How Decentralized Is Bluesky Really? https://dustycloud.org/blog/how-decentralized-is-bluesky/
A technical deep-dive, since people have been asking me for my thoughts. I'll expand a bit on some of the key points here in a thread. ๐งต
First of all, before I say anything else, my goal here is NOT to be mean to Bluesky's devs. I know there's a lot of fediverse-Bluesky rivalry, but I have enormous respect for Jay Graber and her team and I know they believe in their vision!
This started because I got some very kind encouragement by @bnewbold to write something. I'm trying to be technical in my analysis, not unkind. I hope that can be recognized, really and truly.
That said, let's get to the summary: Bluesky / ATProto are not decentralized or federated, according to my analysis.
However, the "credible exit" goal is worth perusing, and does use decentralization techniques! But it is not decentralization/federation without moving the goalposts on those terms.
Furthermore, I think Bluesky is providing something valuable: a lot of people are trying to leave X-Twitter *right now* because it has become a completely toxic place.
The fact that Bluesky's team has managed to scale to receive such users is incredible, nearly feeling miraculous.
On the fediverse we also see a lot of accusations of Bluesky being owned by Jack Dorsey, and this isn't true. My understanding is that Jay performed an impressive amount of negotiation to allow Bluesky to receive funding independently.
These days Jack Dorsey is instead focusing on Nostr, which I can only describe as "a sequel to Secure Scuttlebutt with extremely bad vibes where bitcoin people talk about bitcoin"
I participated a bit in the process of when Bluesky was Jack Dorsey and Parag Agrawal's personal project. I also believe Jack and Parag were sincere about Bluesky as a decentralized social network protocol that Twitter would adopt, which is the directive that Bluesky was given as an organization.
When Jay Graber was awarded the position to lead Bluesky, I was not surprised. To me, Jay was the obvious choice to deliver what Bluesky was being directed, and I do think Jay is an excellent leader
There is also something which Bluesky gets right which the fediverse does not. I mentioned that Bluesky uses decentralization *techniques*, and the most important of those is content-addressing. This allows content to exist even when a server goes down.
This is a great decision and I have advocated that the fediverse do so as well. In fact several years ago I wrote a demo in @spritely's early days showing off how one could build a content-addressed ActivityPub in a spec-compatible way.
So I have opened here with the things that Bluesky does well. As you may guess, we are about to move into critiques territory, and it's a lot of critiques from a *decentralization*/*federation* perspective. It doesn't erase the "credible exit" goals, which I think are good still.
Let's dive in...
What is the bluesky business model and how else than Jack Dorseys money will they be able to continue to pay salaries?
Nostr for example has NIPs and a community to contribute more proposals and it is simple so others could technically implement clients easily. I dont think you could say the same about bluesky.
Wikipedia says:
"Bluesky Social, officially named Bluesky Social PBC, is a privately-owned for-profit corporation. The company is headquartered in Seattle, Washington"
A frequent way of describing Bluesky's decentralization, including by Bluesky's team, is "it's like a bunch of blogs (Personal Data Stores), and then the relay/appview/etc pieces are like search engines"
This is a reasonable starting point for thinking about things, so let's run with it.
In fact ATProto's own tutorial even says "Think of our app like a Google": https://atproto.com/guides/applications
And indeed this is a good way to think about things. But it doesn't seem so bad, because we have Personal Data Stores like blogs, so probably things are fine, right?
While most people would argue that blogs and websites are open, few would argue that *Google* is open. So this is a curious place to begin thinking, and yet structually, it is actually quite apt.
PDS'es are like blogs, the rest is like Google. But relays/appviews/etc do a lot *more* than Google.
Relays, AppViews, etc don't just index information. Blogs and their interactions are generally slow-moving, but social media is direct and responsive. Notifications and fast interactions are key. So search engines, yes, but we should also think of these components of doing much more.
But let's stay on this blog/search engine analogy for a while before we unpack what it means on a *technical* level, which is interesting. Let's analyze for the moment from a power dynamics level.
Building a web search engine is actually pretty easy these days, you can do so with off-the-shelf tools. And yet there are only a couple of search engines *really*, Google and Bing (DDG mostly uses Bing). And yet the information is right there. *Anyone* could run their own engine. Why don't they?
Furthermore there is an interesting connection between blogs and social media: the death of blogs + feed aggregation directly aligns with the death of social media.
How many of you were around for the birth and awkward death of blog engine feeds? Because I was! Oh, remember Google Reader?
Feed readers are also simple, and in fact they were even easy to self host, even on the desktop! But Google Reader came in and was such a good design that everyone used it.
When it went away, blogs were still *there*. But blogging as a *syndication medium* died. One big player left, and it's gone.
This was sad for me especially; my favorite medium on the internet ever was webcomics. Webcomics still exist, sort of, but the loss of independent publishing and aggregation meant that they had to change to survive.
The shape of webcomics started to get shaped to the shape of Twitter's image box.
This may seem like an enormous aside, but it isn't. The big sell currently is that "you don't need to run a relay because you can run your own PDS!" but as I have illustrated here, the distribution and syndication power dynamics matter a lot.
So. It isn't enough to self-host your own PDS. Whether or not people can run their own relays/appviews/etc actually matters *a lot* if we want this stuff to survive.
So, can we? How hard is it to run your own AppView/Relay/etc?
Today, there is only one real organization running a Relay that really matters or an AppView that people use for anything other than fun aggregation of statistics. Nothing that resembles meaningful decentralization of the network. It's all run by one company: Bluesky.
But could we change that?
People are trying; most notably alice has done some great work recently: https://alice.bsky.sh/post/3laega7icmi2q
So now someone *can* run their own Relay (not the AppView yet, but maybe soon), and we're getting a sense of the cost and scale. This is good news; we didn't know before.
In fact we also have an idea of the rate of growth. Approximately 4 months prior, @bnewbold.net posted an article detailing how to run a Bluesky relay: https://whtwnd.com/bnewbold.net/entries/Notes%20on%20Running%20a%20Full-Network%20atproto%20Relay%20(July%202024)
This is great. We need more people trying to do so to get a sense of how decentralized things can be.
Just focusing on storage, in July @bnewbold.net estimated the amount of storage expected to run a Bluesky relay is approx 1 terabyte. In just 4 months at start of this month (November), alice estimates nearly 5 terabytes.
This is a fast growth rate and this is *before* the big post-election influx.
I tried estimating how much this would cost; as a lazy approximation I dumped a 5 terabyte machine into seeing what Linode would cost to self-host, and it was approximately 55k a year: https://bsky.app/profile/dustyweb.bsky.social/post/3lah5n3kld42q
That's a lazy estimate, but that's also what many people make in the US every year
However @bnewbold pointed out, correctly!, that there were cheaper options available. If we used even Linode's block storage, it would be cheaper (but still expensive) for the storage component, and this is true https://bsky.app/profile/dustyweb.bsky.social/post/3lah5n3kld42q
In fact @bnewbold and alice had gotten the server down to just close to $200/month in their estimate, much much cheaper than I had, by choosing a dedicated server plan. Much cheaper!
But there's a problem though; that's cheap because you've got a server that has a dedicated disk...
Even if we look at the dedicated hosting provider that @bnewbold provided in June and scale the cost to the pre-election storage requirements, we are adding on a massive amount of cost every month, over $400/month more.
But worse, we have reached the limits of what is possible to do with a dedicated server. We *have to* move to abstracted storage from this point forward because we're starting to hit the limits of what's offered for cheap dedicated storage on one machine. And this number will only grow, and as said previously, is growing at an enormous rate.
I have spent a lot of time focusing on the cost of storage, but storage is only one cost required. These estimates have been done so far against servers that *nobody is actually using*. The cost of servers that people are using will be much higher, because more needs to happen than just store things.
And that is not even to mention the challenges with administrating, dealing with takedown requests, illegal content, etc, which are probably much more serious.
Let's take a break, the analysis of server costs is boring and I don't like doing it, and I'm sure people will throw numbers at me of the absolute race-to-the-bottom hosting numbers they can find to store and run all this stuff, but really that's not interesting to me.
Let's do a comparison.
Remember that the idea of "fully self-hosting" on Bluesky/ATProto at this point is primarily abstract; nobody is really doing it. But of course there's a place where tens of thousands of people are running their own servers for millions of users, and that's the fediverse/ActivityPub.
As said, tens of thousands of people are self-hosting *today*. Fediverse software doesn't just scale up, it scales *down*.
GotoSocial is cheap enough on resources where you can run it for family and friends on a raspberry pi or spare laptop you have sitting around.
Now you're hitting the point in this thread where some of you may be thinking "aha! this is where Christine is saying that the fediverse/activitypub are awesome and atproto is terrible!"
you have NO IDEA HOW MUCH I CRITICIZE THE FEDIVERSE ALL THE TIME, I do it all the time, and will later here
The fediverse has a lot of flaws. Oh trust me, we're gonna get to that.
But comparison-wise: what I mean to say is that architectural decisions matter, and scaling up isn't the only thing that's important, *scaling down matters too*.
If you care about decentralization, anyway.
Now look, we're about 1/3 of the way done here, there's a lot more to say, and a lot more said in my article, it's about 24 pages long if you print it out.
This is because in the age of TikTok I somehow have decided to model myself after David Foster Wallace, sorry
"Consider the Fediverse" I guess
But now, I will break for lunch. Enjoy your intermission because I will be back. We still have to get through the remaining 2/3 of the analysis, after all.
======= LUNCH BREAK HERE =======
yeah. twitter was dorsey and now is musk.
bluesky is a for profit company and can be bought as well.
@cwebber just wrotr a polite article, but essentially stating very clearly that bluesky is de facgo neither decentralized nor architecturally designed in a way that would allow it. Their decentralization is pure misleading marketing ... you could call it a scam as well, but that wouldnt be as polite
Your chart is ready, and can be found here:
https://www.solipsys.co.uk/Chartodon/113528765697411416.svg
Things may have changed since I started compiling that, and some things may have been inaccessible.
In particular, the very nature of the fediverse means some toots may never have made it to my instance, in which case I can't see them, and can't include them.
The chart will eventually be deleted, so if you'd like to keep it, make sure you download a copy.
