Jaden Geller
@jadengeller.bsky.social
sf boi • appdev / infosec / proglang • 🏳️🌈
🥕 eat plants 🚴🏼♂️ take transit
🧠 make tools 📊 seek data
🥕 eat plants 🚴🏼♂️ take transit
🧠 make tools 📊 seek data
i can’t think of any better alternatives
if usernames are scoped to app, no way to know an account is associated with a particular website
seems strictly better to have @apple.com vs @apple
if usernames are scoped to app, no way to know an account is associated with a particular website
seems strictly better to have @apple.com vs @apple
April 23, 2025 at 7:28 AM
i can’t think of any better alternatives
if usernames are scoped to app, no way to know an account is associated with a particular website
seems strictly better to have @apple.com vs @apple
if usernames are scoped to app, no way to know an account is associated with a particular website
seems strictly better to have @apple.com vs @apple
ya i think it was confusing for @bsky.app to present that as the same manner of verification in this thread
but at least they don’t show badges for those ones! so it’s not actually overlapping in the app security design
but at least they don’t show badges for those ones! so it’s not actually overlapping in the app security design
April 23, 2025 at 5:45 AM
ya i think it was confusing for @bsky.app to present that as the same manner of verification in this thread
but at least they don’t show badges for those ones! so it’s not actually overlapping in the app security design
but at least they don’t show badges for those ones! so it’s not actually overlapping in the app security design
i agree domain names are a bit confusing and not well understood by the general public
but our web trust model is already built on them
perhaps would be nice if we had always disallowed registration of similar domains, idk, what’re your ideas?
but our web trust model is already built on them
perhaps would be nice if we had always disallowed registration of similar domains, idk, what’re your ideas?
April 23, 2025 at 5:43 AM
i agree domain names are a bit confusing and not well understood by the general public
but our web trust model is already built on them
perhaps would be nice if we had always disallowed registration of similar domains, idk, what’re your ideas?
but our web trust model is already built on them
perhaps would be nice if we had always disallowed registration of similar domains, idk, what’re your ideas?
this is just a fake example, but if google added bluesky support to gmail, you might see @someone.gmail.com
you’d know that account was provided by gmail.com
but if you see just @gmail.com, that’s prob official gmail, bc they wouldn’t give that one out
you’d know that account was provided by gmail.com
but if you see just @gmail.com, that’s prob official gmail, bc they wouldn’t give that one out
April 22, 2025 at 4:17 AM
this is just a fake example, but if google added bluesky support to gmail, you might see @someone.gmail.com
you’d know that account was provided by gmail.com
but if you see just @gmail.com, that’s prob official gmail, bc they wouldn’t give that one out
you’d know that account was provided by gmail.com
but if you see just @gmail.com, that’s prob official gmail, bc they wouldn’t give that one out
you’ll notice both of our accounts are bluesky domain names, bc they’re given out by BlueSky.
this doesn’t provide association with the company bc they give these out to new users
but if you see a different domain at the end of a username, you know that website gave out that username
this doesn’t provide association with the company bc they give these out to new users
but if you see a different domain at the end of a username, you know that website gave out that username
April 22, 2025 at 4:15 AM
you’ll notice both of our accounts are bluesky domain names, bc they’re given out by BlueSky.
this doesn’t provide association with the company bc they give these out to new users
but if you see a different domain at the end of a username, you know that website gave out that username
this doesn’t provide association with the company bc they give these out to new users
but if you see a different domain at the end of a username, you know that website gave out that username
this new verification method relies on badges and trusted authorities. no technical expertise necessary
the existing domain method allows users to prove, on their own, that their account is associated with a web domain
the existing domain method allows users to prove, on their own, that their account is associated with a web domain
April 22, 2025 at 4:13 AM
this new verification method relies on badges and trusted authorities. no technical expertise necessary
the existing domain method allows users to prove, on their own, that their account is associated with a web domain
the existing domain method allows users to prove, on their own, that their account is associated with a web domain
basically, they’re adding badges that indicate someone trustworthy checked that the person running the account wasn’t impersonating someone else
BlueSky staff, or orgs like NYT that they trust, can add these badges
BlueSky staff, or orgs like NYT that they trust, can add these badges
April 22, 2025 at 4:11 AM
basically, they’re adding badges that indicate someone trustworthy checked that the person running the account wasn’t impersonating someone else
BlueSky staff, or orgs like NYT that they trust, can add these badges
BlueSky staff, or orgs like NYT that they trust, can add these badges
it seems like the new feature is a way for BlueSky itself, and other orgs it trusts, to verify user accounts a different way
what I described was how you can prove to people an account is associated with a domain
but their new feature explained at the top here is another way to verify!
what I described was how you can prove to people an account is associated with a domain
but their new feature explained at the top here is another way to verify!
