Recent searches
Search options
in addition to this long-ass thread there is a long-ass article and if you care about things like "zooko's triangle" maybe read that version, the rest of y'all can move on we've got other stuff to cover here
It is time for TEA BREAK 2: THE REHEATENING
I will also go to the bathroom
TMI? If you've read this far into this weird thread I am already giving you too much info
=== TEA BREAK 2 ===
I have returned, with tea
I am still not reading notifications. Well, I have seen a few fly by on the fediverse which is blipping and blooping nonstop in the Mastodon UI so people are clearly reading it there
Bluesky says "30+". How big is the +?? I will resist temptation to look and assume "31"
"Where are we going with this Christine?"
Well you could have just read the blogpost but 3 more sections remain, we are approximately 2/3 there
I know, bear with me, what is left is:
- What should the fediverse do?
- Preparing for the organization as a future adversary
- Conclusions
Yes, I changed the order of the remaining sections, not from the blogpost but from the last time I said what was left on this thread
pray I do not reorder them again
Before we get into the next section, earlier I left an easter egg, which you could reply to and say "I found the easter egg" or something
Now you can put 2 eggs
I 2 was once an egg
(Look I specifically transitioned so I could never be accused of making dad jokes again so that does not qualify)
Alright you've heard enough critiques of Bluesky for a bit and I SAID I was gonna critique the fediverse and I am a WOMAN OF MY WORD
So let's get into it!
I have actually critiqued ActivityPub and the fediverse a lot! I have kind of never stopped critiquing it, ever since the spec was released. There's a lot that can be improved!
I have even gotten criticism from AT LEAST ONE ActivityPub spec author for critiquing AP-as-deployed but I do anyway
Actually something that is funny about ActivityPub is that there's "ActivityPub the spec", which I think is pretty solid for the most part, and "ActivityPub-as-deployed"
Many of the critiques I'm about to lay out we left holes in the spec for which I hoped would be filled with the right answers
One thing we have already discussed so, before I will say anything else, I will repeat: content addressing is really good, and I'd like to see it happen in ActivityPub, and it's *possible to do*, I even wrote a demo of it https://gitlab.com/spritely/golem/blob/master/README.org
Bluesky does the right thing here, AP should too
Content addressing is important. It should not matter where content "lives". It should be able to live anywhere.
A server should be able to go down, and content should survive.
Go content addressing!
Actually with this and several other things I am going to bring up, I actually made sure there was space to do things right: there was a push to make ActivityPub "https-only"
I pushed back on that, I didn't want that requirement, and it was exactly for this reason: enabling content addressing
This isn't the only time I left a critique of ActivityPub-as-Deployed as opposed to ActivityPub-as-it-could-be: see also OCapPub, which critiques the anti-abuse tools of AP as inadequate and leading to "the nation-state'ification of the fediverse" https://gitlab.com/spritely/ocappub/blob/master/README.org
Oh, and ocaps!!!
ActivityPub left giant holes in the spec around two things which sound the same but which are not the same: Authentication and Authorization
Trying to mix these two, you accidentally get ACLs, and then you get confused deputies and ambient authority, plagues of the security world
Anyway, if you know *anything* about me, you know I am a big fan of capability security (ocaps) and that's the foundation of our work over at @spritely
But we will come back to ocaps in a second because it turns out OCapPub is not the only time I proposed AP + ocaps!
The other time I wrote about ActivityPub + ocaps was in a proposal to, yes, Twitter's Bluesky process in 2020 with Jay Graber titled... "ActivityPub + OCaps"! https://gitlab.com/-/snippets/2535398
I think that document laid out all the right ideas for *the fediverse* (not saying bsky, the fediverse)
Now I want to be clear here that I *don't* think that proposal was necessarily the right one for Bluesky, and I *do* think Jay Graber *was* the right person to lead Bluesky
What I wanted to do required a lot more research, and we have done that over at @spritely instead
The reason I bring up the proposal here is that I think it has all the right analysis of *what the fediverse should do*, if it was going to rise to the challenge of fulfilling its true potential
So let me lay out what the things in that proposal were:
Here is your recipe for making the "Correct Fediverse IMO (TM)":
- Integrate ocaps, which is possible because actor model + ocaps compose
- Content addressed storage!
- Decentralized identity (notice the *y*, I did not say DIDs) on top of ~mutable CAS storage
- Petname system UX
(cotd...)
(cotd ...)
- Better anti-spam / anti-harassment using OCapPub ideas
- Improved privacy with E2EE ("encrypted p2p" even a better goal)
Whew! An improved fediverse?
"Uh, Christine, this sounds like a lot, do you think the fediverse can take this on?"
Spec-wise in ActivityPub, I think it's possible. The ecosystem, as deployed? I think the ecosystem can and will only do part of it, if we really get everyone excited, maybe the content addressed storage and decentralized identity parts, in which case the fediverse will also survive nodes going down
The ocap stuff, I tried getting fediverse implementers excited about this and tbh, it's pretty hard to design into a Ruby on Rails or Django style framework and mindset. Backporting the right designs to existing systems is a real challenge.
Especially ocaps need to go bottom-up.
For this reason, @spritely's tech looks like it's very focused on computer science'y low-level BS, but that's actually because it's *too hard to build the systems I want right now on top of current technology*, we need stronger foundations
But people have to build for today too
Let's leave the ocap stuff to the side for now, then. Let's focus on what Bluesky and the fediverse have to learn from each other.
- The fediverse should adopt content-addressed storage and decentralized identity
- Bluesky should adopt real, actual federation and decentralization
Of course, adapting an existing system as deployed isn't easy.
I will say though that I think if Bluesky were to become *actually decentralized* it would look a lot like ActivityPub in terms of having directed messaging. This will also introduce similar challenges around eg replies, etc.
To the end of the fediverse, perhaps I sound bitter, "they didn't adopt ActivityPub the way *I* saw it!"
The truth is that Mastodon didn't, but Mastodon also saved ActivityPub. It then painted a vision of the future that wasn't, at least, what Jessica Tallon and I expected of it. But it saved AP.
The fediverse and Bluesky, at great effort, could learn a lot from each other in the immediate term.
In the longer term, neither is implementing the ocap vision I think is critical for the big vision, and in a way, I think maybe neither can be easily rearchitected to achieve it. Well, not yet.
When I laid out the ideas of OCapPub to various fediverse developers, the response was "this sounds cool but I have *no idea* how to retrofit a Rails/Django app for this kind of actor-oriented design".
And they were right.
Remember when I said Conway's Law flows in both directions?
Conway's Law says that a technical architecture reflects the social structure under which it was built. But the reverse is also true. The social structures *we can have* are made possible by the affordances of the tools we have available.
"Tech problems/social problems": false dichotomy.
It's for that reason that @spritely, while aiming for a *socially collaborative* revolution, is first focusing on a *technical* revolution.
It's too hard to build massively, securely collaborative tools right now. With Spritely's tools, p2p ocap secure tech is the *default output*.
Remember when I said that IMO @jay.bsky.team is the right person to lead Bluesky and that I am sympathetic with many design decisions of Bluesky (even if critical of them for being non-decentralized)?
Bluesky is building what they can for a scale big objective. The tech flows from goals.
So too does the social structure flow from the tech. It does on Bluesky, and it does on the fediverse.
I won't elaborate further on this, I actually would like you to pause and think about it. In which ways are tech and social systems bidirectional, here and otherwise? It's important.
The vision laid out for the fediverse, both independently in my writings and even in Jay Graber and I's joint proposal... well, it's a big lift.
@spritely would like to see if we can retrofit our version onto ActivityPub. Time will tell if that's a separate thing.
