bobzimuta

I'm looking for perspectives (or resources) on whether engineers or trained support staff should be the front-line on bugs. I've seen engineers perform front-line triage in both corporate environments and small but established companies.

The typical situation we have is a support member thinks there's an issue, and posts this 'raw' issue to Slack. The engineer on-call for the week responds and either resolves the issue or creates a ticket for follow up.

We could continue with this process, or train support staff to triage and submit formalized (repro steps, confirm whether widespread) bugs to the on-call engineer.

What's worked for you? Please share rough company size for context.

Also looking for readings on best practices.

Curious about your company's on-call for details about:

* expected duties (only answer on-call, do other work, etc)

* how deep does your on-call dive into code to fix, vs triaging, patching, and creating follow up work to fix permanently?

* priority order of work (on-call tickts vs regular work vs existing on-call tickets vs special queue of simple tasks)

* what happens when the current on-call can't complete in time?

* how do you manage for other teams' risk? (ie their api goes down, you can't satisfy your customers)

* any other tidbits

I've come across umpteen homegrown implementations to detect spam comments/signups ranging from point thresholds, cookie checking, javascript injection, css hiding, timeouts...

Also, people are paid to solve captchas.

Then you have the problem of abusive bots which can be resolved by honeypots & fail2ban, but you have to make sure your logs are aggregated, communicate the firewall rules to your web proxy and then be careful of blocking search engines.

You can also integrate spam blacklists and keep them up to date.

If there aren't any existing providers I'm starting to wonder if there would be an opportunity to create a saas offering which:

* allows developers to integrate simply by plugging into popular web frameworks, protecting not only comments but user/beta signups, etc.

* automatically uses all the best methods for stopping spam & bot abuse, both client and server side, automatically improving its own algorithms

* maintains and automatically distributes a central, real time blacklist database

* provides a great interface for monitoring/reporting and to easily blacklist or whitelist

ps. I had the unfortunate experience of having my submission link timeout as I wrote this submission :)

In light of recent events, unjust laws and relative morality, I have an idea for a website basically called 'felonies I've committed.'

The site is anonymous, (e.g. no social logins), with a linked .onion copy available for the very cautious.

The page shows a number of simple questions like 'have you ever downloaded a movie from a friend or torrent site', 'accidentally or knowingly taken marijuana over the Canadian border,' etc., with inclusion of the number of times or volume when applicable. The questions are written to be easily understandable and with the loosest reasonable interpretation possible.

On submission you get a report saying something like "based on your answers you could be charged with 80 years in jail and/or 100k in fines." The report would itemize the charges based on answers and include links to the federal laws and the ability to comment on each question/law.

This is purely as an exercise to show people how ridiculous many laws are, demonstrate the gravity of breaking them and create some dialog.