frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

StreetComplete: Fixing OpenStreetMap, one tiny quest at a time

https://streetcomplete.app/
367•kls0e•4h ago•72 comments

A better way to tie your gym shorts. (Or any drawstring) [video]

https://www.youtube.com/watch?v=3R0Lp86GEBk
275•surprisetalk•4h ago•104 comments

98% Isn't Much

https://whynothugo.nl/journal/2026/07/03/98-isnt-very-much/
323•speckx•4h ago•241 comments

Mapping homes you can buy from the US government for <$100k

https://govauctions.app/research/cheapest-homes-in-america
12•player_piano•20m ago•11 comments

Europe's company websites are mostly served by US vendors

https://ciphercue.com/blog/european-web-hosting-vendor-share-2026
192•adulion•4h ago•137 comments

Chat Control passed first round in EU Parliament

https://www.heise.de/en/news/Showdown-in-Strasbourg-The-unexpected-return-of-Chat-Control-1-0-113...
201•miroljub•1h ago•88 comments

Better Auth is joining Vercel

https://better-auth.com/blog/better-auth-joins-vercel
70•sync•1h ago•42 comments

Microsoft Fire IdTech Team at Id Software

https://gamefromscratch.com/microsoft-fire-idtech-team-at-id-software/
202•bauc•1h ago•201 comments

Top researchers leave USA for the Netherlands (in Dutch)

https://www.nwo.nl/nieuws/eerste-internationale-wetenschappers-via-het-tulp-fonds-naar-nederland
285•28304283409234•6h ago•218 comments

Weighing smoke: why AI visibility dashboards are mostly useless

https://betterthangood.xyz/blog/weighing-smoke/
6•iainharper•43m ago•0 comments

9 Mothers (YC P26) Is Hiring in Austin, TX

https://9mothers.com/careers
1•ukd1•5h ago

Reducing Doom Loops with Final Token Preference Optimization

https://www.liquid.ai/blog/antidoom
5•dataminer•32m ago•1 comments

Show HN: PostgreSQL performance and cost across 23 EC2 instance types

https://postgres.saneengineer.com
51•anivan_•4h ago•4 comments

But Nothing Has Changed on Our Side

https://cacm.acm.org/blogcacm/but-nothing-has-changed-on-our-side/
20•adunk•3d ago•6 comments

C++ Details of Asymmetric Fences

https://nekrozqliphort.github.io/posts/membarrier/
42•anon_farmer•3d ago•2 comments

Jim's TrueType QR Code Font

https://github.com/jimparis/qr-font
4•arantius•32m ago•1 comments

Amazon Without the Knockoffs

https://knockoff.shopping/
16•plurby•1h ago•5 comments

OpenWrt One – Open Hardware Router

https://openwrt.org/toh/openwrt/one
781•peter_d_sherman•22h ago•292 comments

CoMaps – FOSS Offline Maps

https://www.comaps.app/
727•basilikum•22h ago•180 comments

GitHub Freno: cooperative, highly available throttler service

https://github.com/github/freno
4•nateb2022•1d ago•0 comments

MacSurf 1.68 – NetSurf on OS 9 Released

https://github.com/mplsllc/macsurf/releases/tag/v1.86
4•mplsllc•38m ago•1 comments

China sentences official to death for taking $325M in bribes

https://www.bbc.com/news/articles/c33y0n1v1xjo
17•randycupertino•25m ago•18 comments

Automating AI Away

https://replicated.live/blog/away
5•gritzko•1h ago•0 comments

How to sequence your own DNA at home

https://bradleywoolf.com/links-1/sequencing-my-own-dna-at-home
346•bilsbie•16h ago•130 comments

Small AI Models Gain Traction In places with unreliable networks

https://spectrum.ieee.org/small-language-models-ai-pharmaceuticals
247•sscaryterry•17h ago•76 comments

Historic Photos of NASA's Cavernous Wind Tunnels

https://www.theatlantic.com/photo/2018/05/historic-photos-of-nasas-cavernous-wind-tunnels/560660/
87•ohjeez•2d ago•23 comments

The Art of Computer Programming by Donald E. Knuth

https://www-cs-faculty.stanford.edu/~knuth/taocp.html
153•archargelod•11h ago•42 comments

GLM 5.2 and the coming AI margin collapse

https://martinalderson.com/posts/the-upcoming-ai-margin-collapse-part-1-glm-5-2/
639•martinald•20h ago•412 comments

Microsoft Can Track Users via a Windows Device ID

https://www.pcmag.com/news/a-hackers-arrest-reveals-microsoft-can-track-users-via-a-windows-device
281•ifh-hn•8h ago•119 comments

Ask HN: Where are the good search engines for mathematical formulas?

