I spent more time this week watching interesting things rather than reading interesting things. I'm back at work after a few weeks off so it was easier to throw on a YouTube video and do some multitasking. But also it was shortly after ATmosphere Conf '25, so the videos were going up and folks across bsky kept referencing the talks. So I went ahead and watched 'em all.

I almost made each of the 5 things a separate talk, but I squished 'em into a single item so it didn't eat up everything else.

1. ATmosphere Conf '25 Talks

I've had a Bluesky account for a little over a year, but I've only actually used it for, like, three months.

I've mentioned it before, but I come from the ActivityPub world, as well as just like the Web in general. I was of course aware of Bluesky before I signed up. And I had heard of ATproto and knew some general things about it.

And as I mentioned in a previous post, I've been keen to learn how ATproto and the whole ecosystem has been developing.

I saw a lot of devs being really excited and really hopeful and experimenting with a lot of cool stuff. Those are all things I expected to see, of course, but it was still nice to see.

But what I was even more pleased to see was people being realistic, pragmatic, or even downright cynical. People taking "the company is a future adversary" seriously and thinking about how ATproto grows and runs separately from Bluesky. People thinking about hard infrastructure, scalability, and governance concerns.

One project I think is really cool is lexicon.community. Standardized and community-owned lexicons are really important for building partially or fully interoperable applications that can complement or co-exist alongside one another. What good is this really cool decentralized protocol if everyone just uses it to build a bunch of siloed applications? At that point, ATproto would just be a glorified OAuth provider for most folks (since they aren't running their own PDS). Encouraging different applications to remix and interoperate with data written by other application is where the real magic will live, I think.

I also really liked the talk of "medium-sized" communities. I've written several times on this blog that global-scale communities weird me out a bit. I've compared it to going out to a bar and listening in on all the ambient conversations. Like, fun sometimes, but not my ideal way of connecting with people. I hope people continue to think about small and medium communities in this space.

Anyway, if you're looking to get into ATproto, you could do worse than seeing what some of these Very Smart People have to say in their talks. I know linking to several hours of videos doesn't necessarily provide enough direction to get started, but--

2. Trapping misbehaving bots in an AI Labyrinth

This one has me thinking all kinds of different thoughts. Popular CDN and Internet infrastructure provider Cloudflare has introduced a new "AI Labyrinth" capability that will trap AI scrapers in a maze of AI-generated content. So I guess it sits somewhere between a honeypot and a tarpit.

This is interesting both in its novel approach to scraper protection, but also for its potential consequences more generally. Like, we all knew that each future round of AI training would be made up increasingly of AI generated content and it's been an interesting thought experiment how that will play out - either detecting and removing it from their training set or just slowly having the quality of the training set tainted by "re-feed." I've been seeing "AI SEO" type buzzwords popping up where someone will claim to give chatbots a positive association with your company. And now with this new tool entering the mix I wonder how these sorts of things will impact the models over time.

3. How Software Engineers Actually Use AI

Part of my interest in AI tools, and especially chatbots and coding assistants, is that part of my job involves developer productivity type tooling for the company. So a large part of that these days is the huge amount of interest from engineers and management in these sorts of tools.

For my part, I've tried 4 different coding assistants over the past year or so as part of official evaluations or independent discovery. Some of them I have found helpful in specific circumstances, but none of them have felt like game changer productivity multipliers. Of course I've heard differently from other folks I've talked to. But it's important to actually gather data on this sort of thing rather than chasing trends and assumptions.

So stuff like this is interesting for me to read, plus the Sensible Chuckle of the AI making up data points when doing analysis.

4. Kagi Small Web

Since we're going a bit off the rails with YouTube video suggestions already, here's another link that doesn't lead to a single article to read.

Kagi is an alternative search engine that seems to be one of a few doing something more interesting than just "google or bing results but without ads." They of course do use Google indexes, but they augment those results more (or at least are more transparent about it) than other alternatives. And they offer a bunch more customization (like custom ranking modifications for domains) and privacy features. Anyway, it costs money but as someone who does Internet searches for a living and for a hobby the price is more than worth it to me.

One other project of theirs that I really like is Kagi Small Web. Essentially a new "StumbleUpon" for folks who remember that. It surfaces recent posts from personal websites, blogs, and YouTube channels. The data feeds into their search index, but they also offer this neat frontend to just randomly explore it yourself.

5. Swedish authorities seek backdoor to encrypted messaging apps

Obviously I could have chosen The Other Signal Story this week, but what else is there to say about the US Secretary of Defense discussing war(crime) plans using a civilian messaging app where he didn't notice there was a journalist in the group, as well as potentially avoiding records retention requirements. I could have chosen the Story in Response To That Other Story, where, no, Signal's encryption is perfectly safe and secure but it is still susceptible to being a moron and adding the wrong person to a chat, to moderately-sophisticated phishing attacks, and to compromised devices generally. Not to mention it is not a SCIF or other official government communication channel and so is not appropriate for discussing war(crime) plans everything else aside.

I didn't want to talk about that anymore, even though I just did anyway. So let's talk about a broader and more global conversation around governments and law enforcement globally pressuring encrypted communication platforms like Signal to create backdoors that allow law enforcement access to their users' messages.

Conversations around encryption vs privacy have been going on for as long as strong encryption has existed. Hopefully the US Government's recent forays into human trafficking and kidnapping based on political speech has helped convinced the average human that people deserve the right to privacy and to protect themselves from illegal or extrajudicial use of these backdoors. Not to mention the possibility of these forced exploits being, well, exploited by other threat actors.

With the UK also getting into this recently for encrypted iCloud accounts, maybe world governments haven't quite gotten the message yet.