HackerLangs
トップ新着トレンドコメント過去質問紹介求人

mooreds

93,479 カルマ登録 14 年前
Solver of business problems, usually with software.

Senior Director, CIAM Strategy & Identity Standards at FusionAuth / https://fusionauth.io/

Personal site: https://www.mooreds.com, [email protected], +1 720 560 8545 (email preferred).

@mooreds on Twitter. https://bsky.app/profile/mooreds.com on Blue Sky.

Editor/writer for https://letterstoanewdeveloper.com/

Writer at https://ciamweekly.substack.com/

LI: https://linkedin.com/in/mooreds

meet.hn/city/us-Boulder

投稿

State of Kubernetes Networking Report 2026

docs.google.com
1 ポイント·投稿者 mooreds·1 時間前·0 コメント

Security settings every GitHub maintainer should enable this week

github.blog
1 ポイント·投稿者 mooreds·4 時間前·0 コメント

Old Car Racing Photos (2021)

toni.org
1 ポイント·投稿者 mooreds·4 時間前·1 コメント

OmFest Interest Form

docs.google.com
3 ポイント·投稿者 mooreds·5 時間前·0 コメント

MCPA: The First Official Certification for the Model Context Protocol

aaif.io
1 ポイント·投稿者 mooreds·5 時間前·0 コメント

Navigating the 47-Day SSL/TLS Certificate Validity Era

globalsign.com
1 ポイント·投稿者 mooreds·9 時間前·0 コメント

Flavor Flav and Paris Hilton team up to handle US women's hockey team travel

bsky.app
1 ポイント·投稿者 mooreds·昨日·0 コメント

Total Construction Spending: Manufacturing in the United States

fred.stlouisfed.org
3 ポイント·投稿者 mooreds·昨日·0 コメント

Victor Marx wins Colorado's three-way Republican primary for governor

coloradosun.com
4 ポイント·投稿者 mooreds·昨日·2 コメント

What the New Executive Order Means for Secure Software Delivery in Government

rise8.us
17 ポイント·投稿者 mooreds·昨日·3 コメント

How to Start a Ruby Meetup

guides.rubyevents.org
71 ポイント·投稿者 mooreds·昨日·24 コメント

What could data centres look like in 2055?

news.lenovo.com
2 ポイント·投稿者 mooreds·昨日·0 コメント

A Roadmap to Finding, Onboarding, and Training a Virtual Assistant

tavlinconsulting.gumroad.com
1 ポイント·投稿者 mooreds·昨日·0 コメント

Intelligent MFA Should Challenge Risk, Not Loyal Customers

fusionauth.io
1 ポイント·投稿者 mooreds·昨日·0 コメント

LeadDev AI Impact Survey

research.net
2 ポイント·投稿者 mooreds·一昨日·0 コメント

Is it ethical to use AI?

charity.wtf
2 ポイント·投稿者 mooreds·一昨日·0 コメント

Viability of Local Models for Coding

martinfowler.com
2 ポイント·投稿者 mooreds·一昨日·0 コメント

Auto compiles recorded LLM-agent behavior into verified WASM binaries

github.com
2 ポイント·投稿者 mooreds·一昨日·0 コメント

Athenz vs. Spire Comparison

athenz.io
2 ポイント·投稿者 mooreds·一昨日·0 コメント

[untitled]

1 ポイント·投稿者 mooreds·一昨日·0 コメント

コメント

mooreds
·昨日·議論
I wrote up some related thoughts on wrangling speakers: https://www.mooreds.com/wordpress/archives/3283
mooreds
·昨日·議論
I thought the same thing. What changed, if anything?
mooreds
·一昨日·議論
Wait, what? Is this switching on user agent or something?
mooreds
·3 日前·議論
That one is timeless.
mooreds
·3 日前·議論
Earliest known labor strikes.
mooreds
·3 日前·議論
That's a great analogy. My only addition would be the nuance of that data modelling is way more flexible than authentication (and this is said as someone who is continually surprised by the business requirements, standards, and complexities of auth). Data modelling, after all, needs to handle the entirety of reality (at least what can be mapped to a computer). So you're more likely to outgrow it.

I've heard plenty of stories of folks moving from homegrown auth to a off-the-shelf solution, but that's because I'm in the off-the-shelf auth space.

