Occasionally, I like to have a look through our archived blogs. Sometimes, it turns out to be an exercise in seeing just how far our position on an issue has evolved and altered. At other times, it’s finding that there are some aspects of what we do and how we see situations that have always remained pretty constant. One thing we have always been absolutely consistent about is the need to build/re-build a sense of solidarity at the grassroots in our communities. This goes right back to our days in the Independent Working Class Association. When I was looking through the long ago archived archived South Essex Heckler, I found the piece below which although it was written seven years ago, still holds true in my opinion. I’m reproducing the piece from the Heckler below exactly as it was first published so, all of the references will concern projects we were supporting when we were living back in Essex:

Rebuilding solidarity at the grassroots… June 25, 2019

Where we are

We’ve had over ten years of austerity and it’s leaving our class in an increasingly precarious state. A brutal benefits regime is pushing more people into desperate poverty, homelessness, a greater likelihood of premature death and towards suicide. Even at the surface level, it’s impossible to escape the neglect and physical decay that’s blighting more and more of our neighbourhoods. As housing tenure becomes ever more precarious, the sense of community solidarity that could play a role in pulling people back from the brink is fracturing and dying.

So long as the authorities can keep the lid on the situation in the neighbourhoods where austerity has hit the hardest, they’ve no problem with the fracturing of community solidarity. The truth is, they actively pursue the project of undermining our solidarity by dividing us into the ‘hard-working and deserving’ and the ‘work shy, feckless and undeserving’. When you challenge this by showing the number of in work households who are in receipt of benefits, they’ll imply that the working poor need to be striving harder. All of this is exacerbated by the other games of divide and rule as the so called ‘indigenous’ working class is pitted against allegedly ‘job stealing’ migrants. Further exacerbation comes with the denigration of anyone who steps out of the bounds of an increasingly resurgent traditional ‘conventionality’ and tries to live some kind of alternative lifestyle.

It only takes a loss of employment and income to propel someone from being ‘hard-working’ to being ‘idle’, ‘a burden’ and on benefits. Also, unless someone is in the top quarter of the social pecking order, not only are they at risk of immiseration in an increasingly precarious world, regardless of who they, crumbling public services and infrastructure will be impacting on their lives. In terms of what we have to put up with, there’s more that should be uniting us than dividing us. Despite what the powers that be who want us divided and at each others throats may wish for, the blunt truth is that a lot of us are in this together.

Start at the grassroots

So, how can we start to re-build the sense of solidarity we need to fight back against this and eventually, build the better world that we deserve? Start small and start right at the grassroots where you live. A simple act of solidarity is looking out for the neighbours on either side of you and for them to do the same. Even if it’s a house of multiple occupation, quite often, it’s possible to strike up a rapport. We’ve seen this happen with a member of the Vange Hill Community Group reaching out to and forming a working relationship with EU migrants in a house of multiple occupation in their close.

In order to get people to know each other a bit better, canvass opinion and organise a practical activity such as a community clean up. Not only will you see a physical difference after a few hours graft, for a lot of people, doing something collectively with their neighbours will be an empowering experience. Even if it’s just a close or a small street, it’s a start and if people on other parts of the estate see what’s been achieved, hopefully they’ll be inspired to do the same.

One step up from a clean up is starting a community garden if you can find a suitable location. That can be anything from putting in a few flower beds to brighten up an otherwise dreary close to starting to grow your own vegetables and fruit – or doing both if you feel ambitious enough and can get enough people involved. As to whether you want to ask the council for permission first, it’s entirely down to you. If your council has a record of being uncooperative when dealing with tenants and residents on your estate, just go ahead and do it anyway. Given how stretched councils are, providing you’re sensible, they’ll most likely leave you alone. If they do decide to get stroppy, mounting a campaign to save your garden will bring people together and should you win, will give morale in your part of the estate a significant boost.

Organising regular cleaning, doing whatever maintenance you feel you can take on and running a community garden will bring people together. Also, picking up the skills needed to this this acts as a boost to people’s confidence and self esteem. Not everyone will be able to make an equal contribution because of time pressure or disability – accept that any contribution is valid and ensure support from those who can’t take part is valued. Once a level of cohesion has been built up, work out ways of making sure that vulnerable people in your community are being checked up and their needs are being met.

On isolated estates, food poverty can be an issue due to the lack of shops selling decent quality, affordable food and poor public transport to shopping areas where a wider range of food is available. As well as running a community vegetable and fruit garden, you could start to think about an estate run food bank or food buying group. Obviously, this takes more effort and there’s a learning curve involved but if you put the effort in, you’ve achieved a vital objective – getting more control over your food supply.

Use what’s there to help boost community solidarity and morale and also to ensure the needs of the more vulnerable people in your neighbourhood are being met. As anarchists, we’re supposed to reject the church. Well, when a church such as Trinity Methodist Church in Vange has a community cafe for use by the whole neighbourhood, contribute to food banks, offer support to disabled people, run toddler groups, offer youth activities to all young people in the community to name just a few, it would be churlish in the extreme to not accept the help and support they can offer. Essentially, a lot of what they do is not dissimilar to what some more grounded, neighbourhood anarchist groups abroad who’ve got their act together undertake!

We are where we are so the priority has to be re-building community solidarity in whatever ways that work. On top of this, empowering people who want to make life in their neighbourhoods better is an essential task. As we’ve seen from what’s happened with the community run Hardie Park in Stanford-le-Hope, the transformation in the lives of those involved plus the boost to morale in the town proves the worth of sticking at this. Small victories can steadily lead to a growing sense of confidence and collective strength that will give people a growing degree of independence from local and national governance that’s increasingly failing them.

None of this is going to be plain sailing and one of the more difficult parts will be dealing with the anti-social element in a neighbourhood. In an ideal world, those chaotic households where there’s a risk of members falling into anti-social behaviour or crime would be getting helped by the surrounding community. We want to get to the point where that can happen and there’s less need for outside intervention. In the interim, once a degree of community solidarity starts to emerge, the people best placed to decide how to deal with anti-social behaviour are those living in the neighbourhood. They’ll have the knowledge of the perpetrators and a shrewd idea of the risks involved – that will go a long way to enable them to devise a strategy to deal with the situation.

Conclusion

We keep returning to this theme in various forms. We make no apology for this because if we can’t build and nurture a sense of community and solidarity, any other change is pretty much off the agenda. A lot of what has been written above comes from our days in the Independent Working Class Association and then our more recent experiences working with Basildon & Southend Housing Action, Brooke House Residents, Vange Hill Community Group and Friends of Hardie Park.

We don’t pretend to know it all because we don’t and are honest enough to admit that what we do is a constant learning curve. We recognise that some of the more purist anarchists may find that our approach has too many ‘compromises’. The point is not to just theorise and understand the world but to change it. We’re doing what we can with limited resources working with our class at the grassroots, getting our hands dirty (literally sometimes!) to try and make a difference. We hope people can respect that and offer solidarity when we need it…

I think, after all those gods and stuff, the core of Mahikari is attaching spirits, or spirit disturbance. They account for nearly everything you experience in your life. Heaven forbid that there are regular, you know, sciencey or logical reasons for anything.

Photo by Photos_frompasttofuture on Unsplash

Let’s start with what Mahikari says about attaching spirits in Primary Kenshu:

This phenomenon of a spirit attaching [to your body] is called the phenomena of attaching spirits. The person who is attached by a spirit will come to develop similar conditions as the spirit.

For instance, if a person is attached by a spirit who died of tuberculosis … the person will develop tuberculosis, and if a spirit died of asthma attaches to a person, within about a week or so the person will develop asthma. [pg 18]

---

From the various actual examples I have just given, no doubt you understand by now that whether it is sickness, crime or other unhappy phenomena, we can quite clearly state that 80% is caused by spirit disturbance.

No doubt you will experience this from now on. If there are a 100 people, even at a conservative estimate 80 will be receiving some sort of spirit disturbance.

In modern medicine, however, there is no spiritual research done. Without solving problems to do with attaching spiritis, such as people dying due to warnings from their ancestors, no matter how people look for happiness, it is impossible.

Here lies a basic mistake in today’s modern medicine. If mankind is really to look for happiness, it is first necessary to become awakened to spirituality and discover the way to solve spirit disturbance. So Sukuinushisama [the founder dude, Okada] often appealed to us that it is essential to awaken to the world of spirit, starting with those who have the attitude to do so, and strive to awaken all humankind to this. [pp 29–30]

So here’s how it goes down. Someone dies – happens to the best of us. Maybe they have a grudge against you (you know, from that time when you …). Maybe they have resentment against your grandfather (it’s OK, we all know he was a bit of a dick). Maybe they are in love with you (naaaaw). Maybe they’re lonely. Maybe they’re out for revenge. Maybe they’re a sneaky fox, raccoon or snake (like, the animals, for reals). Whatever, it typically comes down to your karma, or your family’s sins and impurities.

