Interesting take considering graphql adoption is growing and generally in favor at my company.

Is this VM somehow related to Lynx (their cross platform dev tooling?)

https://lynxjs.org/

Also discussed on HN

https://news.ycombinator.com/item?id=43264957

From the article:

> Rocha explained that KOBO’s bone marrow is actually “full of oil,” even though the whale has been dead for more than two decades.

> “It’s seeping out through the pores of the bones,” Rocha said. “The outer edges of the bone are a little more porous than human bones and [gravity is] just pulling the oil out.”

I think you just fell into the trap.

If the panels are 20% more efficient, wouldn't you need to install 20% less of them?

As an aside to the topic, that's not quite how the maths would work. If the panels were 100% more efficient, you wouldn't need 100% less of them

If the panels were 20% more efficient, you'd want 1 -1/1.20 = 16.7% less of them.

Yes, but that only becomes a win if the new panels cost less than 20% more than existing ones.

If they cost less than 20% more _total_, including installation costs, which is interesting because it means the higher the installation costs in a particular area the more likely it is to be worth the added cost of the more efficient panels (which presumably aren't more difficult to install than traditional panels).

Because you don’t want to share germs with other users of the browser? The logic makes no sense and I honestly can’t tell if you’re joking.

People on this website often have difficulty detecting sarcasm, you're not alone.

I think it’s so it can look at the login method for the account and act accordingly.

If the user is configured to use SSO it can redirect to the identity provider. If it’s password auth it can ask for the password, etc.

Isn't that a security leak? Revealing what auth method the user is using.

I'm not sure always presenting the password field avoids that.

If you type in bob@sso.com for your SSO account, the password field will clearly be a throwaway, and you'll be redirected to your IDP.

Being presented with a "wrong password" error would mean the account is local.

Weeellll… you’d hope so, but some users may try to autofill a password with the right username, which will inadvertently fill the password too. And now your vendor (Quip or whomever) can potentially see your employee’s passwords. You have to trust them to throw away any password they see for someone from your org.

Oh yeah, I'm pretty sure Atlassian used to that, too. So I can understand the reason of "making it easier for users" invoked by people implementing this "two step" login.

But I'd argue this is a different issue than the one of giving out what kind of authentication a given login has.

1. It’s usually for institutions. If my email address is username@bigco.com, an attacker already knows that I use BigCo Inc’s internal SSO.

2. It’s avoids having users type (or autofill) their passwords, so if one of (for example) BigCo’s vendors is compromised, the attackers don’t learn the passwords of BigCo employees.

it would be a larger security issue if they didn’t redirect to the SSO provider and instead threw up a page asking for a password.

In many cases SSO means once you’re logged in then you don’t enter a password again for the session anyway- that only works with a redirect.

and your login might not even be a password anyway, or require more information than just a password (like MFA)- our solution for example takes into consideration what you’re logging in to, what device you have and where you are to determine the secrecy level of the thing you’re authenticating into.

Can’t do that without control.

Did you also come up with Sharknado in this whiteboarding exercise?

Yep, I’ve done something similar. Flew to a conference for work, then had them fly me to my vacation destination instead of home.

I basically ended up getting a free one-way flight for vacation.