chrisb
@boscolo.co
sojourning through the crazy woods (bosco loco)
pondering rainbows and unicorns
pondering rainbows and unicorns
Pinned
chrisb
@boscolo.co
· Jun 13
ATproto devs, app builders, dreamers of a more agentic world—this our opportunity to shape secure, private open E2EE messaging!
This preliminary AT Messaging spec needs your help to finish. Dive in, share your brilliance, join #e2eeWG, and let’s build it together!
github.com/ATProtocol-C...
This preliminary AT Messaging spec needs your help to finish. Dive in, share your brilliance, join #e2eeWG, and let’s build it together!
github.com/ATProtocol-C...
I'm a bit of a dreamer, I want to message people via ATProto using their ATProto Identity and have it be end-to-end encrypted like Signal.
bsky.app/profile/bosc...
bsky.app/profile/bosc...
I wonder if these Fireboxen still run code I wrote.💀
If so, sawry WatchGuard...
"One month later, the Internet watchdog Shadowserver found over 75,000 Firebox firewalls vulnerable to CVE-2025-9242 attacks, most of them in North America and Europe."
If so, sawry WatchGuard...
"One month later, the Internet watchdog Shadowserver found over 75,000 Firebox firewalls vulnerable to CVE-2025-9242 attacks, most of them in North America and Europe."
WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls.
New critical WatchGuard Firebox firewall flaw exploited in attacks
WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls.
www.bleepingcomputer.com
December 19, 2025 at 3:34 PM
I wonder if these Fireboxen still run code I wrote.💀
If so, sawry WatchGuard...
"One month later, the Internet watchdog Shadowserver found over 75,000 Firebox firewalls vulnerable to CVE-2025-9242 attacks, most of them in North America and Europe."
If so, sawry WatchGuard...
"One month later, the Internet watchdog Shadowserver found over 75,000 Firebox firewalls vulnerable to CVE-2025-9242 attacks, most of them in North America and Europe."
@ handle, ✅
Internet Handle, 🚫
The fact that AT needs a PDS and OAuth to login to an app makes the AT Handle the opposite of "an identity solution that actually works".
Soon everyone will have a private key in their pocket, forcing these users to ask a web host for identity is Flintstone-era tech.
Internet Handle, 🚫
The fact that AT needs a PDS and OAuth to login to an app makes the AT Handle the opposite of "an identity solution that actually works".
Soon everyone will have a private key in their pocket, forcing these users to ask a web host for identity is Flintstone-era tech.
December 18, 2025 at 2:29 PM
@ handle, ✅
Internet Handle, 🚫
The fact that AT needs a PDS and OAuth to login to an app makes the AT Handle the opposite of "an identity solution that actually works".
Soon everyone will have a private key in their pocket, forcing these users to ask a web host for identity is Flintstone-era tech.
Internet Handle, 🚫
The fact that AT needs a PDS and OAuth to login to an app makes the AT Handle the opposite of "an identity solution that actually works".
Soon everyone will have a private key in their pocket, forcing these users to ask a web host for identity is Flintstone-era tech.
built in call to action:
Reclaim your @
Reclaim your @
I kinda like just "log in with your @", with whatever explanatory help text, and gradually decrease the amount of explanation needed as it becomes more ubiquitous
(like internet handle but more of a symbol; ideally a cool logo not just the literal @ char, and could be tailored per app)
(like internet handle but more of a symbol; ideally a cool logo not just the literal @ char, and could be tailored per app)
December 17, 2025 at 10:49 PM
built in call to action:
Reclaim your @
Reclaim your @
web♾️
Two things:
1) We have an identity solution that actually works, we can use it to reclaim identity everywhere that people log into things.
2) AT might well be the foundation of the new web.
1) We have an identity solution that actually works, we can use it to reclaim identity everywhere that people log into things.
2) AT might well be the foundation of the new web.
December 17, 2025 at 10:27 PM
web♾️
The most widely recognized logo in the world represents a technology. (To many this IS the Internet)
December 17, 2025 at 9:59 PM
The most widely recognized logo in the world represents a technology. (To many this IS the Internet)
'The “preferences” people “reveal” are a function of what they perceive as being plausible in an environment, given their agency within it."
The team behind Farcaster made changes that upset the user base. This post was a response to the team.
Heed these sage words:
farcaster.xyz/vgr/0x071c16d4
The team behind Farcaster made changes that upset the user base. This post was a response to the team.
