Oud is exceptional. I highly recommend anyone wanting to explore beyond western perfumes to check out www.ensaroud.com - there's some really fantastic descriptions of olfactory notes too.
The bloom and trail effect given by ambergris is replaced with ambroxan, however combining ambroxan and ambrinol does little to recreate a "real" ambergris odour. Those may thousands of other molecules, while perhaps only <5%, give a very distinctive and unique odour. It's like a rich leather bag that's been floating in the ocean for +30y - salty, marine, animalistic, musky and leathery all in one.
Why not? Most browsers are slowing pushing password managers on users and the experience is lovely.
Register:
1. I click the password field.
2. I click "use autogenerated password"
3. Sign up.
For login:
1. Click "login".
The magic link experience is comparatively awful:
1. My email address never auto-fills so I need to click the field and select the completion suggestion. This is even worse if I am using a per-site email address.
2. Click login.
3. Go to my email.
4. Most often wait a few seconds.
5. Click the link. (add extra steps if I want to open in a private window or container tabs, or tons of pain for a different device)
6. Delete the email.
7. Find the new tab.
8. Maybe drag it to the right location in the tab bar or the right window.
And that is assuming that my email providers likes your email and it doesn't get greylisted, put in spam or even outright rejected.
If you'd take a passwordless login with FIDO2 (now promoted "Passkeys" by Apple and Google) it would mainly require to use FaceID / Windows Hello / Fingerprint / PIN ... or whatever your devices deem necessary. Could be used on any and cross-device.
This may be a good future. But it seems like this isn't available to most people on most browsers yes. Especially if you want to sync across ecosystems.
I like how tangible passwords are. Even with a password manager I can write them on a piece of paper, store then in a vault and enter them into a new computer. My grandmother understands this process.
The key-based systems are basically magic. Magic that works great as long as you are inside the defined parameters on supported devices. I think it will be years after the "first baked release" before we see relatively user friendly manual backup and restore. Something this is second nature in most password managers.
I'm glad that your grandmother uses a password manager. We actually had a lot of feedback from teens and children and the concept of MFA/2FA seems to be hard to understand for less technical people. We were surprised by the actual understanding after some user research.
Yes, availability on all browsers and devices is not yet up to 100%. I hope to see a fast adoption, but agree that it could actually take some time. I use Passkeys on a daily basis for the last ~1.5 years wherever possible and won't go back anytime soon :)
Chrome supports a webauthn solution built-in if you don't have windows/platform authentication support. I think Firefox does too, and probably even Safari on really old machines. If you are targeting semi-modern browsers and devices made in the last 5-10 years, you should be fine.
Yes. To my knowledge WebAuthN works great on Chrome, Safari, Firefox (most times) on MacOS/iOS and Windows devices. Linux is still an issue unfortunately as it seems.
This is a perfect HN user response. You are a power user; "This is even worse if I am using a per-site email address" - no one does this. The majority of people are normal.
Need some more straw for your strawman there? I can't take this comment seriously when you misrepresent both approaches so badly.
There are legitimate downsides to magic links but this isn't realistic. Do you not have to enter email on register? Where is the email confirm step for password signup? Finding the tab you just opened and dragging it... really? All of that happens on first signup as well. And the comment you are replying to is talking about a 1-2 times a year process, is a magic link really so difficult to use twice a year?
> Where is the email confirm step for password signup?
Good point, most websites will want to confirm the email address. I didn't include that.
> Finding the tab you just opened and dragging it... really?
Yes, I like to keep my tabs organized. I'm not even a tree-sytle-tabs user but at least want to get the right window. The point is that magic links disrupt my in-browser workflow with switching between apps and opening links in new tabs.
> is a magic link really so difficult to use twice a year?
No, but it is still more difficult than a password multiple times a year. Neither of these have a yearly cost so it doesn't really matter how often you do them. I wouldn't use "only twice a year" to justify that people can come to our office in person to authenticate over a magic link.
