Being able to see the AST of anything you're working on is maybe more useful for editing configuration files (and debugging them) or using some Lisp language than my daily work on TypeScript (and evening on Rust).
Modifiers for terminals landing is excellent! Mapping Q to re-play the last macro is great!
FedCM for IndieAuth
IndieWebCamp Düsseldorf took place this weekend, and I was inspired to work on a quick hack for demo day to show off a new feature I've been working on for IndieAuth.
Since I do actually use my website to log in to different websites on a regular basis, I am often presented with the login screen asking for my domain name, which is admittedly an annoying part of the process. I don't even like having to enter my email address when I log in to a site, and entering my domain isn't any better.
So instead, I'd like to get rid of this prompt, and let the browser handle it for you! Here's a quick video of logging in to a website using my domain with the new browser API:
So how does this work?
For the last couple of years, there has been an ongoing effort at the Federated Identity Community Group at the W3C to build a new API in browsers that can sit in the middle of login flows. It's primarily being driven by Google for their use case of letting websites show a Google login popup dialog without needing 3rd party cookies and doing so in a privacy-preserving way. There's a lot to unpack here, more than I want to go into in this blog post. You can check out Tim Cappalli's slides from the OAuth Security Workshop for a good explainer on the background and how it works.
However, there are a few experimental features that are being considered for the API to accommodate use cases beyond the "Sign in with Google" case. The one that's particularly interesting to the IndieAuth use case is the IdP Registration API. This API allows any website to register itself as an identity provider that can appear in the account chooser popup, so that a relying party website doesn't have to list out all the IdPs it supports, it can just say it supports "any" IdP. This maps to how IndieAuth is already used today, where a website can accept any user's IndieAuth server without any prior relationship with the user. For more background, check out my previous blog post "OAuth for the Open Web".
So now, with the IdP Registration API in FedCM, your website can tell your browser that it is an IdP, then when a website wants to log you in, it asks your browser to prompt you. You choose your account from the list, the negotiation happens behind the scenes, and you're logged in!
One of the nice things about combining FedCM with IndieAuth is it lends itself nicely to running the FedCM IdP as a separate service from your actual website. I could run an IndieAuth IdP service that you could sign up for and link your website to. Since your identity is your website, your website would be the thing ultimately sent to the relying party that you're signing in to, even though it was brokered through the IdP service. Ultimately this means much faster adoption is possible, since all it takes to turn your website into a FedCM-supported site is adding a single <link> tag to your home page.
So if this sounds interesting to you, leave a comment below! The IdP registration API is currently an early experiment, and Google needs to see actual interest in it in order to keep it around! In particular, they are looking for Relying Parties who would be interested in actually using this to log users in. I am planning on launching this on webmention.io as an experiment. If you have a website where users can sign in with IndieAuth, feel free to get in touch and I'd be happy to help you set up FedCM support as well!
IndieWebCamp Düsseldorf took place this weekend, and I was inspired to work on a quick hack for demo day to show off a new feature I've been working on for IndieAuth.
Since I do actually use my website to log in to different websites on a regular basis, I am often presented with the login screen asking for my domain name, which is admittedly an annoying part of the process. I don't even like having to enter my email address when I log in to a site, and entering my domain isn't any better.
So instead, I'd like to get rid of this prompt, and let the browser handle it for you! Here's a quick video of logging in to a website using my domain with the new browser API:
So how does this work?
For the last couple of years, there has been an ongoing effort at the Federated Identity Community Group at the W3C to build a new API in browsers that can sit in the middle of login flows. It's primarily being driven by Google for their use case of letting websites show a Google login popup dialog without needing 3rd party cookies and doing so in a privacy-preserving way. There's a lot to unpack here, more than I want to go into in this blog post. You can check out Tim Cappalli's slides from the OAuth Security Workshop for a good explainer on the background and how it works.
However, there are a few experimental features that are being considered for the API to accommodate use cases beyond the "Sign in with Google" case. The one that's particularly interesting to the IndieAuth use case is the IdP Registration API. This API allows any website to register itself as an identity provider that can appear in the account chooser popup, so that a relying party website doesn't have to list out all the IdPs it supports, it can just say it supports "any" IdP. This maps to how IndieAuth is already used today, where a website can accept any user's IndieAuth server without any prior relationship with the user. For more background, check out my previous blog post "OAuth for the Open Web".
