Bluesky Dev
Community discussion of the AT Protocol and Bluesky. (This room is not officially affiliated with the Bluesky team.)
Sun, Nov 6, 2022
- mikestaub
In reply to this message
That sounds good. There are 600+ people in this room now, perhaps we should do a poll and ask "What level of commitment to contribution are you willing to make per week? ( 40 hours, 20, 10, 3 )" If there are less than 10 devs at this time perhaps this can wait. I just wanted to do a pulse check and see where things are at. - bnewboldre: the earlier pfrazee comments earlier about DMs and private messages, as a thought experiment I would propose that atproto just not support any form of non-public messaging. keep the protocol small and focused. leave private messaging (DM or group) to existing applications/protocols like Signal and Matrix, don't try to compete with them. an application (like a mobile app) could potentially support these other protocols with shared contacts. some glue to bridge DIDs as persistent contacts/identifiers for those other mediums would be helpful
- I guess i'm not a particularly active user of any modern social media tools, so maybe i'm missing things, but it always feels like the private messaging feature is bolted on and undesirable in many cases. what people do want is to have reasonably strong/safe linking between identities, so you know if you are contacting XYZ on twiter or bsky via email or matrix, you would actually be getting the same person. but that is trivial with a simple link or profile entry.
- bnewbolda docs request (which I get is sort of low priority at this stage as things are still in flux) would be extending the existing identity docs to explicitly talk through how rewriting history would (or would not) work. aka, if a user or PDS starts publishing a new history chain, with a valid signature (verified by current DID doc verification key), are other PDS servers immediately drop all prior histories? how are other servers supposed to verify if a new "HEAD" is the now-canonical HEAD? eg, if there are multiple branching HEADs. the kind of thing i'm thinking about is replicating from multiple third parties (maybe aggregators, or caches, or "high-availablilty persistence services" like P's old hashbase for dat) and getting conflicting responses. or receiving a random repo PUT request which is valid but maybe out of date. should receiving PDS servers always do a quick sync root request to the DID's canonical PDS?
- somebody above was discussing trying to block indexers/aggregators. my current feeling is that a distinction between atproto and a large subset of the mastadon community, is that atproto is welcoming of "big world" aggregation (in addition to "small world" hosting stuff), while in contrast some think that "big world" stuff is potentially undesirable on principle, and are skeptical of random aggregation. eg, I think of atproto as being closer to a service like tumblr, which as I remember/understand was totally open to being crawled and indexed by things like Google, as compared to Twitter which was originally open but ended up having very restricted ($$$ or grandfathered) access to the firehose, lots of expectations about not storing user content that may have been deleted, etc. I think there are legitimate concerns and arguments in both directions; the way I have been thinking of atproto is in the "sure anybody can aggregate, user content is public and users need to keep that in mind" direction
some tangential references to the indexing/crawling issue are:
- this drew devault post about bot load on sourcehut (sr.ht), a git repo hosting service: https://drewdevault.com/2022/05/25/Google-has-been-DDoSing-sourcehut.html
- the fine non-profit work that https://www.softwareheritage.org/ has been doing crawling and preserving pretty much "all" git repositories they can find (eg, large hosting platforms, personal repos, as well as things like converting older non-git repos to git format)
- the old technorati service which crawled and indexed blogs specifically (as opposed to general web content): https://en.wikipedia.org/wiki/Technorati
- this drew devault post about bot load on sourcehut (
- @wclayferguson:matrix.orgbnewbold: I agree, the "Minimum Viable Protocol" should definitely not include support for private and secure encrypted/secret messages, in version 1.0, because that adds an order of magnitude to complexity, and what people around the world were kinda hoping for is a simple protocol for sending messages, that's somehow or other superior to ActivityPub.(edited)
- @wclayferguson:matrix.org
- @planetoryd:matrix.org
- bnewbold
In reply to this message
The way I think about it is that atproto talks about the canonical representation of user content, and how to replicate it, like git repositories (any checkout is as good as any other; there is some awkwardness about "completeness" with large blobs/media and sub-repos). While ActivityPub is about notifications and feeds, like RSS (original content is often simplified or truncated in RSS feeds, though sometimes it does not matter).
DID and account migration are another big difference, but feels more up in the air with the DID "placeholder" mechanism not being a robust proven tech. did:web is a good backup, any extremely trivial (I guess a good thing?), but does not deliver on the interesting new account migration stuff (just falls back to DNS)(edited) - whyrusleeping
- @wclayferguson:matrix.orgbnewbold: With ActivityPub you can lookup a user, find their outbox, and just simply read it. The problem with it is that the DNS owner owns your username, and is therefore your overlord. People are tired of overlords and want to own their own data.