And perhaps this is all my *massive* Cassandra complex speaking. I won't deny that I have one, for better or worse
Still, despite all I have said about both Bluesky and the fediverse technically, it is because I want a hopeful direction for all of us. Secure collaboration. More important than ever.
Let's take another tea break. (And another bathroom break. This teacup is massive.) We're getting close to done, I promise. Just two sections left, they're both much shorter.
Then I can finally brave reading my notifications.
Maybe.
== TEA BREAK THE THIRD: BEVERAGE TRIFORCE ==
Hello, I am back again. Did you miss me? I still am not reading notifications.
Help I started writing this summary at 11am and it is now 6pm here I have wasted a whole day of work
But I have tea, and I also flossed my teeth, and it is time to resume this thread. If you are here, you know why.
What I am trying to say is I don't have many heroes but @evangreer is absolutely a heroine of mine
You should donate to @fight they are some of the only people doing sensible advocacy against terrible internet laws
Also fuck TERFs
But anyway
Also you have reached it: the third secret egg
You have now collected the egg triforce and can defeat Gender Ganon
If you want to
The power was in you all along
But let's continue.
It's time, we have reached the second to last section: "Preparing for the organization as a future adversary."
I love this one because I love that phrase, and the best part is that the Bluesky team came up with it, "the organization is a future adversary". It's genuinely good and self reflective
Occasionally an org creates a phrase like this, and back in the day Google had "Don't be evil"
And yeah, people criticize Google for never having been sincere but it gave an opportunity for people inside and outside the organization to critique Google on its own stated values. That was good.
It was *at least* good insofar as the moment Google retired the phrase as never really meaning anything anyway, as evil as Google may have been before, Google got *noticably* worse.
To Bluesky people internally: keep that phrase going as long as you can, and use it reflectively.
As opposed to Google's "Don't be evil", a commandment for the everpresent, "the organization is a future adversary" acknowledges the realities of the future, that it is uncertain, and in fact, that power-dynamics-wise, there will be pressure to make things worse.
Making design decisions in the present which guard against the future is one of the most important things we can do. It is one of the most important reasons to choose FOSS licenses, for instance, which provide an exit plan and also counterbalance against temptation to enshittify a project.
To this end, Bluesky's goals of "credible exit" are actually very important. It creates a similar pressure for the organization itself to stay true as long as it can, even acknowledging the organization as a future adversary, and actually preparing for it.
I am pro-Bluesky-credible-exit.
And there *will* be a lot of pressure: Bluesky has taken VC money as investments; the pattern of such is that early on, things are very good and flexible, and after some time, the investors start placing pressure to enshittify.
I have seen good peoples' orgs clawed from their hands. It happens.
This happens despite the very best people with the very best intentions. Talk to early Twitter co-founders and they will tell you the org that things became was not the org that they envisioned.
A future adversary indeed. So we should plan for it today.
Before we continue further, I have done about every job imaginable in a FOSS project/organization. Fundraising, by far, is the worst, and the most stressful.
It's incredibly hard to raise anything to do anything. I think that's worth acknowledging.
The structure of an organization does matter. There's a reason that @spritely is a 501(c)(3) in the US. Any money we take in is a donation: we aren't "delivering on an investment" (though we must deliver on *results*)
Bluesky is a Public Benefit Corporation, also interesting
A Public Benefit Corporation has a mission for the public good, but can take investments in the way a nonprofit cannot. This also means it can move much faster. Given the influx of users to Bluesky, taking investments this way may have been the only load handling route available this fast.
Again, this is all tuned to "What is Bluesky trying to build?"
Bluesky might not be a good "decentralized Twitter replacement", but it is a good "Twitter replacement" with the possibility of "credible exit"
That Bluesky is providing needs for many users who are looking for refuge from a white supremacist site *today* is something to pause and acknowledge the difficulty and scope of doing so quickly and in the moment. I'm glad Bluesky is here at this stressful geopolitical moment in history.
There will be a lot of pressure soon from investors: run ads, make premium accounts that do not actually make sense in a decentralized way, so on and so on.
