If a service offers "Login with Google/Apple/Facebook/etc" you should never do that if they offer a username/password. It just increases the single point of failure. Avoid places that only offer the "Login with Foo" if at all possible (looking at you Tailscale).
As an ex-googler, the only reason I was comfortable keeping even my personal email there was because I could reach out internally if there was a problem. I left Google, and left gmail behind too.
I genuinely feel like there is something happening where hackernews articles come in bunch/reference-to-each-other :]
So one of the comments on one hackernews post on front-page almost somehow always refer to something within a hackernews post on the same front-page. I have seen this witnessed too many times that it might be time to name this phenomenon.
> Avoid places that only offer the "Login with Foo" if at all possible (looking at you Tailscale).
Tailscale is the only serious company that I can ever recall offering /only/ third party login. It's bit bizarre on the face of it. Anyone know the reason?
Curious isn't it, especially as it's such a bad fit for their product - authenticating with GitHub in order to ssh made the whole thing so much more painful than it needed to be. I subsequently tried switching to using a passkey when that became an option, but it's not possible to make the passkey user the owner of a tailnet created by a GitHub org user, so I'm stuck with two users in my Tailscale and can't delete the GitHub org user. It's the main thing that keeps me looking for a reliable alternative to Tailscale.
I think I read somewhere (but could be wrong) that it was because they didn’t want to own any “authentication” services. Their infrastructure was zero trust (as in they don’t hold any passwords or private keys), just a discovery server for different devices.
My other annoyance lately is companies that don't let you set a password. It's either passkey only (which I'm not sold on, yet), or "we'll email you a login link". Great, now I have to wait for the email to show up, click the link, hope it doesn't expire if I get distracted while waiting, and then also delete your emails, sometimes multiple times a day?
"Login via email code" is also a nightmare on Android. Android regularly kills any processes that are not in the foreground, so I recently went through a whole ordeal trying to login to the MLB app: it requires me to type in an email code, I switch to my email client, get the code, go back to the MLB app, and the page reloads (because it was killed in the background) requiring me to request a NEW email code. I tried this literally five times, going as fast as I could; it seems like it was just deciding to kill the browser process as soon as I switched to the email client, no matter what. This is mostly Android's fault but it's insane and I don't get why I don't hear people complain about this more often
We offer Login with Google and Login with Facebook on our apps. The fun part is both FB and Google started blocking Selenium and any other automated agents from logging in. So basically there's no way to run end to end tests that confirm the login flows using FB or Google, which have wrinkles that our normal login doesn't hit.
> We offer Login with Google and Login with Facebook on our apps.
This has the nefarious side effect of allowing Google or Facebook to track people across the Internet and apps. Webmasters like you are, often for no imperative reason, complicit of this by providing such login options.
App developers have repeatedly stated that offering those options increases user account creation. There is lower friction to using “login with <big tech>” than to create username/password creation flow. My guess is that most of the world hasn’t figured out a password manager workflow that works for them (or they aren’t willing to pay for it).
I work for a university. It came down as a requirement from above because our most important users are older (rich) donors who struggle with even basic login.
This is an issue that regulators need to address. Asking small businesses to forego the significant impact on their business of not implementing common features that users demand is not a good solution to public policy failures.
I don’t know what the exact revenue/growth difference is, but if my paycheque depended upon getting more users to sign up, I don’t think I could justify making it into a political stance when Google isn’t going to notice my tiny boycott.
The post was fixed about 30 seconds after making it - due to the *s being interpreted as italics. It is a shame there isn't a preview button when composing posts.
There's a new field in your profile called delay. It's the time delay in minutes between when you create a comment and when it becomes visible to other people. I added this so that when there are rss feeds for comments, users can, if they want, have some time to edit them before they go out in the feed. Many users edit comments after posting them, so it would be bad if the first draft always got shipped.
Delay is initially 0. The maximum effective value is 10. It only applies to comments.
Does any service offer hosted Forgejo Actions Runners? Or Forgejo compatible CI?
I want to pay for CI on my Codeberg projects, but I've been struggling to find something where I can just pay by the minute. I have projects that benefit from large CI runners but my usage is low enough that it makes no sense to host my own.
I seem to recall the Carriers having some pretty strict requirements on the devices that can connect to the mobile networks. Anyone know if that's (still) the case?
I'm not trying to defend Apple here, I'm just curious if there would be some kind of carrier validation issues if you slapped a full desktop OS on a phone.
I doubt that's the issue. Phones already have a baseband processor and OS in control of the modem. Also evidence if viability is all the Windows laptops with WWAN.
You can connect to 4G with your root-enabled Linux PC and a USB dongle or minipci module. Carriers don't care about your application processor, they only care about the baseband. In the case of a smartphone, you can have root access and still run the Qualcomm closed blob firmware that will drive the baseband
It's good to see this getting some continued development. I looked into it last year[1] and I thought it showed a lot of promise so I've been very disappointed that I never saw a newer model.
I think this approach is not so interesting because it's just quantization of a full precision model. So it speeds up inference (at a quality penalty) but not training. It would be more interesting to train an actually binary model directly, without any floating point multiplication, like in this paper: https://proceedings.neurips.cc/paper_files/paper/2024/hash/7...
I don't think that the suggestion is true, but it's far from outlandish. Are you seriously suggesting the US president rugpulled his supporters with crypto? Are you seriously suggesting the entire US government and academia is tied to a sex trafficking ring? Are you seriously suggesting that the current US president's cabinet contains 20 appointees whose main qualification is being Fox News personalities? Etc etc.
lol fair enough. I only meant that in this case the amount is so small as to be insignificant. If you can choose when the US/Israel bombs Iran then 500k is nothing.
I don't think Trump himself is making the call based on making $500k, but if some dipshit 22-year-old sociopath is weighing in on which attack plan to go with, I think it's entirely possible that he might lobby for the one that most effectively lines his own pockets.
There are several companies I've seen that use a CLA primarily to sell AGPL exceptions so they can actually fund development, Element for example [1]. Some even word the CLA to require them to keep contributions available under an OSI-approved license.
I'm a fan of that model. IIt allows for a path to funding, a legal framework to keep contributed code open, and also allows them license agility to more permissive license ass needed. I've started using that for my own larger projects too.
Being able to sell AGPL exemptions is freeing themselves from the obligations of the AGPL. Fundamentally Element’s structure is the same as Minio’s in the lack of guarantee to external contributors that their changes won’t be incorporated into a closed source fork. So elements use of the CLA is standard rather than novel
As an ex-googler, the only reason I was comfortable keeping even my personal email there was because I could reach out internally if there was a problem. I left Google, and left gmail behind too.
reply