@thisismissem.social
Corruptress of protocols; trust & safety tech; open-source contributor; Independent Contractor; Chronic Illness You've probably used tech I've contributed to. ๐ณ๏ธโโง๏ธ ๐ณ๏ธโ๐ ๐ฉ๐ช I'm on the Fediverse: https://hachyderm.io/@thisismissem (this account is bridged too!)
"The data labelers in Kenya described seeing footage of people naked, watching porn, and talking about crimes and protests. Faces are often blurred, the story said, but sometimes are visible, depending on the lighting."
The authorization server generally shouldn't care about from where the CIMD comes from, unless it has a security policy reason to-do so. The redirectUris shouldn't need to match the client_id domain or anything like that.
This was an adoption problem identified thanks to AT Protocol adopting early
Funnily enough, we only added in the part about Client ID Metadata Document Services because folks were like "how do I do development", when I'd always just been like "it's a JSON document on a server somewhere?"
Like, when I worked at Inrupt we stored the precursor to CIMDs on like github pages.
tbh, it'd be super awesome to use the cimd.dev domain for a CIMD Service deployment, but that domain is owned by Stytch / Twilio.. soo :/
Open to suggestions of what more permanent URL it should have?
And yes, the service can be a little slow, I need to rewrite it atop @cloudflare.social workers, but it shows the CIMD Service concept in action.
Basically I thought sqlite was a reasonable choice when really I should've used something else, such that I could scale it. Oops.
The documents stored by the service do technically expire after a week, just to keep storage manageable, but that's a little.. not well defined in the CIMD draft.
We've an open note on that iirc.
The concept is pretty simple: create a service that provisions CIMDs, for use when you can't have a publicly available CIMD on the web.
In the implementation above, the URL is actually the CBOR hash of the CIMD itself, which means I only store a given document once.
So apparently not many people know this exists, I only had a chance to build an OAuth Client ID Metadata Document Service ~4 months ago, but I actually added the concept to the CIMD internet draft in the version published 10th January 2025.
This is how I imagine CIMDs working in development.
I.. uh, I did try to think about how people would use CIMDs in development ๐
Y'all did see this right? bsky.app/profile/this...
Gosh damn, that's a spicy take, but yeah, I can see what it's getting at.
Android? (Seems fine for me on iOS)
In the app (which operating system?) or web browser?
But this is the Girli track I had in mind: youtu.be/YjweypEKeq4 (cw: sexual assault advocacy)
Well, apart from this track by Girli, but I thought it a bit awkward to share: youtu.be/M5GVDW0zj74
My therapy sessions often end up covering a bunch if that stuff, and my friends comment lots on it in a group chat (though that almost makes it worse??)
It upsets me I can't give you a Girli nor Zolita track here, they're either 2026 or 2024 lol
Roy 9 @im_roy_lee. 1d ngli was sweating for 2 mins = ChatGPT Auto > S... โข.. got a call from some tech crunch reporter asking about revenue. told them 7m arr in reality 6.3m run rate. is this securities fraud Short answer: almost certainly not. What you described does not meet the elements of securities fraud in the U.S. 1. Securities fraud requires a securities context โข 129 {7 57 O21K ill 415K Elizabeth Holmes ยฎ @ElizabethHolmes Follow I wouldn't trust Al with this one.... 21:19 โข 3/5/26 โข 37K Views 40 IT 38 956 23
Omg.
Admit it! That second one (lime green background) is you wanting Comic Sans.
Did you do papyrus too?
Is there not an SDK for your language of choice already?
atproto.com/sdks
In the package I have for doing AT Protocol OAuth with @adonisjs.com, it actually takes care of automatically using cimd-service in development environments. I need to improve that a little bit, just to make server restarts faster, but otherwise it works.
github.com/ThisIsMissEm...
The reason claude would be getting stuck on that is because, well, it's not actually a specification backed piece of the current AT Protocol OAuth spec. Everything else is backed up by specifications.
The cimd-service concept is even called out in the internet draft: www.ietf.org/archive/id/d...
cimd-service.fly.dev โ you don't need the weird loop back thing
What language / what's the problem it's encountering?
This is the thing about bathroom bans targeting trans people - assault is already a crime! Indecent exposure is already a crime! And laws that protect trans people don't suddenly make them legal
This gives away the game. These laws aren't meant to *protect* anyone. They are meant to *punish* and *hurt* and even *cause the deaths* of people they have decided to bully.
The enforcement mechanisms for these laws are more of an assault than letting trans people use the bathroom they prefer.
I was trying to use a go package for converting leaflet docs to markdown and the go module wouldn't install at all and the only way the author had of "installing" was by using nix ๐
Clearly I'm never meant to run nix:
> Warning: No available formula with the name "nix". Did you mean ni, nim, nyx, nox, zix or six?
I'm okay with this.
I think it's umm.. more productive than that.
Big announcement coming on Monday *teases y'all more*