Aaron Parecki

This is the problem with most JWT based systems around logout and revocation. I find this to be an anti-pattern and a very common one. Security here is sacrificed at the altar of scalability and statelessness. #tears

If a user “logs out” and the JWT isn’t invalidated they can still perform actions. Most distributed apps don’t notify all micro services a JWT is no longer valid and the micro service just goes “okay”. And for performance, the micro service doesn’t verify validity.

Slack is just an all day meeting with no agenda

wish i was bitcoin so someone would hold me

wish I was a deadline so someone would miss me

OH on Discord: “Hey, what is the minimum USD amount for an OAuth transfer”

(which is a mind-blowing concept if you’ve been around the protocol as long as I have)

OH on Discord: “Hey, what is the minimum USD amount for an OAuth transfer”

(which is a mind-blowing concept if you’ve been around the protocol as long as I have)

You know you could have just implemented edit and deployed it in an afternoon back in 2007 and we’d all have it today. I blame @blaine for the lack of the edit button.

Check twice a day, filter aggressively, only answer things that need an answer, try and keep replies under three sentences.

okay so as some people don't seem to know this is happening:

when someone replies to one of your posts asking you for your paypal / venmo / etc, there are bots that will IMMEDIATELY clone your account and reply with a payment link. they block your account in the same second.

My @vidsummit talk is ready to goooo! But I have a question for attendees....
Is your Wi-Fi on? 🍍🍍🍍

I'm going to invent the concept of the slash tag where instead of #files you can have a hierarchy like /folder/directory/file

Folks, do NOT buy the iPhone 13!

They developed it in just 1 year. The first iPhone took billions of years to make… how can we trust an iPhone which was developed so fast?!

Scam website hacked, replaced with different scam

Recently I learned about the Japanese concept of ikigai. We all have things that
• we're good at
• we can be paid for
• we love doing
• makes the world better

We all aim to be in a spot where we hit all 4. The diagram below helps explain how you feel when you hit 2 or 3 of 4

It's a fine line between "NIST calibrated and traceable production practices" and "Comes in NIST-inspired sizes!"

I actually do not agree with the characterization that PAR is an alternative to JAR. PAR complements JAR by profiling it down to a new endpoint called PAR Endpoint at AuthZ server. JAR is normatively required by PAR. #OAuth

A reminder that once you've upgraded to iOS 15, and you've saved your (California & others) COVID QR code, you can now import it into the Health app and view it there. QR is still visible, as is a JSON payload.