- @wclayferguson:matrix.org
- bnewbold
In reply to this message
huh, I haven't seen much interesting atproto/ActivityPub discussion here or elsewhere, just a lot of noise. but if it isn't wanted here will take it elsewhere! - @wclayferguson:matrix.org
- George AntoniadisI can see a bot in this channel's future that auto replies to anything with "activity pub" with a link to the faq xD https://atproto.com/guides/faq#why-not-use-activitypub
- whyrusleepingbnewbold: youre fine, dont worry. Im just wanting to steer things towards discussion of ATP and away from AP
- @wclayferguson:matrix.org
- Aaron Goldman
In reply to this message
#general-bsky:matrix.orgfor dSocialCommons is meant as lobby for many approaches to compare and hopefully copy each other as distinct from the Dev channel that is focused on building this project. - bnewboldhere is a nitty-gritty question to try and keep the conversation back at the "dev" layer:
why are thepublicKeyMultibasekeys in did:plc docs so much longer than the did:key-encoded keys? I suspect this is a DID thing not specifically an atproto or did:plc thing, but nothing obvious turned up, I think they are both supposed to be base58btc encoded
eg, looking at: https://atproto.com/specs/did-plc#example - mikestaub
In reply to this message
for PMs I don't think it makes sense to invent something new but rather use signal or peergos - @wclayferguson:matrix.orgI say there's huge benifit to also focusing on "Public Append-Only" content for the first MVP. Merkle trees make the syncing perfect and simple. No one knows that around here better than whyrusleeping because of his IPFS expertise! (oh, and me too). Once you start trying to do editable data a vast array of difficult problems come up instantly and multiply complexity 100x.(edited)
- Aaron Goldman
- `did:key:zDnaeSezF2TgCD71b5DiiFyhHQwKAfsBVqTTHRMvP597Z5Ztn` Is an entire key and is better compared to the object rather than the key bytes. ``` { id: 'did:plc:7iza6de2dwap2sbkpav7c6c6#signingKey', type: 'EcdsaSecp256r1VerificationKey2019', controller: 'did:plc:7iza6de2dwap2sbkpav7c6c6', publicKeyMultibase: 'zSSa7w8s5aApu6td45gWTAAFkqCnaWY6ZsJ8DpyzDdYmVy4fARKqbn5F1UYBUMeVvYTBsoSoLvZnPdjd3pVHbmAHP' }, ```
- whyrusleeping
In reply to this message
Yeah, we need something thats easy to integrate, works with our identity system, and that is scalable to the user load we are expecting to see In reply to this message
Yeah, we've realllly been trying to keep things as simple as we can make them. A lot of time was spent trying to toe the line between 'as simple as possible' and 'not being obsolete in the next year'- whyrusleepingonlytangerine: why not grapefruit or kumquats?
- Dean
In reply to this message
Well it's working so far. I've been able to use the provided APIs fine with the dev-env server! - jmcasey
- Steven Franssen
- @wclayferguson:matrix.org
In reply to this message
It could just wrap each "month's" posts into a separate ZIP/CAR file and each one can point back to the merkel root of the previous. Just like how Blockchain works and is trustworthy even if you're not running a full node. - Aaron Goldman
In reply to this message
The problem with an append only block chain is that purge requests become difficult to honor. - Aaron Goldman
- @wclayferguson:matrix.org
In reply to this message
Two things:
- you jumped to "mutable data" when I was talkin' about immutable. :P
- but if we look at the mutable case. The master "record" be a single list of all the root merkels for every month of a person's life. What that means is each "rolled up" monthly chunk of data can be updated and it simply results in a new root merkle hash for that one month ZIP/CAR file.
The benefit if the "by month" approach is that when I want to follow someone, I don't get ALL their data unless I ask for it...but I do always get that "master record" which is essentially a list of monthly hashes.
- @wclayferguson:matrix.org
- @wclayferguson:matrix.org
- @wclayferguson:matrix.org
- whyrusleeping
- whyrusleeping
- @wclayferguson:matrix.org
- @wclayferguson:matrix.org
- @wclayferguson:matrix.org
- @wclayferguson:matrix.org
- @wclayferguson:matrix.org
- whyrusleeping
- Steven Franssen
Mon, Nov 7, 2022
- @wclayferguson:matrix.orgIn my mind I'd say an append-only edit is not a mutation. correct. You're not editing your original words (which could the change meaning even if you only change one letter of the text) It's impossible for software to know if you're just correcting a typo or possibly intentionally 'inverting' the meaning in some clever way.(edited)
- Aaron GoldmanThe question of wether the repo is mutable or immutable comes down to the reference URI not the repo itself. Let's take git as an example: The git hub url `https://github.com/bluesky-social/atproto/blob/d44cee71139af2267996f8b4c9412cde099ea37b/README.md` contains the hash of the commit. If I want to validate the blob at that url I can pull the Commit, root tree object, and the blob. The sha1s prove the contents of the blob are the blob referenced in the URL. Even if GitHub disappeared tomorrow If I have the URL and the repo I can still prove this. On the other hand the URL `https://github.com/bluesky-social/atproto/blob/main/README.md` references `main` this is mutatable as it is referencing whatevergithub.combelieves is the head of main. If GitHub disappeared tomorrow this URL is meaningless or at best means anything that was ever served from it. So is a git repo mutable or immutable? If we were designing it today which type of reference should we use? To get from mutable to immutable We need to know the commit hash. To get from immutable to mutable We need to know the branch name. Both references feel somehow incomplete. The immutable reference doesn't tell me a authority to get the latest value and the mutable reference doesn't give me a cryptographic hash to get the bytes as they existed at the time of the reference. `at://repo_did/collection/record_tid` doesn't give you a hash for the commit. `at://commit_hash/collection/record_tid` doesn't give you the DID to find the latest version of the repo. (Note: Not the actual ATP URL just making a point. Still well defined URL parsing since https://username@host/path is a valid url) `at://repo_did@commit_hash/collection/record_tid` would give you both. It is an immutable reference because you can use the commit hash to know exactly what the bytes were but it is also a mutable reference since you have the DID to find the latest version of that record.(edited)
- DeanSomething I'd like to see is native support for horizontal scaling on ATP indexer servers considering these are most likely to draw the majority of bandwidth. It would help when there's a sudden influx of users to a specific indexer/name provider. I'm sure this is already in consideration, I'm just writing down thoughts as I'm coding with the current 0.0.1 protocol.
