|
Jake Gold@jacob.gold |
14113 followers 2317 following 2100 posts
Former engineer @ Tech giant Bluesky Mountain View, CA I like people and other animals, technology, programming, history, gaming, and a lot of other stuff. I probably like you. Views expressed here are my own. DMs open. Email jake@jacob.gold
|
|
Jake Gold
@jacob.gold
[ View ] |
atproto is the first opportunity ever for independent devs to build on a locked-open social network with millions of users. Making this better understood and more accessible (e.g. easier to use SDKs) is all that stands between us and an explosion of much more fun (and healthy) social apps!
1 replies 24 reposts 87 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
This is such a great thing for Go users, open source, and for the maintainers that get to do this work. (Go devs should encourage their companies to sponsor this work. Will pay dividends.) Great job Filippo!
0 replies 8 reposts 36 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Just be happy I didn't use a table!
0 replies 0 reposts 4 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
I suppose we just didn't have them on VHS when I was a kid 😉 Was just reminded by a recent Martin Short interview of him teasing Spielberg with "You've made so many films when are you gonna do the big one??"
0 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
I keep an empty black `empty.html` page as my active browser tab on browser instances I'm not currently using to prevent myself from being distracted by whatever the last active tab would otherwise be. (also nice for making secondary monitors less bright) Can recommend!
1 replies 2 reposts 56 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
DMCA takedown initiated!
0 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
lol, thanks. I *meant* to write 1979 so I would have been wrong either way!
2 replies 0 reposts 3 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
And it certainly solves the problem of having to evaluate all the options every so often. The fact that there's a UUIDv8 that is customizeable really drives home the frustration!
1 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Just watched Close Encounters Of The Third Kind (1997) for the first time and enjoyed it. But it was so distracting every few minutes realizing how many movies were so closely inspired by it. The weird helicopter flashy lights in Independence Day (1996) make a lot more sense now.
2 replies 0 reposts 14 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
I've also yet to come across a case where I really care about leaking the timestamp in the ID. Or maybe once or twice and just had a secondary field that could be used.
1 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Definitely not a bad option but at least some of the time I really need (want) the ability to use the timestamp stored in the ID for TTLs, range/prefix searches, etc. 💠If I used sufficiently large random UUIDs the data I want would be in the ID itself *somewhere*.
1 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
MAUs is incredibly easy to game, especially with a budget/audience. You have to ask what the DAUs are and then do the DAU/MAU math to see what the stickiness looks like. Nothing original about it, but a16z (love 'em or hate 'em) did a great job with this blog post on social app metrics.
0 replies 1 reposts 12 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
ksuids are a base62 and at 27 chars it still feels long. But...we probably don't need base1024 haha!
0 replies 0 reposts 2 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Good point, that's another problem with the typical string version of UUIDs. I'd like base32 at least. Added to the wishlist!
1 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
It's remarkable how well low power devices perform but there's just no way for a 20W iPad to perform the way a 500W+ machine can. I'm always encouraging professionals to get workstations and just use mobile devices when on-the-go.
1 replies 0 reposts 2 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah xid is great but no random component and second-level precision is a deal-breaker for some use-cases...
0 replies 0 reposts 4 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
UUIDv9 should be 256 bits (maybe)
0 replies 0 reposts 4 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Picking identifiers... I suppose UUIDv7's 40 bit random component is almost always enough but I like ksuid's 128 "kill it with fire" approach. Seems like end game for UUIDs is time-ordered, millisecond precision Unix epoch timestamps, >128 bit random component, sortable string representation.
5 replies 0 reposts 16 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
One of those Airbnb's that look much bigger/nicer in the photos. Was 8 of us sharing a bathroom and doubled up in rooms. Was actually a ton of fun but because we could stay up late in the living room debating and start again early the next morning. Everyone agreed that once was enough 😉
1 replies 0 reposts 7 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
How atproto’s current architecture was designed. (iPhone Photos surprising me with some nostalgia)
6 replies 13 reposts 116 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
It’s possible that the Bluesky team is the only to have ever successfully bonded in an escape room. It should’ve been lame but magically wasn’t 😆
#NoClues
8 replies 7 reposts 82 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah, you can go much further!
1 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
That's good but I think they're persistent (they save cookies, etc) so not quite the same thing but maybe even better for many others.
1 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Arc has no Linux version but I've "used" it over @divy.zone's screen sharing and it seems pretty cool.
Can you make a Profile "ephemeral" the way an Incognito is? Because the way all your cookies/etc disappear every time you close it is a big part of the benefit of this pattern.
1 replies 0 reposts 5 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Not sure how many others do this, but I highly recommend: 1. One "trusted" browser instance for your signed-in apps (email, chat, work stuff, etc) 2. One "throwaway" browser instance in Private/Incognito mode for everything else (news, random sites, etc.) It's a big privacy/security improvement.
