Bluesky downtime: manton.org

@manton Hey, a few clarifications:

> it’s not really fair to frame bsky.app as merely a large server; it’s effectively the only thing right now

Bsky.app isn’t an account server, it’s really just a web client. There’s a fork now at deer.social which can access the same data, if bsky.app site was down.

@manton > When you call the Bluesky API via bsky.social it actually proxies your requests to the appropriate backend data server that might be hosted elsewhere. This makes the API feel very centralized

This is only really true for Bsky-hosted PDSes, I need to call lab.martianbase.net instead of bsky.social

@manton For me, with a self-hosted PDS, the actually centralized parts right now are the AppView, relay and plc.directory. I could still post and talk to some people if bsky.app, bsky.social and Bluesky PDSes were all down (I could post yesterday the whole time).

@mackuba.eu Thanks, I’m going to update the post to reference bsky.social in that line instead.

@manton I’m not 100% sure (can’t check now on mobile), but I think trying to log in with createSession to post records would fail for me. bsky.social is an “entryway” server for authentication, but only for *.bsky.network PDSes.

@manton 1. Bluesky’s about interop and scale, mastos about topological distribution, blockchains are about censorship resistance. Decentralization means different things

1. All of our PDSes got DDOSed. Any PDS that wasn’t stayed online. If the same happened to AP, they would’ve had the same outage

@pfrazee.com I like that summary. I’m going to edit my post a little because I think I got a couple things wrong about PDSes, don’t want to add more confusion.

@manton ActivityPub doesn’t scale correctly for the social media usecase anyway so this is a pretty pointless debate

@manton So you found the mythical edit button, then?

@manton I didn’t think you were far off in your writeup. I was just sharing additional thoughts on my mind

@manton Source of the attack? I’m sure I’m not the only one curious to know.

@manton Was there a DDOS? I could see that anonymous requests were going through fine. It was only the session system that seemed down. Any request with an Authorization header was basically returning a 503 NotEnoughResources.

@manton So does that mean those self hosted pdses could still post to and see each other?

@manton DDoS is a part of life unfortunately, of any online service, of any scale. Mastodon is far easier to DDoS because you just winnuke the crappy unpatched VPS it’s being hosted on and then the hosting provider blackholes your server.

DDoS is a universal, mandatory training on resilience improvement.

@manton Internet based solutions are all prone to DDoS, as the network itself is prone to DDoS. The only thing that we can do is to make DDoS attacks extremely expensive.

@manton Interesting

@manton You’re spot on in your write-up on your blog. This is a similar problem to what was described in the initial Nostr readme under “The problem with Mastodon and similar programs” fiatjaf.com/nostr.html – unfortunately ATProto repos cannot exist in many places yet, so “and similar programs” applies.

@manton #notmypds

@manton.org Ugh, I hope my blog post didn’t add to the stress. I love what y’all are doing with Bluesky, hopefully that came across a little in the post for other folks.

@manton a response to www.manton.org/2025/04/25/b…

@manton oh no manton not at all. You helped relieve stress. I just ended up yapping in your replies

@manton Don’t ignore please, I beg you my family is screaming from hunger. They want to eat please donate to buy food for my family I beg you don’t skip it!!️💔🥲

@manton Sorry manton

@manton ATProto is interesting and seems like a well thought out protocol. But I do wonder what the uptake will be like on other groups running critical infra at scale like relays and PDSes.

@manton hm

@manton No, #ActivityPub is more resilient since it doesn’t need millions of dollars to work. The very existence of the fediverse proves you wrong.

@manton I think the point is use case.

@manton So?

@manton Not about funding or resiliency. But about use case. It’s microwaves and kettles. You can find both on the kitchen counter, but they do different things.

@manton mastodon instances regularly shut because they’re too expensive to run

@manton hm indeed. it’s not like there’s only one social media use case.

i do think ATProto scales better for all-public “flat” networks – and that’s certainly an interesting use case! But what about networked communities with scoped visibility? That’s not implemented yet, so hard to project scaling.

@manton yeah i would rephrase that as “ActivityPub doesn’t scale well for global all-public town-square type social media”

@manton - AP has its flaws too (e.g. not being able to move between servers afaik).

• It is not ATP’s fault that a lot of users don’t self-host their PDS.
• It is not cost millions of dollars to run the ATP, and many have proven that to not be the case.

@manton - Users can move between servers with ActivityPub…

• Hosting their own PDS is insufficient if there is no alternative to Bluesky’s servers.
• Running ATProtocol is surely mostly costless if there is not millions of users to connect with it, which is not the case with Bluesky anymore.

@manton Yet, setting up one is easier and cheaper than financing an alternative to Bluesky’s infrastructure.

@manton Sorry, I’m not that well-versed when it comes to AP, I just went based off what I’ve heard and Wikipedia.

There are several people hosting their own relays and appviews.

@manton And the network doesn’t shut down when one mastodon server goes down. Bluesky doesn’t see this problem yet because it’s too hard right now to run more nodes. (using that term colloquially)