I think short form video specifically is pretty bad (in high volume)
https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2023.1298361/full
Natanael
joined 1 year ago
The biggest individual difference is that bluesky makes identity independent of the hosting server (via cryptographic keys) and makes content location independent of the hosting server (via content addressing).
And these features together also enable more efficient caching and propagation in the network as well as enabling features like custom feeds and 3rd party moderation tooling which works the same independently of which server you're on. So Bluesky can give you a better global view of the network and more efficient communication between users on many different servers in the same thread.
Ironically enough, Jack's other favorite place Nostr (which is built as P2P with repeater nodes) is also adding moderation tooling similar to that in Bluesky (labelers making use of the content addressing and account key ID) to flag stuff
You can also spin up your own Bluesky PDS (the account server) since federation is live now, or your own appview (basically the feed display server that has most of the smarts) and point your app to it, or set up your own relay (CDN like server) and point your appview and even point feed generators to it (3rd party custom feeds are supported in Bluesky)
So if you don't like the decision made by anybody else you can just replace them. And yeah, just like on Mastodon nobody's going to use unmoderated appviews, subscribe to scrappy feeds, or federate with a PDS hosting only shitty people.
Not easy to find a new job with a new team working out as well as the old team, leaving together is hard to organize, establishing a new company with the group who left is waaay harder unless you're a bunch of supergeniuses, and chances are you'll just have to sell anyway due to lack of a PR machine and distribution channels like what the big publishers have.
Unless the small studio basically starts off as a co-op you devs don't have much of a voice.
It's all for the profit margin that quarter
Keep in mind that because few residential users max out capacity simultaneously the ISPs "overbook" capacity, and usually this works out because they have solid stats on average use and usually few people need the max capacity simultaneously.
Of course some ISPs are greedier than others and do it to the extreme where the uplink/downlink is regularly maxed out without giving anything near the promised bandwidth to a significant fraction of customers. The latter part should be disincentivized.
Force the ISPs to keep stats on peak load and how frequently their customers are unable to get advertised bandwidth, and if it's above some threshold it should be considered comparable to excess downtime, and then they should be forced to pay back the affected customers. The only way they can avoid losing money is by either changing their plans to make a realistic offer or by building out capacity.
I'm tech support so I've seen some stuff, sooo many intranet sites on internal servers don't have HTTPS, almost only the stuff built to be accessible from the outside has it. Anything important with automatic login could be spoofed if the attacker knows the address and protocol (which is likely to leak as soon as the DHCP hijack is applied, as the browser continues to send requests to these intranet sites until it times out). Plaintext session cookies are also really easy to steal this way.
Chrome has a setting which I bet many orgs have a policy for;
https://chromeenterprise.google/policies/#OverrideSecurityRestrictionsOnInsecureOrigin
Of course they should set up TLS terminators in front of anything which doesn't support TLS directly, but they won't get that done for everything
These types of attacks would likely be implemented via DHCP spoofing / poisoning, unless you're on a malicious network
Plaintext connections inside corporate networks can still be MITM'ed if the adversary knows what they're targeting, while they can't connect to the corporate network they can still steal credentials
Hilariously enough, Windows users can use WSL to run a Linux VPN (but only applications running in WSL are safe if I understand the attack right)
Yeah, it's like a fake traffic cop basically, sending your (network) traffic down the wrong route
Bluesky is open source and have a site for documentation
Splitting off identity means you can bail and take your friends and post history with you when a server either goes down, gets hacked, or if the admin goes insane, or if it gets freenoded (hostile takeover and impersonation)
On bluesky the closeness comes more from the personal connections plus the choice of feeds