OAuth is fucking cancer.
-
So a friend told me about this rad new online dating whatsit called Bumble.
Sure, why not. I'll give it a try.
This is as far as I got:
What the fuck if I don't have a Facebook?
And the reason I got no farther is because I can't be arsed to remember what the hell email address and password I used back when I first got my .edu email address and could sign up. Trying a bunch of different username and password combinations on a mobile keyboard is literally the most painful thing possible. Come to think of it, it would have been that edu address, which is long dead and therefore I probably changed it. If Facebook let's you change that. What would I have changed it to? Hmm.
I get it, developers. You're fucking lazy and can't be arsed to maintain a secure database for logins. But I'm about to tell you guys what ladies I'd be interested in with, which is a lot more privacy critical than a shitty throwaway password. So why the fuck should I trust you to secure THAT?
-
@weng said in OAuth is fucking cancer.:
I get it, developers. You're fucking lazy and can't be arsed to maintain a secure database for logins.
They are probably trying to avoid having to deal with the whole user management crud setup: register, edit account, reset password, confirm password...
-
I used Bumble for a bit. It's basically Tinder with the caveat of "The woman has to initiate the conversation if you match".
They use Facebook login because, like Tinder, that's entirely how it builds your profile, by siphoning off your Facebook data for name, age, photos, etc.
-
@cartman82 Oh god no, not two hours of work! Those poor babies!
-
It's not just the dev convenience, though. There are plenty of people who can't be fucked to register and go through the hoops when they can press a couple of buttons and bang, logged in and ready to go on a service.
Plus you can be safe in the knowledge that your password can't be leaked that way because Bumble don't have your password.
But it really shouldn't be the only method of getting to a platform.
-
@weng I'm surprised you can even read it needs a Bacefook: the contrast of the text on that image is atrocious
-
@e4tmyl33t The key lesson I've learned from years of online dating is that the mechanism doesn't matter much with regard to success, it's all in what particular service the people likely to like you are using at that point in time.
-
@raceprouk said in OAuth is fucking cancer.:
@weng I'm surprised you can even read it needs a Bacefook: the contrast of the text on that image is atrocious
It's actually a video background.
-
@e4tmyl33t said in OAuth is fucking cancer.:
The woman has to initiate the conversation if you match
Talk about gender discrimination !!!
Oh, it's against men ? Carry on then
-
@weng said in OAuth is fucking cancer.:
@e4tmyl33t The key lesson I've learned from years of online dating is that the mechanism doesn't matter much with regard to success, it's all in what particular service the people likely to like you are using at that point in time.
Providing you keep in mind the caveat of "that still requires people likely to like you"...
;)
-
@timebandit said in OAuth is fucking cancer.:
@e4tmyl33t said in OAuth is fucking cancer.:
The woman has to initiate the conversation if you match
Talk about gender discrimination !!!
Oh, it's against men ? Carry on then
I honestly don't even recall their rationale behind it, beyond the obvious "We want to make Tinder money but need to be different somehow", but I believe it was something along the lines of "empowering women to not always be the passive recipient of the first encounter"
-
@e4tmyl33t said in OAuth is fucking cancer.:
"empowering women to not always be the passive recipient of the first encounter"
and I'm pre- myself here before any of you lot get to it!
-
@e4tmyl33t said in OAuth is fucking cancer.:
I believe it was something along the lines of "empowering women to not always be the passive recipient of the first encounter"
My hunch is "enticing women to sign up by promising not to let creepers spam them". Getting enough women to sign up is usually the harder part of online dating sites.
-
@e4tmyl33t The way it was described to me is that either party can initiate, but it has to happen within 24 hours of the match, so there's an incentive for whichever one of you was the second to swipe right to actually write a message.
Of course, I was talking to a lesbian at the time, so a gender separated mechanic wouldn't exist there.
-
Single Identity [and by extension SSO] has many advantages, but if done incorrectly [and it is, far too often] presents many risks.
What I find disappointing (but understandable) is the preeminence of FaceBook as being the primary source of record.
-
@weng According to their own About page (https://bumble.com/en-us/about):
The woman always makes the first move, and if she doesn't say something to a new connection within 24 hours, that connection disappears forever!
Edit: It does, however, note the following as well:
For same sex connections, or friendship, either person has 24 hours to make the first move, or that connection will disappear!
-
@e4tmyl33t Fucking bonus, I get to skip the hard work of writing first messages that:
- Won't get misfiled as creeper.
- Aren't lame.
- Aren't trying too hard to avoid the above.
-
@weng said in OAuth is fucking cancer.:
So a friend told me about this rad new online dating whatsit called Bumble.
Sure, why not. I'll give it a try.
This is as far as I got:
What the fuck if I don't have a Facebook?
And the reason I got no farther is because I can't be arsed to remember what the hell email address and password I used back when I first got my .edu email address and could sign up. Trying a bunch of different username and password combinations on a mobile keyboard is literally the most painful thing possible. Come to think of it, it would have been that edu address, which is long dead and therefore I probably changed it. If Facebook let's you change that. What would I have changed it to? Hmm.
