Aaron Parecki

Amr Eldib https://www.amreldib.com • May 10
I had to change the timezone myself using the web site. It's somewhere in the General settings. Maybe you have a different model.

@amreldib yeah I'm skeptical it's going to automatically figure out my sleep patterns while traveling, despite the app knowing my location

Portland, Oregon, USA

Wed, May 10, 2017 11:04am -07:00
So far @FitBit has been doing a surprisingly good job of tracking my sleep. Tomorrow, we'll find out how well it handles timezone changes.

Portland, Oregon, USA

2 replies

Wed, May 10, 2017 10:09am -07:00 #qs
Bret Comnes https://bret.io • May 9
Sorry I'm out of the loop. Websub is the next version of pubsubhubbub?

@uhhyeahbret Yeah! It's functionally the same, clearing up some ambiguities and improving the language. Hopefully see you tonight at HWC?

Portland, Oregon, USA

1 reply

Wed, May 10, 2017 8:58am -07:00 #websub
Just finished the @W3C #WebSub test suite! Try subscribing to the test feeds at https://websub.rocks and submit an implementation report!

Portland, Oregon, USA

11 likes 7 reposts 2 replies 2 mentions

Tue, May 9, 2017 6:45pm -07:00 #websub #socialwg #w3c
at German American Society

Portland, Oregon • Tue, May 9, 2017 6:24pm

45.542357 -122.605676

NET BEECN training

Portland, Oregon

13 Coins

Tue, May 9, 2017 6:24pm -07:00
@Gargron Any chance you're able to make it to IndieWebCamp Düsseldorf or Nürnberg? We'd love to have you there! https://indiewebweek.indieweb.org/

Portland, Oregon

1 like

Tue, May 9, 2017 9:59am -07:00 #indiewebcamp
at Imperial

Portland, Oregon • Mon, May 8, 2017 5:25pm

45.521083 -122.678757

Pretty crowded for a Monday happy hour! 🥂

Portland, Oregon

10 Coins

Mon, May 8, 2017 5:25pm -07:00
at Hollywood Theatre

Portland, Oregon • Sat, May 6, 2017 5:59pm

45.535709 -122.620898

Filmed by Bike 🎥🚲

Portland, Oregon

1 like 8 Coins

Sat, May 6, 2017 5:59pm -07:00
at StreamPDX

Portland, Oregon • Sat, May 6, 2017 4:31pm

45.542637 -122.661012

Open House! 🎙

Portland, Oregon

1 like 13 Coins

Sat, May 6, 2017 4:31pm -07:00
at Portland Community Media

Portland, Oregon • Sat, May 6, 2017 4:16pm

45.542842 -122.661294

Open Signal Open House! 🎥🎙

Portland, Oregon

3 Coins

Sat, May 6, 2017 4:16pm -07:00
at Portland Community Media

Portland, Oregon • Fri, May 5, 2017 5:52pm

45.542842 -122.661294

StreamPDX Open House!

Portland, Oregon

9 Coins

Fri, May 5, 2017 5:52pm -07:00
🎥🎉 ❜ We recorded 912gb of raw video during @CSVConference! ❜🎉🎥 #csvconf

Portland, Oregon

31 likes 7 reposts 2 replies 1 mention

Thu, May 4, 2017 2:35pm -07:00 #csvconf
Patrick Schaller http://F3Development.com • May 4
Yeah... Does that mean there are alternatives to SFSafariView if you own the app and API?

@rogue__leader so some services use the password grant to exchange a un+pw for a token, and build the login interface natively.

Portland, Oregon

1 reply

Thu, May 4, 2017 11:32am -07:00
Patrick Schaller http://F3Development.com • May 4
Yeah... Does that mean there are alternatives to SFSafariView if you own the app and API?

@rogue__leader Well for first-party apps there isn't really a phishing risk, it's normal to type your password into the service's own app.

Portland, Oregon

Thu, May 4, 2017 11:31am -07:00
Patrick Schaller http://F3Development.com • May 4
Awesome, I’ll check those out. Business doesn’t understand why I can’t do this in a way that doesn’t show URL. Since it’s our app and API.

@rogue__leader Yeah the Google case is interesting since they're doing it with their own apps!

Portland, Oregon

2 replies

Thu, May 4, 2017 11:22am -07:00
Patrick Schaller http://F3Development.com • May 4
WOW, thank you so much! Do you know, offhand, of any mobile apps doing Auth this way?

@rogue__leader The Google Inbox and Voice apps do it! I know I've used a couple more, but can't remember off-hand.

Portland, Oregon

5 replies

Thu, May 4, 2017 11:17am -07:00
Patrick Schaller http://F3Development.com • May 4
Sorry, I meant I'm being told the URL can't be visible and they are holding up other mobile apps login as examples that do not show it.

@rogue__leader Yeah sorry, 140 chars isn't enough 😭

Before SFSafariView, the only way to securely do OAuth was to launch the native Safari browser. This meant you'd get bounced out of the app, which a lot of developers didn't want to do to their users. I don't disagree that this was a bad experience, and plenty of people feel the same.

What ended up happening is people instead started embedding the WebView into their apps, in order to avoid having their users bounce out of the app and come back. The compromise in this case is that people would have to type their password to log in, because the embedded WebView doesn't share cookies with the system browser.

It took Apple a long time to roll out SFSafariView, so there are just a lot of apps out there that still have the embedded WebView.

Advantages of WebView:
• Does not make the user leave the app to complete the OAuth flow

Problems with WebView:
• User has no way to verify they are on the real website, so phishing attacks are undetectable
• Does not share system cookies, so users have to type their password every time

Advantages of SFSafariView:
• Does not make the user leave the app to complete the OAuth flow
• The user can see the address bar so can verify they're on the correct website
• Shares system cookies, so the user won't have to type their password if they've already signed in using the native Safari app

I should probably turn this into a proper blog post.

Portland, Oregon

2 replies

Thu, May 4, 2017 10:47am -07:00 #oauth2
Patrick Schaller http://F3Development.com • May 4
Awesome! I'm getting a lot of push back on the visible URL. I'm wondering how/why so many mobile apps don't show it. Thoughts?

@rogue__leader SafariViewController is the best of both worlds. Visible URL, no bouncing out of application, shared cookies.

Portland, Oregon

1 reply

Thu, May 4, 2017 10:18am -07:00
Patrick Schaller http://F3Development.com • May 4
Awesome! I'm getting a lot of push back on the visible URL. I'm wondering how/why so many mobile apps don't show it. Thoughts?

@rogue__leader The problem with embedded WebView is users will have to type their password there anyway, since it doesn't share cookies

Portland, Oregon

Thu, May 4, 2017 10:17am -07:00
Patrick Schaller http://F3Development.com • May 4
Awesome! I'm getting a lot of push back on the visible URL. I'm wondering how/why so many mobile apps don't show it. Thoughts?

@rogue__leader Prior to SafariViewController, devs weren't willing to bounce ppl out of the app, the only other way to have a visible URL

Portland, Oregon

2 replies

Thu, May 4, 2017 10:17am -07:00

older