@cwebber if you could convert this thread to TTS narration and attach it to some subway surfers footage I'll be set
Okay I am back from lunch, time to resume my analysis thread for "How decentralized is bluesky really?" https://dustycloud.org/blog/how-decentralized-is-bluesky/
I have been receiving a lot of notifications, I am not reading any of them until I finish with this so bear with me, BEAR WITH ME, we're gonna make it through
And before we make it any further can I say that I watched a nice medley of David Bowie and Cher singing, and it was so lovely https://www.youtube.com/watch?v=KPlN8RBP-Ws
@mlemweb said "of course it's very heteronormative despite having two queer coded icons on the stage and ISN'T THAT THE WAY I guess
But where was I? Oh yes. We had talked about why PDS'es aren't enough (blog/google analogy), relative costs of hosting things on ATProto vs ActivityPub, etc etc
But we haven't gotten into the really interesting parts which are the structural analysis stuff, so let's move onto that
Now you may be saying, "Christine, this is really unfair, because you're looking at ActivityPub servers which are only dealing with a small amount of the network, what if it were an ActivityPub mega-node? What are the costs THEN huh?" and "What if we hosted just PART of ATProto?"
What then INDEED
ATProto is not designed for the Relay and AppViews to only hold part of the network, not *really*, and ActivityPub is. We'll get to this in a moment.
But Bluesky actually has good justification for this! I will defend it insofar as Bluesky was making a serious *design decision*
Remember the directive that Bluesky was given: develop a decentralized protocol which Twitter can adopt. That informs a lot of things, and has meant that Bluesky was really very ready for this moment!
If you're an ex-X-Twitter user then by god, you're going to be amazed! It's just like Twitter!
This informs some other things:
- Bluesky's gotta scale BIG and do so FAST (scaling down: not a priority at all)
- It has to be something Twitter can adopt (of course, not anymore, but initially)
- Everything on ATProto is public (yes, everything, including your blocks btw, we'll get to that)
But here's the other thing. People have trouble with the fediverse! All those decentralization decisions get in the way, my god, you've got to choose a server, search doesn't work well (actually it could but it's a cultural thing, different topic), and worst of all:
Sometimes you DON'T SEE REPLIES!
Actually all these critiques of the fediverse are TRUE, these are known challenges, and actually it's not really so bad, but it could be better, and at any rate, Bluesky made a major decision to simplify a lot for new users, and they have. Things seem to just work for people! Incredible!
The thing you often get seen thrown around is "it's amazing, I had no idea a decentralized protocol could just work like that! How on earth did they solve that in a decentralized system and so FAST too!"
It's simple: all those things "just work" because Bluesky is centralized.
Now yes, they are using decentralized techniques. Remember when I said content-addressed storage is a good idea and the fediverse should do it too? IT IS! (And as I also said, it's actually fully possible for the fediverse to do, more on that later.)
But the reality is, it's still *centralized*
@cwebber fabulous! Stuff to ๐
You mention "Message passing" vs "shared heap" architectures and it occurred to me how fast this shift to pioneering in "decentralized/distributed solution design" space and entering entire new computing paradigms currently is.
Where once more tech is running way ahead of responsible use. Technically all is possible. Reality is we stumble ahead, no best-practices, impl on-the-fly.
We take as it were big bets on future direction, may overlook externalities.
1/..
In every meaningful way from a power dynamics perspective *EXCEPT* the category of "credible exit" (which I am saying and agreeing is a good idea!) Bluesky is centralized.
MAYBE another big corporation could come along and host all this stuff but that's adding a Bing to our Google
Not only are the implications of the BS shared heap architecture easily overlooked and consequences come later, this has been the de-facto approach for any decentralized web technology thus far, including AP. Where hard-tech mindset and focus dominates.
And yes, the complexity warrants all that attention.
Yet there's less thought and attention payed to how DX, UX system / application / solution design should cope in the higher levels of the stack, and esp. in FOSS circles.
2/..
Yes, you can host your own PDS. You can also host your own blog. But try hosting your own PDS and NOT hosting a relay or AppView and you can't do much.
Blogs are decentralized, Google is not.
PDS'es are decentralized, Bluesky is not.
Making it extra hard to bridge the technology adoption chasm beyond early adopters, while the decentralized ecosystem suffers protocol decay.
Re:new computing paradigms.
> "local-first p2p social networking at scale"
.. someone said.
That buzzwordy sentence might see us enter a new exciting social web of adventure, if we don't squander the opportunity.
Technical all is once again possible. Martin Kleppmann inspires with generic local-sync protocols, universal back-ends, etc.
3/..
We're getting to the point where we get to why I'm so damn frustrated about this and have been biting my tongue until it nearly comes detached from my mouth: users THINK Bluesky is decentralized because they're TOLD Bluesky is decentralized
AUGH! *That's* what drives me nuts.
Here's an example of this problem in action
fry69: "The working search box was the second thing that impressed me on Bluesky, I thought that was not possible with a decentralized model"
Sorry fry sixty-nine I regret to inform you the reason search works so well is that it's centralized! THAT'S WHY
But thinking about exploring technical possibilities is way out of lock-step again, speeding ahead of how one would use this shiny technology to build useful things on top of in the best possible way.
I have difficulty wrapping my head around picturing a local-first social network at scale where CRDT's p2p synchronise application state and data of all actors - people, apps, services - in the social graph between 1,000's of peers. So many options, what approach is even feasible?
4/..
So hold on, let me set some terms for "decentralization" and "federation" that I think are reasonable.
> Decentralization: the result of a system that diffuses power throughout its structure, so that no node holds particular power at the center.
Pretty reasonable. Do you agree? I hope so!
Meanwhile there are already hundred or more local-first projects and vendors who are independently building "the right way", in other words fragmenting into indvidual explorations with little cross-pollination and co-creation.
Why isn't there already an IETF local-first working group, or something similar?
Well.. someone should step up to the plate to do that, that's the wait now. Lotta work for volunteers and no funding beyond hard-tech. So this is up to vendors then, I guess.
5/..
Unrelated to this thread it occurred to me how much time and energy we waste by endlessly sifting through untangled mess of complexity with different viewpoints and perspectives leading to Babylonian confusion and overlap all the time in discussions.
Bluesky had a big advantage, in that they could forge ahead, highly focused as a close-knit team exploring greenfield technology. They set sail, just tapping the chaotic information stream for collecting stakeholder feedback.
6/..
Okay how about "federation" now because this is a *technical term* that the *fediverse has established* and I'm kinda PO'ed about the goalposts being moved on this one.
A lot of people coming to Bluesky have never heard of "federation" before in a social network so listen up this is important!
Now if we look at AS/AP ecosystem, there is a problem as the storm of discussion on vNext of the protocol or choosing alternative directions, goes on unabated, and no one seems to be coming to any kind of real consensus.
It almost looks like we once again must leave that to the vendors to sort out, when they enter the 'fedi market' en masse.
Ideally we want to have multiple commons-controlled focused and productive working groups that elaborate various themes of the social web.
7/..
Here's my definition of federation:
> Federation: a technical approach to communication architecture which achieves decentralization by many independent nodes cooperating and communicating to be a unified whole, with no node holding more power than the responsibility or communication of its parts.
Now historically, federation has been achieved on the fediverse via "message passing". Actually, this is to the degree where I just always associated message passing with federation, but really, federation is about the distribution of power, creating an abstract whole in a sea of autonomy.
Thus I had the idea to write a proposal to start, what I call, a fellowship that runs an open social web laboratory, and is able to separate the general discussion to focused input for working groups to quickly iterate on a theme, in a similar way to how BS operates now.
See for info: https://discuss.coding.social/t/proposal-start-a-fellowship-to-explore-the-social-web/571
The idea is follow-up to "Vision for fedi spec" feedback gathering that @helge initiated, as a means to cope with the broad subject area.
See: https://discuss.coding.social/t/wiki-vision-for-a-fedi-specification/563/24
/end
Maybe there is another way to achieve federation, but it's about the power dynamics. It's a technical immersion of power dynamics, the flow and interchange of cooperation between many parts.
So you may say, well, doesn't ATProto have that? After all, messages flow through the different parts!
Tangential, but to add some more spice to this..
We need more fellowships like this, who explore yet other areas together.
Like for object capability social web at scale.
A couple of years ago, when you were still on Spritely Project, you sent out a toot out in which you sighed that once spritely technology would be mature enough for widespread use, it would probably be already too late.
The institute to the rescue, I guess. Valid and prudent choice.
1/..
ActivityPub, as it turns out, follows the actor model of computation. Okay, many people implementing the fediverse don't know about the actor model aspect of ActivityPub but I am here to tell YOU, dear reader, that it is an important thing, not a detail
It is still hard to hook on to spritely unless you have deep technical expertise. That means most others (large group) are in wait-and-see necessarily.
Choice is perfectly valid, because its the foundation team's own initiative.
Is it the best tech introduction strategy? Best technology adoption model to use?
Your community and ecosystem have to catch up, once you say "it's time for fun".
Randy's community pattern language might serve to unlock upper-stack stakeholders now.
I'll take one more note about federation which is that often time the message passing mechanism of the fediverse is often called "federation", but theoretically another mechanism could exist, but I'm actually not so sure of that.
There's a reason the actor model and the lambda calculus are undying
Because that is highly tangential from spritely core technology, fanning out into vast scope, you might offload that to a fellowship that can facilitate multiple independent initiatives at the same time, not just spritely but also see an ecosystem of convergance and increasing alignment, rather than fragmentation as per the norm.
Oh god Christine said "the lambda calculus" did you know she's into lisp and functional programming, what's she going to talk about next monads?!?!
I am not going to talk about monads. Not TODAY
But we do need to get a better architectural idea of how these systems work because it matters a lot!
So let me introduce two models of communication which we can use to analyze these two systems. It's important!
- Fediverse/ActivityPub: "message passing"
- Bluesky/ATProto: "shared heap"
Okay, cool, terms established, let's talk about them and why they matter because they matter A LOT
"Message passing" is what ActivityPub uses. It's "like email", people say, and that's true.
Actually it's even a lot like physical mail. You write a letter, you say where it should go, it gets delivered to your house.
Message passing. The world runs on it.
Now I can use message passing to send a message to you *directly* and indeed, that's "like email". For one-to-one correspondence, that's enough.
But it's not enough for a followers/following type mechanism. But we can build it on top! Thank *you* computational abstractions!
On top of "message passing" we will build "publish-subscribe" as a second-layer abstraction
"Your ideas are interesting and I'd like to subscribe to your newsletter."
You send me a letter saying you'd like to hear the things I have to say, okay, you're part of the reader list. That's how it works.
On top of that we can build even more abstractions and the net result is that this is how federation works in pretty much every "federated" system I know.