Heed these sage words:
farcaster.xyz/vgr/0x071c16d4
Farcaster
A decentralized social network
farcaster.xyz
December 8, 2025 at 7:37 PM
'The “preferences” people “reveal” are a function of what they perceive as being plausible in an environment, given their agency within it."
The team behind Farcaster made changes that upset the user base. This post was a response to the team.
Heed these sage words:
farcaster.xyz/vgr/0x071c16d4
The team behind Farcaster made changes that upset the user base. This post was a response to the team.
Heed these sage words:
farcaster.xyz/vgr/0x071c16d4
if you are in the business of publishing content, AT Protocol is a no-brainer. But also, 15 years too late...😊
there is more than interest, there are like, very aggressive plans. ;) just a complicated thing to do when you have a 15 year archive and lots of dependencies. if we were starting over today i think we'd start a bsky server instead of a website
December 8, 2025 at 5:33 PM
if you are in the business of publishing content, AT Protocol is a no-brainer. But also, 15 years too late...😊
PDSls is my most used tool building in ATproto! 🤩
PDSls now has granular permissions!
If you were already logged in prior to the change, select "edit permissions" in the submenu to apply new scopes
If you were already logged in prior to the change, select "edit permissions" in the submenu to apply new scopes
December 6, 2025 at 4:32 PM
PDSls is my most used tool building in ATproto! 🤩
I've been using @tangled.org recently to submit issues for some projects I'm using. I don't have my email associated with my account which means I don't get any of these notifications.
If there was a way to deliver these app notifications to the ATProto app you choose (eg. 🦋), would you use it?
If there was a way to deliver these app notifications to the ATProto app you choose (eg. 🦋), would you use it?
December 5, 2025 at 8:28 PM
I've been using @tangled.org recently to submit issues for some projects I'm using. I don't have my email associated with my account which means I don't get any of these notifications.
If there was a way to deliver these app notifications to the ATProto app you choose (eg. 🦋), would you use it?
If there was a way to deliver these app notifications to the ATProto app you choose (eg. 🦋), would you use it?
Words matter.
Using words like privacy when you can't protect the data, or end-to-end encrypted when data is sitting on servers unencrypted will ultimately cause people harm.
Also, a camera in your toilet? Seriously? 🙄
Using words like privacy when you can't protect the data, or end-to-end encrypted when data is sitting on servers unencrypted will ultimately cause people harm.
Also, a camera in your toilet? Seriously? 🙄
Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted | TechCrunch
Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.
techcrunch.com
December 3, 2025 at 9:45 PM
Words matter.
Using words like privacy when you can't protect the data, or end-to-end encrypted when data is sitting on servers unencrypted will ultimately cause people harm.
Also, a camera in your toilet? Seriously? 🙄
Using words like privacy when you can't protect the data, or end-to-end encrypted when data is sitting on servers unencrypted will ultimately cause people harm.
Also, a camera in your toilet? Seriously? 🙄
Imagine a world where your mobile carrier doesn't store any information about you.
A world where the only thing they know is whether or not you paid to access the network.
This is the future we are building at @3num.co
A world where the only thing they know is whether or not you paid to access the network.
This is the future we are building at @3num.co
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers.
Freedom Mobile discloses data breach exposing customer data
Freedom Mobile, the fourth-largest wireless carrier in Canada, has disclosed a data breach after attackers hacked into its customer account management platform and stole the personal information of an undisclosed number of customers.
www.bleepingcomputer.com
December 3, 2025 at 9:39 PM
Imagine a world where your mobile carrier doesn't store any information about you.
A world where the only thing they know is whether or not you paid to access the network.
This is the future we are building at @3num.co
A world where the only thing they know is whether or not you paid to access the network.
This is the future we are building at @3num.co
it's funny because it's true
December 3, 2025 at 3:40 PM
it's funny because it's true
Love to see work on privacy preserving payments! 💙
As we've always done, we want what we build to be a reflection of our community.
You would be helping to co-create the next big step in Blacksky's vision.
If you can spare some time this weekend to share your thoughts and feedback of our preliminary designs we would greatly appreciate it.
You would be helping to co-create the next big step in Blacksky's vision.
If you can spare some time this weekend to share your thoughts and feedback of our preliminary designs we would greatly appreciate it.
blacksky.cash Feedback Sessions
The Blacksky Algorithms' team wants to build payment features for community members to send money to one another across the AT Protocol (Blacksky/Bluesky). blacksky.cash would work within the AT Proto...
docs.google.com
December 3, 2025 at 2:42 PM
Love to see work on privacy preserving payments! 💙
Reposted by chrisb
AI coding assistants index your entire codebase, including credentials and customer data.
Each AI coding tool handles security differently.
Configure exclusions and teach AI tools what's off-limits.
www.briangershon.com/blog/securin...
#AICoding #DevTools
Each AI coding tool handles security differently.
Configure exclusions and teach AI tools what's off-limits.
www.briangershon.com/blog/securin...
#AICoding #DevTools
Securing AI Coding Tools: Permission Controls and Credential Protection for Engineering Teams | Brian Gershon
AI coding tools handle security, data retention, and training data differently. This guide helps you quickly find tool-specific security configurations, compare approaches across Claude Code, GitHub C...
www.briangershon.com
December 3, 2025 at 2:45 AM
AI coding assistants index your entire codebase, including credentials and customer data.
Each AI coding tool handles security differently.
Configure exclusions and teach AI tools what's off-limits.
www.briangershon.com/blog/securin...
#AICoding #DevTools
Each AI coding tool handles security differently.
Configure exclusions and teach AI tools what's off-limits.
www.briangershon.com/blog/securin...
#AICoding #DevTools
Great read about the origins of the Internet's biggest surveillance feedback loop—and a proposed way to fix it.
"This equation in many cases has led to End Users using federated login options, trading off concerns such as the fear of being tracked by a particular IDP, for the convenience it offers"
"This equation in many cases has led to End Users using federated login options, trading off concerns such as the fear of being tracked by a particular IDP, for the convenience it offers"
December 2, 2025 at 2:44 PM
Great read about the origins of the Internet's biggest surveillance feedback loop—and a proposed way to fix it.
"This equation in many cases has led to End Users using federated login options, trading off concerns such as the fear of being tracked by a particular IDP, for the convenience it offers"
"This equation in many cases has led to End Users using federated login options, trading off concerns such as the fear of being tracked by a particular IDP, for the convenience it offers"
I don’t often test, but when I do, I do it in production! 🙈
December 1, 2025 at 8:05 PM
I don’t often test, but when I do, I do it in production! 🙈
Reposted by chrisb
Signal is no longer fully encrypted because my friend reads his chats while wearing Meta Sunglasses. 😱
November 28, 2025 at 2:17 PM
Signal is no longer fully encrypted because my friend reads his chats while wearing Meta Sunglasses. 😱
@vitalik.ca donated 128 ETH to chat apps Session and Simplex to further "(i) permissionless account creation and (ii) metadata privacy"
👀
x.com/VitalikButer...
👀
x.com/VitalikButer...
vitalik.eth on X: "Encrypted messaging, like @signalapp, is critical for preserving our digital privacy. Two important next steps for the space are (i) permissionless account creation and (ii) metadata privacy. @session_app and @SimpleXChat are two messaging apps pushing these directions forward." / X
Encrypted messaging, like @signalapp, is critical for preserving our digital privacy. Two important next steps for the space are (i) permissionless account creation and (ii) metadata privacy. @session_app and @SimpleXChat are two messaging apps pushing these directions forward.
x.com
November 26, 2025 at 10:37 PM
@vitalik.ca donated 128 ETH to chat apps Session and Simplex to further "(i) permissionless account creation and (ii) metadata privacy"
👀
x.com/VitalikButer...
👀
x.com/VitalikButer...
I wish I had the confidence of Claude.
After the sixth attempt to fix a gnarly bug, it is still 100% convinced it fixed it this time.
After the sixth attempt to fix a gnarly bug, it is still 100% convinced it fixed it this time.
November 23, 2025 at 4:41 PM
I wish I had the confidence of Claude.
After the sixth attempt to fix a gnarly bug, it is still 100% convinced it fixed it this time.
After the sixth attempt to fix a gnarly bug, it is still 100% convinced it fixed it this time.
“In the end, all security boils down to key management.”
November 22, 2025 at 12:34 AM
“In the end, all security boils down to key management.”
I'm really enjoying coding with my new AI buddy.
Too bad it's not a beer drinker, would love to grab a cold one after work. 🍺
Too bad it's not a beer drinker, would love to grab a cold one after work. 🍺
November 21, 2025 at 3:08 PM
I'm really enjoying coding with my new AI buddy.
Too bad it's not a beer drinker, would love to grab a cold one after work. 🍺
Too bad it's not a beer drinker, would love to grab a cold one after work. 🍺