If it's declared as free tier then it should be free. If the client reaches the limit, stop the site and notify the client. I bet someone who has free tier would rather have a stop than have to pay thousand of dollars.
We need to stop acting like it's not a scam, they are literally recommending the """Free""" Starter plan to students on their blog as if a 17-year-old should be aware that a 3MB mixtape can literally destroy their life
Someone in the stream chat also said that someone shouldn't have a website if they do not have five dollars a month. This reeks of privilege and cannot fathom perspectives such as students trying to learn, especially those from less well-off backgrounds (e.g. in developing nations).
You're undermining the meaning of the word "scam" if you call this a scam. I guarantee you are being informed up front about what you're going to be charged based on when you sign up. I do think there's somewhat of a dark pattern at play where platforms are incentivized to not provide up-front controls for cost management, but that's not what a scam is, it's something else. I also don't mean to say that it isn't bad, I just wish people would stop diluting the meaning of the term "scam".
@@jskksjjskksjif it costs 5 dollars, for the love of God ditch these infra sites immediately and put a raspberry pi under your bed. That is so much cheeper in the long run and handles a lot more traffic that 200 views easily
@@amogus3023 A scam, by definition, involves deception, usually for financial gains. It is unreasonable for a user to expect a 100k$ bill after signing for a free plan, it is unreasonable to expect the user to be aware of the risk he incurs by signing up to Netlify, especially when they advertise the platform to students. Many platforms would obfuscate the information that is important for the consumer to deceit him into agreeing into conditions he would otherwise not accept, if this case where to go to court the judge would consider the platform transparency, it's preventive and mitigation measure, and whether their TOS reflect what is actually advertised on the platform.
"But what if they're getting big and you ruin their moment" is a pretty bad argument. Let them set their limit (in fact, force them to set one or opt out on registration of their service), and then if they approach that limit, *notify them.* Let the user pre-emptively decide whether they want to raise the limit or if they feel they have nothing to gain from doing so. Making that decision for them and just *"conveniently"* defaulting to the decision that puts them in debt to you is pretty scummy, no way around it.
Exactly. If you are looking for success you need to be aware that it might start costing stuff, since your goal is monetary gain. People on free tier will just want a hard limit or notification every x checking if they can go to the next tier of access, which sounds annoying, but if you are being teased into a success it is a good problem to have.
@@lukasz96 I mean I don't care about America or god, but purely discriminating someone based on beliefs and geolocation is kinda cheap don't you think? It's not like Germany has had the best track-record when looking at the last 100 years?
@@martijn2973 never said ot has, many religious idiots here, too. I am "discriminating" based on IQ. If you believe that a book figure rules the world, you're a retard not capable of logical thinking
All the big cloud providers do. Azure is the easiest imho. I closed my AWS account because I couldn't track down which service was costing me $25/month
@@johanneswelschthat's like saying fast food companies should be allowed to mix cyanide in their food that they then offer to public, and anyone who eats that will be the only ones responsible, not the fast food joints. How far are you going to ride their meat that you have to argue against an OPTIONAL spend-cap that the user can enable/disable?
@@Dipj01 But you DO know there's cyanide with all these serverless providers. It's their business model. AWS, Vercel, Google. The google maps API key I use is the same, it's free up to a certain point. And if I, for whatever reason, get a bunch of visitors, I expect to pay up for it. It's the way it is, it's the contract. Yes, there should be a better notification system, there should be an option to put in the maxiumum amount you want to be charged if the service does incur costs. But we should not lie to ourselves that serverless does come with cyanide and it is labeled as such. So, the right thing is to not eat it! Just deploy to a VPS for $5 a month with no additinal consts. It is what I do. Buy your food somewhere else. There are hundreds of these stories with AWS, Google, Azure. Even I know somebody who was "overcharged" for more traffic that he anticipated.
@@johanneswelsch I'm all for market capitalism and self responsibility 😮, but there's usually caps in most spend accounts (i.e. credit cards, etc) some consumer protection is in store. If not just wait for the EU to slap fines...
The poll asked who's ultimately responsible, not who's solely responsible. Netlify should be held responsible currently, because it's hard or impossible to set hard traffic limits. If hard traffic limits were the default and users had to turn them off, it would be the users who were responsible for those kinds of bills.
Yepp, last weekend in fact I moved off vercel and deployed to Hetzner. Deployments are faster with one liner: ssh -t ${production_host_username}@${production_host_ip} 'cd frontend/myapp/ && git pull origin master && pnpm run build && pm2 restart frontend' I did it for this exact reason in the video (don't want to wake up to a bill I can't pay) and also the cold starts. Now my app is near instant, no more cold start. Also vercel, as I have found out, you can roll back only one commit and you CANNNOT rollback with a push --force to master! It had a bug on my site because of that for a few hours. For those less fortunate, there are quite a few $1 per month VPS available. Hetzner is slightly on a more expensive side of things, but I've never heard bad things about them, so I just use them.
AWS pricing, that's where they get their margins. Many companies use AWS behind the scenes and pass the price back to the customer. Not sure if that's the case for Netlify or not but yes it's absolutely absurd. We transfer over 8 petabytes for a few thousand per month, getting hit by a bill of 100k for 180tb of traffic is justs absurd.
@ThePrimeTime this is not related to video but I just wanted to thank you for rekindling my passion for software. After 3 years of professional software development which primarily consisted of web dev I felt like it just isn’t for me any more. Having lost my job a few months ago and having a hard time looking for work I was very depressed and feeling like I made all the wrong decision in terms of my career. After watching your videos, I remembered what I loved about development.
Here is a funny story that happened to friends of mine, as they got an electricity bill of 76.000 Euro. Finally, because the sum was that high, the electricity company decided to increase the monthly payment from 20 Euro to 12.000 Euro. Yes right, 12k. This is as much as a small airport has to pay. Turned out that they got the numbers of the electricity meter wrong and assumed that the thing would turn complete cycle in a couple of months. The funniest thing about it is that they just booked the bill immediately from the bank account. At first, m friends almost literally shit their pants :D But at the end, all was good.
bro that exact thing happened to my mom. They read the left most number on the meter was 1 higher, my mom got a $1000 electric bill out of the blue and was panicking until I went out and looked at it. You'd think these utility companies would have some flag that happens in their software when utility use goes up 10x
"we shouldnt have treated him as a business user" means "yes, it is our policy to make money off of mistakes, but its supposed to only apply to businesses because they have so much bureaucracy that they will just eat the bill without a fight, and dont tend to reach out to the community to tell their story". Fuck these snakes.