ActivityPub does some extra work to help you see replies on a thread, think "letters to the editor". This is a bit lossy sometimes though
It's true that sometimes users click over to a thread and see some replies but not all on their instance's UI. There's things that could be done to improve it, but it's sometimes mildly confusing, but not so bad, and you can click over typically to see whatever else is happening, and people learn to
I actually think this is improvable but I mostly don't care because this isn't as big a complaint as people tend to think it is on the fediverse, the other concerns like "what instance do I pick" tend to be bigger and "oh no my server went down"
That can be improved, we'll talk about that later
So okay, the federation is "message passing" and like email, or physical mail. You have an idea how it works.
Now we need to get to that other thing, a "shared heap" architecture. What on earth does that mean?
If "message passing" is like "mail comes to your house", a "shared heap" system works differently
In a "shared heap" system, all the mail gets dumped at the post office, and in the most naive version, you go over there and read through every single piece of mail to see which one is relevant to you
There is no "directed delivery" in a "shared heap" system, which means you are stuck with two things: either a "god's eye view" (Bluesky) or "even lossier about replies than ActivityPub" (Secure Scuttlebutt/Nostr)
The Bluesky approach to the "shared heap" is that *everything* goes into the big, centralized shared heap. Bluesky takes a "god's eye" view: it knows everything, and so knows what all your replies are, and can give you perfect search.
Secure Scuttlebutt / Nostr... well long story. Lossier, I'll say
You can imagine the physical world version of "message passing" already because you already live in this world. Messages come to your house or apartment building or whatever
For Bluesky's "shared heap" architecture, you'd have to build a whole addition to your house for everyone's mail
That's exactly why running a Relay or AppView is expensive: you're building an addition to your house for all the world's mail.
Eeep! That ain't cheap. That's why I'm saying: decentralization also means the ability to *scale down*.
Look, I know that I've been hitting this nail on the head for a while but: the web is open, blogs are open, but Google isn't open
But you could run your own Google, in theory. You could index the web. So why aren't you?
Ah yeah. Same thing here. That's what I mean, that's why it's centralized
Now as I have said, this is a *design decision*. And remember: most users of Bluesky really *don't care*. Decentralization is not their focus, they're trying to get the hell off the nazi hellscape that Musk's toxic reign of Twitter has become.
Bluesky's architecture, actually, is great for them.
If what your *goal* is to get off Twitter, then Bluesky has solved it. They solved it by building another Twitter, and this time it's open source, which is cool! And it might have this "credible exit" thing.
But god damnit it's not decentralized and it's not federated stop TELLING people that
"Oh Christine you're being sensitive"
Maybe, but there are real consequences to this. What if Bluesky/ATProto fails? "Oh well we tried decentralization and that didn't work." If people think something is something that it isn't, then that's a real problem.
Users, clearly, think a lot more of Bluesky is decentralized than it is, and realize less of the consequences than they should. This really worries me. Blocks and DMs are both great examples of this.
Blocking first. Bluesky's decision to have *everything* public means that it is expected that every participating node knows *everything* about who's blocking *everyone*.
"This is consistent with how blocking works on Twitter/X" their paper says
But wait, I'm pretty sure that one's not true though
It is ONE thing to be able to block JK Rowling and for you to see that JK Rowling is blocking you.
It is an ENTIRELY DIFFERENT THING for ANYONE to see who is blocking JK Rowling and who JK Rowling is blocking
This one is shocking to me: this seems like a vector for abusive actors
Now to be completely fair this is something that Bluesky's devs are interested in potentially changing: there is an open issue to discuss the possibility of private blocks https://github.com/bluesky-social/atproto/discussions/1131
What I am saying is there are architectural consequences to fundamental design abstractions
Yes, I may sometimes seem silly over here, SICP-hugging fangirl, come on we're just trying to build things that *work* over here
Look I'm a lisp lady, I know the realities of "Worse Is Better" more than most, I now the right CS designs don't win
But Conway's Law flows in two directions!
You know what, we'll come back to "bidirectional Conway's Law", let's talk about Direct Messages for a minute because I think those are telling
Direct Messages in Bluesky, wait how do they work if ATProto is public?
Did you guess?
DMs are centralized! All DMs flow through Bluesky
Now to be completely fair Bluesky is clear about this *in their blogpost announcing DMs*, but just like this thread, I doubt nearly anyone has read that far (am I talking to the void? I don't know, if you actually have gotten to this message reply with "I found the easter egg" or something)
The thing that is telling to me about DMs is that we *have* federated direct message protocols like XMPP which have been around for ages; if Bluesky wanted to they could have tacked that on pretty quickly, E2EE or not. It still would have been decentralized at least
The point is that I have *seen in the wild* people saying "Oh yeah Bluesky added DMs to their decentralized protocol" and augh
I know they aren't claiming this but it's very clear to me that people are reading things as being completely different architecture than it is
But to Bluesky's credit, Twitter's DMs aren't decentralized either! And getting and shipping something that works, now for the influx of Twitter users, again... I am sympathetic
Bluesky's team is doing an INCREDIBLE JOB in that way of scaling to meet the incoming stream of Twitter refugees
On that note, again, I am not reading the replies right now because I am (a) afraid to and (b) I'm never gonna finish this and we are a bit over HALFWAY THROUGH the analysis but I have this fear that EVERYONE is mad at me, Bluesky fans, fediverse fans
I am trying to be analytical. I am trying!!!
I said we are about halfway through and criminy we're halfway through the afternoon, I need a break to get some tea
We have a few big topics left:
- Decentralized identity, how does it work (magnets too, yes)
- The Org is a Future Adversary
- Christine critiques the fediverse
- Wrap up
And so, it is TEA TIME
Go get yourself a hot beverage. Put honey or agave in it, if you like. Dairy, or perhaps, non-dairy, if you prefer.
=== BREAK TIME! Time for tea! ===
Okay, I am back and I am back with tea! I made "black tea with ginger" and I put some whipped honey in it. I also made tea for my spouse
I am drinking out of an oversized mug from @baconandcoconut that says "I'm that person who likes to serve on open source program committees", which is not actually accurate but I do anyway
I am also sad about the US House of Representatives being shitty to trans people who work there and are just trying to make it through the day
I used to do data modeling contracting for the US HoR on our legal system, true story, which sends me back to a time when I did a lot of data modeling
A lot of data modeling I did in that time was in the W3C Verifiable Credentials group that was working on Verifiable Credentials, zcap-ld (my spec), and, oh hey, Decentralized Identifiers (DIDs, the name is not my fault)
So actually I was pretty excited when I heard that Bluesky was gonna use DIDs!
Back in 2017 I wrote a whitepaper: "ActivityPub: from decentralized to distributed social networks" and it also suggested using DIDs https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/final-documents/activitypub-decentralized-distributed.md
I no longer think DIDs are necessary to solve this, but then and now I think *decentralized identity is important*
In that sense, I am really glad Bluesky is taking on decentralized identity, as a concept! And DIDs, in a way, are a good signal.
But there are several problems, the first of which is: Bluesky supports two kinds of Decentralized Identifiers and they're both -- you guessed it -- centralized!
Before we get there, let's talk about what the DID spec was and what DIDs are. The core DID spec is an *abstract interface* for key management which provides a way of representing keys (and some other metadata) which can be created, retrieved, and updated/rotated.
So far so good...
The other requirement you would expect, based on the name, is that Decentralized Identifiers are *actually decentralized*.
When I got involved in DID work, that was actually the expectation of everyone. Then it was loosened. What? Why on earth?!
The reason actually stems from the first centralized DID method that Bluesky supports: did:web.
did:web is centralized, and kinda useless. It just works by a regex rewrite of the DID's name to an https URI and then it's retrieved. Anywhere you use did:web, you could have just used an https: URI
"Now wait Christine, didn't you say earlier that the web is decentralized and open? So therefore, did:web is decentralized and open"
Yeah but the naming system of the web is CENTRALIZED
We use DNS and ICANN (and then we add another centralization layer with TLS/SSL CAs)!
Everyone in the DID standards space KNEW that did:web was centralized, so why on earth was a centralized identifier permitted for something named "Decentralized Identifiers"?
The answer is easy. did:web is easy to implement, many DID methods were not.
did:web existed for test suites.
I was kind of exiting that particular area of standards when this happened but colleagues will tell you that I, and some others, were deeply upset and troubled by this
"Sure having a nearly no-op DID to pass the test suite is helpful but it shouldn't be labeled as a DID, people will get confused!"
Confusion, on its own, is one thing. But the problem is when confusion turns into decentralization-washing.
"This is going to turn into decentralization-washing!"
"It's just to pass the test suite!"
[... time passes ...]
"Actually we like did:web now, it's a DID method everyone can implement!"
And of course once the door was open to did:web, the door was open to everything! Decentralization is now no longer a requirement for DIDs. You can make a centralized DID method and call it a "Decentralized Identifier" and you're right because it implements a spec named "Decentralized identifiers"
But it's ONLY EXPERTS IN DIDs WHO UNDERSTOOD THIS
Most users hear "Decentralized Identifiers" and they think they know what's being delivered, the distinction between the *spec* being called that and the *mechanism used* being centralized... you have to go digging to find that out
So did:web is not only useless, it misleads people about the problem domain entirely, but hey it's now the most broadly deployed DID method in the world, congrats everyone!
Speaking of centralized Decentralized Identifiers, did I mention that did:plc is centralized?
For that matter, where did the term did:plc come from? Early versions of "did:plc" documentation called it the "Placeholder" DID method, that's what it stands for, to motivate changing it later
Well the docs no longer say that, it now says "Public Ledger of Credentials"
Good backronymn, but...
did:plc is centralized, and that bothers me because once again, users think something is more decentralized than it is, because they're being *told* it's decentralized
The particular way in which did:plc is centralized doesn't bug me too much but once again, few users have read into this
If you read the documentation of did:plc, they're actually quite upfront about did:plc's centralization being non-ideal. That's good, I appreciate that. Again, you gotta dig though, and the name misleads (which is, to be fair, the original sin of the DID Working Group)
(aside: wow my eyes are getting tired from staring at my monitor while I recap of what was a 24 page blogpost, why do I do this to myself)
Aside from being irritated about the name misleading, I don't mind the centralization of did:plc too much (other things, I am more concerned about, we'll get there)
There's one organization that can be queried via their API that keeps a definitive list of certificate and their updates
In theory, once a DID is registered with Bluesky, it cannot be altered by Bluesky, because a cryptographic update from the original key is necessary; it's a certificate chain, a good design
Bluesky can refuse to share did:plc documents or their updates, but it can't manufacture updates
This is pretty good tbh, it lowers the stakes a lot to have certificate chains
I love certificate chains, certificate chains are great
Honestly, having a centralized registry for them, it's not the best but it's not the worst (aside from that damn naming thing)
However...
