Email or username:

Password:

Forgot your password?
Top-level
Christine Lemmer-Webber

There's another thing about that blogpost that caught my attention. I will just quote it:

> However, there's one other factor that raises this from "a curiosity" to "a big problem": bsky.social uses the same rotationKeys for every account.

187 comments
Christine Lemmer-Webber replied to Christine

> This is an eyebrow-raising decision on its own; apparently the cloud HSM product they use does billing per key, so it would be prohibitively expensive to give each user their own. (I hear they're planning on transitioning from "cloud" to on-premise hosting, so maybe they'll get the chance to give each user their own keypair then?)

Christine Lemmer-Webber replied to Christine

Anyway that's the quote and presumably this must be changed. I haven't looked, but I can't imagine they're still doing this today (are they?) but the fact that only one key was ever used in production for expense purposes is a strange decision

Christine Lemmer-Webber replied to Christine

At any rate, that decision was used to create a kinda confused deputy-ish attack, which is why it came up in the blogpost, and anyway, hi, I'm not a cryptographer, momentary reminder that I am not a cryptographer, but I have designed cryptographic certificate chains and I was pretty shocked by that

Christine Lemmer-Webber replied to Christine

At any rate, one way or another, you can presumably use did:plc to move yourself from one server to another so in the interest of "credible exit" this is a good choice

Though, one might take a moment to ask: who controls the keys if you *do* want to move?

Christine Lemmer-Webber replied to Christine

Bluesky has identified, I'd say correctly even, that key management for users is an *incredibly* hard thing to do.

But the solution, once again, ends up pretty centralized: for all users on Bluesky's main servers at least, Bluesky generates and manages the keys for them.

Keiko replied to Christine

@cwebber That's why I run my own PDS. Then I can manage my own keys. I can't get away from their PLC though...

Christine Lemmer-Webber replied to Christine

I am, once again, kinda sympathetic and kinda unsettled simultaneously.

- Sympathetic: key management *is* hard and we just don't have the UX answers to solve that, and Bluesky is once again trying to deliver to Twitter refugees
- Unsettled: it's centralized, but... there's something *more* troubling

Christine Lemmer-Webber replied to Christine

The big promise here, the "credible exit" side of things is that for most users, the vision they have is that if Bluesky gets bought by a big evil company, no problem, move somewhere else

But for those same users, Bluesky still *controls their keys* and thus *controls their destiny*

Christine Lemmer-Webber replied to Christine

Regardless, Bluesky has this "your domain is your id!" thing, and that's pretty cool, the domain maps to your DID and your DID maps to your domain

Well, I'm not gonna get into this in detail here, I do on the blogpost if you wanna read it but, the cyclic dependency might be an actual cycle

Christine Lemmer-Webber replied to Christine

tl;dr on that UX part:

- users only know domains, they don't know the DIDs
- turns out that's a phishing attack when those can change at any time
- if bsky.app ever goes down how do you actually know I *really* mapped to that name
- and a whole lot of "liveness" problems that enter there

Christine Lemmer-Webber replied to Christine

in addition to this long-ass thread there is a long-ass article and if you care about things like "zooko's triangle" maybe read that version, the rest of y'all can move on we've got other stuff to cover here

Christine Lemmer-Webber replied to Christine

It is time for TEA BREAK 2: THE REHEATENING

I will also go to the bathroom

TMI? If you've read this far into this weird thread I am already giving you too much info

=== TEA BREAK 2 ===

GeePawHill replied to Christine

@cwebber I'mo reply-guy you here: "Well, actually, tho I didn't understand everything, I got new bits and pieces I hadn't understood before, and I'm glad you wrote it."

Enjoy "The Reheatening". I heard the special effects were *wild*.

Berkubernetus replied to Christine

@cwebber Enjoying this thread, although afterwards it would be amazing if you'd roll it into a blog post.

Nelson Chu Pavlosky replied to Christine

@cwebber I think it's great that you're modeling for people that they should take breaks and take care of their bodies.

Christine Lemmer-Webber replied to Christine

I have returned, with tea

I am still not reading notifications. Well, I have seen a few fly by on the fediverse which is blipping and blooping nonstop in the Mastodon UI so people are clearly reading it there

Bluesky says "30+". How big is the +?? I will resist temptation to look and assume "31"

Christine Lemmer-Webber replied to Christine

"Where are we going with this Christine?"

Well you could have just read the blogpost but 3 more sections remain, we are approximately 2/3 there

I know, bear with me, what is left is:

- What should the fediverse do?
- Preparing for the organization as a future adversary
- Conclusions

Christine Lemmer-Webber replied to Christine

Yes, I changed the order of the remaining sections, not from the blogpost but from the last time I said what was left on this thread

pray I do not reorder them again

Christine Lemmer-Webber replied to Christine

Before we get into the next section, earlier I left an easter egg, which you could reply to and say "I found the easter egg" or something

Now you can put 2 eggs

I 2 was once an egg

(Look I specifically transitioned so I could never be accused of making dad jokes again so that does not qualify)

Christine Lemmer-Webber replied to Christine

Alright you've heard enough critiques of Bluesky for a bit and I SAID I was gonna critique the fediverse and I am a WOMAN OF MY WORD

So let's get into it!

