Hacker News new | past | comments | ask | show | jobs | submit login
Free for Developers (free-for.dev)
967 points by fs111 on Feb 23, 2021 | hide | past | favorite | 197 comments

> Azure Kubernetes Service - Managed Kubernetes service, free cluster management

Since this one is the bane of my existence at the moment.

Yeah, this statement is technically correct, it is technically free, but you still pay for the VMs that are part of the cluster, and their disks. (Unless they can qualify for some other "free" metric.) But we've been using this, and we've had lots of spans of time where the managed API server will just time out requests. There's no guarantee on the free version; there's an SLO, but our metrics indicate that it isn't being met. (And our support requests were met with "upgrade to a paid SLA"… which we are, b/c we're a business, but if you're looking at this list, that presumably isn't you.)

FWIW if anyone's looking, the hosted DigitalOcean Kubernetes clusters are fantastic.

Despite being very early adopters, we've only had one issue and when we pointed the finger at them...the DO k8s team immediately diagnosed the issue, and it was our own fault. Woops.

Same with Scaleway's, both just work and are fully free.

Some time ago i compared them against the competition and they fared very well even against GKE:


I'm curious; do these host the control plane bits inside the cluster (on the VMs in the cluster, which I presume are not free)?

In AKS, the API server & its backing storage, as well as most of the core controllers are "managed", in that they run somewhere not in your cluster. But then, you hit the issues where they must consume resources, and someone at the end of the day must pay for those.

I'd almost rather they run in the cluster, since those are resources I can introspect & debug.

(In a normal "vanilla" cluster, not a cloud-based one, normally these would all run inside the cluster, unless you configured them differently. E.g., kubeadm builds them into the cluster.)

I think you're mistaken ( or i'm not understanding you correctly).

In a default setup vanilla Kubernetes, you have master nodes which host the master services ( etcd, kube-apiserver, etc. etc.), and worker nodes on the side.

With managed k8s, in most cases, the "control plane" ( what normally runs on the master nodes) is run by the cloud host, usually on shared instances ( Scaleway did a talk and it runs on dedicated Kubernetes clusters, in a namespace per client).

Indeed, then you're subject to limitations ( e.g. the kube-apiserver for you is limited to 1000 MB of RAM and if you need more because you do X, you're screwed), but that's always the case - if you run your own master nodes, they have limitations as well ( based on instance/server size), just usually higher. There's the added risk that another customer might sature an unlimited resources and impact your control plane.

In any case, I haven't hit any limitations with Scaleway's Kubernetes so far and haven't seen anyone talking about having hit one, while this isn't the first time i've heard about Digital Ocean. I don't know if it's due to size or because Scaleway have higher limits.

Just want to says thanks for such an in-depth comparison!

Totally agree. I have a DO K8S cluster that we've supported since launch and I've had a single problem that was fixed by replacing a node. The Azure K8S cluster we support causes problems monthly. The client was heavily invested in an MS stack already so we picked Azure but we're likely going to get rid of it in in favour of paying a little bit more for SQL Server on AWS RDS in future.

Unfortunately DO only runs linux, and when a core piece of your infrastructure requires windows, it's a hard sell to say "well we'll just host _that bit_ on windows, and everything else on DO"...

QQ: can DO k8s cluster scale up automatically with load ? And ,more importantly, can it scale down automatically when the load goes down.

Neither of those functions are something Kubernetes does itself at all. For clusters to have that kind of functionality it's usually implemented with something like cluster-autoscaler. If it's not implemented with cluster autoscaler there's a chance you have a really annoying experience when nodes go away since the orchestrator doesn't know and takes a while to decide the node is gone and things should be cleaned up/rescheduled.

Now that info aside, they do support cluster autoscaler.


Or maybe it's more appropriate to say that Cluster Autoscaler supports them? This tool (CA) does scaling in both directions and is highly configurable. At least, it is for other cloud vendors so I'd guess it's going to be so here too.

Aren't you missing the point a bit? I read that as "you don't have to pay someone to take care of your kubernetes cluster".

In regular setups, you pay for the resources, then you pay someone to take care of those resources. In the Azure's case, and AWS EKS and maybe google offering too, you don't have to pay that engineer or team of engineers.

Was an early adopter of AKS (after using the equally awful ACS) and wouldn't touch it with a barge pole. Remember being on engineering calls on a Friday evening with Microsoft engineers trying to explain the Kube master was completely broken. Volumes took 15 minutes to provision. Awful.

P.s. your first GKE cluster is free

My company has also hit capacity issues with the managed Azure Kubenetes that were not fixable as Azure users.

Please point it out if I've missed it, but any list like this, of information that is changeable, should really have a publicly posted date of when the information was last confirmed.

Indeed. They rapidly go stale. Many of these lists are out-of-date by the time anyone finds them.

Maybe it's different for services, but lists of software often list projects that aren't maintained.

I've never found anything useful from any of these lists. What I do find useful is people on HN talking about what software/services they use.

In my experience this specific one is well maintained, via community contribution.

Commit history could be used to figure it out: https://github.com/ripienaar/free-for-dev

That will only give you the date it was added, not the last time it was checked.

Wikipedia does that through bot, adding an "accessed <date>" to external links. I supposed you could do the same here. You could even use Actions to generate a list of entries in need of checking (e.g. haven't been checked in 6 months).

A bot can check that the link is not dead, but it can't check that the link still has the information claimed by the citation.

By "do the same" I meant you could put "checked <date>", of course you'd have to have a human do it. Which is why I proposed to generate a list of entries that need checking (by humans). Sorry this wasn't clear.

Sounds like a great experimental candidate for automation by something like GPT-3.

GPT-3 is a text generator. How would you use it to check links?

Text generation, when fed the data it needs, is a fully general task API. You would submit something like the following request to GPT-3.

  Wikipedia sentence: In 1735 a volcano on the island of Foobar erupted.

  Original article content: In the history of volcanic eruptions there have been many different notable eruptions. One occurred in the year 1601 on the island of Foobar. Another occurred 134 years later on the same island.