There are some strange, strange things about did:plc that heightens the centralization concerns and, well
I'm not a cryptographer, but some of my good friends are cryptographers, etc etc. I got some... reactions to what is to follow
The first strange thing to me is that did:plc uses sha256 and, AFAICT, not sha256d (which is really just running sha256 again over the hash). Unless I am missing something? Am I wrong?
Maybe it's not a concern because of doc parsing but it's best practice to protect against length extension attacks
The next concerning thing is that did:plc truncates the hash to just *15 bytes* of entropy.
I'm... again I'm not a cryptographer, but why throw away all that delicious entropy? So the did fits in 32 characters? Weird choice, and it means collisions are cheaper
This is public information, I don't need to file a CVE to tell you about the truncation of entropy. I am, again, not a cryptographer. Maybe it's fine?
I do remember the Debian short IDs fiasco tho https://gwolf.org/2016/06/stop-it-with-those-short-pgp-key-ids.html
Why not hold onto all the entropy you can get?
DIDs weren't meant to be seen by the user; cryptographic identifiers in general *shouldn't be*, they should be encapsulated in the UI.
We'll get to UI stuff in a bit.
I just don't understand this decision though, it just seems weird to me but maybe a cryptographer will tell me it's fine, actually
At any rate, I continue to not understand it, maybe it's fine, but it did play a part in that "Hijacking Bluesky Identities with a Malleable Deputy" blogpost, which is fascinating and, unlike me, is written by a Real Cryptographer (TM) https://www.da.vidbuchanan.co.uk/blog/hacking-bluesky.html
Good post btw
One way in which the truncation shows up in that blogpost which I thought was curious is that the attack involved generating a *longer* truncated hash
The fix ended up resulting in codifying the hash length: 24 characters, and no longer https://github.com/did-method-plc/did-method-plc/pull/31
There's another thing about that blogpost that caught my attention. I will just quote it:
> However, there's one other factor that raises this from "a curiosity" to "a big problem": bsky.social uses the same rotationKeys for every account.
> This is an eyebrow-raising decision on its own; apparently the cloud HSM product they use does billing per key, so it would be prohibitively expensive to give each user their own. (I hear they're planning on transitioning from "cloud" to on-premise hosting, so maybe they'll get the chance to give each user their own keypair then?)
Anyway that's the quote and presumably this must be changed. I haven't looked, but I can't imagine they're still doing this today (are they?) but the fact that only one key was ever used in production for expense purposes is a strange decision
At any rate, that decision was used to create a kinda confused deputy-ish attack, which is why it came up in the blogpost, and anyway, hi, I'm not a cryptographer, momentary reminder that I am not a cryptographer, but I have designed cryptographic certificate chains and I was pretty shocked by that
At any rate, one way or another, you can presumably use did:plc to move yourself from one server to another so in the interest of "credible exit" this is a good choice
Though, one might take a moment to ask: who controls the keys if you *do* want to move?
Bluesky has identified, I'd say correctly even, that key management for users is an *incredibly* hard thing to do.
But the solution, once again, ends up pretty centralized: for all users on Bluesky's main servers at least, Bluesky generates and manages the keys for them.
I am, once again, kinda sympathetic and kinda unsettled simultaneously.
- Sympathetic: key management *is* hard and we just don't have the UX answers to solve that, and Bluesky is once again trying to deliver to Twitter refugees
- Unsettled: it's centralized, but... there's something *more* troubling
The big promise here, the "credible exit" side of things is that for most users, the vision they have is that if Bluesky gets bought by a big evil company, no problem, move somewhere else
But for those same users, Bluesky still *controls their keys* and thus *controls their destiny*
Regardless, Bluesky has this "your domain is your id!" thing, and that's pretty cool, the domain maps to your DID and your DID maps to your domain
Well, I'm not gonna get into this in detail here, I do on the blogpost if you wanna read it but, the cyclic dependency might be an actual cycle
tl;dr on that UX part:
- users only know domains, they don't know the DIDs
- turns out that's a phishing attack when those can change at any time
- if bsky.app ever goes down how do you actually know I *really* mapped to that name
- and a whole lot of "liveness" problems that enter there
in addition to this long-ass thread there is a long-ass article and if you care about things like "zooko's triangle" maybe read that version, the rest of y'all can move on we've got other stuff to cover here
It is time for TEA BREAK 2: THE REHEATENING
I will also go to the bathroom
TMI? If you've read this far into this weird thread I am already giving you too much info
=== TEA BREAK 2 ===
I have returned, with tea
I am still not reading notifications. Well, I have seen a few fly by on the fediverse which is blipping and blooping nonstop in the Mastodon UI so people are clearly reading it there
Bluesky says "30+". How big is the +?? I will resist temptation to look and assume "31"
"Where are we going with this Christine?"
Well you could have just read the blogpost but 3 more sections remain, we are approximately 2/3 there
I know, bear with me, what is left is:
- What should the fediverse do?
- Preparing for the organization as a future adversary
- Conclusions
Yes, I changed the order of the remaining sections, not from the blogpost but from the last time I said what was left on this thread
pray I do not reorder them again
Before we get into the next section, earlier I left an easter egg, which you could reply to and say "I found the easter egg" or something
Now you can put 2 eggs
I 2 was once an egg
(Look I specifically transitioned so I could never be accused of making dad jokes again so that does not qualify)
Alright you've heard enough critiques of Bluesky for a bit and I SAID I was gonna critique the fediverse and I am a WOMAN OF MY WORD
So let's get into it!
I have actually critiqued ActivityPub and the fediverse a lot! I have kind of never stopped critiquing it, ever since the spec was released. There's a lot that can be improved!
I have even gotten criticism from AT LEAST ONE ActivityPub spec author for critiquing AP-as-deployed but I do anyway
Actually something that is funny about ActivityPub is that there's "ActivityPub the spec", which I think is pretty solid for the most part, and "ActivityPub-as-deployed"
Many of the critiques I'm about to lay out we left holes in the spec for which I hoped would be filled with the right answers
One thing we have already discussed so, before I will say anything else, I will repeat: content addressing is really good, and I'd like to see it happen in ActivityPub, and it's *possible to do*, I even wrote a demo of it https://gitlab.com/spritely/golem/blob/master/README.org
Bluesky does the right thing here, AP should too
Content addressing is important. It should not matter where content "lives". It should be able to live anywhere.
A server should be able to go down, and content should survive.
Go content addressing!
Actually with this and several other things I am going to bring up, I actually made sure there was space to do things right: there was a push to make ActivityPub "https-only"
I pushed back on that, I didn't want that requirement, and it was exactly for this reason: enabling content addressing
This isn't the only time I left a critique of ActivityPub-as-Deployed as opposed to ActivityPub-as-it-could-be: see also OCapPub, which critiques the anti-abuse tools of AP as inadequate and leading to "the nation-state'ification of the fediverse" https://gitlab.com/spritely/ocappub/blob/master/README.org
Oh, and ocaps!!!
ActivityPub left giant holes in the spec around two things which sound the same but which are not the same: Authentication and Authorization
Trying to mix these two, you accidentally get ACLs, and then you get confused deputies and ambient authority, plagues of the security world
Anyway, if you know *anything* about me, you know I am a big fan of capability security (ocaps) and that's the foundation of our work over at @spritely
But we will come back to ocaps in a second because it turns out OCapPub is not the only time I proposed AP + ocaps!
The other time I wrote about ActivityPub + ocaps was in a proposal to, yes, Twitter's Bluesky process in 2020 with Jay Graber titled... "ActivityPub + OCaps"! https://gitlab.com/-/snippets/2535398
I think that document laid out all the right ideas for *the fediverse* (not saying bsky, the fediverse)
Now I want to be clear here that I *don't* think that proposal was necessarily the right one for Bluesky, and I *do* think Jay Graber *was* the right person to lead Bluesky
What I wanted to do required a lot more research, and we have done that over at @spritely instead
The reason I bring up the proposal here is that I think it has all the right analysis of *what the fediverse should do*, if it was going to rise to the challenge of fulfilling its true potential
So let me lay out what the things in that proposal were:
This likely got _fixed_ by the recent changes.
Here is your recipe for making the "Correct Fediverse IMO (TM)":
- Integrate ocaps, which is possible because actor model + ocaps compose
- Content addressed storage!
- Decentralized identity (notice the *y*, I did not say DIDs) on top of ~mutable CAS storage
- Petname system UX
(cotd...)
(cotd ...)
- Better anti-spam / anti-harassment using OCapPub ideas
- Improved privacy with E2EE ("encrypted p2p" even a better goal)
Whew! An improved fediverse?
"Uh, Christine, this sounds like a lot, do you think the fediverse can take this on?"
Spec-wise in ActivityPub, I think it's possible. The ecosystem, as deployed? I think the ecosystem can and will only do part of it, if we really get everyone excited, maybe the content addressed storage and decentralized identity parts, in which case the fediverse will also survive nodes going down
The ocap stuff, I tried getting fediverse implementers excited about this and tbh, it's pretty hard to design into a Ruby on Rails or Django style framework and mindset. Backporting the right designs to existing systems is a real challenge.
Especially ocaps need to go bottom-up.
For this reason, @spritely's tech looks like it's very focused on computer science'y low-level BS, but that's actually because it's *too hard to build the systems I want right now on top of current technology*, we need stronger foundations
But people have to build for today too
Let's leave the ocap stuff to the side for now, then. Let's focus on what Bluesky and the fediverse have to learn from each other.
- The fediverse should adopt content-addressed storage and decentralized identity
- Bluesky should adopt real, actual federation and decentralization
Of course, adapting an existing system as deployed isn't easy.
I will say though that I think if Bluesky were to become *actually decentralized* it would look a lot like ActivityPub in terms of having directed messaging. This will also introduce similar challenges around eg replies, etc.
To the end of the fediverse, perhaps I sound bitter, "they didn't adopt ActivityPub the way *I* saw it!"
The truth is that Mastodon didn't, but Mastodon also saved ActivityPub. It then painted a vision of the future that wasn't, at least, what Jessica Tallon and I expected of it. But it saved AP.
The fediverse and Bluesky, at great effort, could learn a lot from each other in the immediate term.
In the longer term, neither is implementing the ocap vision I think is critical for the big vision, and in a way, I think maybe neither can be easily rearchitected to achieve it. Well, not yet.
When I laid out the ideas of OCapPub to various fediverse developers, the response was "this sounds cool but I have *no idea* how to retrofit a Rails/Django app for this kind of actor-oriented design".
And they were right.
Remember when I said Conway's Law flows in both directions?
