←back to thread

Windows NT on 600MHz machine opens apps instantly. What happened?

(twitter.com)
752 points dceddia | 5 comments | 23 Jun 23 14:02 UTC | HN request time: 2.68s | source
Show context
verall ◴[23 Jun 23 14:36 UTC] No.36447353[source]
A lot of people are bringing up Wirth's law or other things, but I want to get more specific.

Has anyone else noticed how bad sign-on redirect flows have gotten in the past ~5 years?

It used to be you clicked sign in, and then you were redirected to a login page. Now I typically see my browser go through 4+ redirects, stuck at a white screen for 10-60 seconds.

I'm a systems C++ developer and I know nothing about webdev. Can someone _please_ fill me in on what's going on here and how every single website has this new slowness?

replies(16): >>36447462 #>>36447463 #>>36447473 #>>36447749 #>>36447944 #>>36448057 #>>36448342 #>>36448778 #>>36448926 #>>36448930 #>>36449089 #>>36449478 #>>36450517 #>>36450908 #>>36453785 #>>36460900 #
1. kitsunesoba ◴[23 Jun 23 15:19 UTC] No.36448057[source]
Google and Microsoft are the worst for this. When you sign on you can see it flashing through several of their products, signing you on in each, before finally redirecting you to wherever you intended to go.

It might be done for user retention reasons with the idea that people are more likely to use sites they're already signed into, but I really don't need to be signed into YouTube when I sign into my Google work account. Please just skip that and sign in a few seconds quicker.

replies(3): >>36449188 #>>36450150 #>>36451394 #
2. jeroenhd ◴[23 Jun 23 16:34 UTC] No.36449188[source]
I'm pretty sure Google does it to set all the appropriate cookies on the right domains. Microsoft probably has similar redirect flows.

You can either do the redirects all at once on login or do them once you use the service first. Since login is already a time-consuming process (username, next, password, next, 2FA, next) I think you may as well take a second to add the redirects and be done with it.

It doesn't make much sense for Google work accounts but it makes sense if those are a minority on the platform. They could definitely patch this out, but then again the login process is something that takes a second extra every month or so, so who really cares.

What does bother me is how every service wants you to enter your username and password separately now. Autofill gets confused and sometimes even stops working because the stupid hidden input fields for the password don't get shown until you click the magical "next" button, just in case you need a special third party auth service.

Either decide that work accounts are important and take out the extra YouTube redirect, or decide they aren't important and let me fill in my username and password on a single form. Both make complete sense individually but combined they're just a massive waste of time.

replies(1): >>36449984 #
3. tracker1 ◴[23 Jun 23 17:41 UTC] No.36449984[source]
When I've done login screens, I usually also include a hidden password field so that the password manager can autofill... this way, it's already filled when the password field is visible after clicking "next". It's at least an improvement to the workflow for those of us using a password manager.

Explaining it to the SecOps person, that was painful though.

4. Peanuts99 ◴[23 Jun 23 17:53 UTC] No.36450150[source]
It's because Microsoft and Google are the two largest identity providers around. Microsoft has M365 logins that can be configured with about 12 different authentication systems, as well as the various services like outlook.com, Hotmail etc. It has to check the login against those systems and then redirect you to that system.
5. imp0cat ◴[23 Jun 23 19:47 UTC] No.36451394[source]
Modern browsers heavily restrict cookies. The redirect chain right after login, that takes you through all subdomains, is a way to evade cookie restrictions if your sites use different domains.