HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mooreds

93,479 karmajoined 14 yıl önce
Solver of business problems, usually with software.

Senior Director, CIAM Strategy & Identity Standards at FusionAuth / https://fusionauth.io/

Personal site: https://www.mooreds.com, [email protected], +1 720 560 8545 (email preferred).

@mooreds on Twitter. https://bsky.app/profile/mooreds.com on Blue Sky.

Editor/writer for https://letterstoanewdeveloper.com/

Writer at https://ciamweekly.substack.com/

LI: https://linkedin.com/in/mooreds

meet.hn/city/us-Boulder

Submissions

State of Kubernetes Networking Report 2026

docs.google.com
1 points·by mooreds·1 saat önce·0 comments

Security settings every GitHub maintainer should enable this week

github.blog
1 points·by mooreds·4 saat önce·0 comments

Old Car Racing Photos (2021)

toni.org
1 points·by mooreds·4 saat önce·1 comments

OmFest Interest Form

docs.google.com
3 points·by mooreds·5 saat önce·0 comments

MCPA: The First Official Certification for the Model Context Protocol

aaif.io
1 points·by mooreds·5 saat önce·0 comments

Navigating the 47-Day SSL/TLS Certificate Validity Era

globalsign.com
1 points·by mooreds·9 saat önce·0 comments

Flavor Flav and Paris Hilton team up to handle US women's hockey team travel

bsky.app
1 points·by mooreds·dün·0 comments

Total Construction Spending: Manufacturing in the United States

fred.stlouisfed.org
3 points·by mooreds·dün·0 comments

Victor Marx wins Colorado's three-way Republican primary for governor

coloradosun.com
4 points·by mooreds·dün·2 comments

What the New Executive Order Means for Secure Software Delivery in Government

rise8.us
17 points·by mooreds·dün·3 comments

How to Start a Ruby Meetup

guides.rubyevents.org
71 points·by mooreds·dün·24 comments

What could data centres look like in 2055?

news.lenovo.com
2 points·by mooreds·dün·0 comments

A Roadmap to Finding, Onboarding, and Training a Virtual Assistant

tavlinconsulting.gumroad.com
1 points·by mooreds·dün·0 comments

Intelligent MFA Should Challenge Risk, Not Loyal Customers

fusionauth.io
1 points·by mooreds·dün·0 comments

LeadDev AI Impact Survey

research.net
2 points·by mooreds·evvelsi gün·0 comments

Is it ethical to use AI?

charity.wtf
2 points·by mooreds·evvelsi gün·0 comments

Viability of Local Models for Coding

martinfowler.com
2 points·by mooreds·evvelsi gün·0 comments

Auto compiles recorded LLM-agent behavior into verified WASM binaries

github.com
2 points·by mooreds·evvelsi gün·0 comments

Athenz vs. Spire Comparison

athenz.io
2 points·by mooreds·evvelsi gün·0 comments

[untitled]

1 points·by mooreds·evvelsi gün·0 comments

comments

mooreds
·dün·discuss
I wrote up some related thoughts on wrangling speakers: https://www.mooreds.com/wordpress/archives/3283
mooreds
·dün·discuss
I thought the same thing. What changed, if anything?
mooreds
·evvelsi gün·discuss
Wait, what? Is this switching on user agent or something?
mooreds
·3 gün önce·discuss
That one is timeless.
mooreds
·3 gün önce·discuss
Earliest known labor strikes.
mooreds
·3 gün önce·discuss
That's a great analogy. My only addition would be the nuance of that data modelling is way more flexible than authentication (and this is said as someone who is continually surprised by the business requirements, standards, and complexities of auth). Data modelling, after all, needs to handle the entirety of reality (at least what can be mapped to a computer). So you're more likely to outgrow it.

I've heard plenty of stories of folks moving from homegrown auth to a off-the-shelf solution, but that's because I'm in the off-the-shelf auth space.

It'd be super interesting to hear stories of folks who went the other way, and outgrew their service provider's auth.
mooreds
·3 gün önce·discuss
Oh man, it really depends(tm). If you are building a small internal app, sure, but you'd often still be better off leveraging a social provider or employee directory.

I work in the auth space (for FusionAuth) and we run into plenty of folks that started out rolling auth themselves. Just username and password right? A bit of hashing, salting and leveraging a built-in crypto library.

