#dev 2024-08-11

2024-08-11 UTC
sp1ff and [Ros] joined the channel
#
[tantek]
Maybe erring in the dev side but this seems applicable to indieweb folks https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/
#
aaronpk
i consider myself pretty knowledgeable about this kind of thing, but it took me a really long time to understand what that article is actually about
#
aaronpk
i feel like it introduced terminology without a real explanation too early, and that flow chart was less than helpful since it was full of jargon you have to already know
#
aaronpk
it took about 75% of the way through the article before I really understood what it was talking about
#
aaronpk
this is to say that the concept is absolutely applicable to #indieweb but this article is definitely not written for the general indieweb audience
thegreekgeek and jxnm joined the channel
#
[tantek]
Indeed. Hence sharing here in <#C1PA11USK|> rather than main
GuestZero, thegreekgeek, beanbrain and thegreekgeek_ joined the channel
#
capjamesg[d]
aaronpk Could you give a TL;DR on what the article is talking about?
thegreekgeek, beanbrain and chee joined the channel
#
vikanezrimaya
aaronpk: in newer versions of Indieauth, there's this Client ID metadata document that's supposed to be retrievable from the Client ID. Are there any assumptions I can make about the fetcher side, such as proper Accept: application/json headers? When fetching, are there any specific requirements?
#
vikanezrimaya
This may be a good thing to explicitly require in the standard, if it's not specified elsewhere in the sprawling labyrinth that is OAuth spec
ttybitnik, beanbrain, barnaby and barnabywalters joined the channel