But – instead of toddling off to the astral world to do their training after death, as they should, they decide to hang around. And they do that by attaching to your spiritual body. Like a remora. Only with more spirit stuff, and less fish.

Photo by The New York Public Library on Unsplash

And when a spirit attaches to you, you get whatever ailment or psychological problem they have. So if they died from heart disease, you’ll get heart disease too.

So Mahikari logic says that if you solve the spirit disturbance, you’ll be healed too. Heal and counsel the spirit so it’s no longer angry or out to get you, or in love with you, or whatevs, then it will release you and go back to the astral world, where it belongs. And all the problems it was causing for you will stop. Simples.

How do you solve spirit disturbance, you ask? Good question!

Well.

What do you know. It mainly involves doing a lot of divine service (unpaid labour!) for the group. ‘Saving others’. This raises your spiritual level, and improves the situation for the attaching spirit.

And sometimes you can have spirit investigations if things are really getting out of hand. This is when one of the doshis (priests) or kanbu (senior staff) gives you Light to the soul spirit (forehead) and talks directly to the attaching spirit during the session. So you have your eyes closed, and they are chatting away to the spirit. They ask it questions like what is it, where did it come from, does it have resentment or love or anger etc towards you, and which part of the body is it attached to.

Sometimes the spirit will make you move, like rocking back and forth, or shaking your head. And they can speak. People report they can suddenly speak another language like Japanese (a popular option) even though they don’t know Japanese! Because the attaching spirit is Japanese (again, a popular option), and is speaking in its own language. I call fucking bullshit. I experienced this, many times, and one time had a Japanese warrior ‘attached to me’. Yes, I spoke Japanese to my inquisitor (who it must be said was speaking English) and all I said was the basic Japanese words I already knew like ‘Yes’ and ‘No’.

At least they are trying to understand and counsel the spirit, to help it give up emotional and physical attachment to you. They aren’t about banishing it. So that’s nice.

In Primary Kenshu they go through a list of all the different types of diseases, and what causes them. Yes! It’s mostly attaching spirits! Surprise! And the rest is caused by toxins. They love toxins. Just a reminder, all medicine is toxins.

The following is typical advice about whatever ailment you care to name:

Women’s Problems:

As for Okiyome, give Okiyome thoroughly on the back and front of the uterus. Also, such things as anteflexion of the uterus, miscarriage, stillbirth, uterine cancer and so on are mostly caused by an attaching spirit with resentment concerning a man-woman relationship. Such resentment from a man-woman relationship may, for example, be if grandfather had had a mistress but left her to die in misery. If things like that happened such spirits become resentful and attach to people. There are many cases where it is due to something that happened with the ancestors about 3-5 generations or so ago. Or it may have something to do with the husband or the wife at the present time.

In such cases, it's necessary to reflect on one's life, and if there's anything that indicates such mistakes, it’s first necessary to apologise saying, 'I won't do anything like that anymore, please forgive me', and receive Okiyome. Otherwise it won't do any good.

Whether it's something to do with the ancestors or oneself, it's important actively to save people to erase such sins. As you save others, your own impurities will be erased and you'll be saved. – Primary Kenshu, pg 117

You might notice the big focus on saving others. Big focus. That means hunting for new members. Constantly. So, to solve the problems that the cult ascribes to attaching spirits, you need to do masses of divine service, and try to get others to join. Convenient (for them).

Also. Attaching spirits can also cause traffic accidents, and interfere with your divine service! No, it’s not your bad driving or your gut telling you you’re in a cult. It’s spirits. The subject for further blog posts. Stay tuned, and til then, be kind to your attaching spirits!

#kenshu #spirits #karma #illness #medicine #health

I found out that G was organizing another girls trip. J told me, And even offered to ask her directly about inviting me. G said that this was just going to be a girls trip. It hurts because there was a trip earlier and G said that next time she would absolutely invite me, and it kind of feels like I’m getting my hopes crushed after getting them raised. I know that there may be valid reasons for it, but it very much hurts in the same way that my childhood did when I would get excluded from things with friends because they were girls and I was not. And it feels like it’s the same thing happening again.

S: G is planning another trip, and explicitly did not invite me because it is going to be a girls trip.

T: it sucks because I don’t see why I couldn’t be invited, and additionally G said that next time she would invite me.

F: I feel like I’m being excluded, and it’s because of my gender. I feel like the friends I consider close are not actually that close to me.

B: I feel like shit, and I pull away from my friendships.

T: This might just be a girls trip in the sense of an existing friend group, and G does enjoy interacting with me and would want to go on a trip, but they already have their established friend group.

F: honestly it still hurts a lot. But I think it hurts a little bit less so. I can talk with my therapist and try to figure out how to not have this bitterness.

B: I talked with my therapist and I don’t punish friendships for this.

There is a particular kind of powerlessness that belongs only to the acute psychiatric ward. You may have arrived in the back of a police car. You may not be entirely sure where you are, or why, or for how long. The door is locked from a side that is not yours. The people who decide whether you eat, sleep, leave, or are held down and injected are strangers in lanyards, and the version of events that ends up in your file is theirs, not yours. Now imagine that somewhere in that file, beneath the clinical notes and the medication chart, a statistical model has quietly run the numbers on you and produced a score. The score says you are likely to become violent. You will never see it. You will probably never be told it exists. But it may shape, in ways no one will ever fully reconstruct, whether the next few days of your life involve a conversation or a set of restraints.

This is no longer a thought experiment. In March 2026, a team led by researchers at the Centre for Addiction and Mental Health (CAMH) in Toronto published a study in the journal npj Mental Health Research that did something the field had largely avoided doing: it took a machine learning model of the kind increasingly proposed for psychiatric wards, trained it on real hospital data, and then asked not whether it worked, but who it worked against. The answer, reported in April 2026 by outlets including News-Medical and MSN, was uncomfortable in a way that should travel far beyond Toronto. The model systematically overestimated the risk of aggression for Black, Middle Eastern, and Indigenous patients relative to white patients with comparable clinical pictures. It was, in the most literal sense, more suspicious of some people than of others, and its suspicion fell along the oldest fault lines in medicine.

The Machine That Watches the Ward

To understand why this matters, you first have to understand what these systems are and what they are being asked to do. Predicting aggression in acute psychiatric care is one of the oldest and most fraught tasks in the speciality. Clinicians have always had to make a guess, often within minutes of meeting someone, about whether a patient poses a danger to themselves or others. Get it wrong in one direction and someone is hurt. Get it wrong in the other and you have subjected a frightened, unwell person to force they did not need. For decades that guess relied on structured checklists and clinical instinct. The promise of machine learning is that a model trained on tens of thousands of past cases might do better, spotting patterns a human under pressure would miss.

The CAMH study made the mechanics concrete. The researchers, with Yifan Wang as lead author alongside senior scientists including Laura Sikstrom and Marta Maslej, trained a model on structured electronic health records from 17,703 unique patients across ten inpatient units at the hospital, covering 42,719 observation days between January 2016 and May 2022. The model itself was a random forest, an ensemble of decision trees, and on conventional measures it performed respectably, returning an area under the receiver operating characteristic curve of around 0.81. By the usual yardstick of predictive accuracy, in other words, it was the sort of result that gets a tool greenlit for a pilot.

That is precisely the problem. A model can hit its accuracy target overall while distributing its errors with grotesque unevenness. The CAMH team did not stop at the headline number. They broke the model's mistakes down by race and ethnicity, by gender, by housing status, by whether the patient had been brought in by police, and by the intersections between those categories. What they were measuring, in the language of algorithmic fairness, was the false positive rate: the proportion of people who were flagged as likely to become aggressive but who did not. A false positive is not an abstraction here. It is a person marked as a threat who was never going to be one.

The disparities were stark and they were patterned. The model's false positive rate sat at roughly 0.040 for white patients and 0.032 for Asian patients. For Indigenous patients it rose to 0.055, for Black patients to 0.069, and for Middle Eastern patients to 0.080, the highest of any group. Read those numbers slowly. A Middle Eastern patient was being wrongly flagged as a future aggressor at roughly twice the rate of a white patient with no greater propensity for violence. Layer gender on top and it sharpened further: Middle Eastern men carried a false positive rate of around 0.093. The single largest driver the researchers found was not skin colour in isolation but admission mode. Patients brought to hospital by police had a false positive rate of about 0.094, far above any other group, and unstable or absent housing pushed the figure to roughly 0.083. The model had, in effect, learned to treat contact with the criminal justice system and poverty as proxies for danger, and those proxies map onto race because the society that generated the data made them map that way.

Garbage In, Prejudice Out

The instinct of the technically minded is to reach for a fix. If the model is biased, debias the model. Reweight the data, add fairness constraints, strip out the offending variables. But the CAMH findings, and a companion paper published months earlier, point at something the engineering instinct struggles to grasp: the bias is not a bug in the algorithm. It is a faithful transcription of the world.

