Hacker Newsnew | comments | show | ask | jobs | submit login
XAuth – a Terrible, Horrible, No Good, Very Bad Idea (hueniverse.com)
40 points by dotBen 1818 days ago | 9 comments



Other terrible, horrible, no good very bad ideas include toolbars that fly out on page load and pop ups that ask you to read some message that i completely ignored while I tried to hit the 12x12px 'X' button in its top right corner.

Otherwise, great article. I need to remember to click that new Safari 'Reader' button.

-----


Yeah, I added the site to adblock after I saw that popup. Not cool. If I like your blog, I'll remember to promote it on my own. Now all I remember about the blog is that the author is a douche that reads too many "you should follow me on twitter" articles.

-----


In case you read comments before stories, no, this is not the xauth you're likely thinking of.

-----


Really? Which one were you thinking of?

-----


Ahem: http://www.x.org/archive/X11R6.8.1/doc/xauth.1.html

-----


Heh, I guess what "you're likely thinking of" depends on your frame. I haven't thought of that xauth in years ... never occurred to me that someone might decide all of a sudden to start bashing it today.

-----


Although I agree with Eran, in the interest of balance let me also link to John Panzer (of Google, but writing independently) who tries to address some of Eran's concerns:

http://www.abstractioneer.org/2010/06/xauth-is-lot-like-demo...

-----


Even Googlers agree with Eran, xauth is just a temporary solution, the real solution should go into the browser, maybe with a API that is xauth compatible. Mozilla is already working on those ideas.

edit, from another googler: http://www.google.com/buzz/dclinton/RcW6X3EjKj1/John-Panzers...

> John Panzer's take on the XAuth project is pretty much spot-on. It's not that XAuth is what anyone wants for the ultimate answer in this space. > Rather, XAuth is a short-term way of pushing for any momentum in this direction.

> There are a number of companies leading it, btw:

> MySpace: http://xauthdemo.myspace.com/

> Microsoft: http://xauthdemo.mslivelabs.com/

> Yahoo: http://developer.yahoo.net/blog/archives/2010/04/xauth_oauth...

> Etc., etc. (Eran suggested this was Google-led, which didn't quite strike me as accurate, given that Yahoo, Microsoft, MySpace, etc., were all as involved as Google was.)

> For more background on XAuth, I did a round-up of the various announcements and responses during the XAuth launch:: http://www.google.com/buzz/dclinton/CYgLcs24yqP/

-----


Oh dear. Computing sometimes has naming conflicts, but choosing 'xauth' as your authentication scheme when there's already an authentication scheme named xauth?

> Security guy 1: xhost is deprecated. use xauth.

> Security guy 2: xauth? But that's reliant on whoever controls a single domain.

> Both: ???

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: