I'm left wondering if maybe all the years I spend tinkering with Linux servers and self-hosted infrastructure are just about to pay off big time now that there is a massive move for governments and institutions to take control of their infrastructure... You still pretty much need a human to spin and maintain infrastructure, wire things securely, and monitor... Now I just need to wait until someone rebrands sysop into something cool sounding like Sovereign Re-orchestration Professional, or Reacquisition Specialist... Data Nationalisation Champion
I do this at significant scale and you need a high tolerance for a lot of different negatives to last doing it for governments (and adjacent).
The only exception to this rule I would say is AWS GovCloud, which also might be one of the only chill teams to work at across Amazon. It turns out having "only one way to do it", a system proved through a rigorous vetting process and a thoroughly worked-through contracting process leads to a pretty fantastic work environment for practitioners.
Trying to reimplement that piecemeal is for tougher men than me though. I think I'd rather sit on hot nails.
Joking aside, there is a lot of contract work to help EU quasi-governative entities to move off US clouds. I have been on contract for the last 18 months to recreate some functionality of AWS on top of OVH for a client adjacent to the European Space Agency.
The catch is that being government contract you, the guy doing the actual work, are beneath three or four layers of companies and bureaucracy and you get over engineered yet somehow too vague specs and projects that take 6 months just to get approved. But hey, the pay is good, and it’s for one of the better causes.
My other EU client, a much smaller non-tech company for whom I host their servers, has recently wanted to know if we depend on any US services, to reduce their exposure.
I believe you can get decent work just by advertising yourself as an expert in migrating code and data out of the US.
That said, the job and economy situation is a big question mark and appetite to invest has lessened dramatically so YMMV
I am no economist nor work in sales so my opinion is worthless, but it’s both waiting to see where this AI nonsense leads us, the stock market being an absolute shitshow solely propped up by this AI nonsense while the rest of Europe is in a phase of stagflation, the geopolitical situation at home and with our crazy partner, plus companies readjusting after the end of ZIRP.
Fair to say investments and new projects are a bit harder to come by.
I like his vision. Can you recommend a pod? The UK based Solid Community ones (and others, apparently) are 'experimental'.
"To use this system, you must understand that we cannot make any guarantees regarding the security and privacy of data that you may store in a solidcommunity.net Solid pod, or concerning the system's functionality and availability."
I used to work for timbl's company Inrupt on Solid on the SDK team. Inrupt no longer appears to be doing solid (or at least it's very well hidden if it still exists).
AT Protocol achieved what Solid envisioned without the inane complexities of rdf and json-ld, which were the biggest learning blockers to people actually adopting Solid.
I got hired by a local company exactly for my experience with running linux servers at home and in a semi-professional capacity. They had hired someone with perfect credentials from university with several masters degrees, but they had to let him go after half a year because he did not fit in to their linux environment that has been operating since the 90s. I had no formal education, but many years with tinkering, self-hosting and operating linux machines for a small number of customers, and they could not hire me fast enough. They told me that it is really hard to come by people with this mix of experiences, everything is in the clouds these days.
So the "news" here is they're hosting their own PDS? I think that was the main point of Atmosphere and Bluesky was just a popular gateway to get people into it.
the only true centralized part is the did:plc registry and thats designed to be fully auditable. all canonical data is stored on your pds so if you self host that you get full control.
decentralization is not about the number of app instances but how easy it is to switch from one to another. on that metric bluesky is already better than fediverse.
That’s a very narrow definition of decentralisation. In any case - both atproto and fediverse are massively centralised compared to something like Nostr, and it’s not even close.
The fact that the PDS in practice owns your identity in the vast vast majority of cases is such a dumb trade off that it’s honestly laughable. Should Bluesky decide to splinter off of the network there would be like 50000 people left.
Stop telling people that it’s decentralised in any meaningful way and be honest about it instead. That’s the issue. The dishonesty and tricking users.
2. People who would try to figure exactly how decentralized something is.
If you are the latter, you would instantly question the data model of Bluesky and of Mastodon as well. If you are the former then that just sounds like a buzzword.
