HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mooreds

93,479 karmajoined 14 jaar geleden
Solver of business problems, usually with software.

Senior Director, CIAM Strategy & Identity Standards at FusionAuth / https://fusionauth.io/

Personal site: https://www.mooreds.com, [email protected], +1 720 560 8545 (email preferred).

@mooreds on Twitter. https://bsky.app/profile/mooreds.com on Blue Sky.

Editor/writer for https://letterstoanewdeveloper.com/

Writer at https://ciamweekly.substack.com/

LI: https://linkedin.com/in/mooreds

meet.hn/city/us-Boulder

Submissions

State of Kubernetes Networking Report 2026

docs.google.com
1 points·by mooreds·1 uur geleden·0 comments

Security settings every GitHub maintainer should enable this week

github.blog
1 points·by mooreds·4 uur geleden·0 comments

Old Car Racing Photos (2021)

toni.org
1 points·by mooreds·4 uur geleden·1 comments

OmFest Interest Form

docs.google.com
3 points·by mooreds·5 uur geleden·0 comments

MCPA: The First Official Certification for the Model Context Protocol

aaif.io
1 points·by mooreds·5 uur geleden·0 comments

Navigating the 47-Day SSL/TLS Certificate Validity Era

globalsign.com
1 points·by mooreds·9 uur geleden·0 comments

Flavor Flav and Paris Hilton team up to handle US women's hockey team travel

bsky.app
1 points·by mooreds·gisteren·0 comments

Total Construction Spending: Manufacturing in the United States

fred.stlouisfed.org
3 points·by mooreds·gisteren·0 comments

Victor Marx wins Colorado's three-way Republican primary for governor

coloradosun.com
4 points·by mooreds·gisteren·2 comments

What the New Executive Order Means for Secure Software Delivery in Government

rise8.us
17 points·by mooreds·gisteren·3 comments

How to Start a Ruby Meetup

guides.rubyevents.org
71 points·by mooreds·gisteren·24 comments

What could data centres look like in 2055?

news.lenovo.com
2 points·by mooreds·gisteren·0 comments

A Roadmap to Finding, Onboarding, and Training a Virtual Assistant

tavlinconsulting.gumroad.com
1 points·by mooreds·gisteren·0 comments

Intelligent MFA Should Challenge Risk, Not Loyal Customers

fusionauth.io
1 points·by mooreds·gisteren·0 comments

LeadDev AI Impact Survey

research.net
2 points·by mooreds·eergisteren·0 comments

Is it ethical to use AI?

charity.wtf
2 points·by mooreds·eergisteren·0 comments

Viability of Local Models for Coding

martinfowler.com
2 points·by mooreds·eergisteren·0 comments

Auto compiles recorded LLM-agent behavior into verified WASM binaries

github.com
2 points·by mooreds·eergisteren·0 comments

Athenz vs. Spire Comparison

athenz.io
2 points·by mooreds·eergisteren·0 comments

[untitled]

1 points·by mooreds·eergisteren·0 comments

comments

mooreds
·gisteren·discuss
I wrote up some related thoughts on wrangling speakers: https://www.mooreds.com/wordpress/archives/3283
mooreds
·gisteren·discuss
I thought the same thing. What changed, if anything?
mooreds
·eergisteren·discuss
Wait, what? Is this switching on user agent or something?
mooreds
·3 dagen geleden·discuss
That one is timeless.
mooreds
·3 dagen geleden·discuss
Earliest known labor strikes.
mooreds
·3 dagen geleden·discuss
That's a great analogy. My only addition would be the nuance of that data modelling is way more flexible than authentication (and this is said as someone who is continually surprised by the business requirements, standards, and complexities of auth). Data modelling, after all, needs to handle the entirety of reality (at least what can be mapped to a computer). So you're more likely to outgrow it.

I've heard plenty of stories of folks moving from homegrown auth to a off-the-shelf solution, but that's because I'm in the off-the-shelf auth space.

It'd be super interesting to hear stories of folks who went the other way, and outgrew their service provider's auth.
mooreds
·3 dagen geleden·discuss
Oh man, it really depends(tm). If you are building a small internal app, sure, but you'd often still be better off leveraging a social provider or employee directory.

I work in the auth space (for FusionAuth) and we run into plenty of folks that started out rolling auth themselves. Just username and password right? A bit of hashing, salting and leveraging a built-in crypto library.

