Evelyn
@chipnick.com
👩🏾💻 Head of Platform at a startup
👵🏾 In tech since before the cloud
🏳️🌈🌌 Part of NorthSky Social
Skeeting about Platforms and Cloud stuff.
https://chipnick.com
🇩🇪🇸🇩🏳️🌈
anchr://ger.mx/A1d8oFPnDYkqdZCH1_mHnZxX5s8qizjfSIr83sCg-xTr#did:plc:lrphxvv25aibthe7xoc2eeyy
👵🏾 In tech since before the cloud
🏳️🌈🌌 Part of NorthSky Social
Skeeting about Platforms and Cloud stuff.
https://chipnick.com
🇩🇪🇸🇩🏳️🌈
anchr://ger.mx/A1d8oFPnDYkqdZCH1_mHnZxX5s8qizjfSIr83sCg-xTr#did:plc:lrphxvv25aibthe7xoc2eeyy
Honestly bonkers considering your services are turning into the backbone of non PBC development.
November 16, 2025 at 12:07 AM
Honestly bonkers considering your services are turning into the backbone of non PBC development.
Of course they’re only properly defined in the tests 🤦🏾♀️
November 15, 2025 at 11:20 PM
Of course they’re only properly defined in the tests 🤦🏾♀️
Ah yes. So the oauth specification was in the works since ~end of last year but since 2023 app passwords were the way to sign into ATproto apps without handing over your real one. Oauth is only really hitting full adoption in the last I’d say two months but still isn’t very well defined
November 15, 2025 at 11:07 PM
Ah yes. So the oauth specification was in the works since ~end of last year but since 2023 app passwords were the way to sign into ATproto apps without handing over your real one. Oauth is only really hitting full adoption in the last I’d say two months but still isn’t very well defined
App passwords provide the same permissions listed in the screenshot.
November 15, 2025 at 11:01 PM
App passwords provide the same permissions listed in the screenshot.
Going to drop this shitpost in real quick
November 15, 2025 at 10:59 PM
Going to drop this shitpost in real quick
App passwords were always a bit crap tbh as you must create each and there’s nothing preventing a user from handing their own password over. Oauth fixed that but bsky only requires a specific subset of scopes to be provided in the spec and that leaves devs uncertain so transition:generic it is
November 15, 2025 at 10:57 PM
App passwords were always a bit crap tbh as you must create each and there’s nothing preventing a user from handing their own password over. Oauth fixed that but bsky only requires a specific subset of scopes to be provided in the spec and that leaves devs uncertain so transition:generic it is
Out of curiosity, how many Pis are you up to now
November 15, 2025 at 10:44 PM
Out of curiosity, how many Pis are you up to now
I absolutely agree. @baileytownsend.dev dropped a hot take on it yesterday and I added mine that’s essentially, oauth is misleadingly secure because these scopes exists.
November 15, 2025 at 10:43 PM
I absolutely agree. @baileytownsend.dev dropped a hot take on it yesterday and I added mine that’s essentially, oauth is misleadingly secure because these scopes exists.
So this is a consequence of the oauth scope transition:generic which I believe was intended as a way for apps to switch from using app passwords which are stupid permissive but then devs use it because it’s easy ¯\_(ツ)_/¯
It’s “misleading” in that everyone was using app passwords that did this
It’s “misleading” in that everyone was using app passwords that did this
November 15, 2025 at 10:42 PM
So this is a consequence of the oauth scope transition:generic which I believe was intended as a way for apps to switch from using app passwords which are stupid permissive but then devs use it because it’s easy ¯\_(ツ)_/¯
It’s “misleading” in that everyone was using app passwords that did this
It’s “misleading” in that everyone was using app passwords that did this
Oh gosh I would love to tell you what’s been going on this past month but it’s a touch to public on this account.
There’s a reason my main catch phrase in bios is “been in tech too long”
There’s a reason my main catch phrase in bios is “been in tech too long”
November 15, 2025 at 6:59 PM
Oh gosh I would love to tell you what’s been going on this past month but it’s a touch to public on this account.
There’s a reason my main catch phrase in bios is “been in tech too long”
There’s a reason my main catch phrase in bios is “been in tech too long”
I’ve been having a wild time with this. Entire year has been a whole lot of “people want to learn from you” followed by men being upset when I teach and correct them.
November 15, 2025 at 6:02 PM
I’ve been having a wild time with this. Entire year has been a whole lot of “people want to learn from you” followed by men being upset when I teach and correct them.
The prompt was basically “give me a config example for this client” and it simply refused to even try.
November 15, 2025 at 5:31 PM
The prompt was basically “give me a config example for this client” and it simply refused to even try.
I’m sure we will meet up at @atprotocol.dev conf in march :)
I’m mostly in Europe this days jumping between Munich, Berlin, and London.
I’m mostly in Europe this days jumping between Munich, Berlin, and London.
November 15, 2025 at 1:31 PM
I’m sure we will meet up at @atprotocol.dev conf in march :)
I’m mostly in Europe this days jumping between Munich, Berlin, and London.
I’m mostly in Europe this days jumping between Munich, Berlin, and London.
How did I miss you in Berlin :((
November 15, 2025 at 1:13 PM
How did I miss you in Berlin :((
How dare they light the beacon just as I’m going to bed.
November 14, 2025 at 11:39 PM
How dare they light the beacon just as I’m going to bed.
New copypasta just dropped. Thank you Ian for blessing us.
November 14, 2025 at 9:55 PM
New copypasta just dropped. Thank you Ian for blessing us.