| EDIT (after 150+ comments of roasting): First: You are legends. Thanks for the massive roasting. Had a Haupt-Mieterversammlung directly after clicking "Submit" and was too tired (and scared) to directly address the issues afterwards. Reading your comments really delivers some intense cringe-moments over here seeing my bugs exposed. I try to frame it as some of the best feedback from some of the best engineers in the world. This helps (it does). The core stuff: I chose to implement ASN-list lookups instead of a GeoIP service (to have less deps). Worked for my european test cases. Clearly not battle-tested enough for the wild. What I'm hearing:
- Hosting detection has false positives (detecting links as hosting) and false negatives (US-hosted sites scoring 100%)
- Social media LINKS shouldn't count same as EMBEDS (fair point)
- Missing: registrar, TLD jurisdiction, DNS location
- AWS/Cloudflare detection is spotty
- Migration cost estimates are too high for small sites
- Some UI bugs on Firefox What we shipped overnight (yes, while this was trending):
- "Hotfix" for our scanning friends over nsa.gov
What we ship from now on:
- Fix the real bugs v0.2 roadmap based on your feedback: 1. Hybrid GeoIP + ASN detection
2. Differentiate links vs embeds
3. Add registrar/TLD/DNS checks
4. Fix AWS/CloudFront/Cloudflare detection
5. Smarter migration cost estimates
6. UI fixes Building in public. This is day 1. To everyone who tested edge cases: you part of this tool soon :)
To whover tested nsa.gov at 2am CET: I noticed. I am not sure how much i will get done by today – maybe i will need to touch grass later a bit (or feeding the cows as we do it over here in austria) |