Security

A Gentle Rant About the Usability of User Accounts

Recently I was involved in a massive migration project involving IdentityServer and OIDC. But that’s a story for another time. This post comes from the other side of the tracks, from the point of view of a mild-mannered user trying to create and manage their user account on your site. As software people, one of our main goals should be to delight our users. Unfortunately, as a user myself, I am often underwhelmed, frustrated, and decidedly un-delighted when faced with managing my user account.

Cryptocurrency Trading for Dum-dums — Wait… It is?

“Hey, can I make money trading crypto?" — For technologists, this question is starting to feel like the new, “Can you fix my computer?” Except that this question is so much worse, the stakes so much higher. So my response is to get all shifty and uncomfortable, launching into an super subtle staring contest with my drink. Of course, the short answer is an eyebrow scrunching, lip puckering, “um… yes…?". And yes, that’s a “yes” couched delicately between two ellipses, like an egg in the mouth of a Golden Retriever. Because “yes” is also the answer to a question like, “Can I be a spaceman and fly to the moon?”

To Trust an Extension

“Voice hoarse, I heaved a huge shoulder-slumping sigh. I’d just wanted to maximize the thing. Instead there I was yelling at all the kids on my lawn, throwing rocks at a cloud, ranting on about non-existent terms like Trust-Driven-Development. Who hurt me, you ask?” It was the forth annual company campout and we were huddled around the fire pit swapping horror stories gathered from the dark depths of the software industry, holding the fire at bay with an array of steely s’more forks.

Email Killed the Death.io Star

Not so long ago, in an office so very close, an imperial trooper used the same p@$$w0rd on every single site. The onus of easy peasy pwnage led to separate and proper passwords for important sites, led to plasticky back pats, led to proud promotions. But an imperial trooper’s memory banks are only yea big and only hold yea many passwords.

Use SSH with multiple GitLab.com accounts

Here’s the situation: The easiest and most secure way to interact with Git repos hosted on GitLab is over the SSH protocol. While most people only use one GitLab.com account, a freelancer or consultant might need to work with repos from multiple accounts. If that freelancer attempts to upload their public SSH key to multiple accounts, they’ll get the following error message from GitLab: Fingerprint has already been taken.

Use IFTTT more securely with proxy accounts

IFTTT automates many aspects of your online life. Is it going to rain tomorrow? Hey look I just got an email forecasting rain in my area. Golly thanks T-Guys! :) Or what about receiving an email or finding a new article in Pocket whenever there’s a new xkcd or CommitStrip . Or what if you want to automatically archive your tweets or internet favorites to Evernote or OneNote? Your online alliterative conditional buddy can do all that, and more.