How do you use a bearer URL?

from Neil Madden [alt+shift+b] in technology

In “Towards a standard for bearer token URLs”, I described a URL scheme that can be safely used to incorporate a bearer token (such as an OAuth access token) into a URL. That blog post concentrated on the technical details of how that would work and the security properties of the scheme. But as Tim Dierks […]

over a year ago

Remove from reading list Add to reading list [alt+a] Read now [→]

Improve your reading experience

Logged in users get linked directly to articles resulting in a better reading experience. Please login for free, it takes less than 1 minute.

More from Neil Madden

The square roots of all evil

Every programmer knows Donald Knuth’s famous quote that “premature optimization is the root of all evil”, from his 1974 Turing Award lecture (pdf). A fuller quotation of the surrounding context gives a rounder view: I am sorry to say that many people nowadays are condemning program efficiency, telling us that it is in bad taste. […]

4 months ago • 31 votes

Digital signatures and how to avoid them

Wikipedia’s definition of a digital signature is: A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient. —Wikipedia They also have a handy diagram of the process […]

7 months ago • 19 votes

Machine Learning and the triumph of GOFAI

I’ve been slowly reading Brian Cantwell Smith’s “The Promise of Artificial Intelligence” recently. I haven’t finished reading it yet, and like much of BCS’s writing, it’ll probably take me 3 or 4 read-throughs to really understand it, but there’s one point that I want to pick up on. It is the idea that “Good Old-Fashioned […]

10 months ago • 22 votes

Galois/Counter Mode and random nonces

It turns out you can encrypt more than 2^32 messages with AES-GCM with a random nonce under certain conditions. It’s still not a good idea, but you can just about do it. #cryptography

11 months ago • 20 votes

SipHash-based encryption for constrained devices

I see a lot of attempts to define encryption schemes for constrained devices with short authentication tags (e.g., 64 bits) using universal hashing. For example, there’s a proposal in CFRG at the moment for a version of AES-GCM with short tags for this kind of use-case. In my (admittedly limited) experience, these kinds of constrained […]

11 months ago • 16 votes

More in technology

The Intuit vs the government cage fight

Daniel Boguslaw: Intuit, Owner of TurboTax, Wins Battle Against America’s Taxpayers Even when the Biden administration broke through in the Inflation Reduction Act to fund a pilot program for Direct File, which expanded to 25 states this tax season, Intuit didn’t stop fighting. Instead, it continued

5 days ago • 7 votes

Eurorack Knob Idea

[Hardware] An idea for knobs for synthesizers.

5 days ago • 14 votes

Robot Dexterity Still Seems Hard

You can’t throw a rock these days without hitting someone trying to build humanoid robots.

5 days ago • 12 votes

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)

As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will. No heist story

5 days ago • 12 votes

Reflecting

I know there’s been a lot of frustration directed at me specifically. Some of it, I believe, is misplaced—but I also understand where it’s coming from. The passing of Pope Francis has deeply impacted me. While I still disagree with the Church on many issues, he was the Pope who broke the mold in so … Continue reading Reflecting →

5 days ago • 10 votes

New here?