The graphs are from Netdata. I'm using it to monitor the servers, and also feeding it some application metrics via its statsd interface.

Do you like Netdata? I'm looking into it. I'm curious if you use all the features or just a few.

(Author here) that's more or less what I have right now – one machine with a file system and an SSD. S3 API on top is there to give multiple web servers shared access to the same storage. I could have used something else instead of S3 – say, NFS – but there was a feature request for S3 [1] and S3 has a big ecosystem around it already.

[1] https://github.com/healthchecks/healthchecks/issues/609

(Author here) There are multiple web servers for redundancy (3 currently), and each needs access to all objects.

with average object size of 8.5kB I'd honestly consider storing it as blobs in cloud DB, with maybe some small per-server cache in front

Sure you can, look at Spain ;-)

Yes, I "fixed" it by disabling pull requests on the repository. I'm still happy to pull from other people's branches (and do say so in CONTRIBUTING.md)

Faster than to work with a human person who edits your videos.

that's just a funny claim from multiple angles. a professional editor working with professional shot footage is an entirely different creature than someone that can work with a pile of footage with no guidance to create something. feature film editors are different from documentary film editors which would be closer to content creators.

a professional editor will take longer as they are laughing/crying about the dumpster fire of footage dumped into their bay. a content creator is just going to yolo jump cut their way through it with absolutely no regards for the same criteria a professional editor would be looking for. you know, things like continuity, different angles, cut away shots and other things to make a clean edit. so yeah, something you just taped on your system with no regards to normal production quality will take a professional editor longer just to get their head wrapped around it.

Also, TFA says:

> If you have used Stripe before, Mollie is the closest thing to that experience in the EU.

But Mollie does not even properly support recurring payments, a pretty important feature for SaaS. It does not track subscription state and does not retry failed payments.

Does this really happen? Can you provide concrete examples?

"The user just needs to be careful not to step on a landmine. Exact steps left as an exercise to the reader".

Anybody can send email with all of the dmarc stuff, how do you "be careful" with spoofed email?

> how do you "be careful" with spoofed email?

You actually verify DKIM and SPF—you know, that “dmarc stuff”. That’s enough to tell you the mail is not spoofed.

Oh god. Tell me you've never dealt with those in real life without telling me lol

Usually the very best you can do IRL is "probably fine" or "maybe not fine" and that's just not good enough to justify blocking customers. Email is an old tech and there's a lot of variation in the wild.

That is how you get your conversion rate to drop to the floor, sadly.

Every extra field in the sign-up form already lowers the conversion rate.

It sounds appealing at first because it flips the trust model... instead of the service initiating contact the user proves control of their email up front That feels cleaner and arguably more robust against certain classes of abuse

But from a UX standpoint its a nonstarter

Youre asking users to

- leave the site/app

- open their email client

- compose a message or at least hit send

- wait for a reply

- then come back and continue

Thats a lot of steps compared to enter email -> click link. Each additional step is a dropoff point especially on mobile or for less technical users. Many people dont even have a traditional mail client set up anymore, they rely on webmail or app switching which adds even more friction

It also introduces ambiguity

- What exactly am I supposed to send

- did it work

- What if I dont get a reply

From the service side youre trading a simple well understood flow for a much more complex inbound email processing system with all the usual headaches (spoofing parsing delivery delays spam filtering)

In practice most systems optimize for minimizing user effort even if that means accepting some level of abuse and mitigating it elsewhere. A solution that significantly increases friction... no matter how principled...just wont get adopted widely

So while the idea is interesting from a protocol design perspective its hard to see it surviving contact with real users

I think the main UX obstacle is that it is unfamiliar – no-one does signups like that currently. But the flow does not need to be quite as bad, if you use "mailto:" links. In the happy case:

- user click on the link

- their email client opens, with the To:, Subject:, Body: fields pre-filled

- user clicks "Send"

- a few seconds later a sign-in link arrives in their inbox

`mailto` opens the Mail application on my mac, which I never ever used. I'd be surprised if that wasn't the case for most people.

> But from a UX standpoint its a nonstarter

Disagree. The UX would be pretty similar. Click a mailto link which opens the email client with to, subject and body precomposed. Click send. Server receives mail and the web page continues/finishes the sign up process. No need for an email reply. It’s different, but it’s not crazy.

Ok, and a lot of -- maybe most -- people won't have their mailto handler set up correctly. I don't even know if I do on my current laptop and I have email old enough to vote

Mailto links are not that common these days.

> It’s different

Ignoring the fact that mailto won't work for most people (it opens my Mail app which i never used), "different" is enough to make your conversion rate tank. It'd be unreasonable for anyone in charge of making product decision to go with that

Amidst all the age verification and bot spam going on, anonymous private/public key proof of identity could work: the newly signed up service must pass a challenge from the mail server to prove the user actually intended to sign up. Though I guess that would be basically the same thing as the users server initiating the communication. Really, just an aggressive whitelist/spam filter that only shows known senders solves it too, but as I understand part of the attack is having already compromised the mail service of the target. Having a third decoupled identity provider would resolve that, but then that becomes a single point of failure…

> If a bot creates an account with someone else’s email, the victim gets one email, if they ignore it that’s the end of it. The welcome email and everything after it only fires once the user verifies.

As a user, I would prefer no welcome email at all.

Yeah, thats part of why I hate "login with SERVICE". The big benefit would be not spamming me, but they always insist on getting my email.

There was a time were you would have to select "sign me up for your newsletter" then you had to uncheck it. Then you had to check to not get an email and now you don't even get that choice.

And lately? You have to go dig through your email because you can't set a password (looking at you Claude), so you can't filter email.

I don't mind getting a welcome email. It also tells me when somebody has attempted to sign up for a service using my email address.

What I find annoying is services that only send the welcome email once, and don't let you resend it if you never receive it.

I suspect everyone feels that way except SaaS providers. They could just give you a checkbox to turn the newsletter off, but they don't.

It sounds like cuu508 didn't want the post-verification welcome, as opposed to the one-time verification message.

Correct.

Yes, correct. When I clicked the link I was already welcomed by the welcome page (which is, for the most part, welcomed). But then why send me another email further welcoming me? I already feel welcomed! And don't give me any of that "because it works" BS (even though that is what you are going to say).

(cuu508, "you" in this instance does not mean you)