Aaron Parecki

Justin Richer https://twitter.com/justin__richer • Jul 29
We need a word for "something that is optional but will break everything if you don't do it so we enforce it anyway". It's a defacto-must of some kind?

"SHOULD, NO REALLY"

Seattle, Washington

3 likes

Mon, Jul 29, 2019 10:55pm -07:00
Boomrang https://twitter.com/boomrang99 • Jul 29
Thanks for the response. I am trying to understand the specifics of the risk involved here. The site itself is HTTPS however the load balancer/proxy infra sometimes redirect to HTTP for the callback URL

Everything that the user's browser touches has to be HTTPS.

This document talks about the details of several related attacks if you're interested https://tools.ietf.org/html/draft-ietf-oauth-security-topics

Portland, Oregon

1 like 2 replies

Mon, Jul 29, 2019 8:41am -07:00
Balaji S. Srinivasan https://twitter.com/balajis • Jul 25
Yeah. I think the right model may be to use Postgres or traditional DBs for *most* of the system, and a blockchain for the parts people will fight over.

So things like upvotes, likes, follower counts — and of course money.

We haven’t seen systems consciously built this way yet.

What I'm saying is I actually don't think a global number of likes on a post is even a good idea. What's more interesting is how many ppl within my own network have liked a post.

Otherwise we're just mirroring Twitter along with all the negative behaviors that come with it.

Montréal, Québec, CAN

2 likes 2 reposts 1 reply

Thu, Jul 25, 2019 3:03pm -04:00
Balaji S. Srinivasan https://twitter.com/balajis • Jul 25
Great q.

I’d argue that many social apps make use of global consensus on at least *some* values. Could be upvotes vs user counts.

If you can get global consensus on one byte, you can run it again to get global consensus on N bytes (possibly with some upper limit on N).

And I'd argue that global consensus is unrealistic and unnecessary, and pursuing it comes at the cost of too many other useful properties.

Local consensus is more useful and easier to achieve, and still results in perfectly functional systems.

Montréal, Québec, CAN

1 like

Thu, Jul 25, 2019 2:55pm -04:00
Balaji S. Srinivasan https://twitter.com/balajis • Jul 25
Yeah. But here’s an interesting factor I think about frequently.

Basically, getting global consensus on one integer (user count) in an implicitly adversarial distributed system like Mastodon was a challenge.

Crypto solves that problem.
https://ansuz.sooke.bc.ca/entry/335

Why is a global consensus on user count a required (or even an important) feature?

That doesn't even model real-world relationships, and plenty of systems work completely fine without that.

Montréal, Québec, CAN

1 like

Thu, Jul 25, 2019 2:44pm -04:00
Sara 🍑y https://twitter.com/saradietschy • Jul 25
NEW RX100 VII HAS A MIC JACK.

SOLD

Montréal, Québec

1 like

Thu, Jul 25, 2019 10:52am -04:00
Aaron Parecki https://aaronparecki.com/ • Jul 25
There’s nothing like sitting in on the #ietf TLS meeting to make you realize how little you actually know about how the internet works

I'm also very glad I can use TLS without really knowing how it works.

Montréal, Québec, CAN

6 likes 1 repost 1 reply

Thu, Jul 25, 2019 10:48am -04:00
Jason Garber https://twitter.com/jgarber • Jul 25
@aaronpk OAuth question when you have a sec:

1. User clicks “sign in with XYZ” on my app,
2. User bounces to XYZ’s auth flow,
3. User cancels, denies, etc.,
4. User is bounced to my app’s /auth/failure page.

What’s the “right” HTTP status code for my app’s /auth/failure page?

It doesn’t really matter because the only thing receiving that response code is the user’s browser, I’d just use a 200.

Montréal, Québec

1 repost 1 reply

Thu, Jul 25, 2019 10:24am -04:00
Boris Mann https://twitter.com/bmann • Jul 25
sure. Trying to do my part in letting the youths know there IS history here ;)

A noble effort but they’re just gonna ignore it and do it anyway :-)

Montréal, Québec

Thu, Jul 25, 2019 10:23am -04:00
Boris Mann https://twitter.com/bmann • Jul 25
Back in round one of identity wars, this was called the “NASCAR problem” - so many logos to choose from.

https://indieweb.org/NASCAR_problem

History will always repeat itself

Montréal, Québec

Thu, Jul 25, 2019 10:19am -04:00
Aaron Parecki https://aaronparecki.com/ • Jul 23
Alright let's try this again. On a new flight from LaGuardia to Boston, and the rain has subsided. Still an active flash flood warning.

It looks like we're going to take off here, so far no mentions of delays.

If this works, I'm going to be getting in just an hour before the meeting in Montreal.