But then you need to add account recovery. And then MFA. And then registration. And then progressive registration. And then webhook integration. And then passkeys. And then SAML integration. And the delegated SAML setup. And then and then and then.

You're distracted from your core application by feature requests for your login system.

You have lots of options nowadays. Use a library provided by your framework (Rails, Spring, and Django have them), use a tool like Better Auth, use a third party system like FusionAuth or Auth0. But don't build undifferentiated functionality that impacts your user experience.

PS Of course, where I stand depends on where I sit, but I firmly believe that you should not build an auth system the same way you should not build a database.
mooreds
·3 dagen geleden·discuss
Congrats to Better Auth. I'm in the auth space and see all kinds of things.

Anything that makes it easier for developers to build secure applications is a win!
mooreds
·4 dagen geleden·discuss
> Camarota does raise a fair point: US-born children of immigrants would not exist in the United States had their parents not immigrated. If the goal is to estimate the total fiscal effects attributable to immigration, then including those children alongside their parents is a reasonable exercise. Of course, that argument also means we should include the grandchildren of immigrants in the analysis because they wouldn’t be here without immigrants either. Great-grandchildren too. On second thought, Camarota doesn’t have such a good argument.

Nice bit of shade.
mooreds
·4 dagen geleden·discuss
Yeah, other than that one thing, this was a great intro to MCP auth.
mooreds
·4 dagen geleden·discuss
Enjoying this so far.

> The MCP authorization spec is written entirely around user-delegated flows and does not define a machine-to-machine grant at all.

is slightly wrong. There's a blessed extension: https://modelcontextprotocol.io/extensions/auth/oauth-client...
mooreds
·4 dagen geleden·discuss
https://archive.is/EZMV8
mooreds
·4 dagen geleden·discuss
https://archive.is/DM0Tc
mooreds
·4 dagen geleden·discuss
Yeah, the small bits of sand in the gears is something that is hard to sell when you allocating engineering effort. But it adds up over time.

It makes the difference between a tool that is a pleasure to use and one that causes dread.
mooreds
·5 dagen geleden·discuss
This is my favorite article on the different ways to use AI.

https://danielmiessler.com/blog/keep-the-robots-out-of-the-g...
mooreds
·6 dagen geleden·discuss
FusionAuth | Principal Software Engineer, Senior Java Engineer - Cloud, Account Executive | Varies between REMOTE (in USA, also in Europe but only for the account exec position) and ONSITE in Denver, CO, USA, details in each job desc | Salary ranges for the Principal Software Engineer it is 225k-270k, but the Euro positions don't have them :(

At FusionAuth, our mission is to make authentication and authorization simple and secure for every developer building web and mobile applications. We want devs to stop worrying about auth and focus on building something awesome.

There are a lot of companies in the auth space, but we feel like we have something special:

* a relatively unique deployment model (self-host on-prem, run in your cloud or let us operate it for you in ours)

* A well designed API first approach; one customer compared our APIs to petrichor

* a mature product (the code base is nine+ years old and we've found and fixed a lot of the sharp edges around core login use cases; but don't worry, there are plenty more features to add)

* a full featured free-as-in-beer version which makes the sales cycle easier; prospects often come in having prototyped an integration

Our core software is commercial. We open source much of our supporting infrastructure. Technologies and standards that you will work with: modern Java, PostgreSQL, Docker, Kubernetes, MySQL, OAuth, SAML, OIDC.

Learn more, including benefits and salaries, and apply here: https://fusionauth.io/careers/ ( Click/tap the 'View open positions' orange button. )
mooreds
·7 dagen geleden·discuss
> it just makes the handoff between myself and the agent feel more seamless.

This terrifies me because there's no way for the services on the other side of the browser to know who is doing what.

How do you constrain the agent?

How do you keep track of what you have done vs the agent?

What am I missing? Am I just behind the times?

Edit, added reference to what terrifies me.
mooreds
·11 dagen geleden·discuss
Thanks, I changed it from

Native American Tribes Came Together to Secure Their Rights to Colorado River Water.

to

Native American Tribes Secured Rights to Colorado River; States Are Stalling
mooreds
·11 dagen geleden·discuss
https://archive.is/3YaGo
mooreds
·11 dagen geleden·discuss
That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.