Hacker News new | past | comments | ask | show | jobs | submit login

I have used it for work-related reasons and indeed the service is quite nice. But I don't use Google Cloud Run for personal projects for two reasons:

- No way of limiting the expenses AFAIK. I don't want the possibility of having a huge bill on my name that I cannot pay. This unfortunately applies to other clouds.

- The risk of being locked out. For many, many reasons (including the above), you can get locked out of the whole ecosystem. I depend on Google for both Gmail and Android, so being locked out would be a disaster. To use Google Cloud, I'd basically need to migrate out of Google in other places, which is a huge initial cost.

Both of those are basically risks. I'd much rather overpay $20-50/month than having a small risk of having to pay $100k or being locked out of Gmail/my phone. I cannot have a $100k bill to pay, it'd destroy everything I have.

Also I haven't needed it so far. I've had a Node.js project on the front page of HN, with 100k+ visits, and the Heroku hobby server used 30% of the CPU with peaks at 50%. Trying to do the software decently does pay off.

I had the same thoughts: even if I like Google Cloud a lot (I use it extensively at work), I don’t feel it’s safe for me to use it at home, since I don’t want to risk having my entire google account locked due to “suspicious activity”, whatever that might mean.

In fact, I recently shut down a personal App Engine service I had been using for myself for a few years just because of this paranoia. The service was not doing anything illegal, just crawling a few websites (forums, ...) I like and sending me emails when there are interesting updates. But you never know if they might determine my outbound traffic is suspicious. I also started the long process of moving my main email from a @gmail.com to a @custom.domain that currently forwards to gmail, just in case I get locked out.

It is quite bizzarre that this is the reputation google gained for themselves.

> since I don’t want to risk having my entire google account locked due to “suspicious activity”, whatever that might mean.

Agreed. I often second guess my usage of various Google apps and services since I don't want to trigger some process that I would have no way of ever knowing.

The recent case of someone getting banned from using Apple Pay comes to mind (https://news.ycombinator.com/item?id=20841586)

Sounds like self-censorship in dystopia full of secret laws. I'm glad Google isn't running a country.

Their reputation has turned dramatically. Back in the day Penn and Teller's episode of BS about the death penalty said they might not mind the death penalty if Google were in charge of it. Maybe they were somehow being presciently ironic?

Not only Google, just visit any online space and you will see a lot of arbitrariness, inconsistent rules, obscure decision making, etc. I honestly think that the best people to rule a country are the politicians: They are corrupt, narcisists and dangerous but at least they are somewhat professional in what they do.

Sounds a lot more like abuse detection signals firing based on Apple Pay using virtual card numbers.

Apple says that their virtual card numbers protect your privacy because they're untraceable. Ok, but that also means that your using Apple pay is mostly indistinguishable from credit card fraud.

But, you ask, does Google really have to worry that much about fraud? Do people really phish known-good Google accounts, add a stolen card, and then buy a whole bunch of ads?

Well.... yeah. That's actually one of the primary uses for stolen credit cards.

I used to use google docs until they randomly locked one of the docs I was working on for a week due to one of their "suspicious activity" scripts. Really hammered in the message that if you don't host it then you don't own it.

That's actually kinda nice of them. Instead of waiting till we were totally and completely locked in to play big bad wolf, they've done it earlier while there's still time to get the message out.

I think the issue is you aren’t paying for it, so you don’t own it. Paid hosted services cannot pull this crap.

Paid G suite can and does pull this crap. There was a comment on HN a year-ish ago, when someone's entire ~100 person company (almost?) went out of business because Google flagged the personal Gmail of the domain admin, this "spread" to their company email, Google closed it and losing the admin account made the entire domain get deleted. Not "blocked" or "pending review" - deleted! IIRC even pulling personal favors at Google couldn't save them.

Do you have a link to this story?

Google's main problem here is they can't tell their side of the story.

If only they had some process where a customer could agree to have Google publicly explain why an account was banned, I think we'd see many more explanations along the lines of "This customer was using Google cloud to launch Ddos attacks" or "This customer sent bomb threats to the president".

