60°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • Justin Richer https://twitter.com/justin__richer   •   Jul 29
    We need a word for "something that is optional but will break everything if you don't do it so we enforce it anyway". It's a defacto-must of some kind?
    Aaron Parecki
    "SHOULD, NO REALLY"
    Seattle, Washington
    3 likes
    Mon, Jul 29, 2019 10:55pm -07:00
  • Boomrang https://twitter.com/boomrang99   •   Jul 29
    Thanks for the response. I am trying to understand the specifics of the risk involved here. The site itself is HTTPS however the load balancer/proxy infra sometimes redirect to HTTP for the callback URL
    Aaron Parecki
    Everything that the user's browser touches has to be HTTPS.

    This document talks about the details of several related attacks if you're interested https://tools.ietf.org/html/draft-ietf-oauth-security-topics
    Portland, Oregon
    1 like 2 replies
    Mon, Jul 29, 2019 8:41am -07:00
  • Balaji S. Srinivasan https://twitter.com/balajis   •   Jul 25
    Yeah. I think the right model may be to use Postgres or traditional DBs for *most* of the system, and a blockchain for the parts people will fight over.

    So things like upvotes, likes, follower counts — and of course money.

    We haven’t seen systems consciously built this way yet.
    Aaron Parecki
    What I'm saying is I actually don't think a global number of likes on a post is even a good idea. What's more interesting is how many ppl within my own network have liked a post.

    Otherwise we're just mirroring Twitter along with all the negative behaviors that come with it.
    Montréal, Québec, CAN
    2 likes 2 reposts 1 reply
    Thu, Jul 25, 2019 3:03pm -04:00
  • Balaji S. Srinivasan https://twitter.com/balajis   •   Jul 25
    Great q.

    I’d argue that many social apps make use of global consensus on at least *some* values. Could be upvotes vs user counts.

    If you can get global consensus on one byte, you can run it again to get global consensus on N bytes (possibly with some upper limit on N).
    Aaron Parecki
    And I'd argue that global consensus is unrealistic and unnecessary, and pursuing it comes at the cost of too many other useful properties.

    Local consensus is more useful and easier to achieve, and still results in perfectly functional systems.
    Montréal, Québec, CAN
    1 like
    Thu, Jul 25, 2019 2:55pm -04:00
  • Balaji S. Srinivasan https://twitter.com/balajis   •   Jul 25
    Yeah. But here’s an interesting factor I think about frequently.

    Basically, getting global consensus on one integer (user count) in an implicitly adversarial distributed system like Mastodon was a challenge.

    Crypto solves that problem.
    https://ansuz.sooke.bc.ca/entry/335
    Aaron Parecki
    Why is a global consensus on user count a required (or even an important) feature?

    That doesn't even model real-world relationships, and plenty of systems work completely fine without that.
    Montréal, Québec, CAN
    1 like
    Thu, Jul 25, 2019 2:44pm -04:00
  • Sara 🍑y https://twitter.com/saradietschy   •   Jul 25
    NEW RX100 VII HAS A MIC JACK.
    Aaron Parecki
    SOLD
    Montréal, Québec
    1 like
    Thu, Jul 25, 2019 10:52am -04:00
  • Aaron Parecki https://aaronparecki.com/   •   Jul 25
    There’s nothing like sitting in on the #ietf TLS meeting to make you realize how little you actually know about how the internet works
    Aaron Parecki
    I'm also very glad I can use TLS without really knowing how it works.
    Montréal, Québec, CAN
    6 likes 1 repost 1 reply
    Thu, Jul 25, 2019 10:48am -04:00
  • Jason Garber https://twitter.com/jgarber   •   Jul 25
    @aaronpk OAuth question when you have a sec:

    1. User clicks “sign in with XYZ” on my app,
    2. User bounces to XYZ’s auth flow,
    3. User cancels, denies, etc.,
    4. User is bounced to my app’s /auth/failure page.

    What’s the “right” HTTP status code for my app’s /auth/failure page?
    Aaron Parecki
    It doesn’t really matter because the only thing receiving that response code is the user’s browser, I’d just use a 200.
    Montréal, Québec
    1 repost 1 reply
    Thu, Jul 25, 2019 10:24am -04:00
  • Boris Mann https://twitter.com/bmann   •   Jul 25
    sure. Trying to do my part in letting the youths know there IS history here ;)
    Aaron Parecki
    A noble effort but they’re just gonna ignore it and do it anyway :-)
    Montréal, Québec
    Thu, Jul 25, 2019 10:23am -04:00
  • Boris Mann https://twitter.com/bmann   •   Jul 25
    Back in round one of identity wars, this was called the “NASCAR problem” - so many logos to choose from.

    https://indieweb.org/NASCAR_problem
    Aaron Parecki
    History will always repeat itself
    Montréal, Québec
    Thu, Jul 25, 2019 10:19am -04:00
  • Aaron Parecki https://aaronparecki.com/   •   Jul 23
    Alright let's try this again. On a new flight from LaGuardia to Boston, and the rain has subsided. Still an active flash flood warning.

    It looks like we're going to take off here, so far no mentions of delays.