@@zoellazayce6796 The rates they charge per GB are disgustingly higher than what AWS charges - I don't mean just a little bit higher, their rates are something in the realm of 100-1000x higher iirc.
10:00 "It's tricky when the traffic in question is not clearly malicious" Ah yes, 190TB traffic in 4 days only targeting one file on the site is not clearly malicious and doesn't even warrant an employee looking into it. Definitely just a fan who wants to listen to that banger song 24/7 in 10k simultaneous music player instances that happen to never cache data. Sounds reasonable. "we can always cancel an invoice" - Your own support said you normally only reduce the price by 80%
Regarding spend limits: Yes, they should be opt-in, but IMO there should also be a choice gate when you register. Meaning you have to deliberately specify one way or the other whether or not you want a spend limit.
I think the easy way is, when provisioning your site you are presented with the option to set a limit, preferrably defaulting to a sane one and the option to havr no limit. Truly informed consent.
There are free tiers without credit card. Also for free tiers that are "free but give us credit card" I have special card that is blocked/frozen and good luck charging that.
well I imagine if you don't pay, they sell it to a debt collector who will hound you, which can be quite scary. Trick there is to just not answer your phone and pretend they don't exist. I had that happen (the reasons were BS, my insurance was supposed to cover something but then a few months later I get a debt collector calling), ignored them for a year and they finally gave up
it seems like they use AWS behind the scenes, so if enough people don't pay that could be a loss. Also, this would have to be done repeatedly to matter, and besides fines I'm pretty sure you might face jail time if you are caught convincingly enough, so on balance it would be fairly risky.
You should be able to set limits and have the expected behaviour be that your site shuts down after the limit is reached. Scary going to sleep at night knowing your bill can essentially be infinite for even a small static site.
This is why I use AWS (which Netlify just uses on their backend). Very easy to setup an SNS alert from budget, send that to a Lambda that disable services once forecasted budget goes over. Takes less than an hour to setup.
As someone who manages AWS at my company... Netlify and Vercel make money because although this shit is easy once you figure out how to do it, it's not intuitive. That's the value add that these companies have capture. Good for them.
Tbf I'm currently using hugo on netlify (I dont link my card and check in from time to time). It's not that weird considering netlify is one of the first web hosting platform that comes up + I guess it has CD directly from github. The problem with the way it's run is that although it's static sites, the script that generate static stuffs are run on server host at deployment time. Now, hugo does have a deploy to cdn links like s3... but when I first set it up years ago I was just wanted things running so I used netlify. Probably that's how they get people in(?) Anyway this does bring a new light. I'll probably be moving away from it in the future I guess
is it really his fault? 3 mb is less then like the react main js file.... cloudflare would have cached the file completely for free, so why shouldn't vercel offer such a service (or an easy way to integrate cloudflare)
@14:23 this is a platform issue, you cannot enforce that with a static html document. it wasn't even a blog, it was a personal space like those old gif sites
it is not a hard question?? dont make a default, or optional limit, make them actually type in maximum they are willing to pay if shit happens. if you exceed the maximum, just kill the service and send an email... hello? by shit happens i mean, ddos, or lot of people visiting the site, anything
Solution: by default, let the customer know that exceeding rate limit = instant site down. Many free servers do this already. Also by default, depending on your tier limits, incremental emails. I'm thinking at the very least a 70% or so. Options to scale obviously should be available but not take away from the needed incremental emails. Give ability to set a data cap regardless of tier or plan unless speified specially. THIS IS ALL FOR REGULAR SITUATIONS. In terms of massive jumps in free, email and shut down until verification is given.
Pre-defined hard limits which the user can easily understand access and relax seems to make the most sense. I mean we're not in the age of scrolling text and nested table layouts anymore where everything is going on GeoCities so scaling needs those hard limits both for the company and the customers sake. And if improper planning from the customer happens then yes limit them. They will learn that Proper Planning Prevents Poor Performance. An "I messed up." article is a lot better than a "I got a 100k bill" article all around.
Teo covered this a bout a week back or so. 1. Preset safeguards, multiple levels , first tier is reached, then confirm to continue serving, then a second and third as it grows. A disclaimer to keep an eye on the bandwidth and the host must provide real time monitoring.
Yeah im not paying 5k for this. Why else would I use managed infra in the first place? I want to be able to set it and forget it and have peace of mind and scale appropriately as i need to.
Little boy playing in the big league being surprised that he needs to check out things for him self. Seriously he should check if there is ddos protection, if there is a spending limit and have some monitoring on his page. I think the 95% off is a fair deal here.
I think you glossed over the egress price too fast, this amount of Traffic on Hetzner (and yes it's not a 1:1 comparison I know) would have cost less than 200USD and they charge 100K for it.
This is why you buy a service like digital ocean where you know what your cost per month will be for a drop let instead of a free service that wont tell you this stuff that way you know how much bandwidth is being used from your server
"What do you do with the free tier that gets a $100 bill?" It's a free tier. Not a "send $100 dollar bill" tier. If you advertise something as the free tier, you stop the bill at $0 unless the customer switches to a different plan.
i think how network traffic behave shall be configurable by the end-user. as a blogger, I might want to block traffic as a startup after a marketing campain, i might want to accept within a reasonable limit, potentially defined by steps like from 0 to 100% blocked, but from 0 to 20% then to 40%, it might be ok
Not letting a client easily decide how much they're willing to spend is psychotic. Imagine if buying a bigmac had a 1 in 1000 chance of you having to buy a meal for everyone in the restaurant. "But what if the customer wants to go viral, we shouldn't deprive them of the opportunity of buying a meal for everyone in the restaurant" says McDonalds. Sure, but let the _customer_ make that decision. It shouldn't be up to the company's discretion as to whether the customer has to pay 20%, 5%, or 0% of a random traffic spike. The customer should be allowed to specify what the maximum dollar amount they are willing to spend is, and it should be easy to do so.
the "free" tier is a scam. Choose a service that gives you known resources in advance. there are and used to be services were you pay a set amount for a set amount of reserved resources. some services have APIs to scale up and down based on logic so devs can increase or decrease resources. you don't need overpriced pay as you go cloud solutions. Their business model is to not set limits, vendor lock in on open source tech, obfuscate the costs, and allow costs to spiral out of control.
It isn't hard to tell if you are getting hit with a DDOS. A DDOS doesn't generally use the pages to move around. You can set a script on the page for navigation and also check mouse movement. Sort of like googles captcha just for the entire page. If you get no mouse movement treat it as a bot unless it uses one of the system you setup for handicap people. If you get several of these consider it a DDOS and then act accordingly.
if he had his old laptop as a server he would be ok with no account. Digital Ocean has traffic limits and automatic scripts to shut it down. I hate developers who don't wanna manage their own servers when it is small thing.