In this way, "credible exit" is the most important thing for Bluesky the organization and its community to push on *today*
What I will *not* accept is the goalposts being moved on decentralization and federation. Bluesky is neither decentralized nor federated.
If Bluesky wants to become so, it has an enormous amount of work to do, particularly in terms of architectural design.
Blogs are decentralized, Google is not.
Bluesky will face every pressure to be enshittified. Bluesky has even, correctly, acknowledged this. It is up to Bluesky and its community to rise to the challenge of "credible exit" knowing that this is a likely, perhaps inevitable, risk.
The org is indeed a future adversary. So what now?
And here it is. We have reached the final part.
I am not even going to take a tea break. I am not even going to go to the bathroom. I kinda have to, but we are powering through.
We have reached the conclusion of this megathread, and "summary" of an equally long article.
I laid out definitions of "decentralization" and "federation", and Bluesky meets neither, without major rearchitecting or moving the goalposts on those terms, which I cannot accept.
However, "credible exit" is a good goal for Bluesky. Bluesky created that term and it's a good and feasible goal.
I laid out a strong critique, but let me end on a call to empathy.
Bluesky is built by good people, and the fediverse is built by good people. Neither reflect the designs I presently would like to see today, but ultimately these are built by humans trying their absolute hardest.
The infrastructure we build reflects our social dynamics, and our social dynamics are made possible by our infrastructure.
This thread has been long, and I have said everything I have to say. Thanks for listening. I hope we can build a good future for each other. 
(
) Why give them soooooo much space?
Why talk soooo much about bluesky?
Did they pay you for it?
I havent seen you do this for other platforms, especially when mastodon and even nostr exist that are way more decentralized. It seems kinda weird and unexpected 
its just a question.
i have rarely seen such long statements and i just wonder 
i am not disagreeing with what she said, but it is long and way too polite imho.
apart from that, the connection i can see is spritely cofounded by randy farmer, friend of chip morningstar and mark miller and ocap being used in agoric, which is chip morning star and mark miller... built on top of cosmos, which is web3.
Bluesky is web3 as well as stated by the CEO of bluesky, thus - same
@serapath Interesting that you come at someone that actually knows the people, politics and technologies on both sides. Also, very interesting to put Mastodon and Nostr in the same sentence as vast majority of Nostr stakeholders would tell you that Mastodon is not in fact decentralised
I agree with nostr stakeholders that it is not decentralized. Its a spectrum imho.
With ...let's say eh.. facebook/X/...? on one hand - no decentralization whatsoever.
Then maybe bluesky, centralized but with some "decentralization paint" sprinkled on top.
Then maybe mastodon, which is fediverse and has mastodon social which is large and then lots of instance operators ...its the fediverse. Like email. It actually uses email to signup.
And then you nostr
And then p2p
I consider mastodon and nostr both more decentralied than bluesky. Imho fediverse/mastodon is the minimum to call it "decentralized", but i entirely agree that nostr is way more decentralized than mastodon, but also nostr is not yet the end of the spectrum :-)
I'd bet on the pear runtime if you really wanna get to the end of the spectrum.
Maybe nostr will adopt some of the pear runtime tech, which is the hyper stack, which is essentially dat 
@jaycalixto @cwebber which means it needs CLEAR and LOUD statements by those who understand imho.
why let ppl sleep walk into another decentralization theater scam?
no people dont know and have no opinion about mastodon. when i travel i always ask people i meet if they use social media to connect. most use messengers, but they also know twitter/X and some others, but most also have never heard of mastodon.
That is the main reason.
I tried bluesky and cant confirm the user experience to be better.
The main reason is in marketing and media support, thus reach. Mastodon and nostr struggle with thos brcause they are more decentralized
@cwebber @jaycalixto @serapath This discounts the many people who did try, and found that Mastodon didn’t really offer what they wanted or needed. It’s not that Mastodon seems hard; in a number of important ways it IS hard.
in whichbway is it hard?
you open any mastodon page, signup with email and password, follow people and read your feed. Thats what everyone knows already.
i find this confusing, but am curious
@serapath @cwebber @jaycalixto I'll leave aside the whole picking a server thing, since I'm talking about people who have tried and bounced off Mastodon.