29•lo0dot0•2d ago•10 comments
Open in hackernews

Better Auth is joining Vercel

https://better-auth.com/blog/better-auth-joins-vercel
63•sync•1h ago

Comments

mrcwinn•1h ago
I nearly considered using them recently. So glad I dodged the bullet!
ftchd•1h ago
Ain't nobody buying Jose, yet
electriclove•1h ago
Umm.. so what did you end up using?
bstsb•1h ago
can Vercel give any assurance that they won’t add a reliance on their closed-source cloud offering for the package? especially given their ownership of next-auth too

i really loved better-auth’s DX but the nature of their database adapters means it’s relatively easy to switch over to another provider/library

Jnr•50m ago
From what I remember, next-auth is kind of dead and Better Auth developers have been maintaining security of next-auth for some time now. (or was it Vercel that did the maintaining?)

Better Auth is the go-to solution for many people using Nextjs, so it makes sense that Vercel puts some effort in maintaining it.

I have never had issues running Nextjs in regular containers, it is just a good open source solution, I don't see why it would be any different with Better Auth.

Raed667•1h ago
I was wondering when that would happen, it was meant to be since the beginning
khurs•59m ago
Reminder - KeyCloak was donated to CNCF so a safe choice

https://www.keycloak.org

https://www.cncf.io/blog/2023/04/11/keycloak-joins-cncf-as-a...

nvegater•39m ago
how is this related to better auth ? In my understanding, keycloak and better auth are fundamentally different. I would compare keycloak more with Ory for example.
vaishnavsm•19m ago
Keycloak and Better Auth aren't as fundamentally different as you may think! Better auth supports authn/z, being an identity _source_, being an identity provider, being an OIDC/SSO provider (so others can login using better auth), rbac, SAML/SCIM, and a ton more. It's actually really powerful! Most folks found better auth as an alternative to next-auth/auth.js - but better auth does a lot more than those.

(some of those features are enterprise only)

jzebedee•18m ago
It's a good reminder, because in the auth landscape I wish I had just picked up Keycloak and stuck with it. Commercial auth is a bad value proposition and not the kind of infrastructure where you want to have acquisition churn happening often.

The self-hosted space is another headache. I wasted so much time trying to make smaller self-hosted auth solutions work, since Keycloak has a reputation for being heavyweight.

I looked into the Ory stack extensively trying to actually use it as advertised for self-hosted / open-source auth. It's aggressively gimped and its SSO features are emphatically _not_ open-source and are gated behind licensing, with no way to find out until you're actually running it.

It's also just unfinished. Their "stack" is a lot of cobbled-together Go mixed with incompletely rebranded acquisitions like SAML Jackson (now "Polis"), which they managed to gut so completely it went from a best-in-class OSS library to unusable.

slig•56m ago
Love better-auth, and congrats to the team!
mooreds•52m ago
Congrats to Better Auth. I'm in the auth space and see all kinds of things.

Anything that makes it easier for developers to build secure applications is a win!

whalesalad•51m ago
Auth is not hard to roll yourself. Crypto: don't do it. Auth? Easy peasy.
nicce•35m ago
Rolling auth by yourself is very messy. Storing tokens correctly, rotating and using correct tokens, with correct parameters and so on. Endless footguns.
lackoftactics•10m ago
also the conseqeunces of implementing it badly from scratch don't make sense if you can use battle-tested solution
mooreds•35m ago
Oh man, it really depends(tm). If you are building a small internal app, sure, but you'd often still be better off leveraging a social provider or employee directory.

I work in the auth space (for FusionAuth) and we run into plenty of folks that started out rolling auth themselves. Just username and password right? A bit of hashing, salting and leveraging a built-in crypto library.

But then you need to add account recovery. And then MFA. And then registration. And then progressive registration. And then webhook integration. And then passkeys. And then SAML integration. And the delegated SAML setup. And then and then and then.

You're distracted from your core application by feature requests for your login system.

You have lots of options nowadays. Use a library provided by your framework (Rails, Spring, and Django have them), use a tool like Better Auth, use a third party system like FusionAuth or Auth0. But don't build undifferentiated functionality that impacts your user experience.

PS Of course, where I stand depends on where I sit, but I firmly believe that you should not build an auth system the same way you should not build a database.

sandeepkd
agrippanux•49m ago
Uggggg I just implemented Better Auth for our new product - time to start looking for backup plans. I used to be a huge Vercel fanboy but everything they have done in the last few years turns into a complicated mess.
__s•36m ago
Silent execution of tremor was a pain in the ass trying to upgrade to nextjs 15 / react 19: https://github.com/tremorlabs/tremor/issues/148
ebeirne•47m ago
This is amazing although I would really like for them to explore filling the backend gaps. An acquisition of Trigger.dev or Inngest would be the obvious move and nobody would be surprised. Thoughts?
magnio•40m ago
I used Better Auth for my mobile app backend. It works okayish. My biggest complaints are the OpenAPI specification gets little care, as it mainly caters for JS frontend, and breaking changes in patch version are more common than most packages.
fnoef•35m ago
Ah, here we go again.