Conway's Law says that a technical architecture reflects the social structure under which it was built. But the reverse is also true. The social structures *we can have* are made possible by the affordances of the tools we have available.
"Tech problems/social problems": false dichotomy.
It's for that reason that @spritely, while aiming for a *socially collaborative* revolution, is first focusing on a *technical* revolution.
It's too hard to build massively, securely collaborative tools right now. With Spritely's tools, p2p ocap secure tech is the *default output*.
Remember when I said that IMO @jay.bsky.team is the right person to lead Bluesky and that I am sympathetic with many design decisions of Bluesky (even if critical of them for being non-decentralized)?
Bluesky is building what they can for a scale big objective. The tech flows from goals.
So too does the social structure flow from the tech. It does on Bluesky, and it does on the fediverse.
I won't elaborate further on this, I actually would like you to pause and think about it. In which ways are tech and social systems bidirectional, here and otherwise? It's important.
The vision laid out for the fediverse, both independently in my writings and even in Jay Graber and I's joint proposal... well, it's a big lift.
@spritely would like to see if we can retrofit our version onto ActivityPub. Time will tell if that's a separate thing.
And perhaps this is all my *massive* Cassandra complex speaking. I won't deny that I have one, for better or worse
Still, despite all I have said about both Bluesky and the fediverse technically, it is because I want a hopeful direction for all of us. Secure collaboration. More important than ever.
Let's take another tea break. (And another bathroom break. This teacup is massive.) We're getting close to done, I promise. Just two sections left, they're both much shorter.
Then I can finally brave reading my notifications.
Maybe.
== TEA BREAK THE THIRD: BEVERAGE TRIFORCE ==
Hello, I am back again. Did you miss me? I still am not reading notifications.
Help I started writing this summary at 11am and it is now 6pm here I have wasted a whole day of work
But I have tea, and I also flossed my teeth, and it is time to resume this thread. If you are here, you know why.
transphobia, uspol, returning to tech in a sec
Before we go any further, earlier I mentioned the US House of Representatives, and here I am giving a MASSIVE content warning for transphobia
But @evangreer is the coolest fucking person for standing up to Rep. Mace at the Project Libery summit https://www.fightforthefuture.org/news/2024-11-21-transgender-digital-rights-activist-confronts-hate-monger-rep-nancy-mace-at-internet-summit/
What I am trying to say is I don't have many heroes but @evangreer is absolutely a heroine of mine
You should donate to @fight they are some of the only people doing sensible advocacy against terrible internet laws
Also fuck TERFs
But anyway
Also you have reached it: the third secret egg
You have now collected the egg triforce and can defeat Gender Ganon
If you want to
The power was in you all along
But let's continue.
It's time, we have reached the second to last section: "Preparing for the organization as a future adversary."
I love this one because I love that phrase, and the best part is that the Bluesky team came up with it, "the organization is a future adversary". It's genuinely good and self reflective
Occasionally an org creates a phrase like this, and back in the day Google had "Don't be evil"
And yeah, people criticize Google for never having been sincere but it gave an opportunity for people inside and outside the organization to critique Google on its own stated values. That was good.
It was *at least* good insofar as the moment Google retired the phrase as never really meaning anything anyway, as evil as Google may have been before, Google got *noticably* worse.
To Bluesky people internally: keep that phrase going as long as you can, and use it reflectively.
As opposed to Google's "Don't be evil", a commandment for the everpresent, "the organization is a future adversary" acknowledges the realities of the future, that it is uncertain, and in fact, that power-dynamics-wise, there will be pressure to make things worse.
Making design decisions in the present which guard against the future is one of the most important things we can do. It is one of the most important reasons to choose FOSS licenses, for instance, which provide an exit plan and also counterbalance against temptation to enshittify a project.
To this end, Bluesky's goals of "credible exit" are actually very important. It creates a similar pressure for the organization itself to stay true as long as it can, even acknowledging the organization as a future adversary, and actually preparing for it.
I am pro-Bluesky-credible-exit.
And there *will* be a lot of pressure: Bluesky has taken VC money as investments; the pattern of such is that early on, things are very good and flexible, and after some time, the investors start placing pressure to enshittify.
I have seen good peoples' orgs clawed from their hands. It happens.
This happens despite the very best people with the very best intentions. Talk to early Twitter co-founders and they will tell you the org that things became was not the org that they envisioned.
A future adversary indeed. So we should plan for it today.
Before we continue further, I have done about every job imaginable in a FOSS project/organization. Fundraising, by far, is the worst, and the most stressful.
It's incredibly hard to raise anything to do anything. I think that's worth acknowledging.
The structure of an organization does matter. There's a reason that @spritely is a 501(c)(3) in the US. Any money we take in is a donation: we aren't "delivering on an investment" (though we must deliver on *results*)
Bluesky is a Public Benefit Corporation, also interesting
A Public Benefit Corporation has a mission for the public good, but can take investments in the way a nonprofit cannot. This also means it can move much faster. Given the influx of users to Bluesky, taking investments this way may have been the only load handling route available this fast.
Again, this is all tuned to "What is Bluesky trying to build?"
Bluesky might not be a good "decentralized Twitter replacement", but it is a good "Twitter replacement" with the possibility of "credible exit"
That Bluesky is providing needs for many users who are looking for refuge from a white supremacist site *today* is something to pause and acknowledge the difficulty and scope of doing so quickly and in the moment. I'm glad Bluesky is here at this stressful geopolitical moment in history.
There will be a lot of pressure soon from investors: run ads, make premium accounts that do not actually make sense in a decentralized way, so on and so on.
In this way, "credible exit" is the most important thing for Bluesky the organization and its community to push on *today*
What I will *not* accept is the goalposts being moved on decentralization and federation. Bluesky is neither decentralized nor federated.
If Bluesky wants to become so, it has an enormous amount of work to do, particularly in terms of architectural design.
Blogs are decentralized, Google is not.
Bluesky will face every pressure to be enshittified. Bluesky has even, correctly, acknowledged this. It is up to Bluesky and its community to rise to the challenge of "credible exit" knowing that this is a likely, perhaps inevitable, risk.
The org is indeed a future adversary. So what now?
And here it is. We have reached the final part.
I am not even going to take a tea break. I am not even going to go to the bathroom. I kinda have to, but we are powering through.
We have reached the conclusion of this megathread, and "summary" of an equally long article.
I laid out definitions of "decentralization" and "federation", and Bluesky meets neither, without major rearchitecting or moving the goalposts on those terms, which I cannot accept.
However, "credible exit" is a good goal for Bluesky. Bluesky created that term and it's a good and feasible goal.
I laid out a strong critique, but let me end on a call to empathy.
Bluesky is built by good people, and the fediverse is built by good people. Neither reflect the designs I presently would like to see today, but ultimately these are built by humans trying their absolute hardest.
The infrastructure we build reflects our social dynamics, and our social dynamics are made possible by our infrastructure.
This thread has been long, and I have said everything I have to say. Thanks for listening. I hope we can build a good future for each other. ๐
@cwebber It's taking away from mastodon for no good reason.
It's also taking away the opportunity to run more nostr relays and form a twitter like bubble on nostr instead of supporting an unnecessary project like bluesky - which many have written about.
We dont need centralization like bluesky is offering. We can do better now
If there was no mastodon and no nostr, then maybe yes, but it's not 2006 anymore, so today, a replacement for twitter would not look like bluesky. Today twitter would look much more like nostr, maybe mastodon.
Recommending bluesky in any way in this day and age doesn't sound really serious tbh.
Why give them soooooo much space?
Why talk soooo much about bluesky?
Did they pay you for it?
I havent seen you do this for other platforms, especially when mastodon and even nostr exist that are way more decentralized. It seems kinda weird and unexpected ๐คท
Extremely true and even the folks who are really popular have a hard time.
What about all the rest?
If one compares that to the enterprise world or banks, paying hundreds of thousands and millions of employees all the time and getting loans approved as it was an infinite money printer is quite mad.
As if all these companies with their employees do more useful stuff than open source folks.
Capitalists print money as if there is no money, but not for open source :/ ...sucks!
i mean, yes and no.
to me, decentralization matters in terms of who can control something.
Bluesky is absolutely centralized and they can do anything they qant any moment.
Bitcoin is probabpy one of the most decentralized systems, where even if people commit upgrades, as you mentioned it takes forever and maybe never to adopt changes.
I think this is good, because if somebody commits to bitcion, they commit to how it works and dont want the fed to change it from underneath them
didnt know i was muted ๐
but do as you please - its a free fediverse ๐
Ethereum for example routinely gets arbitrary updates nobody could have predicted a year earlier and is mainly run by the experts and i would classify it as a security as a consequence.
Nostr or any system that wants to be decentralized and peer to peer needs to me extemely minimal but permissionlessly extensible.
this is hard.
nodejs did a good job with commonjs and ecosystem growth was the consequence
@WhyNotZoidberg@topspicy.social it is far from clear that there will be no ads, in fact I would bet there will be. One of the people on the Bluesky team even said in 2023 that it is likely because a service like this is difficult to monetize (Twitter is really proof of that, even despite serving ads the site always struggled to turn a profit). There are plenty of feed algorithms on Bluesky, in fact they have suggested they want to turn that into a marketplace too so that is simply a misunderstanding probably coming from people who think it is the same as Mastodon in that way despite not being like it at all, too.
@serapath@mastodon.gamedev.place @cwebber@social.coop
@vetehinen @WhyNotZoidberg @cwebber
yes for sure.
i am literally surprised, but everyone supporting and promoting bluesky kinda reveals that they either dont care and just go with the hype because maybe they benefit from that - maybe they are paid dev rel or another kind of affiliation, or... they literally dont have a clue and just fall for marketing, in both cases, ppl should seriously consider if they want to listen to those ppl opinion in the future. ๐คทโโ๏ธ
its just a question.
i have rarely seen such long statements and i just wonder ๐
i am not disagreeing with what she said, but it is long and way too polite imho.
apart from that, the connection i can see is spritely cofounded by randy farmer, friend of chip morningstar and mark miller and ocap being used in agoric, which is chip morning star and mark miller... built on top of cosmos, which is web3.
Bluesky is web3 as well as stated by the CEO of bluesky, thus - same
I agree with nostr stakeholders that it is not decentralized. Its a spectrum imho.
With ...let's say eh.. facebook/X/...? on one hand - no decentralization whatsoever.
Then maybe bluesky, centralized but with some "decentralization paint" sprinkled on top.
Then maybe mastodon, which is fediverse and has mastodon social which is large and then lots of instance operators ...its the fediverse. Like email. It actually uses email to signup.
