Comment by supriyo-biswas

Comment by supriyo-biswas 10 months ago

16 replies

View on Hacker News

Great research. As I've said elsewhere, Firebase's authentication model is inherently broken and causes loads of issues, and people would be better off writing a small microservice or serverless function that fronts Firebase.

Also, for anyone trying to read the article, they should put `/oneko.js` in their adblocker.

Aaron2222 10 months ago

> Also, for anyone trying to read the article, they should put `/oneko.js` in their adblocker.

Only if you hate cats, pixel art, or are easily distracted.

Reply View 12 replies
  • Milner08 10 months ago

    Im dyslexic and I tend to use the pointer to follow what I am reading to help me. The cat was annoying as hell. I just had to hide the element in the DOM before i could read more than a few lines. Infuriating design choice to make it follow the pointer.

    Reply View 0 replies
  • nottorp 10 months ago

    Looks like someone already added it to uBlock Origin since I see no cat.

    Or maybe the cat doesn't support Firefox...

    Reply View 9 replies
    • doix 10 months ago

      Did you enable the ui.prefersReducedMotion setting? That hides the cat from what I can tell

      Reply View 7 replies
      • nottorp 10 months ago

        Hmm not that I remember. But I have reduced motion enabled on my phone system wide and maybe that synced to my desktop on its own.

        Which is scary come to think of it.

        Reply View 5 replies
      • dgellow 10 months ago

        Ah thanks, that explains why I don't see the cat everybody mentions

        Reply View 0 replies
    • eru 10 months ago

      I use uBlock Origin and Firefox (on Mac) and see the cat.

      Reply View 0 replies
  • hunter2_ 10 months ago

    I suspect it's that they hate are easily distracted (if "hate" falls outside of the series, such that it applies beyond just "cats")!

    Reply View 0 replies
zachrip 10 months ago

It's really not hard to build this safely in firebase, this could've been authored the same way in node too. I think whoever authored this either majorly cut corners or just isn't experienced enough to understand how to write authenticated controllers like this. This should scare people away from this browser, it's such a basic thing to mess up and it shouldn't have happened.

Reply View 0 replies
Sakos 10 months ago

> Firebase's authentication model is inherently broken

I'm not very familiar with Firebase. In what way is it broken and what issues does it cause?

Reply View 1 reply
  • supriyo-biswas 10 months ago

    The fact that clients write directly into the database and that it's widely encouraged.

    There are security rules in Firebase to prevent this, but bolt-on security models that the user has to explicitly enable haven't shown to work.

    Reply View 0 replies