Consider where the training data comes from. An aggression label in a psychiatric record is not a measurement in the way a blood pressure reading is. It is a human judgement, recorded by a clinician, about whether a patient was threatening, agitated, or violent. That judgement is made by people working in a system with a long and documented history of perceiving danger differently depending on who is in front of them. When the model learns to predict aggression, it is not learning to predict an objective event in the world. It is learning to predict who a hospital's staff, over six years, decided to write up as aggressive. If those decisions were skewed, the model inherits the skew and launders it through the authority of mathematics.

That history is not subtle, and it is not ancient. In 1851 the American physician Samuel Cartwright coined the term drapetomania, a supposed mental illness whose symptom was the desire of enslaved people to escape captivity. It was pseudoscience in service of subjugation, and it established a template that has proven remarkably durable: the pathologising of Black resistance as madness. A century later, during the civil rights era, the diagnosis of schizophrenia in American psychiatry shifted in its public face from an affliction associated with white middle class women to a condition projected onto angry, protesting Black men, a phenomenon the psychiatrist Jonathan Metzl traced in his book The Protest Psychosis. The legacy persists in the present tense. Black patients in the United States are diagnosed with schizophrenia at well over twice the rate of white patients, a gap that studies have repeatedly failed to explain by any difference in actual illness.

If clinicians have historically been quicker to see Black and Indigenous patients as dangerous, disordered, or threatening, then the records they generate encode that quickness. A model trained on those records does not see the centuries of context. It sees a correlation, and it optimises for it. This is the deeper meaning of the companion research. In a paper published in Scientific Reports on 1 December 2025, a team including several of the same CAMH researchers, with lead author work by Vejandla and colleagues including Sikstrom, Ratto, Zaheer, and Maslej, examined how biased AI recommendations actually influenced human decision making during simulated mental health emergencies. They found that systems trained on health records overestimated violence risk for marginalised groups, with the AI in their biased conditions recommending police intervention for between 50 and 90 per cent of vignettes depicting at-risk groups, including Black patients, men, unhoused patients, and those with severe mental illness, compared with about 20 per cent of vignettes depicting no-risk groups, and with secondary analyses finding the disparity statistically significant only for vignettes depicting Black as opposed to white individuals. The disparity, in other words, was not a quirk of one model at one hospital. It was a property of what happens when you train statistical systems on data produced by an unequal system and then put their outputs in front of human beings.

When the Pop-Up Becomes the Patient's Reality

The most troubling finding of the December 2025 study was not the existence of the bias but the failure of the obvious remedies. The researchers tested cognitive forcing interventions, techniques designed to slow clinicians down and make them think independently before deferring to the machine. They tried delaying the AI's recommendation, asking participants to commit to an initial judgement first, and making the AI optional rather than automatic. In other domains, such nudges have helped people resist automated advice. Here, they largely did not. People exposed to a biased recommendation tended to absorb the bias regardless of the procedural speed bump in their way.

One variable did seem to offer some protection, and it is a quietly damning one. Participants who scored high on a psychological measure called need for cognition, essentially a disposition to enjoy and engage in effortful thinking, were more resistant to the discriminatory pull of the AI. The implication is that the safeguard against an unjust algorithm was not the system design at all but the individual intellectual temperament of whoever happened to be reading the screen. That is not a safeguard a hospital can rely on at three in the morning on an understaffed ward.

This is where the abstraction of false positive rates collides with the body. An algorithmic flag does not stay on a dashboard. In an acute setting, a prediction of imminent violence is an invitation to act pre-emptively, and the tools of pre-emption are physical. A patient deemed high risk is more likely to be watched more closely, escalated more quickly, and ultimately subjected to the interventions the ward keeps for danger: physical restraint, seclusion, and chemical sedation. These are not neutral acts of caution. They are among the most harmful things a hospital can lawfully do to a person.

The Hands That Hold You Down

It is worth being unsparing about what these interventions involve, because the language of clinical guidelines tends to sand off their reality. Physical restraint means several staff members holding a person down, often face down, sometimes binding their limbs to a bed. Seclusion means locking a distressed person alone in a bare room. Chemical restraint, sometimes euphemised as rapid tranquillisation, means the forced injection of sedating drugs into someone who has not consented and may be physically resisting. None of these are rare or marginal practices. They are the standard repertoire of the acute ward, applied many thousands of times a year across the world's psychiatric systems, and they are precisely the actions that an algorithmic risk flag is designed to make more probable.

The harms are documented and they are severe. A systematic review of physical harm and death in the context of coercive psychiatric measures found that death was the single most frequently reported adverse outcome, with mechanisms including cardiac arrest from chest compression during prone restraint, asphyxiation, and pulmonary embolism. The wider literature catalogues aspiration, rhabdomyolysis, blood clots, musculoskeletal injury, falls, and post-traumatic stress. Research on high dose sedation for acute behavioural disturbance has found that loading patients with more medication does not produce faster or better sedation but does produce more adverse effects, including cardiac problems and dangerous drops in blood oxygen. Beyond the physical, forced medication is associated with worse mental health outcomes and a lasting erosion of trust in treatment, with patients reporting stronger disapproval of their care months later. In 2023 the World Health Organization and the United Nations human rights office issued joint guidance calling for an end to coercive practices in mental health services altogether, language that frames restraint and seclusion not as regrettable necessities but as human rights violations.

Now lay the algorithm's bias over this landscape, and the stakes become clear. The interventions that an over-predicting model makes more likely are interventions that already fall unequally. A 2022 study in Psychiatric Services by Colin Smith and colleagues, examining 12,977 emergency psychiatric encounters, found that Black patients had significantly higher odds of being restrained even after adjusting for clinical factors: an adjusted odds ratio of 1.35 for physical restraint and 1.33 for chemical restraint, meaning roughly a third more likely in each case. The research on restraint-related deaths repeatedly notes the disproportionate presence of Black patients among the dead. An algorithm that overestimates the dangerousness of Black, Indigenous, and Middle Eastern patients does not introduce a new disparity into a fair system. It pours accelerant on a fire that has been burning for a very long time, and it does so while wearing the lab coat of objectivity.

The Vanishingly Small Print of Consent

What makes the psychiatric context distinct from almost every other arena where algorithmic bias has been studied is the near-total collapse of the patient's capacity to push back. When a biased model denies someone a loan or filters them out of a job applicant pool, the harm is real and the recourse is limited, but the person typically remains a free agent in the world, able in principle to ask questions, seek another lender, or hire a lawyer. The acutely unwell psychiatric inpatient has none of that. They may be detained involuntarily. They may be experiencing psychosis, which the surrounding system will treat as a reason to discount their account of events. They are frequently without an advocate, a family member, or anyone whose word carries weight against the clinical consensus. And the clinical authority arrayed against them is as close to absolute as exists anywhere in modern healthcare.

In that environment, the ordinary mechanisms of algorithmic accountability simply do not function. The idea that a patient might request an explanation of the model's logic, or contest its score, presumes a patient who knows the model exists, has the legal standing to challenge it, and possesses the cognitive and practical wherewithal to do so. Strip away those assumptions, as acute admission does, and you are left with a system that exercises power over people precisely in proportion to their inability to resist it. The patients most likely to be wrongly flagged, those brought in by police, those without stable housing, those who are Black or Indigenous or Middle Eastern, are very often the same patients least equipped to contest the flag. The bias and the powerlessness are not two separate problems. They compound.

What the Hospital Owes You

So what is actually owed, and by whom? Start with the hospitals, because they are where the abstraction becomes a person on a bed. A hospital that deploys a predictive model is making a clinical decision on behalf of every patient who passes through it, and the ordinary duties of medicine do not evaporate because a computer is involved. The first obligation is the most basic and the most frequently dodged: do not deploy a tool you have not tested for disparate harm. The striking thing about the CAMH work is how rare it remains. The researchers themselves framed their study as first-of-its-kind, which is an indictment of a field that has spent years celebrating predictive accuracy without routinely asking whose errors it is built on. A hospital that cannot say, in numbers, how its model's false positive rate varies by race has not done the work, and deploying anyway is not innovation but negligence.

The second obligation is to keep a human meaningfully in the loop, and to mean it. The December 2025 findings are a warning here, because they show that simply having a clinician read the output is not enough; the clinician absorbs the bias. Meaningful human oversight cannot be a rubber stamp on a screen. It has to be structured so that the model's suggestion can be genuinely overridden, so that staff are trained to interrogate rather than defer, and so that the institution treats an algorithmic flag as one contestable input rather than a verdict. The third obligation concerns the interventions themselves. If restraint, seclusion, and forced sedation are the downstream consequences of a flag, then any hospital using such a model owes its patients rigorous, race-disaggregated monitoring of those very interventions, with the explicit question of whether the algorithm is widening existing gaps. A model that quietly increases the coercion of already over-coerced groups is not a clinical aid. It is a liability dressed as one.