And then you nostr
And then p2p
I consider mastodon and nostr both more decentralied than bluesky. Imho fediverse/mastodon is the minimum to call it "decentralized", but i entirely agree that nostr is way more decentralized than mastodon, but also nostr is not yet the end of the spectrum :-)
I'd bet on the pear runtime if you really wanna get to the end of the spectrum.
Maybe nostr will adopt some of the pear runtime tech, which is the hyper stack, which is essentially dat ๐
@cwebber I just saw this one comment, and then... clicked it and started scrolling up. Woo, time to read.
hi @cwebber, a few quick things from reading.... i like that you have worked on content-based addressing. one of the things that i like to talk about is an adapted ipfs system (with likely an addon for firefox browsers) for fediverse, that would allow individual users to host media (images and videos) in the posts that they've liked or shared, and to host posts that contain hashtags that they've used, i never really thought of simply hosting the entire post but when u say it, it makes perfect sense.
of course there are privacy risks involved with hosting content that you like, and so i suggest including some sort of i2p api in the addon/apps for this purpose. doing so would have the added benefit of increasing traffic and participation in i2p, which will be good for everyone's privacy into the future.
Re your points about search engines, yes, you are right to question DuckDuckGo which appears to be a Microsoft served system, for the benefit of your readers i'd recommend adding qwant (FR), mojeek (GB) and yandex (RU) to your post. Heaps already know about them so there's no point trying to hide them. Your point about there not being enough search engines, AND internet archives for that matter, would still be valid.
@cwebber fuck bluesky. More algorithm, more corporate bullshit. Stop trying to normalize it.
@ShredderFeeder @cwebber hi Democracy Dies, i'm glad u identify "corporate" actors as malevolent.... but a couple things
did u know that the fediverse instance that ur on is cloudflare? if ur against, as u say, "corporate bullshit" i'd highly recommend finding a server that is not mitm (man-in-the-middle) attacking the internet while saying theyre "building a better internet".
one more thing, read the article before you speak on it.... i think u'll like it and learn a couple things from it.
finally control ur poison, bluesky will die with the rest of the centralized stuff but yes, at what cost is a valid question and Christine even considers that cost, early in the piece with a few possible concerns that will be left in the minds of people affected by the eventual demise of bloo-sigh
TRY READING IT so u can more effective defence against it, next i'd recommend a firewall to warn you when ur pc tries to connect to cloudflare. There are also addons u can use in a browser such as (BCMA) Block Couldflare MITM Attack.
ur welcome
@cwebber this doesnโt answer if federation is a good thing. Science is yet to discover
@shlee @cwebber that like asking whether democracy is a good thing.... its a fine question to ask but i think when we place power in the hands of as many people as possible the result tends to be good.
of course when we talk about democracy we need to question whether what many call "democracy" is actually democracy, eg, paid lobbyists, pay for play, the revolving door, rent seeking and corporate capture, ability for a small group of bankers to print money, cosolidation of media etc. But essentially, all cultures seem to settle on some sort of democratic/federated/divided power structure of some kind, when outside influences are not meddling.
and yes.... the bank of england ALONE under sir #montaguNorman lent germany hundreds of millions (in 1930s money) for germany to have an "economic miracle", which just so happened to use slave labor that made a lot of corporations and western backers including the #bushCrimeFamily and some royal families, very rich. (i didn't say biden did i? oh no i did sy bush *cough* ukraine)
so the ability for a small group to pool resources and overwhelm nodes in a federated system is its own problem.... but on the whole i'd say "federated", and distributed power is a good, it just requires perennial, if not constant, vigilance.
that was weirdly long, just had to say it, sory lol
@cwebber same energy with open ai claiming ai to be open source but.. the source is not available!
Hey, Christine.
Did you consider that it's in Brian's and Bluesky's interest to position the difference between ActivityPub and AT Proto as one of technology and not of governance?
And to get the editor of AP to do it?
Also, did you think about getting your hands dirty with a proprietary protocol that has no patent or other licensing grants?
I intentionally have not done either of these things. I think Brian encouraged you to do this for his and Bluesky's own benefit.
@cwebber omg, I skipped all the way to the end and OBVIOUSLY you look at this situation from every conceivable angle, including governance, because it wouldn't be a Christine Lemmer-Webber post without it.
I appreciate the depth of analysis. I do still think that Bluesky should make a donation to Spritely if @bnewbold asked you to make a 25-page report, though.
@cwebber I also don't share your optimism about cross-pollination. There's a reason that W3C specifications have to only have normative dependencies on specs from recognized standards bodies. Too many minefields unless you have a clear license.
I'm glad that @bnewbold is in the SocialCG and I hope we can find some opportunities to publish reports with some or all parts of the AT Proto stack.
@evan I am glad you liked it after reading the whole thing :)
I absolutely would not turn down a donation from Bluesky to Spritely should they want to ;P but also @bnewbold welcomed and said he would be "honored" to see me write something, but absolutely did not ask me to write a 25 page document, that's just me lol
But there was too much to cover, and I felt I really could not do the issue justice without covering it from every important angle, so I did. Glad it was well received. <3
@Neotheta @cwebber is this actually true, is open ai, not actually even opensource-(washed) ai???
it wouldnt surprise me, i find the creator of the tech white collar criminals and fraudsters already, and i've never used LLMs because they are all bigtech served, fwict, but i don't mind the idea of someone training up their own system for their own personal needs.
i realize this is me asking for a negative proof but i just need to see a 2nd opinion on this.
@smallcircles @helge @cwebber i had a looksy at that and the webassembly part for one of the technologies was the only turn-off i could see at a glance.
i realize that the addon system for browsers is tivo-isation by #mozilla (terrible) and that addons aren't harnessing an efficient language/codebase and addons might not be able to do everything in a browser. but by the same token, i dont believe we ought to EXPECT everything to be able to be done in a broser.
@smallcircles @helge @cwebber maybe 10 years after google is smashed into 30 medium size businesses, and doesnt dictate development of a host of stuff, AND after i can verify the code running in the browser is foss, i will allow #webassembly to run on my system. :)
@serapath @DavidBruchmann @cwebber regarding human nature: the reason the blog and posts are so polite is cuz 1:this is a public place and 2:she knows someone who works at bluesky will read it.
I've worked on stuff in which I -know for a fact- I could dismember through direct analysis, but that usually leads to personal grudges and bad vibes if not explained properly and politely and maybe adding a bit of infantile sugar (no really, that's a good intention, you did great there! But)
Humans yknow
@Nawer_Rapter @DavidBruchmann @cwebber i also know somebody who works at bluesky personally.
i am a bit disappoimted they do, but then again, its a good career opportunity and pays well, so i cant blame them.
but then again, they should know better.
goving clear advice to followers thougj feels more important, because those working in and on bluesky dont need adoptjon. they get paid anyway and they will find new jobs as well.
i think the bigger problem are the web3 investors who might watch
@jaycalixto @cwebber which means it needs CLEAR and LOUD statements by those who understand imho.
why let ppl sleep walk into another decentralization theater scam?
@serapath @cwebber Why not give them space? Bluesky is the best social networking site currently for most people. Why are you even thinking that sheโs got paid for it?! I use bluesky and itโs a very well designed platform. Most people should use it instead of twitter. No platform on the fediverse that i know has a user-friendly design. For a large flux of users bluesky is best suited for them and its ok to talk about them!
lol.
why not go and stay on X or facebook then?
oh maybe because they are run by musk and zuck? ...twitter wasnt until it got bought and that can happen to bluesky as well. they will also add ads, they already announced. enshittification is guaranteed.
UI/UX on mastoson is great. tou say the vluesky one is better? thats really subjective. ...so kinda decentralization matters when it comes to FB and X ...but once it comes to nostr/blsky.. then its UX?
isnt that funny?
@ShredderFeeder @cwebber if interested in hiding ur ip, there is a fediverse server that federates over i2p and over the legacy internet, its pretty great i'll let you work that out if interested in anonymity/privacy
so u MAY be able to host others on your non-cf server with i2p access/federation, while u exist on another mystery server, but yeah each to their own wrt how they do things but yeah, unfortunately i can't communicate with cf because they do a lot of really nasty stuff. if i never converse with u again, keep going to the good. :)
bluesky can be bought.
mastodon cant, but federating with the big corporate backed ones and lobbying, maybe buying big instances allows big money to defederate with small instances, cutting off the vast majority of big instance users from the rest.
it is the same power gmail and other big ones have over small email providers.
they can filter/block you from talking to the users on big email providers, making is slightly inconvenient for those, but unusable for independents
no people dont know and have no opinion about mastodon. when i travel i always ask people i meet if they use social media to connect. most use messengers, but they also know twitter/X and some others, but most also have never heard of mastodon.
That is the main reason.
I tried bluesky and cant confirm the user experience to be better.
The main reason is in marketing and media support, thus reach. Mastodon and nostr struggle with thos brcause they are more decentralized
how about nostr?
how about the pear runtime?
how about dat ecosystem?
the runtime works now.
a p2p messenger like keet works now.
nostr works now.
to me that is way more inspiring than the more academic work of klepmann.
it is also unlikely the next decentralized social media will come from academia
you shpuld try keet messenger.
it has thousands of peers in rooms.
you coupd look at autobase.
its more building material to make it easy to define and design your CRDTs and related mechanisms for your app ๐
if you ever used nodejs, just use the pear runtime to get started.
`npx pear run pear://runtime`
and follow the tutorial ๐
IETF and all big standard bodies are the old way of doing things. its the wrong place to look
@smallcircles @cwebber all centralized tech has that.
I agree. Or rather something is missing.
Right now all the entities that are founded to serve the FOSS community are like arcane and distant temples and mystic shrines that we devs must make pilgrimage to and pray for the right support.
These temples need to come closer to people, come down to earth where they fly aloof, and built bridges too.
This bridgebuilding is part of 2 themes of social coding movement: #SustainableFOSS and #FSDL, Free Software Development lifecycle.
Klepmann is I feel aiming for internet-scale open standards adoption. With DAT, Solid, AS/AP, many other approaches, I see apps with app-specific ecosystems.
They are nowhere near the ambition level. Unsafe bets for technology decision makers (also FOSS ones).
I interacted with DAT for a bit years ago, giving feedback on lack of attention to non-technical matters and how I felt this put the project at extreme risk, with little chance for success. Same with Solid, AS/AP.
yeah.
affiliation.
viral marketing.
we need to do that p2p too.
sadly too littpe knowledge and attention seem to be channeled into that yet and i hope this changes in the future.
might be that something can be learned here when looking at bitcoin ๐
i'd prefer to burn down all those temples. fuck them tbh. we need to make it work grassroots.
the most recent impactful movement that was successfully torpedoed by microsoft was nodejs and npm growth.
the reason they were successful was money.
