Even when Bluesky confirmed it's a DDoS, the line is now "maybe they wouldn't have gotten DDoSed if they didn't vibecode and their code was better."
The context of the "jokes", regardless of if one finds them funny, is that this is exactly how AI boosters (including the bluesky team) have been behaving.
Every little benefit, no matter how small or unfounded, was being attributed to AI usage. So people do the opposite, attributing every little problem to the use of AI.
The implied punchline being "Oh, so now you care about accuracy?"
It's funny how closely bsky has replicated the dynamic of old Twitter where the people who run it and the people who use it have completely different priorities and loathe each other.
Also worth considering that there is a lot of anti-AI sentiment outside of our bubble! Maybe not a majority, but the minority is very vocal.
There is apparently a blog post going around but I am blocked by the person who posted it. I would still wait for the RCA. (EDIT: this is the blog post, it's about an outage a week ago, and does not mention AI: https://pckt.blog/b/jcalabro/april-2026-outage-post-mortem-2... )
Seems they might have failed to host the status page (https://status.bsky.app) separately as well, because that went down several times throughout the outage. They also weren't very active in updating the status page, and the notice that was there had a typo of 'reginos' and a description of 'null'.
lol
It feels like, outside of custom behavior tracking, there's no good way to truly protect your site without making it more restrictive in general. Require JS, client side challenges, cloudflare.
I may have the division between Bluesky and Blacksky off, but ATProto does allow this sort of thing. Hosting a PDS is trivial and requires very few resources. Hosting a full app view can be expensive depending on how many PDSes you're ingesting from, but you can decide how much of that you want to do.
Is it possible to have any certainty when answering that question?
If you're asking in general, DDoS attacks can absolutely serve a purpose - either to punish an organization that the attackers are unhappy with, or to hide some other more targeted attacks in a flood of errors, weird behaviors, and tired sysadmins.
I'd be interested in how the attack manifests. Is it an actual DDoS? Is it highly aggressive scraping? We should be able to see this in how the attack manifests itself. What is the sources? That's a little harder, but it would be interesting to know if it's compromised devices, residential proxies, rented cloud capacity or something else.
There are more now then there ever have been in number of infected hosts and total data volume.
The internet is a big place.
”On 13 April 2026, 21 countries joined forces in a coordinated action week that focused on enforcement and prevention measures against over 75 000 criminal users engaging in distributed denial-of-service (DDoS)-for-hire services. With over 75 000 warning emails and letters being sent to identified criminal users and 4 arrests, the action week also led to the takedown of 53 domains and the issuing of 25 search warrants.”
Source: https://www.europol.europa.eu/media-press/newsroom/news/euro...
Granted, all the smaller instances are likely easier to DOS as they are small instances. But mastodon is actually decentralized. If any one instance goes down, everything else keeps working. Unlike Bluesky and ATProto which is more of a theoretical “could be” decentralized.
Even if it does, the point of Cloudflare's WAF is to avoid the traffic touching the origin if the security check doesn't succeed, so any nginx solution isn't really providing the same value.
They have designed a protocol that could theoretically be decentralised. Then reality hit, and it was centralised.
Sure, much like how email is decentralized in theory but barely is in practice. This doesn’t mean that the decentralized nature is just a marketing gimmick.
It’s unsurprising that almost everyone uses the Bluesky app given that A) the infrastructure for hosting your own relay or app view (I can’t remember which) didn’t have a reference implementation until a while after launch, and B) the user base is much less tech-y than what I’ve seen on Mastodon. Most of the user base moved over in the flight from Twitter/X a couple years ago. I think if it had come out at a different time you’d see something which looked a lot more like Mastodon’s large population distribution.
Also, while this doesn't really matter it looks like the number of users on non-Bluesky PDSes is 1.42% of the total, not 0.001%.
> They have designed a protocol that could theoretically be decentralised. Then reality hit, and it was centralised.
Could you explain what you mean by the underlying protocol having become centralized over time? While I can understand arguing about whether or not Bluesky-the-social-network is practically decentralized to the degree of something like Mastodon or that it became more centralized over time, I think arguing that ATproto[1] itself isn’t decentralized would be ludicrous.
the amount of people not updating anyway is less than .1%
My mastodon account is not even on mastodon.social, because why would I, when I could have a home server closer to home
Can i run a private node? can i run a functional node completely within my network segment? because i can with gnusocial and misskey; i've never run mastodon; i am on fosstodon and a couple of other mastodon-likes.
bluesky is to discord what mastodon (fedi) is to IRC.
don't let the fact that most people use the main instances fool you, there's thousands (maybe tens of thousands) of instances. I haven't seen a tally recently, i forget the account that shows them for each "instance type", like pleroma, misskey, mastodon, pixelfed, whatever the reddit clone is, whatever the 4chan clone is, and so on.
anyhow when elon bought twitter mastodon surged. I hope they didn't spend millions upgrading the main instances because most of that dropped off because, you know, everyone's on twitter. only a few million on mastodon.
My whole point is, trying to shoehorn words like "distributed" into a system that i cannot run independently is, well it's just not distributed, that's all.
edit: maybe this is sour grapes because i never got an invite; but maybe i think it's just twitter with a different coat of paint and different buzzwords attached.
I explicitly told them that I want something distributed and that's a high priority, not a nice-to-have.
Yesss, there's definitely some very cheeky marketing going on.
You have no way to prove an account made after the original instance went down belongs to someone, that’s the issue with federated systems.
As for content moderation, in nostr relay operators such as nostr.build handle legal takedowns on a daily basis, SSB is a little trickier since it’s mostly p2p but pubs are still able to control what flows through them to some degree.
Hard disagree. Email is very much decentralized. Doesn't mean that there's still a long tail distrubtion, but its not like 99.999% of email accounts are on Gmail. And I can set up an email account in a few minutes and by choosing from a list of thousands of providers all over the world.
It looks like about 97% of people use iCloud, Gmail, or Outlook as their provider. That doesn't feel like it's terribly different. The people not using one of those big three make up a comparable percent of the total as the number of Bluesky users using alternative PDSes.
Three providers vs one provider does feel very different if those are the only option, but that's not the case for email or Bluesky/AT proto.
> I can set up an email account in a few minutes and by choosing from a list of thousands of providers all over the world.
You can also set up an account on a different PDS and/or use a different app view quite trivially too so I'm not sure that's substantially different.