1. 4

    It’s interesting that they didn’t explicitly prohibit ICE itself, only collaborators.

    Also, this change definitely infringes on the other lerna contributors’ copyrights, despite the explanations given by the original author. The should have used a contributors license agreement. I wish Github had better tools/policies regarding licensing and CLAs.

    1. 8

      They do ban “Microsoft Corporation” and its subsidiaries. Doesn’t that include Github!?

      1. 4

        It does, so Lerna is not available to GitHub under MIT license. GitHub is still okay, because GitHub is granted a license to publish under GitHub Terms of Service D.4. As I understand, GitHub can publish Lerna, but can’t use it.

        1. 1

          IANAL, but the purchase is not finalized yet.

          (I work for Microsoft)

          1. 1

            The state of the purchase doesn’t really change anything here.

        2. 7

          this change definitely infringes on the other lerna contributors’ copyrights

          Everyone’s contributions (and the whole project right before the license switch) are still available under MIT. MIT permits sublicensing. I guess they should’ve kept the old license in the repo and mentioned what it applies to… but there’s no actual requirement that “old git revisions don’t count as included with the Software” :)

          CLAs are terrible and unnecessary.

        1. 4

          I write at https://codeplea.com sometimes.

          1. 3

            This is awesome! Signed up. Are you planning on open sourcing it? I’m sure I would self host something like this.

            1. 4

              Thanks! I’d love to open-source it. However, I can’t justify the time commitment it would take yet. I’ve open-sourced many smaller projects, and I always feel compelled to answer every email I get. I wish I could post it and then just ignore it, but I really can’t.

              I did make a deal with myself a long time ago. If I can get enough supporters on Patreon, I will open-source it. The code is already pretty cleaned-up and ready to go. It’s pure PHP, no dependencies. No frameworks or anything.

              1. 2

                Post code with no email address to contact you? ;)

                1. 1

                  I actually did that with one project. People find a way.

                  Anyway, my name is all over this by now.

                2. 1

                  Sweet project, man! I’ve already set it up to email me whenever my name is mentioned on reddit. I’m just a poor student so I can’t justify a patreon (or I could, if it were just 1 project, but there are so many projects I’d love to support) so I’ll have to content myself with just saying thanks, it’s a great idea and a great post explaining it.

                  1. 2

                    I’m glad you like it! I put it online in the hope that others would find it useful, so I appreciate your comment!

              1. 6

                I just finished up .NET bindings for my technical analysis library. It’s something I’d been meaning to do for a while.

                1. [Comment removed by author]

                  1. 2

                    Interesting idea! I hope you share your results.

                  1. 7

                    Not really a fan of this idea. This article isn’t so much about “defending” your website as it is about attacking anyone who scans it. Vulnerability scanners are often run from servers that are themselves compromised, so retaliatory attacks like this can further victimize people who have already been owned :(

                    Still pretty neat on a technical level though.

                    1. 11

                      Many people are not even aware that they’ve been compromised… At least that helps in a way!

                      1. 2

                        Just because you’re being attacked from compromised server, doesn’t mean that you’re not being attacked.

                      1. 2

                        I’ve been running SSH on multiple servers with non-standard ports for years. Yet, I rarely, if ever, get failed login attempts. Is this really a thing?

                        1. 1

                          Worked for me for a long time, but they’ve found me now :’(

                        1. 2

                          This is neat. I really enjoy seeing how short the experts can make one-liners.

                          When I put F5Bot public, the Reddit scraper was only a handful of lines. It worked for a while, but today it’s thousands of lines. It’s amazing how many edge-cases come up to the surface. Also, the Reddit API is really quirky.

                          1. 3

                            I’m trying to finalize the scripting interface for Tulip Charts. I really want to release a public alpha soon. I’m trying to find the right balance between brevity and simplicity and elegance fro the API. In the end I guess I’ll just need to pick something and go with it.

                            1. 1

                              Why wait to open source it if that was your intention from the start?

                              1. 1

                                No real reason, other than it’s less work to publish it later. I’ll probably put it up on Github soon anyway.

                            1. 3

                              I’m still plugging along on the business end of Turnkey Telemetry.

                              In my spare time, I’m trying to make F5Bot monitor all of Reddit, instead of only specific sub-reddits. Reddit’s API and rate limiting don’t make this very easy. I think I’ll need to take an approach that makes multiple simultaneous requests.

                              1. 5

                                I’m trying to find better sales channels for my startup, Turnkey Telemetry. It’s not as fun as writing code or building hardware. I could use some advice if anyone has experience with the sales end of a similar product line.

                                1. 7

                                  It looks like https://barnacl.es/ is the place for you.

                                  1. 1

                                    Hadn’t seen that. Thanks!

                                1. 1

                                  Looks like a fairly complete list of examples.

                                  In practice, the problem I see most often is the implicit pointer cast. Implicit casts are an inherent part of C programming, so it actually shows up everywhere. However, C++ culture holds that casts are generally evil, and the language makes it difficult (while preferring C++’s flavor of OO instead). Most of these other issues you don’t often see in real code.

                                  Also, I find it a bit odd to phrase it as C being a subset of C++, instead of saying that C++ is a superset of C. I guess they technically mean the same thing, but saying C is (not) a subset almost implies that C came after C++.

