Our support team has reached out to the user from the thread to let them know they're not getting charged for this.
It's currently our policy to not shut down free sites during traffic spikes that doesn't match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
Apologies that this didn't come through in the initial support reply.
One additional feedback, for consideration: to me, your Pricing page[1] doesn’t make it sufficiently clear that the “Starter” plan may incur costs at all (let alone in this ballpark). It’s now more apparent when looking at it in hindsight, but you have to either read very carefully, or go to the separate “View Features” page to understand this.
“0$ to get started, then pay as you go” reads to me: “0$ to get started, and then you can order add-ons and extra features as you need them”, not “$0 to get started, but we may start charging you virtually unlimited amounts at any point without prior notice”.
When signing up for the “Starter” tier initially, I completely misunderstood this. I didn’t have to enter any credit card or invoice details, so I thought as long as you don’t have that info from me, you can’t and won’t bill anything.
How on earth could I, as a customer, be sure that netlify hadn't paid someone to DDOS me? If I were in charge of a business like that, I would have that thought constantly...
Why go through that effort when they could just lie about site usage and say you incurred a bunch of traffic? Or make fake site "hits" from localhost?
It's really the trade-off for using any cloud host. You are implicitly trusting the host, their monitoring tools, their billing system, and their customer support when things go wrong
If you charge them for the extra bandwidth usage, it is. Not saying it's morally right, but definitely something a shady business would do. There's nothing "conspiratorial" about that. You'd be surprised how many conflicts of interest Big Gov and Big Business find themselves in.
> 0$ to get started, then pay as you go” reads to me: “0$ to get started, and then you can order add-ons and extra features as you need them
I think I disagree with this, but maybe I'm misunderstanding you.
Pay as you go sounds strongly to me that you pay based on your actual usage, not that it's free except for add-ons. A pay as you go phone, for example, does not imply you need to buy a telephony add-on, an SMS add-on, etc.
PAYG phones, however, were always prepaid, so I think I would expect PAYG hosting to be similar. That said, if my site was publicly accessible without my prepayment, I think it would be clear that it works the way it apparently does.
It's potentially misleading, but I don't think it's intentionally dishonest.
The disagreement is on what "usage" means. I wouldn't assume that "usage" includes things that don't take any action on my part.
If I don't use my phone, for example, I wouldn't get any "usage". A phone pay-as-you-go plan would probably trigger similar outrage if they charged you potentially unlimited amounts for phone calls that hit your voicemail overnight.
Do you know how web hosting works? You pay for a service so other people can use it. Extending the phone analogy, it is like you set up a public phone that anyone can use, and you pay for every time someone uses it.
Your analogy break down because no part of buying and setting up a phone yourself is free. If some company offers to set up a public phone "for free" in your neighborhood, and charge you for "usage", you wouldn't expect to be charged if you don't place calls.
The "do you know how it works" is completely unnecessary and rude.
> It's potentially misleading, but I don't think it's intentionally dishonest.
That’s my interpretation as well.
The usage of the term “add-on” is not clear here in my opinion. On their main pricing page[1], Netlify currently lists “Additional bandwidth” as “Add-on”. To me, that sounds like “I can actively order additional bandwidth in case the included bandwidth isn’t enough.” Not: “Additional bandwidth is automatically allocated and charged for as it happens to occur.”
In addition to that, there is a big bold “$0” at the top of the “Starter” plan.
1. Yes. We've forgiven lots and lots of bills over the last 9 years and they haven't gone viral
2. While I've always favored erring towards keeping people's sites up we are currently working on changing the default behavior to never let free sites incur overages
Any cloud platform should have a spend-stop amount built in.
i.e. if I know I average $10 a day, I should be able to put in a "If it hits $50, email me and take it offline".
Of course the opposite problem is then people setting that limit too low but since the user defines the limit that's on them not you.
This is one of the reasons I still in 2024 rent physical boxes and run the modern stuff on top of them directly, yes it costs me more per month but the price is hard capped.
This is something I really like about Nearly Free Speech.net. Their model is that you deposit funds up front, and they will deduct from those funds as you use services. It helps that they actually are nearly free so that a single $20 deposit can last for months or years in many cases.
It's bizarre to me that more services don't support billing this way, since there are tons of situations where I would much rather have a site or service go down than be hit with a surprise bill and have to depend on social media and magnanimous corporate PR.
Yes it’s nice like that. Specially for side projects on AWS that could go wrong on your personal credit card. Also I heard they forgave bills sometimes.
Amazon will, but they also gauge their discount in how many prevention and security measures from their 5 Pillars you follow in your environment.
You can do stuff like "disallow any of these instances to be used in your env", so if you never use graphics cards, disallow the whole class.
You can also set limits like "no more than 20x m5.4xlarge".
But again, AWS is the worst about no actual hard limits, cause each system generates bills. Ive also seen the hell of "hidden system AWS Billing doesnt have is still submitting billing and we dont know what it is". Again, AWS enables basically infinite liability.
Ive also discussed with C levels that "every engineer and dev with AWS logins have an unlimited credit card to of which you're on the hook for". Lets just say that 'heartburn' doesnt even begin to describe the terror on their faces.
When people have to read and implement "5 pillars" or "cloud adoption frameworks" before start using cloud, learning stuff like hosting with hetzner or self hosting start to seems like comparatively easy and simple.
Exactly. Cloud was sold as "simple", but in reality you MUST know about data center operations, security in an effective zero-trust environment, failover vs HA vs load balancing, and so many footguns.
The big advantage to "cloud" was that you can provision more resources in seconds. Existing data centers had terrible non-VM and non-good VM management software that provisioning more CPU, RAM, storage was a weeks or months long trial.
And you can still get a 100k bill for hosting a SINGLE text file, cause DDoS and shitty hosting providers who demand unlimited credit is a thing.
Frequently I'm looking up if there's a way to have a hard limit on AWS billing, and it seems like many other people have the same concern as well. I do understand that the massively distributed system hosting 100+ products each with ~10 things to bill for means you can't have each service going to the magic billing limiter service and be ask "can account X spend 0.000001 USD now?" * every request * every cloud tenant, etc, etc.
That said, I still think there should be an easy way to set a daily limit. Should I use the Budget service to do that? Cost Explorer? Billing Alarms? Is it possible to have them shed whatever's spending all the money?...
Again, I see the whole can of worms here: what if your service is jamming tons of data into S3 because of a bug? Or you actually started something that got popular and you have a gigantic Dynamo table? Stopping an EC2 instance is maybe an easy call, but deleting data is iffy.
AWS just feels like a minefield because I'm occasionally worried with all the products, I'll check a box when creating an instance or SG or whatever, and that'll (e.g.) trigger CloudWatch to read all my logs, but I have some crappy debug config for some app which will vomit out dozens of logs a second accidentally, and instead of just trashing `/var/log/` I get billed for millions of log events or something.
AWS doesn't have to check that for every request. They only have to eat the cost if you go over and use more before they shut you down. And the shut down should be in a way that they switch data to read only and give you a day to react before they delete.
They might even offer this as an insurance, so you pay a little more but can be sure you stay in budget.
A couple years ago I switched from a standard, contract-based US cell phone plan to a prepaid service it has felt so much more natural. Have a messed up my autopay and my phone just stop working in the middle of the day? Yep. But You just find some WIFI, pay, and its back on in minutes. I know exactly what my service costs: $35 dollars. No fees, taxes.
I stopped ~all autopays when (Boost Mobile?) deduced 200 instead of 20usd from my debit account one month in college. They refunded the difference relatively quickly, but I racked up 5 or 6 overcharge fees before realizing; ended up being a pita for an already broke 18 y/o to figure out.
I was a broke and stupid kid. Never use a debit as an autopay. But since then I like to track where each penny goes as it goes.
Why would one ever want to add a watch to a phone bill? ISPs are notoriously fleecing their costumers on every front, why would you ever go to them to get a loan?
Weird. The cheapest T-Mobile non-prepaid plan I see is $50 + taxes and fees, and that is without watch service. The cheapest T-Mobile prepaid I see is $30 + taxes and fees, and that also is without a watch.
I pay $20 for the phone plan, and $10 for the watch add-on. No fees or taxes Feels reasonable to me.
I think for this purpose you could use something like privacy.com, generate a virtual credit card, and set a monthly limit on it. This way you don't have to deposit any money in advance.
We did this at DigitalOcean for similar reasons, wasn't a feature that was commonly used. Additionally, when you set that limit people then get upset because usually when they go over it for a good reason, like going viral, they aren't anticipating it, and just when their traffic is most valuable the site is down.
What Netlify is doing here is really the best approach for both parties. And typically speaking a $104k bill would be hard to get paid up regardless if the customer's typical transaction balance was $5/mo and their credit card limit wouldn't be that high.
Also, that's the benefits of credit cards - that you can still issue a charge back, and credit card companies very much favor the consumer rather than the merchant.
> Also, that's the benefits of credit cards - that you can still issue a charge back, and credit card companies very much favor the consumer rather than the merchant.
So your suggestion is to issue a chargeback.. to get money back that should under the terms of whatever service you signed up for be owed?.
That seems like bordering on fraud tbh.
> Additionally, when you set that limit people then get upset because usually when they go over it for a good reason, like going viral, they aren't anticipating it, and just when their traffic is most valuable the site is down.
Legit concern and something I mentioned, I'm gonna guess there are broad two camps on that one - mine which is "I want a safety ripcord" and "whee, nice problem to have".
However since this entire conversation is around a guy who got a massive invoice because of a bill he wasn't expecting and couldn't have set such a limit I'm still gonna go with a "I want a way to constrain the financial downside - hell turn it off by default but give me the option".
Since broadly a lot of cloud stuff doesn't, I'll constrain it a different way.
So is the solution to have two thresholds?
Notify me urgently if the traffic exceeds 100$, giving me a chance to evaluate what's going on but shut it down at 1000$ if I don't act.
> Also, that's the benefits of credit cards - that you can still issue a charge back, and credit card companies very much favor the consumer rather than the merchant.
That has not been my experience. I've had to do a few chargebacks for services not rendered, and I've never won. I will submit my evidence, then the vendor will submit 100 pages of random emails, and then I will have my claim denied. Then I will appeal, will point out that they sent 100 random pages of email, and then they will reply with the same 100 pages of emails and I'll get denied again.
It seems that the vendors have found the hack for chargebacks -- just inundate the credit card company with so much data that they assume the vendor must be right.
It makes sense -- the vendors pay the credit card companies a lot more than I do. They'd rather keep them happy than me.
Plenty of morons just use the service and chargeback right before renewal so they got the service for free, some just chargeback instead of cancelling their plan or asking a refund.
I get hit with 15$ bill plus I lose all the money even if I provided the service.
Whatever email / data from my system I send is ignored and the scammer / moron gets his money back.
I'm sure that's how it works if the vendor is large enough.
If you are a small fish you don't stand a chance, which is why for my next project (where I'm supposed to charge a lot and spend a lot on behalf of the user - and I'll be royally screwed if I start getting chargebacks on 500$ of which I've already spent 450$) I'll just accept crypto payments.
That's strange. I think I've done about 10 chargebacks over 35 years. All but one I "won" with just an initial submission and waiting. One my card company came back to me for additional details before also siding with me.
Additionally, when you set that limit people then get upset because usually when they go over it for a good reason, like going viral, they aren't anticipating it, and just when their traffic is most valuable the site is down.
But that's on the user. The user shouldn't get upset in that scenario and has no right to. You're giving the control back to the user.
How about just fix the pricing formula to account for massive surges.
Instead of forcing user to set a low cost limit and missing a viral opportunity or the platform writing off the massive bill the customer can't afford... just put the billing mode into a reduced price mode or have some more nuanced configurations. Sometimes is just asking the question the right way. Instead of "max spend limit" or similar "If your site goes viral, how many requests do you want to serve before going offline? 1M=$20, 10M=$100, etc" at this point, I feel like bandwidth consumption is a bad metric for billing; just use requests/visits/actions and price for those.
This is not prescriptive just illustrative. The point is make a better pricing formula to account for these massively unexpected events. Couple it with an aggressive notification policy when this traffic event gets triggered. The user should know the traffic pattern has changed and a high traffic event is happening. They can login and change the configs and decide if they want to keep it going or not.
> But that's on the user. The user shouldn't get upset in that scenario and has no right to.
I agree. I also agree that when dealing with large numbers of people, there will be people who don't understand this and/or will actively try to social engineer their way out of their own decisions.
Setting customer expectations and meeting them successfully isn't easy.
The site user/admin saying "If this spend goes over $100, shut shit down" is called being a fiscally responsible adult.
The fact that most cloud operators don't have actual hard cutoffs to maintain financial responsibility is intentional. Azure does, but only for specific account types. If it's PAYG, you can't do it. The end result is if you do something "weird", or someone DDoS's you, you're liable.
With a hard limit, a DDoS just takes your site offline.
No, not really. Not really what attorneys do. There might be collections agencies interested in recovering the debt, but if it's some rando guy who doesn't have the money, even that is open to debate.
I mean I'm not familiar with every debt collection scenario under the sun but Internet randos seem to think this is a real thing where like a cloud/hosting company sends an army of lawyers to repo some guy's house and runs him into bankruptcy because of a traffic overage. I've never seen it work that way, what happens like with most business debts, is someone at the company negotiates with the debtor to try and get as much out of them as they can, and failing that, possibly refers it to a collections agency which does the same but plays a bit more hardball.
In the case here with Netlify even before it went viral they reduced the amount from $104K to $5K, no lawyers, collectors or repo men involved, and while I'd hate to be stuck with that $5K bill, I dunno, that does feel closer to the mark of something that maybe you should be on the hook for if you're responsible for 200 TB of bandwidth overage over 4 days? Is this so bad on the part of Netlify?
All that said I'll just add that I've never given my credit card to any sort of host/cloud who had terms where they could bill unlimited overage fees like this. Never will unless there's a cap. Not Netlify not AWS not nobody. That goes for my personal life as well as for the business I operate. The terms is the terms and the answer is to not use these services unless you can afford them imho.
> I'd hate to be stuck with that $5K bill, I dunno, that does feel closer to the mark of something that maybe you should be on the hook for if you're responsible for 200 TB of bandwidth overage over 4 days?
The responsibility part is the tricky part of the equation.
If someone hits your site with a DDoS attack, are you responsible? There's literally nothing[0] you can do as a customer of a cloud provider here because anything you can do is limited to the servers and services you're given access to. For example even if I had access to billions of requests and built an anti-DDoS tool it would still need to run within the cloud provider's provisioned server which means I'd be on the hook for all traffic costs because it's something running in my account.
That doesn't seem reasonable to me as a customer. It means a cloud hosting provider can put an extreme financial burden on a customer and make a killing in profits because of the markup they charge on bandwidth. The incentives are terribly misaligned.
[0]: I mean you can sign up for DDoS protection through a 3rd party company but in this case I'm talking about taking actions within your hosting provider.
All fair points but do they apply to the Netlify situation? As I understand it they generally won't hold you liable for resource usage generated by a DDoS, the guy on Reddit said this was a DDoS, the Netlify CEO said the traffic "didn't match attack patterns..." I think telling a free tier customer that they owe $104K was a pretty stupid PR move either way, but we don't really have enough info to say whether this was a DDoS or not
> As I understand it they generally won't hold you liable for resource usage generated by a DDoS
From personal experience as a customer of a cloud provider (not with Netlify btw), usually cloud providers who profit from bandwidth costs will write their TOS in such a way where almost nothing qualifies as a DDoS attack unless it's truly a distributed and targeted large scale attack specifically on your site.