Hollie ☕️ replied to Christine

@cwebber <grabs popcorn> :)

No but seriously this thread is great, thank you so much for writing this! I'm learning a lot

Christine Lemmer-Webber replied to Christine

I have actually critiqued ActivityPub and the fediverse a lot! I have kind of never stopped critiquing it, ever since the spec was released. There's a lot that can be improved!

I have even gotten criticism from AT LEAST ONE ActivityPub spec author for critiquing AP-as-deployed but I do anyway

Christine Lemmer-Webber replied to Christine

Actually something that is funny about ActivityPub is that there's "ActivityPub the spec", which I think is pretty solid for the most part, and "ActivityPub-as-deployed"

Many of the critiques I'm about to lay out we left holes in the spec for which I hoped would be filled with the right answers

Christine Lemmer-Webber replied to Christine

One thing we have already discussed so, before I will say anything else, I will repeat: content addressing is really good, and I'd like to see it happen in ActivityPub, and it's *possible to do*, I even wrote a demo of it gitlab.com/spritely/golem/blob

Bluesky does the right thing here, AP should too

Christine Lemmer-Webber replied to Christine

Content addressing is important. It should not matter where content "lives". It should be able to live anywhere.

A server should be able to go down, and content should survive.

Go content addressing!

Christine Lemmer-Webber replied to Christine

Actually with this and several other things I am going to bring up, I actually made sure there was space to do things right: there was a push to make ActivityPub "https-only"

I pushed back on that, I didn't want that requirement, and it was exactly for this reason: enabling content addressing

Christine Lemmer-Webber replied to Christine

This isn't the only time I left a critique of ActivityPub-as-Deployed as opposed to ActivityPub-as-it-could-be: see also OCapPub, which critiques the anti-abuse tools of AP as inadequate and leading to "the nation-state'ification of the fediverse" gitlab.com/spritely/ocappub/bl

Oh, and ocaps!!!

Christine Lemmer-Webber replied to Christine

ActivityPub left giant holes in the spec around two things which sound the same but which are not the same: Authentication and Authorization

Trying to mix these two, you accidentally get ACLs, and then you get confused deputies and ambient authority, plagues of the security world

Christine Lemmer-Webber replied to Christine

Anyway, if you know *anything* about me, you know I am a big fan of capability security (ocaps) and that's the foundation of our work over at @spritely

But we will come back to ocaps in a second because it turns out OCapPub is not the only time I proposed AP + ocaps!

Colin the Mathmo replied to Christine

There is value in invoking the charting 'bot thusly:

Calling @Chartodon spine ...

@cwebber @spritely

Christine Lemmer-Webber replied to Christine

The other time I wrote about ActivityPub + ocaps was in a proposal to, yes, Twitter's Bluesky process in 2020 with Jay Graber titled... "ActivityPub + OCaps"! gitlab.com/-/snippets/2535398

I think that document laid out all the right ideas for *the fediverse* (not saying bsky, the fediverse)

Christine Lemmer-Webber replied to Christine

Now I want to be clear here that I *don't* think that proposal was necessarily the right one for Bluesky, and I *do* think Jay Graber *was* the right person to lead Bluesky

What I wanted to do required a lot more research, and we have done that over at @spritely instead

Christine Lemmer-Webber replied to Christine

The reason I bring up the proposal here is that I think it has all the right analysis of *what the fediverse should do*, if it was going to rise to the challenge of fulfilling its true potential

So let me lay out what the things in that proposal were:

Christine Lemmer-Webber replied to Christine

Here is your recipe for making the "Correct Fediverse IMO (TM)":

- Integrate ocaps, which is possible because actor model + ocaps compose
- Content addressed storage!
- Decentralized identity (notice the *y*, I did not say DIDs) on top of ~mutable CAS storage
- Petname system UX

(cotd...)

Kye Fox replied to Christine

@cwebber Authentication (who's this jerk)

Authorization (does this jerk belong here)

Rocketman replied to Christine

@cwebber Real ActivityPub has never been tried

Alessio :linux: replied to Christine

@cwebber did you already get yourself an agent to turn this into a book?

Canageek replied to Christine

@cwebber Would I be allowed to call them Mom jokes then?

see shy jo replied to Christine

@cwebber great thread also not gonna lie, this is starting to feel a bit like one of those nethack halls that is filled with an infinite line of C's

christine&#39;s avatar repeated several times with &quot;Show more... 12&quot;
Rocketman replied to see shy jo

@joeyh @cwebber I had one of those saying “39” earlier

Kye Fox replied to Christine

@cwebber The nice thing about a domain is, worst case scenario, it's at least an actual domain with a website, so people know where to find me yelling about whatever happened to wipe out my AT presence.

Go Up