  Does the citation match: Yes.

  Wikipedia sentence: Bar Foobar was a prolific American poet.

  Original article content: In recent years, the number of athletes who have been added to the American Sports Hall of Fame has increased dramatically. In fact, the Sports Hall of Fame just added its 1000th new member, Bar Foobar, on June 15, 2014.

  Does the citation match: No.

  Wikipedia sentence: The leader of the Foolandian revolution was Bob Jones Sr.

  Original article content: The Foolandian revolution remains one of the hallmark events of the 20th century. It was spearheaded by Bob Jones Sr. who today has a Foolandian holiday named after him.

  Does the citation match:
GPT-3 then fills in the last part (adding a Yes or No after "Does the citation match:") and you'd vary the final "Wikipedia sentence" and "Original article content." You'd probably flesh out the examples a little and add a few more of them, but that's the general idea. GPT-3 is very very good at delivering results in the right format (given this input, I would be very surprised if GPT-3 ever delivered something other than "Yes" or "No"). Whether it would be clever enough to do the matching well is a separate story, but I think it'd actually do a pretty good job since this is pretty up its alley.

We need more of these as wikis, or GH repos that use robots to accept PRs.

Tried it and it didn’t work? PR. Found a new one and it’s not on already? PR.

Also, it would be a really nice bonus if “date added” was generated from the git commit that added the resource.

The coupon sites do something like this - all you need is yes/no buttons.

That could be bad due to spam though

Specially if you auto deploy it too

Some repos have already successfully used the vote method and that feels like a pretty solid defence.

> more of these as wikis, or GH repos

The people who live on GitHub are unfortunately unable to recognize any distinction.

So question for the masses,

I’ve wanted to setup a personal account on Google cloud, azure etc and take advantage of free stuff but I am terrified something will happen and I’ll mess something up or someone will mess it up for me and I’ll be out hundreds on my credit card. Any suggestions here?

Great list.

Meh, I hate the idea of individual devs signing up for clouds like AWS, GCP, or Azure. These are huge cost machines and are designed to serve fast moving startups and hulking enterprises. The best you can do is setup account limits and alerts.

The real answer is that if you have an understanding of networks and systems, then the cloud is just a data center with different considerations. Your company should be giving you resources like sandbox accounts that you can play in. This is how you'll really learn.

I strongly recommend setting up and using virtual credit cards, you can use them to enforce spending limits and spend maximums. There are several services that allow this, for example my CC company supports them directly or there are several services that let you set them up backed by a debit card. That way, if your hosting provider overcharges you it'll just bounce.

Bills don't just magically go away if you refuse to pay them.

They do to a degree. Nobody's going to court over a $200 bounced charge that you could argue shouldn't have been there in the first place. Most services will just close your account and move on with their lives.

But in the current climate of big tech oligopoly, they don't have to take you to court to make your life miserable. They can simply ban you from their services and make your professional life much more difficult for the rest of your natural life.

When the pandemic hit, flights were cancelled, and refund requests were unanswered here in Canada, many were afraid of requesting a charge back through their credit card company. In a country with only two major airline companies and a size that is too vast to travel by land all the time, getting banned from one, if they choose to do it, would make one's life so much more difficult. Tech is not far from that in terms of oligopoly power.

They're not That Smart. A new email address and PO box is a new person.

Was there ever a precedent of an airline ban over a chargeback where a refund was warranted?

> A new email address and PO box is a new person.

Not to airlines, which have your full legal name, date of birth, and passport number on file.

Not to big tech either, which are in practice giant surveillance companies and have mastered the art of tracking everyone and anyone on- and offline.

> Was there ever a precedent of an airline ban over a chargeback where a refund was warranted?

I don't know. But many people would not have the time to research this to their satisfaction, nor would want to risk it and find out the answer the hard way.

This is a valid strategy, but some companies already disallow virtual/prepaid cards, Scaleway for example.

Is there a way to do this for people based in Africa? My cursory searches came up empty...

PayPal can provide virtual credit cards, if I remember correctly.

Set up a budget. At least Azure has those, and you can set whatever limit you want. If you hit the limit, the access will be cut off (and VMs shut down, etc). Your data will not be lost, though. When the new billing period rolls around, all will be back to normal.

I highly recommend something like this if you want to learn the cloud and do not have an employer to sponsor an account for you.

All these suggestions of using a throw-away CC number to avoid paying the bill are just unethical, IMO. No need to resort to those measures.

Be careful with that. On AWS, at least, you can get a massive bill before the limits kick in.

There have been horror stories posted here before.

Grab a revolut account. They're free, and they have a tool called 'digital temporary card' that is good for one use. After the card number is used, it's cycled.

Not affiliated, I'm in Aus and I use my temp card for anything I don't want to be ongoing. Doubles as a breach safeguard (my credit card involved in a DB dump doesn't matter if it was a one-off number).

There's other good reasons to use revolut but will save it :)

If you do something like this do NOT sign up for AWS or Google Cloud with your “main account” as a denied card can get your entire account lost.

Also, don't use virtual cards with Google Cloud. My old boss used his shiny new Apple Credit Card, which has a virtual number for non Apple Pay charges.

His entire account got locked out until he was finally about to get ahold of someone in billing to reverse it.

It was right around the time that this article: https://smartprivacy.io/learn/i-got-banned-from-google-ads-f... was making the rounds.

Hasn't been my experience, but good to hear.

Based on stories from HN I would totally separate these accounts from any personal accounts. Even separate it project based. It any of them gets canceled, locked you shouldn't lose access to your personal mail or mobile phone.

I was on the free Redhat Open Cloud (rhcloud.com) for the years it existed. Thus I would never use the free Oracle cloud.

Since then I'm a happy free Heroku user, but also tried Azure, Google, AWS. Azure had the worst UI and features, but the others similar bad. Google also cannot be trusted for such a freebie, because of their random PM policies, Amazon forgot why. Both high risk to pay unexpectedly.

Buy a $25 Visa gift card, spend $20-ish of it elsewhere, and use that for the account. They may post a charge of $1 or so to initially confirm the card.