Montreal flight is only 20 minutes delayed, pushing back from the gate now!

Scheduled to arrive at 12:18 now, hopefully clearing border control is quick!

East Boston, Massachusetts, USA

Tue, Jul 23, 2019 11:03am -04:00
Aaron Parecki https://aaronparecki.com/

New York to Boston, Boston to Montreal

Delta 717-200

Flushing, New York, USA

Tue, Jul 23, 2019 5:37am -04:00
Stephanie Rieger 🏴󠁧󠁢󠁳󠁣󠁴󠁿🇨🇦🇪🇺🍵 https://twitter.com/stephanierieger • Jul 22
😱 Safe travels. No lightning storms expected here until next week, but it will be very hot starting mid-week!

Thanks! As long as it's not hot *and* muggy I don't mind

New York, New York

Mon, Jul 22, 2019 9:04pm -04:00
ᛚᛖᛁᚠ Warner https://twitter.com/pdxleif • Jul 23
Just below this tweet on my feed was: https://twitter.com/Diane_7A/status/1153459871452467200

omg everyone on the plane got an emergency alert for flash flooding but I had no idea it was that bad!

Jersey City, New Jersey, USA

1 like

Mon, Jul 22, 2019 8:53pm -04:00
Aaron Parecki https://aaronparecki.com/ • Jul 22
yeah so this is why we haven't been able to take off yet ✈️🌩 ⚡️

Update: pretty much all @United flights from Newark tonight were cancelled.

I booked a new flight from LaGuardia to Boston to Montreal leaving at 6am tomorrow morning. With any luck I'll arrive just in time for the OAuth meeting!

Crossing my fingers for no more storms tomorrow!

Newark, New Jersey, USA

2 likes 1 reply

Mon, Jul 22, 2019 8:49pm -04:00
Aaron Parecki https://aaronparecki.com/ • Jul 22
oh no, I may have spoken too soon. Sat on the runway for an hour and we're returning to the gate. The lightning is keeping planes on the ground here.

yeah so this is why we haven't been able to take off yet ✈️🌩 ⚡️

Newark, New Jersey, USA

3 likes 5 replies

Mon, Jul 22, 2019 6:26pm -04:00
Aaron Parecki https://aaronparecki.com/ • Jul 22
Shoutout to the very nice @United agent who spent an hour on the phone with me to bump me to this earlier flight and got me a ticket while it was boarding. Now departing 30m later than the original Air Canada flight, but it was then completely cancelled so I guess that's a win.

oh no, I may have spoken too soon. Sat on the runway for an hour and we're returning to the gate. The lightning is keeping planes on the ground here.

Newark, New Jersey, USA

1 reply

Mon, Jul 22, 2019 5:53pm -04:00
Christopher Lemmer Webber https://twitter.com/dustyweb • Jul 22
I also think the hotel key isn't as useful for ocaps as a car key, because people often think of a hotel key as being associated with your identity, and a car key isn't.

..but a hotel key explicitly isn't associated with your identity, which is why the analogy works! You know how you get multiple keys when you check in, and it's expected that any guest of the room can use them?

Billings, Montana

1 like

Mon, Jul 22, 2019 10:52am -06:00
Dan Brickley https://twitter.com/danbri • Jul 22
i have been complaining about this for years wrt oauth! it's how Iearned about valet keys. Maybe they're totally normal to some, but it smells of privilege somehow...

I never liked the valet key analogy, especially as someone who only briefly owned a 1985 Volvo and now owns 0 cars. I use a hotel key analogy in my talks, which I think is more relatable, but I am still looking for an analogy that doesn't require as much privilege to relate to.

Coffeyville, Kansas, USA

2 likes 3 replies

Mon, Jul 22, 2019 9:19am -06:00
Annika Backstrom https://xoxo.zone/@annika • Jul 22
@uint8_t I take some shortcuts in service of a system that's more manageable to me:
* No hierarchy, just top-level folders to group similar photos (e.g. trips, events, photoshoots)
* ISO-8601 date prefix on folders
* Multi-day events just get grouped under one day, don't overthink it
* Catch-all month folders for misc photos
* Photos get uploaded from my phone to an "Inbox" on my Synology NAS automatically (graph counts items in the Inbox)
* Periodically sort things (graph go down??)

Out of curiosity, do you treat photos from your phone and photos from a real camera or real photo shoot differently?

Right now I have a organization system similar to yours for my DSLR photos, but all my phone photos go to Flickr in a gigantic unsorted pile. I hadn't really considered combining them, but the system you described here seems like it might work for both my kinds of photos.

Portland, Oregon

1 reply

Sun, Jul 21, 2019 5:42pm -07:00

older

Aaron Parecki

New York to Boston, Boston to Montreal