Aaron Parecki

Cursed thought: what if I built a new community platform, written in Node or Go, that could import data from Known and which supported ActivityPub and web3 natively.

Pretty sure Gary will never go full time YouTube. I know how cushy the benefits of his day job career are. 😉👍

Well crap, just learned about a work trip coming up next month.

So let's make sure we synchronize calendars before doing any sort of Apple event.

I'll have my staff call your staff.

How did people remove blemishes for YouTube thumbnails before Photoshop?

I also hate that I know how to do this 😅

I miss being a kid afraid that Y2K will mess everything up. 💻🔥

Instead I'm over here in my 30s worried that climate change will destroy the planet and genuinely concerned if I'll ever actually get to use my 401k because the earth will be destroyed. 🌍🔥

Ah that's indeed a reasonable distinction. Still seems like solvable? Like Signal that uses a master identifier and then ephemeral (yet stable) ones?

Sure. I'm sure one could find a hashing function that would age well (I'm making an assumption :) but a lot of stuff breaks if one doesn't :)).

LMK if you run into a good formulation.

FWIW email may be a good analogy and source of inspiration. In browser land, SHA256(user + RP)@idp.example does the trick.

That was fast @aaronpk. Welcome :)

Oh yeah, that's intentional. It'd be interesting to explore what it could look like otherwise tho.

No, in the sense are these designed such that two different RPs get the same global identifier for the same user?

"Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique." -- ugh, is this a feature or a bug? I feel like this isn't going to age well :(

Ok, I did look into this more carefully and I remember running into this earlier.

How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?

@aaronpk on a related note: does any part of IndieAuth break when browsers block third party cookies?

For those who have renovated a basement for YouTube or streaming, about how much was the total project?

Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?

At the end of the day, OAuth is just a way to communicate between services and users, and as such it's easy to grasp and non-controversial.

OAuth solved a universal problem – signing into a web site – and, in doing so, created a new problem: how does a site know it's really you?

what I usually say to speakers is a rough title and 3-4 bullet points of what you want to cover as a start-I think why it's challenging is folks try to "sell" the talk from the get go, rather than refine the focus, then worry about selling it

Write the full talk, then train a neural net to summarize the transcript.