so many of these Authentication providers have a hockey stick pricing scheme, where the first few users are near free and when you grow you are going to get mugged and kicked in the groin.
it's open source, if you self-host it's free
Readit Newsgrahameb commented on Emailing a one-time code is worse than passwords blog.danielh.cc/blog/pass... · Posted by u/max__dev
grahameb commented on Emailing a one-time code is worse than passwords blog.danielh.cc/blog/pass... · Posted by u/max__dev
I recently set up passkey-only sign ins for a webapp I'm writing using Authentik [0](Python OIDC provider, with quite a nice docker-compose run-up, took only minutes to stand up.) It was surprisingly easy to configure everything so that passkeys are the only thing ever used.
If anyone would be interested I could write it up? I was surprised what a nice user flow it is and how easy it was to achieve.
grahameb commented on Fun with gzip bombs and email clients grepular.com/Fun_with_Gzi... · Posted by u/bundie
I ran into one of these in the very early 00s; was working at a university (back in the days when a couple of people would run all the central servers, running Linux on beige PCs.) We had some anti-spam/AV software that looked at every incoming email hooked into Postfix, and the server kept running out of disk space.
Eventually tracked it down to an email which contained a zip of stock trading data – just the three letter stock code and the shift. It wasn't malicious, it just had an extraordinarily high compression ratio!
The complaint that OOXML was overly complex was a criticism when Microsoft first introduced the format, but as you point out, it needed to be able to handle decades of old formatting rules back then already. While I'm sure that there are stuff in the format that Microsoft made needlessly complex, one has to remember that they still need to be able to maintain the code, so throwing in to many roadblocks for open source developers would likely come back to haunt them. Still we know they did just that with SMB, so why not with OOXML.
What surprises me is how well LibreOffice handles various file formats, not just OOXML. In some cases LibreOffice has the absolute best support for abandoned file formats. I'm not the one maintaining them, so it's easy enough for me to say "See, you managed just fine". It much be especially frustrating when you have the OpenDocument format, which does effectively the same thing, only simpler.
A friend had a book she'd written in a Mac version of word from the early 90s; none of the current Microsoft versions of Word (windows, mac, web) would read it, but Libreoffice worked fine, so a little script later using Libreoffice's CLI tools and it was all converted, pretty much intact.
This is very bold because passkeys haven't been the smoothest ride so far. There are many inconsistencies in implementations among platforms. For example, many websites use passkeys as an alternative sign-in option, and let you keep your password login. So, you remain susceptible to phishing despite having a passkey on your account. Recovery flows are inconsistent too.
I applaud Microsoft because a big player had to go all-in into passwordless authentication. I'm sure it won't be painless, but it might push others to adopt the approach eventually.
There's still a dearth of support in commonly used open source backend frameworks, too – and, at least after looking a bit the other day, I couldn't find much in the way of documentation on the standard flows. I was hindered a little in searching by SEO spam from various companies offering APIs to deal with users/passkeys for me as a service.
grahameb commented on Quarkdown: A modern Markdown-based typesetting system github.com/iamgio/quarkdo... · Posted by u/asicsp
grahameb commented on Quarkdown: A modern Markdown-based typesetting system github.com/iamgio/quarkdo... · Posted by u/asicsp
You can use typst locally and bypass the commercial bits. It is really easy to create different kinds of documents with it. I have been using it to create slides and handouts, and for that I already find it much easier to use than the alternatives.
Can you make slides and handouts from the same primary document? That'd save me an inordinate amount of time for some church use-cases.
grahameb commented on Plain – a web framework for building products with Python plainframework.com/... · Posted by u/brylie
Related, "Django's REST (Framework) Problem" — https://news.ycombinator.com/item?id=43510495
I'm not sure that many people who rely on Django Rest Framework are aware that last month the bug tracker was made private and the project is looking for new maintainers.
I love Django but the project needs to go through something similar to Angular's renaissance (and Angular needs to learn from Django docs.) I'd love to help but it seems that most of the efforts to address the issue have been stalled in committee.
A fork probably isn't the answer but something needs to be done. If it's a money issue, pass the plate! Whenever I talk to Django devs about contributing the feeling that I'm left with is that I could put in years of work, jump through every hoop, and at the end of it they may still say "We're not sure."
The feeling that I've gotten is that the Django dev community is very small and tight-knit. Whenever I've talked about helping out on various projects I've walked away with the feeling that their friend is handling it and they'd rather leave them to it. The community has been trained, through years of reinforcement, to wait instead of getting involved.
Yep – I've been using Django since 2007. The big win used to be the admin, ORM, database migrations... but now oddly enough a lot of that has become a pain. I'm someone who knocks small solutions together for fun or to scratch and itch, so I'm looking for low maintenance. The problem I need solved has shifted and now Django is too much boilerplate (APIs and models are perhaps too distant as concepts), and too much maintenance work. Auth is perhaps underemphasised as an area for improvement. The built in auth isn't really fit for purpose anymore, and the various extensions for federation / passkeys take work to integrate and change a lot.
None of this is to write off Django or the people who've worked on it: I'm genuinely grateful for the framework. It's let me build open source things that help people out. The typical problems most of us standing up small-to-medium solutions need solved by a backend have just shifted underneath the framework, and it hasn't had the resourcing to keep up.
I've been looking at Pocketbase as a replacement. I think I'd prefer something that uses Postgres rather than sqlite, but it's pretty awesome as a solution for those two or three day projects, and the maintenance burden looks like it's pretty low on an ongoing basis.
How the hell does NOBODY understand that everything you enter into a textbox on the internet will get sent to a server where somebody(es) you certainly do not know or trust will get to read what you wrote?
How the fck do people (and ones working in security-sensitive positions no less) treat ChatGPT as 'Dear Diary'?
I have a rather draconian idea - websites and apps should be explicitly required to ask permission when they send your data somewhere to tell you where they send your data and who will get to see it, store it, and with what conditions.
I'd like to be able to say, as a page / site, "disable all APIs that let this page communicate out to the net" and for that to be made known to the user.
It'd be quite handy for making and using utility pages that do data manipulation (stuff compiled to wasm, etc) safely and ethically. As a simple example, who else has pasted markdown into some random site to get HTML/... or uploaded a PNG to make a favicon or whatever.