The email relay I use isn't free, but the basic tier is dirt cheap. If you exceed the limit on it, it gets expensive quick. Rather than letting you exceed the limit and get a bill, they require you to pre-pay if you want to be able to exceed the free tier once in a while. A similar approach could work for netlify. Users who want to _know_ they won't get charged can _not_ prepay for overages. They get a notification at some percent of the limit, and then their site goes down when it hits the limit. Users who want to scale can do so by prepaying for whatever level of traffic they wish. If they never scale, this is a 1-time cost, so is easier to justify for a blog or similar.
I do think that all such services should have a rate limiter and a dollar limiter on it, even if not on by default, that do just kill access to the site. If I have a hobby project or very small business, when I get an alert that I’ve exceeded my quota, chances are that I’m not going to miss out on a crippling amount of business in the 10 minutes it takes me to check the service, whereas a massive bill easily would cripple most small businesses. While I completely understand what the CEO is saying about not wanting to kill a launch, if someone is using the free tier, and have protections turned on, it’s probably a mistake if they suddenly get a massive demand
So the one thing I note about all your answers to what a user should do is that they rely on technical knowledge. As many pointed out, the very purpose of services like this is to remove the need for technical knowledge by putting that on the service. It should be something complicated, hard, or bad to structure creation in a way that defaults to "limit is x, action on limit is y." and have it default to shutting down. Even in the case of legitimate usage. If you are a small business and your thing hits it off and you don't realize you went from $1,000 to $100,000 you might of just bankrupted yourself.
Just let the free-tier user foot the $5k bill without any spend limits because we don't want to stop them from "going viral"... surely that can't go wrong?
Our systems can't stop a DDoS, is that a problem? Wait until a bug in Google's spider hits you with non-stop requests for several days. Then Google delists you. Good times.
@@rando521 Couple years ago, out of the blue traffic on a firebase backed site I worked on went from tens to maybe a hundred or so hits per day to hundreds of thousands of daily hits. Googlebot is supposed to be rate limited, but for some reason the bot was hammering the site. I complained, the bill was removed, and the googlebot never visited the site again. Project was essentially killed before it even launched because site no longer appeared in google search. Thank heaven for elastic scaling, right. In retrospect, I'd say pay the googletax. It may seem like extortion, but if you let yourself think of it as ad spend, the hot poker is actually soothing. Unfortunately all the real details are on the Google side. Cloud is truly a black box.
Yes, saying you are letting the bill rack up to hundreds of thousands because you don't want to ruin someone launch / viral moment sounds completely disingenuous, bankruptcy seems like a great way to ruin a launch.
I think it is indeed the customer that is responsible in the end, but and this is a big but. The customer needs to be able to control how to handle their spending limits. I agree that there is no way for Netflify/Vercel/etc to always know whether your spike in traffic is a ddos attack or your site going viral. However, it is equally true that the customer almost always knows how it wants to handle such a surge in trafic. If the service does not provide the customer with the ability to set a spend limit, then it is ultimately the service providers fault imo.
I would rate limit requests once limits have been exceeded. With the rate limit becoming stricter and stricter the further you are over your allocated capacity. Customer can then pay and have the service restored and the request rate limit removed.
The users ahould receive a notification where they have to respond wether or not they want to scale up. If the user doesn't reply or says no the service should stop receiving requests immediately.
There should be an abnormal traffic detection. If the cost went 10x, it should send alerts. If the cost went 100x, they should disable the account until the user pays. I've got many projects where the monthly spend is
11:15 But how hard they are really trying? In the end what is the worst that will happen, 20% of $100.000? Imagine the amount of users who just paid for that?
Solution is simple, it shouldn’t cost anywhere close to 100k for 190Tb of data transfer. Even 5k is ridiculous. I pay €75/month for unlimited. If they had sent him a €100 bill instead of 100.000, we wouldn’t be having this discussion.
If you don’t wanna completely cut their service, half their bandwidth everyday or at some kinda rate that eventually leads to it basically being unusable, on top of the email notifs
My take is to force the user to choose what happens before able to put their site online on their service. The options can range from no risk of payment to custom maximum payment to just warnings.
The user should choose his limits. If your site is a startup and it's purpose is to sell something to earn all the money in the world then I won't put any limit. But... If it's a blog without any monetisation then I don't care if it will be down during the ddos. Netlify just doesn't want us to put any limits because they want our money.
Somewhat suprised by the opinion of the primagen. I don't see how it is the fault of the customer at all. If you are on a free tier and get high amount of traffic, shut it down.
Might be suprising but GCP also doesnt have limit, their explanation is that they don't want Your critical systems go offline, all You can do is set a budget and get an email when its close to reaching it...
20:38 it doesn't cost a lot of money to just black hole an IP address in the network level. at that point if the network keeps routing traffic to you, then its basically a bunch of SYN packets and its their problem because you black-holed it with unavailable route for that time, you just pay for a packet every couple of seconds, so you never pay that much for inbound traffic if the connection is never being acknowledged. Its still bandwidth, but its tens of dollars, not tens of thousands of dollars . At least that's how it works when you use something you can actually control the "cloud" infrastructure like AWS or Azure.
Even if your side projects takes off and gets a burst of 1 million requests, that's still nowhere near a 100k bill. Your project won't get Netflix levels of traffic overnight. I would set the limit to a couple hundred.
A simple network limit on the number of connections per ip for a given time would have prevented all of that. Also, having a limit of bandwidth per IP. Easily set up with a firewall. But you can't control that if you use those "software as a service" crappy things, that's why when I use cloud, I only use IaaS, give me virtual machines and the BGP for my public IP, I do the rest. Ironically both Azure and AWS have firewalls that do it very easily and they aren't even that expensive, you could easily fend of a DDOS on "yourself".
@@monad_tcp You need to rewatch, and re-read what actually happened, because nothing based on IP would have helped. HIs website got what we called slashdotted in the 90s.
My guess is since with HTMX you’d have to build your own backend which you can add some sort of rate limiting yourself vs using the server less functions. But that would be an overkill for a static site I’m glad they’re finally adding measures to pause once you reach the spend limit.
