[awjr]

Be very careful here. The developer may not have used TLS BUT any failed authorisation attempts are also counted in the bandwidth.

So a bot net could absolutely wreck your credit card by just repeatedly trying to access your API with invalid credentials.

[yunolisten]

> So a bot net could absolutely wreck your credit card by just repeatedly trying to access your API with invalid credentials.

You could argue that for pretty much anything being hosted, anywhere.

[stemuk]

No, because most self-hosted services are 10-20x cheaper than comparable SaaS offerings. In the realtime space Firebase is particularly known for being really expensive for the scalable plans (blaze plan).

[yunolisten]

> No, because most self-hosted services are 10-20x cheaper than comparable SaaS offerings.

This has nothing to do with the fact that it could be hit by a botnet, as per the exact point I commented on, could 'wreck your card', it's simply a question of scale.

[kuschku]

No. Most self-hosted services have no bandwidth costs, at all.

Or they have bandwidth costs around a dollar per terabyte. Which, even when maxing your connections, would always be below your actual server costs.

[yunolisten]

If you read the fine print of the ones with "no bandwidth costs" you'll find that service becomes throttled after a certain level of usage. These are businesses, they have to make money to operate, they're not in this for charity

[kuschku]

Dude, I’ve used 180 TB of traffic in one month on a 16$/mo server, and still, no throttling.

I’ve read the fine print, and called them.

Online, Scaleway, OVH, do not ever throttle you.

Hetzner requires you to buy traffic, but there it costs 1$ per 1TB of traffic, which is 1000x cheaper than Firebase.