Aaron Parecki

Tommy Callaway https://twitter.com/tgcallaway • Nov 28
iMessage stories would be cool

No

Portland, Oregon • 41°F

1 like

Sat, Nov 28, 2020 6:17pm -08:00
jk https://twitter.com/karabaic • Nov 28
Is she union?

no but she does get free health care

Portland, Oregon • 41°F

1 like 1 reply

Sat, Nov 28, 2020 6:11pm -08:00
Kevin - Basic Filmmaker https://twitter.com/BasicFilmmaker • Nov 27
@aaronpk @AputureLighting @curtisjudd @D4Darious @deitymicrophone @FenchelJanisch @GeraldUndone @iFootage_HK @indymogul @jakesloaninak @podcastage @PostColorGear @sodarntom @SoundSpeedsYT @_terrywarfield @tgcallaway @worth_it_or_not
and oh so many more...

Aw thanks, and you too! I'm honored to be included in a list of such amazing creators! 😊

Portland, Oregon • 38°F

3 likes

Fri, Nov 27, 2020 9:01pm -08:00
Peter Holz https://twitter.com/nu4ur • Nov 26
Thanks! Rotation doesn't help against the theft itself, only alerts afterwards. I'm not familiar with sender constraints, but probably difficult to implement for public clients? Cookies would be a simple and proven solution, at least for *browser-based* public clients.

Yep I agree, there's a draft I'm planning on taking to the group to suggest exactly this.

Portland, Oregon • 50°F

1 like

Thu, Nov 26, 2020 4:06pm -08:00
Peter Holz https://twitter.com/nu4ur • Nov 26
Hi @aaronpk, do you know if any OAuth provider like Okta allows to set refresh tokens as HttpOnly cookie and whose token endpoint reads that cookie? Asking for a browser-based public client which can't safely store refresh tokens outside of memory otherwise.

That's non-standard behavior so I'm not sure anyone is doing that. But there is some discussion about bringing this idea into the working group for standardization.

Portland, Oregon • 47°F

1 like 2 replies

Thu, Nov 26, 2020 11:21am -08:00
Alessio Caiazza https://abisso.org/ • Nov 26

Implementing avatars timeline

This is a great idea!

Portland, Oregon • 46°F

Thu, Nov 26, 2020 9:52am -08:00
M. Brandon Lee | THIS IS TECH TODAY https://twitter.com/thisistechtoday • Nov 25
It’s always a goal but rarely does anyone succeed at getting a high number.

I had a test case where I had verbal call outs and when I didn’t. The one with call out had 7-15 people join. The video without?

Zero.

That video also had 5x more views than the others.

Data! 📊🤓

This is good anecdotal data! I will also say I rarely watch videos in full screen, so the like button is always right there. The rare exception is something I've decided ahead of time to watch more immersively like a movie, and chances are I'm already subscribed anyway

Portland, Oregon • 44°F

1 like

Tue, Nov 24, 2020 9:58pm -08:00
Jeremy Fiel https://twitter.com/jeremyfiel • Nov 24
@aaronpk i found you on youtube while messing with my atem mini and now you're popping up everywhere for oauth stuff i'm working on. very cool! 👍

haha thanks! Not traveling for workshops this year has meant I've had a lot more time to make video content both for oauth and livestreaming stuff!

Portland, Oregon • 50°F

1 reply

Tue, Nov 24, 2020 2:06pm -08:00
Thorbjørn Ellefsen https://twitter.com/sciencedefence • Nov 24
I am not sure. Everything looked OK. Their support does not reply.

I'll email them too, I'm having a problem with the Kindle version and need to sort that out anyway.

Portland, Oregon • 48°F

1 reply

Tue, Nov 24, 2020 1:02pm -08:00
Thorbjørn Ellefsen https://twitter.com/sciencedefence • Nov 24
@Luludotcom I guess you will not provide me with the download link to my purchase of @aaronpk book OAuth 2.0 simplified. Hope you spend my money well.

What's wrong? Did something go wrong with the checkout process? I can try to take a look.

Portland, Oregon • 48°F

5 replies

Tue, Nov 24, 2020 1:00pm -08:00
Peter Holz https://twitter.com/nu4ur • Nov 24
Hi @aaronpk, what credentials should the RS use for the token introspection with the AS? These Okta blog posts on the CC flow all seem to use the client credentials. But isn't this bad?

https://developer.okta.com/blog/2020/11/18/build-a-graphql-nodejs-api
https://developer.okta.com/blog/2020/07/17/secure-node-api-with-koa
https://developer.okta.com/blog/2018/08/21/build-secure-rest-api-with-node

Usually you'll create a new set of client credentials that represents the resource server, since the OAuth client shouldn't be introspecting tokens. There isn't really any other form of authentication for the API so it's kind of an overloading of the term "client credentials"

Portland, Oregon • 48°F

1 like

Tue, Nov 24, 2020 12:38pm -08:00
Keith Bennett https://twitter.com/keith51032020 • Nov 24
That's so early..... Do I get a sneak peak before it's I read your mind?