    If this works, I'm going to be getting in just an hour before the meeting in Montreal.
    Aaron Parecki
    Montreal flight is only 20 minutes delayed, pushing back from the gate now!

    Scheduled to arrive at 12:18 now, hopefully clearing border control is quick!
    East Boston, Massachusetts, USA
    Tue, Jul 23, 2019 11:03am -04:00
  • Aaron Parecki https://aaronparecki.com/

    New York to Boston, Boston to Montreal

    Aaron Parecki
    Delta 717-200
    Flushing, New York, USA
    Tue, Jul 23, 2019 5:37am -04:00
  • Stephanie Rieger 🏴󠁧󠁢󠁳󠁣󠁴󠁿🇨🇦🇪🇺🍵 https://twitter.com/stephanierieger   •   Jul 22
    😱 Safe travels. No lightning storms expected here until next week, but it will be very hot starting mid-week!
    Aaron Parecki
    Thanks! As long as it's not hot *and* muggy I don't mind
    New York, New York
    Mon, Jul 22, 2019 9:04pm -04:00
  • ᛚᛖᛁᚠ Warner https://twitter.com/pdxleif   •   Jul 23
    Just below this tweet on my feed was: https://twitter.com/Diane_7A/status/1153459871452467200
    Aaron Parecki
    omg everyone on the plane got an emergency alert for flash flooding but I had no idea it was that bad!
    Jersey City, New Jersey, USA
    1 like
    Mon, Jul 22, 2019 8:53pm -04:00
  • Aaron Parecki https://aaronparecki.com/   •   Jul 22
    yeah so this is why we haven't been able to take off yet ✈️🌩 ⚡️
    Aaron Parecki
    Update: pretty much all @United flights from Newark tonight were cancelled.

    I booked a new flight from LaGuardia to Boston to Montreal leaving at 6am tomorrow morning. With any luck I'll arrive just in time for the OAuth meeting!

    Crossing my fingers for no more storms tomorrow!
    Newark, New Jersey, USA
    2 likes 1 reply
    Mon, Jul 22, 2019 8:49pm -04:00
  • Aaron Parecki https://aaronparecki.com/   •   Jul 22
    oh no, I may have spoken too soon. Sat on the runway for an hour and we're returning to the gate. The lightning is keeping planes on the ground here.
    Aaron Parecki
    yeah so this is why we haven't been able to take off yet ✈️🌩 ⚡️
    Newark, New Jersey, USA
    3 likes 5 replies
    Mon, Jul 22, 2019 6:26pm -04:00
  • Aaron Parecki https://aaronparecki.com/   •   Jul 22
    Shoutout to the very nice @United agent who spent an hour on the phone with me to bump me to this earlier flight and got me a ticket while it was boarding. Now departing 30m later than the original Air Canada flight, but it was then completely cancelled so I guess that's a win.
    Aaron Parecki
    oh no, I may have spoken too soon. Sat on the runway for an hour and we're returning to the gate. The lightning is keeping planes on the ground here.
    Newark, New Jersey, USA
    1 reply
    Mon, Jul 22, 2019 5:53pm -04:00
  • Christopher Lemmer Webber https://twitter.com/dustyweb   •   Jul 22
    I also think the hotel key isn't as useful for ocaps as a car key, because people often think of a hotel key as being associated with your identity, and a car key isn't.
    Aaron Parecki
    ..but a hotel key explicitly isn't associated with your identity, which is why the analogy works! You know how you get multiple keys when you check in, and it's expected that any guest of the room can use them?
    Billings, Montana
    1 like
    Mon, Jul 22, 2019 10:52am -06:00
  • Dan Brickley https://twitter.com/danbri   •   Jul 22
    i have been complaining about this for years wrt oauth! it's how Iearned about valet keys. Maybe they're totally normal to some, but it smells of privilege somehow...
    Aaron Parecki
    I never liked the valet key analogy, especially as someone who only briefly owned a 1985 Volvo and now owns 0 cars. I use a hotel key analogy in my talks, which I think is more relatable, but I am still looking for an analogy that doesn't require as much privilege to relate to.
    Coffeyville, Kansas, USA
    2 likes 3 replies
    Mon, Jul 22, 2019 9:19am -06:00
  • Annika Backstrom https://xoxo.zone/@annika   •   Jul 22

    @uint8_t I take some shortcuts in service of a system that's more manageable to me:

    * No hierarchy, just top-level folders to group similar photos (e.g. trips, events, photoshoots)
    * ISO-8601 date prefix on folders
    * Multi-day events just get grouped under one day, don't overthink it
    * Catch-all month folders for misc photos
    * Photos get uploaded from my phone to an "Inbox" on my Synology NAS automatically (graph counts items in the Inbox)
    * Periodically sort things (graph go down??)

    Aaron Parecki
    Out of curiosity, do you treat photos from your phone and photos from a real camera or real photo shoot differently?

    Right now I have a organization system similar to yours for my DSLR photos, but all my phone photos go to Flickr in a gigantic unsorted pile. I hadn't really considered combining them, but the system you described here seems like it might work for both my kinds of photos.
    Portland, Oregon
    1 reply
    Sun, Jul 21, 2019 5:42pm -07:00
older

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv