Aaron Parecki

Tuesday, January 22, 2019

• 
• 

  Contributions from: Australia, France, Germany, Netherlands, Spain, Switzerland, United Kingdom, United States

  Tue, Jan 22, 2019 12:34am -08:00
• 

  9:42pm

  Asleep

  6:32am

  Awake

  8h 50m

  Slept

  57m

  Awake for

  

  San Francisco, California, USA

  Tue, Jan 22, 2019 6:32am -08:00
• 

  at Equator Coffees & Teas

  San Francisco, California • Tue, January 22, 2019 7:02am

  37.782598 -122.410218

  San Francisco, CA, United States • 50°F

  9 Coins

  Tue, Jan 22, 2019 7:02am -08:00
• Taxi

  28.01mi

  Distance

  75:36

  Duration

  7:23am

  Start

  8:39am

  End

  

  Redwood City, California • 44°F

  Tue, Jan 22, 2019 8:39am -08:00
• 

  at Guardant Health

  Redwood City, California • Tue, January 22, 2019 8:40am

  37.500542 -122.21802

  Redwood City, CA, United States

  1 Coin

  Tue, Jan 22, 2019 8:40am -08:00
• Taxi

  27.64mi

  Distance

  31:35

  Duration

  12:24pm

  Start

  12:55pm

  End

  

  San Francisco, California • 59°F

  Tue, Jan 22, 2019 12:55pm -08:00
• 

  at zpizza

  San Francisco, California • Tue, January 22, 2019 1:00pm

  37.783204 -122.406138

  San Francisco, CA, United States • 59°F

  21 Coins

  Tue, Jan 22, 2019 1:00pm -08:00
• Vincent Pickering https://twitter.com/vincentlistens   •   Jan 22

  Or Is it just that it only holds on to a fixed number of mentions?
  

  Neither. The dashboard only shows the latest few, but that's just me being lazy and not giving you a UI to page through older ones. It stores them all forever, and I have no plans to delete old ones there.
  
  But you're right that you should copy that data to your own site somehow!

  San Francisco, California, USA • 59°F

  1 like

  Tue, Jan 22, 2019 1:31pm -08:00
• Vincent Pickering https://twitter.com/vincentlistens   •   Jan 22

  Or Is it just that it only holds on to a fixed number of mentions?
  

  Even though my site uses webmention.io as its endpoint, I use the web hooks to push all the responses to my site where it stores its own copy of them.

  San Francisco, California, USA • 59°F

  1 like

  Tue, Jan 22, 2019 1:32pm -08:00
• 

  at ThoughtWorks Inc

  San Francisco, California • Tue, January 22, 2019 2:00pm

  37.784498 -122.404887

  San Francisco, CA, United States • 61°F

  5 Coins

  Tue, Jan 22, 2019 2:00pm -08:00
• 

  at Okta SF4

  San Francisco, California • Tue, January 22, 2019 3:11pm

  37.789283 -122.397535

  First time visiting the new office

  

  San Francisco, CA, United States • 69°F

  1 like 42 Coins

  Tue, Jan 22, 2019 3:11pm -08:00
• 

  at La Capra Coffee

  San Francisco, California • Tue, January 22, 2019 3:42pm

  37.790688 -122.397467

  San Francisco, CA, United States • 69°F

  7 Coins

  Tue, Jan 22, 2019 3:42pm -08:00
• Fred Emmott https://twitter.com/fredemmott   •   Jan 14

  Does anyone have an approachable article for "don't trust the client"? Best I've found is the OAuth threat model RFC (RFC 6819), but it's a bit too long to ask others to read for a quick overview :) (not work related)
  

  I just wrote this up since I couldn't find a good answer online! https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps
  
  Hope it helps!

  San Francisco, California, USA • 69°F

  1 like 1 repost

  Tue, Jan 22, 2019 3:47pm -08:00
• 

  If you've ever needed a link to send someone to explain why OAuth secrets aren't safe in mobile apps, I made you a thing: https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps

  San Francisco, California, USA • 59°F

  13 likes 10 reposts 3 replies

  Tue, Jan 22, 2019 4:09pm -08:00 #oauth #oauth2 #api #security
• Darius Kazemi https://friend.camp/@darius

  @aaronpk Heh. As we used to say at the MMORPG company I used to work at: if it's on the client, assume it's compromised.

