Justin Case's Avatar

Justin Case

@thieflord.dev

Music is my inspiration | 1906 πŸ€™πŸΏ| Software Engineer in training, aspiring lawyer Owner & Creator of @clearsky.app To support me, contact me, and more: https://linktr.ee/thieflord

7,382
Followers 762
Following 2,848
Posts 24.04.2023
Joined
Posts Following

Latest posts by Justin Case @thieflord.dev

Thanks for the tag, we'll work on this.

16.02.2026 05:23 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Here is the #TennisSky feed

bsky.app/profile/did:...

23.01.2026 20:35 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

That's fair, but we wanted to keep the price point low for barrier of entry.

There are additional tiers that people can donate more than $5.

08.01.2026 01:13 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

We are actively working to bring down current costs and optimize infrastructure.

We appreciate the feedback, assistance, and support.

#Clearsky

07.01.2026 21:40 πŸ‘ 25 πŸ” 6 πŸ’¬ 0 πŸ“Œ 1

We get $.61 for every $1 donated so we are only asking for $3k. Our DB is the bulk of the costs, ~$2k and ~5TB of data. It is a managed instance.

We have been transparent and haven't done anything shady so it's strange for people to assume that's what's going on initially.

07.01.2026 20:30 πŸ‘ 7 πŸ” 1 πŸ’¬ 4 πŸ“Œ 0

I'm open to suggestions on how to make things more efficient.

07.01.2026 18:32 πŸ‘ 4 πŸ” 0 πŸ’¬ 4 πŸ“Œ 0

We aren't paying salaries.

07.01.2026 17:26 πŸ‘ 2 πŸ” 0 πŸ’¬ 2 πŸ“Œ 1

You know we don't get exactly $1 from the donation, right? The costs isn't $5000/mo.

07.01.2026 17:26 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I'm currently watching a Roblox funeral and I am weak πŸ˜‚

31.12.2025 22:47 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

All high roads have been taken, it's a traffic jam up there.

27.11.2025 06:13 πŸ‘ 8 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

And the only consequence is the user decides not to log in. The security of the implementation is sound.

18.11.2025 17:42 πŸ‘ 3 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

We've already dropped down in permissions. This is a none issue now.

18.11.2025 17:42 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

This is a clash of the "privacy" userbase and "data transparency" userbase.

Sit back and get some popcorn.

18.11.2025 00:29 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Initially, people begged for these features to be behind a login.

17.11.2025 23:46 πŸ‘ 3 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

It won't send the sensitive authorization code to an unapproved location. Additionally, all of our communication uses HTTPS, and Bluesky's OAuth implementation enforces the use of the state parameter and PKCE (Proof Key for Code Exchange) to prevent code interception and session hijacking.

17.11.2025 22:20 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

​If an attacker tried to swap the link, Bluesky's server would reject the request or refuse to redirect the user to the malicious URL. even if a malicious link were somehow injected onto our site, the Bluesky server controls the redirection.

17.11.2025 22:20 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

​We mitigate this using strict redirect URI validation, we have pre-registered a specific, exact URL with Bluesky (the Authorization Server).

When you start the login, we tell Bluesky: "After the user authorizes access, only send them back to this exact, pre-registered address."

17.11.2025 22:20 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Explain how.

17.11.2025 21:48 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I am disappointed but not surprised. We are working to bring services to the community so that you are informed about your data. We appreciate all the support people have given and we are learning from the criticism.

17.11.2025 20:04 πŸ‘ 37 πŸ” 4 πŸ’¬ 1 πŸ“Œ 0

A looottttaaaa people in replies complaining and being down right nasty about a free service that someone has dedicated a ton of their time to simply to help you have more transparency about your account, which they absolutely did not have to do! Y’all have an astonishing sense of entitlement!

17.11.2025 19:10 πŸ‘ 161 πŸ” 30 πŸ’¬ 6 πŸ“Œ 2

Lol

17.11.2025 19:57 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

There is a difference between something being ready and you being upset that those are the permissions. The implementation is ready and working.

17.11.2025 19:51 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Literacy is dead because why would you used quotes for something you weren't quoting what someone said verbatim. We asked you we error were you seeing and you didn't reply.

17.11.2025 19:50 πŸ‘ 2 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

It is ready. The current OAuth implementation is secure, that's what we've been explaining. And we also have updated the permissions that are being asked when you log in.

17.11.2025 19:38 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I appreciate your kind words and sticking your neck out for me 🫢🏿

17.11.2025 19:22 πŸ‘ 16 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

The larger non specialized/technical user base is already using OAuth. It’s your early/technical adopters that you are experiencing friction with.

I really disagree with the framing of this as a problem with OAuth and not app passwords

17.11.2025 17:10 πŸ‘ 9 πŸ” 2 πŸ’¬ 1 πŸ“Œ 1

I tried to use just "atproto" and I just tried again and I get this error: "The remote endpoint returned an error: Scope "transition:generic" is not declared in the client metadata"

17.11.2025 17:39 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I tried to use just "atproto" and I just tried again and I get this error: "The remote endpoint returned an error: Scope "transition:generic" is not declared in the client metadata"

17.11.2025 17:38 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Thanks for the advice.

17.11.2025 17:15 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

That is the only permission set available, which is stated in the thread. We understand if you want to wait until Bluesky is done with adding the smaller permission scopes. We plan to drop down to the least permissions as soon as they are available.

17.11.2025 17:00 πŸ‘ 2 πŸ” 0 πŸ’¬ 3 πŸ“Œ 0