How is that a problem? What's stopping them? Google can easily write blog posts or release post mortems or have the dozens of PMs that visit HN talk about it.

Considering these links are all about people with valid businesses and apps, I doubt your examples apply for violations.

What law do you think is preventing them from doing that already? Especially where US residents with no general privacy law are concerned?

The only thing that's preventing Google from telling their side of the story is their own refusal to engage human-to-human with individual customers.

Both the law and Googles privacy policy stops them telling the world if you sent bomb threats to the president. That's still your private mail. They can't go looking it it, let alone telling the world about it.

> the law

Which law?

> That's still your private mail. They can't go looking it it,

They definitely subject it to all kinds of automated scanning for spam and potentially abuse. The nearest thing to a public statement from Google on the subject seems to be: “very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse”

i.e. there may be abuse cases where they read your mail without asking.

Downvote - Google could reply here on HN, which is one of (if not THE) top developer site in the world.

> more explanations along the lines of

I am willing to bet there would be zero explanations along those lines.

Paid hosted services can and do pull this crap, and it’s not just Google.

“Digital Ocean killed our company” https://news.ycombinator.com/item?id=20064169

At least DO was responsible, transparent and disclosured the bug for the public. After reading through the post, I've felt much more confident to use their services, specially after that comment: https://news.ycombinator.com/item?id=20119939

Big G's policy is to lock you, provide no further comments and no contact link.

“Transparency” due to blowup of bad publicity on HN. They’re simply not big enough to ignore this audience. They wouldn’t have given a damn if they were, just like they ignored many cases that didn’t blow up.

Sure, fine, but Google blows up hn here and there with horror stories but because of search and I guess the fact that 2024 is when they're possibly nuking cloud anyway, the companies in question still got deleted.

What's the alternative you're proposing? Are you just saying Cloud Bad?

Quite a lot of paid services have done exactly this. They use vague all-encompassing terms of service designed to give them complete control. Pretty much anything can be used as a violation of those terms, allowing them to keep your money while also blocking all access and even deleting your data. Very few customers have the legal and financial resources to unblock this if it does happen.

I ordered a phone from Google that's been lost in delivery. I have Gmail/documents/photos/music... Should I do a charge-back? Sue them in small claims court? I should never have done business with them.

Absolutely don't do a chargeback. Try to settle it with the package carrier.

Google's algorithm can flag a chargeback as suspicious, leading you to be locked out.

This is a delightfully horrifying response... "Don't poke the trillion dollar bear, he might bite you and lock you out of your account!"

(GOOG's market cap as I write this is $985B...)

It is horrifying and it should be illegal to provide so little customer service when you encourage deep, irreplaceable investments into your platform.

At least have all your account recovery lined up before you try a chargeback. It is taken as an extremely strong signal that the account has been compromised and is being used to fraud the rightful owner.

Source: I work there.

Also: I would exhaust all my escalation options before going the cc route. With any retailer.

Having thought about this some more, I really can't recommend doing a chargeback with any company you want to keep taking your money. Afaiu this doesn't cancel the contract, so you owe them the money unless you manage to void the contract, in which case they should send the money back anyways. Then, teaching all the fraud detection systems that your exact usage pattern leads to fraud seems unpleasant too. Just too many ways for this to backfire, even if the company doesn't play offended.

This is a response from a dystopian anti-consumer future that we seem to be living in because Google thinks customer service has no value.

> Afaiu this doesn't cancel the contract

There is no contract if Google didn't send the phone. The commenter doesn't owe them money for something they failed to send.

> Then, teaching all the fraud detection systems that your exact usage pattern leads to fraud seems unpleasant too.

Or (hear me out, this might sound insane): a fucking human could talk to the customer and flag it as "not fraud". This is how every other company does it.

The solution to getting screwed by an algorithm is not to give in to the algorithm. It's to talk to a human to override it.

The ultimate solution, I hope, is that the next iteration of the federal government is pro-consumer and enforces our UCC rights and/or breaks up Google.

> There is no contract if Google didn't send the phone. The commenter doesn't owe them money for something they failed to send.

