shazow.net
A doodler and computerer. I like permissive/permissionless open source, smart contracts, p2p systems, room-scale VR, and NixOS. ๐จ๐ฆ
Also on:
https://shazow.net
https://github.com/shazow
https://farcaster.id/shazow.eth
338 posts
731 followers
353 following
Active Commenter
comment in response to
post
using an NFT to stop people from downloading your JPEG remains a poor idea
both miss the point
comment in response to
post
same way stochastic parrot has been
comment in response to
post
the thing i pattern match most is how similarly low quality the criticisms were, "i can just right-click save your jpeg", "boiling the oceans", etc.
no shortage of grifts in any emerging technology, but high quality critique of what the thing can be at its best is hard to come by.
comment in response to
post
all skepticism and no curiosity is where the problem lives
comment in response to
post
I enjoyed your discussion about this on lobsters! (And also @simonwillison.net's takes there too)
comment in response to
post
at what point do i have to choose a side?
comment in response to
post
What could that function do? It could verify a zero knowledge proof, it could verify a p256 webauthn signature, it could verify some external oracle attestation (e.g. "bank says this is a valid txn"), it can verify 2FA, it can do anything!
This is where we are in the timeline. :)
comment in response to
post
I know what you mean, it is strange coming from a more programming-constrained environment like bitcoin.
With arbitrary onchain programs, the process of "signing" a transaction doesn't have to be an elliptic curve signature, but it can be "any program with a function conditionally returning true".
comment in response to
post
I'm saying that's how cRyPtO worked in 2015, but we're moving past that in 2025. :)
Modern account abstraction doesn't rely on seed phrases, just signers. Again, think webauthn/passkeys or zero knowledge proofs (eg. cryptographic proof that i have access to some email).
Here's a demo: porto.sh
comment in response to
post
There's no seed/recovery phrase. :)
Apps have signers which get added to the contracts here: docs.farcaster.xyz/learn/archit...
If a signer is compromised, then it can do whatever the app could do.
comment in response to
post
Godspeed! The nice thing is another app can provide their own different recovery process, it's not locked down to Warpcast. Even without an app, I can do an onchain transaction to set my own recovery guardian with its own logic if I wanted to. It's quite powerful, and only gonna get better.
comment in response to
post
1. We're moving past seed phrases (don't get trapped in this mental model), with account abstraction we can use anything as a signer, including per-device passkeys or ZK proofs.
2. Recovery guardian is set when the account is created. Whatever app we use can help manage it if given permission.
comment in response to
post
No. There's onchain social recovery, you can assign another address to help you recover your account if it's lost, you can even assign an arbitrary contract with whatever logic you want (timelock, gmail via zklogin, your mom, whatever). By default, they add a Warpcast oracle as a recovery agent.
comment in response to
post
docs.farcaster.xyz/learn/archit...
comment in response to
post
As far as identity/brand goes, Farcaster is an onchain contract on Optimism (I believe this includes app permission management) and you can also use ENS for full self-owned identity if you prefer (I do).
comment in response to
post
Good starting point, thanks for writing it up! :)
I think there's a lot of nuance to add to some of these, but it's a good conversation to have!
comment in response to
post
Also not sure that the lack of an "identity" (or brand) counts as passing. :)
comment in response to
post
What are the issues of moving from Warpcast to another client?
comment in response to
post
The lack of what I call "self-custodied programmable security" is a real issue, I don't think we get to say "just manage your private key better" and call it a day in 2025. IMO social recovery and other advancements are table stakes at this point.
Does Nostr have any avenues in this direction?
comment in response to
post
IANAL but I don't believe that this is a real concern. All of the repos are permissively licensed under MIT.
