NSFW, because this is a pattern for him. So, he used to work on Beaker, a Web browser built on top of the Dat/Hypercore DHT. I recall my experience chatting with him and others on IRC. I had been interested because Dat and Beaker were supposedly built with ocap theory, and at the time I was helping to produce a capability-safe object-oriented programming language. Relevant highlights:
- He did not grok the idea that users might dig below the chrome and directly access APIs. This dovetailed with a lackluster approach to security. In capability theory, users are expressly permitted to do anything they are capable of doing; but Beaker's philosophy was that users ought to restrict themselves to only clicking buttons in Beaker's chrome.
- In general, interoperability was not a big priority. I'm not sure if there's multiple Hypercore implementations yet, but at the time, there was only one reference implementation and not enough documentation to reimplement it from scratch. So, I wouldn't be able to federate with their DHT using my custom software.
- I didn't know who the project leaders were. One time, one of the project leaders came onto IRC, and I made the mistake of greeting them. As a result, I was immediately banned from their IRC channel. However, none of them knew how IRC works, and so they did not kick me; in the aftermath, I listened as they went around the room and disavowed me, covering their asses by explaining that they didn't know who I was or why I was in the room.
Those first two points rhyme with his actions here. The third point is where I think we can see things heading in the future.
Everyone wants to trust the client, until it's time to hand out free bigmacs: https://liberda.nl/weblog/trust-no-client/
Bluesky is currently a wonderful microbiome on a deck on the Titanic, watching that spectacular iceberg over there.
at the time I was helping to produce a capability-safe object-oriented programming language
this sounds like absolutely my kind of shit
He did not grok the idea that users might dig below the chrome and directly access APIs.
One time, one of the project leaders came onto IRC, and I made the mistake of greeting them. As a result, I was immediately banned from their IRC channel.
god though, this dev and their projects all sound like a complete garbage fire
this sounds like absolutely my kind of shit
Do you know about Goblins by Spritely Institute? Their CTO is Christine Lemmer-Webber, who was the lead author of the ActivityPub spec.
this looks awesome! I follow Christine on Mastodon but I didn’t know about this
I actually kinda agree with him that these are not the biggest issues around. It is a very common issue (Discord for example has various bugs like this (and iirc even excludes security flaws like this from their bug bounty)) and at least they are working on workarounds.
The bigger issue here is the bad response to the person reporting the bugs.
I could just as easily say that this is a fundamental design flaw shared by Bluesky and Discord; e.g. Signal and IRC don't have this problem. Security isn't just about response to criticism, but about making design choices which protect users.
Well IRC doesn't support rich text at all. Even I can admit some text formatting can be a nice feature sometimes. The "disguised link" issue applies to any medium that allows posting formatted hyperlinks like this: https://example.com/
Allowing this kind of formatting for the link cards seems like an odd choice, and seems to stem from reusing the component for other media embeds. Ultimately it's just an extension of the same principle. With sufficient formatting, you can obfuscate or spoof your hyperlinks. You could argue that the link preview card feature itself is superfluous and not having it at all would help mitigate the issue. The latter part is true, but you need to consider that some people seem to actually want link previews. It's a staple feature for IRC bots, too.
It's true that these oversights make it easier to sneak malicious content in your posts and that presents a legitimate security issue. But I think it's also true that posting a disguised malicious link is trivial in any social media platform. It's an issue inherent to the way the web is structured. I would consider these pretty minor as far as security flaws are considered.
My other feelings about Bluesky as a project aside, I'm sympathetic to them on this one. The presented issues straddle the line between a bug and a feature and at least they're promising mitigations. A noncommittal reply four days later is better than what many companies would give. I'm not commending them for handling this especially well, but I don't think it's TechTakes level bad.
Paul is one of the most approachable and reasonable of the bsky devs. Take someone like Why, who is a crypto dweeb, a rationalist and a Vibecamp regular.
If you start at rationalists, crypto bros or rationalist crypto bros, you may not be picking from the top of the barrel.
Bluesky has one of the best user bases and it's run by rationalist crypto bros who totally aren't nazis, they're just the other ten guys at the table. I think of them reading Scott Alexander rant for the past ten years about the EVILS of feminists, leftists, social justice warriors and non-race-scientists, and GUESS WHO YOUR USERBASE IS MFs