(I've had success with this in the past but apparently results can vary - some services may block a prepaid card)

Can only speak for AWS.

Don't do it, Amazon's whole shtick is having such opaque and illogical and convoluted pricing that you just throw your hands up and let it go.

Does anyone know of a decent tutorial for building low-volume / prototype interactive web applications using one of the major cloud-hosting providers, wholly within the free limits?

Any framework would be interesting for learning purposes. I have some older MVC .NET sites and I poked around with Azure free Windows Server VMs, but the performance is so painfully bad; if you do anything, you run out of memory. But I'm gaining proficiency in NodeJS and Python, and hoping to learn how to take advantage of free tiers for practice in development and testing. I imagine it can all be self-taught/learned, but if there exists documentation to go through the motions in the learning process, I think it would help a lot of people.

Have you tried Heroku? Deploying via git is pretty handy. I've mostly moved to using Dokku on the $5 tier of DigitalOcean, but the approach is simple.

I haven't. That looks super promising! I find AWS/Azure almost intentionally obtuse in their pricing and setup/configuration. This looks like they focus on the opposite!

In the context of AWS Free Tier, the non-obtuse option is you do the EC2 t3.micro with Linux on it, maybe also the RDS t3.micro, and you ignore all that make-things-harder-so-consultants-can-charge-more nonsense. Install your own nginx, install your own node or python or whatever, ignore all their obtuse crap.

Heroku is cool, too, though.

There's no "always free" AWS tier though, correct? You're still going to end up paying for the app after 12 months, or am I missing something?

That's also my understanding. Heroku, on the other hand, has no time-limit on their free tier, but it's always kinda broken (startup times). AWS's free tier is the real deal. That's a trade-off.

But that's orthogonal to the point I was making, and the comment I was replying to. If someone likes Heroku because of it's pricing clarity and its ease of setup... well, the pricing simplicity of an EC2 instance is just as good, and the ease of setup is even better.

More broadly, if you're evaluating them against each other....

Heroku isn't the easiest to set up, nor is it the simplest. It's not the easiest because you have to learn a bunch of Heroku-specific things, that you'll just have to reinvent/relearn/etc if you ever want to switch providers. To call it "vendor lock-in" might be a bit of a stretch, but it has aspects of that. With EC2, it's just server management, same as it ever was, same as it'd be on some other cloud.

(Note that many OTHER AWS services are far worse than Heroku in this respect. And/or better, depending on your goals.)

Heroku aims to be a sweet spot. A few hours (or days, maybe) invested in learning to use it properly, and you get a pretty reasonable bundle of tools and support and so on. But if you want to dive deep, Heroku's probably a waste of time. And and the other extreme, if you don't want to learn anything about an individual provider's proprietary crap, then Heroku also will not work out that well for you. Saying "this is our sweet spot" is a respectable position, even if you don't like the sweet spot.

(Personally, I'm still boycotting Heroku over their years of misrepresenting their "dynamic mesh routing", which was always fiction and which they lied about for years, and charged customers for something that they knew full well they weren't delivering. Don't get into bed with sociopaths, even if you like their sweet spot.)

> Heroku-specific things, that you'll just have to reinvent/relearn/etc if you ever want to switch providers. To call it "vendor lock-in" might be a bit of a stretch

It’s an understatement, not a stretch.

Heroku has always seemed really interesting/cool/clever to me. The tradeoff has never been worth the investment when I’ve considered using them, personally or professionally. Their operating model is far too different than every other cloud provider’s.

Amazon has another offering called Lightsail [1] with simpler pricing. It might work better for side projects.

[1] https://aws.amazon.com/lightsail/

Curious to know more about what specifically you find obtuse about pricing? I've used Azure a lot, and don't recall any ambiguous pricing.

While I was doing the "free 30 days + 12 months of free stuff", a certain level of MSSQL was listed as free, but hidden under that is creating the storage for MSSQL which is a separate and additional cost that you cannot avoid. (At least, not that I could figure out.)

By the end of my 30 days, I found the bare minimum performing low volume .NET + SQL on Azure was going to be $30+/month even for just a prototype/development site, and I can pay less elsewhere for higher performance (though perhaps less control). And when I say "performing", I just mean the VM not being too slow to actually use as a UI, and throwing low memory errors constantly. The free tiers for Windows Server are, in my opinion, unusable at all.

I run a hobby .net core website on a $5 digital ocean instance and it runs fast as hell. You definitively don't need to spend $30. I'm using a PG database but it looks like maybe it would even be possible to run SQL server on a 2GB instance.


You just have to bite the bullet and learn a few linux admin tasks like setting up nginx, supervisor, file permissions.


You do get some free storage with the free tier database, but it is only a paltry 32MB. Additional storage is only $0.221/GB/m though. The paid cheapest SQL database (B0) is only $5/m, which comes with 2GB of storage. In practise, this is absolutely fine for light usage.

By .NET + SQL, I assume you mean you were using an App Service? They come with a lot of convenience, but I definitely agree that they are too expensive, especially when considering the level of compute you get. I raised this with someone from Microsoft before, and they said they were confident the value offered was worth it.

There is a free tier for App Service though. It's a shared compute model - I tried it a while back, and the performance was totally fine for light usage.

I wouldn't try to run Windows Server on a B1S, as they only have 1GB of RAM :) You might just about get away with it for Server Nano, but I've never actually used it. Best stick with Linux or BSD for these tiny VMs.

If you search for Scott Hanselman's Penny Pinching blog post series, he details how he runs a couple of his high volume sites for as cheap as possible in Azure.

Another vote for Heroku. If you can get it running locally, you can get it running on Heroku. Their help docs are mostly helpful (not perfect), and if you’ve been able to get this far then you’ll have an easy time with it. The free tier has forced downtime, but I think the lowest non-free tier is only like $7/month.

Edit: also, if you find that you need other cloud offerings from AWS or Azure, you can combine it pretty easily. I did image upload to S3, for example, from a Heroku app.