I get it, developers. You're fucking lazy and can't be arsed to maintain a secure database for logins. But I'm about to tell you guys what ladies I'd be interested in with, which is a lot more privacy critical than a shitty throwaway password. So why the fuck should I trust you to secure THAT?
OAuth itself is not evil, binding to particular authentication service provider is.
Btw, I think they need Facebook login to get your other personal information.
-
@cheong As opposed to... You know, asking me for my personal information. OH GOD THATS LIKE A WEEK OF DEVELOPMENT. POOR BABIES.
-
@cheong said in OAuth is fucking cancer.:
binding to particular authentication service provider is.
^^ this
If you oauth with everything, that's great, and it's a good login experience. If you oauth with one thing, with no other alternatives, that's just obnoxious.
-
@weng said in OAuth is fucking cancer.:
@e4tmyl33t Fucking bonus, I get to skip the hard work of writing first messages that:
- Won't get misfiled as creeper.
- Aren't lame.
- Aren't trying too hard to avoid the above.
Going to Whole Foods, want me to pick you up anything?
-
@weng My current company (a recruitment website) had implemented similar thing a few years ago. When the user login through their GMail account, their personal info like first name, family name, gender, etc. are automatically filled in your account's personal profile.
The best part? Once the personal info is filled in that way, the user is no longer allowed to change it.
Don't ask me why it's built this way. I heard it has been requested by an educational institution for their graduate's portal, and seems that portal is the only place that still use this mechanism.
-
@weng
Funny thing is, in my experience OAuth is a fucking PITA to set up. Took me about twice as long to get OAuth setup than it took me to write all the other login methods.OAuth is a great idea, but with a horrible implementation. "Hey, I have a great idea. Every company should have its own slightly different implementation. That will really fuck with people, it will be so fun".
-
@dragoon I've tried to implement it a couple times.
First time was a desktop app before any officially supported workflows for such a contraption existed. So that didn't succeed at all.
Second was a personal project to integrate with Fitbit data. That probably would have worked eventually, but I decided it was too much effort for a hobby project.
-
@weng said in OAuth is fucking cancer.:
@cartman82 Oh god no, not two hours of work! Those poor babies!
If you only have 8 hours to make and launch your MVP idea before the money runs out, that's a lot of time.
-
@e4tmyl33t said in OAuth is fucking cancer.:
It's basically Tinder with the caveat of "The woman has to initiate the conversation if you match".
So what's the difference?
-
@weng said in OAuth is fucking cancer.:
What the fuck if I don't have a Facebook?
I discovered that Futurama game the other day, and found it also needs a Facebook account to sync games between your different devices. Why?
-
Facebook is the new AOL.
-
Nothing to see here — joke that didn’t work because I misremembered some names
-
@gurth said in OAuth is fucking cancer.:
@weng said in OAuth is fucking cancer.:
What the fuck if I don't have a Facebook?
I discovered that Futurama game the other day, and found it also needs a Facebook account to sync games between your different devices. Why?
As opposed to what other type of account that can be reliably available between devices and avoids people having to type in passwords on mobile? It's all about the low-friction low-barrier-to-entry experience.
-
@yamikuronue said in OAuth is fucking cancer.:
Facebook is the new AOL.
Then I wish they'd hurry up and skip to the "fading into irrelevance" part already!
-
@arantor said in OAuth is fucking cancer.:
@gurth said in OAuth is fucking cancer.:
@weng said in OAuth is fucking cancer.:
What the fuck if I don't have a Facebook?
I discovered that Futurama game the other day, and found it also needs a Facebook account to sync games between your different devices. Why?
As opposed to what other type of account that can be reliably available between devices and avoids people having to type in passwords on mobile? It's all about the low-friction low-barrier-to-entry experience.
I don't know how/if it would work on iOS but on Android there's Google Play Games, a platform which is designed explicitly for this purpose and can login with the Google account you already have on your device.
-
@e4tmyl33t said in OAuth is fucking cancer.:
I used Bumble for a bit. It's basically Tinder with the caveat of "The woman has to initiate the conversation if you match".
Do they also have image recognition technology to block dick pics?
Asking for a friend.
-
@arantor said in OAuth is fucking cancer.:
can't be fucked to register and go through the hoops when they can press a couple of buttons and bang
If that's all it takes, where can I sign up???
-
@e4tmyl33t said in OAuth is fucking cancer.:
@timebandit said in OAuth is fucking cancer.:
@e4tmyl33t said in OAuth is fucking cancer.:
The woman has to initiate the conversation if you match
Talk about gender discrimination !!!
Oh, it's against men ? Carry on then
I honestly don't even recall their rationale behind it, beyond the obvious "We want to make Tinder money but need to be different somehow", but I believe it was something along the lines of "empowering women to not always be the passive recipient of the first encounter"
I'm never the recipient of any encounter whatsoever. Maybe I should give this one a shot?