15:14 All user should come with limit and the ability of opt-out in case you want it to scale, that's it... "we can never go back and fix it if we ruin your moment of glory" Zero moment of glory is better than being charge for something that you wasn't ready to pay When you disable the limit, you are clearing saying that you are able to pay for the "moment of glory" 16:06 Alert doesn't solve the issue, it's helps but you never knows if the other is ready for this What if I'm in the hospital? I wouldn't be ready for this alert.... LIMIT is the answer, doesn't matter how much you like when your website scale... you must be ready for scaling otherwise you're going to depend on the company to remove the bill And we know how annoying can be talk to business... if they answer at all....
Yes, I don't know a single overnight success that would still have been a success if it had come with a 100k bill. Bankruptcy is a guarantee way to ruin a launch.
Managing hardware isn't difficult but the cost of physical security of expensive server hardware can add up. So I found a middle ground where I buy a vps from hostinger or digitalOcean. If there is a DDos attack the vps simply gets overwhelmed and grinds to a holt. There is no auto scalling! If however this is actual growth I simply buy more Space/ram/cpu ( vertical scale ) when this isn't enough. I have then become successfull and can afford to launch my App(bussiness) on AWS ( horizontal scalling).
If I've got a hobby project up on a free tier, I never want to see a bill. Period. Default should be "cut em off" because not everything out there converts to dollars. Most hobby projects can't convert a viral into sales, and I can't afford a 5k bill even if it is viral. Opt-in for auto-growth is a must. Prompt it during signup if you want. Also allow a spend limit on signup.
I think sending an email at 50, 75, 90, 99 would be a good start. At 100 another email saying the service will shutdown on 200% or 1 hour unless they provide a manual authorisation. As the CEO specifically mentioned they don't want to ruin someone's glory moment, i feel this can a good middle ground for both parties. The the most important thing safeguard yourself with all the settings that are ment to safeguard you
free tier is marketing expense by the platform. it should be free for the user. if utilization exceeds the limit, ddos or not, they just have to disable the site and notify the user.
Included DDOS protection is one of the features you need when deploying a site. Although in this case, it's just as likely that it's Teresa Tang music fans downloading a free copyrighted song.
how difficult could it be to just give people options like "notify at 50%", "throttle at 90%" and then a "X amount max spending pr month". I'd rather have to manually increase the spending limit a few times, than getting hit with a ridiculously high bill I were not prepared for.
I live in a constant cycle of killing God and usurping his place, and falling straight to the first ring of hell. Depending on when you find me, I'm either pride incarnate or Shinji Ikari on a bad day.
Its a skill issue on the user's part. This is probably the first time this user raninto DDOS, but this is definetely not first time Netlify encounters this problem. Yet they do not have sensible defaults in place (shut down free tier, send notifications or whatever), and as I understand they do not even allow you to configure the max spedning. So Netlify either 1) does not care to make effort in fixing free tier billing, or 2) is actually happy to bill extra. Either way is unprofessional.
I'm kinda split between whether the user or platform should be responsible for DDoS. One side: it is a user product, they have to take measures at multiple levels to avoid a situation like this (e.g., rate limiting, different providers to handle DDoS, etc). On the other hand, I use your platform as a fully managed service, and why do I have to care about DDoS (which is more or less can be handled at platform level).
If it's declared as free tier then it should be free. If the client reaches the limit, stop the site and notify the client. I bet someone who has free tier would rather have a stop than have to pay thousand of dollars.
And that's why cloud providers are so profitable.
well, it's in their interest...
Sleazy policy. OP is 100% right to move his site from there.
It seems they have no limits intentionally and hope free tiers will sometimes exceed the limits.
I don’t want my site to “stop,” you’re missing the point of a service like Vercel.
Most sites have a clause or setting where their free tier rolls over into their pay-as-you-go tier. Usually you can opt-out of this
We need to stop acting like it's not a scam, they are literally recommending the """Free""" Starter plan to students on their blog as if a 17-year-old should be aware that a 3MB mixtape can literally destroy their life
Someone in the stream chat also said that someone shouldn't have a website if they do not have five dollars a month. This reeks of privilege and cannot fathom perspectives such as students trying to learn, especially those from less well-off backgrounds (e.g. in developing nations).
@@jskksjjskksjPretty sure that chat message is just a joke referencing that one streamer shaming viewers who did not sub
You're undermining the meaning of the word "scam" if you call this a scam. I guarantee you are being informed up front about what you're going to be charged based on when you sign up. I do think there's somewhat of a dark pattern at play where platforms are incentivized to not provide up-front controls for cost management, but that's not what a scam is, it's something else. I also don't mean to say that it isn't bad, I just wish people would stop diluting the meaning of the term "scam".
@@jskksjjskksjif it costs 5 dollars, for the love of God ditch these infra sites immediately and put a raspberry pi under your bed. That is so much cheeper in the long run and handles a lot more traffic that 200 views easily
@@amogus3023 A scam, by definition, involves deception, usually for financial gains. It is unreasonable for a user to expect a 100k$ bill after signing for a free plan, it is unreasonable to expect the user to be aware of the risk he incurs by signing up to Netlify, especially when they advertise the platform to students. Many platforms would obfuscate the information that is important for the consumer to deceit him into agreeing into conditions he would otherwise not accept, if this case where to go to court the judge would consider the platform transparency, it's preventive and mitigation measure, and whether their TOS reflect what is actually advertised on the platform.
"But what if they're getting big and you ruin their moment" is a pretty bad argument. Let them set their limit (in fact, force them to set one or opt out on registration of their service), and then if they approach that limit, *notify them.* Let the user pre-emptively decide whether they want to raise the limit or if they feel they have nothing to gain from doing so. Making that decision for them and just *"conveniently"* defaulting to the decision that puts them in debt to you is pretty scummy, no way around it.
Stopped watching the video just then. Prime has had bad takes recently, maybe he'll be mirroring Asmongold's out-of-touch streamer arc soon.
Exactly.
If you are looking for success you need to be aware that it might start costing stuff, since your goal is monetary gain.
People on free tier will just want a hard limit or notification every x checking if they can go to the next tier of access, which sounds annoying, but if you are being teased into a success it is a good problem to have.
@@syedahmad6489He's an American believing in God and Capitalism, what do you expect
@@lukasz96 I mean I don't care about America or god, but purely discriminating someone based on beliefs and geolocation is kinda cheap don't you think?
It's not like Germany has had the best track-record when looking at the last 100 years?
@@martijn2973 never said ot has, many religious idiots here, too. I am "discriminating" based on IQ. If you believe that a book figure rules the world, you're a retard not capable of logical thinking
The fact that these companies don't allow you to set a budget limit whereby if you exceed it, it disables your services, is just disgusting honestly.
