Diving into ATProto's details is having exactly the same effect on me 😂

(It's hella fun tho)

Yes to all parts! Do read about BlackSky, which is an independent and interoperable ATProto network, with a number of other folks doing/looking to do the same (NorthSky, Gander, there are so many now!)

You're more than one step ahead of me; I've not ventured into the world of Nix yet!

If there's a way I can help by testing (I have access to macOS/Linux/Windows), by contributing code (modulo my inexperience with Nix and Rust 😅), or otherwise I'd be very happy to.

Option 1 allows for Local First apps, if [a replica of] your PDS is close/on your phone/device.

- Great for flights/travelling 😍
- Great for communities with low bandwidth 🤩

Personally I'm not a fan of using watchdog groups with audit power, as that *is* a lot of power to have. An audit group with incentives that don't align with the people who trust them could do a lot of damage to the ecosystem. (Plus, how would you choose them without centralising?)

I don't get how it'd be complicated — can you help me understand?
If an app can't clearly explain why it needs access to write (or delete) records under a given root NSID then that's a useful red flag in itself, no? (This is exactly like optionally approving scopes for OAuth apps today)

- …default to *on* for NSIDs where the referring page matches (eg. if you've been redirected from bookhive.buzz, then `buzz.bookhive` NSID is auto-on)
- …default to *on* if the referring domain matches ant specified as allowed in the Lexicon

(This hasn't been well thought through; but roughly?)

I've not thought it through, but I'd be looking for something like:
- When you auth you request read, r+write, or rw+delete permissions for each NSID 'root' (eg. com.atproto, app.bsky)
- your PDS OAuth landing page offers a toggle for each, *defaulting to off* (cos no-one reads)
- BUT…

Purchased! These types of magazine got me into this weird software world, least I can do is pass on the favour 😄

This is awesome! Do let us know where to get it if you release it ☺️

Velja is awesome — thanks for the update! JS transforms sound superb!

If you’re ever looking for an Easter egg to implement, may I humbly offer one I’ve been sitting on for 15 years now…

vimeo.com/9632924

Security is hard eh‽ Especially when you can’t make assumptions about the technical context of the person making the choices!

I was expecting (as I build my own ATProto app) that I’d need to approve write access to NSIDs not matching the domain; but presenting a well informed choice would be tough!

Nice! I’ll look forward to reading them 😊

I agree about filesystems, though macOS (at least) does now go to some lengths to sandbox apps (eg. DaisyDisk can’t see my entire file system unless I specifically give it permission, or drop a folder on it to give it permission there)

I appreciate the direct reply — thank you!

Yes! All sorted now, thank you! ☺️

This prompted me to download Zeitgeist — I’m enjoying it!

Would you consider a one-time payment, over a subscription?

I find one-offs much easier to justify for things I want to orient around (otherwise I don’t commit, cos the subscription feels like my flow being held hostage!)