A random person on the internet who spins up a few VPSs around the world and slams your site with looped curl requests won't count as a DDoS attack even though from your perspective that will result in a massive bill increase due to bandwidth costs.
In other words, I'm not surprised "didn't match attack patterns" was used. I'm guessing that will be the case most of the time.
Traffic doesn't cost money. Bandwidth costs money. Unused bandwidth doesn't cost less than used bandwidth. So, no, you shouldn't pay so much for something that doesn't cost them any money?
Mostly false. Either transit is billed on a 95th%ile basis (so...more money for more traffic), or if it is flat/netted, you're still paying for the capex for the switch ports (fatter connection to support more traffic means more $$$ for the gear to support it).
At Netlify scale, it'll be the latter. And the appropriate thing to do with free-tier traffic is set lower QoS so it doesn't interfere with paid traffic. This, it doesn't have cost.
You can say "the sum total of free-tier traffic requires X additional connections" but the sudden burst of DoS traffic did not raise marginal costs (besides an inconsequential usage of electricity).
They profit when their customers can't hard limit their spend and end up racking up large bills by accident, or for reasons outside of their control.
By the way, your comment was flagged which seemed odd, so I looked at your profile and it seems like all of your comments are being (automatically?) flagged and don't appear on HN by default. You might want to talk to the HN staff about that.
1. This doesn't seem like a rational thing to do. A trillion dollar business built on people making mistakes and actually running up a bill? Which exec is getting a bonus when little Johnny gets hit with a $1000 charge on his CS101 project? Doesn't seem likely.
2. To me, it's more likely they don't have one because there are edge cases to consider that make "hard limits" difficult to implement. What is AWS supposed to do when you hit the limit? Is it a hard limit? Ok, so when I hit my budget, all my s3 buckets get deleted and all my EBS drives get dropped? Do all my code deployments just get deleted? Do you "bless" certain services so that they continue to charge the user even after the hard limit? How is all of this communicated?
You can set an alarm in AWS today and the user can decide what to shut off. If you really need to, you can create a script that can hard nuke your account once a limit is reached; but I don't see why AWS should nuke your account for you.
1. Even if you assume perfectly good intentions, they're not incentivized to fix the problem because they're not on the hook for the bill, but stand to profit from it. Their margins are eye-watering, so sending out a $100k bill for a service which cost them no more than $5 to provide doesn't have a downside (other than bad PR, which they seem to be blind to).
If providing this bandwidth cost them $50k rather than $5, I would bet you my entire life savings that they would QUICKLY find a way to add hard limits to their service, no matter what technical challenges they're quoting now.
2. This is probably a 95/5 problem. The vast majority of these sorts of cases that I've seen and read about are caused by increased traffic, which hits the customer either with extortionate egress fees or unintended compute scaling behavior (FaaS/VMs).
Storage is trickier, but you could stop accepting writes or reads after passing some hard limit.
This leaves some edge cases, sure, but it should handle the vast majority of unexpected bills without any destructive actions.
> You can set an alarm in AWS today and the user can decide what to shut off.
That shifts responsibility back on the customer, which is exactly the problem to begin with. I need assurances that I won't be billed more than $X in any given day, or month and this solution doesn't provide that. Maybe their API down, maybe it's serving stale data, or maybe my automation fails for some reason.
> How is all of this communicated?
Hard monthly limits:
Egress: [ $ 10 ] - When exceeded, all outbound traffic is limited to [ 0 Mbps ].
Compute: [ $ 10 ] - When exceeded, scale all compute instances to [ 0 ]
Data Storage: [ 1 TB ] - When exceeded, all writes are rejected
Reads Ops: [ $ 1 ] - When exceeded, all reads ops are rejected
It's really not that hard. Offer these limits on a per-project, or even per-resource level, that would naturally allow you to limit the blast radius. A personal website that has gone viral would likely want to have different limits than an email server under the same account, for example.
>If providing this bandwidth cost them $50k rather than $5,
No, I believe you are assuming that proving a "hard limit" feature is cheaper than just refunding people from time to time. If you consider the all the products AWS has to offer, all the different ways they are billed, then figuring out what do to for each product once that limit is reached, and potentially doing a destructive action, and then all the code and testing on top of that - it seems far easier to add a human in the loop to just refund people on a case by case basis. It's a ton of complexity for likely a rare issue, and if someone really needs it they can build one themselves and choose how to handle what needs to be done once the limit is reached.
Building all this out just so that some college kid isn't charged a bill they could obviously never pay likely isn't a good use of resources. It's not likely AWS has a reputation of being greedy either, if you explain the situation they refund you. If they are truly doing this to make money they have remarkably poor execution.
>It's really not that hard.
Storage pricing isn't done up front. You pay per gigabyte-month. If your "hard limit" kicks in, then what does Amazon do with the data you are no longer paying to store? Does Amazon drop your entire database once the credit limit is reached? There are plenty of Amazon services like this. Consider secret manager. You are charged 40 cents/month per secret. You have 100 secrets, so $40/mo, but you set your hard limit to $20. The middle of the month rolls around, what does Amazon do? Do they just drop all your encryption keys?
There are 100s of AWS services and many where you can't just apply a sensible rejection policy once you hit that hard limit without doing something the user cannot recover from. It's only not hard because you aren't actually thinking about the matrix of AWS products that exist and how they are billed.
> There are 100s of AWS services and many where you can't just apply a sensible rejection policy once you hit that hard limit without doing something the user cannot recover from. It's only not hard because you aren't actually thinking about the matrix of AWS products that exist and how they are billed.
I don't think you understand what a hard limit is. When I set a hard limit, that means that under no circumstance should I be billed more than this amount. From this you should be able to deduce that the platform needs to stop you from ever entering into a situation where they could end up having to decide between nuking your data, or overcharging you.
This means that for all data storage scenarios, they should apply limits to projected monthly usage rather than actual monthly usage.
If 1 GB of storage costs $1 per month, and my monthly limit is set to $10, then they should not allow me store more than 10GB of data, rejecting writes as needed. This design guarantees that my hard limit won't be exceeded and the data is never at risk.
Any service which doesn't persist data can apply limits based on actual usage, and safely shut them down when the limit is exceeded.
> Does Amazon drop your entire database once the credit limit is reached?
No, they should refuse further writes when your database reaches a size that would exceed $10 a month. That's a safe behavior.
> Consider secret manager. You are charged 40 cents/month per secret. You have 100 secrets, so $40/mo, but you set your hard limit to $20.
If you set your hard limit to $20, then Amazon should refuse to create more than 50 secrets. That's a safe behavior which limits your spend to at most $20.
> Building all this out just so that some college kid isn't charged a bill they could obviously never pay likely isn't a good use of resources. It's not likely AWS has a reputation of being greedy either, if you explain the situation they refund you. If they are truly doing this to make money they have remarkably poor execution.
This is just a bad faith argument, everyone from broke college students to medium sized businesses has complained about this at one point or another. Relying on the good will of a megacorporation to forgive a surprise $100k bill is nuts and if you scroll through these comments you'll find some that claim that AWS is no longer forgiving these bills like they used to.
I'm not claiming that this solution is perfect, or that it would cover every failure mode, but it sure beats the status quo and would solve the vast majority of surprise bills that result from unexpected traffic.
>This means that for all data storage scenarios, they should apply limits to projected monthly usage rather than actual monthly usage.
>No, they should refuse further writes when your database reaches a size that would exceed $10 a month. That's a safe behavior.
I think we have gotten to the point where we've lost the plot here. You previously stated "It's not that hard". We are doing projection forecasting! And the storage layer for these range of services (S3, MySQL, Postgres, MSSQL, Kafka, Keyspaces, DynamoDB, probably 20 more im missing.) must now either call out to some financial projections service and reject writes for billing reasons. On top of that if you have a hard limit you are locked out of dynamic scaling. Need to 100 nodes for an hour? Nope, you now must disable billing limits because Amazon assumes you will use every resource for the entire month. Surely someone wont disable billing limits for an hour and forget to re-enable them, right?
>but it sure beats the status quo
I'm not sure handicapping every service for some barely functional billing limit beats the status quo. It's certainly more expensive for amazon in terms of engineering load but with so many footguns I don't see how it ends up anyway other than Amazon having this feature and still having to do service refunds because billing limits were disabled due to awkward limitations.
>This is just a bad faith argument, everyone from broke college students to medium sized businesses has complained about this at one point or another. Relying on the good will of a megacorporation to forgive a surprise $100k bill is nuts and if you scroll through these comments you'll find some that claim that AWS is no longer forgiving these bills like they used to.
Medium sized businesses have had their bills forgiven for things like cryptomining for example. My point is billing limits don't really work for AWS, alerts is the best you will get because AWS doing destructive actions for you or assuming your usage patterns is worse. It's not an easy feature and to imply they keep the status quo solely because Bezos needs another yacht is reductive of the problem.
> I think we have gotten to the point where we've lost the plot here. You previously stated "It's not that hard". We are doing projection forecasting!
It's not a complex "forecast". It's simply the monthly rate as I've illustrated with numerous examples.
If my limit is $10, then don't let me occupy more storage than that. It's a 1:1 conversation between gigabytes and how much they cost on a monthly basis.
Do you have ties to cloud providers you'd like to disclose?
It's a very simple concept that you're refusing to understand, which usually happens when your job depends on it.
> If you set your hard limit to $20, then Amazon should refuse to create more than 50 secrets. That's a safe behavior which limits your spend to at most $20.
I have 100 secrets and no hard limit. Now I set the hard limit to $20. What does AWS do?
That sort of adversarial weaponization of credit cards is really a US thing. In most of the world, payment is not relevant to the question of liability: you create a debt, whether or not you can debit a card. So, looks like DigitalOcean is another name to avoid.
Also: what's common? At the scale these companies so desire, small percentages are still thousands of users. Supporting them with what's ultimately a fairly trivial option shouldn't be seen as such a hassle.
Partially agree, yes the liability is independent of the payment. But in practice the one who has the money has the benefit of the status quo. The other party without money has to actively take legal action which is costly enough that it's often not pursued.
Yes and no, collection costs significant proportions of the outstanding debt, and if you object to the collection of the debt saying it's not justified the business ultimately has to sue. Collector can't do everything.
2) I understand your opinion that you prefer chargebacks but I disagree with it.
The very reason I stay with Hetzner is that I know in advance what my bills will be for the whole year. Heck, I even charge my account in advance so that I don't worry about any charges!
> usually when they go over it for a good reason, like going viral, they aren't anticipating it, and just when their traffic is most valuable the site is down
Of course. And that’s why any limit against a dynamic variable should also have alerts linked to it
Send an alert to the user when traffic starts spiking, especially if a simple projection shows it’s going to go over their limit
Then the user is aware, hopefully with enough time to lift the limit if needed
That's a level of responsiveness that doesn't exist for the vast majority of organizations.
If your customer is aware enough to notice they are being hit with a DOS or legit traffic while it is happening, then great! They can respond, and if needed, engage proserve to get support for scaling or defense depending on needs.
If your customer is not alert enough, then their site is offline, and they won't hear about it until their customers are screaming at them, which will result in a P1 ticket to look at a vendor who won't turn them off during an unexpected peak.
It's a catch 22, and if you have to choose between:
a) a PR hit because you have to go on a forum and post about waiving the fee, or
b) a PR hit because someone posted a blog post about how you killed their site during a moment of critical growth
any reasonable business will choose A every time because A is far more supportive of customer growth and has drastically better optics. Anyone who thinks A is worse is probably too inexperienced to have an opinion.
> Anyone who thinks A is worse is probably too inexperienced to have an opinion.
I'd say the same about those who only think in absolutes.
That's a false dilemma. You can give your customers a choice in these matters with an optional hard limit, which I realize seems like a rather extreme idea these days.
Someone running a personal project will likely opt to have a low hard limit, say $10, while businesses will more likely opt in for alerts without, or with very high hard limits.
> What Netlify is doing here is really the best approach for both parties.
Sort of, but the approach to the approach isn't great. If you're going to void charges from DDOS traffic anyway, you might as well make that explicit policy, rather than doing it after the fact in a way that seems discretionary.
The Reddit thread is full of people who are saying that they intend to pull their static content off of Netlify and move it to Cloudflare Pages, which has no overages on the free tier in the first place. I can tell you that I personally chose Cloudflare Pages to set up a new static site a couple of weeks ago, and Netlify wasn't even in the running.
If Netlify's free tier is important to their customer acquisition strategy, then they really need to retool how they're offering it, or Cloudflare is going to eat their lunch.
> I still in 2024 rent physical boxes and run the modern stuff on top of them directly, yes it costs me more per month but the price is hard capped.
I still prefer this too. Kinda funny how server resource limitations became a feature and not a bug when it was one of the problems the cloud sought to overcome
Cloud is somewhat managed though so charging a premium makes some sense. The blank check factor of how they price their services is a major risk IMO. Also a turn off how every single bit of functionality becomes productized with its own pricing model.
Yes, any price that's not hard capped is unacceptable. One reason why I quit Amazon cloud after the trial year. No because they were too expensive, but there was no way to guarantee they wouldn't charge me more than planned...
If a cloud platform offers such a limit, but the user fails to set it up, then uses $100,000 of bandwidth, is the platform then justified in NOT forgiving the bill?
If forgiving bills for this kind of a thing is a standard practice, how come this was the customer support's first reaction:
>We normally discount these kinds of attacks to about 20% of the cost, which would make your new bill $20,900. I've currently reduced it to about 5%, which is $5,225.
I will put there the other obvious offender: Vercel . Not sure about bandwidth, but dark patterns, keeping serious RBAC procedures we'll hidden until asking a fortune even for startups, to provide not things like SSO, just reasonable RBAC.
With all that money they then can finance the free tier until they get too far and become platform locked-in.
Surge.sh Im not sure. But shows all the sign of some greedy acquisition, regular long outages , as if I have been sitting as a free tier for too long, quick nudge to pay. For barely accessed sites even behind CDNs, steep. I even worry they one day just wipe all my buckets (they did for a few already) and support would recommend me to be a "normal" paying user .
Nothing is free. And nothing too good to be true is true .
His claims are directly contradicted by his employee's actions. When asked about this, he provides no clarification. I just don't understand why you'd consider him even remotely believable.
> 1. Yes. We've forgiven lots and lots of bills over the last 9 years and they haven't gone viral
This isn't what you said in your first post, you said:
> It's currently our policy to not shut down free sites during traffic spikes that doesn't match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
So forgiving "lots and lots" doesn't move the needle. Do you or do you not forgive _all_ such cases where your DDOS protection doesn't take down the site? What was your employee referring to when saying that the usual discount is 20%? Are you saying that you _never_ discount 20% and instead always discount 100% i.e. "forgive"?
1. Forgiven many, is Netlify forgiving all obvious anomalies? Is the question, which if so but you said many so it is a no, it would make you reconsider the next point
2. Favoring keeping people site up ? Would you go as far as keeping them up if they stopped paying for the meter? If not you simply should not let that meter go overboard.
Hey I'm a taxi driver. Hailer fell asleep on the back, so I kept driving all night, once he woke up I dropped him to his place and asked for my monthly wage. I "forgive" many, but just a few are juicy income so I adopted the policy to never wake any customer up. If people ask I say it would be impolite, principles prime.
