You call the GitHub folks “monkeys” and “rookies” and at the end you “humbly” ask people to donate off? That is pretty depressing to see.

I used to look up to the Zig folks…

"rookies" is an edit - he originally said "losers"

Based take. It is rarely back and white when it comes to social-technical challenges like this.

Interestingly enough, the iOS app has been working really well for me.

Performance, usability and overall adaptability to the phone size, it is incredible how a native app can be that good.

I wish the Web UI performed as well as the native iOS app.

Beautiful write-up! Thanks for sharing this. I want to write a game boy emulator in Rust and your blogpost really inspired me to kick this off. I’m bookmarking this.

My workaround for this as a person who travels a lot was to buy 2 raspberry Pi’s and put them at my family houses in different countries and use Tailscale on them as exit nodes, behaving like my own VPN. The residencial IP address makes things a lot easier when connecting from random places.

Thanks for sharing this. I used to care for my grandma back home (Alzheimer’s), but the financial burden is brutal. I moved countries so I could be able to afford caring for her but ended up leaving the large part of the physical work for my mom and sister. Thankfully I can now afford to support her financially much more, including paying for a dedicated nursing home nearby my moms.

I’m 35 now and keep wondering how future is gonna be as I have no kids and no desire in having them (also not wishing them a life where they would have to care for me)

I’m trying to keep my health up now and dedicating more time for it so I can hopefully hold the fort.

I wish you the best for you and your father.

I’m currently reading this book called “Supercommunicators” and while I’m not done with it, there are some ideas there that really resonate.

One of them is that this kind of people are generally in the minds of their friends/acquaintances. And one of the reasons there is that they see them as very good listeners during conversations. They match their conversation style, they confirm what they’ve been talking about with feedback and this sort of behaviour that tend to help people build trust and friendships.

I’m not done with the book yet, but I can see many things relating to what I generally practice. And I’ve got good friends :)

Interesting, thanks for the rec. I’ll seek this book out

> the only technology we should be using to create web UI is JavaScript

Quite an interesting idea, but stating that JS is the true way of creating Web UIs misses the mark by miles. You would be surprised by how far you can get with HTML and CSS alone. You will ofc need JS for more dynamic interactions, but ditching the server entirely and delegating everything to JS will just take us to the SPA mess that most of have been burned with.

Especially now that rails is shipping with turbo, hotwire and stimulus. Using no (additional) javascript you can make awesome performant reactive webpages.

I want to believe. Really I do.

Most recent app I worked on used Mantine for a base component library. Having such a large collection of drop-in components made the app come together very quickly. Performance matters but a well built react front-end for a solid MVP is performant enough.

I haven’t seen a vision like this for the stimulus/htmx world. How do you import components?

My team is usually view components in our application. Basicslly ruby erb renders the view component in a turbo frame. Turbo allows async updates without redrawing. Then we use stimulus to call small js component that are put into the view components.

I think it's assuming a static site

> I make my money doing literally whatever I want…

Classic take from somebody that most probably could spend their entire time just fiddling with ideas, with zero worries about money. Everything else was taken care of. Not everyone has this luxury pal.

The author is plain, simple sharing his story. Can you replicate his success? Who knows. But I respect him for sharing this candid blog post documenting his steps.

Reminds me of this interview I once saw on YouTube with a French heiress who said (and I paraphrase) "after reflecting a lot, I've concluded that although most things in life cost something, time is free" which is entirely delusional because time is only free to someone who has more money than they'll ever need

I'd love to read more about how the GP can live this lifestyle, maybe they can share and we all can learn and replicate their journey on how to make money doing literally whatever we want whist doing a lot of interesting hobbies.

They likely sit deep in the bowels of a very large company in a position shielded from the market. No expectations of delivery and no accountability for failure. You don’t get hired into a role like that, it’s the end result of a multi-decade tenure where you slowly evolve into a potted plant in the corner.

I know a handful of these at my current employer.

Here are some of the principles I like to apply -> https://minimal.app/design

Generally my formula is about cultivating a healthy value set, becoming increasingly clear minded, and trying to do things that are worthwhile. I know that's vague, but those are the abstract principles that work in different circumstances. I've led many different lives within my life – rock climbing full time, building software – and those are the guiding themes that have most consistently offered the greatest results.

(Write to me directly if you'd like me to flush out in more concrete detail, including how money and service factor in, how to avoid traps, what I currently struggle with, etc.)

Thank you!

Sharing is the marketing and the dream is also what they're selling.

Fantastic write-up. Major props for disclosing the details of the attack in a very accessible way.

It is great that this kind of security incident post-mortem is being shared. This will help the community to level-up in many ways, specially given that its content is super accessible and not heavily leaning on tech jargon.

I disagree. I appreciate the level of detail, but I don't appreciate Retool trying to shift the blame to Google, and only putting a blurb in the end about using FIDO2. They should have been using hardware keys years ago.

Hi, I'm sorry you felt that way. "Shifting blame to Google" is absolutely not our intention, and if you have any recommendations on how to make the blog post more clear, please do let me know. (We're happy to change it so it reads less like that.)

I do agree that we should start using hardware keys (which we started last week).

The goal of this blog post was to make clear to others that Google Authenticator (through the default onboarding flow) syncs MFA codes to the cloud. This is unexpected (hence the title, "When MFA isn't MFA"), and something we think more people should be aware of.

I felt like you were trying to shift blame to Google due to the title "When MFA isn't MFA" and your emphasis on "dark patterns" which, to be honest, I don't think they are that "dark". To me it was because this felt like a mix of a post mortem/apology, but with some "But if it weren't for Google's dang dark patterns..." excuse thrown in.

FWIW, nearly every TOTP authenticator app I'm aware of supports some type of seed backup (e.g. Authy has a separate "backup password"). I actually like Google's solution here as long as the Workspace accounts are protected with a hardware key.

The only real lesson here is that you should have been using hardware keys.

There is also the bit about the phishers deep-faking an employee's voice. Yeah, right. That happened. /sarcasm

In fairness dvdhsu responded about that point elsewhere: https://news.ycombinator.com/item?id=37502239

It was also a bit weird how they kept emphasizing how their on-prem installations were not affected, as if that lessens the severity somehow. It's like duh, that's the whole point of on-prem deployments.