Comment by noir_lord

Amazon will, but they also gauge their discount in how many prevention and security measures from their 5 Pillars you follow in your environment.

You can do stuff like "disallow any of these instances to be used in your env", so if you never use graphics cards, disallow the whole class.

You can also set limits like "no more than 20x m5.4xlarge".

But again, AWS is the worst about no actual hard limits, cause each system generates bills. Ive also seen the hell of "hidden system AWS Billing doesnt have is still submitting billing and we dont know what it is". Again, AWS enables basically infinite liability.

Ive also discussed with C levels that "every engineer and dev with AWS logins have an unlimited credit card to of which you're on the hook for". Lets just say that 'heartburn' doesnt even begin to describe the terror on their faces.

Yes. Back around 2020 they forgave me a $1000 bill for a side project I thought was running on a free tier.

> Have a messed up my autopay

I stopped ~all autopays when (Boost Mobile?) deduced 200 instead of 20usd from my debit account one month in college. They refunded the difference relatively quickly, but I racked up 5 or 6 overcharge fees before realizing; ended up being a pita for an already broke 18 y/o to figure out.

I was a broke and stupid kid. Never use a debit as an autopay. But since then I like to track where each penny goes as it goes.

That sounds awful and it's not even cheap!

So is the solution to have two thresholds? Notify me urgently if the traffic exceeds 100$, giving me a chance to evaluate what's going on but shut it down at 1000$ if I don't act.

> So your suggestion is to issue a chargeback.. to get money back that should under the terms of whatever service you signed up for be owed?.

Funny story... One of the big cloud providers actually has you do that on purpose as a remedy for an account you've lost access to.

As a seller I have the opposite experience.

Plenty of morons just use the service and chargeback right before renewal so they got the service for free, some just chargeback instead of cancelling their plan or asking a refund. I get hit with 15$ bill plus I lose all the money even if I provided the service.

Whatever email / data from my system I send is ignored and the scammer / moron gets his money back.

I'm sure that's how it works if the vendor is large enough.

If you are a small fish you don't stand a chance, which is why for my next project (where I'm supposed to charge a lot and spend a lot on behalf of the user - and I'll be royally screwed if I start getting chargebacks on 500$ of which I've already spent 450$) I'll just accept crypto payments.

That's strange. I think I've done about 10 chargebacks over 35 years. All but one I "won" with just an initial submission and waiting. One my card company came back to me for additional details before also siding with me.

How about just fix the pricing formula to account for massive surges.

Instead of forcing user to set a low cost limit and missing a viral opportunity or the platform writing off the massive bill the customer can't afford... just put the billing mode into a reduced price mode or have some more nuanced configurations. Sometimes is just asking the question the right way. Instead of "max spend limit" or similar "If your site goes viral, how many requests do you want to serve before going offline? 1M=$20, 10M=$100, etc" at this point, I feel like bandwidth consumption is a bad metric for billing; just use requests/visits/actions and price for those.

This is not prescriptive just illustrative. The point is make a better pricing formula to account for these massively unexpected events. Couple it with an aggressive notification policy when this traffic event gets triggered. The user should know the traffic pattern has changed and a high traffic event is happening. They can login and change the configs and decide if they want to keep it going or not.

> But that's on the user. The user shouldn't get upset in that scenario and has no right to.

I agree. I also agree that when dealing with large numbers of people, there will be people who don't understand this and/or will actively try to social engineer their way out of their own decisions.

Setting customer expectations and meeting them successfully isn't easy.

The infantilization of the user is common in tech now. For good reasons? Maybe. But it is common.

Yes if a corporation says I owe them $100k I will lose sleep. Even if they don’t have my card details.

No, not really. Not really what attorneys do. There might be collections agencies interested in recovering the debt, but if it's some rando guy who doesn't have the money, even that is open to debate.

I mean I'm not familiar with every debt collection scenario under the sun but Internet randos seem to think this is a real thing where like a cloud/hosting company sends an army of lawyers to repo some guy's house and runs him into bankruptcy because of a traffic overage. I've never seen it work that way, what happens like with most business debts, is someone at the company negotiates with the debtor to try and get as much out of them as they can, and failing that, possibly refers it to a collections agency which does the same but plays a bit more hardball.

In the case here with Netlify even before it went viral they reduced the amount from $104K to $5K, no lawyers, collectors or repo men involved, and while I'd hate to be stuck with that $5K bill, I dunno, that does feel closer to the mark of something that maybe you should be on the hook for if you're responsible for 200 TB of bandwidth overage over 4 days? Is this so bad on the part of Netlify?

All that said I'll just add that I've never given my credit card to any sort of host/cloud who had terms where they could bill unlimited overage fees like this. Never will unless there's a cap. Not Netlify not AWS not nobody. That goes for my personal life as well as for the business I operate. The terms is the terms and the answer is to not use these services unless you can afford them imho.

AWS budgets are good for the first part, but they have no interest in a hard cap for obvious reasons.

Partially agree, yes the liability is independent of the payment. But in practice the one who has the money has the benefit of the status quo. The other party without money has to actively take legal action which is costly enough that it's often not pursued.

That's a level of responsiveness that doesn't exist for the vast majority of organizations.

If your customer is aware enough to notice they are being hit with a DOS or legit traffic while it is happening, then great! They can respond, and if needed, engage proserve to get support for scaling or defense depending on needs.

If your customer is not alert enough, then their site is offline, and they won't hear about it until their customers are screaming at them, which will result in a P1 ticket to look at a vendor who won't turn them off during an unexpected peak.

It's a catch 22, and if you have to choose between: a) a PR hit because you have to go on a forum and post about waiving the fee, or b) a PR hit because someone posted a blog post about how you killed their site during a moment of critical growth

any reasonable business will choose A every time because A is far more supportive of customer growth and has drastically better optics. Anyone who thinks A is worse is probably too inexperienced to have an opinion.

Just deleted my tiny personal site, and will reinstate it at Cloudflare Pages. Thanks for the tip!

Cloud is somewhat managed though so charging a premium makes some sense. The blank check factor of how they price their services is a major risk IMO. Also a turn off how every single bit of functionality becomes productized with its own pricing model.