Hey devs! Heads up, we're planning on making some changes to our image CDN tomorrow.
- Images will be served as WebP by default
- The URL format you get from the Bluesky API will change a little
You can look forward to an announcement about image quality soon π
XRPC requests between atproto servers are authenticated using JWTs. There are some inconsistencies in how OAuth permissions, PDS proxy headers, and JWTs all represent the "audience" of these tokens.
This proposal gives background and describes a rough solution.
Looking for rapid feedback!
It has been so exciting to see @npmx.dev come together over the past month. We're proud to offer our support β this project is just getting started. Congrats on the launch!
atproto.com/blog/npmx-al...
this is huge! it's a big lift just to do the backfill indexing, but even more to get it operational and chase down all the little product affordances.
blacksky ships.
more here: dholms.leaflet.pub/3m6zswymcqk2p
& hopefully we can all stay in communion w each other π«
actually tho - PLC should strive for orthodox authority model of conciliar governance where the independent PLC association is the equivalent of the archbishop of constantinople (first among equals) rather than the catholic authority model of papal infallibility
PLC directories diverging because one decided to add a new curve type
call it the filiokey
there we go! congrats yall
today, we're announcing our β¬3,8M ($4.5M) seed financing round, led by byFounders with participation from Bain Capital Crypto, Antler, Thomas Dohmke (former CEO of GitHub), Avery Pennarun (CEO of Tailscale) among other incredible angels.
read more on what's next: blog.tangled.org/seed
how have I not thought of this
Some mixture of increasing cynicism/skepticism/burnout w the corporate internet, the basic social modalities having been figured out over the last 20 years, independent devs/small teams being enabled with AI & hopefully the right shape of a data network with a bunch of users already on it
And what makes this time different? Idk I do agree with Kuba. These things come in waves and I think/hope we (the whole atmosphere) are catching it at the right time and can ride it
I probs overstated a bit with βessentially no shotβ. But it does seem like the monopolies have really entrenched themselves in a way that predecessors didnβt. Like meta is a different beast from any prev social media company
still from nick kroll european sketch
how it feels to wrap up work a lil early & then eat a bowl of olives
NPMX JUMPSCARE π€
LIVE NOW on Bluesky Office Hours w @danielroe.dev + @patak.cat & @jimray.bsky.team + @alex.bsky.team
I'm building on atproto because I think that a single social network has essentially no shot of dethroning the current tech monopolies. But an open ecosystem of interoperating apps is so infinitely more interesting than legacy social that it seems almost inevitable it will win
ill snag it for ya
Good question. Current thinking is each bucket would be tagged with a βtypeβ similar to the βrealmβ from the blogpost. So many apps could access a bucket, but each bucket would be βmodality-specificβ. If only to make it so you could sensibly present it in oauth consent screens
in other words, the IAM like permission system would be an application semantic on top of a simpler protocol primitive rather than in the protocol itself
i'd like to carve "bucket authority" out as it's own role that defines the bucket ACL. PDSes would serve as bucket authorities in many cases but you could conceivably run arbitrarily complex bucket authorities. With group permissions like this under the hood & exposed in the application
that's fair, you're right the motivating usecase is social media, but in my mind atproto is ended for any type of structured data
still working through some of the ACL questions now so this is useful input
I finally understand why we added thread gates
i'm currently thinking that there won't be a notion of a reusable "group" of users. In social media, the role structures are usually pretty specific to each group context
do you have some motivating examples?
ah apologies for that!
my finger hovered over the post button knowing it was cringe but Easy on Me kicked in & I clicked
you can actually hit play on spotify's "This Is Adele" playlist at any time. it's a free country
only passingly
I did do some research into SOLID ahead of working on the design here & I think it falls into most of the same trappings of "attempt 2" in my recent blog post
i will say this, i'm inclined to keep buckets _as simple as possible_. no tiered permissioning, just one boundary that is both the access & sync boundary. if you need richer authz semantics then: multiple buckets or layering on application semantics (similar to threadgates/blocks on the public side)
all good questions! & very much on our mind as well
unfortunately i think they'll have to wait til the next post π
HMAC would probably be pairwise between PDS <> Syncer not shared for the entire bucket