-
@hungrier said in OAuth is fucking cancer.:
I don't know how/if it would work on iOS but on Android there's Google Play Games, a platform which is designed explicitly for this purpose and can login with the Google account you already have on your device.
And it's so slow and bloated that it'll completely kill the game experience as an added bonus! Everybody loves it when their simple match-3 game freezes up every two seconds because of... whatever the fuck Google Play Games is doing in the background (mining Bitcoin maybe?)
-
@tsaukpaetra Try it out, see if it works, I suppose. I never receive anything regardless of where it is.
-
@arantor said in OAuth is fucking cancer.:
It's all about the low-friction low-barrier-to-entry experience.
and if I remember it this might get croas-posted to qooc?.. :D
-
@blakeyrat said in OAuth is fucking cancer.:
@hungrier said in OAuth is fucking cancer.:
I don't know how/if it would work on iOS but on Android there's Google Play Games, a platform which is designed explicitly for this purpose and can login with the Google account you already have on your device.
And it's so slow and bloated that it'll completely kill the game experience as an added bonus! Everybody loves it when their simple match-3 game freezes up every two seconds because of... whatever the fuck Google Play Games is doing in the background (mining Bitcoin maybe?)
I haven't seen anything like that. Maybe it's your match 3 game that's mining Bitcoins in the background?
-
@yamikuronue said in OAuth is fucking cancer.:
Facebook is the new AOL.
We'll pronounce it dead but it will keep on limping along for years and years?
-
@hungrier said in OAuth is fucking cancer.:
@blakeyrat said in OAuth is fucking cancer.:
@hungrier said in OAuth is fucking cancer.:
I don't know how/if it would work on iOS but on Android there's Google Play Games, a platform which is designed explicitly for this purpose and can login with the Google account you already have on your device.
And it's so slow and bloated that it'll completely kill the game experience as an added bonus! Everybody loves it when their simple match-3 game freezes up every two seconds because of... whatever the fuck Google Play Games is doing in the background (mining Bitcoin maybe?)
I haven't seen anything like that. Maybe it's your match 3 game that's mining Bitcoins in the background?
I have a game that runs like complete ass on transitions on my phone (Nexus 6P) that I can't really tell if it's Play Games or if it's just the game itself being shitty-coded. Once it gets to the actual match-3 part, it runs ALMOST OK, but stutters once in a while. In transitions and loading? Takes forever.
Also it seems to eat battery like a motherfucker and makes my phone hot as hell, so I don't know what the hell it's doing to the phone's CPU but it's running it harder than an F1 car.
-
@e4tmyl33t Are you talking about Gems of War?
Because that was the game I bought my $50 specifically to play, then Google fucking RUINED with their shitty buggy-ass game library I'm still bitter about.
-
@blakeyrat said in OAuth is fucking cancer.:
@e4tmyl33t Are you talking about Gems of War?
Because that was the game I bought my $50 specifically to play, then Google fucking RUINED with their shitty buggy-ass game library I'm still bitter about.
I am indeed. I play it fine via Steam on my desktop, I can barely play the damn thing on my phone.
-
@polygeekery said in OAuth is fucking cancer.:
Do they also have image recognition technology to block dick pics?
Asking for a friend.friend
-
@yamikuronue said in OAuth is fucking cancer.:
Facebook is the new AOL.
i didn't have AOL, i don't have facebook..... for more or less the same reason.
-
@yamikuronue said in OAuth is fucking cancer.:
Facebook is the new AOL.
Facebook makes CDs people only use as coasters?
-
@raceprouk said in OAuth is fucking cancer.:
Facebook makes CDs people only use as coasters?
For those of us with :
Facebook makes Floppys people format and re-use ?
-
@timebandit said in OAuth is fucking cancer.:
@raceprouk said in OAuth is fucking cancer.:
Facebook makes CDs people only use as coasters?
For those of us with :
Facebook makes Floppys people format and re-use ?
oh. well if you count that as using AOL.....
-
@weng said in OAuth is fucking cancer.:
@cheong As opposed to... You know, asking me for my personal information. OH GOD THATS LIKE A WEEK OF DEVELOPMENT. POOR BABIES.
AFAIR Tinder's rationale for only allowing Facebook was that it made it more difficult for people to put up fake information/photos about themselves. Basically Facebook already has mechanisms to verify that you are who you claim to be although they don't use them too stringently, as evidenced by me still going by the name of a famous Soviet mathematician on FB, so other parties can just outsource the whole member verification thing to them.
-
@maciejasjmj said in OAuth is fucking cancer.:
although they don't use them too stringently, as evidenced by me still going by the name of a famous Soviet mathematician on FB
they now check when you want to create a new account/ change you name, if you had it before they don't bother, unless you give them reasons to. I use the name of an elf from the second era, and whenever i want to change it they say that the name i want to use is not my real name.
also, i knew a guy named Pablo Picasso, and FB wanted to see an id card before activating his account.