Don't know about your jurisdiction, but in most countries I lived in the law works otherwise. The moment you checked out you have a contract. Seller not sending out the goods is failing their contractual obligations. But that failure does not cancel the contract, only allows you to execute the appropriate clauses of it (some of which usually lead to refund and cancellation). On the other hand, the delivery of goods doesn't usually prevent you from cancelling the contract (you usually have an obligation to return the goods in that case). The clauses injected by laws tend to make this very consumer friendly... But the ones I remember require you delivering a notice of cancellation and I'm not sure if failing payment counts as such (IANAL, I don't even know your jurisdiction, Yadda Yadda).

Just contact them and they'll send you another one, like pretty much any retailer.

Packages get lost all the time. They have a process to file it with their shipping partner.

Same thing happened to me once. I called google support and they send me another phone.

Same here. It seems very unlikely they would not resend a phone lost in delivery. When it happened to me, they immediately ordered a replacement device.

Absolutely don't do a chargeback. They will lock out anything that requires payment, and possible more.

The “oh noes!” Lock-in arguments are comical. Everything is lock-in. And it’s unlikely google makes some radical consumer change to screw people would hurt its efforts to be the #1 or #2 player. If we just focus on building on the things these cloud providers have built we can stop being leery about things and focus on the product and quit wasting cycles on things that don’t matter like the lock-in fear.

You may have misinterpreted the comment chain. It sounds like you're talking about vendor lock-in. They're talking about being locked out of their Google account due to a Google bot incorrectly categorizing their work as spam or abuse. The implications for them being locked out is that they can't use anything related to their Google account. That could include their personal phone, personal email account and personal cloud services.

You can set up alerts if you exceed a budget, and you can program a response to turn off billing on a project. Google has a guide for doing exactly what you want. It's not a particularly clean fix, but it is fairly easy (copy paste) and can be done. It also allows for fine grain control eg you could kill an expensive backend process but keep the fronted running.

You can also rate limit some APIs.


> You might cap costs because you have a hard limit on how much money you can spend on Google Cloud. This is typical for students, researchers, or developers working in sandbox environments. In these cases you want to stop the spending and might be willing to shutdown all your Google Cloud services and usage when your budget limit is reached.

Is this not typical for...literally every use case? No one has an unlimited budget.

Depends - if your profits increase in line with your expenses, you might be raking in the ad revenue/views/sales/whatever because your product 'went viral' and you might prefer to keep it up.

Or if the rise in costs is something you can mitigate on your end - such as a bad deployment - you might want time to respond yourself, rather than your site going offline.

More generally, few site reliability engineers are looking to add extra ways for the site to be taken offline.

Of course, if you're large enough to be in those situations, your round-the-clock operations staff will be monitoring the billing situation as carefully as they monitor page load times and error rates and database load so an unexpected bill will be very unlikely.

> More generally, few site reliability engineers are looking to add extra ways for the site to be taken offline.

SRE 101 is rate limiting everything and protection against DDoS. With cloud and auto scaling risks of DDoS are less about uptime but more about getting a bill that will bankrupt the business.

> few site reliability engineers are looking to add extra ways for the site to be taken offline

If your company has anything close to "reliability engineers", then you already have legal and finance teams too that can sort terms out.

The discussion is about companies that do not even have departments to begin with.

> few site reliability engineers are looking to add extra ways for the site to be taken offline.

Apart from the cases already mentioned in sibling comments, at some scale you start adding in outage switches in many cases. Basically quick ways to take parts of your service offline if something starts misbehaving.

Sure, but typically a business will have specific resources they’d be willing to shut down rather than the entire billing account.

Google doesn't have good enough billing systems to be able to guarantee to be able to limit your spend. Lots of billing things are only done daily for example, meaning you could spend millions of dollars before the billing run at the end of the day.

Google prefers you be on the hook rather than them.

Google themselves recommend using the limits like max instances to mitigate the risk of out of control costs.

I also don't understand why this is being framed as a uniquely Google problem. Other cloud providers with serverless services have similar hazards and similar methods to manage the risk.