                                  1. 1

                                    I got these from a couple sources, then someone pointed out this Wikipedia entry which looks more complete.

                                    Yeah, the implicit cast is part of the C philosophy that the programmer knows what they’re doing.

                                    I phrased it that way because that’s how I’ve been hearing the claim, C is a subset.

                                  1. 4

                                    This is cool. What algorithm are you using?

                                    1. 3

                                      On another discussion their response to a similar question was something like this:

                                      I can share that our platform is built on top of ARIMA models, but with a lot of pre-processing work done previously to try and figure out automatically the best parameters to use, as well as a lot of previous hand-tweaking done by ourselves in-house using different datasets (we started out tuning it for forecasting energy consumption, but figured that the resulting models were performing well enough to warrant testing in other domains).

                                    1. 5

                                      Trying to get the last few bugs out of F5Bot, my free social network monitoring service. I think I’m going to rewrite a lot of the parser code today.

                                      1. 2
                                        1. 1

                                          Yeah. I’m working on that. I’ve had a couple users email me, and I’ve manually reset their passwords. If you need me to manually reset yours, just let me know.

                                        1. 4

                                          I made something similar too, but it sends emails instead of Slack comments. It’s a free service called F5Bot.

                                          1. 3

                                            What did you use to build this? (if I may ask)

                                            1. 2

                                              Sure. I wrote it in PHP, and not much else. I didn’t use any framework. I threw together the plain HTML and CSS. The only real javascript is Datatables.js which I use to make the keyword table sortable.

                                              Because I wanted to put this out there for free, that lead me to chose the most boring and simple stack I could think of. I maintain a pretty large project in Node.js, and it’s great for what it is, but I can get a PHP site up and going with much less hassle.

                                              1. 2

                                                I take it you use a cron job to trigger website monitoring then? There’s a lot to be said for going with something as boring/quick as possible.

                                                1. 1

                                                  Yep. It’s a cron job the runs wget to load the scraper page (which includes some security checks first, of course).

                                            1. 2

                                              Lovely little product that I would pay for, the trackreddit interface is abysmal.

                                              Tech wise though - is the reason you don’t support searching the entirety of Reddit a scaling issue? I ask because the global comment firehose seems to be freely available, so I’m wondering if there is a reason you don’t use that over selecting specific subreddits. Thanks!

                                              1. 4

                                                Thanks for the feedback!

                                                I built F5Bot in only a couple hours, so I didn’t do a lot of research or planning. It appears that the ‘comment firehose’ you posted doesn’t even go back one second in time. Is that right? I’m not sure how I could realistically use that without hitting Reddit several times a second, and even then I would miss a lot when Reddit goes down (which is often, I now know). Also, when I posted to Hacker News, a couple commenters mentioned Reddit API limits.

                                                So I just took the lazy/easy way by monitoring only the few subreddits that I actually cared about anyway. In this case, I can check back every couple minutes, and if sometime goes wrong I can check back even later without missing anything.

                                                Would this be substantially more useful to you if it pulled all of Reddit, instead of the current subset?

                                                It’s nice of you to say I could charge money for this. I think I’ll leave the current feature-set up for free. Realistically, it only took me a couple hours to build, so I don’t think it makes sense to monetize that. In fact, I was thinking about going the opposite way and open-sourcing it. I might add premium features in the future, but I’m not sure yet.

                                                1. 5

                                                  Hey, we’ve documented some API rules here.

                                                  You should use a unique user-agent as mentioned in the previous link. Also using OAuth will increase the rate limit to 1 qps. If you’re using PRAW, it’ll automatically handle rate limiting for you. If you have any more questions, feel free to reply here, post on r/redditdev, or PM me.

                                                  1. 2

                                                    Would this be substantially more useful to you if it pulled all of Reddit, instead of the current subset?

                                                    Yes. Social Media monitoring is quite a large market: Mention, Hootsuite, etc but they all come with complex UI, reporting and cost quite a bit. There are a few in the cheaper “just notify me” space but the ones I have used have been fairly awful UI wise.

                                                    As to hitting reddit every second, I had made the assumption you’d be doing that anyway - but yes, it would be worth reading around to find out what they deem acceptable.

                                                  2. 2

                                                    Just checked out trackreddit. You weren’t kidding about the interface! I guess maybe they were thinking to make it more powerful, but man, they did not optimize for the common use case at all.

                                                    1. 1

                                                      It actually works, but the email notifications send you to their mobile feed which has an ever worse UI than the main app. Also when it came to cancel, you can’t within the app and they ignored my request for 2 months leaving me with no choice but to raise a PayPal complaint.

                                                      Felt like a hobby project gone wrong.

                                                  1. 3

                                                    That’s a feature on Lobsters already. I don’t know if it requires them yo use the @ before the name, though. They always fid that when I gog notifications.

                                                    1. 8

                                                      I didn’t know about that.

                                                      F5Bot allows you to monitor arbitrary keywords or phrases. So you can get notified whenever someone mentions your startup, or even your competitor.

                                                      1. 5

                                                        That would be an advantage over the built-in functionality.

                                                    1. 2

                                                      Thanks for posting this. I’ve used vim as my primary editor for a very long time, and I learned a few things here.