[blagie]

Personally, for long-running things, metered cloud has two upsides:

- IaaS, static hosting, etc. can maintain security updates on their end. My own VPS will eventually be broken into if I don't maintain security updates.

- Many things are accessed only intermittently. For low access patterns, it's cheaper to pay for what you use.

What I'd really like is something like Heroku, Amazon Lambda, or similar, but with an open, competitive ecosystem, and without vendor lock-in.

[jeroenhd]

I don't use these services because I've seen the prices Amazon asks for a gigabyte of traffic but I think you'll have to have VERY intermittent access to make these scaling providers worth the money.

If you expect your website to one day go from 100 requests a month to a million a day and expect that traffic to continue from that point on, these services will be a huge benefit for uptime while you rework your code to a more reasonable system. However, a simple $10 VPS with Nginx can handle much more than people seem to expect, assuming you don't use some excessively bloated platform or your content can be cached.

In terms of security updates: a cron job to reboot weekly and unattended-upgrades will keep your server safe without much to look into. Your only risk will be end of life software, your own code, and your dependencies, but those aren't fixed by going with some managed platform either.

There are definitely upsides to these quick deploy tools if you want to iterate quickly with an API that's not accessible from your dev workstation, setting up a multi tenant K8s/Docker/whatever server to deploy to is much harder than giving devs API keys to push to external parties, but I wouldn't consider these services for 99% of the stuff I would deploy.

[blagie]

"Very intermittent access" is the use-case for most things I build. There's a short tail -- I've built a platform you've heard of and, given this is HN, more likely than not, used. Then there's a long tail:

- Home automation

- Municipal / school / community sites

- Personal web page

- Various internal automation within my organization

... and so on.

These are things which:

1. Require very simple technology (E.g. storing data in a small key-value store is more than good enough)

2. Should work for the next decade or three with no maintenance

3. Expect to be accessed maybe a couple of times a day, if I'm lucky, and probably much less

4. Most will never scale to gigabytes of data, ever

[sshine]

> My own VPS will eventually be broken into if I don't maintain security updates

I believe that with the right choices in life, this risk can be minimized.

E.g. tighten your sshd_config and/or lock it behind a VPN, don't expose app servers directly, don't expose insecurely written software.

> For low access patterns, it's cheaper to pay for what you use.

Low-access patterns don't increase the number of $5/mo. VPS'es I run.

> something like Heroku, Amazon Lambda, or similar, but with an open, competitive ecosystem, and without vendor lock-in.

I sense that the economic incentives lean towards vendor lock-in.

Is the amount of lock-in bad? I would have thought that migrating a function is somewhat easy.