a lot of technical folks who should know better seem to have decided that post-mortems are no longer blameless if you use AI 😕

responding ”vibe code?” to every outage like women named carol respond “vaxx?” to every celebrity death

literally as in, censored = no curse 🤪

it's literally not

Everything is bad now because kids get their taste in music from algorithms instead of from trying to impress the older girl you know who looks like the Bombchu Bowling Alley Operator

somehow that simultaneously makes sense and is insane

used it this year for the first time, went perfectly smoothly, no complaints at all

or more generally if all parties have a weak mental model of the topic. i think "i'm feeling lucky" is a good metaphor because i feel like "if you're pasting the answer then just give me the prompt" is the 2020s version of "if you're pasting the first link then just give me the search query"

everything old is new again

my very rough rubric for when to send AI-generated text is "would it also be appropriate here to paste the first stack overflow answer i find?"

This is the logo you all have to use btw

the firehose if everyone was just DMing you

fixed this + the ill-advised config reading from client-metadata.json.

thank you for all the feedback and suggestions! i really appreciate it

fixed some bugs, added support for PDSes that are not also auth servers, added support for multiple sessions per PDS, removed the function for reading config from client-metadata.json

you should still probably use atcute for ~serious~ apps but this works if you want to live life on the edge with me

is that actually worse in practice though? as they note, service workers don't have access to any sort of isolated storage. so in theory any malicious code that could unregister a service worker would also be able to simply wait for a "real" auth and *then* exfiltrate any tokens

Can This Chaotic Brooklyn Plaza Be Car-Free? Mamdani Says Yes.

let's goooooo

reminder: the biggest atmosphere app in existence (bluesky) does not even have OAuth yet and has total access to your account

scopes will come to @anisota.net, but it’s gonna take a bit longer & the lack of scopes is not due to forgetfulness or low quality… scopes didn’t exist when i made anisota

though fwiw i think the more interesting thing with the service worker (which should work with basically any auth method) is using it to handle the session once the client already has it, so the developer can just make plain fetch calls rather than using some sort of API client wrapper

not at all familiar with OIDC so this might make no sense but the service worker could handle the navigation back to the client app no? that's what i'm doing here

50 Cent - Heat (Official Music Video) YouTube video by 50CentVEVO

not sure if i entirely forgot this music video or just never saw it in the first place but it's so good

A screenshot of MDN showing that Federated Credential Management (FedCM) API is not Baseline because it only works in Chrome and Edge, not Firefox and Safari

and also on the browser side 😬

ah good catch thank you!

i think that's what chris is asking — listSessions a library function that just lists all sessions stored in the local indexeddb tangled.org/jakelazaroff...

do you know which request is failing? i tried with multiple accounts in safari, firefox and chrome against different PDS hosts and i couldn't reproduce a DPoP nonce retry failure 😕

"Jews promote race-mixing among everyone else, to undermine the white race, while protecting their own racial purity" is a quite longtime fascist view about the Jews. It's literally part of Nazi ideology.

oh weird i have not run into that! will check it out in a bit, thank you for the heads up

oh yeah i remember seeing that! man we are definitely collectively sleeping on service workers

re: atproto oauth
we should be able to review active permission grants and revoke them. i feel like that's a pretty sane feature and obviously the UI is there but...

americans trying to explain mobile web navigation: imagine a hamburger

this was really just supposed to be a small yak shave to avoid pulling in all of the atcute browser client for a small project 😅 but maybe i should rename this to something about oauth specifically and reserve atsw as a name for a larger atproto service worker toolkit