#dev 2024-08-11

2024-08-11 UTC
sp1ff and [Ros] joined the channel
# 01:54 
[tantek] Maybe erring in the dev side but this seems applicable to indieweb folks https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/
# 03:13 
aaronpk i consider myself pretty knowledgeable about this kind of thing, but it took me a really long time to understand what that article is actually about
# 03:14 
aaronpk i feel like it introduced terminology without a real explanation too early, and that flow chart was less than helpful since it was full of jargon you have to already know
# 03:15 
aaronpk it took about 75% of the way through the article before I really understood what it was talking about
# 03:17 
aaronpk this is to say that the concept is absolutely applicable to #indieweb but this article is definitely not written for the general indieweb audience
thegreekgeek and jxnm joined the channel
# 09:45 
[tantek] Indeed. Hence sharing here in <#C1PA11USK|> rather than main
GuestZero, thegreekgeek, beanbrain and thegreekgeek_ joined the channel
# 17:13 
capjamesg[d] aaronpk Could you give a TL;DR on what the article is talking about?
thegreekgeek, beanbrain and chee joined the channel
# 18:10 
vikanezrimaya aaronpk: In https://datatracker.ietf.org/doc/html/draft-parecki-oauth-client-id-metadata-document,
# 18:10 
vikanezrimaya oops
# 18:11 
vikanezrimaya aaronpk: in newer versions of Indieauth, there's this Client ID metadata document that's supposed to be retrievable from the Client ID. Are there any assumptions I can make about the fetcher side, such as proper Accept: application/json headers? When fetching, are there any specific requirements?
# 18:12 
vikanezrimaya This may be a good thing to explicitly require in the standard, if it's not specified elsewhere in the sprawling labyrinth that is OAuth spec
ttybitnik, beanbrain, barnaby and barnabywalters joined the channel