- Aaron GoldmanNot pick: slightly more accurate to refer to hash identified content as semi-immutable having only two states the content and don't know. The repo model lets you redact data from the repo by deleting the blob without invalidating the rest of the content proofs. It's just that that one record @ that commit is now "don't know"
- @wclayferguson:matrix.orgAaron Goldman: I think you're right. My statement of immutable v.s. mutable was highly specific. The terminology fails us in this case I think, too. The problem to be solved is the "puppy problem" where somebody says, do you "like" puppies, gets a bunch of replies, and then edits it to say "kick" instead of "like". I guess the replies need to point to the original post and not be carried forward to the "edited" post?(edited)
- I think whyrusleeping is aware and has is solved probably. Thanks for clarifying so thoroughly..(edited)
- Aaron Goldmanat://repo_did@commit_hash/collection/record_tid at://handle@commit_hash/collection/record_tid Is slightly different from the current implementation which has the URL and CID are different fields but yes including the CID is good for preventing the puppy attacks you describe. Not yet clear how we should get both the repo ID and commit CID into the same URI.(edited)
- @wclayferguson:matrix.org
another approach possibility:
Every node has a "type"
- "Type=Comment" nodes are be immutable. You cannot change a comment. Required to delete and repost new one (resulting in new record ID).
- "Type=Paragraph" (like some chunk of "long form" content/document), should be mutable, because it's like a blog, or document.
- bnewbold
In reply to this message
yeah, it would be nice to have a way to encode the commit CID in at:// URIs. or, just add as a field in references, along with the URI and the content CID.
otherwise the CID reference in mentions/links are a bit "deeplink" and require a big index of record-CID to commit for verification. AKA, it is the commit that has a signature and can be validated.
not a huge issue, there is a way to validate with the way things are today, just takes a bit of extra work - in implementing a PDS, i'm leaning towards retaining all the commits and MST nodes Forever, immutably. record contents are what could get purged/redacted/hidden in response to abuse or legal issues. that way things like references can be confirmed to have actually linked to an actual thing, even if the thing isn't returned
- Daniel Holmgren
- George Antoniadis
- pfrazee
- George Antoniadis
- George Antoniadis
- if you like this, it was all my idea. If it seems too complex, this was all Daniel Holmgren's idea
- George Antoniadis
- pfrazee
- @wclayferguson:matrix.org
- Alejandro_
- pfrazee
- I really enjoy building fully in the open and normally would -- I live streamed my last project's development and I'm kind of dying to do that here -- but bluesky is in a kind of weird position where there's a lot of press attention, and we really didn't want "bluesky unveils a hot box of garbage" headlines
- George Antoniadispfrazee: missed the led glasses xD
- pfrazee
- Alejandro_
- pfrazee
- George Antoniadis
In reply to this message
lurked mostly, loved having them on while working, they were really good fun. - George Antoniadis
- pfrazee
- Dean
In reply to this message
Is the current spec (as described in the docs) stable enough to work on front-ends and not expect a complete rewrite from the existing ATP protocol spec? I noticed some things already differ (e.g. session helpers and did/cid arguments for lookups) but the method calls are the same. - pfrazee
- Dean
In reply to this message
I started playing around with it this weekend and the experience has been great so far! - Aaron Goldman
In reply to this message
for
at://repo_did@commit_hash/collection/record_tid
orat://handle@commit_hash/collection/record_tid
the "big index of record-CID to commit" is not like searching IPFS the RepoID (DID or handle) is also there so you can look up the home server and then pass the url with the commit_hash to it.
The home server is the one that keeps the old commits, path nodes, and records to return for a uri request. Or it can respond that this record has been deleted. Probably we would want it to return not only the exact record but the current record for the same path in the latest repo.This also serves as a guard agents the handle being reassigned by the DNS system. If the commit hash matches then it is the content that was the handle at the time the link was generated. Irrespective of wether the publisher later decided to stop paying their DNS name bill.
- whyrusleeping
Fun things you can do already, once you export your repo to a car file (using
com.atproto.sync.getRepo) you can import that into ipfs and explore the data:123456789
why@sirius ~/c/gosky (master)> ipfs dag import repo.car Pinned root bafyreiejwkm2e5j2cf7ft5gt673bkjb56qkhm5r7ylddzjvarcf6pm3awe success why@sirius ~/c/gosky (master)> ipfs dag get bafyreiejwkm2e5j2cf7ft5gt673bkjb56qkhm5r7ylddzjvarcf6pm3awe {"root":{"/":"bafyreifslfzyxiaqeaeeoydnb7fwmxq7cwjqrqtbvjw2rbq7ibarnl4fui"},"sig":{"/":{"bytes":"aaRPVJa/QRbhCOuUTJS8M7x/KEgpBW25HHfLVZvB9bTqrfDNMuESuVdxdT1SbV0p5FfVFpYLsL5KyXejjTP2dA"}}} why@sirius ~/c/gosky (master)> ipfs dag get bafyreifslfzyxiaqeaeeoydnb7fwmxq7cwjqrqtbvjw2rbq7ibarnl4fui {"auth_token":null,"data":{"/":"bafyreife3hhlk6ukkpjjvp3fmn4eocqfczlf472kgjgzfygz3bjsw43l3u"},"meta":{"/":"bafyreidevl4oqvw4gfoxnyctsr373zi7dnnj4pjkbh4nclubkqaf37vtvq"},"prev":{"/":"bafyreigc5zp7rzfuuxoylmbsdj4meog6esxuqgpehty6g466f2flxnj4ra"}}⏎ why@sirius ~/c/gosky (master)> ipfs dag get bafyreife3hhlk6ukkpjjvp3fmn4eocqfczlf472kgjgzfygz3bjsw43l3u {"e":[{"k":"app.bsky.feed.post/3jgwsf5q64c2z","p":0,"t":null,"v":{"/":"bafyreig4s2bn7yjo2i2r2gut7uvxvvcgsyf4jcyndcbnjdm5jkjx35o6yu"}},{"k":"tjxhkc2z","p":24,"t":null,"v":{"/":"bafyreiduauw76xk4gz3srdhdnkwzmwuisviqp72nyia3crklgxwhddv7ga"}},{"k":"system.declaration/self","p":9,"t":null,"v":{"/":"bafyreid27zk7lbis4zw5fz4podbvbs4fc5ivwji3dmrwa6zggnj4bnd57u"}}],"l":null} why@sirius ~/c/gosky (master)> ipfs dag get bafyreiejwkm2e5j2cf7ft5gt673bkjb56qkhm5r7ylddzjvarcf6pm3awe/root/data/e/0/v {"$type":"app.bsky.feed.post","createdAt":"2022-11-07T11:04:03-08:00","text":"i like cats and dogs too"} Tue, Nov 8, 2022
- Anders C. SørbyI want to create a rust server node which is both compatible with ActivityPub and ATproto. It will combine Web3 stuff with the existing fediverse. It is not a bridge but a node. Using nixos to make it easy to deploy. IPFS and Filecoin support. GraphQL API. Support for wallet logins. Calling it rustyverse now. https://github.com/Anderssorby/rustyverse
- Intends to usesurrealdb.com
- mikestaubpfrazee: what tool will be used to manage the schema lifecycles? I think something like https://github.com/odpf/stencil will be needed
- pfrazee
- pfrazee
- pfrazee
In reply to this message
signups at https://bsky.app, we havent started the closed beta yet but we're v close - pfrazee
In reply to this message
it is. Continuing from before, the revisions don't allow significant changes to the schema. My thinking is, if you need to make forwards OR backwards breaking changes, you create a new schema and stick a v2 on it - bnewbold
- committedpfrazee: are schemas stored in IPFS? do they have CIDs?