> I'd much rather overpay $20-50/month

I don't think the alternatives are nearly that expensive. Vultr, DigitalOcean and others have virtual private servers for only $5 per month. They're small instances but totally fine for side-projects. I run a cheap $5/month VPS and it was able to withstand my project making the HN front page without issues. I don't use Google cloud hosting for the same reasons as you, I don't want to have too many eggs in one basket.

+1 to just running something on a cheap Digital Ocean style box.

In our modern cloud age, I think we've forgotten how much a single box can actually handle (and how few of us actually _need_ to "scale" from day one). Hacker News front page isn't really that much traffic in the grand scheme of things. My $5 DO instance handled it without a sweat. Hell, even "real" projects can still work under this approach. A $20/mo DO box, sqlite, and a few shell scripts can get you shockingly far ^_^

A few years ago I set up a $5 DO droplet with the Dokku image they provide. Years later it's still running all of my side projects in production, even though I moved from the $5/mo plan to the $20/mo plan as my business grew and my needs increased.

I have 15 containers connected to 10 Postgres instances running right now handling tens of thousands of views per month for $20/mo, AND I have Heroku-like convenience to deploy with a "git push dokku master", without having to pay a minimum of $7/mo for each app I deploy. I can deploy a new app at no extra cost

Sure, I have to patch my own OS (minimal effort but still effort) and backups/DR/HA is on me to provide, so it might not be for everyone. But I have a mantra that all my side projects combined need to be able to pay for all my side projects combined to keep me from spending too much, so keeping costs low is important. And that $20/mo would be over $100/mo on Heroku. For me it was a no-brainer. One low-revenue side project pays the bills for all my just-for-fun projects.

Are you hosting the database on the same instance? Also, how are you doing automatic backups?


Yes the database is on the same instance. The biggest downside to that is my droplet gets low on space as the database grows but so far it hasn’t been too much of an issue. The growing need for SSD space has pretty much matched the growing need for RAM as I increase the droplet size.

For backups: I have a bash script set up every night to run a pg_backup and send it to an S3 bucket where I store the last 7 days of backups. All static files (images mostly) are hosted on S3 with no real backup but that works fine for my particular use case.

Dokku's great, but it doesn't support ARM. Anyone who wants that can try Piku, which is even smaller!


Sounds like a great setup. Do you have any documentation on it that others could follow to build something similar or links to tutorials that helped you?

Luckily Digital Ocean and the Dokku project have pretty great documentation on their own. Here's the one-click image for DO: https://marketplace.digitalocean.com/apps/dokku

I just looked up DO's guides for Dokku and it seems like they're redirecting to the deploy page... that's a shame, they were quite good. In case it's just a bug on my side, here's the link: https://www.digitalocean.com/community/tags/dokku?type=tutor...

And Dokku's documentation, which is quite good as well: http://dokku.viewdocs.io/dokku/deployment/application-deploy...

For deploying, it works basically the same as Heroku except there's no GUI for it. Following Dokku's deploy guide top to bottom works perfectly. Look into Dokku plugins for things you might want/need (database support is a plugin, for example) and it uses a system called "herokuish" to allow Heroku buildpacks to work if you have weird stacks like React on Rails. Or you can bring your own Dockerfiles and avoid buildpacks altogether. Ultimately Dokku just manages Docker containers like a lightweight, single host Kubernetes.

Eventually I'm going to have to migrate to Kubernetes... Dokku's lack of built-in HA/DR/load balancing is its main drawback. But it's served me well for years with very minimal maintenance. I hardly ever even think about my infrastructure stack because it just gets out of the way. Which is incredible because it's so small and lightweight, built mostly with Bash scripts.

> I think we've forgotten how much a single box can actually handle

And also we think that "scale" can fix crap software. Pick/write decent web apps and you can worry far less about scale.

Granted, but those are not 1-to-1 to Google Cloud Run mentioned in the article, I normally use Heroku and the typical "production" server for me is comprised of:

- Hobby server, at $7/month

- Database, there are many but add another $5-$15/month

- Redis, either $0/month or $15/month, depending on the needs

Cloud hosting is great for businesses, that's why I believe that every web developer should experiment with those services. It's not great for personal use for the reasons you've stated - the risk of your service going down due to it being viral is much easier to bear than the risk of having to pay outrageous amounts of money for those services in that event.

