Hacker News new | comments | show | ask | jobs | submit login

Wow, so they moved off requiring you have a Twitter account to requiring you have a Github account. Keeping in mind that requiring any 3rd party account to use your own service is a bad idea, this sounds even worse.

Have you ever tried to sign up for a Github account? Last I checked they made you perform a bunch of scary crypto stuff on your local machine before they'd let you in. I gave up at that step, as it would have required downloading and installing a bunch of random software to pull off. No idea why they would make people do that (and it's why I still don't have a github account), but...

To limit your service to only accept customers who have navigated that minefield? Sounds like the ultimate form of adding friction to your signup process.




No idea why you would think github is a minefield.

> Last I checked they made you perform a bunch of scary crypto stuff on your local machine before they'd let you in.

Generating an SSH key is 'scary crypto stuff' ? One would hope anyone using git, and really any developer would have already done this many times before.

> I gave up at that step, as it would have required downloading and installing a bunch of random software to pull off.

You mean install a single program, git, which is sort of a perquisite for using, well, git? The windows installer includes the programs needed to create an ssh key and macos / almost any *nix distro will already have them installed.

I think its pretty clear that elastic.io is targeted at developers and I can't possibly imagine a developer having any issue signing up for github, installing git and generating an ssh key. If such developers exist they are likely very new to development and thus probably aren't a good match for a beta signup anyway.


I sincerely hope that this is a troll comment. I suppose it's subjective, but I don't consider "ssh-keygen -t rsa" to be scary, and I would've thought that most developers would've already have OpenSSH installed (which is the only dependency for generating keys, not "a bunch of random software.")

Do you really have no idea why they would make people do that, though? Maybe it's so that your source code can be securely protected so that only you can access it and modify it?


I'd really like to know if the original comment was a troll, joke or otherwise as well. According to the posters profile he is actually a developer of several services.

If it wasn't a joke of some kind I'd like to make a note to never trust any sensitive data of any kind to his products.

Considering generation of an SSH key 'scary' is a pretty strong indication to me that there is no tangible level of security being implemented.


Do you even need an SSH key to get an account? I'm pretty sure that's done after the fact.


Thnx for your comments Jason. Indeed any 3-rd party sign-in module lower down the conversion, however, on a given stage it's intentional. We would like to speak out to developers, and to those who are familiar with basic principles of open source software. So Github account is kind of filter for now.


I can certainly understand the sentiment, but requiring a Github account still seems arbitrary and limiting. There are lots of great open-source developers who don't use git or github.

For example, I'm a ruby developer, so yes most of the open source development I do involves Github. But even I know about (and use) projects like zip-ruby [1] on Bitbucket or redmine [2] on svn.

[1] https://bitbucket.org/winebarrel/zip-ruby/wiki/Home

[2] http://www.redmine.org/


I agree that using third party accounts as part of a service is a bad idea.

But you must be kidding about GitHub signup? There's nothing to install locally for a GitHub signup.

Also, saying the "crypto stuff is scary, I won't do it" is similar to the old "math is hard, lets go shopping."


Surely you're joking...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: