A neat pattern for web apps in AWS:

Log in a user with OIDC

Use the ID token with AssumeRoleWithWebIdentity to get STS creds

Use the `sub` identifier as a Role policy variable to grant access to namespaced resources in S3 or DynamoDB

This means your app can't access a user's data unless they're actually logged in *right now*. A great way to eliminate ambient authority and reduce blast radius.

See my awesome colleague @probablyfine's PoC: https://github.com/mrwilson/govuk-onelogin-webidentity-spike

signals

Permalink: https://wizardzines.com/comics/signals/

Open source bros, we need to stop shaming people for not using your inaccessible, unreliable, annoying software.

If you want to tinker with broken things for fun, stay in your bubble as much as you want!

If you are trying for widespread adoption, then yes, you need user research, usability, accessibility, testing, and documentation.

If that means having a code of conduct and getting rid of assholes so you can recruit a wider range of contributers, deal with it!

None of this is off topic.

38 years and 8 months ago, Indiana Jones and the Temple of Doom, the action-adventure film directed by Steven Spielberg and starring Harrison Ford, is released, closer to World War II than to today.

https://en.wikipedia.org/wiki/Indiana_Jones_and_the_Temple_of_Doom
https://en.wikipedia.org/wiki/Steven_Spielberg
https://en.wikipedia.org/wiki/Harrison_Ford

Me, encountering literally any podcast recommendation:

"This sounds really interesting. I'd sure like to read a transcript of it instead of listening to it."

What is astroturfing? And why should we care?

We’ve embarked on a series of legal interventions focused on the opaque lobby groups based at Tufton Street: https://glplive.org/qen