- pfrazee
In reply to this message
No. And -- this is confusing but -- we don't use IPFS technically, we use IPLD. So by default, nothing in ATP is accessible via IPFS, and we have no plans to make that part of the spec - George Antoniadis
- pfrazee
- @planetoryd:matrix.org
- whyrusleeping
- whyrusleeping
- @planetoryd:matrix.org
- George Antoniadis@planetoryd:matrix.org: is there a specification for Locutus? Docs are not really doing a good job at explaining how it works, and there are a lot of references of "contracts" which is not promising. ps. Should we move this to #general-bsky:matrix.org ?
- whyrusleeping
- jmcaseyI'm working on a rust crate for ATP: https://gitlab.com/jmcasey/rust-atp/ Any feedback/advice appreciated
- pfrazee
In reply to this message
nice. I'd suggest starting with implementing the repo data structure, which is a combination of IPLD and a Merkle Search Tree implementation. That's relatively stable and is going to be core to any implementation - jmcasey
- pfrazeecool. whyrusleeping has been working on a golang library and generating APIs from the lexicons, much like we do for typescript. Consequently, he's been giving us good feedback on how we can shape the schemas to make that easier in a more strictly typed language
- pfrazee
- pfrazee
- Dean
- @wclayferguson:matrix.org
In reply to this message
I'll go a step further and say all public data should be able to be consumed anonymously. - bnewbold
In reply to this message
I have a partially working Rust PDS and CLI client implementation at https://gitlab.com/bnewbold/adenosine - the MST and generic XRPC stuff is mostly working, and i'm part of the way through app.bsky feature stuff. I'm not doing real validation against the Lexicons, or code-gen. and the whole thing could use refactoring/iteration. but close to working as a proof of concept. I expect the specs to continue to change at more than the Lexicon level, so I would be hesitant to invest much time in to a polished implementation. eg, how inter-PDS communication will work feels unspecified so far, and could have a large impact on how to architect things
- pfrazee: as a request for the lexicons, the "handle" cleanup is good, but I think there are still a bunch of "user" and "name" fields. It would be nice if there was a consistent name for "DID or handle (domain)". maybe... "handle_or_did"? or whatever, as long as it is consistent
- bnewbold
- bnewboldjmcasey: I have some notes/thoughts/pointers on doing ATP stuff in Rust, can send you a DM or post a doc somewhere if you are interested
- jmcasey
- pfrazee
In reply to this message
we've got an open issue to clean up the renaming user and name items in there. I think the current approach for when either is allowed is to use "actor" - DeanNote regarding atproto's api package, it currently does not work natively with vite SSR apps e.g. built with sveltekit when loaded server-side. You'll get the error
exports is not definedatajv-formats/dist/index.js:4:23. Guessing this has to do with ajv-formats being CommonJS. The api can only be imported in the client-side when doing it likeconst api = await import("@atproto/api");in the browser side (i.e. inside anonMount()), which adds a big initial page load time since it's loaded into the browser session separately rather than being a part of the vite-generated js chunks. Wed, Nov 9, 2022
- Steven Franssen
- @tomtau.:matrix.orgHi everyone! I skimmed through the AT protocol spec, and one question I had was "How is this different from the Solid protocol?" (which, to my understanding, is a lot about account/user data portability at its core)... perhaps something good to add to FAQ: https://atproto.com/guides/faq
- Aaron Goldman
In reply to this message
bnewbold: I had been using
publisherashandleorDIDMostly just trying to get away from
host.
Theoriginfor https isprotocol, hostname, and port. The origin for ATP is protocol and publisher. We don't care what host gave it to you just if the signature is valid.Actor is pretty generic and has some overlap with the Erlang model but I don't know as long as we pick something and use it constantly probably fine. As long as we are clear what the origin is for the same origin policy
¯_(ツ)_/¯
url = new URL('http://example:8080/path') url.hostname // "example" url.host // "example:8080" - Prashant MittalHi everyone, really new here. I have been doing a deep dive into ATProtocol and have been reading the codebase for past week or so. and I have a few questions. I would be really greatful if you can help me out. Observations: 1. It looks like PDS is instantiated with a keypair which is used to sign all the data being stored 2. a jwt token is assigned to every account created on a PDS Question: 1. Does this mean there can be only one user per PDS 2. Can the account change the signing key for data that they are generating and not use the PDS's key Thanks in advance. Also, if you can guide me to a proper channel(if there is any) to ask general queries arounf the protocol and it's working
- Dean
In reply to this message
I think this answers question 2: https://atproto.com/specs/did-plc#account-recovery - pfrazee
- pfrazee
In reply to this message
Hey Prashant, I'll answer here instead of twitter DMS.