But then you need to add account recovery. And then MFA. And then registration. And then progressive registration. And then webhook integration. And then passkeys. And then SAML integration. And the delegated SAML setup. And then and then and then.

You're distracted from your core application by feature requests for your login system.

You have lots of options nowadays. Use a library provided by your framework (Rails, Spring, and Django have them), use a tool like Better Auth, use a third party system like FusionAuth or Auth0. But don't build undifferentiated functionality that impacts your user experience.

PS Of course, where I stand depends on where I sit, but I firmly believe that you should not build an auth system the same way you should not build a database.
mooreds
·3 gün önce·discuss
Congrats to Better Auth. I'm in the auth space and see all kinds of things.

Anything that makes it easier for developers to build secure applications is a win!
mooreds
·4 gün önce·discuss
> Camarota does raise a fair point: US-born children of immigrants would not exist in the United States had their parents not immigrated. If the goal is to estimate the total fiscal effects attributable to immigration, then including those children alongside their parents is a reasonable exercise. Of course, that argument also means we should include the grandchildren of immigrants in the analysis because they wouldn’t be here without immigrants either. Great-grandchildren too. On second thought, Camarota doesn’t have such a good argument.

Nice bit of shade.
mooreds
·4 gün önce·discuss
Yeah, other than that one thing, this was a great intro to MCP auth.
mooreds
·4 gün önce·discuss
Enjoying this so far.

> The MCP authorization spec is written entirely around user-delegated flows and does not define a machine-to-machine grant at all.

is slightly wrong. There's a blessed extension: https://modelcontextprotocol.io/extensions/auth/oauth-client...
mooreds
·4 gün önce·discuss
https://archive.is/EZMV8
mooreds
·4 gün önce·discuss
https://archive.is/DM0Tc
mooreds
·4 gün önce·discuss
Yeah, the small bits of sand in the gears is something that is hard to sell when you allocating engineering effort. But it adds up over time.

It makes the difference between a tool that is a pleasure to use and one that causes dread.
mooreds
·5 gün önce·discuss
This is my favorite article on the different ways to use AI.

https://danielmiessler.com/blog/keep-the-robots-out-of-the-g...
mooreds
·6 gün önce·discuss
FusionAuth | Principal Software Engineer, Senior Java Engineer - Cloud, Account Executive | Varies between REMOTE (in USA, also in Europe but only for the account exec position) and ONSITE in Denver, CO, USA, details in each job desc | Salary ranges for the Principal Software Engineer it is 225k-270k, but the Euro positions don't have them :(

At FusionAuth, our mission is to make authentication and authorization simple and secure for every developer building web and mobile applications. We want devs to stop worrying about auth and focus on building something awesome.

There are a lot of companies in the auth space, but we feel like we have something special:

* a relatively unique deployment model (self-host on-prem, run in your cloud or let us operate it for you in ours)

* A well designed API first approach; one customer compared our APIs to petrichor

* a mature product (the code base is nine+ years old and we've found and fixed a lot of the sharp edges around core login use cases; but don't worry, there are plenty more features to add)

* a full featured free-as-in-beer version which makes the sales cycle easier; prospects often come in having prototyped an integration

Our core software is commercial. We open source much of our supporting infrastructure. Technologies and standards that you will work with: modern Java, PostgreSQL, Docker, Kubernetes, MySQL, OAuth, SAML, OIDC.

Learn more, including benefits and salaries, and apply here: https://fusionauth.io/careers/ ( Click/tap the 'View open positions' orange button. )
mooreds
·7 gün önce·discuss
> it just makes the handoff between myself and the agent feel more seamless.

This terrifies me because there's no way for the services on the other side of the browser to know who is doing what.

How do you constrain the agent?

How do you keep track of what you have done vs the agent?

What am I missing? Am I just behind the times?

Edit, added reference to what terrifies me.
mooreds
·11 gün önce·discuss
Thanks, I changed it from

Native American Tribes Came Together to Secure Their Rights to Colorado River Water.

to

Native American Tribes Secured Rights to Colorado River; States Are Stalling
mooreds
·11 gün önce·discuss
https://archive.is/3YaGo
mooreds
·11 gün önce·discuss
That's a good point. The behavior varies wildly based on the domain provider and the behavior when you let a domain expire is similar to what happens when a phone number is deactivated, but with a possibly bigger blast radius.