Costin Manolache

New code is maybe 5% of the job, if you are lucky. Dealing with existing code, policies, requirements and feedback is the hard work. And most of the 'new code' is reusing and wrapping old code.

It works in most cases - but you'll need to poll AFAIK - unless you use some trigger that notifies on insert.

Pretty sure 'requiring a search engine to do anything on the web' is not part of the Web design, and bookmarks also work to find web sites you need.

To be fair - most web pages and new sites have about the same accuracy, just harder to read. Just a human giving impression of accuracy.

Long ago I actually worked on this kind of migrations, I wouldn't say that part was a success in making it simple but lots of domains manage to do it, including registrar and DNS. Migrations are a pain but routine: interoperable standards with many impl are key.

Few MX/CNAME changes to move mail or web hosting to a different provider. Same for identity (if you own the domain). Migrating the content is more work.

A server can also allow multiple IDPs and identities as 'aliases' to access the same account. Identity federation is pretty standard.

Oauth dance to login to the appview/UI. Get JWTs. Use them to make calls to the PDS. Configure PDS to accept specific IDP and identity for a user (handle). Or just add your IDP identity in the DID, as alternate identity (if you are ok with the privacy implications - otherwise the link is private).

Links ? Would love to use one without password.

Neither did HTTP proto - and it didn't work so well, which is why many sites no longer use passwords.
Secret storage (private keys too) is tricky and assuming passwords are 'implementation detail' and 'this time they'll work' - or PDS servers are as secure as a real IDP is risky.

Yes, supporting OIDC JWTs or OAuth on a custom PDS is pretty easy. I don't think the current UI on Bsky will work with it.

Why ? How does the PDS store and handles the passwords ? 2 factor, recovery and all the goodies a real IDP has ? I don't mind running a PDS for storing social data ( or trusting BSky or others to run it ) - but I would rather keep identity in a separate and more secure/standard place.

PDS is a pretty non-standard identity provider that you are forced to use in context of ATproto because auth is locked-in.

Gmail, Github, Facebook, etc are THE identity providers most people use, and the OAuth protocol is designed for federation, not for PDS to be the only possible IDp.

Or even better - support the identity providers most people commonly use, and allow them to configure their own custom ones if they want.

Last thing I want is to use Bsky as an identity provider and have to use a password in 2025.

You need the real OAuth - where users can use their own identity provider - and no longer need passwords. The purpose of the protocol was to allow identity federation, not lock in. Support OIDC JWTs - no need for apikeys.

Just like following suggestions from internet pages with outdated content, except you can ask follow up questions. Even suggestions from 'experts' can give infuriating and wrong suggestions, in particular when they are trying to sell you some complicated solution.

GitHub - EtiennePerot/safe-code-execution: Code execution utilities for Open WebUI & Ollama Code execution utilities for Open WebUI & Ollama. Contribute to EtiennePerot/safe-code-execution development by creating an account on GitHub.

Found this simple, clean wrapper for running gVisor contained shell/python, seems useful in many other scenarios besides LLMs. Forgot how much simpler it is to just share (part of) the rootfs and still isolate the app instead of building custom linux distros for each app.

WebRTC...

What k8s ( vendor, self managed), and how 'long' ( days, weeks, years ?). It doesn't randomly delete pods. Affinity, priorities, disruption budget are common - configuring cluster upgrade depends on vendor.

Or that Moe should have my email and sell it or spam me...

I finally realized YAML is not a bad serialization format, but a markup language, like markdown or html - which also maps to a tree of lists/structs. Still as bad for serialization as xml.

And json/proto.Struct are intended for serialization - not human reading/writing.

Realizing that 'social media' is the fancy name for the old email 'spam'. We had the content - just lacked the algorithms to promote the most engaging or outrageous spams, and the old mail clients made the mistake of filtering it out / hiding it instead of promoting it on top of the Inbox.

Grant, subject/principal are pretty confusing and mostly used to sound fancy and secure IMO. It's the address where you authorize someone to use your identity.

I use open-webui, localai is nice too - in docker.

I have solar panels, no coal used running my local LLM ( seems to be the biggest problem for many people)

Good news: now you can write your own algo anywhere in the world. Bad news: the real problem is trust and reputation. Do you trust all journalists and their owners ? Users need to indicate who they trust ( direct or indirect ) - and algos to use that, without the spam.

Not all support video out at hardware level unfortunately. May run a self-hosted web server, file server with an attached USB disk, webcam. Or good for learning how to install linux (like postmarketos) - or how to replace the battery and screen.

Https ?

Why not everyone ? Only a tiny % of data centers is used by AI, and they tend to buy renewable and adjust use (to optimize costs), just like many electric cars are charged from home solar panels. Anyone using dirty watts - or gas - should pay the full cost.

Tried to read the text - mix all data centers ( AI is still a small percentage), with assumptions that they mostly use diesel ( instead of cheaper renewable). Wonder who is paying for this propaganda and why. That would be interesting to find. Bitcoin miners not having enough electricity ?

certstream.calidog.io is a nice tool.

Certificate Transparency does about the same thing for 'did:web' (which is not atproto-only). Mirrorable, clients are robust. Not all domains with a cert have (yet?) the did doc, but it is not clear why it is needed in the first place (the cert already has identity and pubkey).