This seems decent in Theory, though I'm not familiar if GraphQL mutations can handle conditionals. Cool idea though, but that might be a deal breaker for a lot of folks
Hey folks, Joel here, I'm the original maker behind browserless. You've seen us before on HN -- I'm very sorry for this situation.
We didn’t intend to SPAM you or send unsolicited emails, we just wanted to ask for feedback. Being an open-source/boostrapped service, feedback is really important for us, so that’s why we thought it might be a good idea to reach out to people directly. But now it's clear that that was a wrong decision. We stopped doing that and won’t do it again.
Hey man, I believe most of us here know how hard it is to bootstrap something and lift it off the ground. From my side, I admire your product, and I admire the hell out of the fact that you've open sourced it. Which is why I would have totally been fine with just the first email, but the second one pushed it from "start-up founder struggling to get momentum" to "spammer that won't leave me alone". You were just too aggressive about it, but I do think the way you're handling it now is great.
There's one thing I'm honestly curious of, because I've seen this technique before, and it's not necessarily a question to you, but to anyone who might read this: do these pretend-personal emails actually work on anyone? Your product is targeted at users with a pretty high technical skillset, do you think they really believe you hand-wrote that email? Because I could smell the automation right away, even before I checked the message source and saw the HTML structure and the tracking image. It's fake, it feels fake, and to me it's actually worse than an openly-automated message, because it insults me by assuming I can't tell it's not sent by a human. I think perhaps tactics like these work better on less-technical people (though they still shouldn't be employed at all!)
Talked about this on another community, here’s a hilariously sad example of these fake “personal” emails
I was once gone from home for two days traveling with family. Two days. HBOMax sent me an email with this exact subject line (edit: I went and checked through my past emails before unsubscribing, they sent four emails with the subject line over the holidays):
“I can’t help but wonder why you aren’t watching” as an attempt to inform me about the latest series that was now on the platform.
Why? Because I have a life HBO that doesn’t involve you lol. I do other things with my time. I’m not addicted to television. Like come the hell on. I’m already a paying customer. Get out of here with this “why aren’t you wasting more of your time on our platform?” BS
I feel genuinely bad for whoever had to write that, and worse for whoever thought it was a good subject line for ad copy.
I used to order monthly coffee nespresso pods from a small-time online store. One time I put the items in the cart and then stepped away from the computer for a short bit only to return to an email with the subject line "Looks like you’ve forgotten something!" displaying the items in my shopping cart. I haven't ordered another thing since.
If I were the only person using it, yeah probably. As it is, with a household of other users, it’s staying for now but I still really enjoy thoroughly mocking HBO for it whenever the chance allows.
There's a fine line between "you aren't using the product you paid for" and "we want to make noises about the choices you're making". Blurring that line doesn't help anybody, false pretenses makes it worse (because "oh they were just hustling, they aren't really surveilling your viewing habits").
I don't understand how you can say "we didn't intend to... send unsolicited emails... " when this is literally what you did. It is very clear that you did actually intend to send unsolicited emails, because you sent unsolicited emails and have just given your reason for sending unsolicited emails. You are not being honest with yourself or others by saying this.
Meh. I don't think there's anything ambiguous about the fact that they consciously sent unsolicited emails for what they've admitted are essentially marketing purposes. That they didn't think there was anything wrong with this, and didn't consider that this would be viewed as spam, I'll concede. But that just makes them ignorant / naive / unethical (take your pick). I don't think this is a hanging offence, but I do think that their "apology" is at best an exercise in self-justification.
I guess now that you read through the comments, you learned this lesson. As someone who agree with the harsh ones, I appreciate your apology and being forthright about it.
For the future, you can utilize the tools given in GitHub - add a link and/or call-for-action in docs/README/release notes, pin an issue, Discussions.
Depending on your jurisdiction, status, and purpose, merely scraping and processing e-mail addresses associated with GH handles could be a regulatory violation without even sending anything. It's certainly against GH ToS. You'd do best in ensuring you wipe anything acquired without consent.
This kind of thing was seen differently in the 90s and early 00s. Times change.
I think you're being overly apologetic here. This entire discussion is an excessive amount of mindshare for receiving a single email or two. I regularly get email I don't care for. I deal with it. I don't think you're a bad person for sending 2 emails. This is the internet making a mountain out of a molehill. In a week, the pitchforks will move onto something else.
Hey man don't worry too much. It's usually just the vocal one percent, some of us get annoyed, some of us have the world seemingly fall down around us when a "spam" notice arrives.
> We didn’t intend to SPAM you or send unsolicited emails, we just wanted to ask for feedback
You _did_ want to send unsolicited emails, that's exactly what you did. You saying you didn't want to send spam, and hiding what you did intend to do behind "we didn't intend to spam you" is burying the lede.
> Being an open-source/boostrapped service,
Being bootstrapped is not an excuse for sending unsolicited marketing emails. Hiding behind being "open source" when you're actually a commercial offering with an open source repo is _again_ trying to hide what you did.
> But now it's clear that that was a wrong decision
It's only clear after someone called you out on HN and flagged your repository as abusing the terms of service?
You can use our demo debugger (the address is in this blogpost). It might not match your version of puppeteer exactly, but it’s a close enough proximate that it’s still valuable
Sure! Puppeteer is a node-based library, and pretty much all the web-apps out there that let you run puppeteer code do it in an elaborate node sandbox. This tool gets around that by running puppeteer in your own browser, making it a lot faster and more secure
Hey, Joel here, mostly responsible for this tool. Happy to answer questions — one thing not well covered is getting puppeteer to run in the browser, especially a webworker. Can talk more about it if there’s interest!
As a web dev generalist, I can usually understand how most things work under the hood.
But playing with chrome.browserless.io breaks that. You're streaming the web page in a <canvas> element, but how can I highlight text? When I load a youtube video page are you literally proxying the video through your infra, through <canvas> pixels to my browser?
Who dictates what IP the headless chrome is assigned to? Do you have a lot of IPs? I noticed on some pages I'd get the CloudFlare captcha which makes sense if browserless has to cycle through a limited set of IPs where other people have been using it to scrape another cloudflare page.
Yup, There’s a lot going on here. Currently the tool uses a fixed IP for the running browser. That’s why you’re seeing that Cloudflare issue.
As far as the hovering goes, the canvas element is “mirroring” interactions back through to the underlying page. When Devtools are active, this triggers chromium to render hover effects in its GUI. This then gets sent back to the canvas element in the debugging page.
It’s a lot of network traffic and Synchronization... but once everything is setup it works fairly seamlessly
can you explain how this is architected? you are running a browser on a server and its streaming the video to the canvas? where does the cloudflare bit come in?
You’ve got it: the core service listens for inbound Upgrade http requests, starts a browser, then funnels the connection into the browser.
This debugger simply sits on top of all that, and puts the code/execution context in the browser versus the server. Cloud flare is simply detecting that our server IP is a known headless chrome instance, and is serving their bot detection check
This is exactly the same thought I came to with browserless.io. There simply wasn’t enough traffic to make informed decisions, and when there was it was really silly things (small copy changes and the like).
Eventually we just tore it all out, and never looked back. Improving the product and blogging about our findings are a win-win for us and the ecosystem at large, versus agonizing over traffic and data
> This means that Elasticsearch and Kibana will no longer be open source software.
This is categorically not true. The source is open, and will likely always will be. It’s not free for AWS going forward, however. Why is it that Amazon has such a hard time paying for stuff they use and commercialize? There’s no issues here with other providers (GCP, Azure, etc.), so clearly the problem lies with them. While they’re at it, they should also get off this “open and free” high horse they seem to be on. A few patches here and there don’t qualify as big time contributor status. If they want to show that they’re committed, how about the release their infrastructure code that runs all their services? That’d definitely go a lot further than “big bad Elastic changed their license and we’re defending users.” Get outta here with that nonsense, history shows otherwise with all the other tech that’s been ripped off.
I also don’t get all the criticism for Elastic doing this. They own the software, and they can do whatever they want. Should they have done this license from the start? Maybe, but it’s not exactly easy getting a project off the ground without some way to gain attention. If you’ve got no users, you’ve got to show at least what your code is doing, and picking software licenses is not exactly a straightforward task. They changed their license to fight back, and it’s entirely within their right to do so.
Hate to feel like I’m venting, but AWS is being the bully here and feigning that they’re pro-user, which is frustrating to witness.
Just because AWS is being an asshole doesn't mean they are also completely wrong. SSPL isn't Open Source per that old definition AWS themselves points to, or the one Fedora seems to take. On the other hand, if you mean to say "I want to be able to read the source code" then yes, we can still do that. But from a legal perspective that is not even close to the same thing.
> But from a legal perspective that is not even close to the same thing.
Very true. However, my rebuttal would be that the majority of folks reading this are of an engineering background, and seeing the words “no longer open source” can land quite differently.
I think dual licensing is possibly the best way to go, if your product mitigates a risk. It's why we went that way with browserless.io
Truth be told selling a small library probably isn't enough to make significant money on your product since it isn't solving a big enough risk. The risk of forking is fairly low, especially for small to mid sized companies. Larger companies, maybe so since things like security become much more urgent.
It's hard to separate people from their money, but I feel it becomes a lot easier if it offsets a potential risk they're not willing to take. Just my 2 cents.