All the big cloud providers do. Azure is the easiest imho. I closed my AWS account because I couldn't track down which service was costing me $25/month
But YOU know there's no limit when you use them, hence it is up to YOU to not use their service. If you do use it, then bear the consequences!
@@johanneswelschthat's like saying fast food companies should be allowed to mix cyanide in their food that they then offer to public, and anyone who eats that will be the only ones responsible, not the fast food joints.
How far are you going to ride their meat that you have to argue against an OPTIONAL spend-cap that the user can enable/disable?
@@Dipj01 But you DO know there's cyanide with all these serverless providers. It's their business model. AWS, Vercel, Google. The google maps API key I use is the same, it's free up to a certain point. And if I, for whatever reason, get a bunch of visitors, I expect to pay up for it. It's the way it is, it's the contract. Yes, there should be a better notification system, there should be an option to put in the maxiumum amount you want to be charged if the service does incur costs. But we should not lie to ourselves that serverless does come with cyanide and it is labeled as such. So, the right thing is to not eat it! Just deploy to a VPS for $5 a month with no additinal consts. It is what I do. Buy your food somewhere else.
There are hundreds of these stories with AWS, Google, Azure. Even I know somebody who was "overcharged" for more traffic that he anticipated.
@@johanneswelsch I'm all for market capitalism and self responsibility 😮, but there's usually caps in most spend accounts (i.e. credit cards, etc)
some consumer protection is in store. If not just wait for the EU to slap fines...
plot twist, the hosting company ddos'd their own clients to rack up their bill
I'm speculating, but there might not be a twist here - just plot.
If your competitor is hosted on serverless, you know that to do 💀
The poll asked who's ultimately responsible, not who's solely responsible. Netlify should be held responsible currently, because it's hard or impossible to set hard traffic limits. If hard traffic limits were the default and users had to turn them off, it would be the users who were responsible for those kinds of bills.
WTF are these prices? At Hetzner 190TB additional traffic costs 190€...
Yepp, last weekend in fact I moved off vercel and deployed to Hetzner. Deployments are faster with one liner:
ssh -t ${production_host_username}@${production_host_ip} 'cd frontend/myapp/ && git pull origin master && pnpm run build && pm2 restart frontend'
I did it for this exact reason in the video (don't want to wake up to a bill I can't pay) and also the cold starts. Now my app is near instant, no more cold start. Also vercel, as I have found out, you can roll back only one commit and you CANNNOT rollback with a push --force to master! It had a bug on my site because of that for a few hours.
For those less fortunate, there are quite a few $1 per month VPS available. Hetzner is slightly on a more expensive side of things, but I've never heard bad things about them, so I just use them.
AWS pricing, that's where they get their margins. Many companies use AWS behind the scenes and pass the price back to the customer. Not sure if that's the case for Netlify or not but yes it's absolutely absurd. We transfer over 8 petabytes for a few thousand per month, getting hit by a bill of 100k for 180tb of traffic is justs absurd.
but guys, they were nice and offered to charge only 5k
@@user-sl6gn1ss8pit’s disgusting frankly.
@amogus3023 how much is AWS? Is it also expensive or about right?
@ThePrimeTime this is not related to video but I just wanted to thank you for rekindling my passion for software. After 3 years of professional software development which primarily consisted of web dev I felt like it just isn’t for me any more. Having lost my job a few months ago and having a hard time looking for work I was very depressed and feeling like I made all the wrong decision in terms of my career. After watching your videos, I remembered what I loved about development.
Congratulations 🎉
Here is a funny story that happened to friends of mine, as they got an electricity bill of 76.000 Euro. Finally, because the sum was that high, the electricity company decided to increase the monthly payment from 20 Euro to 12.000 Euro. Yes right, 12k. This is as much as a small airport has to pay. Turned out that they got the numbers of the electricity meter wrong and assumed that the thing would turn complete cycle in a couple of months.
The funniest thing about it is that they just booked the bill immediately from the bank account. At first, m friends almost literally shit their pants :D
But at the end, all was good.
Sounds like Germany.
That's why I set up all my bills on credit card that has a very low limit, I don't trust any of the utilities system with that.
@@kayo3402bulls eye 😂
@@monad_tcpnot possible here in Germany. You have to pay it via bank account.
bro that exact thing happened to my mom. They read the left most number on the meter was 1 higher, my mom got a $1000 electric bill out of the blue and was panicking until I went out and looked at it. You'd think these utility companies would have some flag that happens in their software when utility use goes up 10x
After reading this blog
Literally I got nightmare of this happening with me.
Me too :[
I turned off my netlify after reading this.
They really need to add a hard spend cap, I don't wanna owe netlify $500 for my site that gets 10 visitors a day lmao
Url? I know one quick trick to send you a 100K USD bill
Yeah, can this happen with Firebase free tier? Seems to be safe, but who knows.
Just removed my silly portfolio website from netify just in case 😅
"we shouldnt have treated him as a business user" means "yes, it is our policy to make money off of mistakes, but its supposed to only apply to businesses because they have so much bureaucracy that they will just eat the bill without a fight, and dont tend to reach out to the community to tell their story". Fuck these snakes.
0:52 _Narrator: Flip, did not, in fact, take that part out_
It just sounded like prime reading normally.. Didnt even notice :P
@@jonathanschober1032 our good ol' Dyslexiagen :D
Snitches get stitches! (meme)
Flipped him off
@@justADenidoes he legit have dyslexia? Is that why he has such trouble reading? Just started watching him and this seems to a theme
If netlify DDoSed their own users that would be an infinite money glitch.
It's not since they rent from AWS
@@zoellazayce6796 The rates they charge per GB are disgustingly higher than what AWS charges - I don't mean just a little bit higher, their rates are something in the realm of 100-1000x higher iirc.
@@zoellazayce6796 their margin is high enough to still go profit
@@zoellazayce6796 So, Bezos is doing the DDoSing? I knew it!
@@zoellazayce6796 but users pay 5x what they pay AWS
10:00 "It's tricky when the traffic in question is not clearly malicious"
Ah yes, 190TB traffic in 4 days only targeting one file on the site is not clearly malicious and doesn't even warrant an employee looking into it. Definitely just a fan who wants to listen to that banger song 24/7 in 10k simultaneous music player instances that happen to never cache data. Sounds reasonable.
"we can always cancel an invoice" - Your own support said you normally only reduce the price by 80%
it sounds like the song probably just went viral in china. this stuff happens
Regarding spend limits: Yes, they should be opt-in, but IMO there should also be a choice gate when you register. Meaning you have to deliberately specify one way or the other whether or not you want a spend limit.
I think the easy way is, when provisioning your site you are presented with the option to set a limit, preferrably defaulting to a sane one and the option to havr no limit.
Truly informed consent.
Anyone notice the CEO's name is Billmann?
the problem is every "free tier" is only "free" after you provide them with your credit card.
There are free tiers without credit card. Also for free tiers that are "free but give us credit card" I have special card that is blocked/frozen and good luck charging that.
yea im not super concerned neither for my situation its a debit card technically and there isnt much money on there lol@@darekmistrz4364
solution is to just not give these thieves a credit card, give them a debit card, any big charge will bounce
literally not true in the case of Vercel
Seems like charging thousands of dollars AND SOME PEOPLE PAYING THE UNEXPECTED THOUSANDS WITHOUT A COMPLAINT is their "free" tier business model.
well I imagine if you don't pay, they sell it to a debt collector who will hound you, which can be quite scary. Trick there is to just not answer your phone and pretend they don't exist. I had that happen (the reasons were BS, my insurance was supposed to cover something but then a few months later I get a debt collector calling), ignored them for a year and they finally gave up
If I was Netlify: what would stop me from then ddosing my own clients to squeeze them?
it seems like they use AWS behind the scenes, so if enough people don't pay that could be a loss. Also, this would have to be done repeatedly to matter, and besides fines I'm pretty sure you might face jail time if you are caught convincingly enough, so on balance it would be fairly risky.
You should be able to set limits and have the expected behaviour be that your site shuts down after the limit is reached.
Scary going to sleep at night knowing your bill can essentially be infinite for even a small static site.
This is why I use AWS (which Netlify just uses on their backend). Very easy to setup an SNS alert from budget, send that to a Lambda that disable services once forecasted budget goes over. Takes less than an hour to setup.
Even AWS can skyrocket if you are not careful.
If they're using AWS, what's their excuse for not using the off-shelf CDN solution? I mean Netlify, not the customer :)
@@noderunner_ yeah ubuntu instances ran on an Athlon dual core or something...
@@WakefieldSeldon skills? Or maybe they are too happy to milk the cow...
As someone who manages AWS at my company... Netlify and Vercel make money because although this shit is easy once you figure out how to do it, it's not intuitive. That's the value add that these companies have capture. Good for them.
Gotta say, weird choice to host static content serverless, but the OP definitely knew how to get Netlify's attention... well played 👏
Tbf I'm currently using hugo on netlify (I dont link my card and check in from time to time).
It's not that weird considering netlify is one of the first web hosting platform that comes up + I guess it has CD directly from github.
The problem with the way it's run is that although it's static sites, the script that generate static stuffs are run on server host at deployment time. Now, hugo does have a deploy to cdn links like s3... but when I first set it up years ago I was just wanted things running so I used netlify. Probably that's how they get people in(?)
Anyway this does bring a new light. I'll probably be moving away from it in the future I guess
is it really his fault? 3 mb is less then like the react main js file.... cloudflare would have cached the file completely for free, so why shouldn't vercel offer such a service (or an easy way to integrate cloudflare)
Mate its like 12 times more
@14:23 this is a platform issue, you cannot enforce that with a static html document. it wasn't even a blog, it was a personal space like those old gif sites
it is not a hard question?? dont make a default, or optional limit, make them actually type in maximum they are willing to pay if shit happens. if you exceed the maximum, just kill the service and send an email... hello?
by shit happens i mean, ddos, or lot of people visiting the site, anything
Netlify needs to add limit controls ASAP and have them on by default for “free” accounts
Flip - greatest editor to ever exist. ❤
0:54 XD he did what exactly he supposed to...
i do it for the people🙏
Solution: by default, let the customer know that exceeding rate limit = instant site down. Many free servers do this already. Also by default, depending on your tier limits, incremental emails. I'm thinking at the very least a 70% or so. Options to scale obviously should be available but not take away from the needed incremental emails. Give ability to set a data cap regardless of tier or plan unless speified specially. THIS IS ALL FOR REGULAR SITUATIONS.
In terms of massive jumps in free, email and shut down until verification is given.
Return a maintenance/ crash site
Pre-defined hard limits which the user can easily understand access and relax seems to make the most sense. I mean we're not in the age of scrolling text and nested table layouts anymore where everything is going on GeoCities so scaling needs those hard limits both for the company and the customers sake. And if improper planning from the customer happens then yes limit them. They will learn that Proper Planning Prevents Poor Performance. An "I messed up." article is a lot better than a "I got a 100k bill" article all around.
Teo covered this a bout a week back or so. 1. Preset safeguards, multiple levels , first tier is reached, then confirm to continue serving, then a second and third as it grows. A disclaimer to keep an eye on the bandwidth and the host must provide real time monitoring.
8:38 not aware of the singer but spelt out the name of the song perfectly with Jyutping lmao
Yeah im not paying 5k for this. Why else would I use managed infra in the first place? I want to be able to set it and forget it and have peace of mind and scale appropriately as i need to.
it did scale appropriately in this case
It did what he wanted to do. If he didnt he wouldnt used a auto scaling service.
Little boy playing in the big league being surprised that he needs to check out things for him self.
Seriously he should check if there is ddos protection, if there is a spending limit and have some monitoring on his page.
I think the 95% off is a fair deal here.
"I don't think it's entirely my fault leaving it [the mp3 file] there" says it all
if you can bill it, you can add a feature for spend cap. free should be free always.
I think you glossed over the egress price too fast, this amount of Traffic on Hetzner (and yes it's not a 1:1 comparison I know) would have cost less than 200USD and they charge 100K for it.
Yes, those bandwidth rates are worse than rates from 20 years ago.
This is why you buy a service like digital ocean where you know what your cost per month will be for a drop let instead of a free service that wont tell you this stuff that way you know how much bandwidth is being used from your server
"What do you do with the free tier that gets a $100 bill?"
It's a free tier. Not a "send $100 dollar bill" tier. If you advertise something as the free tier, you stop the bill at $0 unless the customer switches to a different plan.
people should absolutely have a right to set a cap on how much they can charge. it should be a customers right.
i think how network traffic behave shall be configurable by the end-user.
as a blogger, I might want to block traffic
as a startup after a marketing campain, i might want to accept within a reasonable limit, potentially defined by steps like from 0 to 100% blocked, but from 0 to 20% then to 40%, it might be ok
Free tier should cut out at the end of free unless there's credit on the account which sets the next limit.
Not letting a client easily decide how much they're willing to spend is psychotic. Imagine if buying a bigmac had a 1 in 1000 chance of you having to buy a meal for everyone in the restaurant.