> 1. Yes. We've forgiven lots and lots of bills over the last 9 years and they haven't gone viral
Sequence of events doesn't support this answer:
1. User gets charged 100k
2. User complains to support
3. User receives discount to 20k, then 5k. Support states policy is normally 20k
4. User discloses to the world. Goes viral.
5. Invoice is forgiven
While you might forgive "lots and lots", fact is that you still presented the invoice to a free tier customer, and when they complained you gave them a discount, but still charge. Only when it went viral did you forgive it.
Quite... It does seem that either the story we're getting isn't completely accurate or the support people who handled this need a little reminder of what's supposed to happen.
I'm a paranoid person by nature so "It's free... just... give us your card details" is always suspicious.
Do the changes you are working on that will cause "the default behavior to never let free sites incur overages" involve providing users with spending limit controls?
Solving this only for the free site use case doesn't address the core problem that people are bringing up about a lack of spending limit controls.
I wouldn't think it's a binding policy at all, because the billing procedure (automatic full bill, manually discounted bill, etc.) would follow it if it were. More of a procedure.
> 1. Yes. We've forgiven lots and lots of bills over the last 9 years and they haven't gone viral
No offence, but this sounds like "trust me bro" billing and it is not good enough. Someone could literally get a heart attack from getting $100,000 bill - this amount of debt can literally ruin someone financially.
> 2. While I've always favored erring towards keeping people's sites up we are currently working on changing the default behavior to never let free sites incur overages
I hope you understand that chance someone who used to pay you $20 / month unlikely want to ever get $10,000 bill. Yeah people might dislike that their website went down due high traffic, but it's not gonna bring this much negative PR as incidents like this. There should be some sanity check at least.
2. is obviously what should have always been the case, but it's good news to hear you've now gotten there. Every single hobbyist website would always choose downtime over a hundred thousand dollar charge.
With a properly configured nginx, you can easily serve 10's of thousands of requests a second on vserver type hardware. Netlify just offers these build pipeline kind of static site with cms UI.
But this is a good reminder why my gut feeling always made me avoid these overengineered solutions.
It wasn't the engineering that did it, it was the egress charges. But I think the IaaS tend to charge more for this than the clouds, who in turn charge more than the "servers for rent" people.
They aren't engineered, they subsidize (more) enginnering effort , and (are meant to) cost less as a result.
They do. But of course maximizing profit is the sole true prerogative of capitalist enterprises. And the market is not totally competitive. So yes your intuition was correct, to be cautious against over enginnered pricing to get y'a.
I mean those companies cater to hobbyist. Then ...
Render seems more fair-play. Until a change of mgt occurs of course.
You should probably consider a daily limit (up to some max n days) rather than a hard one time limit. If your engineers can set a 1 and done they can set an n and done and it would be a much better solution and more customer friendly. The guy using 5 gigs today as a poor college student will likely have a position in a small to mid-size company in a few years. I assume non-free (but low tier) customers would much prefer a reasonable limit set as well. Maybe a max of 2x (or so ) bandwidth so no huge surprises. Remember they're your customers and not your paying adversaries
This seems like a really good idea to me. Or at least cap overages at a specified amount, like 2x the free level (a $55 surprise bill is a totally different universe from a $100,000 surprise bill, obviously).
Honestly, this terrifies me---I run a bunch of different sites off netlify, and I would have never imagined that a site could jump from 0 to six figures of bills a month without something hitting a tripwire somewhere and cutting it off or at least communicating with the account owner. At least users should have the capacity to self-impose bandwidth caps to prevent this sort of thing.
Thank God for social media that the user was able to get attention about this on Reddit which he was then advised there to post this on HN. It must have been stressful to see a six-figure bill and then get told that that, no worries, you’d ‘only’ be charged $5k instead for a static site. It’s just ridiculous to me to be sent a 6-figure bill in the first place.
I hope this is not one of the cases that get simply forgotten and in a week or two their beginner unfriendly platform gets recommended again without a second thought.
With models like this and AWS people will get afraid of success
I mean, social media is pretty much an inevitability once mobile phones/internet became mainstream. Just like the invention of the gun and gunpowder, I think we are still debating if it was good for society right to this day.
You don't see VPS providers like Vultr forgiving bills like this, nor do they make the news. Granted they are not the same scope as Netlify, but still.
if only i had $1 for every time for every time someone asked this exact question on HN. yes, we all get it: easy question is askable and not answerable. you want a gold star?
I’ve been a netlify user since 2017 and I just deleted all my sites. I can’t risk receiving a $100k bill for toy projects. Your “current policy” is not good enough.
Same, as it stands you the user are legally liable for the full bill unless netlify graciously forgive it.
Even in op's case, they didn't (still charging 5k!).
If there was an option to cap billing, or at least some legally binding limit on liability, then I can countenance using netlify.
Until then, it's just not feasible nor worth the risk.
the fact that once it arrives to the limits does not display an error page.
At this point I honestly do not care about they changing their policy, they should have thought that a normal person receiving a 100000$ bill on a free tier shall not been at all on the table in any circumstance, even if they forgive the bill, nobody needs to stress out like that.
Same. I will (almost certainly) never incur a $104k bill, but switching to Cloudfare Pages looks free and I don't want to depend on unwritten policies of goodwill to mitigate the potential risk.
Same here. Will I ever get a level of traffic that would cause this problem? Extremely doubtful. Is it worth the risk when Cloudflare Pages is a similarly easy offering, and took 5 minutes to switch to? Hell no.
> What’s a good, simple alternative for a VueJS app?
I'm not sure about VueJS specifically, but I run everything I can off a $6/m digital ocean droplet (static sites, web apps, git repos, RDBMS, some other custom apps I've written) and it hasn't broken a sweat yet[1].
My understanding used to be that requests will be dropped if my virtual server can't handle it, and I'll have to transfer 10,000TB to get to a $100,000 bill.
In practice, my server will not physically handle the load to serve more than maybe $1000 of data a month; it will fall over before that.
In summary, using a VPS is sorta like an instant hard cap.
[1] Until I tried using Jenkins. Which crashed constantly because apparently 512GB of RAM is too little for what it does. I'm now in the process of writing my own little CD tool that isn't going to go over 30MB of RAM just to run my deployment scripts.
Having a personal VPS is the way. I run a SvelteJS app as well as my personal website, blog and a couple other services on a $6 droplet and it runs great.
I agree with both of your philosophies and also run a VPS. However, lots of people would have no idea how to manage a server from scratch or to install a web server, even a static one. Netlify really is pretty amazingly simple for what it offers, which is a lot. And even among those who think they can run a server, many probably have wide open security holes they are oblivious to.
> And even among those who think they can run a server, many probably have wide open security holes they are oblivious to.
This is the big thing, but I also think that modern out-the-box OSes are pretty damn secure these days.
IOW, the amount of knowledge and time needed to maintain my single VPS is a lot less than the knowledge and time you will need to manage your costs using multiple hosted SaaS suppliers for static hosting, web-app hosting, database hosting, repo hosting, etc.
Cloudflare pages is pretty much drop in for netlify. And it has unlimited bandwidth for free (at least in theory. Guess they might call you if your site does 1 petabyte per hour)
The only "fix" here is to act like Hetzner and null route upon DDoS, price cap the thing, or offer unlimited bandwidth on the free tier like e.g. Cloudflare Pages.
Uncapped but paid is a recipe for disaster and you'll always be subject to the will of the support staff when something happens. If they can grasp to a straw leading to suspicions that it's not in fact a DDoS attack, you can for example be sure they'll do just that. Just no.
With a 48 core Epyc or 80 core arm server, one really shouldnt need much more for a middling project. There are enterprises who run entire services on such hardware.
How does price caps work on Hetzner? I never managed to figure that out from reading their price lists. It looks to me like they charge for each TB, and the only thing I can see is that you can set an email alert to go off when close to some threshold?
Traffic limits change depending on our products:
See https://docs.hetzner.com/robot/general/traffic/
1) dedicated servers: unlimited
2) cloud servers: changes based on package
3) colocation: changes based on product
4) managed servers: unlimited
5) managed vServers: 20 TB
6) Storage Boxes: unlimited
We only calculate outgoing traffic. We do not count incoming and internal traffic. --Katie
Thanks, I have 3 sites I need to get off Netlify and I’ve spent the morning reading about Cloudflare Pages.
My only hesitation is the 20k file limit; one of our sites is a large Gatsby site that generates certain content programmatically, sometimes using a series of YAML files as the source. Pretty sure we’re over 20k pages by themselves. Been meaning to move this one to Next.js sometime but that’s not on our roadmap anytime soon.
I've run all of my hobby projects, including personal web pages, a Wordpress site that serves a local club, a small single-JS web app, and E-mail hosting for my family and a few other domains, on a single $5/mo VPS, and have never received a bill higher than $5 for the past, I don't know... 15 years.
If your web site makes you money in proportion to the amount of views or bandwidth you use, by all means, go with a provider that increases your costs when your traffic rises. But if your web site does not make you money, why not host it somewhere for a flat rate?
I don't get that either. I earn all my money from my websites and serve > 1mio requests daily all from a single Vultr instance for less than $150 including backups and more traffic than I ever need. With monitoring, CDN, DNS, ddos protection, and whatever I pay about $200 a month, no surprised and a lot of room to grow or get HN hugged, or whatever.
I've been on a $25 instance for years for all my sites, which worked as well.
Did exactly the same, moving everything over to Cloudflare took me less than 15 minutes. “We’ll forgive those cases, pinky swear” is not a valid excuse when putting (even opt-in) hard limits in place is technically viable.
"Current policy?" So, you will retain a right to change such fees when you feel like it.
This is a serious matter. We are building a new site for our company with Netlify, but we can't open ourselves to this predatory practice. And even if you do not mean to be predatory, even the option of such is enough.
If not resolved with a clean, legally binding promise, our company (and probably quite a few others) must move our business to Cloudflare, Amazon, or some other competitor of yours.
The paid tier (like $19/mo/user) has the same vulnerability. Overages are charged at the same price per GB as the free tier and they could still be charged $100k for the exact same thing.
Why are you asking this question here? Any actual company would have reviewed all the legal documents prior to choosing a provider. The promises you seek are the exact reason "enterprise-grade" providers can (and do) charge so much.
« Apologies that this didn't come through in the initial support reply. »
"Didn't come through" doesn't actually match the user's report of having support explicitly offering 20% and then 5% payment. It sounds like maybe you have a training problem? That seems like one of the important points to speak to.
> It's currently our policy to not shut down free sites during traffic spikes that doesn't match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
That doesn't square with the 5% fee on the original $104k that your company told the OP to then pay.
> It's currently our policy to not shut down free sites during traffic spikes that doesn't match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
Well, giving the option to users to plan ahead would be best, no? Like a setting to choose whether they want a potentially unlimited bill versus downtime.
Instead of that, you are choosing to stress and make people scared/anxious/homeless even (if they don't think of raising the issue on HN).
Seriously, this is not rocket science. This must have been discussed before in your company, and someone actually made this decision to stress people about such bills.
Frankly the only reason I can even come up with that Netlify wouldn't have such controls in place is exactly if they do _not_ simply forgive these sorts of jumps in costs (as the CEO here seems to be claiming). I'm pretty sure if they'd be left holding the bag, they'd manage to find some way to cut off these kinds of jumps in usage.
That would potentially make this situation much, much worse (in the US tax system...YMMV). If Netfly forgives a business debt and reports it to the IRS as uncollectable so they can write it off, the IRS can consider all or part of the forgiven debt as income to the person who is forgiven (there are lots of details, IANATA/IANYTA, YMMV). I don't want a blindside 100k bill from my hobby site, but I sure as phuck don't want the IRS thinking I made an extra 100k of taxable income. I might be able to shame Netlify into forgetting about it, but the IRS is not usually so easy to deal with.
Not a dodge, (tax) accounting doesn't work like that. You can create accounts receivable of 100k and then write them off, that leaves you in exactly the same state as if you had just not entered the whole thing into the books at all. No benefit to "writing off".
Well, note that they're only talking about giving refunds if there's an attack and they miss it. Doesn't mean they'll give a refund if you get $100K worth of real user traffic.
> It's currently our policy to not shut down free sites during traffic spikes that doesn't match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
The legitimate mistake sounds to be on _your_ side if anything. You failed to match the attack pattern after all.
> Apologies that this didn't come through in the initial support reply.
The support email said you normally discount the attacks to 20%, but in this case it would be discounted to 5%. Are you here publicly claiming that your policy is to in fact to forgive (i.e. discount 100%) these bills? Was the support reply totally incorrect in claiming that you normally discount the attacks to 20% or are you lying when saying that your policy is to forgive the bills? You might want to clarify your position here.
To be fair, these days, things can become viral literally overnight.
That said, instead of depending on unreliable heuristics, they should just allow an option to change the behavior. The "current policy" to charge small sites on the free tier thousands of dollars instead of just throttling/shutting down the traffic is really predatory.
I'm not trying to justify netlify, because it's pretty obvious all cloud providers have vile intentions here (even though they pretend otherwise): it's obvious that total majority of use cases for such platforms are toy or small-scale projects, and literally everyone in this market would prefer their website being shut down, rather than getting $100K (or even $5K) bill, BUT…
1 million downloads (= visits) is nothing for "going viral overnight"
Anyone exceeding their plan with a factor of 10 or hell, let's make it a 100, almost certainly didn't anticipate it and thus isn't prepared for the kind of bill that apparently comes with it (or even knows that there would be a bill). On top of that, there currently is no way to state such rules up front! Moverover, according to their own explanation, it was almost certainly not organic traffic!
I wager the vast majority of people in the free tier would gladly cap their traffic at the (generous!) bandwidth offered by Netlify. Even to the majority in paid tiers, 100k bills where there previously was none must be unwanted and unintended.
I understand that you need to pay bills, but auto-billing over the bandwidth budget just isn't OK, or at least not unless the user specifically configures that that's OK. I for sure didn't understand your bandwidth tiers that way.
You can avoid this sort of bad press and disgruntled users and your support cost by just giving users the option to shut down the site once the bandwidth budget is up.
Lol this deescalated pretty quickly, went from $104K to $20K to $5K to $0
Which basically means you almost scammed the customer for $5K or $20K. Super negative practices. I for one could never trust a company operating in that manner. It would be much more honest to say "unlimited bandwidth" and set a hard-limit for maximum budget, then people know they won't be charged, than to go through all this crap and then pretend you're doing a favor to the customer (you're not). If I'm normally spending $10/month any idiot out there would know for sure that I'm not going to spend $104K instantly. That's a very basic filter to have. But you don't place such filters because obviously you're working on the principle to scam people many thousands of $ if they fall for that. Heck, for all we know you might send that amount of traffic to your customer and the try to scam them and if it doesn't work then pretend you're doing them a favor.
This is in the FAQ: https://news.ycombinator.com/newsfaq.html. See "How are stories ranked?" and "Why is A ranked below B even though A has more points and is newer?"
About this specific case: it set off the flamewar detector (a.k.a. the overheated discussion detector) and also got moderation downweights. We sometimes turn off that penalty, but I don't think we'd do so in a case like this, because HN gets so many posts of this nature. They flare up with Big Drama that is sensational for a while but not particularly interesting, and therefore not really what the site is for.
In fact HN gets so many posts of this type that it has become a joke, and not only that but a cliché, so much so that the top comment of the Reddit thread repeats it [1]. That's about as repetitive as anything gets. The basic idea of HN is to gratify intellectual curiosity [2] and avoid repetition [3].
I read this whole thread before the CEO posted and after, and neither time thought any of the comments were out of line or even that the general mood was any more heated than any other random HN thread. People are politely asking pertinent questions.
And I think once the CEO makes a statement which contradicts the company's support response, that becomes very interesting. Particularly to anybody that uses their service. I'm certainly not finding the conversation very repetetive or cliche.