A big one is trying to find the people one wants to follow, if they're on a different server and you don't know which one. Searching, when what you're looking for is on another server. The whole attitude of 'just toughen up or fix it yourself' attitude given to black people who felt unsafe here (Blacksky is already a thriving thing).
@serapath @cwebber Why not give them space? Bluesky is the best social networking site currently for most people. Why are you even thinking that she’s got paid for it?! I use bluesky and it’s a very well designed platform. Most people should use it instead of twitter. No platform on the fediverse that i know has a user-friendly design. For a large flux of users bluesky is best suited for them and its ok to talk about them!
lol.
why not go and stay on X or facebook then?
oh maybe because they are run by musk and zuck? ...twitter wasnt until it got bought and that can happen to bluesky as well. they will also add ads, they already announced. enshittification is guaranteed.
UI/UX on mastoson is great. tou say the vluesky one is better? thats really subjective. ...so kinda decentralization matters when it comes to FB and X ...but once it comes to nostr/blsky.. then its UX?
isnt that funny?
bluesky can be bought.
mastodon cant, but federating with the big corporate backed ones and lobbying, maybe buying big instances allows big money to defederate with small instances, cutting off the vast majority of big instance users from the rest.
it is the same power gmail and other big ones have over small email providers.
they can filter/block you from talking to the users on big email providers, making is slightly inconvenient for those, but unusable for independents
@cwebber beyond epic. Thanks for everything you do!
@cwebber People build infrastructure. For example, my grandfather helped build Rt 128 near Boston, MA as a civil engineer.
People build the internet too. I'm ready to help.
@cwebber I am very much looking forward to reading this thread in full with my morning coffee tomorrow. thanks for putting in the time and energy to clear up the misconceptions around these topics.
@cwebber great thread, it was an experience seeing it update in real time!
@cwebber This was a fun read over the course of the day. I would check out with your breaks and come check back in an hour or two later to continue.
Great analysis and I think you did a good job to be fair to the Bluesky folks and evenly critical of the many challenges we have here on the fediverse side.
Thank you for writing it all up.
many details I don't know and would take me long time to understand in detail.
The problem with collisions because of shortened hashes I know from another system too, it's indeed a bad idea and leads to problems.
Fun-fact is that different content can lead to the same hashes even in full length, when md5 is used. In general I'd assume that problem exists with sha256 or sha256d too, just with lower probability, but I'm not sure.
@cwebber 
cheers. This was an enjoyable read. Perfectly distracted me while I waited for my wife to finish their appointment. 
(JLGatewood) 
@cwebber This thread was the best part of my day. Thank you so much, Christine!
@cwebber thank you for taking all this time to explain
@cwebber Woohoo, I made it to the end!!!
Thanks for this summary. It was a good read. 
@cwebber Thank you for taking your time to write this amazingly elaborate and informative thread. It helped me understand the Bluesky/Fediverse discussion a little better 
@cwebber Thanks for writing this up. Fascinating!
@cwebber Thanks for such a very helpful thread. I generally prefer blogs to long threads, but I suspect the long thread was really necessary this time. I can now read the blog if I want to.
Please advise: does the blog have anything significant beyond the thread?
(I'm particularly interested in content addressable storage and decentralisation, having spent over a year on docker/OCI image relocation. We don't want CAS to be another "Google" design decision.)
@cwebber thanks for all your work here. Informative and entertaining 
@cwebber now refill that cup of tea now and do nostr 
Joke aside, thanks for this thread I think the whole debate is spoiled by the lack of vocabulary, we should stop using "decentralized" and coin some more strictly defined terms 
That was a long read and i have learned a lot from it. Thank you.