You specifically complained about having to enter your email on the magic link flow:
> 1. My email address never auto-fills so I need to click the field and select the completion suggestion. This is even worse if I am using a per-site email address.
> > is a magic link really so difficult to use twice a year?
> No, but it is still more difficult than a password multiple times a year. Neither of these have a yearly cost so it doesn't really matter how often you do them. I wouldn't use "only twice a year" to justify that people can come to our office in person to authenticate over a magic link.
Yearly costs to who? The user? I guess there isn't really a cost to them other than storing/keeping the password but there is absolutely a cost to the developer and I'm not talking about the cost of storing a hashed/salted password in the DB itself. There is a cost to build and maintain a password-based system. It means implementing and maintaining a number of things like your salt, password complexity requirements, password reset flow, and more like you going to use something like HaveIBeenPwned's hash list to make sure people aren't using known passwords?
Passwords are not zero-cost and have ongoing concerns. I'm not saying magic links are always or even often the best choice, just that they do have a perfectly valid use-case.
> but there is absolutely a cost to the developer and I'm not talking about the cost of storing a hashed/salted password in the DB itself. There is a cost to build and maintain a password-based system.
Seriously ... if today's developers are unable or unwilling to learn about basic hashing/salting and database storage/value comparison, and consider such concepts 'costly' ... we may have passed the zenith of technological advancement, and are in a 'downfall of the Roman Empire' phase. Have some pride in your work.
> It means implementing and maintaining a number of things like your salt, password complexity requirements, password reset flow, and more like you going to use something like HaveIBeenPwned's hash list to make sure people aren't using known passwords?
Do you reinvent the wheel whenever you need to drive somewhere? these things mostly are already baked into most frameworks, and if they are not, most developers build something like this once, and reuse.
> [Magic Links] they do have a perfectly valid use-case.
Annoying customers and forcing them out of your business into the willing hands of your competition?
It's amazing how you, knowing nothing about my stack/use-case can speak with such authority. Going as far as to assume that we must be in a "'downfall of the Roman Empire' phase" because I see value in magic links and because I don't want to implement password support, again, in a product you know nothing about.
I have a very good reason for picking magic links, also the codebase for my project does not ruse a framework (there exist no good ones in the space I'm in) but instead of being curious you decided to be condescending. Cool.
> You specifically complained about having to enter your email on the magic link flow:
For logins yes:
> My email address never auto-fills so I need to click the field and select the completion suggestion. This is even worse if I am using a per-site email address.
My email always autofills for regular login forms. Maybe this is a bug in my browser but either way it is an inconvenience that I face.
> implementing and maintaining a number of things like your salt, password complexity requirements, password reset flow
If you are using any halfway popular language there is a library that does all of this for you. In fact it is probably easier to use a pre-packaged library than for magic links, but I'm sure those libraries could appear if magic links become more popular.
Why is it that starting a tech start up is seen as an uber difficult task often resulting in burnout while starting a business in a technical occupation such as electrical or refrigeration is (seemingly) less risque? Surely there are a plenty of opportunities where rather boring software can be applied to business problems. Does it always need to be a monumental technical accomplishment to create a success?
The difference is in the HN-style (and Bay Area) understanding of the word "startup", which is focused on hyper growth at all costs or bust. Starting a small business in something like HVAC is very different in that you typically start small, with relatively low ambition, and grow the business organically over a long period of time. The latter is definitely difficult and sometimes stressful, but not in the same way as when you have investors pushing you to bump your revenue up by 10x in the next year or gtfo.
There was an article on HN about extremely successful Mormon startups. Interesting that they all manage to leave the office at 5pm (because they all have 6 kids) and build multi-billion dollar businesses.
Would you mind linking? I'd love to read that article. I've anecdotally begin to notice more and more B2B startups from Utah make it onto the map that fit just that profile.
starting a startup is not the same as starting a business. By definition a startup is a type of business whose business model is not yet proven. So you end up with 2 types of risks in a startup - the normal risk of starting a business (like the electrical engineer), as well as business model risk where the model may prove to be unprofitable.