You're welcome to disagree, of course. My main concern is to explain what the principles are. I'm not saying we apply them perfectly—sometimes we make bad calls.
I can tell you pretty much for certain though, that we'd hear many more complaints if a Reddit thread about a customer support shitstorm stayed on HN's front page for very long.
Btw, the Customer Support Fuckup category is one of several $X where HN has become known as the place for $X, but only because HN is not actually for $X. Another example is the Site Is Down category—people often come to HN to find out what's going on when some $Site or other is having an outage. But just as HN itself isn't a site monitoring platform, it's also not a customer-support-of-last-resort platform.
If the community feels like this customer support fuckup is altogether more interesting, I'd consider reversing the call, but again, my gut feeling is that we'd get even more complaints that way.
I agree completely with the underlying principles, I just think once the CEO has commented and stirred up some interesting discussion that's relevant to a large segment of your userbase, the thread doesn't really belong to some generic "customer service shitstorms" category anymore.
I learnt more about Netlify, Vercel etc and how they operate from this thread from the last 100 "customer service" threads combined. I learned about Cloudflare's offerings, and a bit about Hetzner. And it was all very interesting.
You said you sometimes turn off those penalties, I think this thread would be a good candidate.
Thanks dang. This was one of the most important posts on HN for me since inception, and prompted my own immediate migration away from Netlify hosting[1]. I would hazard a guess that there are many Netlify users on HN, and becoming aware of the unlimited billing exposure (as well as Netlify's official policy (such as it is)) makes for important reading.
Something that makes me feel uneasy about the fact that the post gets hidden is that this strongly benefits Netlify. It seemed like lots of people moved off Netlify after reading the post.
I'm not suggesting that HN actively took an action in Netlify's favor, but the potential is there. Is the algorithm for flame war detection open source? Or do we essentially need to trust you that there was no interference from Netlify? (I do trust you but others might not).
We didn't have any private contact with anyone about this post other than a couple users emailing to ask why it wasn't on the front page anymore. Nor were we thinking about who would or wouldn't benefit—that never crossed my mind. I was just thinking about standard HN moderation practice.
I don't know how to get every user to trust us. All we can do is answer questions when asked. That seems to be enough to satisfy most of the community most of the time, and it's probably not possible to do a lot better than that, much as I would like to.
I'm not a fan of opaque ranking algorithms either. Just use this, the only thing it has is a 500 point threshhold and surprise, that works perfectly fine to determine what is currently trending in the community
Heck, at that point, why not "send some traffic" to your customer? It's not like they have any way of verifying its source. Hmm... why even send traffic at all? Just add a multiplier to their metrics!
This is very weird take. I'm struggling to understand why this is incident as a reflection of "super negative practices" or is somehow a "scam". The CEO came here and publicly apologized for the mistake and mis-communication, and the issue is resolved for the user with no charges. What am I missing?
What price would the dude have to pay if he didn't publish it? How often does this happen and why is there no protection against charging free customers 100k out of the blue. Why charge it and shock the customer if practice is to waive it? The CEOs response kinda just made the situation worse.
Yeah, I don't buy this conspiracy theory. The reason why they charge it could be as simple as they calculated the bandwidth usage following a ddos attack. It amounted to 104k worth of bandwidth usage. There system is not sophisticated enough to recognize it was a mistake due to attack on their site. Thus a manual intervention was needed, and now it's resolved.
Right, but there's still a huge contradiction here. The support email says it's standard practice to charge 20%. Now the CEO's comment says it's standard practice to waive it entirely. So which one is true?
It's only a weird take if you don't have any common sense. It's super simple:
either offer unlimited bandwidth(since you're not charging these anyways), like Cloudflare Pages does,
or put in place controls that will allow customer to set a top limit for their budget. You can't just all of a sudden send them a $104K bill and expect them to pay when the've never spent more than a few bucks. And then even worse, you can't pretend to expect them to pay 20%, then 5% then pretend you're doing them a favor by completely liftig it off. That's just arbitrary billing and preying for any victim that would fall and agree to pay 20% or 5% etc. I'm just asking for common sense and practices that build trust, not arbitraty billing rules.
In New Jersey I have to let an attendant pump my gas. If I have a heart attack while he’s pumping gas, but I never explicitly say “please stop once it’s full” and he, innocently enough, takes the still-flowing gas hose and pops it into a sewer grate once my tank is full, you’d be hard-pressed to find a reasonable person agree that the attendant was throwing me a lifeline when he refunds me after I come back complaining about my $2k gas receipt.
This is a dumb analogy, but the point is there is very obviously a pattern in this payment process that is ripe for abuse. The question of whether or not you aim to be an abusive business, plucking every shady profit where you can put the onus on the customer to try to come get their money back is one that many companies are deciding, and many are erring in the direction of the dark pattern.
By not working to avoid this problem from the get go, there is an implication about how a company wants to make their profits.
Pay for what I use works for airline seats and reserved compute/storage resources.
I have no control over how much traffic my public sites get. There is zero value in me signing up for a service which charges me based on traffic if I can’t control the maximum they’ll charge me. Would you sign up for an infinite bill?
the CEO said they're "forgiving any bills from legitimate mistakes" which effectively means "just make everything zero dollars bro".
And no, he didn't use all that bandwidth, he was victim of a DDoS which the hosting provider should have measures in place to prevent or limit the service if it happens.
Perhaps a bit ignorant, but to be fair that Netlify attempted to charge him is absolutely ridiculous. With my hosting provider, I would pay a whopping 50 EUR for the same bandwidth that he was asked to pay 104.5K USD for. That just shouldn't be possible to happen, especially on a free tier.
Any person seeing a user that normally has a $0/$10 per month bill suddenly spike to $104K would see that this is obviously a DDoS.
If it has always been a "policy" to forgive bills, shouldn't it have been 100% forgiven immediately after OP contacted support in the first place? Why go through the trouble of playing the hero by offering "discounts".
The user was asked to pay 20% then 5k on a service that's called "free" but has some extras which actually cost money.
After this the CEO comes along and says that the policy is actually not to bill for this kind of event... But the company actually tried to bill this user 3 times... soo it all stinks really.
You can't rely on such a policy if it is not part of the actual contract. This doesn't address the enormous uncertainty and risk that is present here when using Netlify.
This is what sticks out to me about the situation. I would much rather a site go offline due to service overage triggering at some limit that I set - simply relying on the good faith of a host to subjectively waive fees is not reliable nor does it instill confidence that I won't be financially ruined by malicious third parties (like nearly happened here). I would imagine that the good faith of Netlify in this case would mean very little to a court when there is a contract that stipulates costs for services, and the worst case scenario for a user is that Netlify could take the issue to court with the contract the user agreed to and demand full payment. Even the possibility for this situation to occur without any tools existing to prevent it is terrifying and is a terrible value proposition for a service.
By the time you forgive the bill you may have caused significant psychological distress, maybe even irreparable. This doesn't feel like a responsible approach.
This is the way most companies work unfortunately. Paypal limits your account and makes you wait 6 month to (maybe) give you a way to get the money back.
This is why I stopped using PayPal. My credit card company allows me to issue chargebacks with typically very little friction because of my credit history. PayPal once put me through the wringer for an order I cancelled and never received a refund for. After that I deleted my PayPal account and decided to never use it again. In this case, I would take my site off Netlify and never use it again.
I’ve already migrated my two sites off Netlify after reading about this incident, and seeing other replies where folks said they were stuck with large bills.
This large bill doesn’t look like a legitimate mistake, it looks like everything worked as intended until things got escalated via Hacker News.
This leaves all your other small business users potentially on the hook and at the mercy of your mercy.
Not only should this stuff be capped rather than the dam allowed to flow, but your systems should have picked this up immediately and known it for its nature.
Thus must have been a nice little earner for you over the years.
> traffic spikes that doesn't match attack patterns
I interpret this as "we always charge for traffic served, but we attempt to block illegitimate traffic" which means of course that the worse their traffic discriminator performs, the more money they make!
I assume you'll be offering this user a good amount of credit on their account for having to deal with this BS and the stress of being told they owe you $100k?
So the original support worker just pulled 20% (and then 5%) out of thin air? Given your internal knowledge, can you maybe explain why a support worker would ever do that if policy is simply to forgive the debt?
Anything Netlify deems them to be, of course. That's why these sorts of T&Cs use weasel words like "legitimate", "reasonable", "expected", etc., instead of giving specifics you can action against. That way they can claim every thing they've done is legitimate and reasonable no matter how fallacious that claim is, and double-dog dare you to spend the time/money to take them to court (or worse, imposed arbitration with an arbiter of their choice) and prove them wrong.
So this one got attention due to some good Samaritan on Reddit who told OP to post here. Now, to the real question here: have others not received as good advice and just paid up?
I'm moving my domain name and personal site off Netlify (already deleted the sites, DNS transfer requested), probably moving to Cloudflare pages.
It may only move a few MB a month, but I just can't risk if I put anything more substantial there that I might get hit with a bill for $100k and you maybe will forgive it. And that this has apparently been policy for nearly a decade makes it even worse.
Sorry, but there is a lot more going on here than you addressed, these charges were incurred on your "starter tier", which has no mention of additional costs.. I've noticed a lot of "sponsored content" by netlify, and again no mention of this possibility.. Also, no comment on not having ddos protection, or at least a spend limit?
Sure, this instance was resolved, but it's also the top post of the last month. Who honestly things it would be the same outcome if not for going viral...
I’ve been a Netlify users on the Pro plan for a few years now. Moving from Netlify to CloudFlare after this; “this didn’t come through in the initial support reply” doesn’t cut it for a $100k bill.
But you do see how _not_ addressing this in the initial support reply is going to cost you all in the long term, right? The real lesson here seems to be for small projects, it may well be worth the investment to handle my own hosting. All I see here is that getting you to do the right thing required publicly shaming you, which means you can be trusted about as far as I can throw a piano.
I’d rather be shut down than have a heart attack from a $100k bill. That could literally kill me from stress, even if you pinky swear to refund any oopsies.
That is an outrageous and inhumane policy. People get panic attacks when they get told they owe 100k they don’t have. People will be terrified your internal process wrongly determines the bill is legitimate. Imagine you have to study for an important exam or that you have a paper due. How can you possibly focus with this nightmare at your doorstep?
The most bizarre thing is that this is a known issue that folks have asked them for ways to mitigate, to no avail. The reddit thread even links to an extremely weird dialogue where Netlify's response boils down to, "if you're hosting a small site that gets DDoS'd, don't."
https://www.netlify.com/security/ sez “Active DDoS mitigation — Netlify monitors for traffic pattern anomalies and spikes, and effectively controls for them as needed” and now I'm curious about what that actually means.
It means they protect themselves from layer 3 and 4 DDoS. For layer 7 you're mostly on your own. That's what most companies mean when they talk about DDoS anyway.
Right and as a CDN they HAVE to handle layer 3 & 4 DDoS themselves so it's not like they're doing you any favours. The traffic is typically routed to the customer based on SNI.
“The cool thing is that we also provide a load balancer, and if our system has detected that our main load balancer is currently being hit by a large DDoS attack and is slow or unresponsive, we’ll simply route around that on the DNS level. Since we cache content at our edge nodes around the world, end users also experience extremely fast page load times because of this.”
I had the intuition that Netlify are extremely incompetent compared to Cloudflare, and this thread adds another data point. So no, if you value uptime you are not going to rely on them.
OT: It seems like your comments are being automatically flagged/killed by HN, you might want to reach out to HN staff. You're the second person in this situation I've come across in the past hour, odd.
Playing ”devil’s” advocate: tracking spend in real-time is not trivial. It adds complexity to stack. Bugs in the feature can cause sites to go down (for long time) without a reason. Larger online businesses likely rather sort out the problems later than risk shutting down in the middle of unexpected success.
OP is right though, realtime alerting is non-trivial to build. It looks us a lot of work at Vercel to get right. We also offer budgeting options where you can set spend limits now, too.
Oh wow sorry didn't mean to be personally flippant to the VP! Hacker news is wild.
I just had a look at the billing screen and I can see notifications but not budgeting options (on the Pro plan). Ideally I'd like to monitor/configure spend per deployment as some of our sites have big sales which can = big fees. Is this possible?
Not really. AWS has budget alerts right? And I can read those budget alerts through their API.
So it would be trivial for me to poll their budget API for an alert, and immediatly trigger a shutdown of my Cloudfront service. Why can't they do that for me?
It's something. I started looking into the budget alert docs and it does use SNS so it should be easy to have something polling that queue and respond in any way necessary.
I'm imagining an alert to the on-call team, and a soft shutdown until the on-call team can figure out the next step.
If it can save a few thousand dollars, it's worth it. Each business must make their own estimate of course.
Why do we need regulation? "Keep the service up no matter what happens, no matter the cost" is a useful business model for companies that make the mistake of promising too many nines to their customers.
The issue at hand is that people put small websites on hosting providers designed for megacorporation wealth, like Netlify. I highly doubt the average blog needs more than a $10 VPS located in one single country without automatic fallback to another data centre. You can probably even go with a $5 VPS if you don't care about the first wave of HN front page bots not being able to reach your site.
> "Keep the service up no matter what happens, no matter the cost" is a useful business model
I mean, yeah - but that shouldn't be the default and it shouldn't be something that you can't opt out of if it is, which is what sounds like happened with Netlify.
Why would Netlify offer the option to opt out when extreme availability is their core business? I'd argue that people are using the wrong service provider if they need to opt out in the first place.
Same goes for most of the other pay-as-you-go providers that turn HN into billing support every now and then; very rarely do I see "we suddenly got a $20k bill" posts about services that these extreme availability products make sense for.
I'd be in favour of a regulation to allow them to set a spend limit, opt-out.
I'm fine with their pricing structure right now, since you have PLENTY of providers to choose from - people can easily vote with their wallets and there's no problem that needs solving.
However, the unexpected spikes are a problem, and providers seemingly don't provide any way to solve them because they make more money by not solving them. A regulation to require all providers of post-billed services to provide spending limits would make a lot of sense.
Of course, customers should also have the option to opt out of the limit or set a very high limit.
This should apply to any service that's billed by usage calculated afterwards, not just web hosting, and not just technology.
Or, rather than creating more regulations, people could read the contracts they agree to when they get service, and use a competitor if they don't like it
There is such a thing as an unfair contract. Moreover, there are business practices that can become a local maxima in an industry and squeeze out competition which would actually be a net benefit to most consumers.
Mobile roaming was the same before the EU intervened, and were now going back to the shitshow tjat preceded it in the uk.
The problem is that it isn't entirely clear which ones have predictable cost to the non-lawyers eye. I.e. they should have to have sane defaults, like reasonable spending limits and opt-out, by regulation, since the market is failing here.
true. I have a 9€/mo vps at Contabo for my blog and once boasted on HN that my small VPS is able to handle reddit/hn hugs which one user seemed to take personally and they started a DDOS against my VPS.
I only realized this after Contabo contacted me and said the traffic is so high that other clients service is also degraded and they will have to take my VPS down if its much longer (which was understandable). Gladly the ddos stopped soon.
But never was there any talk about any cost, they were very supportive
To some extent, that answer is fair enough, assuming they make this clear up front. If their service is "we'll keep your site up no matter what, for a price" that's a fine service to offer. It's not what the vast majority of people want, of course.
If their advertising is targeted to small businesses and individuals who could never afford this type of service, they could be guilty of false advertising, at least morally guilty. I haven't seen their marketing so I wouldn't want to say.
