it's a real bummer how bad the gof design patterns are when compared to the christopher alexander pattern language book is. but the problem imo is that they were trying to understand inscrutable software and using really coarse 'gof patterns' to make assumptions about how Actual Application-Level Patterns were being implemented, so we get Singleton and not patterns like Authentication or Trusted RPC or A Place To Modify User Settings.

@whophd @siracusa the binary encoding stuff will get easier for sure, but for small projects, i think storing binary data (the spki) in your db will remain a bigger hurdle than “just saving passwords” and correctly passing around a challenge/response blob takes more to get right. that said, all the underlying tech is pretty stable, webauthn/fido has been relatively stable for >5 years but i don’t think i’ve seen particularly lean implementations for small sites. in js, i think passport-fido2-webauthn would probably be the closest but even it feels pretty heavyweight.

the bigger hurdles i think are that you generally need to allow for > 1 passkeys per acct, you should tie your passkeys’ RPID to some actually stable domain name, you need to have csrf-style challenges that you attach to auth requests, and if you’re doing it right you need to actually validate those last two. lastly, you also probably need to have some recovery system that looks a lot like one-time passwords or email recovery. none of these are “hard” but they add up to lot more effort and cognitive burden than “throw a password column on the user table” which i think is probably why we haven’t seen a ton of 2fa implementations on small website even though the mechanisms like fido or totp are widely available and reasonably well abstracted nowadays.

@siracusa @whophd it’s not trivial, i did a “from scratch” implementation in node and a lot of it, even when abstracted, involves a lot of small details and you end up getting real cozy with your platform’s binary encoding choices and your underlying crypto libs. a “fun” hobby project maybe but not a slam dunk weekend venture.

cool seeing the nyt doing some sunday morning evangelion posting

@pamelafox net for semiserious and xyz for all my silly stuff

funny to see the same “food is bad and portions too small” from the switch 2 as from the ps5 launch “nobody needs this right now and there are too few exclusives.” i think a profound misunderstanding of consumers that routinely buy new phones or tvs on a similar or even faster cadence

@taber i still like linode i’ve gone between them and digital ocean for like the past 20 years but i feel like linode’s offerings have been consistently a bit more performant at the ~$10/mo tier

@pamelafox the reflection on the early culture of crunch was really fascinating. they’re great posts

@regehr this honestly feels like when i occasionally find a game i’m curious about already in my steam library. “am i sleeping? have i slept at all?”

@regehr *breaks into cold sweat* oh, i own that one… 😅

@regehr this recipe looks great, what book is it from?

@lindsey sorry to barge in here but i read that faq like a decade ago and the last question about being a one hit wonder has stuck with me ever since, what an absolute legend. he also streamed a bunch during the early pandemic on youtube, real cool guy.

@pamelafox all the logos i remember before that one were the 4 and 3.2 logos that used to show up on those validator cgi bin tags

@omar bring the salty vibes of the 19th century back omar https://languagehat.com/peper-and-solt/

@caseyliss a reason to consider the ioniq over the mach e if you have range anxiety is that the time to fast charge to 80% is generally twice as fast on the hyundais/kias that are all on 800v platforms. the advertised ioni5 fast charge 10-80% in 20 mins thing is real. (also, the ioniq5 isn’t rabbit-small but the ev6 looks like a jr suburban)

@orta hey i'm super sorry i didn't respond to this when you sent it!! i'm extremely grateful, but akkoma was having some issues and didn't notify me. you're the best, thanks so much again!!

@orta sorry to bug you, but can i ask a typescript question? i have an array of `{id: string}[]` values, but i want to extract _just_ the ids from all the objects so i have some type that's like `typeof arr[number]['id']` but i don't want just `string`, i want the all the literal keys in the array of objects. what's the magic search term i'm looking for? is this possible with mapped types? thanks for any help. here's a playground https://www.typescriptlang.org/play/?jsx=0#code/C4TwDgpgBAShDGUC8UDeAoKUCWATAXFAM7ABO2AdgOYDcmUA9A1APbAAWEpUA1hCESidS0YCxboAvnXTwWFElBFzSuIoTjwA2gF1kULajyEA5ADNxJyQBo0xqCYBGAQ1JWd6dEygdsgv1AAVgCuiiYk5NQmUI7BwDgmuFAANth8OPHYZhlQAO5c0OaWUAA+Di5u6KCQUABqzqm4AJIAIoIo1RAs2cosqkRaFMEAto5cOlomeCY6Mt54EA3JID7sAbkswclJXKR9rHGy8oouzQR1DXit7eXOAF4mNEA

@mathowie getting the trolley to the airport has been a decades long Thing in san diego, it’s always so close to getting a proper solution and yet impossible to get it to really manifest

@bryanjclark i went through and watched all the what’s new videos over lunch after a few days this summer and the one thing that i found fascinating was seeing swiftui things like tab view and navigation split view sort of come into their own. i think only did 22-24 though and it was pretty manageable especially because like half of the things i just ffwed over for my needs

@ef4 looking forward to your contributions to my Darcs hosted project