New member special!

🍕 ATP Tier List: Pizza Toppings 🍕
https://atp.fm/atp-tier-list-pizza-toppings

We thoroughly evaluated the entire set of pizza toppings available in central Long Island in the 1900s.

(Plus one bonus combo. You know the one. Yeah. That one.)

Join now to listen! https://atp.fm/join

@atpfm if Pepperoni is not S-Tier I’m going to lose it! ;)

@atpfm as a pizza non-traditionalist... lol

@atpfm Did these toppings come out of the Lumon vending machine?

@atpfm Well, if your respective inboxes weren't full before... RIP inbox.

@atpfm
Trying to guess who will nominate pineapple.

@atpfm Four minutes in and I’m already thinking only John could make a pizza topping tier list so comprehensive and complicated.

I love John.

@atpfm
Huge difference between fresh basil and the dried up variety used in crappy restaurants. You can’t have a real Margherita pizza without fresh basil.

@atpfm With my current holiday-related podcast backlog, finally an episode I can safely skip. Tried multiple American pizzas over my lifetime and I finally went to John’s of Bleeker St earlier this year. I can safely assume, this episode is not for me.
I’d rather listen to a 2 hr member special about why Fahrenheit is superior to Celsius.

@atpfm Q: How long until @siracusa utters the word “canonical”?

A: 95 seconds

@atpfm Best-case Hawaiian pizza: in Hawaii

Fresh *local* pineapple and *local* pulled pork. Excellent!

@atpfm Took me way too long to realize that ”peperoni” is spicy salami in the US. I was constantly thinking wtf are they talking about, non-vegetarian?? This is peperoni, in regular countries

@atpfm is there a mobster coefficient?

@atpfm
I had two pages typed up in my head when listening to this on my exercise walk.
I’ll just summarize it as “oh Americans”. 🙃

I really want to be a fly on the wall in @viticci’s room when he listens to this.

@atpfm help a non American out. What is a sweet Italian sausage? Do y'all add sugar to a sausage?

(Yes, I realise I can just google this...)

@v600 It’s “not hot” meaning not spicy. I’m not sure why “sweet” was the word chosen, but that’s how it’s sold.

@marinaepelman Looks a little pale…

@siracusa Perhaps. But the pork and the pineapple are the focus.

@atpfm I have a question about logging in as a member:

How hard would it be to implement passkey login? I’m intensely interested in the work it requires for a Web 1.0 site (speaking as someone who gets to say “I used to have a career as a web developer and moved on 25 years ago” 😝 okay 23, 24)

Your site is currently best-in-class in:

1. requiring the minimum details per user
2. not even requiring passwords to be stored
3. but allowing passwords, because “pain point”

It lets you get in with Face ID, etc.

But what if passcodes?

@whophd I’ve thought about it, but it seems like a lot of work, and the PHP libraries that might help seem big and invasive. I might still tackle it eventually.

@siracusa @whophd it’s not trivial, i did a “from scratch” implementation in node and a lot of it, even when abstracted, involves a lot of small details and you end up getting real cozy with your platform’s binary encoding choices and your underlying crypto libs. a “fun” hobby project maybe but not a slam dunk weekend venture.

@nsfmc @siracusa Do either of you think we’ll still be here in 5 or 10 years?

@whophd @siracusa the binary encoding stuff will get easier for sure, but for small projects, i think storing binary data (the spki) in your db will remain a bigger hurdle than “just saving passwords” and correctly passing around a challenge/response blob takes more to get right. that said, all the underlying tech is pretty stable, webauthn/fido has been relatively stable for >5 years but i don’t think i’ve seen particularly lean implementations for small sites. in js, i think passport-fido2-webauthn would probably be the closest but even it feels pretty heavyweight.

the bigger hurdles i think are that you generally need to allow for > 1 passkeys per acct, you should tie your passkeys’ RPID to some actually stable domain name, you need to have csrf-style challenges that you attach to auth requests, and if you’re doing it right you need to actually validate those last two. lastly, you also probably need to have some recovery system that looks a lot like one-time passwords or email recovery. none of these are “hard” but they add up to lot more effort and cognitive burden than “throw a password column on the user table” which i think is probably why we haven’t seen a ton of 2fa implementations on small website even though the mechanisms like fido or totp are widely available and reasonably well abstracted nowadays.

@atpfm Thank you for but another insight into US American eating culture. It’s so different from pizza in Germany 😀
#lovetheshow

@atpfm I saved this episode for the weekend, and I’m glad I did. That way I listened with yesterday’s @RecDiffs discussion of whether @siracusa is ambivalent about food fresh in my mind. An S-Tier pairing. 🤣

@atpfm
Is the low ranking of “ham” on pizza because prosciutto isn’t common on American pizzas? That watery “ham” description sounds awful — but good prosciutto can easily be S-tier

@ggulrajani It's not common (mostly because it's expensive, I imagine).

@nsfmc @siracusa Excellent summary, wow

And now, in a thoroughly predictable way — and I must apologise after that last reply (which I will re-read a few times over the next decade I think) — I will say a thoroughly predictable thing:

I guess that proves passwords are never going away then?

@siracusa ok, having listened to your description of throwing claude code on this, i'd love to know if this assessment 'holds up'

@nsfmc Claude found a good library, and that took care of most of the hard stuff.