What the Builders Owe You

The developers who build these systems carry obligations of their own, and they cannot offload them onto the hospital that buys the product. The most fundamental is honesty about what the model actually predicts. A system marketed as predicting violence does not predict violence. It predicts recorded labels of aggression, which is a different and far more contaminated quantity. Developers know this, or should, and the gap between the marketing claim and the statistical reality is where much of the harm hides. A tool sold as objective when it is in fact a mirror of historical bias is mis-sold, and the consequences of that mis-selling are measured in restraints applied to the wrong people.

Beyond honesty comes the duty to test. Fairness auditing of the kind the CAMH team performed should be a precondition of release, not an academic afterthought published years into deployment. That means measuring false positive and true positive rates across racial, gender, housing, and admission-mode subgroups, and across their intersections, because the CAMH data showed that the worst disparities lived at the intersections. It means being transparent about those results to the institutions that buy the tool and, ideally, to the public. And it means accepting that some models should not ship. A system whose errors fall predictably on the most vulnerable patients in the building is not improved by a disclaimer. The CAMH researchers have since secured funding to develop a fairness-aware successor tool, which is the constructive response, but the existence of a better future tool does not retroactively justify deploying a biased one today.

There is also a harder, more philosophical duty here, one the field has been slow to confront. A growing body of work, including the CAMH team's own framing, suggests that the most honest use of these models may not be to predict individual patients at all, but to detect systemic bias in the institutions that generate the data. Turn the lens around. Instead of asking the algorithm to tell you which patient is dangerous, ask it to tell you where your hospital's own judgements are skewed. That reframing, from individual risk prediction to institutional self-examination, is one of the few genuinely promising paths out of the trap, because it uses the model's pattern-finding power against the bias rather than in service of it.

What the Regulators Owe You

Then there are the regulators, who are, at present, mostly absent from the bedside. The regulatory architecture for clinical AI is being built in real time, and it is being built largely around the wrong questions. Under the European Union's AI Act, AI systems used in healthcare are designated high-risk, a classification that brings obligations around transparency, documentation, and human oversight, with major requirements scheduled to phase in across 2026 and beyond (though in May 2026 the Council of the EU and the European Parliament reached a provisional agreement, under the Digital Omnibus initiative, to postpone the high-risk obligations, deferring the requirements for standalone high-risk systems under Annex III until 2 December 2027 and those for high-risk AI embedded in regulated products such as medical devices under Annex I until 2 August 2028). High-risk status is the right instinct, but a designation is only as good as its enforcement, and the Act's transparency requirements run into the same wall that defeats the patient: meaningful explanation of an opaque model remains, by the regulators' own admission, largely undefined in practice.

The data protection regime offers a sharper, if narrower, tool. Article 22 of the General Data Protection Regulation gives people the right not to be subject to decisions based solely on automated processing where those decisions have significant effects, along with rights to obtain human intervention, to express their view, and to contest the outcome. On paper, a violence prediction that channels someone towards restraint is exactly the kind of significant automated decision the provision was written for. In the psychiatric ward, however, the law's assumptions break down. Article 22 protects decisions made solely by automation, and a hospital can defeat the protection simply by keeping a clinician nominally in the loop, even one who, as the December 2025 study showed, may be doing little more than ratifying the machine's bias. The right to contest presupposes a person able to exercise it, which the acute patient frequently is not. The regulation was built for the credit application and the recruitment filter, not for the locked ward, and it shows.

What patients actually need from regulators is more specific than anything currently on the books. They need a right to know, in plain terms, that an algorithm has assessed them and what it concluded, with that disclosure made not in the moment of acute crisis but as a matter of standard record that they or their advocate can later examine. They need a presumption that algorithmic risk scores are disclosable in any review of restraint or seclusion, so that a coercive intervention can be challenged on the basis of the evidence that helped trigger it. They need mandated, published fairness audits as a condition of clinical deployment, with the false positive disparities the CAMH team measured treated as the floor of what must be reported, not a research novelty. And they need the human oversight requirement to have teeth, defined not by the presence of a clinician but by demonstrable, structured independence of judgement from the model's output.

The Right to Know You Were Suspected

Underneath all the specific obligations sits a single principle that the law has not yet caught up to, and it is the one a person on the ward would care about most. If a system has assessed you as a threat, you have a right to know it did. That right does not depend on whether you can understand the mathematics, or whether the model was accurate, or whether you were ultimately restrained. It is prior to all of that. It is the difference between being a patient and being a suspect, between care and surveillance, between a person whose treatment is being negotiated and an object whose behaviour is being managed.

The reason this right is so easily denied is the same reason it matters so much. The whole logic of pre-emptive risk prediction is that it works on you before you have done anything, which means it works best when you do not know it is working. A flag that the patient could see and contest is a flag with friction, and friction is precisely what the efficiency case for these tools is designed to remove. So the systems are built to be invisible, and the invisibility is not incidental. It is the point. The acutely unwell patient is the ideal subject for an opaque algorithm precisely because they are in no position to demand the lights be turned on.

There is a version of the future where this technology helps. Used to audit institutions rather than to judge individuals, tested relentlessly for disparate harm, kept subordinate to genuinely independent human judgement, and made visible to the people it assesses, a model could in principle expose the very biases it currently encodes. The CAMH team's pivot towards building a fairness-aware tool and towards using these methods to surface systemic inequity rather than to predict patients is a glimpse of that future, and it deserves to be taken seriously rather than dismissed as naive.

But the present is the present. Right now, in wards on more than one continent, the default trajectory is the opposite one: quiet deployment, accuracy figures that flatter the tool while hiding who it fails, oversight that defers rather than challenges, and patients who will never learn that a number was attached to their name. The people most exposed to that trajectory are the ones who have always been most exposed to the wrong end of psychiatric power: the Black patient brought in by police, the Indigenous patient without stable housing, the Middle Eastern man already statistically twice as likely to be wrongly marked as dangerous. The machine did not invent their predicament. It learned it, from us, and it is now prepared to repeat it with a confidence no human clinician could ever quite muster. The question the CAMH study leaves hanging is not whether the algorithm is biased. We know that it is. The question is whether the people it judges will ever be allowed to know it too.

References

1. Wang, Y., Sikstrom, L., Xiao, R., Findlay, Z., Zaheer, J., Hill, S. L., & Maslej, M. M. (2026). Fairness analysis of machine learning predictions of aggression in acute psychiatric care. npj Mental Health Research, 5, Article 16. https://www.nature.com/articles/s44184-026-00194-6

2. Centre for Addiction and Mental Health. (2026, April 7). First-of-its-Kind Study Shows AI Risk Prediction Tools in Psychiatry Can Reinforce Systemic Bias. CAMH News and Stories. https://www.camh.ca/en/camh-news-and-stories/rsch-study-shows-ai-risk-prediction-tools-in-psychiatry-can-reinforce-systemic-bias

3. News-Medical. (2026, April 7). AI models may amplify bias in psychiatric aggression predictions. https://www.news-medical.net/news/20260407/AI-models-may-amplify-bias-in-psychiatric-aggression-predictions.aspx

4. MSN / Medical Xpress. (2026, April). AI risk prediction tools in psychiatry can reinforce systemic bias. https://www.msn.com/en-us/health/other/ai-risk-prediction-tools-in-psychiatry-can-reinforce-systemic-bias/ar-AA20n69Y

5. Vejandla, S., Ray, A., Sikstrom, L., Ratto, M., Zaheer, J., & Maslej, M. M. (2025, December 1). Impacts of cognitive forcing and need for cognition on biased AI-assisted decision making about mental health emergencies. Scientific Reports. https://www.nature.com/articles/s41598-025-30506-3

6. Smith, C. M., Turner, N. A., Thielman, N. M., Tweedy, D. S., Egger, J., & Gagliardi, J. P. (2022). Association of Black Race With Physical and Chemical Restraint Use Among Patients Undergoing Emergency Psychiatric Evaluation. Psychiatric Services. https://psychiatryonline.org/doi/10.1176/appi.ps.202100474

7. Kersting, X. A. K., et al. (2019). Physical Harm and Death in the Context of Coercive Measures in Psychiatric Patients: A Systematic Review. Frontiers in Psychiatry. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6580992/

8. Calver, L. A., et al. (2013). A prospective study of high dose sedation for rapid tranquilisation of acute behavioural disturbance in an acute mental health unit. BMC Psychiatry. https://pmc.ncbi.nlm.nih.gov/articles/PMC3848824/

9. World Health Organization & Office of the United Nations High Commissioner for Human Rights. (2023). Mental Health, Human Rights and Legislation: Guidance and Practice. https://www.who.int/publications/i/item/9789240080737