"But what if the customer wants to go viral, we shouldn't deprive them of the opportunity of buying a meal for everyone in the restaurant" says McDonalds. Sure, but let the _customer_ make that decision.
It shouldn't be up to the company's discretion as to whether the customer has to pay 20%, 5%, or 0% of a random traffic spike. The customer should be allowed to specify what the maximum dollar amount they are willing to spend is, and it should be easy to do so.
the "free" tier is a scam. Choose a service that gives you known resources in advance. there are and used to be services were you pay a set amount for a set amount of reserved resources.
some services have APIs to scale up and down based on logic so devs can increase or decrease resources. you don't need overpriced pay as you go cloud solutions. Their business model is to not set limits, vendor lock in on open source tech, obfuscate the costs, and allow costs to spiral out of control.
It isn't hard to tell if you are getting hit with a DDOS. A DDOS doesn't generally use the pages to move around. You can set a script on the page for navigation and also check mouse movement. Sort of like googles captcha just for the entire page. If you get no mouse movement treat it as a bot unless it uses one of the system you setup for handicap people. If you get several of these consider it a DDOS and then act accordingly.
could you break down the logic further? Curious?
if he had his old laptop as a server he would be ok with no account. Digital Ocean has traffic limits and automatic scripts to shut it down. I hate developers who don't wanna manage their own servers when it is small thing.
I'm starting to think Flip doesn't exist 😂
The email relay I use isn't free, but the basic tier is dirt cheap. If you exceed the limit on it, it gets expensive quick. Rather than letting you exceed the limit and get a bill, they require you to pre-pay if you want to be able to exceed the free tier once in a while. A similar approach could work for netlify. Users who want to _know_ they won't get charged can _not_ prepay for overages. They get a notification at some percent of the limit, and then their site goes down when it hits the limit. Users who want to scale can do so by prepaying for whatever level of traffic they wish. If they never scale, this is a 1-time cost, so is easier to justify for a blog or similar.
I do think that all such services should have a rate limiter and a dollar limiter on it, even if not on by default, that do just kill access to the site. If I have a hobby project or very small business, when I get an alert that I’ve exceeded my quota, chances are that I’m not going to miss out on a crippling amount of business in the 10 minutes it takes me to check the service, whereas a massive bill easily would cripple most small businesses. While I completely understand what the CEO is saying about not wanting to kill a launch, if someone is using the free tier, and have protections turned on, it’s probably a mistake if they suddenly get a massive demand
So the one thing I note about all your answers to what a user should do is that they rely on technical knowledge. As many pointed out, the very purpose of services like this is to remove the need for technical knowledge by putting that on the service. It should be something complicated, hard, or bad to structure creation in a way that defaults to "limit is x, action on limit is y." and have it default to shutting down. Even in the case of legitimate usage. If you are a small business and your thing hits it off and you don't realize you went from $1,000 to $100,000 you might of just bankrupted yourself.
Just set up spend caps in vercel thanks to this
The stupid-face thumbnails are getting out of hand. I feel stupid for clicking on them...
I am more annoyed that this dude takes 10 times more time than needed to give that info. Like 30 min video to give 3 min worth of info.
Shame. Theo went down the path of shitty clickbait (completely fabricated) thumbnails as well.
I've never disagreed so hard with you. Wow, what a bad take.
Just let the free-tier user foot the $5k bill without any spend limits because we don't want to stop them from "going viral"... surely that can't go wrong?
Our systems can't stop a DDoS, is that a problem?
Wait until a bug in Google's spider hits you with non-stop requests for several days. Then Google delists you. Good times.
that sounds specific can i hear the full story
@@rando521 Couple years ago, out of the blue traffic on a firebase backed site I worked on went from tens to maybe a hundred or so hits per day to hundreds of thousands of daily hits. Googlebot is supposed to be rate limited, but for some reason the bot was hammering the site. I complained, the bill was removed, and the googlebot never visited the site again. Project was essentially killed before it even launched because site no longer appeared in google search.
Thank heaven for elastic scaling, right.
In retrospect, I'd say pay the googletax. It may seem like extortion, but if you let yourself think of it as ad spend, the hot poker is actually soothing.
Unfortunately all the real details are on the Google side. Cloud is truly a black box.
Mihawk Analogy man... just awesome 😂
The thing is, a "success" to the tune of $104,000 may also well bankrupt the owner before they are able to capitalize on that success.
Yes, saying you are letting the bill rack up to hundreds of thousands because you don't want to ruin someone launch / viral moment sounds completely disingenuous, bankruptcy seems like a great way to ruin a launch.
What stops Netlify from creating these attacks? They investigate it and tell you whatever.
I think it is indeed the customer that is responsible in the end, but and this is a big but. The customer needs to be able to control how to handle their spending limits. I agree that there is no way for Netflify/Vercel/etc to always know whether your spike in traffic is a ddos attack or your site going viral. However, it is equally true that the customer almost always knows how it wants to handle such a surge in trafic. If the service does not provide the customer with the ability to set a spend limit, then it is ultimately the service providers fault imo.
I would rate limit requests once limits have been exceeded. With the rate limit becoming stricter and stricter the further you are over your allocated capacity. Customer can then pay and have the service restored and the request rate limit removed.
The users ahould receive a notification where they have to respond wether or not they want to scale up. If the user doesn't reply or says no the service should stop receiving requests immediately.
There should be an abnormal traffic detection. If the cost went 10x, it should send alerts. If the cost went 100x, they should disable the account until the user pays. I've got many projects where the monthly spend is
11:15 But how hard they are really trying? In the end what is the worst that will happen, 20% of $100.000? Imagine the amount of users who just paid for that?
flip doing quality editing as usual
A drop-down in project settings;
- Hard Limit (stop)
- Throttle (with some sort of slider)
- Open
Solution is simple, it shouldn’t cost anywhere close to 100k for 190Tb of data transfer. Even 5k is ridiculous.
I pay €75/month for unlimited.
If they had sent him a €100 bill instead of 100.000, we wouldn’t be having this discussion.
I actually like OpenAI’s model. You have spending limits that don’t increase till you spend x amount for x months or request a specific limit
If you don’t wanna completely cut their service, half their bandwidth everyday or at some kinda rate that eventually leads to it basically being unusable, on top of the email notifs
My take is to force the user to choose what happens before able to put their site online on their service. The options can range from no risk of payment to custom maximum payment to just warnings.
Im new to all of this. Can someone please explain all of this and what it means to someone who is both a beginner and stupid like me? I want to learn.
Just let the user set a rate limit, and then have him be notified by the hour checking if they should impose the limit or if they're willing to pay.
The user should choose his limits.
