Hacker News new | past | comments | ask | show | jobs | submit login

For those not getting the context(like me), this seems to be about the Bluesky Social(https://bsky.app/), a twitter alternative.



Further context: Bluesky lets you use a domain name you own as a user handle.

The official method is to set a TXT record, but apparently their "AT protocol" also lets you confirm a domain by serving `GET your.domainname.com/xrpc/com.atproto.identity.resolveHandle`

and `xrpc` was available as an S3 bucket name :)


Yikes, why didn't they use a /.well-known/ address instead of inventing a new directory? This is entirely on Bluesky, not AWS.


Because tech bros always believe they have a better solution than battle tested standards.


The less edgy, pithy, probably correct explanation is that the over-worked developer wasn't aware of the standard.


Stunning that there are (were) any 4-char bucket names left.


I guess I'm not too surprised in that, unlike domain names, these aren't obviously exposed to end users, so terseness doesn't particularly matter. Verbose and descriptive is honestly better for most names.


And given that bucket names are a giant shared namespace, there's absolutely an incentive toward lots of prefixing to help ensure you get the ones you want.


A while back I made one with a name like "postgresbackups" and was floored to realise later it was a global name.


To this day I don't know why it's a global name. For R2 we looked at this, saw the massive annoyance picking bucket names, and made it scoped to your account. CNAME records are orthogonal and can be set up to point to your bucket with a few button clicks.


Oh yeah, also we're more secure by default. Granted S3 was built a long time ago maybe when security was an afterthought and such mistakes are harder to correct now.

Other things I think we do better on:

* The account is the top-level thing we publish a cert for. Without knowing the bucket name you can't really do anything. With S3's global namespace, each bucket has a cert published which makes all buckets discovered as soon as they're created.

* Not default open to the world

* The R2-managed public bucket cname is shared and the URL for the bucket is random (i.e. just a UUID). Additionally, if you delete and recreate the bucket with the same name IIRC that random UUID is changed.

* We have a lot of sensible extensions like automatically creating a bucket on upload (granted not possible for S3 since buckets are global), setting per-object TTLs, handling unicode more gracefully (I think normalizing the key name is a saner choice with fewer foot guns even if there's some potential compatibility issues when you try to synchronize from a filesystem where you have two files with different forms but same normalized), etc etc etc.


> ensure you get the ones you want

Also to try to avoid having to special-case any logic in terraform etc.

Say you're working on a family of sites for tradespeople like plumber.io, electrician.io, carpenter.io, etc. A fair number of people from India have "occupational surnames" like Miller, Contractor, Builder, Sheriff, etc. Suddenly one Mr. Dev Contractor registers a bucket "contractor-dev" and you have to special-case your bucket names in your terraform.


Yanks too. What do you think Smith, Miller, Farmer, etc. are?


Yep, when writing IaC I always just give it a prefix like "$project-web" and terraform adds a long string of numbers at the end. It's going through CloudFront anyways, so no one should be referencing the bucket name directly unless they're writing to it (and writers can just do `aws s3 ls` to find the name).


N=1, but it appears users often create long and overly verbose bucket names.


Path based bucket addressing isn't supported anymore, so this must be a legacy bucket: https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-...


No, they indefinitely delayed that deprecation. It's still delayed. I bet[1] it never happens. They haven't figured out what to do with S3 VPC endpoints and buckets with dots in the name, which both to this day require path-based addressing and are both completely legitimate uses. They just stopped talking about this plan entirely and it's been years; I think it's dead.

[1] If they ever actually turn off path-style addressing, come find me and I'll PayPal you a dollar. I don't think it'll ever happen.


The person who did it is in this thread, and apparently you are not correct. It was created yesterday: https://news.ycombinator.com/item?id=35821113

(I don't know anything about this personally, but since a lot of people are indicating an interest in this detail of the story, figured I'd try and surface that link better!)


Thanks!


Any time! I was curious about this too.


Path style access is supported for new buckets, at least for now

https://docs.aws.amazon.com/AmazonS3/latest/userguide/access...


Sometimes it feels like companies fund weak competitors to discourage / drown out competition.


There's enough imperfection in the world that no conspiracy is required.


"Never attribute to malice that which can be explained by incompetence"?


Microsoft funded Apple to keep another OS vendor alive, so it's not about discouragement. It's probably a lot cheaper to fund a competitor than paying the gov't and getting tagged as a recognized monopoly



Quick summary: code from Apple’s QuickTime for Windows found its way into Microsoft Video for Windows. The Microsoft investment was the result of Apple winning a lawsuit.


How does Bluesky compare to Mastodon? (Other than letting you register S3 as your user handle)


Here's how I think about it:

* ActivityPub -> AT Protocol (https://atproto.com/)

* Mastadon -> Bluesky (https://blueskyweb.xyz/)

Right now, federation is not turned on for the Bluesky instance.

There are differences in both, however. I'm not going to speak about my impressions of the Mastadon vs Bluesky teams because frankly, Mastadon never really caught on with me, so they're probably biased. ('they' being my impressions, that is, I just realized that may be ambiguous.)

At the protocol level, I haven't implemented ActivityPub in a decade, so I'm a bit behind developments there personally, but the mental model for AT Protocol is best analogized as git, honestly. Users have a PDS, a personal data server, that is identified by a domain, and signed. The location of the PDS does not have to match the domain, enabling you to do what you see here: a user with a domain as their handle, yet all the PDS data is stored on bluesky's servers. You can make a backup of your data at any time, and move your PDS somewhere else with ease (again, once federation is actually implemented, the path there is straightforward though). This is analogous to how you have a git repository locally, and on GitHub, and you point people at the GitHub, but say you decide you hate GitHub, and move to GitLab: you just upload your git repo there, and you're good. Same thing, except since identity is on your own domain, you don't even need to do a redirect, everything Just Works.

This analogy is also fruitful for understanding current limitations: "delete a post" is kind of like "git revert" currently: that is, it's a logical deletion, not an actual deletion. Enabling that ("git rebase") is currently underway. Private messaging does not yet exist.

Anyway if you want to know more the high-level aspects of the docs are very good. Like shockingly so. https://atproto.com/guides/overview They fall down a bit once you get into the details, but stuff is still changing and the team has 10,000 things to do, so it's understandable.


Steve, it's "Mastodon" like the animal and like the band. It hurts to read 4 paragraphs of good relevant text and cringe every time you misspell the name. :(


Ah yeah. I struggle spelling certain words. This is one of them. Thank you and sorry. (I spell the animal and the band this way too. Working on it.)


At least you're not alone in this one - it's so common that e.g. anyone registering anything (domains etc.) with mastodon really ought to keep it in mine and register the equivalent with mastadon.


Hey thank you for the reply, I'm also sorry. I usually have better grace than correcting random strangers on their spelling, but I've shown weakness on this day. :)


It’s all good.

I think the funniest one I struggle with all the time is “parallel.” I always think it should be “paralell.” I put the two parallel lines in the wrong spot in the word!


Thank you for the overview!


You’re welcome. :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: