Graham Cox

I'm not sure about books but there are plenty of mobile games that are effectively that idea...

I've seen a few posts/videos from actual, professional historians - people who's entire academic career is around studying this stuff - who have pointed out a significant number of parallels been 1930s Germany and 2020s USA...
But sure, it's nothing to be worried about...

Trump probably won't. From how he looks, he's likely to die from natural causes before seeing anything resembling justice...

I'm curious. When (if?) Andrew is found guilty of paedophilia and espionage, will they reopen the tower for him?

I suspect we're all much more than £1,000 poorer directly because of leaving the EU...

It's a really bad thing that I have to look to see if it's satire or not...

Ghislaine Maxwell, a convicted child sex trafficker, gets gardening time, sports, therapy dogs, and spa products in prison.

Migrant children in custody are sleeping on concrete floors without enough food or clean water.

Our priorities are so fucked.

Oh great. Apparently Elon Musk is supporting Rupert Lowe and his new UK political party that is to the far right of even Reform!

What if you've got a British passport and white skin? Do they think it makes you British then?

It always amuses me to see people trying to argue that <insert blatantly obvious political thing> book or film or whatever isn't political.

Like the people who claim that Starship Troopers isn't political. Or Warhammer. Or Star Wars. Or.....

I mean, how oblivious can you really be?

Other than that I'm looking at WorkOS - which has a complicated API but probably does what's needed, Logto - which has a non-standard OIDC implementation, and I need to look at Auth0 again to see what they're like these days.

Everybody else just seems to fail my list too badly to consider :(

Worse, it means that, if you have separate web, Android and iOS apps then they all need to use the appropriate frontend SDK so migrating is much harder. I'm also not convinced they can do step-up auth properly, since I can't get that far without building an app to use their SDKs in!

The one that comes the closest is Cognito, but their MFA support is badly broken and their APIs aren't nice to use.

Clerk, Kinde and PropelAuth come close but there seems to be no way to do things like MFA enrollment, change password, etc without their frontend SDK. Which ties you to them heavily.

I've spent the day going through cloud-hosted IdP offerings, and it's very depressing.

I've got a shortlist of requirements that I think are really the bare minimum for 2026:
- Free tier
- Local password auth
- TOTP MFA support with step-up auth
- Hosted login/signup UI
- Comprehensive API support

Corporate bribers must be allowed to continue influencing the elections. As must Russians and Israelis, and other foreign states.
Just as long as the 0.000003% of election fraud from illegal immigrants is avoided, and they also stop women, legal immigrants and other blue voters from voting...

I wonder if a lot of the people who don't have a significant issue depending on ChatGPT/etc to do their work for them just didn't have the trauma of dealing with Clippy...

The democrats refuse to vote for voter suppression.
...
There will be voter suppression for the midterm elections, whether approved by Congress or not!

I feel this still stands true... 😡😡

bsky.app/profile/grah...

I'd also argue that the lack of Nazi propaganda and CSAM on Bluesky is quite a big difference too...

It's built on sand, not of which it had any legal right to.

Don't forget how much of the training data was illegally obtained. Which these GenAI companies are allowed to do because billionaires and their companies are legally immune to consequences...

Except it won't.

What will happen is that people will get angry at the super-rich for raping (and maybe murdering and eating?) children, and then they'll all get away with it and carry on doing it anyway... Because we all know being super-rich means no consequences to your crimes... 😡

I'm just signing up now to have a play :)

FYI though, the "How did you hear about us" lists X but not Bluesky. You might want to fix that ;)

It doesn't do anything complicated like redirect through a login flow again. It just puts an extra textbox on the screen for the MFA code iff the user has opted in to MFA on their account.
And by enforcing it on my API there's no way someone can get around those actions without the authenticator...

Right now I'm using Cognito with their hosted login UI.
I've got my app requesting an MFA code for certain actions - change password and disable MFA so far. These will be UI screens inside my app using APIs that I built that then validate the MFA code with Cognito as part of performing the action.

Is there any way to do this if you don't want to bother building your own login UI?

Apparently the use case I'm taking about is "step up authentication". It's requesting additional confirmation that the user performing the action is really the user they claim to be, and not - for example - someone walking past an unlocked laptop...

“Subjecting children to Bad Bunny’s dancing is disgusting!” shouted the man who subjected children to raping.

Be careful with his wording.

He didn't say the others didn't kill people. He said they're not allowed to.

Which implies that ICE *are* allowed to kill people. And we know that from the fact that they've murdered I-don't-know how many people with zero consequences so far...

Last time I looked, the *only* IdP offering that has a cloud hosted option with a free tier that supports MFA and manually checking MFA codes was AWS Cognito.
I'd rather avoid AWS for obvious reasons though. And their offering is a bit patchy too - e.g. it doesn't support recovery codes at all!

For example, certain highly destructive actions (e.g. delete account) would hugely benefit from having it verify MFA codes first before performing the action. But in order to do that, I need an IdP that allows me to do that manually instead of only as part of the login flow...