being the most important to belong to the community.
AtProto is very much not a secret distribution system. The repos are public and the fact that they are public is what enables the separation of local caching and indexing from publishing.

"The PDS written by Bluesky PBC is open source. You can fork it but need Bluesky PBC's permission to contribute."

What do you mean? What sort of permission? Isn't it MIT-licensed?