Nope. When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it. In every other cryptographic system that is your identity. It is absolutely correct that the PDS has complete control over your keys when it comes to 99.99% of users. I challenge you to prove the opposite.
> A set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID.
One of those properties is the "verification method", which tells you what to do to verify the identity. So you just do whatever is in that, and that gives you the identity. In other words, the broadest part of the spec is very pluggable, it does not describe the answer to your question in all cases.
So let's get more specific: One kind of DID, and the one that's used by virtually all of atproto users, is DID:PLC. As you can see from my DID above, I'm using the PLC method for my DID.
(Note that, before we get into any other part of it, this document points at my PDS, https://morel.us-east.host.bsky.network . So already, without going further, this is why your original comment is wrong: my identity points at my PDS, my PDS does not point at my identity.)
This specifies what goes into the "verification method" of a DID document that uses this method. In this case, if you look at mine, you'll see that it points (eventually) to https://www.w3.org/TR/cid-1.0/, which is what the Multikey stuff is about. From that spec:
> Controlled identifier documents identify a subject and provide verification methods that express public cryptographic material, such as public keys, for verifying proofs created on behalf of the subject for specific purposes, such as authentication, attestation, key agreement (for encryption), and capability invocation and delegation. Controlled identifier documents also list service endpoints related to an identifier; for example, from which to request additional information for verification.
This is already getting deep in the weeds, but the point is that the publicKeyMultibase is the encoded form of the public key that controls my identity. So that's where that lives. What about its associated private key? Well, it can be anywhere! From an identity perspective, the location of the private key doesn't matter. Only that whoever has that key produces information under that identity, when signed.
So let's talk in practice: when you sign up for Bluesky, they store the private key for you. This way, for users that don't care about any of these details, they do not have to think about it at all. It's saved with the rest of your account data, you don't have to worry about backups or anything.
However, at any time, any user can register a rotation key with the PLC directory. To do this, you generate a new public and private key, and then store that private key wherever you'd like. All the usual caveats here apply. You can then use your existing private key to add this new public key to your account. Once you do that, it shows up in your DID document as a rotation key. You can use that rotation key to add more keys, remove the Bluesky owned keypair, whatever you want. Now it's not stored by Bluesky.
The majority of users have not done this, it's true. But they can. Whenever they'd like.
That's a lot of information about something that does not really matter in practice. It's not until ew get to the very end of your comment that we get to the actually relevant part for the discussion.
> So let's talk in practice: when you sign up for Bluesky, they store the private key for you. This way, for users that don't care about any of these details, they do not have to think about it at all. It's saved with the rest of your account data, you don't have to worry about backups or anything.
> However, at any time, any user can register a rotation key with the PLC directory. To do this, you generate a new public and private key, and then store that private key wherever you'd like. All the usual caveats here apply. You can then use your existing private key to add this new public key to your account. Once you do that, it shows up in your DID document as a rotation key. You can use that rotation key to add more keys, remove the Bluesky owned keypair, whatever you want. Now it's not stored by Bluesky.
> The majority of users have not done this, it's true. But they can. Whenever they'd like.
The Bluesky PDS stores (and has access to!) your private keys. They are in full control of your identity. It just so happens that 99.99% of users are on the Bluesky PDSs AND 99.99% of users will choose the path of least resistance and in practice NEVER register an external rotation key. This is exactly the problem. It is massively centralized and a rug pull from Bluesky would effectively just kill off the network.
It's insane that this is just hand-waved away because "you can just self-host" or "you can just register an external rotation key". If you think users will actually do this I have a bridge to sell you.
This is great. The entire idea of AT is that users can move their data for any reason. We want more of this.
But I do think it's always worth pushing back a bit on this idea:
> "The way Bluesky is funded is at odds with the idea of decentralisation because the platform relies on venture capital and operates under a shareholder model."
Large decentralized infrastructure like the internet, DNS, email, and the web was largely built by VC-backed companies.
The most important open source project, Linux, is funded by major tech companies through the Linux Foundation, with $311 million last year.
Corporate incentives do create conflicts, so it makes sense to be paranoid and skeptical. But the idea that companies can't contribute to open and decentralized systems is exactly the wrong lesson to learn.
