Aaron Parecki

K. Mike Merrill https://twitter.com/kmikeym • Feb 11
What’s your current setup for backing up power? (Video idea!)

Clearly I need to beef it up a bit, but right now I have a UPS on the network gear and also at my desk. It can keep things powered for about 30-40 minutes, and my internet is fiber so it stays online too

Portland, Oregon • 31°F

2 likes 4 replies

Thu, Feb 11, 2021 2:53pm -08:00
The power went out literally a minute after I finished hosting a workshop. Good timing I guess. Time to invest in some more batteries?

Portland, Oregon, USA • 32°F

10 likes 6 replies

Thu, Feb 11, 2021 2:11pm -08:00
James Tucker https://twitter.com/tucker_dev

Imagine gatekeeping an industry where one of the primary skills is Googling things.

Portland, Oregon • 32°F

Thu, Feb 11, 2021 12:37pm +00:00 (liked on Thu, Feb 11, 2021 2:08pm -08:00)
Nick Fiacco https://twitter.com/FiaccoNick • Feb 11
Is there a good way to verify the identity of a public app requesting an auth code?

No not really, that's why the redirect URL is so important to get right. It's not a great situation, but it would require cooperation from the OS in order to have a more secure flow. That said, it's also a relatively unlikely attack vector so people mostly don't worry about it.

Portland, Oregon • 33°F

1 like

Thu, Feb 11, 2021 12:51pm -08:00
Contributions from: Brazil, Germany, Hungary, India, Japan, Netherlands, Russian Federation, United Kingdom, United States

Thu, Feb 11, 2021 12:03pm -08:00
Hands-on introduction to OAuth 2.0

Feb

11

February 11, 2021 10:00am - 2:00pm (-0800)
Online

permalink #oauth #oreilly
Nick Fiacco https://twitter.com/FiaccoNick • Feb 11
Chances are I’m missing something— @aaronpk @leahculver does this make sense to either of you?

Yes, you're right, but that doesn't mean PKCE is not secure. This is just an inherent limitation of public clients that can't use a client secret. PKCE does solve several attacks, but it doesn't provide authentication of the app itself.

Portland, Oregon • 33°F

2 likes

Thu, Feb 11, 2021 9:58am -08:00
SmolCSS (smolcss.dev)

Thu, Feb 11, 2021 9:19am -08:00 #css
Shannon Morse wears a mask responsibly https://twitter.com/Snubs

Two convos with completely different context, but both mentioned “YouTube isn’t a real job”.

Bitch I bought a house and my car is paid off, YouTube is a real job.

Portland, Oregon • 33°F

Thu, Feb 11, 2021 6:32am +00:00 (liked on Thu, Feb 11, 2021 6:59am -08:00)
10:31pm
Asleep

6:01am
Awake

7h 30m
Slept

23m
Awake for

Portland, Oregon, USA • 33°F

Thu, Feb 11, 2021 6:01am -08:00
TikTok Habit https://twitter.com/tiktokhabit

I’m not a cat. https://vm.tiktok.com/ZMeRUgvkw/

Portland, Oregon • 39°F

Wed, Feb 10, 2021 10:43pm +00:00 (liked on Wed, Feb 10, 2021 9:46pm -08:00)
Jᵾlien Genestoux https://twitter.com/julien51 • Feb 11
Ideally though, an identity shouldn't have to be tied to a server, even if I own it?

That's one opinion yes. There are good arguments on both sides.

Portland, Oregon • 40°F

1 like 6 replies

Wed, Feb 10, 2021 7:22pm -08:00
https://v2.jacky.wtf

This is precisely what IndieAuth aims to do. And it’s literally something any service can implement today because it’s based on OAuth2 (y’all use this every day) https://twitter.com/arcalinea/status/1359686548430614531. It’s kinda amazing (and a lot simpler than the stuff the CredWeb is cranking out tbh)

Portland, Oregon • 40°F

permalink (liked on Wed, Feb 10, 2021 6:57pm -08:00)
Kevin Marks https://twitter.com/kevinmarks • Feb 11
That's very true, and the Wordpress plugin makes the case as well.

Yep although the WordPress plugin requires some active effort by the user. At least it’s just installing a plugin and not dealing with markup though.

Portland, Oregon • 40°F

8 replies

Wed, Feb 10, 2021 6:57pm -08:00
Sara 🍑y https://twitter.com/saradietschy

I think Sony makes more cameras than I make YouTube videos

Portland, Oregon • 40°F

Thu, Feb 11, 2021 2:39am +00:00 (liked on Wed, Feb 10, 2021 6:53pm -08:00)
Kevin Marks https://twitter.com/kevinmarks • Feb 11
That's part of it, though the RelMeAuth model can mitigate that to some extent. A lot of it is having a use case to authorise for. Micropub is one use case that can make sense to users

Nah, don’t forget that every micro.blog account is an IndieAuth account too. Users don’t need to have any knowledge of anything under the hood for that to work. We need more service providers to implement it more than anything.

Portland, Oregon • 40°F

4 likes 1 repost 10 replies

Wed, Feb 10, 2021 6:53pm -08:00
How did Google Talk change from a dream to a nightmare? – Huan Truong's Pensieve (www.tnhh.net)

Wed, Feb 10, 2021 3:11pm -08:00 #google #hangouts #im
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Feb, 2021 | Medium (medium.com)

Wed, Feb 10, 2021 9:51am -08:00 #security
Nick Gamb https://twitter.com/NickCGamb

But while the industry still clings to things like AD, and product teams throughout tech still demand support for password, we have to support it while offering a path to the future.

Portland, Oregon • 36°F

Wed, Feb 10, 2021 5:03pm +00:00 (liked on Wed, Feb 10, 2021 9:50am -08:00)
Nick Gamb https://twitter.com/NickCGamb

Yes, we all are fully aware that the password is the problem. Thats why the best identity platforms will support many different factors and will strive to be fully passwordless and platform agnostic (supporting new factors as they are created via standards)

Portland, Oregon • 36°F

Wed, Feb 10, 2021 5:03pm +00:00 (liked on Wed, Feb 10, 2021 9:50am -08:00)

older