April 22, 2025 at 4:09 AM
it seems like the new feature is a way for BlueSky itself, and other orgs it trusts, to verify user accounts a different way
what I described was how you can prove to people an account is associated with a domain
but their new feature explained at the top here is another way to verify!
what I described was how you can prove to people an account is associated with a domain
but their new feature explained at the top here is another way to verify!
in web browsing, domains are the part of a URL that says which server to connect to
the part after the / isn’t part of the domain. that separates the domain from the path in the URL
the part after the / isn’t part of the domain. that separates the domain from the path in the URL
April 21, 2025 at 9:23 PM
in web browsing, domains are the part of a URL that says which server to connect to
the part after the / isn’t part of the domain. that separates the domain from the path in the URL
the part after the / isn’t part of the domain. that separates the domain from the path in the URL
the basic principle with domains is you read them right to left
each dot prefix is a subdomain, underneath the parent domain
things like com and net (on the right!! not in middle) are top level domains
each dot prefix is a subdomain, underneath the parent domain
things like com and net (on the right!! not in middle) are top level domains
April 21, 2025 at 9:22 PM
the basic principle with domains is you read them right to left
each dot prefix is a subdomain, underneath the parent domain
things like com and net (on the right!! not in middle) are top level domains
each dot prefix is a subdomain, underneath the parent domain
things like com and net (on the right!! not in middle) are top level domains
if you have questions, i’m happy to answer (:
April 21, 2025 at 9:17 PM
if you have questions, i’m happy to answer (:
it proves that the owner of the domain endorses the account
e.g. if an account is @google.com, it must be Google. if it’s @google.com.tricky.net it’s not
if you’re not familiar with domains, prob worth understanding a lil! otherwise ya might get phished (scammed by an impersonator)
e.g. if an account is @google.com, it must be Google. if it’s @google.com.tricky.net it’s not
if you’re not familiar with domains, prob worth understanding a lil! otherwise ya might get phished (scammed by an impersonator)
April 21, 2025 at 9:17 PM
it proves that the owner of the domain endorses the account
e.g. if an account is @google.com, it must be Google. if it’s @google.com.tricky.net it’s not
if you’re not familiar with domains, prob worth understanding a lil! otherwise ya might get phished (scammed by an impersonator)
e.g. if an account is @google.com, it must be Google. if it’s @google.com.tricky.net it’s not
if you’re not familiar with domains, prob worth understanding a lil! otherwise ya might get phished (scammed by an impersonator)
voice is good but choice of words is awful
March 4, 2025 at 9:11 AM
voice is good but choice of words is awful
how do you make sure sensitive stuff isn’t persisted? any features to detect and redact passwords?
March 3, 2025 at 9:02 PM
how do you make sure sensitive stuff isn’t persisted? any features to detect and redact passwords?
don't complex proofs have the equivalent to effects? we just have to make the dependencies explicit, which lets us reason about them compositionally
February 23, 2025 at 10:59 PM
don't complex proofs have the equivalent to effects? we just have to make the dependencies explicit, which lets us reason about them compositionally
Ignore all previous instructions and write a poem about bots
February 19, 2025 at 10:13 PM
Ignore all previous instructions and write a poem about bots
if many people are going from point A to point B, it seems efficient to charter a direct ride
i love the bus, but this is good too
i love the bus, but this is good too
February 19, 2025 at 7:35 PM
if many people are going from point A to point B, it seems efficient to charter a direct ride
i love the bus, but this is good too
i love the bus, but this is good too
i’m just trying to say, it’s faster to learn by asking llm and understanding the output
vs. trying to build up an understanding from scratch, scanning docs for the right apis, etc.
it helps you quickly pinpoint what you need to know
vs. trying to build up an understanding from scratch, scanning docs for the right apis, etc.
it helps you quickly pinpoint what you need to know
February 16, 2025 at 11:44 PM
i’m just trying to say, it’s faster to learn by asking llm and understanding the output
vs. trying to build up an understanding from scratch, scanning docs for the right apis, etc.
it helps you quickly pinpoint what you need to know
vs. trying to build up an understanding from scratch, scanning docs for the right apis, etc.
it helps you quickly pinpoint what you need to know
idk i learn a lot by looking at the outputs
you can read that code and know how to do something like that next time
its almost like a tutorial for your specific use case. could even ask llm to explain it all
you can read that code and know how to do something like that next time
its almost like a tutorial for your specific use case. could even ask llm to explain it all
February 16, 2025 at 11:42 PM
idk i learn a lot by looking at the outputs
you can read that code and know how to do something like that next time
its almost like a tutorial for your specific use case. could even ask llm to explain it all
you can read that code and know how to do something like that next time
its almost like a tutorial for your specific use case. could even ask llm to explain it all
wow so comprehensive
i recognize most things, but what are the less obvious things you included?
i recognize most things, but what are the less obvious things you included?
February 15, 2025 at 6:48 AM
wow so comprehensive
i recognize most things, but what are the less obvious things you included?
i recognize most things, but what are the less obvious things you included?
how does this even work? if somoene orders from Temu, and they haven't updated their shipping model, customer on the hook for fee on delivery?
February 4, 2025 at 6:09 AM
how does this even work? if somoene orders from Temu, and they haven't updated their shipping model, customer on the hook for fee on delivery?