I have no reason to believe that there's secret patents that predate the OSS code that will come out later, and even so the practical damage is unlikely if not enforced proactively.
comment in response to
post
haha i was expecting someone to comment about nostr being missing since i published it but we made it this far until now!!
would love a similar analysis by someone else under this failure modes framework, wanna do it? :D
comment in response to
post
Would be nice! I hope you liked the Takeaways section at the end, it discusses some ideas for how to reach more robust conditions.
comment in response to
post
Which is why self-custodied signing mechanisms are important, like what Farcaster has. :)
comment in response to
post
I believe it already is, that's the PDS which we can self-host if we want.
The next step is decoupling the signing keys from the PDS (so that we can use a shared PDS but self-custody keys if we want). This is already possible, just not implemented in our tools.
comment in response to
post
Yup, it's a challenge!
I discuss that in the post (the dependence on Bluesky's PDS), but conceptually the architecture at least supports reducing dependence on it (even if it's not the default rn).
I also think multi-polar economic dependence across Bluesky/atproto products is important long term!
comment in response to
post
just saw git-bug on hn this morning and was remembering fond times with you!! <3 <3
comment in response to
post
Some more fruitful discussion in this thread (thanks for engaging @bmann.ca!): bsky.app/profile/bman...
comment in response to
post
๐๐
comment in response to
post
Nah, we shouldn't give up so easily. Part of the claim of the post is that we can design protocols and conditions around products that have better audience guarantees, too.
Agree there's work to do, agree we want more orthogonal apps on atproto, agree that we'll probably get there eventually.
comment in response to
post
I am reviewing "Can my audience be taken away?" (on this app)
I don't think we disagree about atproto in any way, it's a great protocol.
comment in response to
post
How many of the 35 million users' Bluesky apps on their phones will continue to operate when multiple smaller appveiws show up?
Seriously, what percentage of userbase do you suspect would survive?
(Also I suspect my issue with moderation is not coming across accurately.)
comment in response to
post
1. "You still have to build an audience and play by Blueskyโs product rules if you want to borrow the audience there."
2. "You have no barriers in reaching 35M users."
Those two claims are in contention.
comment in response to
post
"You have no barriers in reaching 35M accounts."
What if Bluesky PBC disappears tomorrow along with all the infrastructure they operate?
comment in response to
post
What are your feels on the multi-layer moderation scheme that Bluesky has? That's one of my favourite things, but I feel like opt-in/opt-out layers should be leaned on more heavily and global AppView moderation should be very rare. It's a symptom of a bigger problem when AppView moderation is used.
comment in response to
post
In the context of "how do we build a system robust to losing my audience?" that requires operating enough infrastructure to serve the audience population as it exists, right?
comment in response to
post
for anyone else looking to read this post, here it is: bsky.app/profile/shaz...
comment in response to
post
Behold, zero usage of the word "decentralized".
comment in response to
post
Sent in DM :)
comment in response to
post
i actually wrote a post about this recently, would love your feels on it if you get a chance (sent in dm)
comment in response to
post
I read this through the lens of the topology quip and it made me ๐
comment in response to
post
The word "decentralized" is over, it should just be abandoned, only talk about specific failure modes.
comment in response to
post
agree, it's so convenient to have a scalar to compare yesterday against tomorrow
other energies exist: one is "qualities of trust" that is rapidly changing, shaping our institutions and social movements, some tech can provide foundations for higher quality trust while some tools erode it
comment in response to
post
i think a lot of the frustration and nostalgia comes from wanting to be in an uncontroversial space... remember when learning computer science had obvious utility and a career path and people respected it? it was a fun time
i guess this is what "disruption" feels like, uncertainty about the future
comment in response to
post
"is there real market for it five years in?" IMO this hits the core of the insight
all the money chasing this river is betting the possibility of that 5 year change
to speculate about the future is to make an economic claim that comes with the risk of gains/losses of the claim being right/wrong
comment in response to
post
Not necessarily, it becomes trivial to do great catching at every layer (including same machine).
comment in response to
post
All of it would go away if we had content addressable peer to peer retrieval like IPFS.