Skip Navigation

maltfield

@ maltfield @lemmy.ml

Posts
9
Comments
18
Joined
3 yr. ago

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump

  • I am guessing they don’t have an IP protection for liquid/dust.

    The product page's specification's section lists it as having "IP66 certification: Splash proof and dust resistant"

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump

  • Before this launch, could you walk into a store in The Netherlands, pay cash, and walk out with a anonymously-purchased SHIFT phone?

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump

  • Can you walk into a store in The Netherlands, pay cash, and walk out with a anonymously-purchased SHIFT phone?

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump

  • looks like they're collaborating by giving some of their profits upstream, and creating feature requests

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump

  • hardened LinaegeOS forks seems like exactly what we need...

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump

  • Isn't the whole point that this thing can be upgraded?

    Also, Pixel 3 still runs great, once you strip off all the google spyware.

  • NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    Jump
  • Android @lemmy.world
    maltfield @lemmy.ml

    NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    novacustom.com /privacy-friendly-phone/
  • Privacy @lemmy.ml
    maltfield @lemmy.ml

    NovaCustom launches privacy SHIFTphone (degoogled with iodéOS and hardware kill switches)

    novacustom.com /privacy-friendly-phone/

  • Why OAuth MUST share access token with 3rd party?!?

    Jump

  • That's bad.

    OAuth supports several types of flows. If I'm not mistaken (I've learned a bit more about OAuth since yesterday) you're describing the Authorization Code Flow -- as documented in RFC 6749 (The OAuth 2.0 Authorization Framework), Section 4.1 (Authorization Code Grant):

    That RFC defines many other types of flows that do not require sharing the access keys with a third party, such as the Client Credentials Flow, as documented in RFC 6749 Section 4.4 (Client Credentials Grant):

    The only reason you'd want to use the Authorization Code Flow is if the third party needs your access token for some reason, or if you want to hide the access key from the user agent.

    The problem here is that Stripe is using the wrong flow (the third party doesn't need the access token, as they claim they never save it anyway). And if keyCloak only supports that one flow, that's would be a problem too (in this case).

  • Why OAuth MUST share access token with 3rd party?!?

    Jump

  • Stripe Connect does not support Client Credentials flow.

    Can you please tell me what is the name of the "flow" that Stripe Connect is using here?

  • Why OAuth MUST share access token with 3rd party?!?

    Jump

  • I figured out the root technical cause. It's because Stripe doesn't allow the redirect during the OAuth flow to be dynamic. It must be a predefined value that's hard-coded into the app.

    For security purposes, Stripe redirects a user only to a predefined URI.

    That's why Stripe forces you to expose your access tokens to the developer's servers.

    I'd still appreciate if someone with more experience with OAuth than me knows if this is common. Seems like a very bad design decision to require users to transmit their bearer tokens through the developer's servers.

  • Why OAuth MUST share access token with 3rd party?!?

    Jump

  • It’s called the Client Credentials flow (RFC 6749, Section 4.4).

    Finally someone directs me to the actual RFC. Except that section is titled "Client Credentials Grant"

    Why do I see this sometimes called a "Grant" and sometimes called a "Flow"?

    What's the definition and difference of each?

  • /c/cybersecurity - Cybersecurity News & Discussion @lemmy.ml
    maltfield @lemmy.ml

    Why OAuth MUST share access token with 3rd party?!?

  • Security @lemmy.ml
    maltfield @lemmy.ml

    Why OAuth MUST share access token with 3rd party?!?

  • Lemmy @lemmy.ml
    maltfield @lemmy.ml

    Intro Guide to Lemmy

    tech.michaelaltfield.net /2023/06/11/lemmy-migration-find-subreddits-communities/
  • Filmmakers @lemmy.film
    maltfield @lemmy.ml
    Request

    Intro to Lemmy (Video Guide)

    lemmy.ml /post/1193460
  • VTubers @sh.itjust.works
    maltfield @lemmy.ml
    Request

    Intro to Lemmy (Video Guide)

    lemmy.ml /post/1193460

  • Comparison of Lemmy Instances

    Jump

  • It doesn't say porn, it says adult. The legend describes how it's determined

    Adult "Yes" means there's no profanity filters or blocking of NSFW content. "No" means that there are profanity filters or NSFW content is not allowed.

  • Comparison of Lemmy Instances

    Jump

  • how do you do that? Is there a guide anywhere for how to setup mastodon seeing lemmy or lemmy seeing mastodon?

  • Comparison of Lemmy Instances

    Jump

  • I think at the top, just above the "Recommended"

    <h2>

    add:

     
        
For a more detailed comparison of Lemmy instances, see:

<ul>
<li><a href="https://github.com/maltfield/awesome-lemmy-instances">Awesome-Lemmy-Instances on GitHub</a></li>
<li><a href="https://the-federation.info/platform/73">the-federation.info Lemmy Instances Page</a></li>
<li><a href="https://lemmymap.feddit.de/">Feddit's Lemmymap</a></li>
</ul>

After you create an account, you can find communites across all instances using <a href="https://browse.feddit.de/">Feddit's Lemmy Community Browser</a>

<h2>Recommended</h2>
...

  • Comparison of Lemmy Instances

    Jump

  • oh shit I wish I knew that existed before XD

  • Comparison of Lemmy Instances

    Jump

  • I see TypeScript and get scared. Personally, I do think that the join-lemmy.org/instances page should link to:

    1. My table comparison https://github.com/maltfield/awesome-lemmy-instances
    2. The Lemmy Community Browser (to find communities across all instances) https://browse.feddit.de/
    3. The Lemmy Map https://lemmymap.feddit.de/
    4. The federation's lemmy page (with another table comparing instances) https://the-federation.info/platform/73

    Can anyone with TypeScript experience make this PR for us? Here's the relevant file:

  • Lemmy @lemmy.ml
    maltfield @lemmy.ml

    Comparison of Lemmy Instances

    github.com /maltfield/awesome-lemmy-instances

  • What open source project(s) are you working on?

    Jump

  • Hi Lemmy!

    I make BusKill laptop kill cords that make your computer lock, shutdown, or self-destruct if the device is physically separated from you.

    This protects your (encrypted) data from theft, which can be useful for digital nomads and cryptotraders working in cafes/coworking spaces. But our target audience is journalists, activists, and human rights workers in oppressive regimes.

    Both the hardware and the software are open-source (CC-BY-SA, GPLv3). We manufacture the hardware with injection molding, but if you have a 3D-printer, then you can take a stab at our 3D-printable prototype.

    ...And apparently I'm doing (minor) contributions to lemmy these days too

  • 3D Printing @lemmy.ml
    maltfield @lemmy.ml

    3D-Printable BusKill (USB Dead Man Switch) Prototype

    www.buskill.in /3d-print-2023-04/