Glad I decided to roll my own auth rather then using some library. I had a feeling that eventually they will join Vercel.

notatoad•32m ago
Yeah, we rolled our own auth as well. Everybody says you shouldn’t, it’s a risk, etc etc.

but to me that’s less risk than our auth getting bought by somebody whose business goals don’t necessarily align with mine.

pzo•26m ago
why not instead fork repo just in case but still use better auth until proven wrong? In case they go evil you just build from you forked one. At that point you would still have to either maintain your own auth or better auth fork.

With current AI your agents probably still will be better with maintaining a fork. Auth libs have pretty limited API surfaces comparing to e.g. ui frameworks.

fnoef•14m ago
I prefer to maintain my code, tailored for my need, than maintaining a massive library that has support for every authentication method there is, while trying to be as generic as possible and fit every business.
bekacru•31m ago
Bereket Here

the team at Vercel has been my biggest inspiration and always reflected many of the reasons we started working on Better Auth. This would allow us to focus more on what made better-auth great in the first place It hasn't even been 2 years since we started but thank you everyone from the open-source community for helping us make an impact in short amount of time. There is a lot to do to improve on open source auth and im really excited to be back focusing full time on building

oooyay•19m ago
You're saying that BetterAuth will remain 100% free and open source, will continue to be maintained, and unlocked from Vercels ecosystem?
bhouston•20m ago
Congrats BetterAuth! It was the system I was considering before I rolled my own auth system around the passwordless concepts of: OPT + Passkeys + Google login. It is quite nice and simple and I've ported it to 3 separate projects now just via LLM:

https://ben3d.ca/blog/passwordless-login-system

If you are building a user system with a database already, adding passwordless auth is easy.

zuzululu•16m ago
im amused that people are still relying on third party for handling auth when you can roll your own now with LLMs
lackoftactics•12m ago
It's one of those things you shouldn't trust LLMs to such an extent; that part should be very solid because the consequences of bad practices are getting to front page of hacker news :)
zuzululu•5m ago
depends what LLM you are using but most frontier models have seen almost every github/doc/best practices its very hard to get something like supabase/lovable type of mess unless you purposely prompt it to be bad without much inner knowledge but even then it is rectifiable with the right prompts
RichardChu•12m ago
Better Auth is great, I use it for all my projects. Congrats to the team!
mariopt•11m ago
So, it's just a matter of time until they destroy this project in favour of their cloud interests. Such a shame, it is (was) a nice open source project.
aeneas_ory•7m ago
Probably the first time reading that the Ory stack unfinished! Sorry you had a frustrating time, but there's 10 years of development and many happy customers + adopters who see it differently! Polis / Boxy still works as before, we didn't gut or take away anything.

Open source development needs to be paid by someone - most of the time people complaining about paying for software are working themselves (for money!) in some company. B2B login is a good value differentiator, because it's mostly required by companies selling to other companies meaning they can spend some money on licenses to further develop software.

Ory powers the largest technology providers, and super small solo projects. It's robust, stable, Apache2 licensed. It's the best CIAM tech out there that's free (!!).

In the end, everyone is entitled to their opinion but the "open source can't make money" train is honestly a bottom tier opinion.

kommunicate•18m ago
Is keycloak still the only real game in town for open source authorization (not authentication; that part is totally fungible)?
vaishnavsm•12m ago
If you're willing to take the pain of setting up an actual authz model, I've found OpenFGA^ to be really nice. We used it to set up some pretty complex authz involving cross-agent/user/org creation and sharing of data. It's not _simple_, but it is effective.

It's Apache 2.0 and a CNCF incubating project.

[^] https://openfga.dev/

vaishnavsm•15m ago
I really want to love KeyCloak. I've had really bad experiences with weird uptime bugs and crash loops that kept me from giving it an honest retry over the last couple years.

It also really shows its age, imo. The interface is clunky, roles and groups having overlapping responsibilities is confusing, making custom UIs for it makes me feel ancient, etc.

I really can't complain though. There is simply no alternative that's as open atm. It's also not easy to make one ( I tried :( ).

andrewstuart2•8m ago
Showing its age is also a badge of honor for such a critical part of one's infrastructure. That means it's been beat up on and run through the ringer for a decade plus at this point and had lots of chances to fix CVEs and other bugs. Not to say there won't be more, but being older and time-proven for an IdP is a major positive.
•
25m ago
Unfortunately its a common misconception, it feels easy, however auth is a lot more harder to do it right, specially when it comes to recovery. A simple example, protocol like TOTP (time based OTP) uses the concept of shared secret and almost every implementation stores the secret as it is in their databases
djfobbz•18m ago
Correct! As a Ruby dev, I started using rodauth and never looked back! https://rodauth.jeremyevans.net/