Another feature request. Why not have a nice webui interface to this? Obviously could just vibecode something on top of what you did but putting it out there that that would be cool
The goal was a fast terminal tool, and I'm not ruling it out, but considering how hard it would be to compete in the SERPs with other whois sites, I don't think I'd spend the time on it right now
Why would you care about competing with other whois sites? I don't think it's going to be a money making venture in any case, and you could easily host it for free on fly.io
This was really just a personal tool I built because I got tired of parsing default whois output. Don’t have the bandwidth for a web UI right now, maybe down the road.
It’s not about making money. It’s more that there’s no real way for people to discover it by competing for visibility on whois-related searches against established sites.
The link doesn’t load for me FYI. A web version would be in Go, reusing the TUI internals. All doable, just not where I want to spend my time right now. I’ll likely get to it at some point.
> Ghostty 1.3 is around the corner, literally a week or two away, and will bring some critically important features like search (cmd+f), scrollbars, and dozens more. In addition to GUI features it ships some big improvements to VT functionality, as always.
I’ve made over five reports for this exact spam scenario, and never once have y’all acted on them. I have a hard time believing you ban spam accounts that clearly violate your ToS.
I'm confused. How do you know what account scraped your email address from github in order to send you an email?
Or do you mean going after the accounts of companies that make use of a likely scraped email address? That's not a bad idea either, but it has risks and isn't the same thing.
Half the time they literally say it in the email. I just looked in my spam folder and just a few hours ago got an email titled "Your profile: Github", that started with:
> I came across your profile on GitHub. Given you're based in the US, I thought it might be relevant to reach out.
>
> Profile: https://github.com/tedivm
That they use some of their trillion dollar marketshare to solve it, why are you acting like this is a hard problem? It's not. They're just too cheap and greedy to do anything about it.
Even if they were valued around $100million they would still have more enough resources to solve this problem. Stop excusing companies that hate hiring people and are so greedy they would rather punt this problem to the commons fucking over an entire community that literally enabled them to exist.
Come on here, even Meta hires people in Kenya to look at CP and snuff films to label this stuff. Meta! They literally profited off of a genocide and they still know how to do this.
One would expect people on Hacker News to know that a single business division doesn't have direct access to the funds of other business divisions of the same corporation.
How did you connect joe@legitbusiness.com, where spam usually originates from for me (hacked email accounts), to a specific github user account that was used to scrape the data, which microsoft can choose to ban? And that's assuming they believe you're being truthful and not simply angry with the user whom you're reporting
As others have noted, the emails frequently include the sender's actual GitHub username or organization in the body or signature.
Attribution isn't speculative. The DKIM/SPF headers show the messages are authenticated and sent through the company's own mail servers, signed by their domain. These are not spoofed "joe@legitbusiness.com" messages. I include the original headers in every abuse report.
In several cases I've engaged directly. One founder replied to my "stop spamming" email and later sent me a LinkedIn request. When the name in the signature, the GitHub profile, the authenticated sending domain, and the LinkedIn account all align, the hacked-account explanation no longer fits the facts.
What shared traits do you see between Amarillo and Knoxville? Having visited both, Amarillo is distinctly High Plains/Western while Knoxville is Appalachian. Different cultures, geography, everything.
Family goes to a non-denominational evangelical church in Knoxville, family goes to a non-denominational evangelical church in Amarillo. Both would probably be the same denomination but its unpopular to claim a denomination these days. After church its dinner that's a meat + 2 vegetables and cornbread. There's a big ford in each driveway that hasn't hauled more than dogs and kids since the day it came home. Maybe its just my biases but I just did not have any culture shock outside of how long it takes to drive anywhere out west.
> There's a big ford in each driveway that hasn't hauled more than dogs and kids since the day it came home
I can't speak on Knoxville because I've only spent a day there, but I've spent a good bit of time around Amarillo mostly from driving between CO and TX over a hundred times, although not really in the suburbs.
Saw a lot of beat up trucks that looked like they were owned by blue collar folks and used for truck things. But of course there's also plenty of brodozers, which I'm assuming are also fairly common in Knoxville.
I was just saying two middle class families living a thousand miles away from each other along I-40 were fairly similar to me. They are also considered in the same nation according to this map.
The only part of this map I'd quibble with based on personal experience is Birmingham, AL (and Jefferson County) is definitely in that same Greater Appalachia nation because I can't in my heart of hearts say it and Dothan, AL have anything in common. The most interesting thing in Dothan is a hardware store.
Yep I did see that, but I'm not planning on pushing anything, just want a tool to scan for any of the offending packages. Could make my own but feel like somebody must have already made something (and probably better than I can)
vet and safe-chain look good thanks! I'm just dabbling with Node only (no experience really), so haven't used npm audit but will see how that works too. Appreciate the links.
Chrome and Firefox have only distrusted Symantec certs in their pre-release versions. The Chrome 70 and Firefox 63 releases in mid-October are when the hammer will fall.
Your anecdotal evidence doesn't prove they didn't respect it. I was just able to load PayPal with a Symantec cert on Chrome 69 on Android, which I realize is dueling anecdotes, but I'm just reinforcing the status quo, you're the one making a bold claim.
reply