10. Metzl, J. M. (2009). The Protest Psychosis: How Schizophrenia Became a Black Disease. Beacon Press. See also: Schwartz, R. C., & Blankenship, D. M. discussion in American Journal of Psychiatry. https://psychiatryonline.org/doi/full/10.1176/appi.ajp.2009.09101398

11. American Psychological Association reporting on schizophrenia overdiagnosis, summarised in: Amsterdam News. (2025, September 4). Racial bias in medicine is driving the overdiagnosis of schizophrenia in Black patients. https://amsterdamnews.com/news/2025/09/04/racial-bias-driving-overdiagnosis-of-schizophrenia-in-black-patients/

12. European Union. Artificial Intelligence Act, Annex III: High-Risk AI Systems. https://artificialintelligenceact.eu/annex/3/

13. Tandem Health. EU AI Act explained: what healthcare organisations need to know. https://tandemhealth.ai/resources/knowledge/eu-ai-act-explained-what-healthcare-organisations-need-to-know

14. Goldsteen, A., et al. A health-conformant reading of the GDPR's right not to be subject to automated decision-making. Medical Law Review, 32(3), 373. https://academic.oup.com/medlaw/article/32/3/373/7732100

15. GDPR Article 22: Automated Decision-Making, Profiling, and Your Rights. https://gdprinfo.eu/gdpr-article-22-explained-automated-decision-making-profiling-and-your-rights

---

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

Listen to the free weekly SmarterArticles Podcast

I have been drinking so much coffee today that my urine looks a little bit like coffee too.

That’s why it’s half past two, but I’m still awake at my friend’s place at the loft, near the ceiling.

It used to be a bright and warm day with a big sun followed by a big almost full moon and a pleasant summer evening, but now I hear the sound of rain.

He got married today, technically it was yesterday. And it was a merry and touching event, now existing only as a memory with I will take with me to my grave. I think.

The day before the day before that one, in the evening, upon my arrival, we sat on his veranda drinking beers until it got dark, sharing a bottle of Jägermeister. It made me very drunk. I didn’t expect we’d drink the whole bottle, but we did.

Talking of this and that, smoking a pipe like two sailors.

Drinking Jägermeister.

And that night I slept like a stone

I have been feeling many emotions these days

But right now, I don’t feel anything in particular.

New England Stoicism

Why call it New England Stoicism, When underneath the rocky soil, there lie Bottomless terrors and paroxysms, Bursting through the soul like a newborn's cries? Vicissitude is life's only constant. So why pretend that change does not exist? Why deny natural decay's portents? Why ignore the existence of death's list? As if your old house were Buckingham Palace? And its unused china something precious? Preserving only what you miss, will miss Those moments in life that are most precious, For which we will be judged at heaven's gate. Change must be allowed to change; too late!

---

This sonnet was inspired by living in New England and Ethan Frome.

Thank you for reading! I greatly regret that I will most likely never be able to meet you in person and shake your hand, but perhaps we can virtually shake hands via my newsletter, social media, or a cup of coffee sent over the wire. They are poor substitutes, but they can be a real grace in this intractable world.

---

Send me a kind word or a cup of coffee:

Buy Me a Coffee | Listen to My Music | Listen to My Podcast | Follow Me on Mastodon | Read With Me on Bookwyrm | Connect With Me on Substack

A confession before the recipe, because I'd rather be honest than look clever: I am not an AT Protocol expert, and I'm no great sysadmin either. What follows is a recipe I stitched together from trial, error, docs read sideways, and a lot of pairing with an LLM that knew the bits I didn't. It works — I'm running it right now — but if any of it reads as authoritative, that's hard-won, not pre-loaded.

Right. What are we actually building?

• tangled — a federated git host. Think GitHub, except no single company owns the whole thing; anyone can run a piece and the pieces talk to each other.
• The piece you run is, in tangled's words, a “knot”. I think that name is daft, so I'll call it a tangled server. It's the bit that actually holds your repositories.
• To own one you need an AT Protocol identity. AT Protocol is the open plumbing under Bluesky — and, crucially, not Bluesky. Your identity there is a DID (a permanent ID that's genuinely yours, not rented from anyone) anchored to a PDS (Personal Data Server — the box that holds your identity and data).

The lazy way to get that identity is to sign up for Bluesky. I'm in Australia, where that now means handing over a face scan, a credit card, or a photo of my ID for “age verification”. Hard no. So I run my own PDS instead, and the identity never touches Bluesky.

See this post for the painful experience that was to set up.

At the end of this you'll have a working git host on your own domain, registered on the tangled network, owned by an identity you fully control.

Two moving parts:

1. A PDS — the official Bluesky reference PDS. It's open source; “Bluesky the company” and “Bluesky's software” are different things, and this is the software. It mints and hosts your DID.
2. A tangled server — configured to be owned by the DID from part 1.

I run both on eon, a Raspberry-Pi-class box, behind my cluster's reverse proxy (Caddy) via uncloud. The uc deploy / x-ports lines below are uncloud's way of saying “publish this service”; if you're on plain Docker Compose, swap them for however you do reverse-proxy ingress. Everything else carries over.

---

What you'll need

• A host that can run a container, reachable on ports 80/443 (I'm assuming a reverse proxy out front terminating TLS).
• A domain you control DNS for. I point a wildcard *.suranyami.com at my cluster edge, so pds.suranyami.com and knot.suranyami.com both resolve and get auto-issued certs with no per-host records.
• Somewhere durable to keep data on local disk. Not NFS — these services use SQLite, and SQLite over a network share is a recipe for corruption. (I learned that one the hard way on an unrelated service. Different post.)
• openssl, curl, and jq on whatever machine you run the setup commands from.

---

Step 1 — stand up the PDS

Make the three secrets

The PDS needs three secret values. These are the commands the upstream installer uses; I didn't invent them, I lifted them:

# JWT signing secret
openssl rand --hex 16

# admin password (HTTP basic-auth for the admin API)
openssl rand --hex 16

# PLC rotation key — a secp256k1 private key, in hex. THIS IS YOUR IDENTITY.
openssl ecparam --name secp256k1 --genkey --noout --outform DER \
  | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32

⚠️ Back up that rotation key like your identity depends on it, because it does. It's the cryptographic key that controls your DID. Lose it and the identity is gone for good — and your git server's ownership goes with it. Drop all three into a gitignored .env, and put the rotation key in your password manager on top of that:

# .env (gitignored)
PDS_JWT_SECRET=...
PDS_ADMIN_PASSWORD=...
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=...

The service definition

This is the upstream compose file with everything I didn't want stripped out — no bundled reverse proxy, no host networking, no auto-updater — because my cluster already does TLS and proxies it through to port 3000:

# services/pds.yml
services:
  pds:
    image: ghcr.io/bluesky-social/pds:0.4
    environment:
      PDS_HOSTNAME: pds.suranyami.com
      PDS_PORT: "3000"
      PDS_JWT_SECRET: ${PDS_JWT_SECRET}
      PDS_ADMIN_PASSWORD: ${PDS_ADMIN_PASSWORD}
      PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}
      PDS_DATA_DIRECTORY: /pds
      PDS_BLOBSTORE_DISK_LOCATION: /pds/blocks
      PDS_DID_PLC_URL: https://plc.directory
      PDS_BSKY_APP_VIEW_URL: https://api.bsky.app
      PDS_BSKY_APP_VIEW_DID: did:web:api.bsky.app
      PDS_CRAWLERS: https://bsky.network
      PDS_SERVICE_HANDLE_DOMAINS: .suranyami.com   # allows handles like forge.suranyami.com
      PDS_INVITE_REQUIRED: "true"                  # no open signups; admin creates accounts
    volumes:
      - /bricks/eon-1/pds:/pds                      # SQLite + blobstore (local disk)
    x-ports:
      - pds.suranyami.com:3000/https               # web/API via cluster Caddy (TLS auto)
    x-machines:
      - eon
    restart: always

Make the data dir on the host first (mkdir -p /bricks/eon-1/pds), then deploy. With uncloud the secrets get pulled from .env at deploy time:

set -a; . ./.env; set +a
uc deploy -y -f services/pds.yml

Check it's alive:

curl -s https://pds.suranyami.com/xrpc/_health
# {"version":"0.4.x"}

---

Step 2 — create your identity

Heads up: this particular PDS image ships without the pdsadmin helper that the docs assume you have. Took me a minute to work out you can just talk to the admin API directly instead. Signups are invite-only (that's the PDS_INVITE_REQUIRED line above), so mint yourself an invite first — the -u admin:... is the admin password doing HTTP basic auth:

set -a; . ./.env; set +a

curl -s -X POST https://pds.suranyami.com/xrpc/com.atproto.server.createInviteCode \
  -u "admin:${PDS_ADMIN_PASSWORD}" \
  -H "Content-Type: application/json" \
  -d '{"useCount": 1}'
# → {"code":"pds.suranyami.com-xxxxx-xxxxx"}

Then create the account with that code:

curl -s -X POST https://pds.suranyami.com/xrpc/com.atproto.server.createAccount \
  -H "Content-Type: application/json" \
  -d '{
    "email": "admin@suranyami.com",
    "handle": "forge.suranyami.com",
    "password": "<a-strong-account-password>",
    "inviteCode": "<code-from-above>"
  }'
# → { "did": "did:plc:...", "handle": "forge.suranyami.com", ... }

Run that exactly once. Run it twice and the PDS throws Handle already taken back at you — which isn't a new failure, it's the first run having succeeded. To redo an account you delete it through the admin API first; you don't re-create over the top of it.

