bryan newbold

@bnewbold.net

5604

Followers

847

Following

3196

Posts

dweb, cycling, snow, big cities, wiki. I like speculating about found objects.
protocol engineer @bsky.app. formerly archive.org
elsewhere: bnewbold.net / @[email protected]

Posts Replies Media

gotta monetize the ATmosphere, gotta become

The Air Seller - Wikipediaen.wikipedia.org

Reply to

Theo in Arlington

this paper is a good intro and has a big fancy diagram arxiv.org/pdf/2402.032...

arxiv.org

Reply to

James Munns

sure! you could even use the "hidden" hashtags (not in the text of post) if you had a custom client. you could have variant feeds per tag: trending, top, latest hashtag search could even get you most of the way there?

Reply to

James Munns

some others that play with sorting are "Catch Up" (top likes in part 24hr), "My Bangers" (your top liked posts), and the pin feed (can't remember what it is called)

Reply to

str4d

we have an extra rotation key injected for all the accounts we host, as an offline backup. in case of catastrophic PDS data loss or compromise. we'd consider this a good practice for most PDS hosts!

if you want higher priority than bsky, should put any personal or other-arrangement keys ahead of both of those

@skywatch.bsky.social lol had not noticed the banner image until just now

finally on the choo choo to Vancouver for #IETF120 and @ournetworks.ca!

Reply to

Tony Wong

you are mostly correct in that we juggle a bunch of roles, but moderation is an exception and there is a dedicated team that does just that

Reply to

mary🐇

lol I kind of feel the same way. trying to find time to put together cookbook examples in a couple different programming languages and fearing it is going to be dependency hell

Reposted by

bryan newbold

Out of curiosity I created "Ratio" feed. Its content will not shock you. bsky.app/profile/did:...

Ratio

Feed by @Comfortably Numb

Reply to

str4d

that seems workable! don't *love* putting cyphertext in public repos, but could be a pragmatic thing for now. similar to git. we are working on personal state, to generalize and replace current prefs API, and that would be another place to persist possibly-encrypted app state

just at a bare minimum of all this would be really cool to see PLC ops, key management, and signing implemented independently in another programming language!!

Reply to

mary🐇

yeah, it's the whole blobchilada

Data Model | AT Protocolatproto.com Consistent data encoding for records and messages.

Reply to

Prestidigitator John 🇵🇸🇺🇦

Bluesky still hosts most accounts, but there are hundreds of federated PDS instances in the network already. if there were 100 servers each with 1% of the network it would feel and operate the same as today

we aren't doing the same thing as fedi in that we (mostly) don't tie moderation policy to hosting. we unbundled that in to the labeler / mod service concept. this architecture has different power dynamics and will likely have different social/community outcomes (good and bad)

Reposted by

bryan newbold

Successfully created a post with a token obtained by OAuth from self-hosted PDS account. #atproto #oauth gist.github.com/sugyan/be6ba...

Hello, world! from OAuth client

oauth-post.tsgist.github.com GitHub Gist: instantly share code, notes, and snippets.

Reposted by

bryan newbold

Sunflower sunset, at Nova Lux.

Reply to

Kuba Suder 🇵🇱🇺🇦

yeah, in the case of a deletion the expectation is that it is "permanent-ish" and downstream services will wipe. "undeleting" is basically the same as creating a new account and importing all the old account, which is computationally intensive for downstream services, but possible

you'd probably get a "too big" commit on the firehose, and need to do an out-of-band thing to fetch the entire repo CAR file and process all the records. could be millions! many indices/services might just not bother

Reply to

Adam Nelson

makes sense! it is a bit of a soup of acronyms and encodings-wrapped-in-encodings (CIDs, CAR, etc) there are parts where complexity is warranted (eg, MST tree) and SDKs should help, but at least personally I want it feel fun and approachable to implement from scratch

Reply to

Adam Nelson

sorry you had that experience! the concatenated CBOR in stream frames is a big wart to me, would like to change that to make implementations easier. binary formats are to make authenticated/signed sync more robust. would you have used a Java atproto SDK if one had been available?

we are thinking of adding a JSON-over-WebSockets variant of the event stream to make it easier to work with for folks who are not trying to fully replicate repositories (and verify signatures, etc)

Reply to

Nick Gerakines

we've had some thoughts around that for a long time, haven't shipped it yet. robots.txt is a funky voluntary thing but that fuzziness has been fairly successful. we'd like to at least allow folks to opt-out of things like long-term archiving/preservation

the tension is that we want to strongly maintain the norm that public content is "manifestly public" and that every possible re-use doesn't require permission or negotiation. this is more like the web, and in contrast to the ActivityPub ecosystem, which has strongly leaned in the opt-in direction

which is a consistent and valid approach! there are many valid social use cases for both a public-broadcast-norm system and for a granular-visibility-norm system. it is pretty important to be clear about what the norm and expectations are though

Reply to

goeo_

for folks that *do* process identity events, they should be treated as a cache-purge notification, and they should re-resolve the identity. the identity event itself isn't trustworthy (unless you control the service which emitted the event) or authoritative

Reply to

bryan newbold

the same service could also keep track of known did:web identities and do periodic polling. having some centralization around such a service would help keep polling traffic low while also updating caches rapidly through a larger group of subscribers

Reply to

bryan newbold

we are loosely planning on adding some helpers to the PLC directory to make it easier to maintain a replica. not sure if that will be full-on certificate transparency, simple JSON websocket, or an atproto CBOR websocket stream (PLC is atproto adjacent but doesn't use "XRPC" currently)

another option would be a bridge service which polls PLC and outputs a repo stream with just '#identity' events, possibly after verifying the PLC op chain. or just have the Relay play this roll!