I don't fully understand Netlify, but it seems though it tries to be a one-stop solution for everything it doesn't have to be - you could put free Cloudflare in front of it and probably mitigate this kind of thing?
Especially since they admit it was a DDoS attack. What I find outrageous is first that they charge for incomming traffic (which is often free with other providers), but also 55$ per 100GB. For comparisson, Hetzner charges you 1€ per 1TB of outgoing traffic while incoming is free.
So even a reduction to 0.2% would habe been possible. Honestly don't understand why anyone feels comfortable overpaying so much. Especially when there is no configurable spending limit.
Eh, I wouldn’t say that’s necessarily the case. AWS support, for example, tends to be really good about waiving charges for things that are clearly your mistake, like an unused instance that you forgot to turn off for a couple months. That’s not because hosting instances doesn’t actually cost Amazon anything! It’s because they want to keep you as a customer even if it loses them a bit of money right now.
In the Netlify case, though, insisting that this person still pay 5% is downright insulting. I’m sure they’re taking a hit already - just waive the whole thing.
AWS support, for example, tends to be really good about waiving charges for things that are clearly your mistake, like an unused instance that you forgot to turn off for a couple months.
This is an admission that their UX sucks and makes it hard to know what state your account is in and what you're paying for. They waive the fees because a few high profile cases of people paying thousands due to the AWS console being awful would drive a lot of customers away.
Nowadays for customers spending millions of dollars you'd expect (at least, Amazon would expect) that the customer has a FinOps department who are already working on getting the most 'bang for their buck' out of what they're paying for and minimising their spend, and they would jump to another platform in a heartbeat if they thought they could save money. It's not unreasonable to think that you don't need to do these customers any favours to keep their business, because those customers are big enough to look after themselves.
For smaller customers, the friendliness of customer support and the flexibility to help them if they make mistakes is much more likely to be a retention consideration. And who knows when a company spending 3 digits a month becomes a customer spending 6 digits a month? You want to be the provider of choice in case the company grows.
AWS will save us so much money! We don't have to pay for people to look after hardware! ... just pay for people to set up AWS, and maintain AWS, and make sure we're not paying thousands extra for AWS...
Yeah, exactly. I’m talking “I got billed $15 for an instance I haven’t used for the last few months. Can you refund me?”, not “You guys mind writing off a million or two?”
Is it, though? We've been getting a lot of pushback for months, even for things that weren't really completely our fault (and were made worse by the horrible lag of cost explorer), or even for things that were aws bugs. Maybe now it's official policy, but definitely it's been hard to get refunds for a while now. They were throwing tens of thousands of dollars of credits at us to just play with new services a year and a half ago.
I wonder if you’ve hit some kind of internal limit. I don’t know if such things exist but I’ve noticed a pattern around how discounts and credits are allocated.
I do feel your pain though. Managing AWS costs can be a full time job itself.
That’s not because hosting instances doesn’t actually cost Amazon anything
Except it doesn't cost them anything. The marginal cost of keeping your single instance running is $0 (unless they were 100% out of capacity and they could have sold that instance to someone else either at full price or spot price)
But that's not what's happening: they aren't keeping a full host for you.
Your argument is like saying that a bus traveler costs the gas needed to power the bus, but it's never the case: the bus would be cruising no matter what. And symmetrically the VM host would be up no matter what you did with your instance.
You assume that the hardware would be unneeded, but that's a very strong assumption.
It would be very bad for any cloud provider to leave hosts with only one VM running on it, and you can be pretty sure only very small minority of their park that end up in that situation where shutting down a single VM would lead to a shut-down of the entire host, because it means that the host was vastly under-used in the first place.
As far as I know, most cloud hosts don't actually support automatically moving live VMs, so I think it's fairly common for a host to be left running a single VM.
At least in AWS, they never supported this, and in fact may require you to reboot an instance occasionally in order for it to be moved to a new hardware host (typically when they are upgrading their hardware).
But why are you talking about moving VMs?! Looks like you're adding tons of far-fetched speculations at every step of your reasoning.
The way you easily deal with this issue is very simple and does not require moving VMs: you just allocate newly spawned VMs to existing hosts with available room! When you do so (and they obviously all do!) you end up with little unused hardware…
Say you have 3 hosts, each with a capacity of 10 VMs. At some point you have 28 running VMs - 10 on host1, 10 on host2, 8 on host3. Someone then closes down 2 of the VMs on host1, and 7 of the VMs on host3.
Now you have 19 VMs running, but need to keep all 3 hosts powered. If you don't have live VM moving, you are now forced to keep Host3 running only because 1 VM is running on it, even if that VM is idle. So, this one idle VM is responsible for all the energy consumption of host3, and will continue to be so until at least 3 more VMs get started (since you have room for 2 more VMs on host1).
If you did have live VM migration, or if the idle VM were powered down instead of running idle, you could close host3 completely, moving the VM to host 1, and only re-open host3 if needed for new VMs.
This is equivalent to the problem of memory fragmentation. Even though overall usage is low, if host usage is highly fragmented and you aren't allowed to move used memory around (compacting), you can end up consuming far more than actually needed.
Except you don't have 3 hosts but 3 thousands, and during the time you're stopping the 9 VMs somebody else is starting 5 or 15 new ones!
Yes it is similar to memory fragmentation in some way, but your argument is like saying an integer stored on the heap costs a full memory page! You realize that it's nonsense. Sure in extreme edge cases it can, but that's not a good metric to know the memory footprint of an integer!
Being able to move VMs is nice as it allows more host use, but it's doesn't mean hosts end up with single idle VMs often!
Then you need to account for their low share in idle VMs when measuring how much electricity it is responsible for. If it's only the case for 1% of the idle VMs, then you need to count only 1% of the electric power of a host per idle VM (+ the small fraction of a host CPU power that an idle VM consumes). In any case, it's going to be very small (~$20/year)[1] and the “it costs them nothing” is a good approximation of that, or at least a much better one that assuming that the cost they charge you reflects an expense on their side (which is the point that was argued by rafram at the very start of this discussion.
[1]: let say 10W, which at $.2 per kWh[2], ends up costing $17.5 for an entire year!
What does "idle" mean? Both a Linux or Windows OS not running any active software will still do computation and even network traffic (disk cache wrangling, indexing, checking for updates, NTP clock syncing etc), and requires electricity to do so.
It's very low cost, especially if its on a VM from a host that otherwise runs other VMs, but it's not 0. And if it happens to be the last VM preventing a hardware server from completely powering off, then it's actually quite far from 0.
At that scale, probably. Especially since AWS would offer you discounts over their public prices too. Netlify et al probably stop making sense when they cost more than a few engineering hours and the cost of AWS, Azure or GCP
>it shows how disconnected this is from their real bandwidth cost
It's a value added service, they don't trade bandwidth as a commodity. Therefore unfair characterisation.
Plus, if you dive deeper: Bandwidth doesn't cost anything because bandwidth is just about pulsing some light in some glass fiber and applying some minuscule voltage on some metal fiber.Okay, maybe it costs some amount of electricity but all this is just a business model for paying on capital expenditure through time share arrangements. People can have all kind of models for this, for example you can come together with others or pay it all by yourself to install the equipment and have free bandwidth for the lifetime of the equipment.
It's all just arrangements to cover the capital investment and earn something on top of it. That's not a scam. A scam would be if they didn't account correctly for the timeshare usage or induce usage to boost payments.
I really don't get your point. If you're a hosting provider, the very thing you're selling is bandwidth (and disk space). Everything else is a value added service.
I disagree, they are not a colocation service that happens to rent servers. They are opinionated platform for deploying web applications in a specific way. The bandwidth happens to be a necessity to do that and also a useful metric for billing by usage.
This is true for all businesses but maybe more so for tech:
Don't have a business model that charges customers for your mistakes.
This customers bandwidth usage jumped from free tier to $100k in very short time. To be honest, this shouldn't even be possible. Any "free" tier that allows for a surprise $100k bill is not a free tier.
This bandwidth usage is the result of a mistake on Netlify's part. That much seems clear.
To go and suggest that the customer is responsible for any portion of the bill is where things really went sour imo. Don't do this. Ever. Unless you want your company to go viral for all the wrong reasons.
If you want another good example of how badly this can backfire, look at what happened when Unity announced their new pricing scheme. Unity's new pricing scheme also allowed for unbounded bills. At first they didn't even deny this. Later they said it was a customer misunderstanding. I.e., they blamed the customer for their mistake.
Thankfully, the CEO of Unity was fired.
The lessons are very straightforward:
1) Don't implement predatory pricing schemes (this can even be done unintentionally, but the intent doesn't matter).
2) If you do implement predatory pricing, the worst thing you can do is put on your surprised pikachu face when the customer asks why their bill is bigger than their annual income.
Since the author has gone viral I expect some netlify exec is going to take over and write this bill off to $0. In the words of Kramer “these big companies, they just write it off!”
A moment of silence for the people who got DDoS-ed, didn’t go viral and still had to pay $5k.
The very fact that you expect that making front page of hn will make them cancel that bill means that it will soon be over.
These kind of stories (alongside cancelled accounts) repeat over and over again and will soon become so not newsworthy that they will either not end up in front page, nor people will check on the eventual outcome which means these companies will get away with not moving a finger.
Nah. I think the dev community has long memory. Events like this is damaging for years. Whenever Netlify is mentioned, someone will inevitably point to this thread for a few years.
When I received a message from the bank saying my account was in the red I discovered that AWS had been billing me 1100 / month for 5 months before I even noticed. It was for something I'd set up one night while bored and then forgot about it. They drained my account :( Even had the nerve to say I had to pay for premium support only to get a "lol, pay" response.
If you bend over and pay in such circumstances, you are part of the problem. Twilio tried to pull this crap on me and I simply created another account with an email forwarder and left them holding the bag on the previous account
Here is my shiny new super business plan for a startup that will profit thousands from a supposedly non-paying customer:
1. Offer “free static website” with lots of templates and guides to help you build one
2. The first 100GB is free and beyond that it’s $0.01/MB. But no worries! Very few customers actually use up that free bandwidth and in case you need more you can purchase packages for $100/TB. Also we offer a free service that will help you get your site more visible by advertising it, it’s included by default.
3. After a month or so, randomly help a customer bump the website and make it popular by putting it in some list that is frequently crawled. Secretly hire someone else to crawl these websites and make lots of download requests
4. Once the customer suddenly gets 10TB of traffic, bill them for 9900GB which is $99000
5. As long as 1 out of 100 customers pay, you are profiting $990 per customer! For the rest of customers, offer a 5% discount so they only have to pay $1980. Threat taking them to collections if they refuse.
Become the next millionare by just selling free static websites to 1000 customers! Anyone join us?
There's no way in hell anyone should ever under any circumstance use a free service that might, for reasons entirely outside your control, suddenly bill you 5k, or 104k... or any non trivial amount really.
Yeah. Elsewhere in these comments there's a link to a support thread[0] where Netlify support essentially says you shouldn't ever need an option to suspend your site at a certain point because:
#1. If you think there's any chance of getting DDoSd, you should already be on a business plan instead of a starter tier.
#2. If you think there's any chance of your site going viral, you're going to want to pay the cost anyway to let all those people visit.
I agree that's ridiculous and that the lack of any option of capping costs would mean I'd never sign up for the service. But that's the official response, for what its worth.
I'd think Hacker News actually comes under #2. If 100,000 people come from Hacker News to look at your hobby site about the Aamber Pegasus, you're supposed to think of how you've improved their lives by letting them read about it.
Yeah Like wtf is wrong with that? Are people just to lazy to check what the conditions are when exceeding traffic? I'd never ever sign up for anything that just keeps charging...!?
too lazy is a bit uncharitable. These terms tend to be buried 8pt font disclaimer text and esoteric metering matrixes.
meanwhile in size 72 font on the marketing page it says FREE STATIC SITE HOSTING!
that's why this thread is more or less condemning scammy business practices.
[edit] check out this forum explanation from render.com billing:
> Free Tier Services are suspended, no overage charges. Paid Tier Services are unaffected (Free Tier Services can be upgraded to a Paid Tier, this isn’t an overage because you are manually intervening.)
Exceeding allotted Bandwidth does result in automatic overage charges. $30 for additional 100 GB blocks.
Exceeding Pipeline Minutes results in deployments failing and no overage charges by default, you can configure whether you want to allow overage charges for additional blocks of Pipeline Minutes.
I still don't understand, free tiers are suspended so no overage charges, but then how can they exceed bandwidth of which we're liable? x_X
People don't check for every possible thing that can go wrong, otherwise we wouldn't have time to do anything. I remember when I got charged a "cancelling fee" for cancelling my Adobe subscription that accidentally went past its free trial. The situation was so ludicrous that I had never imagined that they would charge something like 6 months worth of subs me to cancel a monthly subscription. In the end I got out of it and paid nothing but I have absolutely hated Adobe ever since.
These things are scams because they prey on the fact that they're the only one shitty enough to do something so shitty and are counting on you not realising just how shitty they are.
Sorry, maybe this is a generational thing? I always look for a catch when something is "free". Your example as old as time, offer a free trial period but if you don't cancel X days before it ends, you automatically subscribe for another week/month/year. This has extended to getting a big discount for your first year after signup and then you pretty much have to cancel and go to a competitor, or wait until a couple days before the contract ends and some sales rep will call you and offer you another discount. It's scummy, it sucks, but it's been s reality for decades and is only getting worse.
With hosting - be it cloud or virtual or real hardware - the problem has always been that bandwidth use is completely outside your control. It was the first thing to check in the early 2000s and still is today, to an even greater extend.
So yes, sorry, as the other reply says, I might come across uncharitable or even condescending, but as tech people developing tech stuff how can one not be at least a little careful when there's a big "free candy" sign slapped onto something?
I definitely think this is a generational thing. Like you, I come from the land of "everything costs something" and treat free with suspicion, but also, we have been conditioning people to expect things to be free, and to bury and distract people from the real cost of those things for quite some time.
Two of the largest video content distribution platforms on the Internet, YouTube and Twitch. Free!* (just watch these ads). Store your data on the cloud with Dropbox, Google Drive, or OneDrive! Free!* (just let us harvest data about what you put in there) Hell, 25 years ago, you want to get on the internet? Use NetZero! Free!* (just look at these popups) And this pattern continues to be pervasive. And the real killer here is that we keep getting things for free*, so people that weren't around during the introduction of these tactics have grown accustom to it as if it's how things should be.
So, I agree, we really have a problem here in messaging and in using misleading psychology to bury dark patterns like the true cost of Free in services we use. We probably should be teaching more folks to beware of the true cost of things, that if it's free, you're the product, not the user, so on and so forth.
You do not understand. Of course I know that if I fail to cancel, then I must keep paying. I had a month's subscription. At worst I expected to pay for one extra month of subscription before I remembered to cancel. I was OK with that perceived risk and understood it.
What I did not expect: to cancel one month of subscription you must pay 6 months of subscription as a cancellation fee. Maybe you expect that, but I have seen that anywhere else and did not expect it.
>So yes, sorry, as the other reply says, I might come across uncharitable or even condescending, but as tech people developing tech stuff how can one not be at least a little careful when there's a big "free candy" sign slapped onto something?
But then where would you run a small hobby project that you'd like to run in the cloud? I have some small stuff I'm running on Google Cloud Platform, and honestly I'm scared of the same thing happening to me because there's no easy way to set a limit. But AWS and Azure have the same policy.
(In my case, I'm looking for somewhere I can easily deploy a set of ~5 Docker containers, they don't need to scale up, and it's a hobby project so I'd like to keep costs as low as possible.)
