Let me bite, as someone who usually hates JWT but sometimes uses it, including for browser auth.
Why JWT is bad: it's a cargo cult solving a non-existent issue in a more complicated way than necessary. An HTTPOnly session cookie containing just a random ID is shorter and easier to handle.
Why JWT is also bad: a typical way to use it exposes too much attack surface. Almost every JWT library has way too much functionality, supports multiple algorithms, and many people are too sloppy with their dependencies, so you probably haven't read every line of code that runs in your auth.
How to use JWT safely:
1. Have a use case that cannot be easier solved with just a random session identifier. For example, one party creates tokens and another unrelated party verifies them. If same party issues and validates tokens, you better have a super high load, unique use case -- but then you're senior enough to not take random advice from strangers.
2. Write your own JWT handling code. It's literally a few lines of code to create tokens and a few dozen to validate. Only implement the exact algorithms and claims you use.
3. In a typical scenario, JWT should still carry something like a user ID which you should immediately verify against a database. Stateless sessions doesn't mean no DB lookups on validation. If you DO authenticate based on the token alone, the token should be super short lived (seconds or single digit minutes).
HN is full of people who don't actually fully understand the subject matter speaking confidentiality. And lots of arguing even when they are clearly wrong.
Similar. I use this as a traveling external monitor. I have a face that works well without the face seal and with the old dual band: Counter weighted with the back of my head in a way that floats the headset over my nose/face. Going back to squeezing this onto my face like the old knit band seems like it would go backwards in comfort. How can anyone have this pressed against their face for 8+ hours?
The best is to have a pulley system above your head that removes the weight of it from above. I’d like to see someone implement this via a backpack / should strap for mobile use.
It’s still a bad plan. Who is going to buy their stuff, with what money, when all jobs are replaced by robots and AI?
Capitalism is driving this hype around cost cutting with AI, but capitalism requires people have capital to buy various goods and services. Where is that going to come from when unemployment hits 100%? Who are the customers?
Why would anyone be excited about this future before solving for this problem?
The economy as we know it doesn't matter to technofeudalists, it's just the fastest way to get what they want for the time being.
The last 50-80 years have been an aberration in terms of distribution of wealth, income and power. What AI owners want is a return to a world of lords and peasants, and with that comes with a shift of economy that serves the needs of consumers to an economy that suits the needs of those with incredible wealth.
Institutional investors will leave the middle and lower classes behind in favor of making a ton of money serving the needs of the incredibly rich, their families and their friends, and that will be the new formal economy. Everyone else will be served by informal economies that don't see institutional investment.
The larger issue is that money is fundamentally a record of human effort (unless we're talking corporate value and then it's something a bit more).
With the automation of labor and cognitive effort, MONEY won't matter. They don't need customers. They only need the automation required to produce. Which will be broadly and cheaply available, all the way to the end because people will be competing for disappearing jobs.
There is no precedence for this kind of change; think Internet, computers, and the assembly line all packed together into a 5 year window, globally. And consider that there's no apparent end to the level of development and impact. Using historical metrics (like customer base or resource availability) is not going to help understand what's coming.
Well because the investors are excited at the prospect of living lives of lavish robot-serviced luxury, even if that means all the rest of us need to die
If only it was more comfortable I'd really use it for everything and all the time. For work with my Macbook as an external monitor. And with built in apps lounging around as you would an iPad, phone or Apple TV.
reply