- No, you can host as many as you want. The signing key gets reused across repos. This is done so that PDSes can use the secure key managers that cloud services provide, which cost too much money per keypair to support 1 key per account.
- That is possible but you'd need to customize the PDS software to do that. Our implementation expects writes to be handled by the "home" PDS. You could make a version that is declared as the home PDS but actually just rehosts the current repo, allowing the signed updates to come from somewhere else.
- the account recovery flow that dean mentions allows you to change the signing key and the current PDS without your current PDS's involvement. The current expectation is that you're moving to another PDS that will manage your signing key for you, but like I described you could create custom configurations if you wanted
- DeanSomewhat related question I just posted in#general-bsky:matrix.org: Would it be according to standard to have 2 different handles on 2 different DID providers (i.e. a secondary domain) resolve to the same DID?(edited)
- pfrazee
- Dean
In reply to this message
Right sorry, I still need to adjust to the protocol's terminology :D thanks for the info! In reply to this message
Is this something you believe the spec might need to include? i.e. returning an array instead of a string in the did resolver'salsoKnownAsfield?- Dean
In reply to this message
Currently when you resolve a handle, according to the Identity docs, you get analsoKnownAsfield which returns a single domain handle. Perhaps to support alternative names for the same did, it could be an array instead of a string, and the array's first value is the primary name while any following values are things like shorteners/alternative handles on other handle providers. Instead of:
123456
await didPlc.resolve('did:plc:12345') /* => { id: 'did:plc:12345', alsoKnownAs: `https://alice.pds.com`, verificationMethod: [...], service: [{serviceEndpoint: 'https://pds.com', ...}] }*/It could be:
123456
await didPlc.resolve('did:plc:12345') /* => { id: 'did:plc:12345', alsoKnownAs: [`https://alice.pds.com`, `https://alicia.pds.xyz`], verificationMethod: [...], service: [{serviceEndpoint: 'https://pds.com', ...}] }*/(edited)- So visiting
https://frontend.com/alicia.pds.xyz, the frontend looks upalicia.pds.xyz, finds the primary handle (alice.pds.com) as the first value in thealsoKnownAsarray, and displays that as the handle in the profile (perhaps with a list of "alternative handles" somewhere in the profile as well)(edited) - pfrazee
- pfrazee
- pfrazee
- Dean
In reply to this message
I filed an issue for this other problem just now: https://github.com/bluesky-social/atproto/issues/330 - pfrazee
- pfrazee
- RE the windows, you lose the ability to contact the host and say "it timed out" after 5 seconds or so. Instead you have to watch the peer discovery system to collect all the IPs, which has a variable window of time, and then you have to contact each of the peers, each with their own timeouts. It makes the system much harder to reason about
- Aaron GoldmanThat said a Merkel tree is a reasonable way to reference a large blob as a collection of chunks. One could imagine a few record types: Small blob < 1MiB (literal bytes) L1 blob < 1MiB (list of Small blob CIDs) L2 blob < 1MiB (list of L1 blob CIDs) L0 1MiB L1 32 GiB L3 1 PiB Assuming about 32 bytes per CID and a 1 MiB max_record_size You would also probably want to support a check out of the repository where you ignore the nodes under a block record until they are requested so you never spend more than 1 MB per blob
- @penaiple:midov.pl
Thu, Nov 10, 2022
- @tomtau.:matrix.org
- Aaron Goldman
In reply to this message
This is not currently a priority and not on the road map.
There are three possible ways forward for this.
* One could create an activity pub event for wrapping an ATP record.
* Lots of complexity for Activity pub clients
* Two wrap activity pub events in a ATP record
* Lots of complexity for ATP clients
* There a bridge that translates between Activity pub events and ATP records
* Impedance mismatch between schemas and identity conceptsAll three have real drawbacks and would likely slow progress. Probably better not to put limited time of the dev team in expensive interoperability with activity pub at this time.