10 replies 4 reposts 65 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
If you're doing Protobufs/gRPC without Buf and connectrpc.com (especially with Go) you're missing out!
0 replies 1 reposts 15 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
0 replies 0 reposts 12 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Enjoying another day of (sufficiently) permission-less-ly adding services to the internet to do new things... The Internet truly is the existence proof for the greatness of open and decentralized networks.
2 replies 2 reposts 34 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
I've seen it enabled so that hosting companies can allow you to ssh to your instance with some default password. So they wouldn't know the IP range. But there's no good reason to do it like this anymore. They should ask the customer for a public SSH key and place it in the authorized_keys file.
0 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
That is cool, hadn't seen it.
0 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
One of the worst OpenSSH-related things I've seen is Ubuntu installs that generate a `/etc/ssh/sshd_config.d/50-cloud-init.conf` which contains: ``` PasswordAuthentication yes ``` So that a `PasswordAuthentication no` in `/etc/ssh/sshd_config` gets overridden and password auth remains enabled!
4 replies 1 reposts 18 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah, fail2ban helps stop brute forcing but that's not a huge concern w/password auth disabled. The scary thing is undisclosed RCE exploits, which may only need one connection to exploit.
0 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah, temping to want to *replace* SSH's encryption/PKI stuff entirely. Maybe for simple use-cases that'd work but probably not for bigger ones. OpenSSH is very flexible and has lots of third-party support.
1 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
WireGuard does a *lot* less since it has a simpler/different job, so there's a lot less code to get right. And it was developed in an incredibly methodical and diligent way by the great @zx2c4.bsky.social
1 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Sounds awesome! And for cases where you really do just need a shell, would be great. I don't *think* I do anything special with OpenSSH but then I remember I probably do: SOCKS proxying, port forwarding, sftp, etc.
0 replies 0 reposts 11 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
The daemon that hands out shells on server is pretty special. And it's received a lot attention over the years and has a well-deserved reputation (along with OpenBSD software in general) for being secure.
0 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah, it'd be a little extra work but solves the problem for real.
1 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah, the complex implementation of a features is the source of issues. And I get that a lot of it is *necessary* complexity. But it's a lot of surface area to expose to the public internet when the use-case (99% of the time) is private server access.
0 replies 0 reposts 3 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
It's a cool idea but doesn't seem like like the right tool for the job. There's nothing really competitive with WireGuard in terms of simplicity/quality/performance/security/longevity.
0 replies 0 reposts 1 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Nothing could be as bad as some probably-state-actor spending years baking a backdoor in 😆
0 replies 0 reposts 2 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Not secure enough in my opinon. But I do think most people can just: 1. Disable password auth (only use keyS) 2. Restricted port 22/tcp to "trusted" IPs To be sufficiently safe. Can be inconvenient when IPs change, etc. Using WireGuard (or Tailscale) is the ideal.
2 replies 0 reposts 6 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Placed by an initialization service (e.g. cloud init) or generatd and delivered OOB? People running truly public SSH services can just use unwrapped v2 if that was sufficient (for games, etc).
1 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
At some point we dared to believe OpenSSH was secure enough to be public internet-facing. But the protocol it implements is just too complex. A cool long-term fix might be for SSH protocol v3 to be the current v2 just wrapped in WireGuard protocol w/pre-shared keys by default. SSH on port 22/udp!
8 replies 4 reposts 34 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
I gotta reverse-tunnel my gRPC Unix sockets over HTTP2/WebSockets streams.
1 replies 0 reposts 16 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah that’d be great.
0 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
I believe even more strongly than ever in the original mission of creating an open protocol for social apps and believe Bluesky has the best chance of anyone at making it happen. Feel very proud and happy that I was able to contribute. And very lucky to have worked with the team.
5 replies 13 reposts 190 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
My last day working on Bluesky, the company. Will miss working with the team after 1.5 years of working hard/having fun together! Hope to have time for atproto/Bluesky projects in the near future. Have a few ideas that could be important (or at least fun) but couldn't justify spending the time on.
57 replies 29 reposts 533 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Yeah, and those revisions seem to have been most additive... The goal is a good one, the standard/implementations just need some refactoring. Like most first versions!
0 replies 0 reposts 0 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Not sure about his specific issues but have to agree with @cra.mr that OpenTelemetry is overly complex. It's still really useful and I'm grateful it exists, but I do hope for a simplified OpenTelemetry v2.
4 replies 1 reposts 23 likes
|
|
Jake Gold
@jacob.gold
[ View ] |
Surprising how often I have to say this to myself. Easy to find yourself thinking "that solution would be great but would consume at least 10 GB of memory. Too expensive!" ...have to remind yourself that a 16 GB VM is $40/mo in 2024. Gotta keep up-to-date on your "throw hardware at it" intuitions.
4 replies 6 reposts 61 likes