The nodejs ecosystem grew up and figured its not sustainable for them.
Every used open source repo must be part of supply chains automatically and receive funds to make it sustainable. Without, any movement will fail again imho
theblast word hasnt been spoken.
dat still survives and everyone learns.
it is easy to make a standard body or to create a foundation for funding or marketing.
The centralized answers are well known, but they have the inherent risk of degenerating the novel solution back to the status quo they tried to escape from.
Finding new decentralized answers on the organizational layer of the stack as well is a lot of work - not just research into the unknown, but implementing
@cwebber @jaycalixto @serapath This discounts the many people who did try, and found that Mastodon didnโt really offer what they wanted or needed. Itโs not that Mastodon seems hard; in a number of important ways it IS hard.
in whichbway is it hard?
you open any mastodon page, signup with email and password, follow people and read your feed. Thats what everyone knows already.
i find this confusing, but am curious
nostr is simpler than mastodon.
you visit a nostr client page or download an app and you can start immediately.
no need to fill out email or password or even confirm an email registration.
what is more problematic here?
every new app of course comes with new features as well, thats true for tiktok just as it is for nostr or mastodon.
i dont see any scaling issues for nostr that wouldnt exist for all other social networks as well
@serapath @smallcircles @cwebber
> Every used open source repo must be part of supply chains automatically and receive funds to make it sustainable.
Agreed. Better yet, or maybe this is part of what you meant, create the repo as part of an economic network that also provides for its own material and other needs.
@bhaugen @smallcircles @cwebber
I agree here as well.
Of course - i wanted to leave open how one might tackle the issue, but I do think that direction is the right direction.
The issue is probalby by starting it in this way, a lot more opinions are baked in, thus - what is the least opinionated way of approaching this? ๐
That is a tough one
@serapath @smallcircles @cwebber
I can think of two ways to approach software that wants to be part of, and supported by, an economic network:
1. find an economic network and create some software that the network will like and use,
or,
2. create an economic network at (roughly) the same time as creating the software.
We're trying both approaches and we'll see which (or both) works for us.
@bhaugen @smallcircles @cwebber
Of course, but what are all the modalities you might opt into. How exactly does the support look like?
That's more what i meant - of course, the choices (1.) and (2.) you mention seem obvious. If (1.) exists and you like it, join it. If not, you can only choose (2.) or waiting longer for somebody else to choose (2.)
Every such network was at some point started using option (2.) ...but what modalities would you choose when setting it up? what are the options?
What I find interesting is the analogy to Big Industryโข.
How is it that big industry can run the most intricate global just-in-time supply lines between ultra-complex factory complexes and their suppliers, and is able to profitably produce consistent output to consumers en masse.
And a collab between 2 foss projects, totaling 4 people, is most likely to end in a catfight drama playing out online. And maybe, if lucky, forks. ๐
How are we supposed to topple hypercapitalism?
@serapath
> Every such network was at some point started using option (2.) ...but what modalities would you choose when setting it up? what are the options?
Don't know yet. With luck, I may find out.
This discussion is very interesting. Unfortunately it is lost in fleety, threadrotting in fedi timeline history tomorrow.
To the general vision, I'd say let's make it happen.. gradually and sustainably ๐
I have ideas..
https://discuss.coding.social/t/proposal-start-a-fellowship-to-explore-the-social-web/571
And there is action already:
https://discuss.coding.social/t/wiki-vision-for-a-fedi-specification/563
Hop on, and join the fun, you are invited. ๐
It's not entirely true though.
Open source is everywhere and won already and it started with linux
How is it possible that linux as the biggest and most popular example is so stable and contains so many packages and contributors and maintainers?
How is it possible that the entire web runs on bundled npm packages and the deep node_modules folders behind that are again having so many contributors and maintainers?
Its obviously possible and happening, but no compensation
Open source is everywhere and won. Agreed. FOSS ate the world.
Open source maintainers however. Esp. the free software types.. poor folks. That includes me too, sadly.
If people earning decent sustainable income is a criterium, then FOSS has failed and is inherently unsustainable. Even more so because mosts the fruits of its near-slave labour (not talking hobbyists) are harvested by fat smiling corporate farmers, plucked, low-hanging fruit.
Protected by a license sticker.
@serapath @cwebber @jaycalixto I'll leave aside the whole picking a server thing, since I'm talking about people who have tried and bounced off Mastodon.
A big one is trying to find the people one wants to follow, if they're on a different server and you don't know which one. Searching, when what you're looking for is on another server. The whole attitude of 'just toughen up or fix it yourself' attitude given to black people who felt unsafe here (Blacksky is already a thriving thing).
yeah... too bad. mastoson folks should have recommended nostr instead ๐คทโโ๏ธ
@serapath @cwebber @jaycalixto And the whole attitude of scoldiness and superiority that gets served up here are mighty off-putting.
Bluesky has been much more serious about safety/preventing harassment issues, and the atmosphere there is a lot friendlier. It's pleasant to be there. Plus people aren't constantly talking about how Mastodon users have made a stupid choice.
And it's nice to not worry about the person running the server you're on suddenly needing or deciding to shut it down.
fair enough. yet another argument for nostr.
now having said that.
mastodon.social will probably not shut down, but what if in the future, despite it being very difficult, ppl actually trying to run their own blsky instances.
wouldnt it create the exact same problems you described?
@smallcircles @bhaugen @cwebber thx. i wont.
btw. i remember the huge effort you did put into dat to improve marketing for quite a while some long time ago.
thanks ๐
i know that dat was and is an interesting unconventional, some would say difficupt project ๐
in regard to your invitation.
i am ot a fan of fediverse. i am on mastodon because of the ppl and because it was ready at a time when alternatives where needed quickly.
now it is better and worse than bsky, depending on how you look
@smallcircles @bhaugen @cwebber
...all of them are worse than nostr, which isnt yet perfect and truly peer to peer, but it gets us a lot closer and further into that right direction.
fediverse is not needed.
also, i dont believe in that kind of forum of language/spec driven process.
the process you invited me to is the issue imho.
i am all for discussions like the ones we have here. they dont matter apart from inspiring some thoughts and what then matters is what work gets done later
@smallcircles @bhaugen @cwebber
code is spec.
lets have AI and other smart parsers spit out what it means.
thats the only thing maintainable imho...
...and having english spec first and then implementation is just unnecessary overhead that creates additional barriers to entry
- replies
- 0
- announces
- 1
- likes
- 0
@bhaugen @smallcircles @serapath @cwebber
A third choice has ample precedent:
3. find several competing economic networks working on the same solution, convince them to cooperate, pool resources and share the burden. This was the motivation and support for X-Window, the backers backed BECAUSE they didn't trust each other!
Consider for example, municipal public Works tracking. No one community would have the resources, but together, internationally, all it needs is coordination ๐
@teledyn @bhaugen @smallcircles @cwebber
i think this is a grwat suggestion.
But the way you describe it sounds like:
1. networking, politics ans bureaucracy, so not the path of least resitance open to the masses.
2. wouldnt work for a codec or parser or sort algorithm or any of the myriads of little open source modules individuals couplld create
I do believe (3.) as you say IS the answer, but absolutely not in its current form. This has to become as easy as a pull request and merge
100% agree, but that means open source is in the best position to negotiate one can possibly be in. All we need to figure out is what or how do we want this situation to improve ๐
@serapath @bhaugen @smallcircles @cwebber
But that is what it was! X-Window didn't have Github etc, we used RCS then CVS. Another obvious model is Linux, but also blender, it is the direct participation by the economic community of users that really makes it work. Ffmpeg is another example.
@teledyn @bhaugen @smallcircles @cwebber
how does it pay the rent and groceries?
@serapath @bhaugen @smallcircles @cwebber
By USING it? Seems to me HP and Sun et al ate pretty good from xwindow software, it meant they could sell apps to their competitors' clients.
@teledyn @bhaugen @smallcircles @cwebber
If you click on "ALL TIME" when checking https://modulecounts.com you can see the largest open source ecosystem with the most contributors in the history of mankind was created between 2010 and today.
Nice that HP and Sun can live from it, but how about all the folks that committed pull requests?
What about all the people who committed to linux one way or another? How do they pay the rent and groceries?
Selling apps to competitors is lots of effort
@teledyn @bhaugen @smallcircles @cwebber
How do we make this work for anyone who contributes to open source? ๐
@serapath @bhaugen @smallcircles @cwebber
I don't really know what you want as your answer. I started in what we called freeware, later GPL through many versions, I have always worked on and with open source software, I did so for forty five years, raised six kids, wtf do you want?
I know it boggles your mind, but I USED that software to DO THINGS that made money. Like national portals, doc servers, putting internet into Chilean schools or powering art exhibits.
Use your imagination!
@teledyn @bhaugen @smallcircles @cwebber
this sounds like a lot of privilege to be honest.
getting jobs or getting contracted for that is a hell of a loy easier with the right background.
soke friends of mine from pakistan cant travel to many countries. They earn aprox. 3-5USD per hour if they are lucky.
We have billions on the planet and they all have a laptop and can create and contribute to open source.
What you propose does not scale.
The vast majority of open source folks are poor
@serapath @teledyn @bhaugen @cwebber
I also believe that. During my years facilitating SocialHub and years before, in Humane Tech Community I founded, I learned a lot of hard lessons on what "community" is good for, and what not.
Fostering community is NOT a good choice when scope is broad, audiences very diverse.
It waters down the cohesion between members, discussions going all directions. And it is too hard to provide incentives that lead to *intrinsic* motivation to actively participate.
@serapath @teledyn @bhaugen @cwebber
Not a good choice for volunteer-driven community that is. A paid stuff might uphold some marginally functioning community against the forces of nature. They are paid to afford the time and energy investment.
Grassroots ecosystems, e.g. fedi and foss cannot be "orchestrated" into doing something collectively and then maintain / evolve it too. No "herding of cats" here.
Instead social dynamics must be accounted for. Figure out what intrinsically motivates.
@serapath @teledyn @bhaugen @cwebber
So we need to think in "movements" here, imho. How do we get a mass to shift in the right direction? Well, by channeling it.
The biggest weakness in grassroots movement is also part of its strength. All these individuals following own nose, doing as they wish. They are like gas particles, moving all directions.
Ungovernable particles on their own. This lends resilience. Problem is, there is no directed force to punch with, and solve real problems together.
@serapath @teledyn @bhaugen @cwebber
To get the mass of particles to act in unison you need a charged electro-magnetic field to energize them. A rallying cry, a shared vision.