So now, with the IdP Registration API in FedCM, your website can tell your browser that it is an IdP, then when a website wants to log you in, it asks your browser to prompt you. You choose your account from the list, the negotiation happens behind the scenes, and you're logged in!
One of the nice things about combining FedCM with IndieAuth is it lends itself nicely to running the FedCM IdP as a separate service from your actual website. I could run an IndieAuth IdP service that you could sign up for and link your website to. Since your identity is your website, your website would be the thing ultimately sent to the relying party that you're signing in to, even though it was brokered through the IdP service. Ultimately this means much faster adoption is possible, since all it takes to turn your website into a FedCM-supported site is adding a single <link> tag to your home page.
So if this sounds interesting to you, leave a comment below! The IdP registration API is currently an early experiment, and Google needs to see actual interest in it in order to keep it around! In particular, they are looking for Relying Parties who would be interested in actually using this to log users in. I am planning on launching this on webmention.io as an experiment. If you have a website where users can sign in with IndieAuth, feel free to get in touch and I'd be happy to help you set up FedCM support as well!
This could solve an issue for federated identity for the Fediverse!
Consent does not exist on the Internet. Or in networked applications. The fact of the matter is that the Internet was made for a set of purposes and, despite the public's attempt to shape it into something familiar, its bones still lean into archival and surveillance.
Karl Auerbach (@karlauerbach@sfba.social)
@jalcine@todon.eu What a terribly drafted bill!(I don't disagree with the sentiment, but the definitions are dangerously vague and open ended.)It is so badly drafted that it could sweep in many churches and even countries (such as Israel).
It would definitely give groups like the NRA and ADL a trip (once more people use something like this to invoke a tax-backed "hunt" for terrorists).
It takes me "so long" to read things. I'm only halfway through Supa Dupa Skies by Logic(s) whereas I've finished two copies of In These Times. In the case of Supa Dupa Skies, the essay, Origin Stories, was what I first opened up to and blew my mind. That led me to starting Accounting for Slavery, a book that I still haven't finished but from reading the references gives me very little hope for the field of management (given its shared history with the industry/system of policing, IMO). I like "jumping around" like this because it's within a domain I have a lot of interest in and keeps things interested. Note taking has helped me context-switch and as well as — and I only started this about three years ago — writing about what you've read from each chapter. Might be more obvious to college heads but this has improved both my recall but also my ability to pick up where I left off at. I still want to make some of my notes semi-public but that's for the future.
The most notable point of this bill is this phrase " a terrorist or terrorist-supporting organization within the prior three years". This would pull this status from organizations that support political prisoners if the state considers them to be a terrorist. Or anyone who's been protesting the war on Palestine.
The bodycam era was the best thing to happen to the news because it removed the ability of citizens to report things; it returned the authority of the narrative back to the state. On par with corporate security footage being used over civilian or independent reports.
By 1970 fully 70% of the FBI COINTELPRO operations were aimed at Black organizations, from the non-violent SCLC led by Dr. King to SNCC, CORE, and the Black Panther Party (BPP). Ultimately, the majority of the 70% of COINTELPRO operations that focused on Black groups and Black leaders collectively were directed exclusively at the BPP. Why was this?
I'm ringing a bell that we all heard before by now but this closing line is one to close the day on:
The confirmed range for the size of these “Cop City” projects is as low as a 3,500 square foot structure on 3 acres to a 366,000 square foot village on 146 acres. The largest being planned did not include details on the actual facility, but the proposed site is a whopping 800 acres. Historically, a basic prerequisite for autocratic Fascist rule is a national militarized police force, backed by an all-pervasive civilian police intelligence apparatus with a singular national Database. It hasn’t been a long time coming but corporate America and its political power structure have fashioned a police state under cover of a spurious “electoral college” democracy and chauvinistic white nationalism. It’s called Democratic Fascism.
X-Men '97 is WILD and we got the last episode of Season 1 next week. NGL this season has been a lot but DAMN.
First time in a while I've seen a hosting service explictly mention Publii, via https://pages.casa/. I think https://getpublii.com/ has the right idea and is missing a few parts. Having it the act of hosting something — or even producing Web content be similar to document processing (or vector graphic creation) is where I feel we need to be moving the open Web. Making it work with ActivityPub seems doable too with more demonstration of static-site ActivityPub solutions (or one even going as far as adding a thin layer for compatible static sites to make it operate like an AP site).
Aaron Parecki
•
posted
•
archived copy
•
current
https://jacky.wtf
•
posted
•
archived copy
•
current