Probably referring to the rat's race between making trash cans hard for bears to tamper but usable for tourists.
The analogy is probably implying there is considerable overlap between the smartest average AI user and the dumbest computer-science-related professional. In this case, when it comes to, "what is this suspicious file?".
I'm very familiar with Keycloak, and I don't see this replacing it any time soon. As soon as I read:
>
The Ory Enterprise License (OEL) layers on top of self-hosted Kratos and provides:
Additional enterprise features that are not available in the open source version such as SCIM, SAML, organization login ("SSO"), CAPTCHAs and more
I knew it couldn't compete. Good luck to this product.
You can use other parts of the Ory ecosystem to add these features, such as Ory Polis for SAML/SCIM support: https://github.com/ory/polis
CAPTCHAs aren’t a big help anymore in my personal opinion, but you can easily integrate them on the frontend when using Kratos. The commercial offering just bundles all of this out of the box for you.
If Keycloak fits your needs well and you see no room for improvement, that’s perfectly fine; by all means use what works best for you.
This is a nightmare for security for companies that aren't big enough to pay the tax - which is most companies.
Every product, every fucking product, if it does anything, should have RBAC and SSO. These are the bare minimum. You want to hold off on SCIM for large customers, fine. Do that.
These are fair concerns, and I want to clarify what's included versus what's paid.
The confusion here is about two different types of SSO:
_Admin SSO (for managing Ory itself)_ - Ory is fundamentally an API. For self-hosted deployments, you control access however you want - through your infrastructure, reverse proxy, or using Ory Polis. This is not gated.
_Organizations SSO (for your end users)_ - This is the paid feature. It allows your B2B customers to bring their own identity provider. If you're building a SaaS product and BigCorp wants their employees to authenticate using Okta or Azure AD, Organizations handles that federation.
The distinction matters because maintaining integrations with enterprise IDPs is continuous work.
For example Google randomly changes their OIDC implementation on a Saturday evening. Someone needs to wake up and fix that. For products serving other businesses at scale, that operational burden is real.
Organizations is one of the few areas where we charge, specifically targeting the B2B SaaS use case. If you're self-hosting for internal use or building a consumer product, you don't need Organizations.
If you're selling to enterprises that require SSO, you're generating revenue to support the cost.
If every plan is not getting access to at least SSO / RBAC, you are contributing to a weaker security ecosystem that disproportionately impacts non-Enterprise organizations (most organizations).
I used to be a team that hosted internal enterprise services and this was the main reason we used helm. Someone wrote charts for these self-hosted applications.
(Not all of them were written in a sane manner, but that's just how it goes)
I'm interpreting this as mid-1990s, in which case I very much believe in your technical ability. My dad came over late-1990s and he worked at mid-sized companies ever since. Even then, he and his H1B peers were decently intelligent.
I would caution your defense of today's H1B/L1s/OPT workers; I'd say the quality of Indian engineers in the US has halved every 10 years.
Today's Indian engineers come to the US because they can't enroll in a decent college in India and/or obtain a upper-middle class salary from a job. It is an entirely different mechanism for which people are migrating over. It used to be brain drain, now it is sewage drain.
The H1Bs in the big tech companies are maybe 50/50 technically decent, but everywhere else, they are just taking contracting spots. It is a very corrupt and bloated system that has to go because they are not providing valuable work.
We just had a power outage in Ashburn starting at 10 pm Sunday night. It restored at 3:40am ish, and I know datacenters have redundant power sources but the timing is very suspicious. The AWS outage supposedly started at midnight
Even with redundancy, the response time between NYC and Amazon East in Ashburn is something like 10 ms. The impedance mismatch and dropped packets and increased latency would doom most organizations craplications.
This reminds me of the twitter-based detector we had at Facebook that looked for spikes in "Facebook down" messages.
When Facebook went public, the detector became useless because it fired anytime someone wrote about the Facebook stock being down and people retweeted or shared the article.
I invested just enough time in it to decide it was better to turn it off.
The analogy is probably implying there is considerable overlap between the smartest average AI user and the dumbest computer-science-related professional. In this case, when it comes to, "what is this suspicious file?".
Which I agree.
reply