The big, professional, business cloud providers aren't designed for small hobby projects with expenditure limits.
You should look into going old school and just renting a VPS with any VPS provider that's not AWS/GCP/Azure. I know the big three are super popular, as are all of these "serverless" cloud companies, but very few of them offer the most important service for a small project: shutting down before you owe them a fortune.
Depending on the guarantees you want, Oracle has a free tier with no time limit. It provides 4 ARM cores with something crazy like up to 6GB of RAM for free. You may have a few days if downtime during maintenance, but once you've allocated the resources, you'll eventually get your services back from what I can tell. Best part is, if you only use their free tier, you need to manually upgrade your account to even be able to buy anything extra. Just make sure you have backups in case Oracle pulls an Oracle.
Or you could get a VPS from a budget hoster like Contabo, which isn't free but will fit most hobby projects I know just fine. They may shut you down if they're suffering from a DDoS because of you, but you won't get a $100k bill.
self-Host with a provider that has clear TOS and not twenty pages of fine print. Something like the good old "if you exceed X TB in a month, you will be limited to 10mbit/s for the rest of that month". As long as you're running a hobby project or even some side project that starts making money but is still beta, this should be good enough. Once business gets serious, you will inevitably have to spend more money, and you might have to look at cloudflare et al if you're actually in a business where ddos happen.
Seriously, if you just want to run docker, maintaining a debian VPS for that is basically enabling unattended-upgrades and doing a dist-upgrade every two years. If you can't be arsed to do that then maybe you deserve the 100k bill...
first of all these cloud services are designed especially for that, for autoscaling. Second of all, if these are hobby projects we cannot look every hour the costs etc unlike people who's that their job. So stop calling people lazy and pretend like you are better than others because you are not.
I understand that some businesses might want to take the hit from a cost surge because they get an even higher revenue surge. But a large fraction of sites aren't like that and would prefer a loss of service to a cost overrun. Service providers should always offer a "maximum out-of-pocket cost" service option. Those that don't aren't suitable vendors for most customers and customers should be warned about them.
As I recall, you have to actively sign up for the paid plan (Blaze) to get pay-as-you-go billing. Otherwise, you get free quota, and if it's up, it's up.
I think it also integrates into all of Google Cloud's billing management stuff, but I've never had to bother with that.
Use a virtual card with just a small amount of money on it to limit your liability. Won't work if you've entered a contract, but for a lot of these providers, including AWS it works.
This "one crazy trick" does nothing to limit your true liability.
If you go to a restaurant someone at your table orders 5,000 plates of mozzarella sticks, the fact that your credit card only covers $5 doesn't mean you are magically absolved from the rest of the bill.
For $100k, a debt collection firm would be more than happy to get a judgement against you. Credit card or no.
I once got a $65,000 water bill from the city for one month. I laughed and called them and asked them to re-read the meter and correct it, and expected a quick resolution. But no, they insisted it was correct for some time and that I needed to pay it. They said I probably had a leaky faucet or running toilet.
There was no awareness on the part of the customer service people how ridiculous that was. It would be physically impossible for my service pipe to deliver that volume of water even if it had been running full open for the entire month. I kept escalating until I reached someone who agreed, and they sent someone out to re-read the meter. And my bill was reduced to about $35.00, the normal amount.
Front line customer support isn't always very in tune with what is sensible for a given customer's account.
Water is a regulated utility. Anyone in a similar situation can contact the government authority who will gleefully tell the company to go to hell and possibly implement fines for inappropriate billing.
I wish that was so straight forward. You can google this incident where an empty lot got a 35K water bill and the water company said it was an error, then backtracked on that and still saying 35K is due.
> Towards the end of 2023, the DWM seemingly corrected the issue. Revive received an email stating: “The prior balance on the account reflected water leakage that was the result of Department of Watershed actions. Once the leak was addressed and the account properly adjusted, the corrected balance for the property is $219.24.” However, DWM soon backtracked and claimed that the $219.24 quote was made in error and that the nearly $30,000 balance still applied.
Although I am a very small customer of Vercel, I have been advising larger organizations on IT and data infrastructure for the last decade or so.
I can say with very high certainty that spending limits are a critical discussion point in every large organization when making IT decisions. I've observed multiple instances where a potentially better solution was not selected due to the risk of overspending.
It feels like they are intentionally making it complicated to figure out to avoid people actually setting hard limits. Vercel recently had a customer get charged 20k+ that posted on twitter. When Vercel employees mentioned this way of controlling it through a webhook, most people didn't even know about it. I feel like a hard limitbshould be easy to set in your projects settings and that it should have a default value.
I found the example I mentioned, it was from earlier this month.
Here is a link to the twitter post where someone got a 23k bill. In the thread you can find people confused about how this could have happened and why there are not hard limits to prevent situations like this.
https://twitter.com/michaelaubry/status/1757539928534315322?...
Here is a comment in the thread from their VP of product explaining how to set hard limits via a web hook. They said they would improve the documentation for it but some people replied saying they shouldn't need a web hook to set usage limits.
https://twitter.com/leeerob/status/1757960730865696892?t=mCD...
This is my worst nightmare as a bootstrapped founder. And that there's no way to put a limit on spend is ridiculous. Someone that doesn't want me to do well can simply ddos me into bankruptcy out of nowhere.
Just went through Vercel's docs:
---
"Vercel helps to mitigate against L3 and L4 DDoS attacks at the platform level. Usage will be incurred for requests that are successfully served prior to us automatically mitigating the event. Mitigation usually takes place within one minute.
Usage will be incurred for requests that are not recognized as a DDoS event, such as bot and crawler traffic.
You should monitor your usage and utilize Edge Middleware to protect against undesired traffic based on its IP, User-Agent header value, or other identifiers."
---
That doesn't help me sleep well.
I feel that by now, these hosting providers should simply adopt best ddos protection practices and take responsibility for failure to protect.
"You should monitor your usage and utilize Edge Middleware to protect against undesired traffic based on its IP" - there should be some really good defaults for this right?
Clearly it's possible - Cloudflare's ddos protection is worded more strongly.
I'm willing to pay more for the service for peace of mind. Like, even $10/mo more to insure against getting smacked out of nowhere.
Cloudflare's free tier is ridiculous: We do over 30TB+ of genuine traffic for $0. Makes it hard to move to any other platform. As a small tech shop, this is my Hotel California I'm happy to never leave.
CloudFlare pricing is indeed positively ridiculous.
At OpenTofu[0] we’re using CloudFlare R2 to host the providers and modules registry[1]. Bandwidth is free, you only pay for requests.
This already would be great, but there’s more - you only pay for requests that actually hit R2. So with an almost 100% cache hit ratio, we barely register any billable requests.
Recently someone decided to load test us and generated ~1TB of traffic over 1-3 days. All but a few of these requests were cached, so the whole situation probably cost us less than a cent.
Is this in line with the TOS? I thought there were restrictions on serving non-website content in the free tier, or does that not apply to the CDN if you're using R2 as an origin?
We front our distribution service with Cloudflare Workers fronting R2 fronting S3 / Lightsail Object Store (https://blog.cloudflare.com/cloudflare-r2-super-slurper/). That brought our costs down from $500 to $2 serving the same amount of traffic.
> Cloudflare's free tier is ridiculous: We do over 30TB+ of genuine traffic for $0. Makes it hard to move to any other platform. As a small tech shop, this is my Hotel California I'm happy to never leave.
Yeah that's how Cloudflare can reach total control over the Internet. With thunderous applause by people that should know better.
I know that my position is outright blasphemous in this day and age, where even self-hosting a static site has become black magic and we need a third party to do it for us.
I don't understand this take. First of all, moving off of Cloudflare is trivial if you really have an alternative. Second of all, self hosting a static website is easy, but that's not we're talking about here. We're talking about DDoS mitigation, which is not gonna be solved over a weekend hack with a load balancer. At least, not at the scale that matters.
What would the Cloudflare going evil phase even look like? Is it anything like Netlify charging me 100k because they don't provide ANY DDoS protection? I don't see any FOSS tools preventing this problem.
You mean that all the people on HN that use Cloudflare's very generous free tier are at risk of DDOS?
Of course there is a benefit to selling your soul to the devil, what's the bloody point otherwise? I do not need to hear all the good things the devil got you, I am telling you that it is silly that "go Cloudflare" is the default advice is any situation because we have become lazy and complacent and we do not really care that we give the keys to the internet to one company.
The Internet gets shittier because people are lazy, and I need better arguments to being complicit to this than "I need DDoS protection for my 100-visitor a month blog."
> You mean that all the people on HN that use Cloudflare's very generous free tier are at risk of DDOS?
Yes? That's what this story is about. A random small website incurred a 100k charge because someone had the boredom to DDOS them today. Do you think you're not at risk?
> The Internet gets shittier because people are lazy, and I need better arguments to being complicit to this than "I need DDoS protection for my 100-visitor a month blog."
Gonna need you to explain the mechanism here. Because my argument is that Cloudflare is not the devil no matter how much you say it, and that using their service doesn't give them any keys.
What exactly are people lazy about and what are you doing alternatively that makes you different? Just not using Cloudflare? Because that's like not using condoms because you don't want to support a condom monopoly.
> Yeah that's how Cloudflare can reach total control over the Internet. With thunderous applause by people that should know better.
This is an emotionally-manipulative, anti-intellectual comment that certainly does not belong on HN. There's no intellectual curiosity or value in this comment - just scoffing, predictions of doom, manipulative statements like "I know that my position is outright blasphemous in this day and age", and other drivel that belongs on Reddit, not here.
Well, they have to pay for the amortized equipment cost. Which, yes, is much less than you think. The big 3 clouds have set their prices in an age when services were much more expensive to provide, and they make a big deal out of the fact they've never raised their prices - but they rarely lower them, either. Now they have insane profit margins.
The invisible hand of the free market has come to fix that, *but you have to opt into the hand by shopping around.* If you don't, you don't get its benefits! You have to willingly take the choice to move to cheaper providers instead of overpriced ones.
Hetzner Cloud: $1/TB (20TB free)
Digital Ocean: $10/TB (few TB free depending on server size)
AWS: $90/TB (0.1TB free, used to be 0.001TB free)
Netlify: $550/TB (0.1TB or 1TB free)
If you move up from $5/month VPSes, to real dedicated servers, you are now spending a lot more money and therefore you get more free perks. A huge number of providers exist that will give you unlimited or unlimited† bandwidth depending on how much you spend. Renting a powerful server with unlimited 1Gbps should cost a few hundred to several hundred dollars per month, and a powerful server with unlimited 10Gbps (i.e. 3000TB/month) should cost a few thousand dollars per month. You can even get some with 100Gbps (for tens of thousands).
Also consider asking your local ISPs and datacenters. If you live in a central area, you can probably get a comparable connection to a nearby datacenter if not straight to your office, for a comparable price. Data center connections are their bread and butter and they should be able to give you a quote quite rapidly; to your office will be a more custom thing.
Recently I got a quote for AMS-IX peering in Berlin, i.e. a peering in Amsterdam plus a link from Amsterdam to Berlin, about a 600km distance. That would cost 950 euros per month. If 1Gbps, it would cost 300 euros per month. Even though it's not really got anything to do with internet access (transit), I include this number to give some indication of the "true" cost of "raw" bandwidth.
A good number of small hosts offer very cheap bandwidth compared to AWS. With Cloudflare’s economy of scale, their costs should be even lower. You only need a ~100Mbps link to serve 30TB/mo, which would cost them ~$10, maybe less.
There are tons, the big providers like AWS, GCS, etc are really the only ones who charge ridiculous amounts for bandwidth and everything else.
Those big providers have pretty much normalized high fees and convinced people that's what it costs, the reality is any normal provider like Hetzner for example gives you tons of bandwidth for essentially zero cost included with your servers.
A good data center can sell you a sustained 10Gbps for, and I’m guessing at going rate, but like 4-7k a month? If you’re making a commitment cheaper, and that’s basically a retail pipe for someone in a colocated facility.
For larger providers, bandwidth cost drops tremendously, especially if you’re well connected as transit is much cheaper and if you are really large or a network provider you may even be routing between your own facilities or in some cases from one customer to another and every large scale isp is going to want a “direct link” to your facility (a peering relationship). Those costs are astronomically small at scale for bandwidth.
The ISP or similar then turns around and sells a sustained network throughout as GB transferred, which isn’t how wholesale bandwidth is sold at all. So the get to charge for the data the pipe moves while they only pay for the connection itself — the markup added to this process is considerable.
For someone operated a global CDN, which is basically what they do, they have racks of storage and computer collocated all over the world and optimize the living crap out of their network to reduce their costs and make it run on as many peering relationships as possible. It’s an expensive and complex business to set up, but once it’s set up you get a fairly good and consistent return out of it.
The reason for this article is related to the nature of that business: it’s the issue of liability.
When you have policies where you protect your clients from downsides and excessive use on the network, you suddenly have to assume the role of paying attention to what’s on the network and policing it’s contents. That’s not possible with a massive system like this generally, so they push the liability down to the customer and discount the mistakes that come up. That’s why things are set up like this… this kind of stuff isn’t their business at all really. They are looking for the customers that convert and pay, which is very profitable, and the free tier is often thought of as a sustainable cost if you are large enough scale, as it substitutes for the rather massive expense of marketing and sales which is one of the largest expenses in a bandwidth focused business. CAC is the free tier.
There also competitors, but the benefits of scale are tremendous in terms of cost efficiency. A large provider might be paying just a very small fraction of a penny or less (even “free”) compared to what a small provider is paying. So that’s why you end up with fewer competitors because it truly is a business that benefits from economies of scale.
There are other smarter people on here who can correct any mistakes I’ve made or provide better pricing or whatever, but that’s the more in depth answer.
Yes, cloud services have inflated both bandwidth and amortized hardware costs to absurd levels. You pay for not having to know what to do in order to run something online. Until it breaks.
1) I have a big network and I exchange traffic with another big network. Think of "eyeball" networks like last-mile ISPs (Comcast, mobile providers, etc) where a substantial portion of end-user traffic is going to handfuls of well known networks - Cloudflare, AWS, Netflix, etc.
2) Comcast and Cloudflare say "Hey, I send you X TB/PB/etc and you send me X TB/PB/etc. We both currently pay another provider to route that traffic between us. Let's not do that."
3) In locations where it makes sense they basically throw a cable across datacenters, POPs, internet exchanges, etc. The cost for this is typically extremely low - it's basically a port on a switch/router on each side and MAYBE a "cross connect fee" from the facility. This is usually billed in the tens of dollars/mo if at all. It takes very little time/effort to configure this but of course the details are more complex - multiple ports, multiple facilities, etc.
4) Both sides start routing traffic between their networks over their new shiny direct cables and extremely high speed ports. Faster throughput, lower latency, improved reliability, frees up bandwidth to the transit provider they were using previously, and most importantly the cost of bandwidth between the two networks goes to zero.
This is all well known and publicly available because it's visible in the global routing table(s). Cloudflare, for example[0].
All of the large providers do this and AWS, etc charging in bandwidth per GB (especially at their rates) is more-or-less pure profit.
I have a theory that AWS, etc capitalize on people not really understanding this anymore. AWS is 20 years old - that's an entire generation of CTO/CIOs on down that are completely unfamiliar with these details and think $0.10/GB or whatever is "just what bandwidth costs". It is not.
People don’t really and have never fully understood this - and why Netflix using a lower tier provider with bad peering caused companies to … not upgrade their links.
