Hacker News new | ask | show | jobs
by ransackdev 1116 days ago
> there's a reasonable common sense expectation

Your logic error is in assuming all people have common sense and setting expectations based on that assumption.

This actually has nothing to do with common sense, a jr and sometimes even senior mobile devs would not have the mindset of avoiding a ddos to a third party api when writing a feature that needs to get the device ip. It wouldn't be on purpose, it would just be that they don't know that they don't know yet. These issues of slamming a backend server are pretty common and mobile devs don't know to avoid it until they cause it imo. This could also be malware too which wouldn't care about decency.

Point is, scale your service, adjust your terms, start rate limiting, or shut it down. Calling your users names is the wrong solution no matter the user's intent, and solves exactly zero of the issues at hand.

The service owner should feel proud to have such a popular service, many folks will never have to deal with scaling issues. As the saying goes "scaling issues are good issues to have".
1 comments
pksebben 1116 days ago
> Calling your users names is the wrong solution no matter the user's intent, and solves exactly zero of the issues at hand.

True, but returning fire with malformed responses or other such tactics could absolutely solve:

> assuming all people have common sense

.. sometimes effective communication starts by doing what you have to IOT get someone’s attention.

link
lloeki 1116 days ago
> scale your service

Scaling is done entirely at the expense of the service provider, so, not a sustainable option (and AIUI already done so as to continue serving for other users, but at terrible cost). Scaling issues are good to have when you have customers, not when you personally foot the bill.

> adjust your terms

At the very least changing terms won't change the already deployed app instances. In each of the three delineated scenarios it won't even register a blip on the abuser radar. So, not an option.

> start rate limiting

Pretty sure that was attempted. This is DDoS, rate limiting means doing it across the board, impacting every user, including those in good standing.

> or shut it down.

The only effective option. a.k.a the nuclear option a.k.a We Can't Have Nice Things.

> get someone's attention

That's the end game of these gray tactics. Not wreaking havoc but triggering awareness in a last resort way so that dialog can be opened/corrective measures can be taken. Note that "shut it down" would presumably have a similar effect, so there's no real harm done in practice.

link