00:05:00  <emilbayes>ogd: Oh okay, I've read a lot of blog posts on auth0 but I'm still a bit erry givne they're a commercial enterprise
00:06:00  <substack>emilbayes: what kind of thing do you need to make?
00:06:40  <emilbayes>substack: Totally old school user system. Will probably go token based, but I'm also not convinced on the whole JWT movement
00:07:08  <substack>I can't wait until we all live in the future and use asymmetric crypto for all of these things
00:07:13  <emilbayes>substack: Been looking a lot at SRP
00:07:19  <substack>without even any servers
00:07:28  <substack>but the web is still too backwards
00:09:24  <emilbayes>substack: Hehe well, I was gonna use asymmetric crypto but what I'm building isn't for tech savvy people, so moving keys between devices was a problem I didn't want to tackle
00:10:14  <emilbayes>substack: Was considering generating a key pair from a username/password combo and then use key stretching to avoid weak passwords, but then there's the issue of changing the password
00:14:08  <substack>hahahaha yessss the size of the separated gzipped o5m files is the same as the input pbf file!
00:26:28  * h0x00aquit (Ping timeout: 258 seconds)
00:33:24  * h0x00ajoined
01:10:43  <dguttman>emilbayes: if you don't want to use auth0 you can try https://github.com/davidguttman/authentic
01:20:50  <emilbayes>dguttman: what about revoking tokens?
01:50:33  * h0x00aquit (Ping timeout: 240 seconds)
02:30:58  * h0x00ajoined
02:40:55  * h0x00aquit (Quit: WeeChat 1.5)
02:41:20  * h0x00ajoined
03:14:29  <joepie91>made a thing: http://cryto.net/why-is-npm-broken/
03:21:57  <dguttman>emilbayes: there's nothing bulit in for that since it's designed to be distributed
03:23:05  <dguttman>but easy enough to do, the tokens have an issued at timestamp, so you can just have a central registry of user/revoke times
03:24:10  <dguttman>and apps can just make sure that the iat on the token > registered revoke time
04:24:54  * h0x00aquit (Ping timeout: 258 seconds)
04:57:39  * contrahaxjoined
05:16:05  <substack>ok so my test didn't work on the full planet OSM, my laptop got too hot and powered down
05:23:02  <emilbayes>dguttman: I was thinking of doing 1. long lived tokens which have to go to a central service, which manages revokation and the like, and 2. short lived tokens which can be easily verified without checking with a central service, so the window in which a leaked token can be used is quite short. But I still find it problematic taht there is some window in
05:23:02  <emilbayes>which a leaked token can be used
05:50:21  * Boobileahjoined
05:53:36  * contrahaxquit (Quit: Sleeping)
07:01:32  * mk30quit (Ping timeout: 272 seconds)
07:34:50  * mk30joined
08:12:22  * drptbljoined
08:31:32  * fotoveritequit (Quit: fotoverite)
09:51:10  * drptblquit (Quit: See you later!)
10:44:28  * thealphanerdquit (Quit: farewell for now)
10:44:58  * thealphanerdjoined
13:22:11  * h0x00ajoined
13:35:40  * h0x00aquit (Ping timeout: 244 seconds)
13:45:58  * ekristenjoined
15:01:46  * Boobileahquit (Quit: Connection closed for inactivity)
15:34:45  * contrahaxjoined
15:46:04  * h0x00ajoined
16:06:28  * yoshuawuytsquit (Ping timeout: 264 seconds)
16:07:49  * yoshuawuytsjoined
16:15:04  * yoshuawuytsquit (Ping timeout: 272 seconds)
16:16:23  * yoshuawuytsjoined
17:04:28  * xipliasquit (Ping timeout: 272 seconds)
17:04:28  * ehdquit (Ping timeout: 272 seconds)
17:04:29  * sorribasquit (Ping timeout: 272 seconds)
17:04:29  * juliangruberquit (Ping timeout: 272 seconds)
17:05:06  * dubroy__________quit (Ping timeout: 272 seconds)
17:05:06  * ecquit (Ping timeout: 272 seconds)
17:05:06  * benglquit (Ping timeout: 272 seconds)
17:05:44  * yoshuawuytsquit (Ping timeout: 272 seconds)
17:05:45  * sindresorhusquit (Ping timeout: 272 seconds)
17:05:45  * mikolalysenkoquit (Ping timeout: 272 seconds)
17:06:23  * Raynosquit (Ping timeout: 272 seconds)
17:06:23  * bretquit (Ping timeout: 272 seconds)
17:06:23  * perlbotquit (Ping timeout: 272 seconds)
17:06:23  * pkruminsquit (Ping timeout: 272 seconds)
17:06:40  * sorribasjoined
17:09:01  * sindresorhusjoined
17:09:54  * ehdjoined
17:10:54  * perlbotjoined
17:11:20  * ecjoined
17:11:49  * fotoveritejoined
17:12:21  * juliangruberjoined
17:13:15  * bengljoined
17:13:19  * Raynosjoined
17:14:10  * bretjoined
17:14:34  * xipliasjoined
17:15:11  * yoshuawuytsjoined
17:15:19  * mikolalysenkojoined
17:18:50  * rvaggquit (Ping timeout: 250 seconds)
17:18:50  * Domenicquit (Ping timeout: 250 seconds)
17:18:50  * indexzeroquit (Ping timeout: 250 seconds)
17:19:31  * indexzerojoined
17:20:20  * rvaggjoined
17:20:58  * Domenicjoined
17:21:17  * pkruminsjoined
17:21:40  * dubroy__________joined
17:30:58  * ferossquit (Ping timeout: 250 seconds)
17:32:01  * ferossjoined
17:43:46  * warbrett_joined
17:44:16  * h0x00aquit (Ping timeout: 264 seconds)
18:01:18  * ogdquit (Ping timeout: 250 seconds)
18:02:28  * ogdjoined
18:03:04  * rwaldronquit (Remote host closed the connection)
18:42:28  * warbrett_quit (Ping timeout: 250 seconds)
18:45:53  * warbrett_joined
19:47:15  * warbrett_quit (Quit: Connection closed for inactivity)
20:47:26  * phatedjoined
22:08:16  * phatedquit (Ping timeout: 264 seconds)
22:08:40  * contrahaxquit (Quit: Sleeping)
22:16:04  * yoshuawuytsquit (Ping timeout: 264 seconds)
22:17:15  * yoshuawuytsjoined
22:17:16  * ferossquit (Ping timeout: 264 seconds)
22:18:13  * ferossjoined
22:40:13  * phatedjoined