Aaron Parecki @aaronpk

Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋

 Portland, Oregon
aaronparecki.com
Joined April 2008
  • Tweets 11,388
  • Following 1,223
  • Followers 6,415
643 Photos and videos
Filter
Exclude
Time range
-
Near
Load newest
Replying to @elthenerd
aww what a good cat
This 100% matches my feelings about programming, which might explain why I continue to stick with PHP as my language of choice
@woketopus.bsky.social @woketopus
10 Oct 2021
The guy who created PHP (Rasmus Lerdorf) appears to have reached some higher level of coder enlightenment
15
Replying to @robertoblake
Making time to write scripts/outlines
1
Replying to @photojoseph @iPhonedo
oh my gosh yes, I am so there
1
Replying to @foglebr @every_daydad
same tbh 😅
2
Replying to @every_daydad
I can't believe you still have a full time job and haven't gone full time YouTube yet 😅
1
6
Replying to @every_daydad
I mean, Photoshop had already existed for 15 years before YouTube, so... they didn't? 😁
9
Replying to @ChloeCondon
Don't worry, 2038 is just around the corner and is going to be way worse than the Y2K bugs.
5
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee @idp
Maybe, but at the end of the day I would assume any crypto will eventually be broken, so it's a game of picking good enough algorithms to avoid correlation in a timeframe that would be a problem.
2
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee @idp
But there's a big difference in relying on a specific hash function for something that won't matter a day from now (validating an ID token) vs something that can be correlated years later (hashed identifiers in logs)
1
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee @idp
Relying on sha256 as the end of the story seems like a thing that also won't age well. It's only a matter of time until we see sha256 the way we see md5 today.
1
Replying to @timcappalli @samuelgoto @vibronet @pamelarosiedee
I actually thought I had already joined, but I haven't yet actually joined a meeting. It's a lot to keep up on with all the other spec work I'm in the middle of 😅
1
Replying to @aaronpk @samuelgoto @timcappalli @vibronet @pamelarosiedee
I'm actually really interested in this particular problem right now since Sign In with Apple is probably the biggest example of differing IDs per RP yet the first thing the RPs want to do is resolve that back to an identifiable user.
2
1
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee
Oh yeah, that's intentional. It'd be interesting to explore what it could look like otherwise tho.
2
2
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee
Do you mean when there's a viable replacement for DNS? We can cross that bridge when we come to it.
1
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee
There are definitely some similarities since they are both adding an identity layer on top of OAuth. IndieAuth is a much smaller surface area tho and does less stuff. Some more details here: indieweb.org/How_is_IndieAut…
1
1
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee
No, none of it relies on third party cookies thankfully, it's closer to plain OAuth in that sense.
1
Replying to @samuelgoto @timcappalli @vibronet @pamelarosiedee
Dynamic Client Registration, but afaik no major provider supports this because they *want* RPs to have a pre-established relationship. We built IndieAuth to avoid the need for any client registration and it works great for that use case: aaronparecki.com/2018/07/07/…
1
2
Follow @wtf_oauth for your daily dose of OAuth humor, which will be funny to approximately 0.0001% of you
1
7
Replying to @johnallsopp
here you are trying to be actually helpful and I've just gone and set up a new parody twitter account @wtf_oauth now back to work, let me actually read this now 😅
2
Load more