62 comments

[ 3.3 ms ] story [ 132 ms ] thread
Are there any examples of apps that bluesky's 13 million users can login to?
The best known ones right now are:

* Hacker News clone: https://frontpage.fyi/

* Events app: https://smokesignal.events/

* Blog platform: https://whtwnd.com/

There's toooons of alternative clients, but that's not the same thing as "independent application."

All these are hardcoded to serve centralized content from bluesky's backend indexer right? if bluesky the company goes down, there's nothing to see right?

If so, I think AT protocol needs to figure out how to make community hosted infrastructure easy, affordable, *and popular* before doing anything else, because it seems like it's just growing to serve Bluesky's app, and that's a flawed perspective of development for something like a general use decentralized social protocol.

I just feel like if bitcoin people weren't the norm on nostr, there wouldnt' be much of a case for bluesky. nostr pretty much opens up possibilities and is living currently in a proven and actively scaling decentralized ecosystem.

As someone who's currently on the brink of signing up to bluesky: what's the recommended way of picking a handle, then? Are there any downsides to going with a normal `@name.bsky.social` thing first and later switching if I feel there is a need? Or should I best use my own domain from the get go?
Nope, you can switch domains at any point. It'll break web links to your profile, but the network won't struggle to keep track of who you are.

The reason for this is that domain names are aliases. Your permanent ID is the DID, which the domain name maps to.

AFAIK currently the only supported DIDs are web DIDs and placeholders that the docs indicate are intended to be temporary until there's something better and more decentralised to replace them. Basedon that description, I'm not so sure about their permanence.

At least, that's what people have been saying, the docs don't seem to mention that (anymore?) so maybe the placeholders weren't really placeholders after all. The npm package still mention placeholders (https://www.npmjs.com/package/@atproto/plc?activeTab=readme) but the up to date Github uses "Public Ledger of Credentials" as a backronym (https://github.com/did-method-plc/did-method-plc).

Based on the docs it seems like a web DID is technically just as valid a permanent DID as a placeholder DID, though that depends on the server implementation of course.

It's truly up to you. Swapping to your domain won't affect anything, so you can do so whenever you'd like. I was known as steveklabnik.bsky.social for a couple of weeks before I changed it to steveklabnik.com.
I would seriously consider building my next startup using AT, but how does bluesky solve the problem of building your castle in another man's kingdom?

if I do something controversial or using regulatory arbitrage, I'm interested in how AT is useful for managing that risk.

> how does bluesky solve the problem of building your castle in another man's kingdom?

Bluesky (the platform) doesn't, and they acknowledge that. It's centrally owned, and is prone to all of the risks that any other centralized platform offers.

> if I do something controversial or using regulatory arbitrage, I'm interested in how AT is useful for managing that risk.

AT is completely decentralized, like email.

If your account is @motohagiography.example.com, other AT instances will make a DNS query to example.com to see if that has an entry that the AT protocol recognizes. If so, it will make a connection to that instance, and gather your content for display.

However, if a particular instance sees their a volume of unwanted accounts from example.com, they could blacklist that domain from interacting with their instance, so, even with this setup, you are at the mercy of the "big players" respecting you — just like if you try to send email to users using Gmail and Google decides you're suspect.

And, if you violate the laws of where you're located, law enforcement will handle that the same as they would if you violating the laws over HTTP or over email.

A useful mental model for AT is the web:

* Your PDS is like your own website.

* Bluesky is like a search engine.

* plc.directory is like DNS.

If you choose to have someone host your own web site, then it's up to them what happens to it. You're using their servers after all. If you have your own host, you get to decide what happens there.

Likewise, a search engine can say "hey, I don't like what's happening on that website, so I won't surface it in results," but they cannot shut your website down.

Now, the only twist here is that currently, atproto is kind of like if there was only one real DNS server, and it was also owned by your search engine. That is, BlueSky the company runs plc.directory. So in the maximal sense, "if you run your own server" is technically "and you only get an IP address, not a domain name," that is, if plc.directory decides to unlist you, then folks can't find your posts. There is an alternative to plc.directory, but basically nobody actually uses it at the moment.

Okay, so on a technical level, that's the rough explanation. On the social level:

Here's what they have to say: https://docs.bsky.app/docs/advanced-guides/atproto#speech-re...

