One time me and @hak5darren sent a fake Microsoft tech support scammer goatse after keeping them on the phone for an hour.
WeChat ID
aaronpk_tv
-
M. Brandon Lee | THIS IS TECH TODAY
https://twitter.com/thisistechtoday
•
Feb 12
Should I play along? I’m curious now.
I would if it were me! Just stay on high alert mode of course... don't download anything, don't connect any OAuth apps to anything, and click links only using an isolated computer. I'm always curious about these things! -
yeah I suspect you're right. I'm curious what the next play is. Maybe they send you a download link to the special "Spotify VIP" app?
-
K. Mike Merrill
https://twitter.com/kmikeym
•
Feb 11
What’s your current setup for backing up power? (Video idea!)
Clearly I need to beef it up a bit, but right now I have a UPS on the network gear and also at my desk. It can keep things powered for about 30-40 minutes, and my internet is fiber so it stays online too -
The power went out literally a minute after I finished hosting a workshop. Good timing I guess. Time to invest in some more batteries?
-
Nick Fiacco
https://twitter.com/FiaccoNick
•
Feb 11
Is there a good way to verify the identity of a public app requesting an auth code?
No not really, that's why the redirect URL is so important to get right. It's not a great situation, but it would require cooperation from the OS in order to have a more secure flow. That said, it's also a relatively unlikely attack vector so people mostly don't worry about it. -
Nick Fiacco
https://twitter.com/FiaccoNick
•
Feb 11
Chances are I’m missing something— @aaronpk @leahculver does this make sense to either of you?
Yes, you're right, but that doesn't mean PKCE is not secure. This is just an inherent limitation of public clients that can't use a client secret. PKCE does solve several attacks, but it doesn't provide authentication of the app itself.
-
Jᵾlien Genestoux
https://twitter.com/julien51
•
Feb 11
Ideally though, an identity shouldn't have to be tied to a server, even if I own it?
That's one opinion yes. There are good arguments on both sides. -
Kevin Marks
https://twitter.com/kevinmarks
•
Feb 11
That's very true, and the Wordpress plugin makes the case as well.
Yep although the WordPress plugin requires some active effort by the user. At least it’s just installing a plugin and not dealing with markup though. -
Kevin Marks
https://twitter.com/kevinmarks
•
Feb 11
That's part of it, though the RelMeAuth model can mitigate that to some extent. A lot of it is having a use case to authorise for. Micropub is one use case that can make sense to users
Nah, don’t forget that every micro.blog account is an IndieAuth account too. Users don’t need to have any knowledge of anything under the hood for that to work. We need more service providers to implement it more than anything.
-
What's New in YoloBox Version 3.4: Livestream chat, side by side view, PDFs, and more! (Feb 2021)
The latest update to the YoloBox adds some incredible new features! This makes it super competitive with some of the far more expensive and bulkier switchers! In this video I give you the rundown of the latest features in the YoloBox version 3.4 update!continue reading...