If you're starting an electrical company, you're probably using off the shelf components and using tried and trusted techniques to install them. A tech startup is more closely equivalent to a company designing new electrical components. I wonder how many of those fail?
Startup are (almost) never profitable when they "start up". Hence they need to raise money through investors until they grow enough to develop a mature, profitable product. Delivering this product can take years and require a large workforce. In the meantime the company still needs to pay the employees and creditors.
Traditional businesses like electricians start with a typical business plan. They might need to borrow some cash at the beginning but if the business plan is spot on, they'll start making money quickly, enough to cover the costs and make profit.
The author has agreed elsewhere in this thread that he’s basically writing about taking VC money.
That being said, the advice applies elsewhere. My dad was a physician in US military and then decided to open up a private practice. He spent decades running a business where he was the sole source of revenue, and as far as I can tell hated dealing with any aspect of it that wasn’t direct patient care. He eventually joined a larger physician group and was much happier in his job.
The term "startup" here implies that you're building technology to provide a scalable product or service. Starting an electrical or similar contracting company is more like going freelance than working on a "startup". You're directly selling your hours so it's very accessible and easy to bootstrap, but scaling it up is far harder.
The tax burden has been moved from corporations and the upper class to the middle. Perhaps changing that dynamic would be more useful than spouting memes which support your own detriment.
The American laissez faire system seems to be falling apart at the seams. Power and wealth is becoming more concentrated while seeking to solidify that position through limiting the freedoms of the lower classes.
Regular people are burdened with student debt and health care costs all within a back drop of little to no social support. Unions striking for better working conditions have their corporate controlled health insurance stripped away. Banks write balance sheets as they see fit, devaluing your wealth and causing financial crises. The list goes on.
Being forced in to wage slavery to survive in this system doesn't sound particularly free.
> Being forced in to wage slavery to survive in this system doesn't sound particularly free.
That's like saying I was forced into heroin addiction because I felt bad. Let's be real for a second: people have choices, and the concept of being forced to do something or be something simply does not exist. Or, alternatively, you could say that everyone is forced to do everything they do. But either way, it means the same thing.
That doesn't excuse the contradictions. One can't expect a new system to be planned out and solve every problem. Anarchism seems to offer a methodology for moving towards a fairer and just society which removes the contradictions inherent in a system of concentrated power.
Anarchism has its very own sloth of contradictions. If a society without power is established, someone will take power by force and/or guile and establish a new system of power that will not be anarchist in nature. Anarchism as a system is very instable -- read about the fate of the CNT during the spanish civil war for example.
Every system that is complex enough (societies are) will inevitable lead to contradiction. People do not act as in a model of society -- they will always find ways to break out of the model and subvert the ideal. This I think is the main reason left wing ideologies have lead to tyranny: If the citizen does not conform to the ideal of a model state, the state will need a secret-police apparatus to enforce this model.
Anarchism doesn't aim to establish a system without power. The example that a group would seek to rule through force and guile is very much true. In fact that group is already well established and indeed does use a militarised arm to enforce the model. Anarchism seeks to dismantle this, not enable it.
It's that part at the end there - "write it in AMD format, so that you could load it via require.js" - it just isn't straightforward. Why can I not just use it as is?
I know I'm being a bit silly silly here but it seems awfully difficult to get started. Too difficult if you ask me. Am I missing something fundamental?
I can certainly get there in the end but there are a lot of configuration tasks to get there.
Checked some of the available components and it seems like it should be possible to "just include" .js with the component and use in in the app. Not the best way to go about it as it is not that good of a practice, but possible nevertheless.
This is all about modules. It is a good programming practice to turn piece of code that can be used in multiple projects into the module, so that it is easier to load them up in the next project.
In node.js it is trivial - just like loading external modules in python (if you ever worked with it).
RequireJS is a tough nut, I give you that. That's mainly because of the asynchronous nature of the script loading on the web. Can't really recommend anything on the topic. I myself spent quite some time before it clicked.