> Atproto's model is that speech and reach should be two separate layers, built to work with each other. The “speech” layer should remain permissive, distributing authority and designed to ensure everyone has a voice. The “reach” layer lives on top, built for flexibility and designed to scale.

> The base layer of atproto (personal data repositories and federated networking) creates a common space for speech where everyone is free to participate, analogous to the Web where anyone can put up a website. The indexing services then enable reach by aggregating content from the network, analogous to a search engine.

On the PDSes that Bluesky hosts, they will remove illegal content, but nothing else. That's the "speech" part. However, they do moderate Bluesky itself, and there's a gradient there: they will remove some things, they will also tag some things, allowing users to decide if they want to see it or not.

As far as the "DNS problem," they've stated that they wish to move it into an external foundation, to build additional safeguards there. I personally believe them, because they have promised many things, including things that have reduced their own power and control over the network, many times, and then followed through. You can choose to believe them or not, or wait until it's the case before getting invovled.

> I personally believe them.

Only worrisome situation now is that they had some major funding and new people to the board who might not respect the core values. Bs userbase is expanding fast now days.

I agree that I don’t trust them as much as I trust the team, but they’ve been saying the right things too. Time will tell.

I somehow find myself in virtually the opposite position as many people: I am also very anti blockchain, but I think the investment makes a lot of sense and can see that it might be a great fit. Well just have to see.

After some insightful sharing from Bsky devs in some other threads on here I am definitely reconsidering it....especially around the usefulness of the domain-centric identity model. But I remain concerned about Bsky developing their features slowly in the open. Which leaves it lacking (if you're looking to hit the ground running with a full fledged social network, not repeat the years of growth from early twitter), and also open to weird loopholes like some ppl realized you could use an archive of tweets with some scripts from a dev on github and backdate posts into Bluesky. Meaning you could write wacky tweets like from Sept 11 2001 etc and they're all sitting there on the network like they 'happened' weirdly with comments from 2024. And one of the developers in the replies of one of the jokey posts alarmingly saying we need to fix this ... in March 2024 (not yet fixed, still being exploited).

As Doctorow writes, putting the energy into building up your contact list all over again is not appealing at all and so remain wary of this. Similar reasons not to go all in on Mastodon which wasn't it or any of the other centralized Twitter clones that popped up a year or two ago which have now started to shut down etc.

> and also open to weird loopholes like some ppl realized you could use an archive of tweets with some scripts from a dev on github and backdate posts into Bluesky. Meaning you could write wacky tweets like from Sept 11 2001 etc and they're all sitting there on the network like they 'happened' weirdly with comments from 2024

This sounds like a critical issue that should've been fixed as soon as possible.

of course. while I do appreciate the advantages it might offer for quick migration/onboarding...(how great to migrate your entire twitter history into place) to get a bunch of ppl onto the network, but it being abused to change history is a no-no. I'm all for open web/indie web/ability to move your data around but let's not pretend ppl were on Blue Sky for a decade. Sigh.
I don't want see how it's different than wordpress. I can change my own history. I guess it's about user expectations and media literacy, knowing who published the timestamp. With social media it's the platform time-stamping it, with self published media you have to decide if the source is trustworthy.
This is how the whole rest of the web works, though. I can backdate my self-hosted blog articles to whenever I want. Heck, I can even backdate my git commits to whenever I want.

There is a safety issue here in practice and I don't want to downplay it (it violates user expectations), but I don't think it's "obviously" bad.

I think the violation of user expectations is much more severe on a micro-blogging platform like Twitter or BlueSky than it would be on git commits and even website blog post because of how that information is consumed.
Yeah I think so too. The application should be giving best-effort witness times.
> not yet fixed, still being exploited

It is actually fixed. Tweets have been showing up with their "Indexed On" date instead of the actual authoring date. The thing that isn't implemented is showing both dates for tweets with separate dates.

(comment deleted)
'fixed' or being worked on..... Still not cool and just an example of the 'building in public' approach that rubs me the wrong way.
To me it sounds like it's fixed?
It's more of a temporary workaround iiuc, the real fix needs to happen in the UI. Posts have two timestamps, the "createdAt" timestamp which can be anything the author says it is, and the "indexedAt" timestamp, which is not an intrinsic property of the post but whenever the AppView server first saw it (which is relatively more trustworthy, but could be different across multiple AppView instances).

