Former engineer @ Tech giant Bluesky
Mountain View, CA
I like people and other animals, technology, programming, history, gaming, and a lot of other stuff. I probably like you.
Views expressed here are my own.
DMs open. Email jake@jacob.gold
atproto is the first opportunity ever for independent devs to build on a locked-open social network with millions of users.
Making this better understood and more accessible (e.g. easier to use SDKs) is all that stands between us and an explosion of much more fun (and healthy) social apps!
1 replies
24 reposts
87 likes
This is such a great thing for Go users, open source, and for the maintainers that get to do this work.
(Go devs should encourage their companies to sponsor this work. Will pay dividends.)
Great job Filippo!
0 replies
8 reposts
36 likes
Just be happy I didn't use a table!
0 replies
0 reposts
4 likes
I suppose we just didn't have them on VHS when I was a kid 😉
Was just reminded by a recent Martin Short interview of him teasing Spielberg with "You've made so many films when are you gonna do the big one??"
0 replies
0 reposts
1 likes
I keep an empty black `empty.html` page as my active browser tab on browser instances I'm not currently using to prevent myself from being distracted by whatever the last active tab would otherwise be.
(also nice for making secondary monitors less bright)
Can recommend!
1 replies
2 reposts
56 likes
DMCA takedown initiated!
0 replies
0 reposts
1 likes
lol, thanks. I *meant* to write 1979 so I would have been wrong either way!
2 replies
0 reposts
3 likes
And it certainly solves the problem of having to evaluate all the options every so often. The fact that there's a UUIDv8 that is customizeable really drives home the frustration!
1 replies
0 reposts
0 likes
Just watched Close Encounters Of The Third Kind (1997) for the first time and enjoyed it.
But it was so distracting every few minutes realizing how many movies were so closely inspired by it.
The weird helicopter flashy lights in Independence Day (1996) make a lot more sense now.
2 replies
0 reposts
14 likes
I've also yet to come across a case where I really care about leaking the timestamp in the ID. Or maybe once or twice and just had a secondary field that could be used.
1 replies
0 reposts
1 likes
Definitely not a bad option but at least some of the time I really need (want) the ability to use the timestamp stored in the ID for TTLs, range/prefix searches, etc.
💠If I used sufficiently large random UUIDs the data I want would be in the ID itself *somewhere*.
1 replies
0 reposts
1 likes
MAUs is incredibly easy to game, especially with a budget/audience.
You have to ask what the DAUs are and then do the DAU/MAU math to see what the stickiness looks like.
Nothing original about it, but a16z (love 'em or hate 'em) did a great job with this blog post on social app metrics.
0 replies
1 reposts
12 likes
ksuids are a base62 and at 27 chars it still feels long.
But...we probably don't need base1024 haha!
0 replies
0 reposts
2 likes
Good point, that's another problem with the typical string version of UUIDs. I'd like base32 at least. Added to the wishlist!
1 replies
0 reposts
1 likes
It's remarkable how well low power devices perform but there's just no way for a 20W iPad to perform the way a 500W+ machine can.
I'm always encouraging professionals to get workstations and just use mobile devices when on-the-go.
1 replies
0 reposts
2 likes
Yeah xid is great but no random component and second-level precision is a deal-breaker for some use-cases...
0 replies
0 reposts
4 likes
UUIDv9 should be 256 bits (maybe)
0 replies
0 reposts
4 likes
Picking identifiers...
I suppose UUIDv7's 40 bit random component is almost always enough but I like ksuid's 128 "kill it with fire" approach.
Seems like end game for UUIDs is time-ordered, millisecond precision Unix epoch timestamps, >128 bit random component, sortable string representation.
5 replies
0 reposts
16 likes
One of those Airbnb's that look much bigger/nicer in the photos. Was 8 of us sharing a bathroom and doubled up in rooms.
Was actually a ton of fun but because we could stay up late in the living room debating and start again early the next morning.
Everyone agreed that once was enough 😉
1 replies
0 reposts
7 likes
How atproto’s current architecture was designed.
(iPhone Photos surprising me with some nostalgia)
6 replies
13 reposts
116 likes
It’s possible that the Bluesky team is the only to have ever successfully bonded in an escape room. It should’ve been lame but magically wasn’t 😆
#NoClues
8 replies
7 reposts
82 likes
Yeah, you can go much further!
1 replies
0 reposts
1 likes
That's good but I think they're persistent (they save cookies, etc) so not quite the same thing but maybe even better for many others.
1 replies
0 reposts
1 likes
Arc has no Linux version but I've "used" it over @divy.zone's screen sharing and it seems pretty cool.
Can you make a Profile "ephemeral" the way an Incognito is? Because the way all your cookies/etc disappear every time you close it is a big part of the benefit of this pattern.
1 replies
0 reposts
5 likes
Not sure how many others do this, but I highly recommend:
1. One "trusted" browser instance for your signed-in apps (email, chat, work stuff, etc)
2. One "throwaway" browser instance in Private/Incognito mode for everything else (news, random sites, etc.)
It's a big privacy/security improvement.