- bnewboldI feel like there is a middle path on using IPFS-like system for blobs (media artifacts)? have norms around block sizes and specific derived media formats/sizes. reference these by CID directly from ATP records. don't use bitswap for transfer, instead do transfer in CAR format over HTTP via an XRPC request (supplying a list of CIDs). store those blocks in whatever same blockstore being used for the MST. PDS doesn't need to pull CIDs for all content unless it wants a "deep" checkout. the current repo host of a handle is expected to have all the blobs references by any records in that repo, other PDS instances can cache and redistribute as they see fit. maybe optionally also have the "root" IPLD node point to a UnixFS DAG with all the blobs for the repo stored with filenames as well? that would make export-to-disk and exploring existing files easier. but not really needed and extra complexity
- pfrazee
- bnewboldi'm guessing video is going to be the tricky thing, going to be more than a "block" even for compressed versions, probably going to need a bunch of sizes, and might want to be able to stream by fetching early blocks first (like webtorrent). and at the same time can really bloat up caches/blockstores
- pfrazee
Fri, Nov 11, 2022
- bnewboldI made some progress on adenosine, a rust hobby implementation of atproto: https://gitlab.com/bnewbold/adenosine there is an example single-user instance at https://pierre-menard.robocracy.org/, and an example multi-user instance at, eg, https://hobbes.demo.adenosine.social/ you can explore the repository a bit: https://demo.adenosine.social/at/did:plc:3vp347vrxvzcs2dulat5sqwj the web interface is read-only, but the CLI works with these domains. DM me for an invite code to use with the CLI ondemo.adenosine.social. everything will definitely get wiped, is totally naive about abuse etc. and there is no server-to-server stuff, which would be the interesting part
- bnewboldsort of? it imported and validated against a CAR file exported from the atproto imlementation. but it is really crude, reads or writes the entire tree every time, instead of trying to update in place. and doesn't support partial trees https://gitlab.com/bnewbold/adenosine/-/blob/main/adenosine-pds/src/mst.rs
- bnewbold
- bnewbold
- bnewbold
Sat, Nov 12, 2022
Sun, Nov 13, 2022
- DeanI posted in #general-bsky:matrix.org since it seems to belong there, but the dev-related note is: it looks like "likes" have been replaced with upvotes and downvotes, I made a PR to represent these changes in the lexicon docs: https://github.com/bluesky-social/atproto-website/pull/6
Mon, Nov 14, 2022
- Prashant Mittal
- Dean
In reply to this message
I put up a Github issue with my thoughts on the recent update that replaced likes with upvotes/downvotes: https://github.com/bluesky-social/atproto/issues/347 - sylphrenetic
In reply to this message
pfrazee: am I correct in thinking that this change doesn't pigeon-hole implementors of ATP into ONLY using likes/dislikes, it just allows likes/dislikes as an option? so one implementation of the protocol could choose to not use dislikes at all, and only use likes as "favorites", and that wouldn't allow random people to start disliking posts on that implementation because that implementation isn't taking dislikes into account, right? - Dean
In reply to this message
The protocol shows both counters separately i.e.upvotesCountanddownvotesCount, so it's up to the client if they want to account for one or both - sylphrenetic
- Dean
- sylphrenetic
- Dean
- pfrazee
- pfrazee
- Dean
- I posted the same idea in #general-bsky:matrix.org but also argued why this might not be the best solution ^
Screenshots broken, here's a quote:
I think the solution in this case would be to have a downvotesEnabled attribute in the Post object where posts created on certain platforms cannot be downvoted (clients that prefer downvotes could apply a different algorithm to posts that have downvotes disabled)
(if downvotes are something definite for atproto)
Either way, the respective purposes of posts with either a Likes or Upvotes/Downvotes scheme are inherently so different that they might as well belong to two different protocols- pfrazee
- Dean
- pfrazee
- Dean
- pfrazee
- DeanThe main issue with voting on a decentralized protocol like this would be botting, where botting with Likes generally leaves no lasting negative effect on any third party (if someone bots likes on their own posts the user can lose their followers' trust/goodwill), basically only affected upon oneself, but botting with downvotes could be a simple but effective way to negatively impact others(edited)
- pfrazee
- whyrusleeping
- pfrazeewhyrusleeping: if we dont show downvote counts, I can see the logic to that but I'm concerned about hiding them flat out, because people might wrongly think they cant be revealed. But again I'm open to thoughts
- whyrusleeping
- Dean
In reply to this message
Maybe clients can show downvotes as "reports" and only show a count of reports from accounts that you follow - George AntoniadisI assume servers can chose/code how to display/deal-with votes, and how they affect the ranking algorithm? ie I'm a fan of how HN deals with votes, but on a more federated system I'd like to also have a sort of "web of trust" thingie that friends' and friend of friends' votes have way orders of magnitude more significance. (issue here is that following someone does not make them a "friend" or trust-worthy person which is another issue)
- pfrazee
- Dean
- @numero6:codelutin.com(not so off-topic) I sometimes view upvote and downvote has reducing emoji reaction to only allowing two emojis: 👍️ and 👎️. Any system who allow more emojis may have more algorithmic possibilities. I know that FB scored post differently if those had ❤️ or 😠 reactions. I understand the simplicity of +1, -1 and integers are easy to understand but counting emotions might be a more humanly way to "count" a post quality.
- pfrazee
In reply to this message
yeah that is the trick though, aggregation of reactions loses some meaning. I think it's great in chat but in public performance, I think you need to reduce it down to fast button presses- Dean
- @numero6:codelutin.com
In reply to this message
why does a public performance space wouldn't have one push button emoji reaction? (I know some ActivityPub app has those, including some Mastodon forks)(edited) - pfrazee
In reply to this message
1, it's at least two presses, sometimes with a scroll to find the right emoji
2, the purpose of reactions in a performance space is to affect its spread
3, it reduces the clarity of the metrics, which is your scorecard in the performance game - Dean
In reply to this message
If downvotes aren't expected to be delivered for content that breaks certain guidelines, then I suppose it would be for when someone disagrees with said post, which would not be a good basis for reducing a post's exposure(edited) - A good example being FTX happenings on Twitter in the past week. If exposure based on downvotes were a thing, many people may not have seen tweets with warnings of an FTX insolvency due to the large number of downvotes they might have received from FTX fans and token holders, which would have caused many people to not have withdrawn their funds in time.(edited)
- pfrazeeDean: youre making good points and if that's how it turns out, then I agree it's a problem
- Dean
- DeanBtw currently the override is that reposts don't show up on anyone's timeline 😅 https://github.com/bluesky-social/atproto/issues/346(edited)
Tue, Nov 15, 2022
- MightySpaceman (OLD -> m_spaceman:matrix.org)
Wed, Nov 16, 2022
- mikestaubNo pressure, but we may need this protocol sooner than we thought. https://twitter.com/IanColdwater/status/1592188128944705537
- @blahverse:matrix.org
- Aaron Goldman
In reply to this message
I think this is counter to the separation of server from application goal.
If you want to make a new application with different record types you can complete withbsky.appand if useful reuse some of each other's record types.
However the server should just be ATP and agnostic to your app so that migration remains trivial.To allow per server customization is to introduce vendor lock in to the protocol.
If you want to sell a custom experience make an app with the record schema that you want and let the users pick their servers.
- pfrazee
- Aaron Goldman
- @blahverse:matrix.orgInteresting. Thanks Aaron Goldman for the detailed feedback. I will look out for the beta launch to play different things out.
- b0gg3r
- mikestaub
- Aaron GoldmanI have been thinking about the analogy to talk about the relationship between PDSs, Apps, and Lexicon. I think browser features may be a good one. For the most part browsers from the beginning had mostly overlapping features. Some added unique features that the others copied. That has the risk of name collisions. After that the browser makers added vendor prefixes to features. `-moz-window-inactive` was made by Mozilla but was supported by chrome. In the same way Lexicon made bybsky.appcould be rendered by any app when it reads the Repo. Chrome is not Firefox but can implement a -moz-* feature if it wants to. The http server does not need to understand all HTML, CSS, and JS to serve the content. There are many browsers (apps) that can render content. But unlike the browser features that leads to the https://caniuse.com/ nightmare the Lexicon structure should give more structured fallbacks to common functionality. So what do y'all think is this a useful analogy or just too confusing to be helpful?
- mikestaub
In reply to this message
Ii think this is a perfect analogy. What is a shame with web browsers is that they don't know which APIs the website is using so if the site is depending on an unsupported API it will just break. Ideally apps could declare all the APIs/schemas they depend on in a manifest so clients can gracefully degrade. - Aaron Goldman
Thu, Nov 17, 2022
- airwaves
- pfrazee
- mikestaub
In reply to this message
conceptually there are the same though. CSS features and schemas both affect an apps ability to render properly. Would what be amazing is if the client could detect the schema and prompt the user to install a plugin to view it, like VSCode does when you open a Dockerfile - pfrazee
- pfrazeethe first is choosing the dividing line between publisher control and client control. The Web went through this exact thing; the notions of separating style from content and of "user agent stylesheets" were born out of a desire for client control. This is a matter of debate now but I'd argue "publisher control" won heavily on the Web, and that's largely because the Web browser is a thin client which transfers UIs
- plugin systems are hard but I'd wager the community will do some interesting experimentation there. Theyre hard in general -- hard to design well, hard to manage resource usage, hard to secure, hard to create a clean UX -- but then you have stuff like Apple making it hard to do that sort of thing on iOS with their policies(edited)
- Aaron Goldman
- mikestaub
In reply to this message
I think Chrome really nailed it with their extension model. This is the best example I am aware of. https://classycraig.com The user has full control of their own experience, if AT protocol can make the data layer as interoperable as the client layer, things will get super interesting fast. Fri, Nov 18, 2022
- James FanHi! Dear ! I am experienced in Full Stack Web & Mobile Application using ➤React, Vue, Angular, Django, Flask, Solidity, Golang ➤Python with AI technology, SciPy, NumPy, Matplotlib, Web Scrapping, AI, ML, DL, NN, Prediction, Decision-Making, Image/Audio & Video Processing, ➤Effective Algorithm Design & Analysis ➤Smart Contract, Blockchain, dApp, ➤SQL/NoSQL, Real-Time Processing, Multithreading, Automation Processing, Bot, Electronic Automation with Micropython. if you need my help, please send me DM! Thanks!
- Dean
- bsjdjjdj
- sylphreneticI noticed a problem today with ActivityPub and Mastodon: if I'm on server A and want to migrate my followers (and posts, but I don't think that's supported on Mastodon) to server B but server A goes completely offline, there's no way for me to migrate ANYTHING over to server B, I'd have to create an entirely new account and start from scratch. that's a horrible experience, analogous to if Twitter was to lose its entire database and require users to create all new accounts on some new server. will ATproto solve this in any way? I would hope I could take my data (posts and all) and up and move home servers to anywhere I wanted if my current PDS is online, but what if its offline? I guess I would have to have some data redundancy in there somehow, like my own offline copy of my data that gets updated every time my home server does (but with lower priority on speed, so updates could be batched to it over time, like when you get to be on wifi from a smartphone). are there any plans to natively solve this?
- @toneji:nibbana.jpsylphrenetic: Nice to meet you.
Isn't Huzzilla the one with the mechanism to guarantee DB redundancy?
I think even matrix has to be set up from scratch on another server if your main server goes offline.(edited) - Dean
In reply to this message
Auto offline backups should be an easy feat. Just set up a local indexer server that indexes only your own activity.- @toneji:nibbana.jp
- sylphrenetic
In reply to this message
I don't think it would be easy, per se, especially for the layman. I think there should be something built into the protocol to allow duplication of your data among multiple PDSs, with only one being the authoritative one and the others being backups (most likely hosted in the cloud by another service provider). - pfrazee
In reply to this message
We've got this as an actively watched UX decision and make a call based on what yall and test users are saying. Book is not closed, but no idea where it'll land - Daniel Holmgren
In reply to this message
the data is very portable. multiple copies can be stored in different places & if your PDS goes down, you can "restore" your account to another service. This could be another PDS in the network, a backup node, or even just local back up on your device. You may not want to include large blobs in a local backup, but posts & social graph can be backed up without much overhead Sat, Nov 19, 2022
- harshveer14
- @neilalexander:matrix.org
- Aaron Goldman
In reply to this message
Bluesky PBLLC is doing one for Node JS in Type Script. Not sure what others exist. But again it's early and subject to change which limits the motivation to make an implementation - George Antoniadis@neilalexander:matrix.org: why has some parts implemented in go as well, https://github.com/whyrusleeping/gosky/
- George Antoniadis@neilalexander:matrix.org: yeah figured as much, love your work on pinecone btw. amazing stuff. :D
- magicofazi@neilalexander:matrix.org: what’s your opinion of blue sky vs matrix
- @neilalexander:matrix.org
In reply to this message
In my mind they are not easily comparable. Matrix is more about multiplayer data structures and has a lot of complex machinery involved in making sure servers arrive at the same conclusion whilst operating independently (conflict resolution, auth rules etc), whereas ATProto seems to be much more about single entities maintaining and publishing their own conflict-free data structures that other people can just happen to peek into or interact with- magicofazi
In reply to this message
Do you think matrix can adopt the portable account features at protocol has? - @neilalexander:matrix.org
In reply to this message
Portable identities have been on the Matrix future roadmap for some time now and it’s bound to happen eventually, but don’t know how much it would resemble ATP’s implementation at a technical level - George Antoniadis
- Aaron Goldman
In reply to this message
What do you think about Theseus Identities?
