Blaine

pssst, we're hiring btw. check out the above announcement post for what's on the roadmap and email team@tangled.org — we'd love to hear from you.

It meant you couldn't compose systems, and we had to proxy through centralized servers for remote requests to sites that didn't implement it. CORS was invented to provide a semblance of security in a cross-domain cookie-based advertising & tracking world, even if it didn't say so on the tin.

The fact that interop depends on it, having it in the standard means that the atproto-web's default stance is just "bypass CORS, implement auth separately"

CORS literally broke app development on the web; the correct fix was always to drop cross-domain cookies entirely.

It is remarkable how long some of these cycles take. 🧘‍♂️

Not even low-key, Access-Control-Allow-Origin: '*' everywhere is one of the best things that atproto has done.

(I'm reasonably excited about this, in part because I've been waiting since shortly after it was proposed and first implemented. Here's a moan from 2010: x.com/blaine/statu...)

ted was right
(op deleted because i was missing context and was so very, very wrong)

this isn't the first time you've said that to me 😂

The Claude Ultimatum

(but also ty! 💖)

This is the second coolest thing I did last week. Maybe third. Shit is wild rn.

Hopefully the documentation is good enough to run it for yourself, but lmk if anything could be clearer! Neither I nor New_ Public intend to run a hosted version of this since it'd be a distraction from our primary work. 💜

For sure. Scopes were narrowed last night, thanks for the nudge on that. 😊

The thing I have up is really explicitly just a demo – I don't want people doing abusive stuff with it on my infra, so I've intentionally hobbled/limited that instance.

Thank you! 💜

Of course! Really appreciate your thoughts, too. 💜

That's great insight - it sounds like a little app you could run on your computer or phone that would post at a given time would be genuinely useful for your use case? 👀💡

(with the knowledge that this is all just living in hell and everything is this terrible enshittified capitalist hellscape. I do feel hopeful that atproto and things like alf could be the start of a way out, for some limited scope!)

I'm definitely not sure what the right answer is, I guess this is all just to say that I do feel like the visual gag / "logo" communicates something that text alone wouldn't, and LLMs/LDMs feel empowering to folks like me who aren't visual artists?

Where I think it does/can serve a purpose is #2 - basically, the same function as meme images. No-one would call memes "ar....... skibidi warhol has violently entered the chat

Honestly, mostly for the pun. 🙈

There's a much bigger discussion/thought around "what is art" that I can't possibly hope to do justice to here, but my answer today is that art is any combination of:

1. Making.
2. Communicating.
3. Learning.

For me, visual ai slop usually isn't about #1 or #3.

Honestly, I needed a name for it on Monday, did some unsatisfying "sci-fi time-loop names" brainstorming and Alf came up (sadly, Alf never time traveled!). I was shocked to discover that no-one had used "alf" for an atproto project yet! ⛳🏌️‍♀️

In terms of the development process, we've written a guide to contributions: tangled.org/newpublic.or...

As it is, it serves our needs, so we don't expect to spend a lot of time working on this going forward. We do actively encourage forks or re-implementations of the idea, though!

In terms of core draft/scheduling functionality, currently the server only supports "one-record-at-a-time" publishing, so extending it to support applyWrites would be useful?

Maybe instead of a date, the "schedule" could be a webhook, to deliver a pre-written message based on some external state.

(for some reason the thread is broken, but I presume this is post you're replying to? bsky.app/profile/blai...)

I honestly don't know what people want to be able to do beyond the basics! I could imagine having a custom composer, or composers for different lexicon types, etc.

Config should be trivial, lmk if it's at all difficult to set up!

I agree, I don't want enshittified SaaS products with access to my account, for what should be basic functionality. I'm excited by the idea that we can build _custom_ basic functionality, and credibly own & operate it. 💖

@thebrewergame.com I actually hadn't seen the full scrollback/context on this thread.

You can 100% run this on your own – no external inbound access is necessary, so running it on a home server is fine, or a lightweight fly.io machine or similar would also work.

oh, totally. That was not a feature request, to be clear. 😅

I was chatting to @knowtheory.net the other day and we both had a moment of 🤯 when we realized you could have tight perms not just on past-content but also future-content.

YouTube video by IPFS The Name Name Service - Blaine Cook

Oh heck yes. 😍

So many thoughts, but I'm heading out for the day. In the meantime, here's a talk I gave a few years ago on roughly this subject...

www.youtube.com/watch?v=CHiC...

(My assumption is that at this point, without a trusted artist, fiverr etc are "genAI, possibly with some cleanup, to a non-artist for $$", but maybe I'm wrong?)

Open-sourcing this was an after-hours project, and any budget for paying someone would be out-of-pocket. The bigger challenge is the commissioning pipeline, timelines, etc!

Maybe that's actually fast to do, would love to know what options there are for ethical commissioning.

It is generated, and I hear you.

I'd absolutely be open to paying someone to do a proper logo (I have zero artistic talent 😅), but my priority was to get this published as a way of saying "this is possible, [here's proof]."

Good call on the demo. I'll restrict the scope to repo:*?action=create and blob:*/*.

My ideal, though, is a (currently imaginary) PLA OAuth scope that could allow posting only a set of records/blobs with specified CIDs. Authz would happen at the time of pressing "schedule" / cc @bnewbold.net.