Would be quite difficult to migrate to self-host, there is no open source version of Firebase APIs, and while there is alternatives like Supabase, it is a significant rewrite of both frontend and backend.
hn_throw2025 · 2h ago
Interesting site.
It would be good to differentiate between Denial of Service (DoS) and Denial of Wallet (DoW).
The contributors are running into one of the many common tradeoffs of Serverless, an inability to set spending caps.
I wouldn’t go along with the last line conclusion of the original post - “done with cloud”.
It might be old fashioned, but I really like Infrastructure as a Service (IaaS) rather than Platform as a Service (PaaS). Spin up cloud compute hosts as required, and avoid anything platform specific as much as possible. It’s easy to end up married to AWS, GCP or Azure because the cost of a migration project is always a bit too high to pay off.
My use cases might be smaller scale, but I currently like using Terraform and Ansible with EC2. My Terraform setup is quite specific to the AWS environment (EC2 hosts, VPC, subnets, etc) and would require modification if I jumped ship, but much of my detail is in the Ansible playbooks, which simply expect Debian Stable host(s) to configure with my chosen stack. I currently front all that with Cloudflare, and use the cache and built-in bot protections along with rate limits and WAF rules to try to mitigate against abuse that could run up a bill (such as excessive egress).
steveharman · 2h ago
It does seem crazy that the default state for Firebase, CloudFlare et.al is not to alert the account owner when out-of-the-ordinady usage charges hit, say $5k above "the norm". We're not talking a service interruption, just a simple heads-up email to confirm that all is well.
WalterGR · 3h ago
How does the average person recover from this? One screw up and it’s bankruptcy?
The contributors are running into one of the many common tradeoffs of Serverless, an inability to set spending caps.
I wouldn’t go along with the last line conclusion of the original post - “done with cloud”.
It might be old fashioned, but I really like Infrastructure as a Service (IaaS) rather than Platform as a Service (PaaS). Spin up cloud compute hosts as required, and avoid anything platform specific as much as possible. It’s easy to end up married to AWS, GCP or Azure because the cost of a migration project is always a bit too high to pay off.
My use cases might be smaller scale, but I currently like using Terraform and Ansible with EC2. My Terraform setup is quite specific to the AWS environment (EC2 hosts, VPC, subnets, etc) and would require modification if I jumped ship, but much of my detail is in the Ansible playbooks, which simply expect Debian Stable host(s) to configure with my chosen stack. I currently front all that with Cloudflare, and use the cache and built-in bot protections along with rate limits and WAF rules to try to mitigate against abuse that could run up a bill (such as excessive egress).