Is there part of the portable identity problem you think this works poorly for?
- George Antoniadis
In reply to this message
Thank you for sharing this, this direction is really great.
Is there a specification for this somewhere public?Have you happened to have stumbled on KERI by any chance?
I think it fits nicely your notion of Theseus IDs (up to a point) and it might offer some interesting ideas.It's pretty much a series of "events" that change the state of the identity. (the main ones are "key rotation" and "delegated key rotation")
It uses a notion of a "next key" that the user can use to "rotate" to that key if their current one gets leaked/lost (similar to the "recovery key" mentioned in the video
Has a concept of a "witnesses" that can be used to pull the events for an identity, and to recover a lost "next key".
The idea of ticks doesn't really exist for ordering, but instead the moment two conflicting events are seen, both are considered invalid and the key needs to be rotated using the "next key".
Has some ideas in general def worth taking a look at (ie delegation). - Aaron Goldman
- Aaron Goldman
- whyrusleeping@neilalexander:matrix.org: ive got all the serialization working and most of a code generator for the rpc schema files done. I have pieces that together into a proper PDS yet though, but i can do all the client stuff thats needed
- magicofaziSo i'm the founder ofzo.me, we're forking the matrix protocol, creating global identifiers on a app chain PKI with economic security (ETH,BTC,etc) Servers or Zo Nodes hold local identities but users also hold global identities with social recovery allowing them to remain resistant from deletion by their home server/node
Sun, Nov 20, 2022
- @jan:cloudcheck.io
- magicofaziMatrix is pretty focused on building out synapse and has shown a disinterest in any crypto integration at the protocol level. My goal is to fork Dendrite, make it production ready, attach a global identity using a appchain based PKI on ETH/BTC, and have a token that is used for spam prevention and economic guarantee of identity data. The goal is also to use Rooms as a CRDT based Database and allow developers to build Local First JS Apps as mini apps
- George Antoniadis
- Aaron Goldman
- @penaiple:midov.pl
- pfrazee
- George AntoniadisAwh; it's the oracle poem all over again. http://dacut.blogspot.de/2008/03/oracle-poetry.html (seriously though, can we make the "Chilé con Kitty" this part of the spec somehow? :P)
- George Antoniadis
- George Antoniadis
- George Antoniadis
- George Antoniadis
- Aaron GoldmanMight be worth trying to answer this question in the bsky model. https://twitter.com/NuttySwiss/status/1594358607835201537
Mon, Nov 21, 2022
- mikuhl
- @numero6:codelutin.com
- mikuhl
- boscovn
- mikuhl
In reply to this message
I don't use linux so I am not sure exactly lol https://docs.flutter.dev/development/platform-integration/linux/building(edited) - jmcasey
Been playing more with the MST in rust. It'll deserialize from DAGCBOR and can use rocksdb to verify CIDs.
I've seen other implementations (such as adenosine bnewbold ) which use a SQL-like db almost as a "presentation layer".
Because I'm naive (or optimistic?), I liked the idea of avoiding a db other than the blockstore. If CIDs can be checked locally, and retrieved from IPFS, then why can't we traverse the tree instead of querying for posts in a db?
First problem is retrieval time from IPFS, but that's a bit out of scope here.
The second problem is that given the CID of a repo, it takes between 3 and infinite calls to the blockstore to resolve a post.
The third problem is I'm having trouble deserialising into ATP native objects instead of Ipld objects using serde, so I'm currently making an additional blockstore call on each recursion.
Now that I have it somewhat functional, it seems too slow to be viable. Not sure if anyone has thoughts on this - it might be the case that an additional db is the right solution here.
I'm not super happy with it but you can see the code here:
(edited) - Aaron GoldmanIf you want an example of a SQL built on top of a keyvalue store I recommend looking at myrocks. http://myrocks.io/
- committedjust got back from IIW conference, you might be interested in Authentic Chained Data Containers https://wiki.trustoverip.org/display/HOME/ACDC+%28Authentic+Chained+Data+Container%29+Task+Force
- jmcasey
In reply to this message
Sorry, who is the publisher in this scenario? The entity maintaining the db? - bnewbold
In reply to this message
rocksdb is a database! just a simple key/value database. sqlite is also quite simple and makes a totally reasonable key/value store.
adenosine mostly implements the atproto stuff using just the blockstore (which is also in sqlite, but that is abstracted away, any key/value store would work fine). meaning of the com.atproto Lexicon.
it does use sqlite tables for DID documents. those are mutable, so if you want to put them in IPLD you would need to figure out something like IPNS on top. for that matter the DID-to-root-commit mapping is mutable and you need to figure out some way to store that mapping - parts of the bsky stuff are stored in sqlite directly, in the form of "secondary views" or indices into the repositories. sure seems easier to have things like a table of who-follows-who and being able to do queries against that to generate author feeds and timelines. and SQL databases give you things like types and relations (foreign keys) to help you get this right out of the box
- jmcasey
- bnewbold
Tue, Nov 22, 2022
- bnewboldjmcasey: there is also this Rust implementation of a blockstore using RocksDB. it hasn't quite been released as a crate yet though
- bnewboldoops didn't paste link: https://github.com/n0-computer/iroh/tree/main/iroh-store(edited)