The proper fix, imho, is to have the UI display the "createdAt" timestamp but warn (perhaps with some kind of alert icon) when there's a significant mismatch between createdAt and indexedAt.

(An even more proper fix might involve a quorum of "witness" servers but that might be an exercise in scope creep)

Everybody's kind of got it. We didn't publish a lot the past couple days because we didn't want to highlight the situation during the election. Our fault for not solving it sooner.

Here's the full deal. Every record self-declares a createdAt which can't be fully trusted. Every appview records indexedAt which is == to "first seen at." We can always expect indexedAt to lag behind a "correct" createdAt, and in ideal conditions that lag is quite small.

The server was previously blending the internal indexedAt with the declared createdAt by returning the min(createdAt, indexedAt). Blending a trusted-but-lagging timestamp with the declared timestamp is a technique that works for sorting under specific conditions; if you're doing reverse-chron ordering you take the min of both, and if you're doing chron ordering you take the max.

We will continue to use the blended min() for ordering within reverse chron feeds, but the problem is that we've historically been sending that down to the client for rendering. We recently changed it to give the actual `indexedAt`, which is part of the full solution. Unfortunately in the weeks preceding that change, a bunch of tweet importers had gotten popular without us realizing it, and our change caused the imports to all show the import time instead of the create time. So, we reverted that for now.

The plan is what retroid describes -- we turn back on that change to the server behavior, and then if `createdAt < indexedAt - 24hr` or so, we indicate in the UI that it's likely an import from an archive. That's the full longterm solution. A quorum witness model is definitely overdoing it for now, but we have discussed creating exports of our index times so that new appviews can take advantage of them when doing backfill.

Yes it's a temporary workaround which fixes the problem. It deserves further works but thanks to the workaround, the problem isn't there anymore. Your point?
FWIW Retr0id is one of the big community bluesky/AT protocol developers and importantly the person who more or less figured this out (or at the very least brought it to the community's attention).

Point being that they were just clarifying the situation as they are probably one of the most informed people on the situation (with the other reply in this subthread being a first party bluesky dev and therefore one of the other SMEs on the topic).

Thanks for that context, I just assumed he was another "ChrisArchitect" like commenter who want to equate "there is still more work to do" with "the problem hasn't been mitigated and the solution is stuck in development hell".
> The proper fix, imho, is to have the UI display the "createdAt" timestamp but warn (perhaps with some kind of alert icon) when there's a significant mismatch between createdAt and indexedAt.

If the goal is to build something that normal people will understand, this is a failure.

I'm not proposing the literal words "createdAt" or "indexedAt" be used in the UI.
No, I mean, having two separate times for a post appearing at all.
How does this fix the above issue on a decentralized network?

What happens when a new index is created on another server?

I think this is an excellent summation of the state of thinking on the Twitter alternatives out there. Nevertheless, they make me profoundly disappointed.

Being inconvenienced by having to build up the contact list and therefore staying locked in with X seems to meet to fundamentally misunderstand, well, everything. All of the motivations for moving which are centered on seizing the benefits of federation for social media and preventing companies from locking in, to me those are at a different order of magnitude in terms of their importance.

It's like not accepting the cure to your cancer because it comes in a green pill and green isn't your favorite color.

All of that said I do accept and embrace the criticisms especially of blue sky because it does seem to have weird loopholes, seems to have a preference for centralization built into the protocol which kind of misses the point, and generally is contributing to the squandering of what could have been a grand fediverse moment, all due to some idiosyncratic squabbles over things like how to handle usernames.