I don't think I can do that with a scheduled video unfortunately!

Portland, Oregon • 45°F

Mon, Nov 23, 2020 7:03pm -08:00
Keith Bennett https://twitter.com/keith51032020 • Nov 24
@aaronpk Any new thoughts now on the YoloBox video switcher? SInce ATEM ISO? Have a friend asking.

Funny you should ask... I literally just finished editing a video about it, it'll be live at 6:15am pacific tomorrow!

Portland, Oregon • 46°F

3 replies

Mon, Nov 23, 2020 6:54pm -08:00
Grégoire Gaonach 🌻🇪🇺 https://twitter.com/GregoireGaonach • Nov 23
@aaronpk Hi Aaron! Thank you very much for your work on your youtube channel. I have a question for you :

What are your thoughts on PTZ cameras for live stream?

Thanks! I haven't actually used any of my own because they're just so expensive. I've used some when doing gigs at a venue that has them installed. The picture off them leaves something to be desired too, but maybe they've gotten better now.

Portland, Oregon • 45°F

1 like 1 reply

Mon, Nov 23, 2020 8:23am -08:00
˗ˏˋ Doug Belshaw ˎˊ˗ 🇪🇺☠️✊: https://fosstodon.org/@dajbelshaw • Nov 22
@aaronpk That's amazing, but firmly in the realms of WHY?! for most people

fair, but so is Mastodon

Portland, Oregon • 43°F

1 reply

Sun, Nov 22, 2020 11:39am -08:00
˗ˏˋ Doug Belshaw ˎˊ˗ 🇪🇺☠️✊: https://fosstodon.org/@dajbelshaw • Nov 22
@petermolnar Commenting on someone else's website by logging into your own site is barely intuitive for *me* never mind anyone else.
As I've said before, it feels like a bunch of guys in their 40s and 50s trying to rewind time.
Actually, this conversation has solidified my position, so thanks! 😅

Check out my "social readers" demos and talks. I'm commenting on this post using an interface that looks a lot like Twitter/Mastodon, except it results in creating a post on my website. It's actually very similar to how Mastodon works. https://indieweb.org/social_reader

Portland, Oregon • 43°F

1 like 1 reply

Sun, Nov 22, 2020 11:26am -08:00
ariel https://bsd.network/@ariel • Nov 21
@aaronpk
If you're in the USA, sign up for the USPS's Informed Delivery too. They show you pictures of the mail you're about to get.

Yeah I have that too, it's great!

Portland, Oregon • 38°F

Sat, Nov 21, 2020 6:31am -08:00
Simon Willison https://twitter.com/simonw • Nov 19
This seems to contradict the spec - https://github.com/simonw/datasette-indieauth/issues/21#issuecomment-730485391

That's for the final profile URL. The user can enter something different at the start, and if that contains a username component then the trick works.

Portland, Oregon • 46°F

Thu, Nov 19, 2020 8:25am -08:00
Blaine Cook https://twitter.com/blaine • Nov 19
I don't agree that it's completely glossed over - there is a registration protocol, it's just not widely implemented. The intent could be better stated, for sure, but I think IA's emphasis is too far the other way. My ideal is something in-between IndieAuth and OIDC, I think! 😊

take a look at my activitypub conference talk, starting at 11:50, I address the UX aspect of it here: https://aaronparecki.com/2020/09/22/25/activitypub-oauth-2-1#t=710

also happy to set up a time to chat about this instead! I think we have a lot of similar goals!

Portland, Oregon • 47°F

2 likes

Wed, Nov 18, 2020 10:26pm -08:00
Blaine Cook https://twitter.com/blaine • Nov 19
My goal is to enable secure, simple federated identity. Authentication is a core bit of functionality in that regard. Obviously supporting non-corporate identities is critical, but forcing everyone to be 'indie' is a mistake, I think.

nobody said "force". my goal is to *enable* indie identities, something that is pretty much completely glossed over by the current OIDC ecosystem.

Portland, Oregon • 47°F

1 like 1 reply

Wed, Nov 18, 2020 10:17pm -08:00

older

Aaron Parecki

Implementing avatars timeline