Skip Navigation

Bluesky lead dev is dismissive of security flaws

news.ycombinator.com /item
8

You're viewing a single thread.

8 comments
  • NSFW, because this is a pattern for him. So, he used to work on Beaker, a Web browser built on top of the Dat/Hypercore DHT. I recall my experience chatting with him and others on IRC. I had been interested because Dat and Beaker were supposedly built with ocap theory, and at the time I was helping to produce a capability-safe object-oriented programming language. Relevant highlights:

    • He did not grok the idea that users might dig below the chrome and directly access APIs. This dovetailed with a lackluster approach to security. In capability theory, users are expressly permitted to do anything they are capable of doing; but Beaker's philosophy was that users ought to restrict themselves to only clicking buttons in Beaker's chrome.
    • In general, interoperability was not a big priority. I'm not sure if there's multiple Hypercore implementations yet, but at the time, there was only one reference implementation and not enough documentation to reimplement it from scratch. So, I wouldn't be able to federate with their DHT using my custom software.
    • I didn't know who the project leaders were. One time, one of the project leaders came onto IRC, and I made the mistake of greeting them. As a result, I was immediately banned from their IRC channel. However, none of them knew how IRC works, and so they did not kick me; in the aftermath, I listened as they went around the room and disavowed me, covering their asses by explaining that they didn't know who I was or why I was in the room.

    Those first two points rhyme with his actions here. The third point is where I think we can see things heading in the future.

    • Bluesky is currently a wonderful microbiome on a deck on the Titanic, watching that spectacular iceberg over there.

    • at the time I was helping to produce a capability-safe object-oriented programming language

      this sounds like absolutely my kind of shit

      He did not grok the idea that users might dig below the chrome and directly access APIs.

      One time, one of the project leaders came onto IRC, and I made the mistake of greeting them. As a result, I was immediately banned from their IRC channel.

      god though, this dev and their projects all sound like a complete garbage fire

8 comments