Windows NT on 600MHz machine opens apps instantly. What happened?

(twitter.com)

752 points dceddia | 1 comments | 23 Jun 23 14:02 UTC | HN request time: 0.001s | source

Show context

verall ◴[23 Jun 23 14:36 UTC] No.36447353[source]▶

A lot of people are bringing up Wirth's law or other things, but I want to get more specific.

Has anyone else noticed how bad sign-on redirect flows have gotten in the past ~5 years?

It used to be you clicked sign in, and then you were redirected to a login page. Now I typically see my browser go through 4+ redirects, stuck at a white screen for 10-60 seconds.

I'm a systems C++ developer and I know nothing about webdev. Can someone _please_ fill me in on what's going on here and how every single website has this new slowness?

replies(16): >>36447462 #>>36447463 #>>36447473 #>>36447749 #>>36447944 #>>36448057 #>>36448342 #>>36448778 #>>36448926 #>>36448930 #>>36449089 #>>36449478 #>>36450517 #>>36450908 #>>36453785 #>>36460900 #

Nextgrid ◴[23 Jun 23 15:12 UTC] No.36447944[source]▶

>>36447353 #

The sad part is that we have an OS-managed standard for SSO called Kerberos, successfully used as part of Microsoft Active Directory, and for which most mainstream OSes still include support. This allows any application on your machine to inherit that auth without ever seeing a single login screen.

While it can't easily be used cross-companies (and thus why SAML/OIDC exists), it's perfect for internal company infrastructure, and SAML/OIDC can still be handled somewhat seamlessly by having a minimal service that verifies your Kerberos identity and immediately dispatches you back to whatever third-party service you wanted to authenticate to, with no intermediate login pages or even any kind of UI (this service doesn't need UI because your authentication is managed via Kerberos for which your OS provides the UI).

The problem is that you can't make money (nor "growth & engagement") off stable, battle-tested stuff that already exists and happily works in the background, so Okta/etc shareholders need to peddle worse solutions that waste everyone's time and processing power.

replies(3): >>36448688 #>>36448821 #>>36449073 #

1. pzlarsson ◴[23 Jun 23 16:25 UTC] No.36449073[source]▶

>>36447944 #

SSO can seem intimidating to someone new to authentication implementations. I think this is in part because it is a bit complicated but also because it is an inherently invisible technology which we dont need think about as users. Sign in with fb/google on the other hand is something we all see in our day to day business and have at least some kind of mental picture of how it works. We've also seen it used as authentication for otherwise poorly implemented services so we might think that "since they managed to use it, how hard can it be?". Hence, a lot of developers and product owners choose those instead of SSO.

↑