banner
LightNews
ngerakines.me
Nick Gerakines
@ngerakines.me
6.5K followers 380 following 3K posts
he/him; Protocols, platforms, and machine learning; worker at GitHub; Check out @smokesignal.events @atwork.place Profile: myself with a thick mustache, septum ring, and hat
Posts Media Videos Starter Packs
ngerakines.me
Nick Gerakines @ngerakines.me · 8m
“lowest-common denominator protocol development” oof

Happens everywhere too. This is why I refused to use the pin emoji bookmark tooling.
thisismissem.social
Emelia @thisismissem.social · 39m
So a funny thing people in the ActivityPub world love to hate on is AT Protocol's lexicons, claiming they make interoperability between different software harder.

Meanwhile a new TikTok like platform just joined the Fediverse. Guess what object type they use for federation! Is it going to be Video?
1 4
ngerakines.me
Nick Gerakines @ngerakines.me · 30m
Just to be clear, every record you create in your repository is “signed” with the atproto key listed in your DID document. The process for endorsements and endorsement proofs isn’t adding additional signing above and beyond that.
ngerakines.me
Nick Gerakines @ngerakines.me · 8h
Tron: Ares 5/10 better than expected
4
ngerakines.me
Nick Gerakines @ngerakines.me · 12h
Very cool. I’d love to expand on that and add support to github.com/graze-social...
GitHub - graze-social/aip: ATmosphere Authentication, Identity, and Permission Proxy
ATmosphere Authentication, Identity, and Permission Proxy - graze-social/aip
github.com
1 2
ngerakines.me
Nick Gerakines @ngerakines.me · 13h
👋
Reposted by Nick Gerakines
graze.social
Graze Social @graze.social · 18h
ATProto is a team sport - we build better together. That's why, effective today, we're opening up access to the enriched archive we use to power Graze, so anyone can build great services on top of ATProto without reinventing the wheel. Read more in the @leaflet.pub post below for details!
Announcing the Graze Archives
A brief tour of the S3 requestor-pays archives of the Graze turbostream and freshly-announced megastream
graze.leaflet.pub
8 34 150
ngerakines.me
Nick Gerakines @ngerakines.me · 19h
That's a different and unrelated problem for what this proposal and implementation does.
1 1
ngerakines.me
Nick Gerakines @ngerakines.me · 19h
I was going to wait to publish this tomorrow, but here's a more technical deep-dive into what the records and process looks like.
Unforgeable Endorsements Technical Deep-Dive - Nick's Blog
Deep technical implementation of the unforgeable endorsement system. Covers step-by-step CID computation, complete code for the endorsement workflow, validation algorithms, firehose event processing, ...
ngerakines.leaflet.pub
1 4
ngerakines.me
Nick Gerakines @ngerakines.me · 19h
For an endorsement, perhaps, but this is a general pattern that could apply to a lot of things.

Proof of payment?
Waitlist for a table?
Entitlement to a media resource?
Contract obligation?

Lots of use cases where both parties want to be able to pull the ripcord.
1
ngerakines.me
Nick Gerakines @ngerakines.me · 19h
I think this is a gap in the atprotocol ecosystem. A while ago I created a record-escrow service to support this idea that one AppView or thing may produce a record for an identity to "claim" or pick-up and have inserted into their PDS after review.
@smokesignal.events/gnosco
Gnosco is a Rust-based escrow and badging application that integrates with the AT Protocol ecosystem..
tangled.org
2
ngerakines.me
Nick Gerakines @ngerakines.me · 19h
As in how would @atwork.place determine if two identities are valid apart from resolving handles to identities and ensuring everything validates?
1
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
Thanks! I think there is so much potential for applications to fully embrace transparent data and trust networks like this. I’d love to talk to them about what’s possible.
2
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
This pattern generalizes beyond endorsements. Any scenario requiring mutual agreement (collaborations, peer reviews, verified relationships, etc.) can use the same two-record architecture to create verifiable trust networks.
2 7
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
The consent requirement also provides protection. You can’t be endorsed for something you disagree with. You can’t have fake endorsements attached to your reputation. You have complete control over what attestations become part of your public profile.
1 3
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
Because attestations live on Personal Data Servers, not platform databases, your trust network is portable. Switch PDS providers, change apps, your verified endorsements and trust relationships move with you. The network follows your identity.
1 3
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
This bidirectional consent creates stronger trust signals. When you see a verified endorsement, you know both parties agreed to that specific content. Not just that Alice clicked something, but that Bob reviewed and explicitly accepted it.
1 2
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
Our system requires active, cryptographic consent from both parties. Alice publishes a proof committing to specific endorsement text. Bob reviews it and decides: accept (publish matching proof) or reject (nothing becomes public). No passive acceptance.
1 4
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
Traditional endorsement systems are one-sided. Alice endorses Bob by clicking a button. Bob never explicitly consents to the endorsement or its content. He might not even know it exists. This creates weak, unverified trust signals.
1 4
ngerakines.me
Nick Gerakines @ngerakines.me · 23h
Built cryptographically-verified endorsements for at://work. The core innovation isn’t just cryptography, it’s the consent model. Both parties must explicitly agree to create a verified attestation. This changes how trust networks form. @atwork.place #ATProtocol
Building Unforgeable Professional Endorsements with ATProtocol - Nick's Blog
Traditional professional endorsements on platforms like LinkedIn lack cryptographic proof—anyone could forge them, and the platform controls the truth. This article introduces a two-record architectur...
ngerakines.leaflet.pub
8 13 77
Reposted by Nick Gerakines
atwork.place
at://work @atwork.place · 1d
Professional recommendations have a trust problem. Anyone can write a glowing review and claim someone else said it. How do you know it's real? We built endorsements on at://work using ATProtocol's cryptographic infrastructure.
2 7 41
ngerakines.me
Nick Gerakines @ngerakines.me · 1d
I don't :\

The atwork.place/mcp remote MCP is an authenticated MCP for the XRPC endpoints it provides:

* atwork.place/help/mcp
* atwork.place/help/xrpc-api

For MCP OAuth I'm using AIP and it works out of the box: github.com/graze-social...
GitHub - graze-social/aip: ATmosphere Authentication, Identity, and Permission Proxy
ATmosphere Authentication, Identity, and Permission Proxy - graze-social/aip
github.com
4
ngerakines.me
Nick Gerakines @ngerakines.me · 1d
Ohio, USA
1
ngerakines.me
Nick Gerakines @ngerakines.me · 1d
👋 What are you basing site blocking on? I can't use your app currently.
1
ngerakines.me
Nick Gerakines @ngerakines.me · 1d
I guess I don't see a big difference between AP's HTTP Signature Specification and ATProtocol's inter-service JWT. The end result of both is a header that contains a proof of identity using a key from identity source document material.
1 2
ngerakines.me
Nick Gerakines @ngerakines.me · 1d
I mean, unless you're talking about pub/sub, the PDS is going to put it somewhere. In this hypothetical, that somewhere could be a namespace for "received records".
1 2