What about ASP.NET + Azure? I'm still having wet dreams after using it on a pet project last year. Azure even has like one click deployment for it- super easy. Alternatively, Heroku is supposed to cater for this,or Elastic Beanstalk if you want to go AWS route.

I tried the Azure try out for 30 days. Unfortunately I missed the one-click deployment stuff. Maybe I was looking in the wrong place? But I mean, that's the thing. I created the account and was looking at the UI - but didn't find that. So maybe I'm terrible at reading web pages, or maybe the UI isn't designed to get me where I need to go.

I believe I was using this one st the time: https://docs.microsoft.com/en-us/visualstudio/deployment/qui...

I suspect that pretty normal development using Python, Node, or Go would fit free tiers of various AWS services, provided they are not serving a lot of requests.

I've used firebase and I would say is perfect for what you describe. No idea how it would work for a bigger project though

My 2 cents on this - I have used the Oracle Cloud free tier trying to get the VMs running. The default resource usage seems higher than what you would get on Hetzner/ionos/digital ocean and the resource monitors are a good chunk of that usage. Configuration was also considerably more difficult for someone with little experience such as myself... Achieving the same task (setting up a BookStackApp server) took considerably longer than it did on most services on which you pay.

What I'm trying to say is that you do get what you pay for (or don't).

I'm sorry that you experienced that. I work on the team responsible for the instance agent. We're aware that there have been performance and resource issues with it, and are always trying to drive down resource usage. If you're okay without any metrics for the instance, you can always completely disable the agent.

Over the last several months we've migrated most things to Go (which was always the ultimate goal), and introduced a plug-in based approach with it. Recently we enabled a feature to allow you to enable or disable plug-ins used by the instance agent dynamically.

On the Free Tier with your VMs it's currently impossible to get a cluster (with say MicroK8s or K3s) up and running and responding to requests. Either the free resources limits quoted are wrong or something else is afoot.

There shouldn't be any difference between the quoted resource limits and reality, if there is something is definitely wrong, and I want to get that identified and resolved.

I haven't had time / opportunity to look in to Microk8s or k3s. Would it be straightforward for me to replicate what you were seeing? Just follow a simple online tutorial?

Note: We built/build OCI with security in mind, and encouraging a more secure-by-default approach. All of the standard platform images come with the firewall enabled and locked down, and the default network security groups are locked down too. One example brought up in the earlier days of the platform build out were all those times you see people's MongoDB accidentally exposed. Obviously this is a total guess as to what you ran in to, it's definitely something that trips up customers.

I did open ports I thought I needed for K3s and MicroK8s but I may not have caught all of them. Any simple online tutorial should get you to where I was!

It'd be really great to show developers they have a place they can make toy clusters without having to worry about gotcha charges.

Oracle cloud pricing seems competitive against the big 3, and providing 10TB of free egress is very generous by comparison (that'd cost you around $1k with the big 3!). But Oracle has such a terrible reputation for behaving like an absolute shit, that I've never really considered with any seriousness, or even signed up for a trial.

Would be interesting to see a comparison of Oracle cloud to AWS/Azure/GCP, from the perspective of a developer or architect. If of course Oracle allows such comparisons in their terms and conditions...

> If of course Oracle allows such comparisons in their terms and conditions...

Gold, Jerry. Gold!

I would argue that Oracle had more to do with that than the fact that it was free... Using the paid version would probably have been even more difficult.

I appreciate there's an uphill battle here to gain HN user trust. It is Oracle after all. OCI is a very different from what you've seen from Oracle in the past. It was created by ex-AWS, Azure, and GCP engineers, based on our collective experiences within those platforms. From some regards you might say we are to Oracle, what Azure was to Microsoft earlier on. A wildly different way of doing things.

Using standard / paid instances should be no more difficult or hard than using free-tier ones, other than the obvious need to have converted to a non-free account and, I believe, sorted out payment methods. They launch and run the same way, just when you have a paid account you can launch on larger instances. We've got enough things we want to do with the cloud, without having to resort to building lots of separate experiences and code paths for free tier accounts.

Disclaimer: opinion is entirely my own, may not reflect the opinions of my employers, etc.

Is Oracle going to start putting their OCI API client code into distros and get distros official accounts for distributing images etc? (Debian would be my first choice for this)

I'm not sure what the plan is for the SDKs, that's handled by a completely different team.

The SDKs are open source and can be installed fairly easily, e.g. the python sdk is up in pypi, as is the oci cli.

Vendors are welcome to sign up and start publishing images via the marketplace on our platform. That's an option available today, without specific need for OCI to engage. SuSE are in there, for example.

Would be nice if this had a newsletter for updates like "Hey, X is cutting costs and your free happy meal will be cut to 2 nuggets starting 1st of March, and end completely next June"

It would be a nice to indicate with a small symbol next to each whether you need to give them your credit card details or not.

This is my common issue with "free" services. It's free, but you have to input your credit card. Ah and also, if your website blows up, such as from being top 10 on HNews, you'll have to pay, but don't worry about that now.

One trick I have used to overcome this is to use a virtual card service. If you have a Capital One card, you get this for free (download "Capital One Eno" extension), but there is also Privacy.com which does the same thing linked to any bank account. So when someone needs a credit card, I will generate a virtual card (right inside the browser plugin, its really slick and easy) for that website. They will verify the card, and then I can go and deactivate that card. At least with Capital One you can keep the virtual card open, but just deactivated so it declines if they try to charge it. If you ever decide you want them to charge you then you go flip the switch and the card number works again for that site. I generate a different virtual card for every online subscription.

This allows you to get around the credit card wall, without fear of them actually being able to charge the card.

I also use this trick for any annual membership type things. I will put in a virtual card number to pay the annual fee, then after they charge the fee I will deactivate that virtual card (but not delete it). Now if a year from now they charge the card without warning me, it will decline. They usually send you an email saying it declined, at which point you can either leave that card deactivated and you now easily cancelled the service, or you want to keep the service you can go and activate that card back up and the next time they try to charge the card again (usually 48 hours later or so) it will go through.

