with BlueSky I’d have to account for the data volume of all users on the platform as a whole, bringing the data volume way up to tens of terabytes

I think this is a common misconception based on some critics’ incorrect assumptions and back-of-the-envelope math. See the atproto overview for the different components involved, and then this post (from a BlueSky employee) “A Full-Network Relay for $34 a Month” for some numbers.

If I understand correctly, to run a “full nework relay” does mean to consume all of the text posts from all known servers, but not necessarily all of the media, and not necessarily to keep data you aren’t interested in for any long period of time.

Also, you can run your own PDS and/or App Views without running your own relay at all. And, you can also use multiple other people’s relays.

Disclaimer: I’m not an atproto expert, and I haven’t set any of this up myself.

The blog post also says this:

There is one other thing which Bluesky gets right, and which the present-day fediverse does not. This is that Bluesky uses content-addressed content, so that content can survive if a node goes down. In this way (well, also allegedly with identity, but I will critique that part because it has several problems), Bluesky achieves its “credible exit” (Bluesky’s own term, by the way) in that the main node or individual hosts could go down, posts can continue to be referenced. This is possible to also do on the fediverse, but is not done presently; today, a fediverse user has to worry a lot about a node going down. indeed I intentionally fought for and left open the possibility within ActivityPub of adding content-addressed posts, and several years ago I wrote a demo of how to combine content addressing with ActivityPub. But nonetheless, even though such a thing is spec-compatible with ActivityPub, content-addressing is not done today on ActivityPub, and is done on Bluesky.

My comment should have been clearer; what I meant when i said it is more “decentralized architecturally” I was referring to the data model part of the architecture as opposed to the physical server infrastructure currently operating it. The latter is obviously quite centralized still, but the former is designed for resilience against nodes unexpectedly (and permanently) failing.

ok, but, does ActivityPub have portable identity and/or content addressability yet, so that when some of those servers (which are often hobbyist-run and/or tenuously funded) inevitably cease operating their users can continue on a different server? 👀

It’s a rhetorical question, and the answer is no.

otoh, atproto’s PLC DID method is also not really decentralized… but at least the rest of their system is actually substantially more decentralized architecturally than AP is.

To anyone interested in reading a very informative in-depth discussion of this topic, I recommend the blog post How decentralized is Bluesky really? by ActivityPub co-author Christine Lemmer-Webber (followed by this and this).

i looked into other services with did got an llm to put those ideas in the required format for the issue. Can you please point out the hallucinations in the issue so i can go and fix them

No. Asking other people to read (and now also to correct!) your LLM slop is extremely inconsiderate. Please don’t do that again.

that’s utterly trivial for a sufficiently paranoid user’s browser to detect

How many of their users do you think are sufficiently paranoid?

And if it is utterly trivial, I am curious how you think a sufficiently paranoid user actually would go about detecting such an attack, much less detecting it prior to running the malicious javascript and having their keys exfiltrated. For detecting it after the code has already run, ok, I know how to use mitm proxy to record the javascript being sent to my browser. (Which is the first step of detecting an attack… the next steps involve analyzing the legitimate changes to the code and discerning them from malicious changes.)

I could also imagine a variety of ways (using mitm proxy, or a browser extension) to try to avoid running new javascript before seeing it and having a chance to analyze it - but all of the ways I can imagine would require a substantial amount of work, including writing new software.

Do you know of any existing browser extension or other software which sufficiently paranoid protonmail users can/should/do use to detect and/or actually prevent the type of targeted attack I’m describing?

doesn’t work for users on the imap bridge

Yes that is why i said “when using Proton’s web mail interface” - which I expect 100% of users of other interfaces also sometimes log in to.

The cool trick they do is that not even Proton can decode your email. That’s because it never exists on their systems as plain text — it’s always encrypted! The most Proton can do if a government comes calling is give them the metadata — who you emailed and when — but not the text itself.

This is not actually true when using Proton’s web mail interface, because the encryption and decryption is performed by javascript which is sent from Proton’s server to the (signed-in, easy to identify) user every time they load the page. So, when the government comes calling, they can simply ask Proton to send certain users some slightly different javascript once which exfiltrates the targeted users’ keys to them. sadtrombone.mp3

The network never went down.