I have heard that they rather drastically constrain QoS instead, which does sound reasonable. So you are still not charged for abusive traffic, but your service will be much slower than what is actually possible with paid tiers.
Yeah. Instead Cloudflare hosts the websites of DDoS sellers and refuses to take them down or tell you who they are. A lot of these DDoS-for-hire services use Cloudflare to hide their real IP.
I think a lot of people don't understand how cheap bandwidth is and is decreasing in cost practically every day. Amazon and Google have a lot of people fooled. Go ask someone operating in China and East Asia (and Japan) how much they're paying for local solutions.
Cloudflare in 2014 blogged about how they work relentlessly to bring down bandwidth costs by peering aggressively where possible [2] (which apparently means $0 for unlimited bandwidth [3]). And where they can't / don't [4], egress is 5x (est) the ingress (one pays for the higher among the two), but this creates an opportunity for an arbitrage and give away DDoS protection for free.
This is pretty similar to Amazon's free-shipping offer for Prime customers despite it being one of the biggest loss makers to their retail business. Prime basically has since forced Amazon to bring down costs through building expensive and vast distribution & logistics network that spawns the globe. Doing so was a considerable drain on the resources in the short-run, but in the long run, it has become an unbreachable moat around its largest business.
Analysts like Ben Thompson (stratechery.com) and Matthew Eash (hhhypergrowth.com) have written in detail about Cloudflare's modus operandii over the years, with both agreeing that Cloudflare's model is so brilliantly disruptive that even Clayton Christensen would be proud of it.
This is why we still use services on VM's and open source containers. We can move our services anywhere, including selfhosting. AWS and Google offer some amazing solutions, but lock in ain't worth it if you can manage your own stack via serverless/vm solutions.
By the time it isnt sustaninable I will have IPO'd and be the next offensive new money tech billionaire writing threads on twitter telling you the secret to success is the 5am grindset and everyone who isnt sinking 5mil into the next big thing (tm) can have fun staying poor.
> Cloudflare's free tier is ridiculous: We do over 30TB+ of genuine traffic for $0
It's not really ridiculous if you think about what you're giving them.
You are massively benefiting their platform by providing them data which they use to train their services and then sell those services to other customers.
I'd make a case that the data they collect is the most important part of their business and the free tier is a major component of this.
I don't think it's fair to call it their free tier - it's their discretionary tier, there are numerous cases of the rug being pulled as and when it suits their business requirements to do so. Being left homeless vs. urgently coughing up is exactly the wrong problem to be dealing with mid-attack, I can't see any way to consider it free by any practical definition
I know that putting all eggs on one basket and giving it all to Cloudflare is not a good idea, if they have an outtage then I would also have it to. But when they are down, one third of the internet is down with them too. With 240$ a year for CDN, 60$ a year for serverless and $0.015 / GB-month for S3-compatible storage with free egress, I don't think anyone could find a better alternative than CF.
I'm mixing with AWS, CF and self-hosted machines and the infra cost is less than 5k$ a year. Now I can spend the remain hard earned money for some fresh marlboro cigarettes.
Use a token bucket on your web server to catch abusive IPs and then blackhole them using `iptables -t raw -I PREROUTING -s ip -j DROP`. I know. I run https://ipv4.games/ which invites hackers to unleash their botnets, and the service runs on a small VM with only a few cores. It's been attacked by botnets with 49,131,669 IP addresses. There's no Cloudflare frontend or anything like that, because back when I used Cloudflare, the people who attacked the service would actually bring down the Cloudflare nodes before they brought down my web server. I doubt I've ever paid more than $100/month to operate the service. Please note that your service provider needs to have free ingress in order for this strategy to be effective.
This strategy may work for a (D)DoS that is targeted to an application layer, but won't work if the attack is designed to exhaust your bandwidth.
Once you're receiving more traffic than you network cards can handle, it does not matter if you'll drop the packets with iptables or not.
I was the target of attacks that caused Hetzner to terminate my contract. I was leasing physical servers there, so I assume the attacks were overwhelming their infrastructure.
These days it seems that DDoS attacks are often not targeted at bandwidth either, but rather packets per second. It is (apparently) much easier to exhaust routing capacity with an inordinate number of tiny packets than with a still large number of large packets. Cloudflare has some fun ways to deal with this [0].
What they did to me was flood the Linux Kernel with TCP connections. That's why it's so important to block IPs in the raw PREROUTING table. You need to nip it in the bud before Linux starts allocating any memory to the attacker.
I rent a GCE VM and there's not many if any people out there who can exhaust Google's network infrastructure. The only thing I have to worry about is making sure my server doesn't respond to abusive traffic.
I just declare firewall jubilee every now and then, where I flush the iptables and let people try again. It's also because people usually only control the IPs they use temporarily, so I don't want someone innocent later on to be blocked from using the service because someone abusive used their IPs beforehand. But even if I didn't do this, it doesn't cost much for Linux to iterate over an array of blocked int32's. It's really only allocated TCP connection resources that are problematic.
If you want to sleep tight just get a dedicated server or VPS from something like Hetzner and/or combine with CDN providers like BunnyCDN - set up alerts just in case though. It takes more time and resources to manage it but you could save a lot on it in this case.
This so much. My hetzner (best choice for a media server within Europe) has 0 downtime in 1.5 years. And exactly as you said I am using bunny as well, which costs me a few $ per year.
For most of the new web projects, setting up your brand new server is pretty well documented process and should not take more than couple of hours.
It get complicated when you grow and add more servers or components. But at that point, you should be able to afford a part-time consultant to handle complicated tasks or just use Cloud then.
I'm trying to sign up but it keeps saying "Verification is taking longer than expected. Check your Internet connection and refresh the page if the issue persists."
As a heads up, you can disable challenges almost entirely if you don't want any visitors challenged. Security -> Settings -> Security Level -> Essentially off
Yeah, I'm already using Cloudflare because of Google Domains got de facto killed by Google via transferring it to Squarespace. Why not Cloudflare Pages, CDN, and R2 (S3-compatible storage) too? I'm even considering paying for the paid tier in the future if I ever go above the limits of 20 000 files per static site and the 25 MiB single file size limit [^1] (more than enough right now or in the near future).
I was looking for a static site hosting option recently and tried out cloudflare pages. Fit my need perfectly. The generous free tier and the reasonable pricing model were the big factors.
Oh, and the ability to put some authentication in front of it was a big feature for me.
Host on a provider which bills per hour. This caps your cost. It also makes your users pissed because you will go down, but if you’re small, you can afford that. If you’re big, you already have scaling options and should have a team to handle ddos.
My experience is that customers don't really care that much about small amounts of downtime no matter what size you are, people mostly get that unexpected stuff happens as long as you don't get hacked or misplace their data. Customers might complain a bit but seldom leave because of a few hours downtime.
This seems to mostly hold true to developers also, GitHub manages to survive just fine after all.
Depends on your service. 20 second downtime on loading HN? Nobody cares. 20 second downtime on the last play of the Super Bowl - big problems.
For most internet consumers we’re accustomed to poor service so if a page doesn’t load we’ll assume it’s a local problem and try again 20 seconds later, same with buffering, it’s just something that happens occasionally. This is increasing the case for phone calls too. Legacy live tv and radio going silent though is still a major issue, especially on live events.
Sure, but now you're talking about sites with completely different service level objectives, and conversely, different budgets for their hosting. The problem here, to play off of your analogy, is that Netlify is treating every customer, many with SLOs likely less strict than HN as if they are the Super Bowl. This is an assumption that, according to the most recent policy discoverable by looking through their forum posts, is a constraint of their platform, and something they tout as a feature, not a bug.
When users expressed concerns for a similar scenario that the OP experienced on their community forum, Netlify's staff responded with "how likely is this, really?" Only has to happen once to put someone in significant financial harm.
I think most people pick Netlify for it's Infra as a Service offering, so it would be nice if they had a way to throttle and budget in that offering.
I would even imagine Netlify's target market is small to mid size businesses who really don't need ridiculous burstable scaling capacity at all. Seems like a bit of a trap door for that customer base.
I agree though, I wouldn't host on them as a small business due to that risk, but I am also happy running my own server so I might be an edge case.
> Someone that doesn't want me to do well can simply ddos me into bankruptcy out of nowhere.
An interesting story that expands on the above concept but a different vector entitled, "Illegal Life Pro Tip: Want to ruin your competitors business?" :
https://news.ycombinator.com/item?id=36566634
Imagine you lost your job. So you are here enjoying creating and hosting your hobby projects in theses services. Now, suddenly one fine morning you get slapped with $104K bill because someone decided to randomly ddos your one page dog lover website.
Now, who in the would would be thinking of having ddos protection for their hobby project? This is just absurd thinking.
No. This is absolutely common. I remember well how shared hosters 10 years ago already put caps on cheap packages and took the websites offline in case of traffic. And today it's Amazon who bills small players into dept.
I always loved nearlyfreespeech.com for this, (prepay, and if you run out of money the site goes down) but found it to be a pain for projects that really needed a VPS
Folks regularly show up in HN comments during these discussions stating the opposite—that it's categorically better for all sites/projects, now matter how inconsequential, to stay online. It's weird.
This includes some of the TPTB, too. Occasionally, though, someone'll say the quiet part out loud. E.g. re fly.io:
> putting work into features specifically to minimize how much people spend seems like a good way to fail a company
This may seem weird, but I believe ToS ae the real problem here. I call it the "car rental" problem.
When I rent a car in person, I am often given a contract. And this contract is filled with tiny print, and pages of it.
There are often people behind you, waiting, and bored/annoyed people behind the counter, waiting. This is beyond unreasonable.
A point of sale contract should be short, in readable text, and understandable. For example, renting a car? Under a page, easily parseable, and if the person behind the counter cannot explain it, it is null and void.
From a legal side, you can do this. And you can explain legal terms. Of course this means you are describing intent, which limits one in court, oh boo hoo Mr Lawyer. Cry me a river.
Well the same should be true of any retail contract. Sign up for a service? One page with costs listed.
At least then, there is hope of an end-user sort of understanding. And as one could claim that a DoS was actually targetting the provider, and not the website, that should be described too.
So back to the topic at hand. I would write a demand letter, insistong Netify explain the charges, and ask them if they and their IP ranges were DoS, and if so that the charges be reversed.
Because you shpuld not be paying, if someone attacks Netify.
This letter should also be sent by mail, sig required, to the corporate address too.
> When I rent a car in person, I am often given a contract. And this contract is filled with tiny print, and pages of it.
As someone who reads the agreements I sign, one thing that has become prevalent is that they're so used to people not paying attention to what they're signing that they're sometimes not even giving you an accurate copy to review. For example, you read the thing and think, "Okay, I can work within these parameters," then you sign, and later get an email containing your "agreement", but it turns out what's in the email is a different set of terms with a bunch of stuff that wasn't in the terms you actually agreed to when you signed. Or someone hands you a pad with an "I agree to the terms" box checked beside the signature line, and when you ask to see the terms you're agreeing to, they're caught off guard (being totally unequipped to let you do that), which turns into being flummoxed with how to proceed, which turns into getting angry with you for asking.
Yup. And that's the part that needs to end. The angry part.
I have seen people understanding, but with a "oh, you're one of those people" looks on their face. That too is entirely uncouth. But people should start recording these interactions, not obtrusively as the purpose is not to intimidate, but instead just make a record of what transpires.
I think legislation that makes it completely legal and admissible in court, any recorded retail interaction, might be an interesting change.
Because if you are presented with a contract and "JUST SIGN THE DAMN THING!", or "It just means $x", or "People are waiting, just sign it!" and so on, that would likely go a long way indicate compulsion, or even (by describing intent) change the entire contract itself.
If this happens, it may be cheaper to just have sane contracts, and do non-dumb things, then try to train every employee that has public contact.
Every rental and service is so optimized against scammers and abusers that being a perfect legit customer ie. simply want to pay, use the resource, then return the item or terminate the service, you're walking along the edge of a cliff. Annexes, penalties, fees and charges, exclusions, "sign this one more form, everyone signs it". Housing rental is another extreme example, one is simply unable to just get a job in new location and rent something long term.
This applies even offline! Have you ever tried to get a hold of exact insurance policy wording before going through their entire sales process? Impossible, in my experience, whether it's long-term insurance, vehicle insurance, pet insurance, etc.
Unfortunately, in today's world, DDoS protection is the equivalent of basic hygiene, foid and road safety. It's just a travesty that the hosting providers don't feel like it's their responsibility to address it.
“We leave your safe deposit box unlocked. You might want to forge your own lock and key. If we happen to notice someone stealing out of your box, we will let them grab as much as they can for one minute, then maybe install our own lock if our revenue is close to target.”
This is not a hard limit, this is just a webhook and you need to handle disabling everything on your own.
1. You can make mistakes in your code.
2. Some junior developer can by mistake change the code and make it ineffective.
3. Webhook is not instant so you can get billed more than the limit.
4. There is no information which project hit the limit, so you need to Fetch all of your project ID's and then disable all of them. You need to basically disable all the projects assigned to your team/organization.
5. Vercel doesn't guarantee in any way that you won't get billed more, they are just sending an information to you (with a delay).
Hard limit should be a deal between user and company that the user won't ever get billed more than X$
More reasons why I avoid clouds with outrageous bandwidth fees, and prefer Hetzner's low cost fixed pricing with Cloudflare R2's 0 egress fees.
Even if the DDoS wasn't caught by Cloudflare, the total cost for 192TB bandwidth on Hetzner would be €172. Although even after 10 years on Hetzner I've never paid for any bandwidth, always well within their generous 20TB free bandwidth.
First of all Hetzner would't let your server to be DDOSed for 192TB if it's not your normal usage. They'll likely just null route your IP if serious attack hit.
They also likely drop any charges if you escalate via support in case it was actually DDOS. E.g if you normally have 100GB / month and now you magically have 50TB / day.
I really hate Clouflare and at the same time love them. Love them for their free, generous 500k req./day pages and workers, hate them for not having spending limits (or at least I can't find them). I get that they probably don't care about individuals and small businesses paying them peanuts, and corps can afford to pay extra if something blows up, but for me it just means I will only use a free account, and they get none of my money.
I also take advantage of their free services and only pay for R2 on Cloudflare since it's the best value managed provider I could find.
I prefer to keep my App's stateless and running in Docker containers which means storing all uploaded files and generated assets in R2 managed storage - which is also used for Litestream backups of our SQLite databases.
Blowouts are minimized when using low cost services, e.g. we had a rogue process that ended up causing 1.5M writes to R2, which only ended up costing us $4.50 in that month.
I recently rewrote a website/small backend API for a non-profit organization. I could've gone with a serverless architecture for our forms handling API and reduced spending to nearly the free tier, but I had no good way to protect against a scenario like this. There was just not good enough documentation about how to completely cut off spending in the scenario of an attack, and I wasn't comfortable leaving the organization open to a cost attack like this.
So we're using Github Pages for static hosting and a $5 box from OVH now. Unmetered bandwidth, plenty resources for our purposes. Cheap enough, and we will never, EVER, have to worry about an attack like this. Well worth it imo.
Imo, serverless is great for internal jobs where you can control spending. For public facing things, you have to be a lot more careful.
Yeah I'm doing the same, a combination of OVH, Scaleway and Hetzner.
Sure there is no such thing as "free unlimited" bandwidth but I much prefer unlimited with a fixed cost until they decide it's not worth it and shut me down vs unlimited risk with no ability to cap it.
The lack of cap is the worst part and it's 100% a business decision. Every provider who tracks bandwidth could add a cap but they just choose not to because it's too profitable and the risk is mostly* on the customer anyways.