If your site is a startup and it's purpose is to sell something to earn all the money in the world then I won't put any limit.
But... If it's a blog without any monetisation then I don't care if it will be down during the ddos.
Netlify just doesn't want us to put any limits because they want our money.
i'm starting startup soon and this is one of reasons why i'm investing in self hosting..
Somewhat suprised by the opinion of the primagen. I don't see how it is the fault of the customer at all. If you are on a free tier and get high amount of traffic, shut it down.
Free tier and free service are different. Once your traffic picks up, you start paying, it's everywhere like this, even with your google maps api key.
Might be suprising but GCP also doesnt have limit, their explanation is that they don't want Your critical systems go offline, all You can do is set a budget and get an email when its close to reaching it...
20:38 it doesn't cost a lot of money to just black hole an IP address in the network level. at that point if the network keeps routing traffic to you, then its basically a bunch of SYN packets and its their problem because you black-holed it with unavailable route for that time, you just pay for a packet every couple of seconds, so you never pay that much for inbound traffic if the connection is never being acknowledged. Its still bandwidth, but its tens of dollars, not tens of thousands of dollars . At least that's how it works when you use something you can actually control the "cloud" infrastructure like AWS or Azure.
Even if your side projects takes off and gets a burst of 1 million requests, that's still nowhere near a 100k bill. Your project won't get Netflix levels of traffic overnight. I would set the limit to a couple hundred.
For large media files like this, an interesting idea would be put it behind a paywall once exceeded a limit.
A simple network limit on the number of connections per ip for a given time would have prevented all of that. Also, having a limit of bandwidth per IP. Easily set up with a firewall.
But you can't control that if you use those "software as a service" crappy things, that's why when I use cloud, I only use IaaS, give me virtual machines and the BGP for my public IP, I do the rest.
Ironically both Azure and AWS have firewalls that do it very easily and they aren't even that expensive, you could easily fend of a DDOS on "yourself".
@@monad_tcp You need to rewatch, and re-read what actually happened, because nothing based on IP would have helped. HIs website got what we called slashdotted in the 90s.
Accidental recursion is automatically hilarious to me still, every time
How would HTMX do anything to help in this situation? The problem was bandwidth. HTMX is still sending the css, html, images and files to the browser.
My guess is since with HTMX you’d have to build your own backend which you can add some sort of rate limiting yourself vs using the server less functions. But that would be an overkill for a static site I’m glad they’re finally adding measures to pause once you reach the spend limit.
0:48 FLIP didn't take it out 🤣
15:14 All user should come with limit and the ability of opt-out in case you want it to scale, that's it...
"we can never go back and fix it if we ruin your moment of glory"
Zero moment of glory is better than being charge for something that you wasn't ready to pay
When you disable the limit, you are clearing saying that you are able to pay for the "moment of glory"
16:06 Alert doesn't solve the issue, it's helps but you never knows if the other is ready for this
What if I'm in the hospital? I wouldn't be ready for this alert....
LIMIT is the answer, doesn't matter how much you like when your website scale... you must be ready for scaling otherwise you're going to depend on the company to remove the bill
And we know how annoying can be talk to business... if they answer at all....
Yes, I don't know a single overnight success that would still have been a success if it had come with a 100k bill. Bankruptcy is a guarantee way to ruin a launch.
Yep, this is why I self host most things. If this happens I just turn off the computer and move on with my day
Managing hardware isn't difficult but the cost of physical security of expensive server hardware can add up. So I found a middle ground where I buy a vps from hostinger or digitalOcean. If there is a DDos attack the vps simply gets overwhelmed and grinds to a holt. There is no auto scalling! If however this is actual growth I simply buy more Space/ram/cpu ( vertical scale ) when this isn't enough. I have then become successfull and can afford to launch my App(bussiness) on AWS ( horizontal scalling).
If I've got a hobby project up on a free tier, I never want to see a bill. Period. Default should be "cut em off" because not everything out there converts to dollars. Most hobby projects can't convert a viral into sales, and I can't afford a 5k bill even if it is viral. Opt-in for auto-growth is a must. Prompt it during signup if you want. Also allow a spend limit on signup.
Hot Take: Inform the user of what the spend limit is for the free tier and/or let them choose when selecting that option. Problem solved.
I think sending an email at 50, 75, 90, 99 would be a good start. At 100 another email saying the service will shutdown on 200% or 1 hour unless they provide a manual authorisation. As the CEO specifically mentioned they don't want to ruin someone's glory moment, i feel this can a good middle ground for both parties. The the most important thing safeguard yourself with all the settings that are ment to safeguard you
free tier is marketing expense by the platform. it should be free for the user. if utilization exceeds the limit, ddos or not, they just have to disable the site and notify the user.
Included DDOS protection is one of the features you need when deploying a site.
Although in this case, it's just as likely that it's Teresa Tang music fans downloading a free copyrighted song.
how difficult could it be to just give people options like "notify at 50%", "throttle at 90%" and then a "X amount max spending pr month".
I'd rather have to manually increase the spending limit a few times, than getting hit with a ridiculously high bill I were not prepared for.
Just give the person the chance to put a hard cap and á soft cap so if it hits hard cap the close all access and soft cap would be notification
"Greetings from Amazon Web Services,"
me: oh shiiii...
aws: $0
me: thank Christ
Every. single. time.
Coming from Taiwan. Never imagine that 鄧麗君 Teresa Teng would be mentioned on this channel 😂
This why i run own server.. no any stupid surprise costs.
I live in a constant cycle of killing God and usurping his place, and falling straight to the first ring of hell. Depending on when you find me, I'm either pride incarnate or Shinji Ikari on a bad day.
Its a skill issue on the user's part. This is probably the first time this user raninto DDOS, but this is definetely not first time Netlify encounters this problem. Yet they do not have sensible defaults in place (shut down free tier, send notifications or whatever), and as I understand they do not even allow you to configure the max spedning. So Netlify either 1) does not care to make effort in fixing free tier billing, or 2) is actually happy to bill extra. Either way is unprofessional.
this wasn't an intentional ddos, it's on him tbh
As someone said in chat, we used to call it the Slashdot effect, showing it's been a known problem for a long time. 🙂
Mihawk... wow haven't thought about that in forever
ahh what a great sound attack
I'm kinda split between whether the user or platform should be responsible for DDoS. One side: it is a user product, they have to take measures at multiple levels to avoid a situation like this (e.g., rate limiting, different providers to handle DDoS, etc). On the other hand, I use your platform as a fully managed service, and why do I have to care about DDoS (which is more or less can be handled at platform level).