It'd be super interesting to hear stories of folks who went the other way, and outgrew their service provider's auth.
mooreds
·3 日前·議論
Oh man, it really depends(tm). If you are building a small internal app, sure, but you'd often still be better off leveraging a social provider or employee directory.

I work in the auth space (for FusionAuth) and we run into plenty of folks that started out rolling auth themselves. Just username and password right? A bit of hashing, salting and leveraging a built-in crypto library.

But then you need to add account recovery. And then MFA. And then registration. And then progressive registration. And then webhook integration. And then passkeys. And then SAML integration. And the delegated SAML setup. And then and then and then.

You're distracted from your core application by feature requests for your login system.

You have lots of options nowadays. Use a library provided by your framework (Rails, Spring, and Django have them), use a tool like Better Auth, use a third party system like FusionAuth or Auth0. But don't build undifferentiated functionality that impacts your user experience.

PS Of course, where I stand depends on where I sit, but I firmly believe that you should not build an auth system the same way you should not build a database.
mooreds
·3 日前·議論
Congrats to Better Auth. I'm in the auth space and see all kinds of things.

Anything that makes it easier for developers to build secure applications is a win!
mooreds
·4 日前·議論
> Camarota does raise a fair point: US-born children of immigrants would not exist in the United States had their parents not immigrated. If the goal is to estimate the total fiscal effects attributable to immigration, then including those children alongside their parents is a reasonable exercise. Of course, that argument also means we should include the grandchildren of immigrants in the analysis because they wouldn’t be here without immigrants either. Great-grandchildren too. On second thought, Camarota doesn’t have such a good argument.

Nice bit of shade.
mooreds
·4 日前·議論
Yeah, other than that one thing, this was a great intro to MCP auth.
mooreds
·4 日前·議論
Enjoying this so far.

> The MCP authorization spec is written entirely around user-delegated flows and does not define a machine-to-machine grant at all.

is slightly wrong. There's a blessed extension: https://modelcontextprotocol.io/extensions/auth/oauth-client...
mooreds
·4 日前·議論
https://archive.is/EZMV8
mooreds
·4 日前·議論
https://archive.is/DM0Tc
mooreds
·4 日前·議論
Yeah, the small bits of sand in the gears is something that is hard to sell when you allocating engineering effort. But it adds up over time.

It makes the difference between a tool that is a pleasure to use and one that causes dread.
mooreds
·5 日前·議論
This is my favorite article on the different ways to use AI.

https://danielmiessler.com/blog/keep-the-robots-out-of-the-g...
mooreds
·6 日前·議論
FusionAuth | Principal Software Engineer, Senior Java Engineer - Cloud, Account Executive | Varies between REMOTE (in USA, also in Europe but only for the account exec position) and ONSITE in Denver, CO, USA, details in each job desc | Salary ranges for the Principal Software Engineer it is 225k-270k, but the Euro positions don't have them :(

At FusionAuth, our mission is to make authentication and authorization simple and secure for every developer building web and mobile applications. We want devs to stop worrying about auth and focus on building something awesome.

There are a lot of companies in the auth space, but we feel like we have something special:

* a relatively unique deployment model (self-host on-prem, run in your cloud or let us operate it for you in ours)

* A well designed API first approach; one customer compared our APIs to petrichor

* a mature product (the code base is nine+ years old and we've found and fixed a lot of the sharp edges around core login use cases; but don't worry, there are plenty more features to add)

* a full featured free-as-in-beer version which makes the sales cycle easier; prospects often come in having prototyped an integration

Our core software is commercial. We open source much of our supporting infrastructure. Technologies and standards that you will work with: modern Java, PostgreSQL, Docker, Kubernetes, MySQL, OAuth, SAML, OIDC.

Learn more, including benefits and salaries, and apply here: https://fusionauth.io/careers/ ( Click/tap the 'View open positions' orange button. )
mooreds
·7 日前·議論
> it just makes the handoff between myself and the agent feel more seamless.

This terrifies me because there's no way for the services on the other side of the browser to know who is doing what.

How do you constrain the agent?

How do you keep track of what you have done vs the agent?

What am I missing? Am I just behind the times?

Edit, added reference to what terrifies me.
mooreds
·11 日前·議論
Thanks, I changed it from

Native American Tribes Came Together to Secure Their Rights to Colorado River Water.

to

Native American Tribes Secured Rights to Colorado River; States Are Stalling
mooreds
·11 日前·議論
https://archive.is/3YaGo
mooreds
·11 日前·議論
That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.