paid subscribers? honestly not yet. Just have a few trials out of some tiny marketing efforts, nothing serious. If this goes to HN front page though then we can consider this launch.
I admit the title is a little scoopy but it needs to grab attention. As for identifying celebrity signups, if they sign up via facebook for instance, you can quickly count their followers count for instance and alert if it's >X.
Whats the added value of sendgrid over gmail api? of zencoder over ffmpeg? you can do everything on your own, of course. All depends on your abilities and resources. This is something I found myself doing in many apps, and thought to spin it off to a separate and independent service for the joy of others. It can save them from [usually] ugly coding, it adds a central and single place of mngmt for all this notification management, both for events and for recipients. IMO its useful and worth it but I'm of course totally biased.
I think the value you provide isn't the notification, but the surrounding data.
Consider that my app may not have deep integration into Facebook, or Twitter, or whatever. I just have a simple signup page that accepts the user's name, email, and a password. Where your app could shine is if I could send the information I do have on the user to your API endpoint, and it takes care of going out and figuring out who this person is.
"Hey, the email address this person used to sign up for your service is also tied to a Twitter account with 1.5m followers" or "A person with the same name as this user is a tech writer for Gizmodo" are things that could be very important, but that most individual devs or small shops aren't going to have the resources to discover for all of their users.
Unfortunately, the example on the homepage shows the output of this system as an email, which... I could already call `sgMail.send(msg)` instead of `pingpoint.pint(msg)` and get emails, so starting with the example, the "central and single place of management" that you describe here isn't being demonstrated at all.
I appreciate the title for being successfully attention grabby, but it oversells and under-delivers. The value of Zencoder over ffmpeg is I don't have to get lost in the weeds of encoding profiles like I do with fighting command line arguments to ffmpeg, just follow their recommendation. Part of their service is I trust them to deal with that.
With this service, as demoed, I still have to spend all my time writing the code for what an "important signup" is. Based on the premise of "never overlooking a Mark Zuckerberg sign-up again", I'm not going to do that work (because I have other things to work on) and thus will overlook signups by Mark Zuckerberg.
It's just not clear the benefit of this service when the example show me still having to do the work of coding "important", and the output of the system is an email.
Still, there's promise - if I gave Pingpoint user sign-up data, it could webhook back into my system when there were important people/companies signing up.
(Other things: dashboard is currently throwing an exception -
Another recommendation about the laziniess of developers... the API key page shows example usage with the API key baked in... go a step further and provide a curl command I can copy and paste.)
Tomorrow the PM asks to be getting push notifications to some internal admin app instead of emails. Then a day later he wants his deputee to be getting emails as well. How easy would it be to modify the sg.sendmail to comply? How easy would it be via the pp interface?
It often takes more thought and effort to do things properly. This seems like another service that treats the symptoms of a problem rather than the problem itself. That kind of solution encourages careless behaviour, because someone will come behind me and clean it up. Encouraging best practices is a better investment.
>(also as a 2nd security layer)
Except when it's not.[1] That means it gives careless folks a false sense of security, which I think conveys more risk than no security at all.
I would say that if you've forgotten to consider this side of things, it's a big stretch to ask people to trust your app to read all of their source code, which even has the intent to find secrets. What else have you forgotten?
If GitMonkey has your key on record - it means we're not the only ones having it. You should revoke it immediately. So even if our db is breached, it should only contain a list of useless revoked keys.
I am also really scared by the suggestion that they might 'take a leap' and check if it's valid... Then they have a list of keys and whether they work or not
If you signed up for a service specifically to detect when you compromise your secrets, and the service tells you about it, and you don't change the secret... Why are you then worried that the other party gets compromised?
