HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mooreds

93,479 karmajoined 14 лет назад
Solver of business problems, usually with software.

Senior Director, CIAM Strategy & Identity Standards at FusionAuth / https://fusionauth.io/

Personal site: https://www.mooreds.com, [email protected], +1 720 560 8545 (email preferred).

@mooreds on Twitter. https://bsky.app/profile/mooreds.com on Blue Sky.

Editor/writer for https://letterstoanewdeveloper.com/

Writer at https://ciamweekly.substack.com/

LI: https://linkedin.com/in/mooreds

meet.hn/city/us-Boulder

Submissions

State of Kubernetes Networking Report 2026

docs.google.com
1 points·by mooreds·3 часа назад·0 comments

Security settings every GitHub maintainer should enable this week

github.blog
1 points·by mooreds·5 часов назад·0 comments

Old Car Racing Photos (2021)

toni.org
1 points·by mooreds·5 часов назад·1 comments

OmFest Interest Form

docs.google.com
3 points·by mooreds·6 часов назад·0 comments

MCPA: The First Official Certification for the Model Context Protocol

aaif.io
1 points·by mooreds·6 часов назад·0 comments

Navigating the 47-Day SSL/TLS Certificate Validity Era

globalsign.com
1 points·by mooreds·10 часов назад·0 comments

Flavor Flav and Paris Hilton team up to handle US women's hockey team travel

bsky.app
1 points·by mooreds·вчера·0 comments

Total Construction Spending: Manufacturing in the United States

fred.stlouisfed.org
3 points·by mooreds·вчера·0 comments

Victor Marx wins Colorado's three-way Republican primary for governor

coloradosun.com
4 points·by mooreds·вчера·2 comments

What the New Executive Order Means for Secure Software Delivery in Government

rise8.us
17 points·by mooreds·вчера·3 comments

How to Start a Ruby Meetup

guides.rubyevents.org
71 points·by mooreds·вчера·24 comments

What could data centres look like in 2055?

news.lenovo.com
2 points·by mooreds·вчера·0 comments

A Roadmap to Finding, Onboarding, and Training a Virtual Assistant

tavlinconsulting.gumroad.com
1 points·by mooreds·вчера·0 comments

Intelligent MFA Should Challenge Risk, Not Loyal Customers

fusionauth.io
1 points·by mooreds·позавчера·0 comments

LeadDev AI Impact Survey

research.net
2 points·by mooreds·позавчера·0 comments

Is it ethical to use AI?

charity.wtf
2 points·by mooreds·позавчера·0 comments

Viability of Local Models for Coding

martinfowler.com
2 points·by mooreds·позавчера·0 comments

Auto compiles recorded LLM-agent behavior into verified WASM binaries

github.com
2 points·by mooreds·позавчера·0 comments

Athenz vs. Spire Comparison

athenz.io
2 points·by mooreds·позавчера·0 comments

[untitled]

1 points·by mooreds·позавчера·0 comments

comments

mooreds
·вчера·discuss
I wrote up some related thoughts on wrangling speakers: https://www.mooreds.com/wordpress/archives/3283
mooreds
·позавчера·discuss
I thought the same thing. What changed, if anything?
mooreds
·позавчера·discuss
Wait, what? Is this switching on user agent or something?
mooreds
·3 дня назад·discuss
That one is timeless.
mooreds
·3 дня назад·discuss
Earliest known labor strikes.
mooreds
·3 дня назад·discuss
That's a great analogy. My only addition would be the nuance of that data modelling is way more flexible than authentication (and this is said as someone who is continually surprised by the business requirements, standards, and complexities of auth). Data modelling, after all, needs to handle the entirety of reality (at least what can be mapped to a computer). So you're more likely to outgrow it.

I've heard plenty of stories of folks moving from homegrown auth to a off-the-shelf solution, but that's because I'm in the off-the-shelf auth space.

It'd be super interesting to hear stories of folks who went the other way, and outgrew their service provider's auth.
mooreds
·4 дня назад·discuss
Oh man, it really depends(tm). If you are building a small internal app, sure, but you'd often still be better off leveraging a social provider or employee directory.

I work in the auth space (for FusionAuth) and we run into plenty of folks that started out rolling auth themselves. Just username and password right? A bit of hashing, salting and leveraging a built-in crypto library.

But then you need to add account recovery. And then MFA. And then registration. And then progressive registration. And then webhook integration. And then passkeys. And then SAML integration. And the delegated SAML setup. And then and then and then.

You're distracted from your core application by feature requests for your login system.

You have lots of options nowadays. Use a library provided by your framework (Rails, Spring, and Django have them), use a tool like Better Auth, use a third party system like FusionAuth or Auth0. But don't build undifferentiated functionality that impacts your user experience.

PS Of course, where I stand depends on where I sit, but I firmly believe that you should not build an auth system the same way you should not build a database.
mooreds
·4 дня назад·discuss
Congrats to Better Auth. I'm in the auth space and see all kinds of things.

Anything that makes it easier for developers to build secure applications is a win!
mooreds
·4 дня назад·discuss
> Camarota does raise a fair point: US-born children of immigrants would not exist in the United States had their parents not immigrated. If the goal is to estimate the total fiscal effects attributable to immigration, then including those children alongside their parents is a reasonable exercise. Of course, that argument also means we should include the grandchildren of immigrants in the analysis because they wouldn’t be here without immigrants either. Great-grandchildren too. On second thought, Camarota doesn’t have such a good argument.

Nice bit of shade.
mooreds
·4 дня назад·discuss
Yeah, other than that one thing, this was a great intro to MCP auth.
mooreds
·4 дня назад·discuss
Enjoying this so far.

> The MCP authorization spec is written entirely around user-delegated flows and does not define a machine-to-machine grant at all.

is slightly wrong. There's a blessed extension: https://modelcontextprotocol.io/extensions/auth/oauth-client...
mooreds
·4 дня назад·discuss
https://archive.is/EZMV8
mooreds
·4 дня назад·discuss
https://archive.is/DM0Tc
mooreds
·4 дня назад·discuss
Yeah, the small bits of sand in the gears is something that is hard to sell when you allocating engineering effort. But it adds up over time.

It makes the difference between a tool that is a pleasure to use and one that causes dread.
mooreds
·5 дней назад·discuss
This is my favorite article on the different ways to use AI.

https://danielmiessler.com/blog/keep-the-robots-out-of-the-g...
mooreds
·6 дней назад·discuss
FusionAuth | Principal Software Engineer, Senior Java Engineer - Cloud, Account Executive | Varies between REMOTE (in USA, also in Europe but only for the account exec position) and ONSITE in Denver, CO, USA, details in each job desc | Salary ranges for the Principal Software Engineer it is 225k-270k, but the Euro positions don't have them :(

At FusionAuth, our mission is to make authentication and authorization simple and secure for every developer building web and mobile applications. We want devs to stop worrying about auth and focus on building something awesome.

There are a lot of companies in the auth space, but we feel like we have something special:

* a relatively unique deployment model (self-host on-prem, run in your cloud or let us operate it for you in ours)

* A well designed API first approach; one customer compared our APIs to petrichor

* a mature product (the code base is nine+ years old and we've found and fixed a lot of the sharp edges around core login use cases; but don't worry, there are plenty more features to add)

* a full featured free-as-in-beer version which makes the sales cycle easier; prospects often come in having prototyped an integration

Our core software is commercial. We open source much of our supporting infrastructure. Technologies and standards that you will work with: modern Java, PostgreSQL, Docker, Kubernetes, MySQL, OAuth, SAML, OIDC.

Learn more, including benefits and salaries, and apply here: https://fusionauth.io/careers/ ( Click/tap the 'View open positions' orange button. )
mooreds
·7 дней назад·discuss
> it just makes the handoff between myself and the agent feel more seamless.

This terrifies me because there's no way for the services on the other side of the browser to know who is doing what.

How do you constrain the agent?

How do you keep track of what you have done vs the agent?

What am I missing? Am I just behind the times?

Edit, added reference to what terrifies me.
mooreds
·11 дней назад·discuss
Thanks, I changed it from

Native American Tribes Came Together to Secure Their Rights to Colorado River Water.

to

Native American Tribes Secured Rights to Colorado River; States Are Stalling
mooreds
·11 дней назад·discuss
https://archive.is/3YaGo
mooreds
·11 дней назад·discuss
That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.