I have implemented OAuth both as a client and a server. The most complicated part is the scattered documentation, and little gotchas from different providers. In itself, the whole thing is not complex.
The diagram shows five boxes, apparently each representing a server, but I am not at all clear on which (of exactly two?) legal business entities controls certain of those servers.
A has an account at B, A has another account at C, A wants to allow C to access data at B (or to send data to B on A's behalf).
How can B be sure that C is acting on A's behalf? Can A only allow C to access certain data (or send only certain data) in order to reduce risk?
A protocol that allows for that three way negotiation is OAuth.
Like with most specs, a lot of the complexity is added in the later years, by companies that have thousands of users and complex edge cases and necessities, and they are the ones dominating the council, and their needs are the ones that push forward newer versions.
So with most specs, the best way to start learning it is by learning from the oldest specs to the newest ones, so if you start by reading or using OAuth2, you will be bombarded with a lot of extra complexities, not even the current experts started like that.
If you need to catch up, always start with the oldest specs/versions.
That'd be RFC (checks notes) 1945 for HTTP1.0 and later RFC (checks notes again) 2616 for HTTP 1.1. I think there's HTTP 0.9 but I went directly for 1.0
Fwiw it's entirely possible to build a web server by listening on port 80 and reading the text stream and writing to the output stream, no libraries no frameworks no apache no ngninx. And I don't mean you need to rebuild a general purpose an apache like server, maybe for a landing page you can just serve a static page and you will be implementing a very small subset of HTTP.
The list of locations with those laws is growing very large. From the post:
> Last summer we announced a series of changes to the terms and conditions of the Matrix.org homeserver instance, to ensure UK-based users are handled in alignment with the UK’s Online Safety Act (OSA). Since then Australia, New Zealand and the EU have introduced similar legislation, with movement in the US and Canada too.
...and while we have no choice but implement it on the matrix.org instance, other folks running their own servers are responsible for their own choices.
I think the issue here is that companies (and govs) are choosing the worst possible solitions to a real problem because it benefits them. Gov wants it for control, companies want it to sell ads and mine data. They team up, and screw everyone over while overlooking other viable solitions
I guess I assumed it’s illegal in that you are using an image to tell a lie in a transaction… like any other kind of forgery - but what i’m actually unsure of is posessing a jpg of an altered drivers license illegal? Seems different than a physical license.
I was referring to the concept of "ceci n'est pas une pipe", and that even just digital forgery of an ID can constitute a crime that can be prosecuted independently from anybody suing.
Of course I highly doubt they'd sue. They either just don't let you in or you abandon them. I'm with the latter.
I’m not a lawyer, but i’d guess that possessing a jpg of a fake id is treated differently under the law than a physical forged id. Once you use it to defraud someone, that’s probably treated the same, but just owning the jpg?
Yeah I agree. There is always some risk about government ID. Long gone the day that ppl could forge one relatively easily, when ID was just a piece of well made paper.
Are these federal officers? They’re men in masks with camo and body armor kidnapping people off the streets and refusing to show identification beyond a patch that says “ICE”.
Yes, they are federal officers. There is no pattern of mass kidnappings by impersonators occurring here.
Interpreting masked officers in tactical gear as kidnappers, or claiming that a patch saying “ICE” is insufficient identification, is not a legally valid basis for suspicion or resistance.
Sure, most of the people kidnapping people off the streets and incarcerating or deporting them without due process in violation of the constitution are federal officers. But unless they identify themselves clearly, you’d be stupid to not resist.
It depends on the crop.
Corn (Maize): Harvested using combine harvesters that pick, husk, and shell the grain. Sweet Corn might be the exception.
Soybeans: Harvested using combines to cut and thresh the plants.
Wheat, Barley, and Oats: Harvested using combines to cut, thresh, and clean the grain.
Cotton: Harvested mechanically using cotton pickers or strippers.
Rice: Mechanically harvested with combines when the stalks are dry.
Potatoes and Root Vegetables: Lifted from the ground using mechanical harvesters that separate soil from the produce.
Lettuce, Spinach, and Celery: Mostly hand-harvested by crews, though automation is increasing.
Berries (Strawberries, Blueberries): Primarily hand-picked for fresh market quality, though some are machine-harvested for processing.
Tree Fruits (Apples, Cherries): Mostly hand-picked to prevent bruising, though some processing cherries use tree shakers.
Wine Grapes: Frequently harvested by hand to ensure quality, especially for high-end wines.
Peppers and Tomatoes: Processed tomatoes are machine-harvested, while fresh peppers are largely hand-picked.
Tell that to all the car accidents caused by people distracted by siri, the people who’ve done horrible things because of AI induced psychosis, or the lives ruined by ai stock trading algorithms.
I didn't write the statement, nor did I waste time and money on this "experiment" when the US needs time and money spent on very different actions right now.
Thanks, it did not.
OAuth and OpenID Connect are a denial of service attack on the brains of the humans who have to work with them.
reply