If your hobby project goes down for a while nobody will remember that and having to pay $100k will make you remember that for an eternity.

Years ago I ran a side project that went viral. It grew to 60k visitors a day and my monthly cloud expenses were around $1,500. I cannot fathom a scenario where you get a surprise $100k bill from a viral hit. Anytime my project went down due to scaling, it was painful. You don’t get many chances at going viral.

60k is on the low-end of visits only from HN where I've normally seen 100k+. I saw around 60k once of 4-5 of my projects hitting the front-page.

Also I know I make mistakes, both at coding and at setting things up, which can easily trash things around and make a 10x-100x multiplier for the cost. The risk is small, but the consequences are horrible so I prefer to avoid this risk.

Edit: also note that even a $10k would be horrifying to spend in most personal projects, and $1500 is more than what most programmers are saving monthly in most of the world.

That depends a lot on the article and the views from reports on reddit/twitter/facebook/linkedin. 100k is rather toward the top of the curve.

Here I've published stats on my few posts that reached first page on HN. https://thehftguy.com/2017/09/26/hitting-hacker-news-front-p...

$1500/month is a massive cost for a side project, I'd rather have it go offline by far.

Side project turned business. It’d paid for itself and more.

I’ve seen surprise bills not far off that, not from a viral hit, but from bugs in the firmware for connected devices which suddenly switched them from taking 1 action/10 minutes to 1 action/3 seconds. Needless to say firmware QA has become much more focused since that incident.

What was that cost for? 60k visitors is less than 1 req/sec, something a terribly small server should be able to handle with relative ease. We’re there a lot of static assets not served by a CDN or cache?

It was a SaaS. Required heavy database and memory work. But it supports my point that a surprise $100k is a far fetched concern.

I was getting $3-5k bills from Azure and AWS several times without being viral just because I enabled some wrong features. Luckily they refunded them. I don't want that crap anymore. We also tried to run on AWS EC2 for a while and it was costing us 10 times more than a dedicated server that we got later on. Ridiculous. Now I have a backup server on Azure just because they give me $50 credits and it's a basic VM with a 1Tb slow disk attracted and they manage to charge me $70 for this, when I can buy a box at https://www.kimsufi.com/en/servers.xml for 5-7 EUR. I think cloud is for idiots

You're right. I've went with the $100k assumption from the other comment.

From the article:

> The service will create more and more instances of your application up to the limit you defined

The Cloud Run docs confirm an instance maximum can be set and the price per instance can be less than $5/month.

Cost is not only based on the number of instances. From a quick search:


Understanding the cost of these services is not easy at all, especially for extreme cases/situations. And a calculator/estimator won't fix the problem. That is why I love the fixed $X/month where there's no room for surprises.

I hope GCP/AWS add a max spend ability. Until then it's complexity of pricing model vs time spent on OS and database management. To each their own.

It's why I'm on digital ocean. Cheap, but good quality service that's comparable to the big boys and it's capped. $5/month is perfect for me

I use DO too, but they have deleted a lot of customer data.



Keep your stuff backed up.

I use Heroku for these situations where everything is managed automatically. The only con here would be paying more, $20-50/m (Node.js+DB+Redis?) instead of $5/m for DO, but I'm happy to pay for that and spend no time on manual management.

You can definitely set limits on GCP

The trouble with this is what do you do when your "max spend" is reached? Shut everything down? Shut parts of it down? Most "real world" systems aren't built to have the stool kicked from underneath them like that, so there will be data/business loss and pissed off customers (and in the case of Cloud also pissed off customers' customers).

The conversation was about side-projects where it's better to have it shut down than drain the owner's checking account. The alternative being an overloaded web server that becomes unavailable.

I just did some math on their calculator: https://cloud.google.com/products/calculator/

I think some folks may be overestimating their ability to put a dent in Google's infrastructure.

