How /.well-known is your Issuer?

April 1, 2024 - 3 mins read

TL/DR: Never have an issuer claim with a path component. There’s an unintended interaction between the OIDC base specification, the OIDC Discovery specification, and the Well-known URI RFC, one which I think is fascinating because it creates a requirement which many implementors may have missed. The Problem Let me set it up for you in three quotes: REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case-sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.

OIDC Federation on a Grand Scale

November 10, 2023 - 3 mins read

Content Warning: Identity Nerd, snapshot 2023. The OIDC Federation Specification (draft) has been stuck in my brain for about a year now because it changes how I think about my job. On its surface, the concept is relatively simple: Provided that there is a federation of actors, it provides a method by which these actors can establish a common trusted root actor. A simple example might be that I claim that I’m Michael, but you have no reason to trust me.

Chakra Coasters

September 11, 2023 - 1 min read

A set of 7 coasters featuring the seven Chakra. The coasters are made out of birch plywood, stained in the appropriate color for each of the chakra. Each is backed by cork, and finished with clear, semi-gloss acrylic. Also available in plain black/natural.

Yin/Yang Coasters

August 15, 2023 - 1 min read

A set of coasters featuring Yin and Yang. The coasters themselves are made out of birch plywood, stained black for the Yin and left natural for the Yang. The coaster is backed by cork, and finished with clear, semi-gloss acrylic.

EV's, and the return of the Great American Road Trip

August 9, 2022 - 3 mins read

My family and I took a well-earned road trip back in the spring; two days in Portland, after which we picked up the kids and took them up to the Olympic Peninsula. We drove our EV, bought as a splurge after an unfortunate accident in February resulted in a car-shopping scramble. The trip itself was wonderful, yet more importantly, it made me really think about American Car Culture, and my own history.

How to write a Recommendation

April 14, 2021 - 2 mins read

Here’s a quick, three-paragraph template for writing a letter of recommendation. Don’t overthink it; these should be quick to read, and leave a strong positive feeling on behalf of the candidate. Paragraph 1: What are you doing, and why? The opening is a simple statement of what you are doing: “I am recommending [candidate] for [promotion/acceptance] to [level/program].” This is then followed by your reasoning; choose one or two qualities that represent the program they are applying for, and give an example about how they express this quality.

Free (as in Tier) OAuth2

April 9, 2021 - 3 mins read

Are services like Auth0 or Okta really worth paying for? For a business, perhaps; the overhead of paying for an auth-focused software engineer, as well as the operational overhead of monitoring, could very well be more expensive than handing over a credit card. However, if you have made the decision to host your own, it turns out you can do so on AWS’s Free tier, with only a few strategic technical choices.

Running a Successful Bug Bash

August 2, 2020 - 4 mins read

A bug bash, much like any coordinated effort, requires planning. Here’s a guide on how to get the most out of everyone’s time. Preparation Step 1: Collect your use cases This is where you scour all the documentation that has been generated – via wiki, tickets, discussions, meetings, designs, etc – and capture the use cases that your feature needs to satisfy. In a perfect world, this is a collation effort; in an imperfect world, you’ll be writing them by exploring your application.

The case for Edge on OSX & Linux

December 3, 2019 - 2 mins read

Ever since Microsoft Edge was leaked for OSX, I’ve used it. Not exclusively, however as a UI Architect it’s both my job and my hobby to keep an eye on the landscape. I’ve certainly gotten a lot of flack for it – both from friends and coworkers – however when presented with my reasoning, they all agree that it makes sense (though it’s often not for them). The reasoning is simple: I can keep my work browsing separate from my personal browsing.

Angular > React

October 17, 2018 - 5 mins read

I’ve been overseeing UI projects for … oh, decades now. I’ve shipped production applications in backbone.js, SproutCore, Angular 1, Angular 2, React/Redux, even going back to the old days of the Adobe Flex ecosystem with Cairngorm, PureMVC, and Parsley. I’m old, I’m grouchy, I’ve been around the block a few times, I’ve made all the mistakes. I still think Angular is better than React. Now, don’t get me wrong – I understand the appeal of React, and why Angular’s a tough sell (even though they can work together rather well).