

Show HN: I built a service to find cool people on Github - Swizec
http://githubfriends.swizec.com

======
gecko_dude
No way I'm signing in with my twitter account to any of your projects. I'm
being cautious because I still remember your blogpost about storing passwords
of 3rd party accounts in plain text.

Relevant: [http://swizec.com/blog/small-trick-for-seamless-
base64-passw...](http://swizec.com/blog/small-trick-for-seamless-
base64-password-storage-in-django/swizec/1378)

~~~
wccrawford
I don't think you understood his post, or how you sign into a third-party site
with Twitter or Facebook.

His post was about sites that DO NOT do OAUTH, and the only way to store
passwords to interface with those sites. He clearly states how insecure it is,
and the base64 thing is only to prevent you from reading their password
accidentally.

Twitter, however, DOES use OAUTH. There's no need to store your twitter
password on his side at all.

His auth page is down right now so I can't check, but I'm betting that it ends
up at a twitter.com OAUTH page that is perfectly safe.

~~~
gecko_dude
I understood his post perfectly well. By using base64 to store passwords is
just as bas as storing them in plain text, because you only rely on the good
will of the person who has access to them.

When dealing with security, this sort of practice should be avoided at all
costs e.g. a sacrifice to the functionality of your product.

~~~
cromulent
Are you suggesting that Twitter is going to give him your password, so that he
might store it in plain text?

I don't understand how that could happen. Twitter's OAuth implementation seems
fairly sound.

------
steventruong
I think the concept is cool but twitter is probably not the best vehicle of
choice for me personally. Maybe it'll work well for others.

~~~
ThomPete
Just out of curiosity.

Where would you look instead?

Could be cool to get a list of alternative ways to twitter and facebook.

Are other sites having profiles that could be accessed such as SO etc?

~~~
steventruong
I'm not sure as I haven't thought about it before so I'll think about this and
hopefully try to post back but people I follow on twitter or friends I have on
facebook probably aren't the best demographic. Chances are people I know, I'd
be linked with on github if it mattered and for the vast majority of people
linked together on facebook and twitter are probably not really all that
targeted. Sure they'd be some correlation but it'd probably be a low
percentage.

I'm not sure where you'd get a list like this (maybe you'd just create your
own) but I think linking people to common languages (i.e. python guys to
python guys) and similar projects/interests they like would have a higher
correlation.

------
gaius
The "sign in with Twitter" button doesn't appear to do anything (Safari 5.05
on OSX 10.5.8).

------
digitalnalogika
Bug: it found some people on github but all link to github.com/${login}

------
ThomPete
It would be great if you could bulk select those you wanted to follow.

