The California law to require "age verification" in OS doesn't really seem to be about age verification. It just mandates OSs to allow parents to create accounts for children and for apps to use the age info of accounts

Behold my terrible keyboard finger position blue: thumb green: index yellow: middle red: ring pink: pinky

Back to WebAuthn after a year and I’m fully convinced you don’t need a library for it Well except for the crypto stuff

Implementing this in Go right now but my allergies are killing me

Passkeys are broken on the Nintendo Account's website because there's a bug in their base64url decoding lol Do you see the issue?

Email OTP is the best option for the regular user Passkeys are the best option for more tech literate users Provide both and you got a login system that's better than most apps

I need to create a browser extension that appends "in english" to all google searches because I'm fucking tired of getting japanese results for everything

I couldn’t resist It’s sooo good. It’s so much better than my Sundara. Super clean and surprisingly wide sound. Great build quality too

Had a feeling something was wrong and found some glaring issues after a few days. Super glad I didn't rush it out Very proud of this one :)

I'm seeing wildly inconsistent performance (2x) between different Hetzner instances of the same type I believe the bottleneck is the memory bandwidth

Finding a good cut of steak feels impossible in Japan. You can only find cheap stuff from Australia or really expensive wagyu that's 90% fat. I haven't seen US Prime in 4 years. Where's my dry aged or A2 wagyu?

I fucking hate LINE and PayPay sooooo much Both of them have every single thing I hate about Japanese UI/UX design distilled into them

Enjoyed the dt 1990 pro mk2 more than I thought I would Really tempted to buy one

Pretty happy with the transition to stainless steel cookware Honestly don’t miss nonstick pans

This might be the single snack I miss the most from the US Fruit sorbet/gelato isn't really a thing here, especially in supermarkets

What do I do if games with tons of options and freedom overwhelm and stress me out I loved everything about silksong except the metroidvania part lol

Finished adding passkeys with my yubikeys I mainly use iCloud Keychain but nice to have some backups

Dumbest shit ever

Password + email OTP is NOT two factor authentication

I don't sell anything but shipping addresses not being (somewhat) internationally standardized bugs me more than it should

I feel like Neapolitan pizza in Japan has a little bit of Italy's rough edge shaven off. It's less aggressive and imo slightly better Might've just been all the cigarette smoke tho lol

idk how to explain but I have a slight romanticization (?) of websites that can just periodically shutdown for a few hours for maintenance it's such a simple model

Thinking about consolidating Arctic and Oslo packages under my personal NPM org like pilcrowonpaper/base64 and pilcrowonpaper/google-oauth2 Feels more appropriate to how I approach and maintain them (personal and not really community driven)

I wished the Mac Studio was like 20% less ugly It's unbelievably chonky and flat irl

Trying out a new thing and writing my blog in html instead of markdown it works surprisingly well?

Writing a blog post comparing Argon2 and Bcrypt and I'm liking how it's shaping up

Slowly coming to the realization that I don’t care that much about ramen I still like it but it doesn’t give me the same satisfaction that a good bowl of rice or a slice of bread would

Both twitter and bluesky keeps signing me out for no reason and it's driving me insane

Looking at hashing benchmarks, the difference between Bcrypt and Argon2 (and scrypt) is kinda minimal when used in a web server It honestly kinda doesn't matter as long as you're not using SHA-256

Slow password hashing algorithms honestly feels kind of meaningless after some point Adding a single character to a password is more effective against brute force attacks than making the hash function 32x more expensive

Made an example website that implements email/password auth using my own best practices! Will share the source code and more in the future basic-example.auth.pilcrowonpaper.com

Wait, 50k messages per day??? I just asked for 500-1k emails/day lol

Third time the charm!

I can never seem to remember application/x-www-form-urlencoded correctly

Trying to get AWS SES production access is a nightmare

I do kinda want to sell a course on auth but making one free and open is much, much cooler

1. User is signed in with account A 2. User opens a new tab and signs in with account B (=overrides the existing session cookie) 3. User goes back to tab in (1) 4. User updates their username 5. Account B's username is updated instead of A's Is this a bug or expected behavior?

I really need to watch steven universe I'm a sucker for animations with good music

One thing that's much better with packages over examples/docs is alerting users with bugs/vulnerabilities Would something like a mailing list for Lucia etc work?

Starting to doubt whether an OAuth client library even makes sense It's a standardized protocol but leaves a lot of room for extensions, and a library that allows you to define custom behavior is just going to be a more bloated HTTP and JSON library

I made sunchoke soup and it was heavenly

I'm looking for my next opportunity in the front-end space 🌐 I've worked at some great companies: Hugging Face, V7, Appwrite, and Significa. I've built NPM packages with 400k downloads/week, and am an avid open-source contributor. Let me know if you want to work together!

Gonna do an auth workshop based on the Lucia docs at my school Any advice on hosting these events?

Had wonderful conversations with @dominikg.dev, @danielroe.dev, @antfu.me, @evanyou.me, and so many more people at @vuefes.bsky.social today!

my email inbox is super tidy but I've given up on my github inbox soooo many read notifications that I probably won't revisit

The storage layer is much more simple now! You just need to provide a single KV storage to get started github.com/faroedev/far...

Excited to announce Faroe - a modular auth server distributed as a Go package - Handles all the hard parts of auth - Works with your existing user table (no direct db connections) - Just bring a KV store + email server - Runs anywhere

2 hours... stay tuned :D

Here's a quick demo for the auth thing I've been working on I also recorded myself showing a bit of the code but it was so bad I had to cut it

Why is errors(.)Is the recommended way to compare errors in Go anyway? You can't tell which function returned the error. If errors are supposed to be independent of the source function, why do we have generic errors like io.EOF?