@nicobao.dev
Building @agoracitizen.network, https://github.com/polis-community/red-dwarf & dds.xyz Other online presence: https://linkedin.com/in/nicobao/ https://x.com/nicobaogim https://fosstodon.org/@nicobao https://github.com/nicobao
The new version of Kitty terminal is so good! Adds so many features I've been wanting, especially in modern terminal-based coding agents era sw.kovidgoyal.net/kitty/change...
This is β¦ actually great? I signed in via Element X on iOS.
Atproto really nailed verification mechanisms
6/6 @phinifa.bsky.social , co-autrice du papier, en a parlΓ© lors d'un Tournesol Talk hier Γ Γ©couter absolument π tournesol.app/entities/yt:...
Le papier π www.nature.com/articles/s41...
Sur pourquoi et comment il faudrait modifier ces algorithmes π tournesol.app/entities/yt:...
I'm more bullish for agents using ucan.xyz to authenticate than crypto directly. I wouldn't trust an agent to handle my bank account. But I can trust them to do some actions that are ultimately potentially being charged, so long as I am monitoring it.
Ucan is very simple and powerful.
You're an inspiration!
It's a complex change for agora. But yes I'd like to migrate Agora to atproto asap
This mitigates the rate limit on the centralized did:plc directory. Though they are generous, apparently. So this might not really be a problem.
For the guests that need to be upgraded later, it's probably better to either provision did:plc on the fly or pre-provision a multitude of did:plc, and associate them with the accounts instantly when they interact with the appview
This works best for pure ephemeral identities but it's not appropriate for guests that are meant to be upgraded to full account later is great. Not that did:web is not a full account but did:plc is superior and migrating from did:web to did:plc is not completely supported.
Re on this, @takerufukushima.bsky.social tinkered to find the best way to implement guests. We'll probably going for did:web for each guests. Seems straightforward!
I guess for controlling which server to "federate" to, ActivityPub is better. I'm not interested in these kinds of walled garden mechanisms however.
But to be fair, AI companies have sat on terms of use and software licenses for years, so I don't know why that would change now.
As for AI learning I think it's an orthogonal problem. It's about adding a policy to your PDS about that.
By definition, data flows publicly. Then it's up to the consumer to respect the policy or not and there is nothing much one can do to enforce it.
If you're worried about a hostile takeover, currently you can self host your PDS or host it at a provider you trust.
Like you say, having the option in the settings to have a copy of the root recovery key client side, could be nice.
π―
having used claude extensively for the past couple of months, i think there is still a lot of value to understanding your code and steering it intentionally. the amount of incidental complexity claude accumulates otherwise (which mostly results in bugs that it can't ever fix reliably) is staggering.
Since then, it has evolved into its own nascent working group:
www.dds.xyz
Welcome to join
That being said... The next wave of AI breakthrough is going to kill software engineers for sure. And every other intellectual jobs with it.
Not going to happen before at least a decade probably?
With world models maybe? I don't know enough about AI research to say.
LLM won't kill software engineering. Quite the opposite. So much more work is FINALLY at reach. Things were so slow before. It's still kinda slow now, but we can build so much FASTER!
As a founder and a builder with so many ideas I have no time to work on (even now), it's super exciting!
π
Every such announcement is incredible news for everyone building in the Atmosphere. No better way to signal that atproto is an ecosystem worth investing in.
Huge congrats to @anirudh.fi and @oppi.li you guys rock!
Group photo of some of the people involved in DWeb Camp. Full list and info on https://dwebcamp.org/people
Brewster Kahle in a fireside chat with Wendy Hanamura
Mai telling the story of DWeb Camp
Photo from the little garden outside of c-base
Here is (part of) the team that is making #DWebCamp happen.
We had some truly insightful conversations at @c-base.org yesterday, thank you to all who participated!
For those who are interested but were not able to join, please stay tuned. More coming soon!
Tickets on sale from the 9th March 2026.
Have to experiment. (But no time right now...)
But this is not realistic. It's a huge protocol change.
So I'll probably go with did:key within Lexicon data with the higher level origin being the Appview self-managed did:plc.
Kinda worried about rate-limits on the single did:plc. Maybe I will have to batch did:keys guests in several did:plc hosts
The simplest approach would be for atproto to support did:key instead of did:plc. And then allow upgrading/merging did:key guest accounts into did:plc/did:web accounts.
What's more important is to give users their root recovery key client-side so they can walk away without asking for permission.
It's a cool technology.
But I'm not sure that protecting users against third-party PDS providers forging posts is the right threat to optimize for.
See bsky.app/profile/nico... for my reasoning.
You get the identity sovereignty that matters most without running infrastructure or worrying about where your data is stored and by whom.
AT Protocol already makes migrating between providers far easier than switching email hosts. Option 3 just ensures you're always the one deciding when to move.
This is why option 3 is the crucial middle ground.
A rotation key in your password manager turns "you can leave" from a theoretical right into something almost anyone can exercise, without permission, at minimal UX cost.