小影 是一個在 mastodon.hk 的用戶。只要你有任何 Mastodon 服務站、或者聯盟網站的用戶,便可以跨站關注此站用戶,或者與他們互動。如果你沒有這類用戶,歡迎在此處登記
B248af366d29e695

小影 @siuying

小影 轉推

paste-dat github.com/taravancil/paste-da A tool for sharing files secretly with Dat in the Beaker browser

@yookoala 由日本人整就係

歐資大行攻港:天哪!我喺香港都開唔到銀行戶口
hk.apple.nextmedia.com/realtim

小影 轉推

@mapleshadow mastodon 是用來討論 mastodon 的。 (認真的話是說用來找不同的人討論不同的東西。如果把另一邊的東西灌進來就沒有意思了吧?

@yookoala super excited, but too many stuff to do to make it useful.

@yookoala I don't know. Not familiar with ipfs. I believe it is not implemented. You can always use public/private key to encrypt, sign and verify each messages.

@yookoala imagine Github, if they have an app they might use tactic like using three tokens: one for refresh, one for regular api that have longer expiry, and one for critical task that have a very short expiry (like when they want to update account)

@yookoala JWT is not session. You should not consider to use it store data like session.

@yookoala advantage: it is completely stateless. disadvantage: you cant revoke session unless it is stateful.

Depends on your use case it might suit your needs. A common pattern is use two with different expiry. For example you can have a pair of refresh token and id token. refresh token is non-expiring, and are used to get new id token. id token have a relatively short expire time, and are used to authenticate user for resources. You can build revoke session logic with that.

@yookoala JWT is sound and as secure as the algorithm you used to sign it. Google and AWS both used it. The question is how you use it.

小影 轉推

Don’t use Google AMP

“Google AMP is bad news for how the web is built, it’s bad news for publishers of credible online content, and it’s bad news for consumers of that content. Google AMP is only good for one party: Google.” – thelink.is/google-amp-bad

“If I had my way, Mobile Safari would refuse to render AMP pages. It’s a deliberate effort by Google to break the open web.” – daringfireball.net/linked/2017

#SurveillanceCapitalism

Via @ZiiX

@yookoala Why you would think it's risky?

Create and build modern JavaScript applications with zero initial configuration neutrino.js.org/

@yookoala webpack in general is that difficult to setup... thats why I really want to avoid it if possible.

@chainsawriot 之前係其他 app 有問題