You say that but, everything I ever posted on identica (and also on Evan’s later OStatus site Status.Net, which i was a paying customer of) went 404 just a few years later. 😢

When StatusNet shut down I was offered a MySQL dump, which is better than nothing for personal archival but not actually useful for setting up a new instance due to OStatus having DNS-based identity and lacking any concept for migrating to a new domain.

https://identi.ca/evan/note/6EZ4Jzp5RQaUsx5QzJtL4A notes that Evan’s own first post is “still visible on Identi.ca today, although the URL format changed a few years ago, and the redirect plugin stopped working a few years after that.” … but for whatever reason he decided that most accounts (those inactive over a year, iiuc, which I was because I had moved to using StatusNet instead of identica) weren’t worthy of migrating to his new pump.io architecture at all.

Here is some reporting about it from 2013: https://lwn.net/Articles/544347/

As an added bonus, to the extent that I can find some of my posts on archive.org, links in them were all automatically replaced (it was the style at the time) with redirects via Evan’s URL shortening service ur1.ca which is also now long-dead.

imo the deletion of most of the content in the proto-fediverse (PubSubHubbubiverse? 😂) was an enormous loss; I and many other people had years of great discussions on these sites which I wish we could revisit today.

🪦

The fact that ActivityPub now is still a thing where people must (be a sysadmin or) pick someone else’s domain to marry their online identity to is even more sad. ActivityPub desperately needs to become content addressable and decouple identity from other responsibilities. This experiment (which i learned of via this post) from six years ago seemed like a huge step in the right direction, but I don’t know if anyone is really working on solving these problems currently. 😢

I started to python one and half week ago. So I’m still beginner.

Nice work! Here are a few notes:

The WeatherApp object has a mix of attributes with long-term (eg self.LOCATIONS) and short-term (eg self.city) relevance. Instance attributes introduced in places other than __init__, which makes it non-trivial for a reader to quickly understand what the object contains. And, actually, self.{city,lat,lon} are all only used from the add_city method so they could/should be local variables instead of instance attributes (just remove the self. from them).

There seem to maybe be some bugs around when things are lowercase and when not; for example checking if self.city.lower() in self.LOCATIONS but then when writing there the non-lower self.ctiy is used as the key to self.LOCATIONS.

The code under if rep == "1" and elif rep == "2" is mostly duplicated, and there is no else branch to cover if rep is something other than 1 or 2.

It looks like the config only persists favorites so far (and not non-favorite cities which the user can add) which isn’t obvious from the user interface.

Passing both location and locations into WeatherAPI so that it can look up locations[location] is unnecessary; it would be clearer to pass in the dict for the specific location. It would also be possible to avoid the need for LOWLOCATIONS by adding a non-lowercase name key to the per-location dictionaries that just have lat and lon right now, and then keeping LOCATIONS keyed by the lowercase names.

HTH! happy hacking :)

By “solar power in operation” (in GW) i think they mean maximum output capacity rather than actual production, since these numbers add up to 923 GW while wikipedia says in 2024 there was 2.13 petawatt-hours (243 GW on average) actually produced by solar.

A uprising in the Roman empire does not count as Britain invading Croatia and Slovenia just because an army originating in the Roman province of Britannia landed in the region which, 16 centuries later, is controlled by these two countries.

You can find an epub of the book on Library Genesis. It is organized by current nation states but is (obviously) referring to historical invasions of their present-day territory.

For Croatia, it does mention events in the fourth century, but also the 19th (when they built a base on the island of Vis) and 20th (when they reoccupied it). Slovenia it admits they “have come perilously close to not invading at all” but points out that (in addition to that fourth-century Roman campaign) the UK did occupy an area including the present-day Slovenian town of Sežana from 1945 to 1947.

In my opinion, yes, the why does in fact matter. This blog post i’ve linked in other comments in this thread is by one of the authors of the ActivityPub spec. If you care enough to comment about it i recommend reading her analysis of what AT Proto gets right and wrong in comparison with ActivityPub.

but you have to question why they’re choosing to reinvent the wheel

you don’t have to wonder why if you take the time to read about why; see the links in my other comments in this thread if you’re curious.

have you read about why they didn’t?

You’re quoting something that says its from 2021, but OP’s image cites the 2013-2017 American Community Survey as its source.

Meanwhile, this interactive map (maybe from 2022?) indicates that only 0.29% (6,181 people) of New Mexico’s population were born in the Philippines, and 0.18% (3,753 people) were born in Germany.

mildly interesting, but i’m pretty sure the size of the largest groups (not to mention the gap between the largest and next largest) are highly variable and in some cases are not particularly large at all, so, mapping only the largest one is vastly oversimplifying things and producing a rather misleading picture. (the census bureau’s data on the subject is here in case any map enthusiasts want to make more informative maps…)