Aaron Parecki

Aaron Parecki https://aaronparecki.com/ • Dec 1
welp, managed to go a whole year without a major airline snafu until my last work trip of the year. Flight from Miami to Portland was cancelled, and all the other options from Miami were bad. So I'm taking the Brightline train to Orlando and getting on a direct flight to Portland tonight!

well I made it to Orlando with plenty of time to spare! Full writeup of the high-speed train experience is coming shortly. Now I just have to cross my fingers that the next flight actually takes off.

Orlando, Florida, USA • 77°F

Fri, Dec 1, 2023 6:03pm -05:00
Brian Richards https://indieweb.social/@rzen • Dec 1
@aaronpk hey, not too bad as far as travel snafus, go. Still annoying and inconvenient, but an impressive streak nevertheless!
What's the delta between your final arrival time and the original? And did the airline cover the cost of the alternative arrangements?

I will withhold judgment on that until I get home. Original flight was going to land at 2pm, now I get back at 10pm. They won't cover the train because that was my choice but I am more interested in a train and long flight than two shorter flights.

Alaska Flight 337 FLL to PDX in Deerfield Beach, Florida • 83°F

Fri, Dec 1, 2023 1:31pm -05:00
Matěj Cepl 🇪🇺 🇨🇿 https://floss.social/@mcepl • Nov 30
@aaronpk I am certainly not the first one who noticed that the former champion of use-your-own-server and #Indieweb has as his three links only corporate monosilos, right?

Not sure what you mean by "as his three links" since there are 4 links in my ActivityPub profile, the first of which is my blog. I'm probably going to remove Twitter soon since I haven't even posted there since June. I do run my own git server, but not for public stuff.

Miami Beach, Florida, USA • 68°F

1 reply

Thu, Nov 30, 2023 7:28am -05:00
Aaron Parecki https://aaronparecki.com/ • Dec 25

Habanero Hot Sauce

Made 116oz of hot sauce! First batch of hot sauce in the new place!

The last batch was from April which was a pretty good run. We did run out a week or two ago and broke in to the backup Secret Aardvark stash but that's gone as of this morning.

Portland, Oregon, USA • 37°F

Mon, Nov 27, 2023 9:33pm -08:00
Miraz https://micro.blog/Miraz • Nov 20
@aaronpk Your unbelievably cute kitties?

Yes! They settled right in to their new home as if they owned the place

Portland, Oregon • 37°F

Mon, Nov 20, 2023 6:54am -08:00
jeremycherfas https://micro.blog/jeremycherfas • Nov 13
@aaronpk Super glad to hear this, although I think I will wait for the release.

No worries! I'm running it on a test phone until I'm confident that it's working as expected too.

Portland, Oregon • 51°F

Mon, Nov 13, 2023 1:04pm -08:00
Shauna GM https://social.coop/@shauna • Oct 31
@JMMaok @dajb I am looking for:
- ability to create recurring events (or at the very least, easily duplicate and edit events)
- automated confirmation and reminder emails that can be customized with ie a zoom link
- custom sign up forms
Ideally also:
- has a calendar integration or provides an .ics feed, so events automatically populate our public calendar
- has a zoom or other videochat integration so I don't need to separately set that up

This is a great list of features! Meetable https://github.com/aaronpk/Meetable supports some of these:

- quickly clone an event
- ics feed for the site as well as tags
- schedule a zoom meeting when creating an event

It's missing any actual signup or email stuff though, it's meant more as a discovery tool to push viewers to the actual ticketing website. I've been hesitant to expand it to include ticketing, but might be able to be talked into it.

Portland, Oregon, USA • 59°F

Tue, Oct 31, 2023 2:59pm -07:00
John Peart https://www.johnpe.art • Oct 31

Making “Web mentions” look more conversational

That's very cute!

Portland, Oregon • 43°F

Tue, Oct 31, 2023 8:38am -07:00
About sending pingbacks, webmentions and some thoughts on how to improve on them.

The Webmention spec doesn't make any assumptions about the content of the page, and that was intentional. Interpreting the content of the page to decide what to do with the Webmention is typically done by parsing the Microformats on the page. There's more info here: https://indieweb.org/comments

Portland, Oregon • 43°F

1 mention

Tue, Oct 31, 2023 7:25am -07:00
Aaron Ogle https://fosstodon.org/@geekgonecrazy • Oct 26
@aaronpk is pkce used very often? When I was initially implementing pkce in a few cli tools I didn’t see a lot of people talking about it. Most people I talk to are familiar with oauth but you mention pkce and they don’t know it

CLI tools are a bit of a special case, but if you're using the auth code flow with a CLI client, then you should also definitely use PKCE.