Save the returned DID and the account password into .env (PDS_ACCOUNT_DID, PDS_ACCOUNT_HANDLE, PDS_ACCOUNT_PASSWORD). The DID is the thing your git server gets owned by, so keep it handy.

A handle gotcha that caught me out: the PDS quietly reserves a pile of role-ish handles. admin, git, code, repo, dev and source are all taken before you even start, and createAccount just rejects you. forge, ops, vcs, scm, tangled, knot and hub were free — I went with forge.suranyami.com because it names the job (a git host), not me. If your handle gets bounced, this is why.

---

Step 3 — prove the handle is yours

The wildcard DNS gets the web address resolving, but the handle itself needs a separate proof so tangled (and the login flow) will trust that forge.suranyami.com really is you. That proof is a DNS TXT record — a little text note attached to a DNS name:

host:  _atproto.forge.suranyami.com
value: did=did:plc:tg42msv45ief3qphccenrogh

The explicit _atproto record wins over the wildcard for that one name. Check it resolved, and that the PDS agrees the handle maps to your DID:

dig +short TXT _atproto.forge.suranyami.com
# "did=did:plc:tg42msv45ief3qphccenrogh"

curl -s "https://pds.suranyami.com/xrpc/com.atproto.repo.describeRepo?repo=forge.suranyami.com" \
  | jq '{handle, did: .didDoc.id, handleIsCorrect}'
# handleIsCorrect: true

handleIsCorrect: true is the bit you're after.

---

Step 4 — stand up the tangled server

tangled's server image lives in tangled's own registry, atcr.io, which is private and checks AT Protocol identities at the door. So you log in to it with your self-hosted handle and an app-password — a throwaway password scoped to one tool, so you're not handing your real account password to the docker CLI.

Mint one from your PDS:

set -a; . ./.env; set +a

ACCESS=$(curl -s -X POST https://pds.suranyami.com/xrpc/com.atproto.server.createSession \
  -H "Content-Type: application/json" \
  -d "{\"identifier\":\"${PDS_ACCOUNT_DID}\",\"password\":\"${PDS_ACCOUNT_PASSWORD}\"}" \
  | jq -r .accessJwt)

curl -s -X POST https://pds.suranyami.com/xrpc/com.atproto.server.createAppPassword \
  -H "Authorization: Bearer ${ACCESS}" \
  -H "Content-Type: application/json" \
  -d '{"name": "atcr"}'
# → {"password":"xxxx-xxxx-xxxx-xxxx", ...}   ← store as KNOT_ATCR_APPPW in .env

Log the host that'll run the server into the registry (run this on that machine):

docker login atcr.io -u forge.suranyami.com   # paste the app-password

Now the service itself. The one line that ties this whole thing to you is KNOT_SERVER_OWNER — your DID from Step 2. (Yes, the env vars insist on calling it a knot. I've made my peace with the YAML if not the branding.)

# services/knot.yml
services:
  knot:
    image: atcr.io/tangled.org/knot:latest
    environment:
      KNOT_SERVER_HOSTNAME: knot.suranyami.com
      KNOT_SERVER_OWNER: did:plc:tg42msv45ief3qphccenrogh   # your self-hosted DID
      KNOT_SERVER_DB_PATH: /app/knotserver.db
      KNOT_REPO_SCAN_PATH: /home/git/repositories
      KNOT_SERVER_INTERNAL_LISTEN_ADDR: localhost:5444
    volumes:
      - /bricks/eon-1/knot/keys:/etc/ssh/keys              # stable SSH host keys
      - /bricks/eon-1/knot/repositories:/home/git/repositories
      - /bricks/eon-1/knot/server:/app                     # SQLite db + app state
    x-ports:
      - knot.suranyami.com:5555/https   # web UI via cluster Caddy (TLS auto)
      - 2222:22@host                    # git-over-SSH, raw TCP on the host
    x-machines:
      - eon
    restart: always

Deploy, and confirm the web UI answers on a valid cert:

uc deploy -y -f services/knot.yml
curl -s -o /dev/null -w '%{http_code}\n' https://knot.suranyami.com
# 200

Don't reach for curl -I here — the knot only allows GET on /, so a HEAD comes back 405 and you'll convince yourself the server's broken when it isn't. (What you'll actually get at / is an ASCII banner saying “this is a knot server”. The real surface is /xrpc/; the human UI lives on tangled.org, rendered on top of your knot's data.)

The web UI and registration work over 443 alone. Cloning and pushing over SSH from outside your own network needs one more thing: a port-forward on your router (public TCP 22 → eon:2222) and a fixed local IP for the host. That's optional and entirely separate from getting registered — skip it for now if you just want the thing live.

---

Step 5 — register it with tangled

Sign in at tangled.org as forge.suranyami.com, using your account password (not the app-password, not the admin password). What happens next is the nice part of running your own identity: tangled bounces you to your own PDS to approve the login, because your PDS — not Bluesky, not tangled — is the thing that vouches for you. Approve it, then:

Settings → Knots → add knot.suranyami.com.

tangled fetches your server over HTTPS, checks it's owned by your DID, and links them. That's it. Push a repo.

If you want to watch the wire actually close, ask your PDS what records your DID is now carrying:

curl -s "https://pds.suranyami.com/xrpc/com.atproto.repo.describeRepo?repo=did:plc:tg42msv45ief3qphccenrogh" \
  | jq '.collections'
# ["io.atcr.sailor.profile", "sh.tangled.actor.profile", "sh.tangled.knot"]

sh.tangled.knot is the registration record, and its key is your knot's hostname. Not sh.tangled.publicKey — that one turns up later, the first time the knot signs a git push, so its absence right after registering is normal. (I spent a confused few minutes waiting for it. Don't.)

---

Two things that'll bite you

1. The login fails and the error is a lie. When I first tried to register, the login died with invalid_client_metadata and I lost hours chasing a permissions theory that turned out to be completely wrong. The real cause was that my PDS couldn't make one outbound network request — a broken IPv6 path it should never have had. If your registration login throws that error, don't trust where it's pointing you; the whole saga (and the actual fix) is its own post: the bug was IPv6. The quick tourniquet, if you hit it before sorting IPv6 properly, is one line on the PDS:

NODE_OPTIONS: "--dns-result-order=ipv4first --no-network-family-autoselection"

2. “Wrong identifier or password” when the password is right. A 32-character password with no word breaks is trivially easy to truncate when you copy it, and then you'll swear blind it's correct. If a createSession call from the command line works but the browser login keeps rejecting you, the value reaching the form has drifted — your account is fine. Reset the password without recreating the account (recreating mints a brand-new DID and orphans your git server — don't):

curl -s -X POST https://pds.suranyami.com/xrpc/com.atproto.admin.updateAccountPassword \
  -u "admin:${PDS_ADMIN_PASSWORD}" \
  -H "Content-Type: application/json" \
  -d "{\"did\":\"${PDS_ACCOUNT_DID}\",\"password\":\"<new-password>\"}"

Then confirm it with createSession and paste the new value straight off your clipboard, not retyped.

---

Two log lines that look fatal and aren't

Once the knot's up, two ERROR lines will scroll past and both are nothing. I lost ten minutes on each before I trusted the rest of the stack, so:

1. failed to resolve did/handle handle=.well-known — random bots hammer /.well-known/acme-challenge/<anything> on any public hostname, looking for exposed ACME endpoints. Caddy only intercepts the challenge tokens it issued; everything else falls through to the knot, and the knot's router treats the first path segment as a handle to resolve. .well-known fails the handle regex, so it 500s and logs ERROR. Your cert is fine — Caddy already issued it. Ignore it, or add a Caddy rule to 404 /.well-known/acme-challenge/* before it reaches the proxy.

2. database is locked on a backfill-collaborators migration — two code paths touch the SQLite file at the same instant during startup and the loser hits the busy timeout. On a fresh knot there's nothing to backfill (count=0), so losing the race costs nothing; it just never marks the migration done, so it re-runs every boot. Ugly, harmless. A clean restart once the container's settled clears it. I didn't bother.

