Disqus - Friends of NathanCollins

Re: Photos | Aaron Parecki

aaronpk — Thu, 13 Nov 2008 13:50:33 -0000

just testing out my new comment system!

Re: Problems with postfix

aaronpk — Tue, 11 Aug 2009 11:32:49 -0000

I think the problem is your "mynetworks" line. Either you need commas separating the values, or you need to add the IP of your server. Try this:

mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128, 74.63.15.135/32

Re: Current Projects

aaronpk — Mon, 02 Nov 2009 00:23:04 -0000

i love the idea of an open-source program to replace SCT Banner!

Re: Programmed Robots and 4 Other Ways Developers Use Twilio, the Popular Telephony API

aaronpk — Mon, 15 Nov 2010 17:54:07 -0000

Actually we're using Tropo for Geoloqi. Twilio is pretty nice, too, but I've had better luck with Tropo's support channels and stability. There always seems to be someone available in IRC if I need to ask them a question!

Re: 3 Ways to Host Your Own Delicious Alternative

aaronpk — Fri, 17 Dec 2010 16:52:24 -0000

For those of you who are having trouble getting an XML file from your delicious account (i.e. if you have a newer delicious account created after Yahoo bought it), try the Delicious XML Exporter http://deliciousxml.com

Re: Delicious XML Export

aaronpk — Mon, 20 Dec 2010 13:49:27 -0000

Thanks for the info. I haven't used Scuttle much other than installing it quickly to see how it looked. I actually set up a Wordpress blog for my bookmarks, check it out here: http://links.aaron.pk/about/. I made the plugins and theme available at that link.

Re: CubeDuel is Like FaceMash for LinkedIn and It's Twisted

aaronpk — Thu, 13 Jan 2011 19:24:10 -0000

Also see: http://douchemash.com. Not as well done as this.

Re: TellFi Is Google Voice For Companies

aaronpk — Wed, 02 Mar 2011 00:40:41 -0000

This was bound to happen. Someone saw Twilio for the first time and said "Hey I bet we could build something for businesses with that" without really realizing that this has been around for a long long time in the business world.

Re: Futuristic Location Platform Geoloqi Will Live, Lands Funding

aaronpk — Tue, 19 Jul 2011 00:12:12 -0000

Hi David, actually, we focus on what you can do with location *after* it's been gathered from the phone. Our platform allows developers to do things like turn on and off your lights when you get home, and allows developers to create apps like this without writing any iPhone code, allowing it to work with any device that knows where it is.

Re: Google Brings Automatic, Background Visual Search to Android Phones

aaronpk — Wed, 14 Sep 2011 15:58:43 -0000

Yep, that pretty much sums it up. :)

Re: How Bit.ly Now Predicts the Future

aaronpk — Thu, 13 Oct 2011 22:20:49 -0000

Wow! Sounds like bit.ly is going to be the Hackernews for the entire Internet!

Re: Redis: Zero to Master in 30 minutes - Part 1

aaronpk — Tue, 08 Nov 2011 05:14:50 -0000

Great intro, thanks!

For the first example in the Lists section, you could do this with an LPUSH command followed by an LTRIM command to avoid doing the comparison in your code. For example, LPUSH test alice, LPUSH test bob, LPUSH test charlie, LTRIM test 0 1 results in the list "charlie", "bob".

From the Redis documentation on LTRIM, this is a common pattern:

LPUSH mylist someelement
LTRIM mylist 0 99

The LTRIM command is O(n) where n is the number of elements removed from the list, so if you are continually trimming just one element from the list you end up with an extremely fast operation. These could even be combined into a single Redis command using a transaction, if you wanted to avoid a trip over the network to the Redis server.

Re: Google Alerts Drops RSS Delivery Option

aaronpk — Tue, 02 Jul 2013 18:21:15 -0000

It's also pretty funny to see how many websites had feeds embedded from an RSS search which are now broken: https://www.google.com/sear...

Re: Dog Food Renewed

aaronpk — Sat, 22 Feb 2014 02:31:21 -0000

This looks like fun, I'll keep an eye out!

Re: The principles of a decentralized web

aaronpk — Tue, 08 Sep 2015 22:56:23 -0000

Here's a few more! http://indiewebcamp.com/pri... Would love to have you join the conversation!

(originally posted at http://aaronparecki.com/rep...

Re: What is the OAuth 2.0 Implicit Grant Type?

aaronpk — Mon, 27 Aug 2018 13:20:12 -0000

Thanks for the note! While you're correct that the URI fragment will not be in the server's logs, it will still be logged by the browser in the browser history, like the quoted section says.

Re: Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps

aaronpk — Wed, 23 Jan 2019 17:39:48 -0000

You're totally right, thanks! I originally had written the program with a single string, then realized it made a better example to have it as two strings in the program. Forgot to update the article text to match!

Re: Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps

aaronpk — Tue, 12 Feb 2019 15:38:46 -0000

It's entirely possible to complete an OAuth 2.0 flow without using a secret key at all. This post talks about the details of it, hopefully that answers your question: https://developer.okta.com/...

Re: Add Secure Authentication to your WordPress Site in 15 Minutes

aaronpk — Tue, 12 Feb 2019 22:09:52 -0000

Sorry about that, that's a bug. I just fixed the code to check for the env.php file instead of the json file.

Re: Add Secure Authentication to your WordPress Site in 15 Minutes

aaronpk — Wed, 27 Feb 2019 14:33:52 -0000

Yes, it should be. Did you encounter a problem with downloading it?

Re: Add Authentication to your PHP App in 5 Minutes

aaronpk — Tue, 26 Mar 2019 12:53:32 -0000

You're right, I totally forgot that I added a default scope to my authorization server that I didn't document in this post. I'll update it!

Re: What is the OAuth 2.0 Implicit Grant Type?

aaronpk — Tue, 09 Jul 2019 20:49:53 -0000

Hi Pratik! There's a much better solution for SPAs now! Check out my more recent post for an example of how to do the authorization code flow with PKCE in JavaScript: https://developer.okta.com/...

Re: Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps

aaronpk — Tue, 23 Jul 2019 09:56:39 -0000

The client_id has always been considered public information, so there is no risk of it being stolen.

Without PKCE and without a client secret, there is no protection against the access token being stolen from the redirect in the implicit flow, and it has always been known that this is less secure. The implicit flow has never been recommended as a secure option, it was just the only option at the time.

If a mobile app were to include a client secret and use the authorization code flow, there would also be no protection against stolen authorization codes, since the secret wouldn't be secret and would be available to an attacker.

Re: Add Secure Authentication to your WordPress Site in 15 Minutes

aaronpk — Wed, 21 Aug 2019 13:44:14 -0000

This plugin takes over the wordpress login flow, so if you disable an account in Okta, they will be unable to log in to wordpress. If they are already logged in with a current session, they won't be kicked out if you disable them in Okta. They just won't be able to log in again.

Re: Add Secure Authentication to your WordPress Site in 15 Minutes

aaronpk — Wed, 21 Aug 2019 13:52:05 -0000

I haven't tried with multi-site, sorry! I can't remember the details of how it works to know off-hand whether it would be compatible.