10 replies
4 reposts
65 likes
If you're doing Protobufs/gRPC without Buf and connectrpc.com (especially with Go) you're missing out!
0 replies
1 reposts
15 likes
0 replies
0 reposts
12 likes
Enjoying another day of (sufficiently) permission-less-ly adding services to the internet to do new things...
The Internet truly is the existence proof for the greatness of open and decentralized networks.
2 replies
2 reposts
34 likes
I've seen it enabled so that hosting companies can allow you to ssh to your instance with some default password. So they wouldn't know the IP range.
But there's no good reason to do it like this anymore. They should ask the customer for a public SSH key and place it in the authorized_keys file.
0 replies
0 reposts
1 likes
That is cool, hadn't seen it.
0 replies
0 reposts
1 likes
One of the worst OpenSSH-related things I've seen is Ubuntu installs that generate a `/etc/ssh/sshd_config.d/50-cloud-init.conf` which contains:
```
PasswordAuthentication yes
```
So that a `PasswordAuthentication no` in `/etc/ssh/sshd_config` gets overridden and password auth remains enabled!
4 replies
1 reposts
18 likes
Yeah, fail2ban helps stop brute forcing but that's not a huge concern w/password auth disabled.
The scary thing is undisclosed RCE exploits, which may only need one connection to exploit.
0 replies
0 reposts
0 likes
Yeah, temping to want to *replace* SSH's encryption/PKI stuff entirely. Maybe for simple use-cases that'd work but probably not for bigger ones. OpenSSH is very flexible and has lots of third-party support.
1 replies
0 reposts
1 likes
WireGuard does a *lot* less since it has a simpler/different job, so there's a lot less code to get right. And it was developed in an incredibly methodical and diligent way by the great @zx2c4.bsky.social
1 replies
0 reposts
0 likes
Sounds awesome! And for cases where you really do just need a shell, would be great.
I don't *think* I do anything special with OpenSSH but then I remember I probably do: SOCKS proxying, port forwarding, sftp, etc.
0 replies
0 reposts
11 likes
The daemon that hands out shells on server is pretty special.
And it's received a lot attention over the years and has a well-deserved reputation (along with OpenBSD software in general) for being secure.
0 replies
0 reposts
0 likes
Yeah, it'd be a little extra work but solves the problem for real.
1 replies
0 reposts
0 likes
Yeah, the complex implementation of a features is the source of issues. And I get that a lot of it is *necessary* complexity.
But it's a lot of surface area to expose to the public internet when the use-case (99% of the time) is private server access.
0 replies
0 reposts
3 likes
It's a cool idea but doesn't seem like like the right tool for the job. There's nothing really competitive with WireGuard in terms of simplicity/quality/performance/security/longevity.
0 replies
0 reposts
1 likes
Nothing could be as bad as some probably-state-actor spending years baking a backdoor in 😆
0 replies
0 reposts
2 likes
Not secure enough in my opinon.
But I do think most people can just:
1. Disable password auth (only use keyS)
2. Restricted port 22/tcp to "trusted" IPs
To be sufficiently safe. Can be inconvenient when IPs change, etc.
Using WireGuard (or Tailscale) is the ideal.
2 replies
0 reposts
6 likes
Placed by an initialization service (e.g. cloud init) or generatd and delivered OOB?
People running truly public SSH services can just use unwrapped v2 if that was sufficient (for games, etc).
1 replies
0 reposts
0 likes
At some point we dared to believe OpenSSH was secure enough to be public internet-facing. But the protocol it implements is just too complex.
A cool long-term fix might be for SSH protocol v3 to be the current v2 just wrapped in WireGuard protocol w/pre-shared keys by default.
SSH on port 22/udp!
8 replies
4 reposts
34 likes
I gotta reverse-tunnel my gRPC Unix sockets over HTTP2/WebSockets streams.
1 replies
0 reposts
16 likes
Yeah that’d be great.
0 replies
0 reposts
0 likes
I believe even more strongly than ever in the original mission of creating an open protocol for social apps and believe Bluesky has the best chance of anyone at making it happen.
Feel very proud and happy that I was able to contribute. And very lucky to have worked with the team.
5 replies
13 reposts
190 likes
My last day working on Bluesky, the company. Will miss working with the team after 1.5 years of working hard/having fun together!
Hope to have time for atproto/Bluesky projects in the near future. Have a few ideas that could be important (or at least fun) but couldn't justify spending the time on.
57 replies
29 reposts
533 likes
Yeah, and those revisions seem to have been most additive...
The goal is a good one, the standard/implementations just need some refactoring. Like most first versions!
0 replies
0 reposts
0 likes
Not sure about his specific issues but have to agree with @cra.mr that OpenTelemetry is overly complex. It's still really useful and I'm grateful it exists, but I do hope for a simplified OpenTelemetry v2.
4 replies
1 reposts
23 likes
Surprising how often I have to say this to myself. Easy to find yourself thinking "that solution would be great but would consume at least 10 GB of memory. Too expensive!"
...have to remind yourself that a 16 GB VM is $40/mo in 2024.
Gotta keep up-to-date on your "throw hardware at it" intuitions.
4 replies
6 reposts
61 likes