---

What you end up with

• A DID you own outright, on your own PDS, with a custom-domain handle — no Bluesky account, no face scan, no age check.
• A git host owned by that DID, on a federated network you don't depend on any single company to keep running.
• One file (.env) you absolutely must back up — the rotation key inside it is your identity.

None of this needs you to be a protocol wizard. I'm certainly not one. It needs an afternoon, a domain, and a stubborn refusal to hand your ID to a website just to host your own code.

Lydia's Weekly Lifestyle blog is for today's African girl, so no subject is taboo. My purpose is to share things that may interest today's African girl.

This week's contributors: Lydia, Pépé Pépinière, Titi. This week's subjects: The Corporate Kimono Era, Prada has bought rival fashion brand Versace, The Ban on Drumming, Your Blood Group, and Restaurants

---

The Corporate Kimono Era. The Accra corporate girl is no longer dressing like she’s attending a board meeting from 2007. We’re layering, flowing, and serving elegance with movement. And honestly? The kimono understood the assignment. Whether it’s silky, structured, printed, or neutral-toned, the kimono gives your outfit personality while still keeping it office appropriate. Think of it as your blazer’s cooler, artsier cousin. The Power Styling Formula: The “CEO but Fashionable” Look Pair a long neutral kimono with: Tailored trousers A fitted camisole or bodysuit Pointed heels Minimal gold jewelry Result? You look like you own shares in three companies and still make it to brunch on time. African Print Kimono = Boardroom Royalty: Ankara kimonos over monochrome outfits? Elite behavior. A black dress or all-white set instantly comes alive with a bold print kimono. It’s corporate chic with cultural confidence — exactly the energy Accra girls are bringing to the office lately. Makola meets management. Corporate fashion in Accra is evolving, and the kimono is leading the soft-power revolution. It’s stylish, breathable in this Ghana heat, versatile, and effortlessly elegant. Prada has bought rival fashion brand Versace for $1.36bn, but this is more than just business as usual. Gianni Versace, born in 1946, started Versace fashion house in 1978, together with his sister Donatella. Donatella Versace In 1990 Gianni met Andrew Phillip Cunanan, though the family has always denied this. Cunanan was a notorious person with many ID’s, and amongst others dealing in and using drugs, and mostly living off elderly wealthy men. In 1997 when Gianni was 50, Cunanan shot Versace twice and fatally. And he murdered a total of 5 people before then shooting himself. Versace’s sister, Donatella then became creative director but could not keep this $500-million turnover company, with its flamboyant reputation for clothes in unconventional materials and offbeat designs going, and eventually Versace amassed a very high pile of debt. Donatella, now 69 has since stepped down as creative director but will remain an ambassador for Versace. She will be replaced by Dario Vitale, who is a former design director for Miu Miu.

The Ban on Drumming. (May 4-June 4 2026) left those who like life music in the dry. +233 Jazz and Grill Bar (Dr. Isert Street, North Ridge, opposite GBC, Accra) was open throughout the period, but without the music, and without the customers. So I went there on the 4th of June, Chris and the Zoom Band were doing their evergreens again, and I ordered my usual kebab. Dry. Maybe it had been there all that time. And the lettuce leaves in the Greek salad were dry as well, for the same reason? But the second kebab was juicy again, back on track. And I wondered how +233 were paying their staff throughout the period, with hardly any income. And how did the artistes survive? 2 Zoom members had called me during the ban for a loan, one claiming the mother in Cape Coast was not well, the other one claiming same for the wife, in Accra. Traditions……

Your Blood Group. As much as you want to know your sickle status before you get married (friend of mine didn’t, first baby was ok, then they had twins, both are sicklers, good morning) you also want to know your blood group. Why? You’re not planning to donate blood? No, but you may need blood. For example before or after an operation, and that may well be an unscheduled operation like an appendix or a car accident. Hospitals don’t have blood? Well, not always. For the most common blood groups like A+ (55%) B+ (22%) and A+ (20%) often they have, but the not so common ones like AB, O-, A-, B- (all between 2 and 4 % of the population only) don’t assume that they have. So if you’re in one of those uncommon groups it is good to know people who have the same group as you. I’d prefer to have blood from someone I know rather than from an unknown donor who may have had unprotected sex the day before he donated and hence might have creeped through the screening process the hospitals are supposed to apply. HIV infected blood is only detected from 10 days onwards after the infection occurred.

Restaurants. There's a lot of restaurants in Accra, or shall I call them eateries, and majority have impressive rankings if you look at them through one of the search engines. The reality is drastically different. Poor service such as QR code menus only (and outdated), waiters not knowing what is available, lack of attention from waiters, long waiting times, no change, no proper napkins (tissues only), poor quality food, clogged salt dispensers, grossly overpriced junk food (the cost of a beef burger is not more than 40 GHC) and so forth. There’s also the more upscale restaurants with beautiful interiors and menus and with waiters in uniforms and booking registers at the entrance where classics like pepper steak and sole meuniere are served, and unfortunately most of them are not worth even half the money they are charging. Real cooks hardly take things from packages or cans or use the microwave and they make their own sauces and use fresh ingredients. And cook. Internationally professional cooks study at least 2-3 years and then do a few years of attachments in the better restaurants before anyone would hire them. There are indeed 6 month courses where you can obtain “certified cook”, but don't think much of it. And some really never learn. At the end of the day it is best to ask friends, but there again one still has to be careful, some are happy with any rubbish as long as they can say they were there.

Lydia...

Do not forget to hit the subscribe button and confirm in your email inbox to get notified about our posts.

I have received requests about leaving comments/replies. For security and privacy reasons my blog is not associated with major media giants like Facebook or Twitter. I am talking with the host about a solution. for the time being, you can mail me at wunimi@proton.me

I accept invitations and payments to write about certain products or events, things, and people, but I may refuse to accept and if my comments are negative then that's what I will publish, despite your payment. This is not a political newsletter. I do not discriminate on any basis whatsoever.

I wanted to self-host a tangled server. I refuse to call it a “knot”, because that's just fucking stupid.

FYI, it's supposed to be a small, federated, GitHub-like git server built on the AT Protocol. The catch: tangled identities are AT Protocol identities, and the obvious way to get one is a Bluesky account.

I'm in Australia, where Bluesky now gates sign-up behind age verification (facial recognition, a credit card, or an ID scan).

I object to this on principle, so I said “fuck that”, and besides I do NOT need another social media account, so a bsky.social account was off the table.

The good news is that the AT Protocol doesn't require Bluesky at all. Your identity is just a DID anchored to a PDS (Personal Data Server) — and you can run your own. So I did: the official Bluesky reference PDS, in a container on eon (a Raspberry-Pi-class DietPi box), behind my cluster's Caddy, on my own domain. I created an account, verified the handle, pointed the knot at it. Everything came up green.

Then I tried to log in to tangled with my shiny self-hosted identity, and got:

Failed to start auth flow: auth request failed: PAR request failed (HTTP 400): invalid_client_metadata

This is the story of how that error sent me down a completely wrong path for hours — and how a single differential test dragged me back to a mundane, and much more interesting, root cause.

---

The obvious culprit (that wasn't)

Thirty-second primer, because OAuth is a swamp of acronyms and I won't pretend otherwise. “Log in with Google” is OAuth: one service vouches for you to another. Here, tangled is the app asking for access (in the jargon, the client), and my PDS — my little self-hosted identity server — is the bouncer deciding whether to let it in (the authorization server).

The handshake starts before my browser is even involved: tangled shoves a request straight at my PDS, server to server. That shove has a name — a Pushed Authorization Request, or PAR. And invalid_client_metadata is the bouncer sniffing the request and going: I don't like the look of this club's paperwork.

So I read the paperwork:

• tangled's client metadata asks for a long list of scopes
• scopes being the specific permissions an app wants, the “this app would like to access your repos and your handle” checklist
• tangled asks for fine-grained ones: repo:sh.tangled.repo, rpc:sh.tangled.repo.create, blob:*/*, identity:handle

Then I checked what my PDS said it understood:

scopes_supported: ['atproto', 'transition:email', 'transition:generic', 'transition:chat.bsky']

The old, coarse set. None of the granular ones. Case closed, right?

My PDS (@atproto/pds version 0.5.9) was too old to grasp the permissions tangled was asking for, so it spat the request out. Bluesky's own docs even say granular permissions are “rolling out to the self-hosted PDS distribution” — translation: not in a shipping self-hosted PDS yet.

I went a long way down this road.

• Checked npm for a newer PDS — latest stable was 0.5.10, one patch ahead, useless.
• Checked the pre-release tags — somehow older than stable, also useless.
• Then I found Tranquil, a PDS rewritten in Rust that explicitly supports the granular scopes, read its install docs, confirmed it ran on my hardware, and got within a hair of migrating my brand-new identity onto a multi-container, Postgres-backed, community-alpha server.

That is a colossal amount of effort and risk to dodge a problem I had not actually confirmed was the problem. Mercifully, it was not the problem.

---

The question that broke the theory

The thing that saved me was one stupid question: if my PDS can't do this, how is tangled doing it for everyone else right now?

People log in to tangled every day with handles on .bsky.social or .tngl.sh. That second one — .tngl.sh — is tangled's own PDS hosting. Whatever software it runs, it demonstrably works with the exact login I was failing. So instead of theorising, I could just go poke it.

I had a .tngl.sh handle lying around from earlier, so I worked out which PDS hosts it and interrogated it directly. Two things fell out immediately, and both upended the original theory:

1. tngl.sh runs the Bluesky reference PDS — the same @atproto/pds software I installed, version 0.4.208. Not Tranquil. So migrating to Tranquil would have been “solving” a problem the working system doesn't have.
2. Its scopes_supported was the exact same legacy set as mine. And tangled login works there fine.

If the box that works advertises the same scopes as the box that doesn't, then the scopes were never it. The theory was built on a coincidence I'd mistaken for a clue.

So I fired the identical PAR request at both PDSes and put the answers side by side:

# my PDS:
{"error":"invalid_client_metadata",
 "error_description":"Unable to obtain client metadata for \"https://tangled.org/oauth/client-metadata.json\""}

# tngl.sh:
{"error":"invalid_request",
 "error_description":"client authentication method \"private_key_jwt\" required a \"client_assertion\""}

There it is, in the error text. tngl.sh fetched and read tangled's paperwork and moved on to the next step — it was only complaining that my bare test didn't include a signature it expected. Mine never got that far. “Unable to obtain client metadata.” My PDS couldn't even download the document.

This was never about permissions. It was a failed HTTP request. My server tried to fetch one URL and couldn't.

---

Why couldn't it fetch one URL?

From inside the PDS container, using the same mechanism the PDS itself uses (Node's built-in fetch):

https://tangled.org/oauth/client-metadata.json   -> ETIMEDOUT
https://plc.directory                             -> 200
https://example.com                               -> 200

The internet at large was fine. Only tangled.org hung until it gave up (ETIMEDOUT is the network politely telling you nothing ever answered). One host timing out while everything else sails through has a particular smell to it.

I ruled out the boring stuff first. MTU — the largest chunk a network link will carry in one go — was a normal 1500 on both the container and the host, so I wasn't looking at the classic “big packets silently vanish” trap. To be sure, I forced a full encrypted handshake to tangled.org over IPv4 with the right hostname attached, big packets and all. It completed. Not an MTU black hole.

The tell was in DNS. tangled.org publishes two addresses: an A record (its IPv4 address) and an AAAA record (its IPv6 one). And my container was listening on :::3000 — that's IPv6 notation, so IPv6 was very much in the game. So I told Node to stop being clever about which one it picked:

node --no-network-family-autoselection -e 'fetch("https://tangled.org/oauth/client-metadata.json").then(r=>console.log(r.status))'
# -> 200

Instant 200. The bug was IPv6.

Here's the clever-that-backfired bit. Modern Node (I'm on 24) uses a trick called Happy Eyeballs: when a host has both an IPv4 and an IPv6 address, it races connections to both and uses whichever replies first. The whole point is resilience — if one path is dead, the other wins and you never notice.

Except my IPv6 path wasn't dead. It was black-holed — packets marched out and nothing ever came back, no rejection, no error, just silence. So Node's connection sat there waiting for a reply that would never come, instead of failing fast and letting IPv4 win the race. plc.directory and example.com happened not to provoke it; tangled.org's particular setup did. A dead path is fine. A path that eats packets and says nothing is poison.

The quick fix was one environment variable on the PDS container — tell Node to prefer IPv4 and stop racing:

NODE_OPTIONS: "--dns-result-order=ipv4first --no-network-family-autoselection"

Redeploy, replay the PAR, and now my PDS gives the identical answer tngl.sh did. Login unblocked. No Tranquil, no migration, no waiting for a release that was never the issue.

But slapping “never use IPv6” on a machine that's supposed to have IPv6 isn't a fix, it's a tourniquet. The real question was still standing there: why was IPv6 black-holing in the first place?

---

The actual root cause: Docker quietly knifed my IPv6

This is the part that was worth the whole detour.

First, whose fault — the network, the router, or the box? Easy to settle by comparison. My Mac, sitting on the same LAN, has a proper public IPv6 address handed down from the ISP and pings the IPv6 internet in about 22ms. So the router and the ISP do IPv6 perfectly well. But eon had no public IPv6 address and no IPv6 route to the outside world at all — just a link-local address (the IPv6 equivalent of “I can talk to the room I'm in”) and Tailscale's private range. It had never picked up the router's IPv6 at all.

I'd assumed IPv6 just worked everywhere because it works on my Mac. It works on my Mac because macOS does SLAAC out of the box.

SLAAC — Stateless Address Autoconfiguration — is the no-paperwork way devices get IPv6: the router periodically shouts its network details onto the LAN (these shouts are called Router Advertisements), and any device that hears one configures its own address from it. No DHCP server, no central list, just “here's the network, help yourself.”

My Mac does that natively. So do my Ubuntu boxes — their network managers handle the router's shouts themselves, in normal software. But my DietPi nodes use a barebones networking setup where listening for those shouts is the Linux kernel's job. And the kernel was sitting there with its thumb up its arse.

The relevant kernel switches (sysctl is just the knob-panel for kernel settings) were identical on every DietPi node:

net.ipv6.conf.eth0.accept_ra   = 1
net.ipv6.conf.eth0.forwarding  = 1

And that pair together is the trap. forwarding = 1 means the host is willing to act as a router, shuffling packets between interfaces on behalf of others. accept_ra is whether it listens to the router's shouts. The catch the kernel enforces: a box that's acting as a router will not listen to other routers' shouts — because routers are supposed to be authoritative, not take their config secondhand. So with accept_ra = 1 and forwarding = 1, the kernel silently bins every Router Advertisement. No shouts heard, no SLAAC, no address, no route. Silently. There's the magic word again.

So who switched on forwarding? Docker. The moment Docker starts, it flips IPv6 forwarding on so it can route packets to your containers. Every Docker-running DietPi node I had was therefore sitting at forwarding=1 + accept_ra=1 — meaning every one of them quietly lost outbound IPv6 the instant Docker came up. And I never noticed, because nothing I ran needed outbound IPv6 until a Node app went looking for an IPv6-published host and hung itself on the silence.

My Ubuntu nodes dodged it purely by luck: their network managers do the listening in software, sidestepping the kernel switch entirely, so the forwarding clash never touched them.

The actual fix is one knob, set to stick across reboots:

net.ipv6.conf.<iface>.accept_ra = 2

accept_ra = 2 means “listen to the router's shouts even while forwarding.” Flip that, and the kernel starts hearing Router Advertisements again, SLAAC kicks in, and the node grabs a real public IPv6 address and a route to the world like every other device on the network. I'm rolling it out across the whole fleet with Ansible, so every machine is a proper IPv6 citizen — not just the ones whose networking happened to paper over the gap by accident.

---

What I'd tell past-me

• Go find a working version and diff against it. I torched hours on a tidy, well-evidenced, completely wrong theory. One question — “how does the thing that works do it?” — and one identical request fired at a known-good server flattened the whole story in minutes. When something should work and doesn't, stop theorising and go interrogate a copy that does.
• Same symptom does not mean same cause. Both PDSes advertised the same scopes. That coincidence is exactly what sold me the wrong story for an afternoon. The error messages, read slowly and side by side, were trying to tell me the truth the whole time.
• “It works on my machine” can be three different accidents wearing a trenchcoat. IPv6 worked on my Mac and my Ubuntu boxes for three unrelated reasons, none of which applied to my DietPi nodes. Same behaviour across a fleet is something you check, not something you assume.
• Docker turns on IP forwarding and that can silently murder kernel SLAAC. If you run containers on a Debian-ish host with barebones networking and your IPv6 has “mysteriously” vanished, go look at accept_ra versus forwarding. You almost certainly want accept_ra=2.
• A black-holed network path is worse than a dead one. A cleanly-dead IPv6 stack fails fast and the IPv4 fallback wins. A path that swallows packets and says nothing makes well-behaved software hang forever. If connections to some hosts time out while everything else is fine, suspect a half-configured address family long before you blame MTU, DNS, or the far end.

---

So, now, to continue my yak-shaving I have managed to:

• host an identity server
• so now I can get an identity
• I didn't need to make a stupid social media account to fix it
• now I can attempt to run a federated git server with a stupid name

And all this is so I can host my own code repos instead of dealing with Microsoft's continued enshittification of Github, and the ongoing collapse of the USA up its own arsehole of late-stage capitalism as it goose-steps into oligarchic cronyism.

Hoo-fucking-ray!