Still not enough. This only aligns noses to face the south pole of progress together.
Last thing we need is to learn to tweak the ripples and fluctuations in the force field between particles, such that they happily dance together in harmony and choreagraph into these beautiful self-adapting standing waves patterns.
@serapath @teledyn @bhaugen @cwebber
That is one analogy that appeals to me, at least. Another, better one, is seeking analogies with nature.
How does a grassroots movement organize itself?
Answer: Similar to how autonomous cells acting together form a living breathing organism.
Technically an event-driven architecture :)
Or: Like vast mycelium networks upon which mushrooms exchange nutrients to thrive and clone themselves.
P2P local-first state synchronisation? Semantic knowledge network?
@serapath @teledyn @bhaugen @cwebber
Analogies, good. Inspiration by nature and mimicry then..
- Only organic growth and evolution.
- Foster spontaneous emergence.
- Find natural growth paths on-the-fly.
- Every individual participant is free.
- Seek incentives to align and converge.
- Seek for intrinsic motivation to contibute.
- Heart, passion, dreams are fuel to ignite.
Very different than how the biz world operates. Traditional biz practices are no good match to model our governance.
@serapath @teledyn @bhaugen @cwebber
There are alternative technology adoption models that are better matches for what we need.
These inspired me to start social coding movement. I am working on a concept, that has all these characteristics, and can be both be a design model and organizational formula (adding an as yet missing layer at ecosystem level), that can be supported by apps, automated services & tools on the social web..
And can evolve that web subsequently.
@serapath @teledyn @bhaugen @cwebber
This concept I call "prosperity guilds" and is based on an overarching strategy of "leveraging the ecosystem" and charge the gas to have punching power :)
Main theme is "inherent (holistic) sustainability at any time, during the entire lifecycle of an initiative". That is the foundation to build on.
Sustainability so that e.g. FOSS projects don't shrivel as tiny mushrooms and die, but grow vast mycorrhiza networks with plenty fresh & independent offshoot.
@serapath @teledyn @bhaugen @cwebber
With a proper conceptual model, a good enough domain design for "commons-driven adaptive adhocracy" we can drill down to what protocols and architecture support best match.
Regardless of under-the-hood tech, I hope we enter an era of app-free computing, where services choreograph into dynamic social experiences tailored to satisfy needs and adaptive to the context of the social interactions that take place between people.
And thriving service ecosystems.
@serapath @cwebber If you think nostr is simpler ux than bluesky or even mastodon then i donโt think we need to continue this topic. That shows pure bias. I was talking about a social media platform which can be easily accessed by millions of people. They donโt want to search for instances and clients to create an account. Thatโs the first step where it fails as a mass social media platform. Thatโs why normal folks are fleeing to bluesky from x twitter. Itโs easier and better than x.
people learned all kinds of things.
1. how to buy bitcion
2. how to use email
3. how to use windows
honestly - ppl arent as incapaboe as you make believe. There is nothing inherently that makes nostr complicated.
Usernames dont look like clear names or emails and you dont need email/password to log in or sign up, which makes it less steps, but teaches about keypairs, which is very important in this day and upcoming age.
People who arent retired yet cant afford to not know
@serapath @cwebber The only reason i replied to you was that you asked if webber got paid for her comments on bluesky. I donโt know her personally but what she did was a positive criticism. She is an expert in this field and she did a great job at pointing out the pros and cons of each platform. Your comment was irresponsible.
you dont know her personally, but you defend her and bluesky. So are you being paid by bluesky then?
what could possibly motivate you - if, as you say, you dont even know her?
she is closely associated with web3.
1. through agoric and her working with them on ocap
2. through her co-founder randy farmer
Now as far as i know she isnt directly doing anything with web3, but ina broader sense, bluesky CEO is saying blsk as web3 as well, thus the ppl supporting it have overlap
@smallcircles @teledyn @bhaugen @cwebber
i disagree.
git is a good example and nom as well.
git the tool and npm the tool was enough to create enormous open source supply chains, a.k.a dependency trees
@smallcircles @teledyn @bhaugen @cwebber sounds interesting
git and npm might be what we need to take inspiration from, but imho to make this sustainable we need payments.
maybe bitcoin can help here and join in
npm growth shows nobody needs immediate payment, but if there is revenue, it needs to get distributed to everyone, which need some sort of programmable open source compatible "money" imho
not having it caused severe issues to sustaining the movement that existed in the past around npm
@smallcircles @teledyn @bhaugen @cwebber
i think it needs tonbe around work, but agree ๐
@smallcircles @teledyn @bhaugen @cwebber yes. traditional biz practices are not a match at all. agree.
i do think we need a tool like git for "github issues" to solve this.
basically taking inspiration from GANTT charts or PERT charts (kinda the same)
a command line tool, peer to peer, where peer add their payment address rather than email address to the confit and in sync with git commits or rather guiding the work and by version controlled recording it, allowing payments to dependency trees
@serapath @teledyn @bhaugen @cwebber
Sure. But I was more holistically referring to all the processes and people involved throughout the free software development lifecycle and within its larger environment, and how then deliverables come about. Then git is but one of many tools and practices in the supply chain that allowed for this robust organization structures to emerge.
@serapath @cwebber Man you have no idea really. Was there any other options other than email or windows at that time? Windows or email provided easy solutions thatโs why people learned it. Still it took some time. Thatโs not the case with your nostr. Thereโs plenty of social networking sites are there. If nostr was the first social media platform the may be people would have learned it. But thatโs not the case. There are already big communities with easier solutions. Be realistic.
there is already facebook, instagram, X-twitter, and mamy others
No need for bluesky
Bluesky is just a new project eating into real decentralized - which isnt surprising... thats what web3 is about in general, so yeah - but at least you can call them out
let them lure in those milliins of ppl via marketing. Whats more of a shame is ppl who do understans how blsky isnt decentralized, to support, defend and promote it
if its really just about UX foe the millions. => facebook
@serapath @cwebber i donโt personally like the algorithms of instagram, threads and facebook. But i like bluesky. I like their custom feeds. Nobodyโs against a well moderated, user-friendly, totally decentralised, scalable social networks. Itโs the dream. But we have to be realistic. Thatโs why we talk about bluesky because itโs better than most. Why are you so offended when hearing about bluesky? X are paying you that much?
Why?
Because they are scammers.
Nobody who uses Facebook or X-Twitter or any other of the web2 social networks believes they are decentralized and not controlled by the company that makes them. Zuckerberg is well known and so is Musk.
There are new social networks that try to offer alternatives to that cwntralized control.
Bluesky is not that, but it positions itself like that, thus it is a scam taking away from real solutions and misleading people.
many details I don't know and would take me long time to understand in detail.
The problem with collisions because of shortened hashes I know from another system too, it's indeed a bad idea and leads to problems.
Fun-fact is that different content can lead to the same hashes even in full length, when md5 is used. In general I'd assume that problem exists with sha256 or sha256d too, just with lower probability, but I'm not sure.
@DavidBruchmann A hash will always have collisions, because its output (the hash string) is much smaller than its input (binary data of effectively arbitrary size). If a hash function did not have collisions it would be a one-to-one function, and that would mean that the set of outputs would have to have the same size as the set of inputs (so they'd need to be the same number of bytes).
This is only a problem when it becomes computationally feasible to find a pair of inputs that collide (especially if you can take one given input and find a second input that collides). md5 is an example of a hash where weaknesses in the algorithm make it computationally feasible to find collisions (which it would not be if you had to guess at random). It's not my area of expertise, but I believe that no such attack is currently known for sha256 (certainly nothing remotely as effective as for md5).
@cwebber
@cwebber I'm so glad that you continue to enjoy that mug. And I'm also grateful that you do serve on open source program committees.
@baconandcoconut I love the mug and I use it all the time
ESPECIALLY when I have a mega amount of work to get done in which case I put in two teabags and power through
Can confirm (since apparently my job on this thread is corroborating Christine's tea habits)
@cwebber I'd like to hear more about AP follows the (Hewitt) Actor Model of Computation, if that's the one you mean. Just having message passing and an inbox and a thing called an "Actor" doesn't make the thing a unit of computation. Given the stated importance to AP, I don't see Hewitt's actor model mentioned in the spec or in any of the WG transcripts, so I'm curious what I'm missing.
@steve https://en.wikipedia.org/wiki/Actor_model#Fundamental_concepts fundamental concepts section on wikipedia summarizes well
@cwebber Thanks for the response. Both the original paper and Wikipedia state: "Everything is an actor". Not in AP. In response to messages, actors can create other actors and only modify their own *internal* state. Not specified in AP. Another difference is that AP actors can communicate to other actors without actor addresses (using "as:Public"). Interestingly, an "inbox" (or message queue) is not required in the Actor Model of Computation (see paper). Too many differences to list here...
@steve yeah I'm well aware that it's not a *pure* actor model system, I have implemented multiple of those
It's still more of an actor model system than most things and that's still one of AP's misunderstood strengths
And re: behavior in AP, it can modify its own internal state and you can implement AP using an actor model system that way, even if the spec doesn't specify "you must modify your own internal state"
@cwebber
Great technical analysis that perfectly captures how architecture embodies values. You're right - Mastodon attracts digital idealists willing to sacrifice convenience for independence, while Bluesky draws tech pragmatists seeking ethical alternatives that still work smoothly.
But I think there's a missing piece in this freedom debate. The civil rights movement showed that real transformation often comes through collective commitment - not just independence from authority (Mastodon) or convenient individual choice (Bluesky).
We don't yet have protocols designed for communities seeking freedom through shared purpose rather than from or to something. The technical architecture for that kind of collective action would look very different from both current approaches (not sure what it is).
Thanks for the detailed analysis but I am still waiting for the protocols or ways to use the fact that computers see us as large groups, but, currently, only to aggregate us to sell us stuff. In reality, the computers could give great insight into the power of common identity between groups. No oneโs using that.
@Weatherwax I actually strongly agree with that; our focus in Spritely is on "secure collaboration" and intentional cooperation for individuals and communities
unlikely unless you dont have any income for 5 years straight
i am not saying nostr is the best we can do, but it puts ppl in control. it finally makes them familiar with keypairs and how they dont have to choose one provider, but can choose many in parallel
These concepts are simple to use, but new
In the future there can be better networks than nostr or nostr evolves, but fediverse just architecturally doesnt go far enough ๐คทโโ๏ธ ..at least it is more decwntralized than bsky
@cwebber I've read the whole blog post now, and it is solid! sheds light, good framing, gets to the good stuff.
thank you / congrats!
planning to reply in longer form soon