Portland, Oregon • 43°F

Thu, Oct 26, 2023 9:21am -07:00
Aaron Ogle https://fosstodon.org/@geekgonecrazy • Oct 26
@aaronpk is pkce used very often? When I was initially implementing pkce in a few cli tools I didn’t see a lot of people talking about it. Most people I talk to are familiar with oauth but you mention pkce and they don’t know it

It's used pretty often, but apparently not as often as it should. There's no excuse for not using it these days, that's why it's not called PKCE in OAuth 2.1, it's just built in to the authorization code flow.

Portland, Oregon • 43°F

Thu, Oct 26, 2023 9:08am -07:00
Aaron Parecki https://aaronparecki.com/ • Oct 26
This is a good writeup on some sneaky vulnerabilities in OAuth implementations, but ultimately is just a simple access token injection attack: https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts

tl;dr: Don't accept access tokens in your redirect URI (don't use the implicit flow)

PKCE solves this attack and is enforced by the server rather than relying on client developers to "verify the access token" as described in the post

Portland, Oregon, USA • 42°F

4 likes 2 reposts 1 reply

Thu, Oct 26, 2023 8:51am -07:00 #oauth
Paul Robert Lloyd https://paulrobertlloyd.com/ • Oct 25

A cohesive and unified identity for IndieWeb protocols

These are really great! I like what you've done here!

Portland, Oregon, USA • 46°F

Wed, Oct 25, 2023 12:21pm -07:00
ocdtrekkie https://mastodon.social/@ocdtrekkie • Oct 23
@aaronpk I mean, you never know when you'll need to be wired for ceiling mics.

Easy to do now, almost impossible to do later, so why not!

Portland, Oregon • 54°F

Sun, Oct 22, 2023 9:31pm -07:00
rmdes https://micro.blog/rmdes • Oct 8
@aaronpk my English isn't so good, and not my primary language.. so I always thought that it meant literally for the email to arrive in the inbox well (not in spam) , and not about the state, well-being of the receiving end 😅

That's fantastic, from now on I am going to interpret this as such

Portland, Oregon • 79°F

Sun, Oct 8, 2023 4:18pm -07:00
Marty McGuire https://martymcgui.re/ • Sep 23

This map is made for you and me

thanks a lot, that song has been stuck in my head all afternoon now

Portland, Oregon • 57°F

1 mention

Sat, Sep 23, 2023 7:52pm -07:00
Emelia 👸🏻 https://hachyderm.io/@thisismissem • Sep 19
@aaronpk I've seen that, but haven't yet fully looked at it.. it always looked so... financial related?

Yeah that is an artifact of its origins, but they took "Financial" out of the name and now it's just "FAPI". Think of it as just a high-security profile, one which would likely be useful for financial related industries and others with similar concerns.

Dallas, Texas • 94°F

1 like 1 reply

Tue, Sep 19, 2023 4:19pm -05:00
Emelia 👸🏻 https://hachyderm.io/@thisismissem • Sep 19
@aaronpk that's perhaps fair, though I think OIDC smooths out a lot of OAuth 2.0's rough edges

If you want to see a profile that *really* smoothes out the rough edges, check out the OpenID FAPI profile. The whole goal of that is high security and interoperability. OpenID core is still pretty loose.

Dallas, Texas • 94°F

1 like 1 reply

Tue, Sep 19, 2023 4:10pm -05:00
Evan Prodromou https://cosocial.ca/@evan • Sep 17
I started a FEP to define an #OAuth 2.0 profile for the #ActivityPub API (“c2s”):
https://codeberg.org/fediverse/fep/pulls/162
I’d appreciate any feedback or support. I’ve begun implementing this profile, and I think it’s testing out pretty well.

I see the proposal has just been merged and now links out to a socialhub link? Where is the best place to continue discussing this? I have ... a lot of feedback as you might imagine.

https://socialhub.activitypub.rocks/t/fep-d8c2-oauth-2-0-profile-for-the-activitypub-api/3575

Dallas, Texas, USA • 93°F

1 like 1 reply

Tue, Sep 19, 2023 3:42pm -05:00
Emelia 👸🏻 https://hachyderm.io/@thisismissem • Sep 17
@evan no, I mean, I don't see why it'd make sense to define a custom profile of OAuth 2.0 when OIDC exists and we could just use it?
What does defining a custom profile really give us? Our authentication needs can't be that unique, can they?

there is no "just use" OIDC, it would still require defining a profile. Plus I don't think most ActivityPub implementations benefit from most of the features OIDC brings.

Dallas, Texas, USA • 93°F

1 reply

Tue, Sep 19, 2023 3:40pm -05:00