I would like to give an update on "federation" on Bluesky
-
@erincandescent @ikuturso @mcc @jrose i think you could replace it with signed updates but in doing so, you've basically just wrapped around to needing a pki
@trwnh @erincandescent @ikuturso @jrose this raises an important question. Why the fuck are we not just using a pki to start with
-
@trwnh @lrhodes @mat @mcc @alter_kaker I thought
@user.domain.tldis just a way to point to@did:plc:blahblahblah, the same way we do with webfinger over here. Wouldn't this difference in the protocol make an impersonation attack more possible?@esoteric_programmer @lrhodes @mat @mcc @alter_kaker you are *supposed* to "convert" the user.domain.tld to did:plc:blah, but you can still construct references against user.domain.tld. but you're not supposed to. but every user-facing component only shows you the user.domain.tld instead of the did:plc:blah, so if you're just copying from your address bar, you are going to get the "wrong" identifier most likely.
it has the exact same properties as letting a dns name lapse and get reassigned.
-
@trwnh @erincandescent @ikuturso @jrose this raises an important question. Why the fuck are we not just using a pki to start with
@mcc @erincandescent @ikuturso @jrose uhhhh
"key management hard", basically
-
@erincandescent i think in order to solve this problem without centralization you do need a ledger ("blockchain"). That's simply the way to get a canonically agreed on ordering of events. I think there are some reasons to go with a data structure *other* than literal blockchain for your ledger. But if you create a canonically agreed on ordering of events (which as far as I'm concerned you need if you want to support key rotation/did changes) then more or less by definition you've made a ledger
-
@erincandescent @ikuturso @mcc @jrose isn't plc basically custodial keys?
-
@erincandescent I have an entirely workable proposal for how to achieve that in a distributed system, which the mastodon dot social post length is too small to contain
-
@esoteric_programmer @lrhodes @mat @mcc @alter_kaker you are *supposed* to "convert" the user.domain.tld to did:plc:blah, but you can still construct references against user.domain.tld. but you're not supposed to. but every user-facing component only shows you the user.domain.tld instead of the did:plc:blah, so if you're just copying from your address bar, you are going to get the "wrong" identifier most likely.
it has the exact same properties as letting a dns name lapse and get reassigned.
@trwnh @lrhodes @mat @mcc @alter_kaker This is offtopic in a way, but oho, I didn't have to look too deeply to find this:
https://github.com/qwell/bsky-exploits
nothing extremely serious, but could be used for fishing campaigns and the like pretty easily -
@erincandescent I have an entirely workable proposal for how to achieve that in a distributed system, which the mastodon dot social post length is too small to contain
@mcc @erincandescent we should sync up about that at some point, we've thought about it also and it'd be a shame to never turn it into a spec
-
@mcc @erincandescent we should sync up about that at some point, we've thought about it also and it'd be a shame to never turn it into a spec
@mcc @erincandescent the historical answer to why atproto isn't using traditional PKI, as far as we can tell, is that the authors were under the impression DID is a lot more useful than it is. just a guess on our part.
-
@erincandescent @ikuturso @mcc @jrose i think you could replace it with signed updates but in doing so, you've basically just wrapped around to needing a pki
@trwnh
No, the bittorrent DHT has methods to update content sent in the DHT with no need for a PKI: https://bittorrent.org/beps/bep_0049.html
@erincandescent @ikuturso @mcc @jrose -
@tylercook like, absurdly easy. Do you know Docker or any Docker-like system?
@mcc I do, yeah. So it's just one part of the stack. The complicated parts come later, eh?
-
@mat @eniko There is already such a Wordpress plugin that publishes to ActivityPub. I believe publishing a Wordpress or other blog as a PDS would be even easier than ActivityPub. All the ATP single-link APIs are very simple and almost even well documented. So the fact this sort of thing (PDS frontend to legacy data source like Wordpress) does not exist is I think a testament to the fact most people in a position to create such things take a look at, and cannot see the benefit of, ATProto interop
-
@mat @eniko There is already such a Wordpress plugin that publishes to ActivityPub. I believe publishing a Wordpress or other blog as a PDS would be even easier than ActivityPub. All the ATP single-link APIs are very simple and almost even well documented. So the fact this sort of thing (PDS frontend to legacy data source like Wordpress) does not exist is I think a testament to the fact most people in a position to create such things take a look at, and cannot see the benefit of, ATProto interop
@mat @eniko Another thing to note. Posts on ATProto are 300 characters. The entire system is set up to mark "schema invalid" and wholly censor any post which is more than 300 characters. So what you'd have to do is put a 270 character summary of your post, plus a link to your real wordpress, into the PDS. (It's not a schema violation to contain *extra* data, so you could include a "full-text" field in the post blob, but no system in existence could read it— not even yours, you'd be publish-only)
-
@mat @eniko Another thing to note. Posts on ATProto are 300 characters. The entire system is set up to mark "schema invalid" and wholly censor any post which is more than 300 characters. So what you'd have to do is put a 270 character summary of your post, plus a link to your real wordpress, into the PDS. (It's not a schema violation to contain *extra* data, so you could include a "full-text" field in the post blob, but no system in existence could read it— not even yours, you'd be publish-only)
@mat @eniko So at that point, barring building an entire alternate Bluesky-like system for reading longposts— a system which would be redundant when ActivityPub exists— you're not mirroring your WordPress on Bluesky, rather you're using Bluesky as a funny kind of RSS feed, posting a short announcement of each post there… at which point, isn't it easier to just link your WordPress to a *regular* bluesky account, and use the API to auto-post summary+announcements for new posts?
Am I making sense?
-
@gbargoud @mcc #Friendica/#Hubzilla has been on #ActivityPub for a long time, and it already speaks #ATProto. It's the go-to Fediverse software for multiple protocols - I used it to read Twitter before they closed their API, and you can also subscribe to RSS and interact with Diaspora.
I don't know the details on how their ATProto implementation works though.
@gunchleoc the Bluesky addon for Friendica is here [0], I haven't had time to check how it works... name suggests it would use the Bluesky PDS and I've seen issues about Bridgyfed on the issue tracker, so not sure whether that's what's used to post or not.
[0]: https://git.friendi.ca/friendica/friendica-addons/src/branch/2025.07-rc/bluesky
Do you have a link about Hubzilla? I haven't seen anything about ATProto compatibility
@gbargoud @mcc -
@erincandescent i think in order to solve this problem without centralization you do need a ledger ("blockchain"). That's simply the way to get a canonically agreed on ordering of events. I think there are some reasons to go with a data structure *other* than literal blockchain for your ledger. But if you create a canonically agreed on ordering of events (which as far as I'm concerned you need if you want to support key rotation/did changes) then more or less by definition you've made a ledger
@mcc @erincandescent I have a system that doesn't need blockchain. Instead it uses a "nocoin" (term I coined, pardon the pun) distributed notary system that doesn't have a ledger because there's no way to enumerate things that have been recorded, only to prove that a particular thing was seen by a notary at a particular time.
-
@mat @eniko "but where are replies to those posts coming from in this setup?"
Short version: "You can't get them"
Long version: Currently the only ways to get replies to a post published in your Bluesky PDS are
- Run a "relay". This means (this is not a joke) receiving from Bluesky PBC a copy of literally every post made in the network, and filtering for ones that @ you.
- Log in to bsky.app (or a clone like blacksky) with your PDS username and password, and look in the notifications tab.
-
@gunchleoc the Bluesky addon for Friendica is here [0], I haven't had time to check how it works... name suggests it would use the Bluesky PDS and I've seen issues about Bridgyfed on the issue tracker, so not sure whether that's what's used to post or not.
[0]: https://git.friendi.ca/friendica/friendica-addons/src/branch/2025.07-rc/bluesky
Do you have a link about Hubzilla? I haven't seen anything about ATProto compatibility
@gbargoud @mcc@silmathoron @gbargoud @mcc Might ne Friendica only, I was writing from imperfect memory.
-
@mat @eniko "but where are replies to those posts coming from in this setup?"
Short version: "You can't get them"
Long version: Currently the only ways to get replies to a post published in your Bluesky PDS are
- Run a "relay". This means (this is not a joke) receiving from Bluesky PBC a copy of literally every post made in the network, and filtering for ones that @ you.
- Log in to bsky.app (or a clone like blacksky) with your PDS username and password, and look in the notifications tab.
@mat @eniko Now, that last thing is possible, and even easy. But at that point it's really, super unclear *why* you would architect your Wordpress server to *be* a PDS, rather than running the regular PDS software on the same box, and having the Wordpress server post to it from time to time using the external API. It's extra work, but there's no obvious advantage and there's barely even a difference.
Ciao! Sembra che tu sia interessato a questa conversazione, ma non hai ancora un account.
Stanco di dover scorrere gli stessi post a ogni visita? Quando registri un account, tornerai sempre esattamente dove eri rimasto e potrai scegliere di essere avvisato delle nuove risposte (tramite email o notifica push). Potrai anche salvare segnalibri e votare i post per mostrare il tuo apprezzamento agli altri membri della comunità.
Con il tuo contributo, questo post potrebbe essere ancora migliore 💗
Registrati Accedi