It's more than just that inconvenience (which is not a small one) it's that Mastodon is just a bunch of silos by interest in the end. You lose so much of the network effect for discoverability, both inwards and outwards. We've gotten used to having access to a whole world of networks via one centralized thing. I like the algorithm (with finessing). I want the 'suggested' posts of interest. With a good selection of follows, some amazing content gets surfaced/sent your way. I totally get the need/desire to break free of the company lock in, but Mastodon repeatedly shows how it is not it. The silos. The defederation risks. The missing community/participation unless you're really into only certain niches etc (still 'waiting' for more of the community to migrate over from twitter, waiting for engagement to pick up etc...). Might as well be on forums for interests again, which I have that already (HN for example). Anyways, lots of gripes. The fragmentation of the social network space has killed huge chunks of its value and the boat sailed on the 'grand fediverse moment' because it isn't grand in the end. Twitter has been a slow death losing a bunch of its value (but not really all of it, still huge amount of major posting, news, current happenings on there), which in many spaces has caused a growth in other centralized things like Instagram and Tik Tok. But we're talking 'microblogging' and putting the effort in to a platform like Mastodon, or even Bluesky when it's still figuring things out that are well established elsewhere, it's a tough sell.
I agree that it's a bit early to go all-in, but my counterargument to the "enshittification" meme at the heart of this is that maybe we shouldn't get too hung up on having permanent solutions. Sure, sometimes services get worse over time. But if it's not bad now and doesn't look like it's getting worse, speculating that it might go bad is like being unwilling to go to a new restaurant because sometimes restaurants don't maintain their quality or suddenly go out of business. True, but so what?

Good things sometimes come to an end, but they're still worth doing while they're still good. Twitter had a good run before it went bad. The BlueSky party is just getting started. Sure, many things aren't done yet, but we don't know how it's going to turn out.

Ed Zitron has an interview with Mike Masnick (Techdirt, board member of Bluesky) on the latest ep of the Better Offline[0] podcast. Pretty interesting, though I wasn't entirely convinced that Bluesky will deliver the solution we need. But it's encouraging to see progress in the various efforts to wrest control of the web from big corporations. I'm a fediverse fan, myself.

[0] https://www.betteroffline.com

My concerns with Bluesky are less technical and more about the type of community it will have. Nearly all large internet communities have become partisan echo chambers. My concern with Bluesky is that at this point it seems to be mostly a refuge for leftist Twitter/X refugees.

I wish there was a major platform with diversity of thought. Echo chambers are terrible for thoughtful discussion. If anyone knows of a community where moderates or a relatively balanced mix of liberal and conservative thinkers hang out online I'd love to hear about it.

I haven't used bluesky, but can't you just go to different sites/forums for discussions with different people? This seems to me like complaining about a lack of oil painters on hackernews, when deviantart is just a few clicks away
Vigorous discussion between different viewpoints is completely different than multiple polar opposite echo chambers.

Take reddit for example, you have /r/politics that downvotes, deletes, and shadow bans all conservative voices out of existence, and /r/conservative that does the same thing for liberal voices.

I'd like a place where thoughtful discussion of all viewpoints, left, right, and center are not just tolerated, but encouraged.

You really can't find people with different views arguing on reddit? Seems like arguing is like 99% of the comments there. If you don't like /r/politics, there's alternative subreddits specifically built for political debate. Like r/changemyview
Interesting, thank you, I wasn't aware of /r/changemyview! From a cursory glance that looks pretty close to what I'm looking for.
No it's kind of all one global feed right now. There's different "curated" lists of users you can follow and "super clusters" of tight knit interest groups like "swifties" and "kpop" but basically they're still plugging in moderation so admin has had to ban accounts that were trolling the lefties, has left it with a bit of a monoculture IMO

It's technically ready to federate but there aren't any other services that make it easy to create an account: you can self host your identity which is good and then select your own moderation services to follow but as to "who's on bluesky" its a certain type of person.

>Right now, there aren’t a lot of other apps in the ATmopshere, but there are experiments happening. There’s a blogging tool called WhiteWind, a Reddit clone called frontpage.fyi, and an events app called Smoke Signal. More will follow, I’m sure.

The unfortunate thing about ATproto is that even tho there are these apps that are built on top of it. None of these app actually talk to each other. Bluesky the app has no idea what you're posting on WhiteWind and vice versa. This is the BIG advantage ActivityPub has over AT. A Mastodon account can follow accounts on any ActivityPub compatible server and they're able to talk to each other. You can follow a peertube channel or some AP enabled wordpress blog and it'll all be visible and intractable inside your Mastodon feed.

At the moment, ATproto to me, seems a lot more like a glorified oAuth system than anything else. It's a lot like using your google account to login on an app and then have your data stored in google drive (your PDS).