  1 CPU
  2GB memory
  80 concurrent requests per container instance
  1000ms execution time per request
  5kb outbound network bandwidth per request
  100 million requests per month
$120.19 per month

What if we bump it up to 100kb per request? In my experience only initial requests end up being enormous, especially in single page apps. But to be fair some folks may not have time to optimize. That still only brings the monthly bill to $1,071.48

Then again that second estimate probably isn't relevant since I typically host my static data on a CDN.

I'm not from the US, and the thought of "only" paying $1071/m for a side project which is most likely not generating revenue is mindblowing.

If you give me $1071-$120 = $951/month forever for optimizing an app once I'll optimize it for you :)

I can't say it's "only" $1071/month. I definitely wouldn't go broke because of it though. Especially if it's only a side project I probably would look for ways to reduce cost for subsequent months.

I don't know how optimizing comes into the equation. The app you build and deploy to Google Run leverages their infrastructure. A fiber optic cross (with just one telecommunications company) connect would cost probably close to $1000/month alone, but Google is probably peered with every telecommunications company in the entire world, and they don't have just one fiber optic line connecting to each of them. So, it's not really a one-time optimization when you put your work on Google. It's like I would be paying Google $1071 to rent the infrastructure of their entire network to receive and distribute data in my name.

Silly me I have last week made an infinite loop on Firestore - update to document triggered CloudFunction which updated document and Firestore is fast..

In just minutes I had passed free quota and here I have been lucky because I have checked console.

If I have left that version (and I have been sure it is just innocent commit) for a few hours running I would be up for a surprise.

Your setup is unrealistic. 100 million requests per month with 80 concurrent requests?. 1000 $ is cheap if you try to run wikipedia.com fully managed.

A lot of web stacks optimize for concurrency. Based on 2GB memory, which ends up being ~25MB per request (which for me is extremely high), I don't see it as being unrealistic. Especially for the use case I'm considering. Typically the only reason these boxes exist is to allow a web browser to gain access to data in a database, so most of the 1000ms per request wouldn't be spent in CPU, it will be spent waiting for the database to return a response.

Just loading the Javascript for a basic React app is way over 100kb though.

It's 6kb for React and 25kb for React-DOM if you do a production build. Still a lot in terms of JS, but not quite as much as you're saying.

Wouldn't it be better to do that over S3 / cloud storage? And would be much smaller once minified and compressed

I agree about being too scared to do business with Google. FWIW, I have a project that monitors an AWS S3 hosted web site every minute and takes it down if the charges exceed a quota. It ends up costing me 44 cents a month to run it as a lambda function but I think of it as insurance. Pull requests are welcome from whoever understands Terraform better than me because I couldn't figure out how to automate everything about the deployment.


> The risk of being locked out

For me, this is the main reason I try not to use any Google products, except for Gmail and Android. For mail, I started to migrate away from Google to reduce risk of being locked out.

Why not just make another Google Account just for this project?

It’s what I do since year, basically for every customer I work, I create a new account and even share the credentials with the customer (if he wants it).

I’ve heard about Google correlating these accounts (through billing methods, contact methods, access patterns) and banning them together when one infringes on something. I’m not sure it’s the protection you think it is.

Yes they do. If you want to bypass these rules, just make a ton of accounts and wait for a couple months and the use those accounts with whatever credit card you have (keep in mind that you should get another card from your bank because google can tell when your card is a generated one like privacy.com)

Won’t they just correlate the name and address on your different credit cards?

I don't recall ever giving my real name/address for any billing address/name, because most if not all the time, they don't really care (or at least I never seen a difference).

Has anyone actually been locked out of Gmail because of a google cloud bill? I don't think they are connected in the sense that your Gmail/Youtube/Android etc account will stop working if you don't pay.

Same with Amazon accounts and AWS bills for that matter.

I understand the concern though... and using separate accounts is probably best practice.

All those accounts are "related". Made from the same PC, used from the same phone, etc.

It's against the ToS to create another account to circumvate a ban.

> No way of limiting the expenses

This pattern seems common among business people: things working in the common case vs things working in corner cases, it’s how you end up with consumer windows running critical machines. I’m always shocked and moderately disturbed when I see it but I guess we all need to accept the reality that most people are very pragmatic. It makes sense, most people’s intuition comes from “the real material world” where you have to pragmatic, I think many of them fail to realize that on a computer you don’t have to give up certainty the way you do in “the real world.”

Loss aversion[1] describes the phenomenon pretty well:

> Humans may be hardwired to be loss averse due to asymmetric evolutionary pressure on losses and gains: for an organism operating close to the edge of survival, the loss of a day's food could cause death, whereas the gain of an extra day's food would not cause an extra day of life (unless the food could be easily and effectively stored).

For lots of companies an accidental over-use of tens or hundreds of thousands of dollars is an annoyance, but for a single person that could bankrupt them. I generally avoid programmatically interacting with cloud providers on my own time for exactly this reason. One mistake in a loop can get expensive fast.

[1] https://en.wikipedia.org/wiki/Loss_aversion

That's not quite what I'm describing, it's more like how people will ignore git error messages and randomly fiddling with things thinking "that's just how it is and I can't understand it" rather than figuring out what's actually broken.

These are really non issues. You can create a new Google account and setup a limit for the number of instances and alerts.

Also, show us how you would rack up a $100k bill for a side project that receives a traffic spike. It's simply not realistic.

I don't know how I would get a $100k bill from a spike. That ignorance is enough for me to avoid using the service - unless I know how the billing works, what my maximum monthly bill is going to be (with a hard limit that cannot be crossed), and exactly where all the gotchas are then I won't use the platform.

Auto-scaling magic is lovely in theory, but in practise it is hard.

Annecdata - a video streaming startup here in Newcastle that enabled DJs to stream live sets was used to illegally stream some football games. The subsequent bandwidth bill killed the startup. Yes, they got some things wrong with their tech, and security, but that's the danger that put's people off using "clever" services.

Wow is the ban thing a real risk that anyone can substantiate? That's horrifying and I had the same thought that everyone else did about using a burner email, which is apparently impossible.

Personally I don't think I can go straight up Heroku or DO because I like things like firestore/dynamo, S3, etc etc. But this is pushing me to move everything I do over to AWS. The only thing is I am very comfortable in GCP, so that would kind of suck. bleh.

> I cannot have a $100k bill to pay, it'd destroy everything I have.

Welcome to US healthcare. Happens daily! :)

That makes me happy to be an European

I'm not in the US, and would not dream of going there without health insurance.

Happens even with insurance.

The max out of pocket is about $8k under the ACA. That is a lot of money for a lot of people, but it isn't nearly $100k

There are a bunch of costs that could increase this number: having to deal with networks, having an emergency and having the max amount for a procedure exceeded, and, in some cases, your deductible.

Your deductible counts towards the out of pocket max

If I were to run any public-facing protect on Google Cloud, I definitely would use a separate account, created just for that. You never knows what might happen to that account. I thought everybody does this.

I wonder how hard would it be to run a script that checks your balance e.g. every 15 minutes, and shuts down public access to your services when a certain threshold is triggered. I wonder if a ready-made service for that exists in cloud providers' offerings.

Google somehow is able to link your newly created account to your personal/regular account. So if you some shady stuff with the new account, your other account is at risk of being locked out, too.

Has anyone gone down an account per side project and not gotten into a problem? And is there a warning before the banning sledge hammer falls

> - No way of limiting the expenses AFAIK. I don't want the possibility of having a huge bill on my name that I cannot pay. This unfortunately applies to other clouds.

It's surprising that no major cloud provide prepaid option, which would be handy for such.

Why not make a burner gmail instead of migrating out of Google

Google can (and frequently does) link burner gmail accounts with your real e-mail account.

What if you use a different google account only for this?

> The risk of being locked out.

It is a best-practice to have a GSuite account instead of a consumer-grade Gmail account to manage an associated GCP account.

It is a bit onerous for a hobbyist, admittedly. But if its anything more ambitious than that, do you _really_ want Google scraping the contents of your email while you build the Next Great Thing? Try not to use a consumer account.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact