I was just browsing your entry here and I noticed that you recommend at some point to save local settings and push them to a private git repository , inclusive private keys! This is a very bad practice, private keys should *never* be uploaded anywhere, even less if you do not have control over the server you're uploading to.

Hrm, I see your point... I'll add a bit more of a disclaimer to that statement. So what's best practice for getting keys into the server? To create credential files manually twice (once in the PC and once on the server), and then set that credential file to `ignore` that file?

I think there is NO security anywhere... laptops get stolen and have viruses more often than github gets hacked... but thanks for your suggestion, I will modify the text.

Where are you hosting your server? I ran one of these a few years ago and when Twitter noticed I was collecting tweets they blacklisted the server's IP address - apparently it's a violation of their terms of service.

Digital Ocean. I'm not disseminating tweets, and won't do so... I'll ultimately disseminate an analysis, which I don't think violates the terms of service. Clearly they created the streaming API to do precisely this... Anyway, like I said, if I get banned, I'll update the article :)