There's nothing substantively stopping that from happening, it's just that bluesky and the other app devs haven't used each others schemas to trigger it. For instance, if frontpage really wanted to, they could publish stories as bluesky-schema posts. It just doesn't produce a win yet. There's some discussion about introducing some schemas that would make that worth doing.
I think the fact that devs even have to think about using "each others schemas" is a pretty big flaw in the system. It would definitely make ATProto look a lot better if it had a standardized way for all of its app to talk to each other. You don't want devs to have to implement new schemas for each and every new app that pops up on AT just so they can communicate with each other.

Like, it would be pretty dang cool if you could follow a WhiteWind blog from your Bluesky account. Honestly I'm a bit confused as to why this isn't a priority for the Bsky team.

It's actually quite important that you can introduce new schemas!

It's entirely up to WhiteWind whether they use bluesky's follow schemas or not. There's no blocker on that. The only question they have to ask is whether that's how they want it to work.

Another option that's available for them/others is to read from the bluesky follows to provide suggestions, but then use another schema for subscriptions.

It’s just early days. This is a “hasn’t happened” and not a “can’t happen.”

I myself am thinking about serving my entire website out of my PDS. I’ll be blending several existing Lexicons together and probably making some of my own.

I think these possibilities are some of the strongest reasons to be intrigued by AT Protocol, but I also hear you that it’s more potential than actively realized as of today. It’ll get there!

>I think these possibilities are some of the strongest reasons to be intrigued by AT Protocol

Genuine question, considering you can already do what you're talking about with ActivityPub what makes you stick around on ATproto/Bsky?

Important context: long ago, my friends and I built a federated Twitter alternative based on ostatus, the predecessor to ActivityPub.

I believe the architectural model of ActivityPub is bad. I think the architectural model of atproto is good. Everything is downstream of that.

I don’t have time to elaborate at this exact moment, but figured I’d at least give you a preliminary answer.

> I believe the architectural model of ActivityPub is bad. I think the architectural model of atproto is good. Everything is downstream of that.

ActivityPub is a W3C standard which uses standard, “boring”, sometimes “complex” (JSON-LD) technologies.

The fact the AT protocol does things smarter doesn’t mean it should, or will, be used on the WWW. There’s a reason why we still use e-mail and JSON for interoperability, instead of smarter technology.

We should favor standards IMHO, even if they’re imperfect.

Anyway, I’m really curious about your analysis in your future comments!

Bluesky also uses W3C and other standard technologies, for example, DID, the most centralized part, is a W3C standard https://www.w3.org/TR/did-core/. Lexicons use JSON-schema. dag-cbor is another example, though not W3C. CAR is another example.

Being fit for purpose is more important than being "standard", if a standard doesn't do what it needs to do, that it's standard is irrelevant. Bluesky/atproto uses a ton of standard approaches where appropriate, and innovates where appropriate.

Standards are borne out of usage, and a need to interoperate. Being blessed by a standards body doesn't inherently mean something is good. I can represent some data in JSON, or in HTML, but because both are standards doesn't mean that they're equally good. Standardization is a means to an end, not an inherent good in and of itself. People need to try new things in order to eventually produce new standards.

> There’s a reason why we still use e-mail and JSON for interoperability, instead of smarter technology.

Ironically, JSON came out of one language, and didn't come from any standards body, like ActivityPub. It wasn't until ECMA-404 (2013) that JSON got a standard from one of the bodies.

It's a good example of technology that came from outside the typical standards, but was eventually adopted by a large portion of the ecosystem, and eventually became a standard. Just like HTML :)

That’s not a problem at all. These applications have different concepts and the overlap hasn’t been formally defined yet. Should they choose to do so, they can easily connect up. I think it’s great that different applications can exist on the same base layer and explore concepts independently from each other.
Wait, can we just use HTTP and DNS? I’ll register a domain name and put my HTML or CGI application on a “box” and we’ll all party like it’s 1999. What am I missing?
While I also believe the world would work just fine if we all just followed each other's RSS feeds, people want something more collective, where a thousand or a million people can interact with each other's content.

Centralized bulletin boards are one way, but no one wants to host and moderate a public website anymore, takes work. Web 2.0 was all about platforms taking the hosting and account management off your back so anyone can create a discussion group or simply post into the void without any technical know how

It's cool technology, and the feeling there is currently pretty good, but if it actually gets main stream popularity is there anything to stop the propagandists, rage baiters, and advertisers from just moving over? Open also means highly automatable, and not private.