We want more VC-backed startups working on open social networks and protocols. It would be great if many of them were in Europe.
There were famously government and university programs that played important early roles too. But it was largely people working for companies that actually built these systems.
What organizations do you think created the switches, routers, servers, software, fiber optic backbones? Who created the new protocols?
It was companies like AT&T/Bell Labs, Cisco, 3Com, Sun, UUNET, Netscape, AOL, the major telecoms, and a thousand other companies we don't remember.
Something like 1% inspiration from academia and government, and 99% perspiration by people working inside companies.
I am sure that DARPA, BBN, USC Information Sciences Institute, and many others will be overjoyed to learn that they've been erased from history by the new narrative that Venture Capitalists Built Everything. (-:
Initially, yes, and then they became an important commercial internet service and backbone provider. They were quickly joined by a huge wave of other private companies, almost all VC-backed.
"Commercialized" is probably the word you want, and I'd agree with.
It turns out that commercialization is most of the work of creating a globally decentralized system. Which doesn't mean the non-commercial work wasn't critical.
>The poor need the rich to start a company as banks are prevented (by the rich) from lending to them.
no. the banks hold the poor's money, and it needs to do so without risk because the poor need their money. lending money to start companies that are completly unsecured is too risky for banks, they lend money to buy houses which is secured debt.
Banks lend against homes as the state guarantees the housing market is too big to fail and will bail them out.
Banks often lend at low LTV ratios because the prices are inflated so people on normal salaries can't actually afford to put down a large deposit, which means a slight drop puts them into negative equity but the banks are not concerned as they are protected.
If the state chose to underwrite startups in the same way...
Internet Archive? Non profit. Let's Encrypt? Non profit. ICANN? Non profit. Linux Foundation? Non profit.
VC funding is fine in some contexts, but most of the stack should be non profit driven whenever possible to prevent the eventual enshittification and attempts at capture by profit driven actors. You can always donate to the relevant non profit (code, time, fiat), but by operating the public good as a non profit, you're creating a form of security boundary and reducing attack surface by economic threat actors. Worst case, the VC funded enterprise fails open and the only harm is employees who need to find new jobs and shareholders and investors who experience a capital loss.
We want to continue to own the commons and culture collectively when for profit companies building on public social infrastructure ("open social networks and protocols") close or a suboptimal change of ownership occurs.
Indeed! And that's okay. The money pays the bills, but they do not have control over the non profit. Assuming good faith and no fraud, the money, once given to the non profit, cannot be clawed back by anyone in the future (investors, shareholders, creditors, future owners, etc). They remain "on mission" regardless of what happens to the for profit that provided funding in some capacity. Funding the non profit is a one way transfer of value across a security boundary of control.
Follows work independent of which app you're using, so it works either way. Not an issue.
(Think of it this way: "I am following <username>" is a record stored in my own database, so it doesn't matter which app I click the button on that writes that record.)
Yes, AT proto is about making data available to the public via replication. There's no privacy at all, but it's useful for some things. Hacker News comments don't have any privacy either.
There's another protocol in the works that should be useful for syncing private data:
I'm left wondering if maybe all the years I spend tinkering with Linux servers and self-hosted infrastructure are just about to pay off big time now that there is a massive move for governments and institutions to take control of their infrastructure... You still pretty much need a human to spin and maintain infrastructure, wire things securely, and monitor... Now I just need to wait until someone rebrands sysop into something cool sounding like Sovereign Re-orchestration Professional, or Reacquisition Specialist... Data Nationalisation Champion
SDS, Sovereign Data Specialist ;)
> Sovereign Data Specialist
It immediately makes me think of sovereign citizens and I get twitchy.
MY DATA IS NOT OPERATING IN COMMERCE!
Cloud repatriation engineer, infra sovereignty strategist. Are sysadmins back? Too early to tell imho.
https://xkcd.com/705/
You win. Cloud repatriation engineer.
Delightful! Maybe I'll make some tshirts to hand out at defcon.
Better job titles than any AI CEO could come up with!
