Bluesky has been dealing with a DDoS attack for nearly a full day(www.theverge.com)
40 pointsby dotmanish3 hours ago11 comments
  • minimaxir2 hours ago
    The prevalent discourse/attempt-at-a-meme-but-people-are-taking-it-seriously saying "Bluesky is down because of AI vibecoding!" is starting to get annoying and unoriginal.

    Even when Bluesky confirmed it's a DDoS, the line is now "maybe they wouldn't have gotten DDoSed if they didn't vibecode and their code was better."

    • cryzingeran hour ago
      A week or two ago, when there was a Bluesky outage and a Claude outage at the same time, people were earnestly pointing to that as evidence that Claude was somehow a load-bearing component of Bluesky, or that AI vibecoding had caused the outage... I had to just disengage but I was also very annoyed by it all.
  • OuterValean hour ago
    The interface seemed to function as normal, but specifically the API was targeted, which left a lot of confused users who were seeing the interface peppered with errors. Watching as it unfolded, it seems it affected certain regions to begin with and then slowly spread worldwide.

    Seems they might have failed to host the status page (https://status.bsky.app) separately as well, because that went down several times throughout the outage. They also weren't very active in updating the status page, and the notice that was there had a typo of 'reginos' and a description of 'null'.

  • userbinator2 hours ago
    What are the chances some company offers to "save" them with a security service which coincidentally will also require users to use the latest officially-sanctioned browsers, OSes, and "trusted" hardware to pass the "security check"...
    • sammy22552 hours ago
      If you're referring to Cloudflare, the "security check" is not a default setting. For some reason administrators love to use Under attack mode as a band-aid measure to reduce load on the host.
    • LoganDarkan hour ago
      At least Apple devices are actually secure and can't really be omitted from things other than gaming and business. Granted, gaming and business are pretty important.
      • hsbauauvhabzb28 minutes ago
        You mean except for that 0day exploit kit floating around on github last week right?
        • fastily10 minutes ago
          Would you happen to have a link to this? For science of course :)
      • fragmede28 minutes ago
        > At least Apple devices are actually secure

        lol

  • adrithmetiqaan hour ago
    Is this just for fun or is there some underlying purpose to those type of attack?

    Is it possible to have any certainty when answering that question?

  • aaron695an hour ago
    [dead]
  • 0xeddan hour ago
    [dead]
  • decremental2 hours ago
    [dead]
  • weird_tentacles2 hours ago
    [dead]
  • midtakean hour ago
    [flagged]
    • lpcvoid29 minutes ago
      We are taking about bluesky, not Twitter.
  • bit19932 hours ago
    A decentralized protocol by definition should not be vulnerable to DDos attacks.
    • minimaxir2 hours ago
      Bluesky isn't ATProto.
      • bit19932 hours ago
        Thank you for the clarification.
    • anon70002 hours ago
      You’re saying a mastodon instance can’t vet DDosed?
      • snailmailmanan hour ago
        The people I follow on mastodon come from a wide variety of instances. While mastodon.social is the largest instance, most of the accounts I follow are elsewhere.

        Granted, all the smaller instances are likely easier to DOS as they are small instances. But mastodon is actually decentralized. If any one instance goes down, everything else keeps working. Unlike Bluesky and ATProto which is more of a theoretical “could be” decentralized.

      • eukaraan hour ago
        Truth is if mastodon.social gets ddosd the same as Bluesky I can still use the rest of the network fine. Proof is in the pudding. tons of instances that make up the fabric of redundancy. I think most people would be served better if Bluesky acted differently early with their rollout in a sharded manner?
        • Charon77an hour ago
          True. The only 'distributed' part of bluesky is in the PR. Otherwise there'd be more instances.

          My mastodon account is not even on mastodon.social, because why would I, when I could have a home server closer to home