*there is of course a tiny chance they the customer goes bankrupt and they get almost notning, but usually they just need to pretend to be nice and forgive all or most of it
I just checked pricing on hetzner (not affiliated with them). First 20 TB are included with VM price, after which it's 1.19 euros per TB. If this happened to someone hosting there it would cost them additional 50 euros. Can't believe the difference in traffic pricing. Netlify is over 1000x more expensive per TB.
People will throw up all sorts of excuses for not just renting a VM for a static site - scalability, ease of use, security.
But in the vast majority of cases you could just take a $5 VM, apt-get install nginx and be absolutely fine. A tiny bit more effort and you can make sure it's always up to date and very secure. Plus you get a VM you can use for other things when needed.
Just regular managed web hosting is enough for simple websites for people who don't actually want to manage a whole server. You don't have to manage anything with such a plan, just put your files where you're told and that's all. It's how simple websites have worked for decades.
Hetzner's plans start at 1,76€/month with a domain name included and unlimited traffic. OVH is slightly cheaper.
I'm probably too old (?) to understand the appeal of Netlify or other similar services, but I really don't understand why they get used.
By the way, Netlify says "100 GB bandwidth" is included with the free plan which I thought mirrored Hetzner's number of "30 TBit total bandwidth", but you have to click the details to see that it's 100 GB per month. So not bandwidth at all, but traffic.
Problem is if you get 10x that traffic, which would already be 500€ in Hetzner, right? Of course its much cheaper and it's very unlikely that you'd get a huge bill but with them, but after all, it would be great if you could just say "Shut my machine down when my monthly spending gets to 100€"
If you use Netlify in the free tier you cannot automatically go to pro tier either. Yet they will charge you for bandwidth > 100GB, and THERE IS NO WAY FOR YOU TO SWITCH THAT OFF, even in the free tier.
"Should be fine" is exactly what is not the case here. Better check your Vercel terms again.
From every Vercel document that I can read though is that when you exceed the limits of free tier they are just locked for 30 days unless you upgrade to Pro.
So unless I am mistaken this cannot happen on Vercel.
Would be for a new business. Not a fan of introducing this sort of tail risk & whatever other risks I don't even know about for their managed service, when there are simpler ways to host I've done for years.
That sounds like a company that is happy to ignore customer pain. Agree, default-on telemetry that cannot fully be disabled is a red flag that on their side, the people with development experience have no say.
This seems like a lot of brouhaha about nothing. They just recorded the fact that a user opted out of telemetry, they didn't stealthily send telemetry against user wishes.
A few years ago I taught an introduction to website developmment module at a university where students built jekyll sites. I got them to to host on netlify. Now that I no longer teach at that uni and their email accounts will have expired I'm wondering if there's any way I can contact them to tell them to take their sites off netlify... Disaster if they get hit by charges like this.
Not necessarily, the majority of them probably wouldn't have ended up in anything tech related. But they probably did end up back in China, so hopefully it would be hard to demand payment at least?
Netlify charge $55 per 100GB for overages on their starter plan. Keep in mind that they’re being billed by their provider at 95th percentile billing. That means they have ports running at say 100 gigabits per second and have a commit of say 50 gb/s and they’re billed a flat rate for that as long as they don’t go over. Because they’re billed 95th percentile they can spike their connection traffic massively for 5% of the time and not get billed more. So Netlify themselves have a safety net and don’t need real-time monitoring to immediately cut their usage. And of course any spikes from a single user are massively diluted among their entire user base. So, yeah, they’re gouging big time.
What they should have is monitoring per user and a default that 503s the site with no overages that has to be proactively disabled by the user. Instead they’re just letting it ride and trying their luck by negotiating down the overage charge to what they think the user can stomach.
It's also worth pointing out that Netlify's pricing of $550 per 1TB is 5x more than AWS, Google Cloud, and other massive cloud providers charge, and those are already known for extortionate data transfer fees (50-100x more than more reasonable providers).
And it is, I remember cases where telcos were prevented from charging thousands for roaming expenses because they were not licensed to make large loans.
Oh God roaming is one my biggest nightmares and it’s the worst UX to not get charged, too. ‘You want to go on vacation? Make sure to hunt down an option hidden 3 levels deep and enabled by default because we really like money and you didn’t read the fine print? Too bad, we really like money’
Thank you EU for regulating roaming! I remember being afraid to turn on data because the law was so new. At the end of the month the bill came and I was relieved to see 0€ extra for 7GB of traffic.
looks like it is not just defaulting to unbounded liability. it is forcing unbounded liability as there is no way to turn it off and limit your exposure.
I have been using Netlify for years, for my own projects, but also recommended it to all my freelance clients to host the projects that I was building for them.
Going forward I will move all my static pages to other hosting providers.
The Netlify team must think:
we waive the fees, because in this instance we noticed the negative press and want to avoid this from blowing up. When this happens to other users, we don’t care, as long as it does not go viral.
Such a pity, Netlify has great UX and I was so happy hosting static pages on their service. But without spending limits, this is not an option for me any more. I could not sleep well when there is a possibility of a $10.000 invoice reaching my inbox.
There is a lot to be said for just hosting your own VPS and learning how it works especially for smaller sites. The effort to host is small and you're not going to get smashed with a bill like this.
This and that similar story recently about Vercel makes me feel iffy about these services at this point. I guess I’ll either use Cloudflare pages or simple dedicated machines from Hetzner going forward.
I was searching for 'cloudflare spending limits' based on comments here, at first glance they (like Vercel) seem to have a notify don't terminate policy.
Have you tested it end to end? When was the last time? I'm slightly worried about solutions like that. I like when it's all host's responsibility. (Having your own system on top is nice though)
This happened to me on a much smaller scale about a year back. I was never happier to have stuck to my guns, building my whole site with a single `hugo` command - it made it very easy to migrate off that platform for good.
If anyone has a solid bash one liner to stress test a website, so that I can test whether my cloud billing cap will work correctly if I accidentally try to egress 100 MB of data or something, I would seriously appreciate it. There was one on a blog post here like a year back, using apache iirc, but I forgot to bookmark it.
apachebench (cli command ab), is an Apache licensed stress testing utility, not much relation to the web server, which can be easily used to stress test a webserver.
the binary should be easy to install with your package manager, you may have it installed already
I am a business user with netlify. I have unlimited functions calls on that plan (fair use of course!) and use their JWT protection that redirects to a login site at the cdn level, so you can rate limit. Not a solution for public static sites though! You are metered on the starter and pro plans after the starting limits.
They seem to have dropped that plan now.
I was starting to move back to traditional hosting as these platforms are convenient, but you do lose control and get hammered for their addon services and simple things like static ips are beyond them, even if you offer to pay.
Also, if their cdn is naughty listed, corporate networks may block your site as you are sharing pro and business plans with free sites that maybe serving malware etc.
Hearing this story has pushed me to move.
I hope they sort that for you, they really should have the ability to protect a site and let you choose what to do if you are exceeding your limits.
It's impractical because residential internet speed is very asymmetrical and behind NAT. You will still need external service to get around the NAT thing and the fact you don't have a static IP.
You do not need a lot of speed to host a personal or hobbyist blog, and NAT is just something you configure once and it's done. I use my domain providers API to update the DNS records as soon as my public IP changes (with a tiny shell script on my server). I even host some semi-commercial sites from home and it is fine :)
I would much rather run the chance of some occasional downtime in exchange of being in control of the infrastructure and owning my own data. I really like the idea of a inter-connected net that is kinda spread all over, not super concentrated to a handful of data hubs.
That could be a nice backup for when I experience downtime, but I would rather run a simple webserver at home for stuff that does not require extreme scale or a lot of resources. Hosting some websites at home is not that complicated and it keeps the dream of a distributed Internet alive!
This is the reason I've never used all of these user-facing serverless services. The price depends on the usage, but if anything goes wrong they are the ones to decide what you pay. It's not comfortable thinking that you could screw up, or get DDoS'd, and the remedy is hoping they wave the bill.
We need a separate ‘shame’ tab at the top for crap like this. There must be so many more of these asshole bills being sent out that aren’t lucky enough to get voted up.
What the hell. Netlify has implemented all these customer-hostile billing changes. Literally the worst. I migrated my company's site off of Netlify when they tried charging for per user on one of my repos (a documentation site). Glad I left them and never looked back.
Being able to set a soft limit (email me when I go beyond it) and a hard limit (shut down my service) seems like a very simple solution. How is it not a thing in 2024?
Also, being at the mercy of a CEO and their understanding is a no go, whether you're a company or an individual. We want to be 100% sure we're not going to get bankrupt when using a service. "Don't worry, our policy is to usually erase the debt" is not an appropriate answer.
Really uncomfortable with how many services like this are “we scale to your needs” and end up here. I guess capacity planning from oversubscribing bandwidth is its own can of worms but surely that is a bit… less surprise generating.
A successful distributed denial of money is likely much more devastating to anyone except really large companies than a successful DDoS. For a personal accounts it is entirely devastating with no upside, but even for a startup it would probably be better for your site to just go down instead of having huge bills generated.
I guess I never want my personal blog/site to be successful. Can't trust that I will wake up to a huge bill from EC2 or my CDN provider. Feels like health insurance in that even when you have insurance, you are never 100% confident you will not get some huge hospital bill. The pessimistic part of me says this is all deliberate to prevent the "little guy" from competing these days.
If you run on a single EC2 instance and you aren’t running an auto scaling cluster or anything of the sort, it would be pretty hard to get a huge bill. I much prefer that and the chance that it goes down then autoscaling or severless. Most serverless solutions have also gotten so config heavy or complex to make changes that most projects feel much better to me on an instance I can ssh into and poke around without having to call up support.
Thanks, I use a "small" EC2 instance for my personal stuff (about $35 a month), with the Cloudflare free version, but I honestly don't know and what would happen if something went viral or a DOS. Would the bill be double? Triple? Would the site simply crash. What does Cloudflare do? I honestly have no idea.
Site would just not run if you're using EC2 directly and the machine can't handle it. Not sure what cloudflare does, i don't use it, just AWS directly :)
Cloudflare. You will get a call if on a free or pro ($25/month) plan [1] if your bandwidth usage is so high it would warrant increasing your plan. Worst case, they turn you off. Preferred over denial of money attack based on your use case. Set and forget after pointing at your origin (time is money).
You'll get a call on any of their plans if your bandwidth usage exceeds certain thresholds, I am assuming your median usage is relatively tame.
Disclosure: Cloudflare enterprise customer, no other affiliation. I don't get anything for saying nice things.
You typically can't replace Netlify with Cloudflare. You need something like Github actions with some storage, S3 or something and then one can put Cloudflare in front of it all for caching, DDOS protection and so on.
Sounds like you're thinking of Cloudflare still as just the DNS/DDoS protection it started out with. I'm not that familiar with Netlify, but just going on your description:
For less than 1% of OP's monthly bill, you can build or obtain a more-than-enough server, drop your static files on it, and serve through nginx. And you get to keep it forever; there's no monthly subscription fee!
Seriously, maybe I'm just old, but I look at the pricing of these hip and modern SaaS products for dead simple software and I cannot believe my eyes. The "old fashioned way" works just fine (and has always worked just fine) and is orders of magnitude cheaper.
Hetzner or DigitalOcean with Coolify [0] works great, it's like an open source Heroku that runs on any host, you get git push to deploy, and a bunch of other features built in. It only works on one machine at a time though so it's not like a CDN but for small sites, it's great.
I use DigitalOcean to host some things (with my own setup for deployments with git push, because `curl | bash` is not a great way to install/maintain software).
How am I protected against extra charges for traffic?
Same here, using DigitalOcean instead of Vercel to host my Next.js app. I have a billing alert to notify of unexpected bills, but I don't know what DO does if somehow TBs of traffic are sent to my apps or Cloudflare, because DO App Platform actually uses Cloudflare behind the scenes.
I pay less than $5/mth for a VPS with static IP and 1GB/mth transfer. If I get close to any of my CPU/Memory/Disk/Transfer capacity I get a friendly email letting me know that I might want to add more capacity.
Dynamic type IP doesn't usually change for no reason, work around whatever instability you have, set BIOS so PC auto-restarts and OS launches apps when failed power returns, get a mini fanless PC which can be easily concealed, and you don't even need to tell anyone who doesn't have a need to know.
Whether that includes your wife or not is up to you ;)
I mean, the C10k problem was coined in 1999[0]. A 10W raspberry pi is going to be faster than any server of that day, so it depends on what exactly you are hosting if you need the noisy box.
EC2 is so much more expensive than a standard VPS from almost any other provider though. If you're not embedded heavily in other AWS products I don't think it's worth bothering with EC2 - LightSail is way more cost effective and gets you most of the features.
Love Bunny too, wonderful service and great team. I wish there'd be an easy way to set up auto-deploy to Bunny Edge Storage on GitHub commit (to avoid doing so manually), but I guess it's not to hard to do through GitHub Actions.
"In order to keep your service online, you are required to keep a positive account credit balance. Our system will automatically send multiple warning emails if your account balance drops beyond a certain point. If you fail to recharge your account, the system will automatically suspend your account"
Just checked, you can also set a limit on monthly bandwidth.
"Monthly Bandwidth Limit (GB) - Limits the allowed bandwidth used in a month. If the limit is reached the zone will be disabled. Set to 0 for unlimited."
I switched from Bunny to BlazingCDN, with same performance...
1000TB - $0.0025 per Gb
And the support helps a lot, they even made the config for Asia for free
Just something to keep in mind: this also has about half of additional bandwidth costs (above 100GB) of the reddit post, so in your case you'd be billed for ~$57k or so with similar DDOS. At least they seem to provide monitoring/alerts based on their Security page.
Not for me. It's always configuration voodoo. i've done it dozens of times and i used to think it's normal developer workflow. now i realize I was putting thumbtacks in my eyes for no good reason.
Creating an s3 bucket is easy enough. but you need to add the policy Json config to allow public access, and it has various versions across time and space. the one that works for me is like 15 years old iono. object resource "//*" something or other.
ok so now you have an s3-east-mybucket.com/index.html, ok custom domain that's route 53 yet more configuration vooodoo to point an s3 website enabled bucket blah blah.
wait! need SSL? oops actually that's cloudfront. need a cloudfront config voodo to point to an s3 config voodoo to your hopefully correctly configured route 53.
are you kidding me, 10 mins? You're a wizard. Now i do git push origin main and my sites up on render.com
yes, you need to spend the time to learn about the environment you are hosting your app in and then suddenly it won't seem like "voodoo" as much. you absolutely can set this up in 10 minutes (probably much quicker if you are adept with various infra tooling). theres even wizard dialogs for most of the things you've described right in the AWS UI nowadays.
That depends on what level of knowledge you are based on. The UX of AWS offers even leading experienced admins and developers some surprising stumbling blocks.
For personal servers you can use the dynamic DNS feature on your modem in combination with Cloudflare if you like doing it at home, if it's for your business you can see if you can afford the €2 per month for Hetzner managed hosting or your local equivalent.
If it’s really pure static, github is great because it’s impossible for you to be billed. If you want some functions, Cloudflare free plan is nice because you can configure it to stop operating when the usage limit is reached, or pay $5 a month for more than you’ll likely ever need for a hobby project. Also bandwidth is free.
Our support team has reached out to the user from the thread to let them know they're not getting charged for this.
It's currently our policy to not shut down free sites during traffic spikes that doesn't match attack patterns, but instead forgiving any bills from legitimate mistakes after the fact.
Apologies that this didn't come through in the initial support reply.