The shared /tmp/ directory that can be used by processes of multiple users seems extremely prone to causing this type of issue. I wish there was a common convention for user-specific temp directories on Linux, because a whole class of vulnerabilities could go away.
MacOS handles this great by setting $TMPDIR to some /var/folders/.../ directory that's specific to the current user. Linux does have something similar with $XDG_RUNTIME_DIR (generally /run/user/$UID/), though it's stored in memory only which is a little different from usual for /tmp/, seemingly mainly intended for small stuff like unix sockets.
Without snap, the front door is wide open: all applications you run are unconfined within your user account and can snoop on all of your files. On a normal single-user desktop system, almost everything valuable is within your user account, not root. If an attacker does want root (such as to install a rootkit that can hide itself or to access other user accounts), they can install an alias to sudo on your account and piggy-back on the next time you use it.
LLMs don't use a lot of electricity per user. Why should the fact that the energy usage happens in data centers instead of each user's house be an important moral factor?
If you have a project template or a tool that otherwise sets up a project but leaves it in the user's hands to create a git repo for it or commit the project into an existing repo, then it would be better for it to create a self-excepting .gitignore file than to have to instruct the user on special git commands to use later.
There are plenty of cases where the operator of archive.today refused to take down archives of pages with people's identifying information, so it's a huge double standard for them to insist on others to not look into their identity using public information.
Bluesky is architected so you can export your data and follows and followers to your own or someone else's infrastructure at any time. There are some groups that have taken that offer and moved off of Bluesky's infrastructure (see Blacksky). The fact that most people aren't doing that is a sign that people are happy with how Bluesky-the-company is running things. What's the issue?
And Bluesky is better because you're not locked in and can export your posts, follows, and followers off of their infrastructure if they start being evil or you randomly feel like it. Companies like Twitter effectively wield network effects to stop people from leaving. All of one's activity on Twitter increases the sunk cost to keep them on Twitter in a way that's not true for Bluesky.
I recognize that Bluesky is at present more open than Twitter and that all of the necessary building blocks for the infra are publicly available. That's good of course.
However I think the view you expressed there is misguided. If Bluesky locked out third party infra tomorrow presumably the vast majority of people would not move. Thus vendor lockin via network effects remains. (Ie you are always free to leave but you'd be moving from a metropolis to a backwater.)
The only scenario where this isn't true is one where no more than a few percent of the people you interact with reside on any given node. By that metric small AP nodes pass while large ones such as the flagship Mastodon node fail. Similarly Gmail and Outlook fail while any self hosted mail server passes.
I don't think anyone one knows yet, nor does that answer need to be answered soon, or perhaps ever, bluesky can die and atproto can go on. They are not existentially tied together
> [..] machine-readable archive of information associated with your account in HTML and JSON files. [..] including your profile information, your posts, your Direct Messages, your Moments, your media ([..]), a list of your followers, a list of accounts that you are following, your address book, Lists that you’ve created, are a member of or follow, [..], and more.
(Note that I actually elided some additional things that are included in the export, for readability's sake.)
You can't actually use your followers and following list from X on other sites. With Bluesky, you can move your profile onto other infrastructure, continue to see posts from people you follow, and make new posts that your followers still see like nothing happened. It's like how if you own your own domain name, you can set your MX records to whatever email service you want and change it when you want without affecting anyone you're having email conversations with.
Ah, I see. Your use of the term "export" made me misunderstand. Though now that I've thought about it for a few minutes, I'm not sure what verb makes sense [to me] there. I guess "migrate?"
whether you agree or not, asking "what's the issue" misses the point very badly, since the article is almost entirely about what the issue is (i.e. that most people will not change defaults and the default is to centralise on the bluesky servers)
The fact that the system is built around this escape hatch makes it miles better than almost all other social networks. An escape hatch doesn't need to be used by most people to be valuable.
I know when I’m using a Nostr app because its logo is an endless spinner.
At the scales these systems run at, you need large indexes. Distributing those indexes across many nodes would require a breakthrough in federated queries, and if you have one of those lying around I’d pay good money for it.
Indeed, and as a consequence Nostr has a dogshit user experience and approximately noone on it. Boy I sure love reading nothing and talking to nobody except nerds that jerk themselves off about how decentralized their platform is.
yeah I'm not saying the blog is right or wrong; I'm just saying that describing bsky's features and asking "what's the issue?" means you aren't engaging with what it's actually saying.
Saying you do does not change what others see across your comments. I'd suggest reading the HN guidelines again. I do myself from time to time because there is some good internet decorum wisdoms in there. I hope by reading them, you can see your comments more like how we see them.
reply