Same!
Oh wow - seeing my own work in the wild is ... wild. I implemented the RAS end of this for Atlassian. There will certainly be iterations around this flow - CIMD, better tenancy support, etc., but all the folks involved…
My man, all these fuckers use the same parasitic management consultancies. That's why all this shit looks the same.
Interesting - I wonder if this isn't a case of theft on a refresh token that was minted by a non-confidential 3LO flow w/PKCE. That would explain how a leaked refresh token could then be used to obtain access, but does…
Question - from the perspective of the actual silicon, are these NPUs just another form of SIMD? If so, that's laughable sleight of hand and the circuits will be relegated to some mothball footnote in the same manner as…
The comment in lines 163 - 172 make some claims that are outright false and/or highly A/S dependent, to the point where I question the validity of this post entirely. While it's possible that an A/S can be…
This is one of those cases where I would hope that extremely strong federalism is exercised from Ottawa: essentially, Alberta could be dissolved, stripped of its provincial status and relegated to a territory. From that…
Yep - I remember the CCAT from 4th grade that resulted in my being placed into a different class for 5th. AFAIK, we were given this test "cold" (no prep) and I remember it being timed.
> In short, Open ID Connect is quite accurately described as an Authentication standard. But OAuth 2.0 has little to do with Authorization. It allows clients to specify the "scope" parameter, but does not determine how…
> The industry predominately rewards writing code, not designing software. The sad part of this is that code is absolutely a side-effect of design and conception: without a reason and reasonable approach, code shouldn't…
Linus always has a great way of summarizing what others might be thinking (nebulously). What's being said in the article is really mirrored in the lost art of DDD, and when I say "lost" I mean that most developers I…
Weird - this is the first place I saw the "internet" on display as a kid. Shame to see it close in such an unceremonious way.
[flagged]
You'd be surprised at how little cloud vendors give a shit about security internally. Story time: I recently went ahead and implemented key rotation for one of our authz services, since it had none, and was reprimanded…
You really think that's anti-social behaviour? It's a matter of practicality, my delicate flower.
This is basically how I handle it, and we live in the neighborhood mentioned by this article. The disability claim is largely a straw man argument: I've never seen someone in a wheelchair try to navigate SF streets -…
I also have the same mutation, as does my wife. From what I've been told by various hematologists, vascular surgeons, and interventional radiologists, it's a very weak clotting disorder, but you do have to keep an eye…
I'll echo this - I have had two left leg DVTs, spaced about 7 years apart, and after the second event, really started diving into medical publications - surgical journals, medical textbooks, clinical trials - as a means…
They absolutely do not and also introduce a significant amount of overhead with respect to key/certificate management.
No, there's no explanation.
Agree - you only need to look at things like the hybrid flows to see where things fall apart: why would you issue an id_token that contains user information to a client which hasn't yet fully authenticated itself via a…
Yup - OIDC can be boiled down to: 1. The OG OAuth2 spec never said anything about identifying principals 2. OIDC mandated an id_token to avoid the hit of POSTing the access token to an introspection endpoint 3. The…
1000x this - each and every CAIM has their own "interpretation" of what the various constructs actually mean in the various RFCs and it leads to a lot of hodge-podge integrations that organizations outgrow. Things like…
I feel as though this is a consequence of organizations not really understanding how complex the space truly is. The way I've watched OAuth2 + OIDC get adopted in various companies was never from a security-first…
If you do this and I am the one interviewing you, I will fail you. I will figure out what you actually do/don't know and if you are incapable of performing at the applied level, I will fail you.
Same!
Oh wow - seeing my own work in the wild is ... wild. I implemented the RAS end of this for Atlassian. There will certainly be iterations around this flow - CIMD, better tenancy support, etc., but all the folks involved…
My man, all these fuckers use the same parasitic management consultancies. That's why all this shit looks the same.
Interesting - I wonder if this isn't a case of theft on a refresh token that was minted by a non-confidential 3LO flow w/PKCE. That would explain how a leaked refresh token could then be used to obtain access, but does…
Question - from the perspective of the actual silicon, are these NPUs just another form of SIMD? If so, that's laughable sleight of hand and the circuits will be relegated to some mothball footnote in the same manner as…
The comment in lines 163 - 172 make some claims that are outright false and/or highly A/S dependent, to the point where I question the validity of this post entirely. While it's possible that an A/S can be…
This is one of those cases where I would hope that extremely strong federalism is exercised from Ottawa: essentially, Alberta could be dissolved, stripped of its provincial status and relegated to a territory. From that…
Yep - I remember the CCAT from 4th grade that resulted in my being placed into a different class for 5th. AFAIK, we were given this test "cold" (no prep) and I remember it being timed.
> In short, Open ID Connect is quite accurately described as an Authentication standard. But OAuth 2.0 has little to do with Authorization. It allows clients to specify the "scope" parameter, but does not determine how…
> The industry predominately rewards writing code, not designing software. The sad part of this is that code is absolutely a side-effect of design and conception: without a reason and reasonable approach, code shouldn't…
Linus always has a great way of summarizing what others might be thinking (nebulously). What's being said in the article is really mirrored in the lost art of DDD, and when I say "lost" I mean that most developers I…
Weird - this is the first place I saw the "internet" on display as a kid. Shame to see it close in such an unceremonious way.
[flagged]
You'd be surprised at how little cloud vendors give a shit about security internally. Story time: I recently went ahead and implemented key rotation for one of our authz services, since it had none, and was reprimanded…
You really think that's anti-social behaviour? It's a matter of practicality, my delicate flower.
This is basically how I handle it, and we live in the neighborhood mentioned by this article. The disability claim is largely a straw man argument: I've never seen someone in a wheelchair try to navigate SF streets -…
I also have the same mutation, as does my wife. From what I've been told by various hematologists, vascular surgeons, and interventional radiologists, it's a very weak clotting disorder, but you do have to keep an eye…
I'll echo this - I have had two left leg DVTs, spaced about 7 years apart, and after the second event, really started diving into medical publications - surgical journals, medical textbooks, clinical trials - as a means…
They absolutely do not and also introduce a significant amount of overhead with respect to key/certificate management.
No, there's no explanation.
Agree - you only need to look at things like the hybrid flows to see where things fall apart: why would you issue an id_token that contains user information to a client which hasn't yet fully authenticated itself via a…
Yup - OIDC can be boiled down to: 1. The OG OAuth2 spec never said anything about identifying principals 2. OIDC mandated an id_token to avoid the hit of POSTing the access token to an introspection endpoint 3. The…
1000x this - each and every CAIM has their own "interpretation" of what the various constructs actually mean in the various RFCs and it leads to a lot of hodge-podge integrations that organizations outgrow. Things like…
I feel as though this is a consequence of organizations not really understanding how complex the space truly is. The way I've watched OAuth2 + OIDC get adopted in various companies was never from a security-first…
If you do this and I am the one interviewing you, I will fail you. I will figure out what you actually do/don't know and if you are incapable of performing at the applied level, I will fail you.