I do this at significant scale and you need a high tolerance for a lot of different negatives to last doing it for governments (and adjacent).
The only exception to this rule I would say is AWS GovCloud, which also might be one of the only chill teams to work at across Amazon. It turns out having "only one way to do it", a system proved through a rigorous vetting process and a thoroughly worked-through contracting process leads to a pretty fantastic work environment for practitioners.
Trying to reimplement that piecemeal is for tougher men than me though. I think I'd rather sit on hot nails.
Joking aside, there is a lot of contract work to help EU quasi-governative entities to move off US clouds. I have been on contract for the last 18 months to recreate some functionality of AWS on top of OVH for a client adjacent to the European Space Agency.
The catch is that being government contract you, the guy doing the actual work, are beneath three or four layers of companies and bureaucracy and you get over engineered yet somehow too vague specs and projects that take 6 months just to get approved. But hey, the pay is good, and it’s for one of the better causes.
My other EU client, a much smaller non-tech company for whom I host their servers, has recently wanted to know if we depend on any US services, to reduce their exposure.
I believe you can get decent work just by advertising yourself as an expert in migrating code and data out of the US.
That said, the job and economy situation is a big question mark and appetite to invest has lessened dramatically so YMMV
> That said, the job and economy situation is a big question mark and appetite to invest has lessened dramatically so YMMV
Could you elaborate perhaps a bit more on this on actually why the appetite for investment has lessened? I'd be curious to know more, thanks!
I am no economist nor work in sales so my opinion is worthless, but it’s both waiting to see where this AI nonsense leads us, the stock market being an absolute shitshow solely propped up by this AI nonsense while the rest of Europe is in a phase of stagflation, the geopolitical situation at home and with our crazy partner, plus companies readjusting after the end of ZIRP.
Fair to say investments and new projects are a bit harder to come by.
Tim Berners Lee has Solid
I like his vision. Can you recommend a pod? The UK based Solid Community ones (and others, apparently) are 'experimental'.
"To use this system, you must understand that we cannot make any guarantees regarding the security and privacy of data that you may store in a solidcommunity.net Solid pod, or concerning the system's functionality and availability."
I used to work for timbl's company Inrupt on Solid on the SDK team. Inrupt no longer appears to be doing solid (or at least it's very well hidden if it still exists).
AT Protocol achieved what Solid envisioned without the inane complexities of rdf and json-ld, which were the biggest learning blockers to people actually adopting Solid.
Comparison Between ATProto and Tim Berners-Lee's Solid Protocol - https://news.ycombinator.com/item?id=48724526 - June 2026 (0 comments currently)
Related:
ATProto Permissioned Data Proposal Draft - https://news.ycombinator.com/item?id=48651727 - June 2026 (4 comments)
Why not - eventually it will be The Year Of The Linux Desktop.
I got hired by a local company exactly for my experience with running linux servers at home and in a semi-professional capacity. They had hired someone with perfect credentials from university with several masters degrees, but they had to let him go after half a year because he did not fit in to their linux environment that has been operating since the 90s. I had no formal education, but many years with tinkering, self-hosting and operating linux machines for a small number of customers, and they could not hire me fast enough. They told me that it is really hard to come by people with this mix of experiences, everything is in the clouds these days.
So the "news" here is they're hosting their own PDS? I think that was the main point of Atmosphere and Bluesky was just a popular gateway to get people into it.
Unless I'm missing something else...
That's the plan, but to get to actual decentralization, one of the steps is for more people to actually move their PDS's somewhere other than Bluesky.
(They are not self-hosting; Eurosky is doing it.)
But... if Waag are not self-hosting, and they're not, how likely is it that normal people will start doing so in relatively large numbers?
I don't think that's the goal? If we got to the point where no service hosts the majority of accounts, that would be a pretty good milestone.
That would indeed be a huge improvement over the current situation, with 98.5% of repos hosted directly by bsky (!)
https://atproto.barn.city/
An important part of how this works is that you don't have to make that choice right away.
I've been meaning to move to my own PDS for a few months now. Still haven't. Whenever I decide to get around to it, it'll be fine.
You won’t have decentralisation on Atproto because the protocol itself incentivises centralisation.
the only true centralized part is the did:plc registry and thats designed to be fully auditable. all canonical data is stored on your pds so if you self host that you get full control.
decentralization is not about the number of app instances but how easy it is to switch from one to another. on that metric bluesky is already better than fediverse.
That’s a very narrow definition of decentralisation. In any case - both atproto and fediverse are massively centralised compared to something like Nostr, and it’s not even close.
The fact that the PDS in practice owns your identity in the vast vast majority of cases is such a dumb trade off that it’s honestly laughable. Should Bluesky decide to splinter off of the network there would be like 50000 people left.
Stop telling people that it’s decentralised in any meaningful way and be honest about it instead. That’s the issue. The dishonesty and tricking users.
There are two kinds of people.
1. People who have no idea what decentralized is.
2. People who would try to figure exactly how decentralized something is.
If you are the latter, you would instantly question the data model of Bluesky and of Mastodon as well. If you are the former then that just sounds like a buzzword.
> The fact that the PDS in practice owns your identity
This is incorrect.
1. a PDS stores data, it does not own the identity.
2. Your identity is controlled by a DID, of which most users use DID:PLC.
3. This means the PLC directory controls who owns the identity.
4. Users can upload their own keys into the directory to ensure they have control.
5. At this point, the threat vector is "PLC directory lies", which is why there are transparency logs and independent mirrors.
Nope. When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it. In every other cryptographic system that is your identity. It is absolutely correct that the PDS has complete control over your keys when it comes to 99.99% of users. I challenge you to prove the opposite.
> When I’m talking about identity I’m speaking strictly of the keys that sign your messages and the pub key derived from it.
Me too.
> I challenge you to prove the opposite.
https://web.plc.directory/spec/v0.1/did-plc
Where are your rotation and signing keys stored? Who can access them? Talking here about the majority case.
> Where are your rotation and signing keys stored? Who can acccess them?
This uses public key cryptography, so there's multiple answers here. Let's start at the beginning:
atproto uses DIDs as its identity standard: http://w3.org/TR/did-1.0/
Here is my DID, we'll use this as an example: did:plc:3danwc67lo7obz2fmdg6jxcr
There are three parts, separated by colons: The scheme (did), the method (plc), and the DID method-specific identifier (3danwc67lo7obz2fmdg6jxcr).
To use a DID, such as did:plc:3danwc67lo7obz2fmdg6jxcr, you resolve it into a DID Document https://www.w3.org/TR/did-1.0/#dfn-did-documents
> A set of data describing the DID subject, including mechanisms, such as cryptographic public keys, that the DID subject or a DID delegate can use to authenticate itself and prove its association with the DID.
That document contains various properties that describe the identity: https://www.w3.org/TR/did-1.0/#core-properties
One of those properties is the "verification method", which tells you what to do to verify the identity. So you just do whatever is in that, and that gives you the identity. In other words, the broadest part of the spec is very pluggable, it does not describe the answer to your question in all cases.
So let's get more specific: One kind of DID, and the one that's used by virtually all of atproto users, is DID:PLC. As you can see from my DID above, I'm using the PLC method for my DID.
Its specification is what I linked you to above, https://web.plc.directory/spec/v0.1/did-plc.
You can see my specific entry here, for example: https://plc.directory/did:plc:3danwc67lo7obz2fmdg6jxcr
(Note that, before we get into any other part of it, this document points at my PDS, https://morel.us-east.host.bsky.network . So already, without going further, this is why your original comment is wrong: my identity points at my PDS, my PDS does not point at my identity.)
This specifies what goes into the "verification method" of a DID document that uses this method. In this case, if you look at mine, you'll see that it points (eventually) to https://www.w3.org/TR/cid-1.0/, which is what the Multikey stuff is about. From that spec:
> Controlled identifier documents identify a subject and provide verification methods that express public cryptographic material, such as public keys, for verifying proofs created on behalf of the subject for specific purposes, such as authentication, attestation, key agreement (for encryption), and capability invocation and delegation. Controlled identifier documents also list service endpoints related to an identifier; for example, from which to request additional information for verification.
This is already getting deep in the weeds, but the point is that the publicKeyMultibase is the encoded form of the public key that controls my identity. So that's where that lives. What about its associated private key? Well, it can be anywhere! From an identity perspective, the location of the private key doesn't matter. Only that whoever has that key produces information under that identity, when signed.
So let's talk in practice: when you sign up for Bluesky, they store the private key for you. This way, for users that don't care about any of these details, they do not have to think about it at all. It's saved with the rest of your account data, you don't have to worry about backups or anything.
However, at any time, any user can register a rotation key with the PLC directory. To do this, you generate a new public and private key, and then store that private key wherever you'd like. All the usual caveats here apply. You can then use your existing private key to add this new public key to your account. Once you do that, it shows up in your DID document as a rotation key. You can use that rotation key to add more keys, remove the Bluesky owned keypair, whatever you want. Now it's not stored by Bluesky.
The majority of users have not done this, it's true. But they can. Whenever they'd like.
That's a lot of information about something that does not really matter in practice. It's not until ew get to the very end of your comment that we get to the actually relevant part for the discussion.
> So let's talk in practice: when you sign up for Bluesky, they store the private key for you. This way, for users that don't care about any of these details, they do not have to think about it at all. It's saved with the rest of your account data, you don't have to worry about backups or anything.
> However, at any time, any user can register a rotation key with the PLC directory. To do this, you generate a new public and private key, and then store that private key wherever you'd like. All the usual caveats here apply. You can then use your existing private key to add this new public key to your account. Once you do that, it shows up in your DID document as a rotation key. You can use that rotation key to add more keys, remove the Bluesky owned keypair, whatever you want. Now it's not stored by Bluesky.
> The majority of users have not done this, it's true. But they can. Whenever they'd like.
The Bluesky PDS stores (and has access to!) your private keys. They are in full control of your identity. It just so happens that 99.99% of users are on the Bluesky PDSs AND 99.99% of users will choose the path of least resistance and in practice NEVER register an external rotation key. This is exactly the problem. It is massively centralized and a rug pull from Bluesky would effectively just kill off the network.
It's insane that this is just hand-waved away because "you can just self-host" or "you can just register an external rotation key". If you think users will actually do this I have a bridge to sell you.
This is great. The entire idea of AT is that users can move their data for any reason. We want more of this.
But I do think it's always worth pushing back a bit on this idea:
> "The way Bluesky is funded is at odds with the idea of decentralisation because the platform relies on venture capital and operates under a shareholder model."
Large decentralized infrastructure like the internet, DNS, email, and the web was largely built by VC-backed companies.
The most important open source project, Linux, is funded by major tech companies through the Linux Foundation, with $311 million last year.
Corporate incentives do create conflicts, so it makes sense to be paranoid and skeptical. But the idea that companies can't contribute to open and decentralized systems is exactly the wrong lesson to learn.
We want more VC-backed startups working on open social networks and protocols. It would be great if many of them were in Europe.
> the internet, DNS, email, and the web were largely built by VC-backed companies
Really ?
There were famously government and university programs that played important early roles too. But it was largely people working for companies that actually built these systems.
What organizations do you think created the switches, routers, servers, software, fiber optic backbones? Who created the new protocols?
It was companies like AT&T/Bell Labs, Cisco, 3Com, Sun, UUNET, Netscape, AOL, the major telecoms, and a thousand other companies we don't remember.
Something like 1% inspiration from academia and government, and 99% perspiration by people working inside companies.
How many of those organizations you named were VC-backed?
Cisco, backed early by Sequoia.
3Com, raised $1.1M from three venture capitalists in 1981.
Sun, a Kleiner Perkins portfolio company.
UUNET, raised from Accel, Menlo, and NEA in 1993.
Netscape, backed by Kleiner Perkins.
AOL, backed by Kleiner Perkins.
I am sure that DARPA, BBN, USC Information Sciences Institute, and many others will be overjoyed to learn that they've been erased from history by the new narrative that Venture Capitalists Built Everything. (-:
BBN was a private company...
A private company doing DARPA-funded research.
Initially, yes, and then they became an important commercial internet service and backbone provider. They were quickly joined by a huge wave of other private companies, almost all VC-backed.
Yeah that raised my eyebrow as well. "Popularized" maybe, but "largely built" I think is a mis-characterization.
"Commercialized" is probably the word you want, and I'd agree with.
It turns out that commercialization is most of the work of creating a globally decentralized system. Which doesn't mean the non-commercial work wasn't critical.
>Large decentralized infrastructure like the internet, DNS, email, and the web was largely built by VC-backed companies.
The poor need the rich to start a company as banks are prevented (by the rich) from lending to them.
The rich like VC as it's a tax write-off, they invest in VCs and get even more richer.
Most startups fail, the VC's investors get any leftovers and poor founder walks off empty.
>What about when things go wrong?
In general, if you lose money on an investment, you can offset that “capital loss” against a capital gain you have from something else.</i>
https://www.venturesouth.vc/write-offs
>The poor need the rich to start a company as banks are prevented (by the rich) from lending to them.
no. the banks hold the poor's money, and it needs to do so without risk because the poor need their money. lending money to start companies that are completly unsecured is too risky for banks, they lend money to buy houses which is secured debt.
Banks lend against homes as the state guarantees the housing market is too big to fail and will bail them out.
Banks often lend at low LTV ratios because the prices are inflated so people on normal salaries can't actually afford to put down a large deposit, which means a slight drop puts them into negative equity but the banks are not concerned as they are protected.
If the state chose to underwrite startups in the same way...
Internet Archive? Non profit. Let's Encrypt? Non profit. ICANN? Non profit. Linux Foundation? Non profit.
VC funding is fine in some contexts, but most of the stack should be non profit driven whenever possible to prevent the eventual enshittification and attempts at capture by profit driven actors. You can always donate to the relevant non profit (code, time, fiat), but by operating the public good as a non profit, you're creating a form of security boundary and reducing attack surface by economic threat actors. Worst case, the VC funded enterprise fails open and the only harm is employees who need to find new jobs and shareholders and investors who experience a capital loss.
We want to continue to own the commons and culture collectively when for profit companies building on public social infrastructure ("open social networks and protocols") close or a suboptimal change of ownership occurs.
> Internet Archive? Non profit. Let's Encrypt? Non profit. ICANN? Non profit. Linux Foundation? Non profit.
Non-profits are great and we should have them too. If you look into how these non-profits are funded, it's largely corporate money.
Indeed! And that's okay. The money pays the bills, but they do not have control over the non profit. Assuming good faith and no fraud, the money, once given to the non profit, cannot be clawed back by anyone in the future (investors, shareholders, creditors, future owners, etc). They remain "on mission" regardless of what happens to the for profit that provided funding in some capacity. Funding the non profit is a one way transfer of value across a security boundary of control.
But ... they have a "Follow us on BlueSky" link that goes to bsky.app not esky.something?
Follows work independent of which app you're using, so it works either way. Not an issue.
(Think of it this way: "I am following <username>" is a record stored in my own database, so it doesn't matter which app I click the button on that writes that record.)
On atproto your PDS and the appview you use are not linked. Your data is stored on your PDS and available to any app that handled Bluesky records.
Ah, thanks for the explanation.
And what does this do safety/privacy-wise?
Nothing, except make it more available.
This is why I often argue against (or at least want to point out the dangers of) the ATProto/Bluesky model.
It's an absolute boon for people who want heavy surveillance, government or otherwise.
The looseness and "unreliability" of protocols like Mastodon ironically make them safer.
Yes, AT proto is about making data available to the public via replication. There's no privacy at all, but it's useful for some things. Hacker News comments don't have any privacy either.
There's another protocol in the works that should be useful for syncing private data:
https://github.com/bluesky-social/proposals/pull/94
I am genuinely confused. Isn't the point of public social media to be... public? Or do you use BlueSky to talk to your friends, instead of Signal?
It is but they don't like being on a platform where people can disagree with them. They like their echo chamber.
I don't understand - why not just make a Mastodon server and join the fediverse? Bluesky is a dead end.