If anyone knows of other ways to create virtual cards, please let me know. I am currently using Capital One's virtual cards because 1) it is free if you have a Capital One credit card, 2) it allows unlimited virtual cards, 3) their browser extension is actually really slick at auto-generating cards and filling in the card numbers for you. I have looked into Privacy.com which actually offers a lot more granular control over your virtual cards. But you have to pay monthly for the service and get a limited number of cards, so I stick with Capital One. I have a Capital One card that I don't use for anything other than online subscriptions and virtual cards. But I would love to know if there are other options out there that I could consider.

I don’t think that having an invalid c/c absolves you from debts accrued when using services that have traffic thresholds for switching between free and for pay.

This is definitely a limiter for me when signing up for these free sites: it usually is couched with language along the lines of you don’t want your business to be impacted by us turning off your service, but I am not joining as a business, I am joining as a “I am a developer investigating if this is worth it for my business”

I would prefer plans along the lines of “pay us $10 to activate, if you go over traffic we cut you off but guarantee no other charges, if you leave we refund your $10 no questions asked” or “no charge upfront, if you go over the free tier we charge up to $10 once only and then cut you off”

> If anyone knows of other ways to create virtual cards, please let me know.

privacy.com (https://privacy.com, or If you want to use a referral, privacy.com/join/NPNDJ ) is also free and works across any bank/debit card, although just recently they started monetizing by limiting free accounts to creating 12 virtual cards a month, so if you need more it's $10/mo.


> This allows you to get around the credit card wall, without fear of them actually being able to charge the card.

Note that services can see if a card is virtual and might block them from signing up for free trials. Digital Ocean, for example, does this to prevent referral fraud. Netflix also used to block virtual cards from signing up for the free trial when they had one.

Do you know how they detect virtual cards? I have seen some scripts which detect whether card number is valid CC or not. But never heard of validation of virtual cards.

It's not inherit to the card, rather it's pulled via info from the card network (visa/mc/amex/etc). Stripe, for example, returns `card.funding` which is either credit, debit, prepaid, or unknown - blocking anything other than credit or debit isn't bad for SaaS businesses who doesn't want prepaid cards anyways[0]. Outside of that, you can use the IIN/BIN (first 6 digits) to build a blocklist of virtual-card-issuing banks[1].

0: https://stripe.com/docs/api/payment_methods/object#payment_m...

1: https://developers.braintreepayments.com/reference/response/...

> blocking anything other than credit or debit isn't bad for SaaS businesses who doesn't want prepaid cards anyways

It's not clear to me what you mean here: do you suggest SaaS businesses should reject those customers who prefer paying with prepaid cards? Hello, this is me! When I see a prepayment option or even Paypal, I gladly pay, but when you want my credit card info, I wave you good bye!

> do you suggest SaaS businesses should reject those customers who prefer paying with prepaid cards

Not the parent, but: yes, absolutely. Prepaid cards are for making one-time payments. They are not suitable for setting up ongoing subscriptions, and it is entirely appropriate for a merchant to reject them in this context.

> Prepaid cards are for making one-time payments. They are not suitable for setting up ongoing subscriptions

Why? Because from the point of the view of the customer, they are the best fit for that purpose.

> Because from the point of the view of the customer

From the point of view of a legitimate customer who intends to pay for a service, a prepaid card is a poor fit for an ongoing subscription, as it will stop working unpredictably when its funds are exhausted (causing it to start rejecting all charges).

Optimizing for customers who intend to ditch a service without paying for it is not a goal.

I'm sorry, but this makes no sense at all. The only difference between these two scenarios is who is in a position of power. If I use a prepaid card, it's not because I intend to ditch a service, but to control the costs.

A simple example of one of the services I use, Mailerlite. When the funds are depleted, I receive an email from them they were unable to charge me this month and they downgraded me to their free plan, and they will try again in two days. I then charge my card, they charge me and everything is fine. You don't want people like me - fine, you will have less customers. And I'm a very loyal customer, cases like failed payment happen maybe once 2-3 years.

The first 4-6 digits of cards are called BIN (Bank Identification Numbers). Every bank has there own. So if you started your own company called codecutter virtual cards. You will have to get a BIN from Visa & Mastercard. Say your BIN is 5123-45 then all the cards you issue will begin with 5123-45. Anyone in the industry can obtain a list of all who owns' all BINs and the type of cards is it. Gift card, virtual card, credit card, debit card, etc.

Card numbers all come from BIN ranges, most likely these virtual cards are all issued within some specific BIN ranges (meaning you can tell them apart based on a certain # of prefix digits).

> If anyone knows of other ways to create virtual cards, please let me know.

To extend the plea, if anyone knows how to do this in Canada, I’d love to know. As far as I know the services that exist are USA only.

Might be because of clamped regulations[0] - most of these third-party virtual card issuers, including privacy, make money from interchange fees, but when those are reduced (for good reason) it becomes less profitable to support that country.

However, one service that is doing this is Revolut which has a private beta for Canadian users and will provide virtual cards[1,2].

0: https://www.bloomberg.com/news/articles/2018-08-09/visa-mast...

1: https://www.revolut.com/en-CA

2: https://www.revolut.com/en-CA/legal/premium-fees#card:~:text...

I have Citibank DoubleCash card and I can generate virtual card number for it. Typically it is for one-time use because the expiration date generated is for next month.

I have a Google account for like 14 years or so, although I no longer use it for anything other than YouTube. Yesterday I tried to watch some age restricted video on YouTube and they've suddenly asked me to confirm my age by either giving them my credit card details or a scan of my ID.

Nothing that mpv with youtube-dl couldn't solve, but still.

> asked me to confirm my age by either giving them my credit card details or a scan of my ID.

These people have no shame. Frankly, I wonder how far they will go.

You mean politicians? Governments play a role in mandating age verification.


So on one hand you have GDPR to protect your privacy and on the other they made it so you have to give up your entire identity to them anyways. Brilliant.