  San Francisco, California • 59°F

  Wed, Jan 23, 2019 12:24am +00:00 (liked on Tue, Jan 22, 2019 4:25pm -08:00)
• alianora https://cybre.space/@nightpool   •   Jan 23

  @aaronpk ....... who would ever assume this
  

  you'd be surprised how much of web security is not immediately obvious to people

  San Francisco, California • 59°F

  1 reply

  Tue, Jan 22, 2019 4:33pm -08:00
• alianora https://cybre.space/@nightpool   •   Jan 23

  @aaronpk also, your blog post doesn't immediately address the pinning case—lots of mobile apps pin their certificates now (which, again, is only as secure as far as the computing platform is .....)
  

  that solves a completely different problem (and creates new problems), but isn't related to the challenge of how to avoid embedding secrets

  San Francisco, California • 59°F

  1 reply

  Tue, Jan 22, 2019 4:38pm -08:00
• alianora https://cybre.space/@nightpool   •   Jan 23

  @aaronpk I agree, but there's a whole section on "HTTPS requests can be intercepted from mobile apps" that most developers will just ignore because they believe they Figured It Out
  

  ah yeah fair point. i'll mention that when i do the video version of this :-)

  San Francisco, California • 59°F

  Tue, Jan 22, 2019 4:41pm -08:00
• Soni L. https://cybre.space/@SoniEx2   •   Jan 23

  @aaronpk idea:

  ... don't use oauth?
  

  ... now you've got 2^128 problems

  San Francisco, California • 60°F

  Tue, Jan 22, 2019 4:45pm -08:00
• 

  at Novela

  San Francisco, California • Tue, January 22, 2019 5:12pm

  37.786927 -122.401246

  San Francisco, CA, United States • 60°F

  8 Coins

  Tue, Jan 22, 2019 5:12pm -08:00
• 

  at California Pizza Kitchen

  San Francisco, California • Tue, January 22, 2019 6:00pm

  37.786859 -122.402565

  San Francisco, CA, United States • 58°F

  7 Coins

  Tue, Jan 22, 2019 6:00pm -08:00
• Darius Kazemi https://friend.camp/@darius   •   Jan 23

  Tomorrow I go to San Francisco for a few days. Then home for a week. Then back to San Francisco for a week
  

  Come to home brew website club tomorrow night! I will hopefully be there too! http://tantek.com/2019/023/e1/homebrew-website-club-sf

  San Francisco, California • 57°F

  1 like 1 reply

  Tue, Jan 22, 2019 6:19pm -08:00
• Darius Kazemi https://friend.camp/@darius

  @aaronpk Oh awesome, I will almost certainly be there.

  I would, uh, RSVP except.... um maybe my goal for the event will be to figure out how to RSVP to events

  San Francisco, California • 57°F

  Wed, Jan 23, 2019 2:27am +00:00 (liked on Tue, Jan 22, 2019 6:28pm -08:00)
• 

  Veggie Pizza

  

  San Francisco, California, USA • 57°F

  Tue, Jan 22, 2019 6:54pm -08:00
• 

  at Hotel Union Square

  San Francisco, California • Tue, January 22, 2019 6:55pm

  37.785776 -122.407887

  Calling it a night

  San Francisco, CA, United States • 57°F

  1 like 10 Coins

  Tue, Jan 22, 2019 6:55pm -08:00
• I Tried to Block Amazon From My Life. It Was Impossible. (gizmodo.com)

  "Its global empire also includes Amazon Web Services (AWS), the vast server network that provides the backbone for much of the internet, as well as Twitch.tv, the broadcasting behemoth that is the backbone of the online gaming industry, and Whole Foods, the organic backbone of the yuppie diet. "

  Tue, Jan 22, 2019 8:53pm -08:00 #amazon #web #clickbait