But let's also not forget that Google is (was?) parsing your banking info from your emails with transactions and purchases, and there wasn't even any option to turn it off.

I think the information they get from your ID isn't supposed to be used other than to set an "age verified" bit on your profile.

We've been on cloud run for the last six months. We run our monolith (Spring boot) as a Docker service. Cloud build for CI/CD. And Firestore as a not great but free database. We even increased the instance size (1GB, 2vcpus) to deal with memory issues & spring boot and it had no impact on our cost (we are still below the threshold).

It's an awesome deal for basically 0$ bills every month (we pay for a few other things though) and great for us as we are a small startup bootstrapping at the moment. It more than handles our development and early access traffic.

This 0$ setup gets us highly available docker + firestore for absolutely nothing until we hit the freemium threshold. We went over by a fraction of a dollar on a couple of occasions when we did big imports, etc. But we won't start paying until the point where we have recurring revenue and users basically causing increased traffic.

I also like not having to deal with devops for this. No faffing around with doing terraform, setting up CI, writing complex deploy scripts, etc. Frees up a lot of my time. If you have done any of that in the past years, this is shockingly easy in comparison. A simple wizard, couple of clicks and you have your docker container building and deploying straight from github. I was not expecting this to work and but then it did on the first try.

Switching the whole setup to using vms is super easy to do at any point since you can basically just tell it to run a docker container. It's nice to have that option. But then you need multiple vms, a load balancer, etc. and before you know it you are looking at more like 75/month. Add a decent database and it gets worse. High availability, worse still. And you need to do the devops to connect all these bits of infrastructure. You will blow more on staffing cost than hosting. Even a single day spend by a senior that can actually do this would cost you like 1000$. Lets be fair, it's never just a day.

IMHO this is what most deployments should be like: bog standard docker thing, go run it and take care of all the things that aren't optional like giving me some dashboards, alerting, etc. and just pay for what you actually use.

> We run our monolith (Spring boot) as a Docker service

Does Cloud Run's free tier 'sleep' containers when they don't get regular traffic? Several years back Heroku nerfed their free tier -- they would proactively place low traffic apps into 'sleep' mode so the next request would have a noticeable several second long delay.

I ask because our SpringBoot monolith takes 30s to startup, and has bursty traffic, so I was of the expectation that Google Cloud would probably 'sleep' low traffic containers like this also. Would be nice if that were not the case.

You can set the minimum instances to 1 (default 0) or simply call the service regularly from somewhere. Both approaches work. When it gets killed, we have a 30 second latency on the first request. If you have a busy server, it will pretty much stay up.

I actually only set the minimum instances to 1 a few days ago as we at this point are preparing to onboard some customers.

Take a look at the recently introduced minimum instances setting : https://cloud.google.com/blog/products/serverless/cloud-run-...

It will starve the container of CPU, but might not 'sleep' it for a while. So wake time can actually be really quick if you have had traffic recently.

It would be neat if HN could offer something like "Login By Facebook" that returned user/create date/karma. Would make a nice testbed for offering free stuff while having some high pass filter like "HN account > 3 months old and has > 500 karma."

What about those of us with 10 year old accounts and <500 karma since we're quiet? :).

Those should definitely also count. Yours, however, is only 9 years and 4 months old, so no free stuff for you!

Exactly this. Thanks for giving me the opportunity to write a comment, quite exceptionally

Couldn't help but think of:

Brian Called Brian: You don't need to follow me! You don't need to follow anybody! You got to think for yourselves! You're all individuals! You're all different!

Man: I'm not...

yes, I'd personally say that a more interesting group is the subset of people with 10 year old accounts and karma between 50 and 500 points :D

There are plenty of us, not sure why we'd be an interesting group though?


I disagree. I rather have people post honest, thoughftul opinions rather than pander to a crowd with low quality feel good posts to get freebies.

This is why I sometimes enjoy browsing a certain technology forum that shall not be named. It's all anonymous and you can bet that people will at least be honest with their feedback.

It would be harder to gamify account age.

The most common hack for this has been verification using “about” field.

A website asks for your HN username, validated the age, gives you a random string to add to your HN about page.

Once done, your accounts are now linked!

And, positively or negatively, it offers a form of promotion for the website.

Not necessarily, if the token is just a random HMAC for eg.

I'm the only developer out of all of my colleagues that even knows what HN even _is_.

It's simultaneously surprising and yet also not surprising how niche HN really is.

I’m the only one who stuck to it. I’ve given the address to all my interns along the years (and my employee), none of the interns read it.

Perhaps that is why I’m the entrepreneur ;)

But they make me feel like a boomer. Why gets their info through plain text?!?

Sounds like this could lead to another Hacktoberfest situation where people just post low effort comments and posts on hackernews just so they can get over the threshold. And some people might even make tutorials.

Right. So it seems like if I were going to do it, it would have to be based on things that happened before any announcement. Like account age, comment/submission activity prior to announcement, etc.

How do you feel about the Stack Overflow solution to this problem?

My app has 300 features. Beginners get to use 8 of them. Once ten people think you are not a wretched toad, you get to use 20.

Once you've solved a problem for 200 people, you can edit other people's posts.

In fact doesn't HN not let you downvote until you get 500 upvotes? It's been a while.

It seems to work well. I am an occasional contributor so I don't have very much power there but I understand that communities collapse without this control since they get dominated by drive-by losers. I'm not one, but there's no signal I can provide that I'm not one. Metafilter has the model where you spend money as a signal that you're not one. I guess I'd pay $20 one-time as an upgrade that is revocable.

I am a Wikipedia auto-confirmed user, so that lets me make articles without needing to go through the process, so that's nice.

The problem with all of these sites is that they don't also police the opposite side: the obsessive guy who spends all his time on the site and attaches all of his identity to it so he is just a negative person despite having lots of 'karma'-equivalent.

It's like the value-to-community vs time-spent curve is like

    |           -
    |          - -
    |         -  -
    |        -    -
    |      --     -
    |    --        -
    |----           ---
    |                  -
    |                   -

In fact, maybe HN should have a high-karma warning. "This user spends so much time on HN they can't possibly be productive in real life. You are getting the town drunk, not the star of the pub"

"This user spends so much time on HN they can't possibly be productive in real life. You are getting the town drunk, not the star of the pub"

I'm medically handicapped and "have no life" which is why I spend so much time online. When I first joined HN (July 2009), I figured everyone on the leader board here was basically some loser with no life.

Not a big slam because I figured they were fairly intelligent losers. But I did figure "You people are spending so much time here for the same reason I am: You desperately need to get a life. (Only you seem to have less excuse than I have for your failure to get a life.)"

That proved to not be an accurate assessment of the situation.

Your point is not irrelevant, but I will suggest that karma count on HN is not a good measure of anything at all other than time spent actively posting on HN -- which, in some cases, is cumulative over many years and in some cases it is not.

Some people here certainly are "the town drunk." And some people with high karma are people who have been here a long time and contributed a lot of good stuff while setting their ego aside and so on.

> maybe HN should have a high-karma warning

My intuition is that this is less of an issue on HN than on Wikipedia.

At one point in time, I was contributing at Stack Overflow just for the fun of it, and I answered some fun programming questions. After a short time I ran afoul of some of the obsessive types that you describe, and that was the end of my time at SO.

I need to hire you to talk to a community member I'm having trouble communicating with. Good stuff.

This would have been a killer feature on dating sites around the time I was using them: some people were spending more time on those than there were hours in a day:)

When a measure becomes a target, it ceases to be a good measure.[0] Refer also the law of unintended consequences. [1]

Conveniently we have a natural experiment from a year or two ago we can refer to.

Stellar Lumens offered some free cryptocurrency to existing users, via Keybase accounts that leveraged external auth-equivalence (such as HN). It backfired spectacularly for all involved. [2]

[0] https://en.wikipedia.org/wiki/Goodhart%27s_law

[1] https://en.wikipedia.org/wiki/Unintended_consequences

[2] I think this is it - keybase.io's original blog post (referenced at [3] ) is 404'ing.


[3] https://news.ycombinator.com/item?id=21758671

Did the Stellar Lumens offer extend to brand new accounts?

Edit: Ah, I see, people tried to find dormant HN and GitHub accounts. https://www.coindesk.com/stellar-tried-to-give-away-2b-xlm-t...

Yup, I couldn't find the details, but IIRC it was a combination of people generating new accounts in the hope of catching a second round, and the fact some people had signups for Keybase auth on only one or two systems, and also IIRC even if your Keybase account pre-dated the cutoff date, you needed three associated auth systems configured in order to qualify for the coin drop. So there was a huge surge in signups for Github & Hacker News to tick that box. Doubtless some surge was related to people hoping to get in on a (speculative) second drop date.

> "HN account > 3 months old and has > 500 karma."

This is kind of gatekeepy coming from an account that's not 10 years old yet. :-P

Ah yes: the old "HN karma == developer" myth.

No, just a stab at some kind of filter to offer something for free without an avalanche. It's imperfect, as any other filter would be. Perhaps account age and some activity existing before the announcement would be a better filter.

It’s probably not a bad selector for “people who’s usage of my tool will lead to sales down the road”

I would be totally into OAuth-type integration with HN that I could use to lock people out of my site.

Absolutely not, there are already people on HN pandering to the crowd just to get karma points, let's not make karma points more meaningless than they already are. This suggestion is so rich coming from someone with 34,500 karma points.

"This suggestion is so rich coming from someone..."

Meh. I made up a threshold I thought might keep abuse of a free service down for a testbed. I picked 500 since I thought that was the HN threshold for downvote ability. Sure seems to have stirred up the crowd though :)

It's interesting that I've using HN for nearly 2 years,yet today was the first time I checked someone's karma. Didn't know it was a thing.

That is a great idea, i could sell my account for a few thousand

It must not be difficult to reach ~2K karma using a GPT-3 comment bot in a few days.

I have a Certificate in GIS and I know a little HTML and CSS and yadda, but I don't really write any programming languages. So I don't have a good sense of where they are drawing the line here for things that fit or don't fit this list.

Their section on Data Visualization on Maps lacks a link to Stamen Design free tiles, available under a creative commons license.

I'm wondering if people here think it's worth submitting a pull request or if that sounds like it is outside of the scope of what they are trying to curate for some reason.



Stamen could definitely be added as a free tile host (as should OSM themselves), but I would specify that it's the hosting service that's being offered freely, not just the tiles themselves.

While the tiles are free (CC) I would say a list of freely licenced downloadable resources/assets for devs would be much bigger/broader in scope.

Thanks. I've tried to do a little reading up on Saas, Paas and Iaas and tried to understand this a bit better. I'll try to do a pull request in the next day or two.

For me, Stamen Maps have been a big deal for stuff I do. It took me forever to find something of this caliber that's suitable for my aims, but I'm just doing maps for various projects and not some kind of GIS thing.

> I've tried to do a little reading up on Saas, Paas and Iaas and tried to understand this a bit better

To distill this down for the purpose of this specific topic (map tiles):

- the map tiles being provided under CC is a copyright / right-of-use / legal intellectual property thing. Nothing to do with any provision of material service by Stamen

What Stamen provide that's relevant here is a service, that's somewhere vaguely in between SaaS and PaaS.

- SaaS would be if Stamen provided some kind of maps website, with accounts, etc. for working with data & displaying maps. They don't really do that fully.

- PaaS is a bit closer to what Stamen do: they run a server and host their own map tiles. You can point your website at their server, and they pay the hosting cost of the traffic you send there. (PaaS as a buzzword technically involves a bit more than this, but this would be a subset of it).

- IaaS is an unrelated thing here: this would be like if they offered servers for you to go and host your own map tiles on, along with a load of tools for managing those servers.

TL;DR: The CC-licencing of tiles is about releasing "artwork"/IP? (is there a better term for map styles??) that they've already created. Tile-hosting is about paying for internet traffic of the browsers hitting the server where those tiles live.

Thank you.

> Unixtime - Free API to convert Unixtime to DateTime and vice versa.

Can anyone explain why would you want it as a service?

If you click the link, it documents the reason for its existence: "This WebService was built in 20 minutes using..."

It is intended as a "next step after hello world" example for an unoriginally named low-code integrations platform, rather than being someone anyone thought someone might need it its own right.

It would have been perfect if on a .whynot tld

Anyone on here make use of the free tier of any of these?

While I've known of some of the free tier things on AWS, and Google Cloud, I never made use of them long term.

I'm using Oracle clouds free tier for the 2 free (tiny) VMs.

I use them to host a bunch of misc. scripts/programs I've written, a discord bot I wrote for a server I'm in with some friends, my calibre ebook library is also backed up there and the calibre content server is running so I can access it over the internet should I want something to read and be away from my computer.

Mostly good experience, if not the most user friendly. The data transfer allowance on their free tier is fantastic, which is definitely the exception from most free offerings I've seen.

Yes, I've been using the free tiers of google cloud, oracle cloud, trello, github, freshworks, GA, datadog, and sentry.

I'm interested in some feedback on this point too. I'm currently looking at what Oracle has to offer as it seems to be the most straightforward, and also seems to have a simpler pricing structure compared to AWS or Azure for the small addons I may need.

I use lambda to pull some stuff into S3 and DynamoDB (S3 is not free though, and transfer out of AWS is DEFINITELY not free, it's almost always the majority of the cost).

I also use Cloudflare for my static website on S3.

I like free google cloud shell. It's nice to have a place to troubleshoot things from an outside network. Yandex's email is nice for some things also, bring-your-own-domain and 10Gb, no cost.

Heavy user of free AWS Lambdas ... although I might be paying $5/mo for everything combined these days.

Shout out to https://docsify.js.org/#/ on which this site is based. Great tool to get a doc site ready in minimal time. My personal experience with this is also amazing :)

It's mildly amusing to see kudos for a solution that lacks any <noscript> support.

I got a kick out of this list. Especially this sublist:

> (note: You must pay if you use .casa, .cf, .click, .email, .fit, .ga, .gdn, .gq, .loan, .london, .men, .ml, .pl, .rest, .ru, .tk, .top, .work TLDs due to spam)

Makes me want to search my spam folder for .gq out of curiosity alone.

What is wrong with these TLDs?

They all have very few legitimate users, and are frequently used by email spammers (typically because registrars have offered the domains at a steep discount or entirely free for the first year).

I'm sure that at least .ru and .pl have lots of legitimate users, but likely lots of spammers too.

Crazy, noticed a traffic spike on my page from free-for.dev - and it's just one in a (very long) list. Must be a ton of traffic there now.

WRT Dynamodb the "25 Gb" free bit is not as useful as it might be because it's the Read and Write Units which might bite you and those are not directly related to data size but are also affected by how you've structured your data. It does mention the bit about the Units on the click through but I'm just saying you want to drill down into these things when it's more subtle than "so much disk" or "that many minutes of EC2".

I'm not bagging the whole thing by any means, it looks like a really useful list but some things are a lot easier to understand what you're getting for free than others.

I would add the "Editors" category including embeddable editors. For example TinyMCE as html editor, BEEPlugin for email/page editors...

really impressed with Azure's new UI... its the little things like this that make me want to use it over GCP etc.

Second this. I'm kind of cloud virgin but navigating Azure is super easy. It's very logic,while GCP is..well.. it ain't YouTube tbh..

Youtube is the absolute worst media consumption/discovery UI in the universe.

They couldn't make it more user-hostile if they tried. (Maybe being hostile is the point? TBH I don't know the real monetization strategy behind Youtube, maybe hostility pays here.)

My game has been taking advantage of the GAE free tier for approximately 10 years now, only having to pay a few cents per months when there's a bump in activity. I probably could have avoided those cents by adding a little bit more caching.

I highly recommend it.

Is there a cloud provider that doesn't require a credit card for free tier?

Pick up a (re-loadable or not) $10 VISA, Mastercard, or AMEX gift card and register it for use online. There's your free tier-use-only credit card.

I haven't come across any, but I'm not surprised since it makes them rife for abuse. There are providers that accept payment in bitcoin however, mostly seedbox providers. RapidSeedbox comes to mind.

https://www.ibm.com/cloud/free, 30 days trial for "Hyper Protect Virtual Server" with 2GB RAM.

Anyone know if there is a similar list but for university students? I know some places will give you credits or free services if you're enrolled at as a student for working on projects.

Wow!! This is an amazing list.

A lot of times we aren't event aware that there exists a tool which can solve your need. And Google is of no help here.

I wish this list to include term for free tier.

Pull requests seem to be open for a while ; is this maintained actively?

Nice resource, I submitted a PR with our free-tier offerings!

forwardemail.net : if you are a Fastmail user does it provide you any benefit? Fastmail already has a catch-all feature.

I seem to be unable to visit the site, I receive an SSL error on multiple browsers.


Edit: from Sweden if it matters

Yea, sorry about that. I forgot I had configured a local resolver for .dev domains. in /etc/resolver/dev

The site works fine.

Strange. Did you blacklist Let's Encrypt on your machine for some reason?

You can move over to Norway when the covid19 crisis is over. The website works here.

for.dev is available

could just register that and make the subdomain free.

The first hit is always "free". As in "free puppy", not "free beer".

What's the difference? Whenever i get free beers i get to pay the next morning and id rather clean a puppy's mess than ache all over

There's also free-as-in-facebook, where you are the product.

Yes. Let the ~hatred~ puppy spread through you. Feel the power!

I love your “free as in free puppy” line. I will have to use it myself in the future.

Just remember that the expensive puppy isn't house trained either when you get it, and it will need just as much attention and eat just as much food as the free puppy.

I'm saying this as someone who knows way too much about Oracle databases ;-)

Choose a "puppy" you can love. Get it from someone you trust and get one that's right for your situation.

“Free chlamydia” is a better simile for Oracle.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact