PSA: GoDaddy gated their own API. DDNS users warned
loudwhisper @ loudwhisper @infosec.pub Posts 6Comments 141Joined 2 yr. ago
loudwhisper @ loudwhisper @infosec.pub
Posts
6
Comments
141
Joined
2 yr. ago
$20/month for a service that anyway is low traffic (especially for hobbyists) is a completely insane price. Even more insane is that their cheapest subscription still doesn't offer any API access. I agree anyway, but are these staying in business just because they have a consolidated market share? Do they have access to more TLDs? I don't know, I am genuinely confused. I have absolutely no reason whatsoever to even think of using GoDaddy again.
NameCheap
WOW! I did not know that. I just checked and after a little search:
We have certain requirements for activation to prevent system abuse. In order to have API enabled, your account should meet one of the following requirements:
- have at least 20 domains under your account;
- have at least $50 on your account balance;
- have at least $50 spent within the last 2 years
$50 in last 2 years is not much, but for those who renew for many years, it is still stupid.
Ironically, Namecheap is what the people in https://github.com/navilg/godaddy-ddns/issues/32 migrated to!
I really wish that domain registration was done in a different way, but even in current scenario, gutting features for such a basic service to extract a few bucks and risking losing customers...?
Oh Yeah, Porkbun does have API (it seems since sometime last year? ). I think also Cloudflare, Namecheap and many others do too.
I agree about GoDaddy. It was an original sin for me to use them years ago, and I was lazy with just one domain that I use for most of my emails etc. I deferred the move for a while and then - how it often happens - I had to do it in "emergency" mode.
ClouDNS
I think I heard of it. I think most DDNS scripts support a lot of registrars as well, if one doesn't want to go with full DNS hosting.
In case of DNS hosting (I also linked it in the post, but it's a good shotout), there is desec.io too. EU-hosted, free (although donations are highly encouraged) and has a tons of features! There is also a Terraform provider!
Yeah, indeed. To me is still completely absurd. At this point is not just a bad registrar, for most of us (hobbyists), I think it's a completely non-functional option. Basically every competitor offers an API.
I stuck with them out of lazyness for far too long.
Thanks for the feedback, and same to @ilmagico@lemmy.world and @jg1i@lemmy.world. I fixed the configuration of the site and now the site should be readable even in light mode.
I am sorry! As an amateur landscape photographer I actually like very much those clouds. There are a few r-word posts about people hating those clouds though, but I checked and they are nowhere near as long as you would expect a proper rant to be
In most cases! Sorry, I simply don't believe it. Once you operate for 5, 10, 20 years not having capitalized anything is expensive as hell, even without the skill issue (which is not a great argument, as it is the case for almost anything).
It's almost always the case with rent vs invest.
Do you have some numbers?
I cite a couple of articles in the post, and here is a nice list of companies and orgs that run outside the Cloud (it's a bit old!) or decided to move away. Many big companies with their own DC, which is not surprising, but also smaller (Wikipedia!).
37signals also showed a huge amount of savings (it's one of the two links in the post) moving away from the cloud. Do you have any similar data that shows the opposite (like we saved X after going cloud)? I am genuinely curious
Edit: here is another one https://tech.ahrefs.com/how-ahrefs-saved-us-400m-in-3-years-by-not-going-to-the-cloud-8939dd930af8 Looking solely at the compute resources, there was an order of magnitude of difference between cloud costs and hosting costs (x11). Basically a value comparable (in reality double) to the whole revenue of the company.
I will have a look if there is something that suggests how to "make" a light theme. Thanks for the info!
Redundancy should be automatic. Raid5 for instance.
Yeah it should, but something needs to implement that. I mean, when distributed systems work redundancy is automatic, but they can also fail. We are talking about redundancy implemented via software, and software has bugs, always. I am not saying that it can't be achieved, of course it can, but it has a cost.
You can have an oracle (or postgres, or mongo) DB with multi region redundancy, encryption and backups with a click.
I know, and if you don't understand all that complexity you can still fuckup your postgres DB in a disastrous way. That's the whole point of this thread. Also operators can do the same for you nowadays, but again, you need to know your systems.
Much, much simpler for a sysadmin (or an architect) than setting the simplest mysql on a VM.
Of course it is. You are paying someone else for that job. Not going to argue with that. In fact, that's what makes it boring (which I talked about in the post).
Unless you’re in the business of configuring databases, your developers should focus on writing insurance risk code, or telco optimization, or whatever brings money.
This is a modern dogma that I simply disagree with. Building an infrastructure tailored around your needs (i.e., with all you need and nothing else) and cost effective does bring money, it does by saving costs and avoiding to spend an enormous amount of resources into renting all of that, forever, scaling with your business.
You can build a redundant system in a day like Legos, much better security and higher availability (hell, higher SLAs even) than anything a team of 5 can build in a week self-manging everything.
This is the marketing pitch. The reality is that companies still have huge teams, still have tons of incidents, still take long to deliver projects, still have security breaches, but they are spending 3, 5, 10 times as much and nothing of those money is capitalized.
I guess we fundamentally disagree, I envy you for what positive experiences you must have had!
Instant transactions are periodic, I don’t know any bank that runs them globally on one machine to compensate for time zones.
Ofc they don't run them on one machine. I know that UK banks have only DCs in UK. Also, the daily pattern is almost identical everyday. You spec to handle the peaks, and you are good. Even if you systems are at 20% half the day everyday, you are still saving tons of money.
Batches happen at a fixed time, are idle most of the day.
Between banks, from customer to bank they are not. Also now most circuits are going toward instant payments, so the payments are settled more frequently between banks.
My experience are banks (including UK) that are modernizing, and cloud for most apps brings brutal savings if done right, or moderate savings if getting better HA/RTO.
I want to see this happening. I work for one and I see how our company is literally bleeding from cloud costs.
But that should have been a lambda function that would cost 5 bucks a day tops
One of the most expensive product, for high loads at least. Plus you need to sign things with HSMs etc., and you want a secure environment, perhaps. So I would say...it depends.
Obviously I agree with you, you need to design rationally and not just make a dummy translation of the architecture, but you are paying for someone else to do the work + the service, cloud is going to help to delegate some responsibilities, but it can't be cheaper, especially in the long run since you are not capitalizing anything.
Why not outsourcing just the hardware then? Dedicated servers and Kubernetes slapped on them. Hardware failure mitigated for the most part, and the full effort goes into making the cluster as resilient as possible, for 1/5 of the cost of AWS. If machines burn, it's not your problem (you can have them spread over multiple sites, DCs, rooms, racks) anymore.
Systems are always overspecced, obviously. Many companies in those industries are dynosaurs which run on very outdated systems (like banks) after all, and they all existed before Cloud was a thing.
I also can't talk for other industries, but I work in fintech and banks have a very predictable load, to the point that their numbers are almost fixed (and I am talking about UK big banks, not small ones).
I imagine retail and automotive are similar, they have so much data that their average load is almost 100% precise, which allows for good capacity planning, and their audience is so wide that it's very unlikely to have global spikes.
Industries that have variable load are those who do CPU intensive (or memory) tasks and have very variable customers: media (streaming), AI (training), etc.
I also worked in the gaming industry, and while there are huge peaks, the jobs are not so resource intensive to need anything else than a good capacity planning.
I assume however everybody has their own experiences, so I am not aiming to convince you or anything.
I am specifically saying that redundancy doesn't solve everything magically. Redundancy means coordination, more things that can also fail. A redundant system needs more care, more maintenance, more skills, more cost. If a company decides to use something more sophisticated without the corresponding effort, it's making things worse. If a company with a 10 people department thinks that using Cloud it can have a resilient system like it could with 40 people building it, they are wrong, because they now have a system way more complex that they can handle, despite the fact that storage is replicated easily by clicking in the GUI.
Proton runs fully on their own hardware, they have some positions open!
No, it's not true. A single system has less failure scenarios, because it doesn't depend on external controllers or anything that makes the system distributed and that can fail causing a failure to your system (which may or may not be tolerated).
This is especially true from a security standpoint: complexity adds attack surface.
Simple example: a kubernetes cluster has more failure scenarios than a single node. With the node you have hardware failure, misconfiguration of the node, network failure. With a kubernetes cluster you have all that for each node (each with marginally less impact, potentially, because it depends for example on stateful storage, that if you mitigate you are introducing other failure scenarios as well), plus the fact that if the control plane goes in flames your node is useless, if the etcd data corrupts your node is useless, anything that happens with resources (a bug, a misuse of the API, etc.) can break your product. You have more failure scenarios because your product to run is dependent on more components to work at the same time. This is what it means that complexity brings fragility. Looking from the security side: an instance can be accessed only from SSH, if you are worried about compromise you have essentially one service to secure. Once you run on kubernetes you have the CI/CD system, the kubernetes API, the kubernetes supply-chain, etcd, and if you are in cloud you have plenty of cloud permissions that can indirectly grant you access to the control plane and to a console. Now you need to secure 5-6-7 entrypoints to a node.
Mind you, I am not advocating against the use of complex systems, sometimes they are necessary, but if the complexity is not fully managed and addressed, you have a more fragile system. Essentially complexity is a necessary evil to respond to some other necessities.
This is the reason why nobody would recommend to someone who needs to run a single static website to run it on Kubernetes, for example.
You say "a well designed system", but designing well is harder the more complexity exists, obviously. Redundancy doesn't always work, because redundancy needs coordination, needs processes that also depend on external components.
In any case, I agree that you can build a robust system within Cloud! The argument I am trying to make is that:
- you need to be aware that you are introducing complexity that needs attention and careful design if you don't want it to result in more fragility and exposure
- you need to spend way more money
- you need to balance the cost with the actual benefits you are gaining
And mind you, everything you can do in Cloud you can also do on your own, if you invest on it.
If your compute needs expand that much everyday, and possibly shrink in others, than your use-case is one that can benefit from Cloud (I covered this in the post).
That said, if provisioning means recycle, then it's obviously not a problem.
This is a very rare requirement. Most companies' load is fairly stable and relatively predictable, which means that with a proper capacity planning, increasing compute resources is something that happens rarely too. So rarely that even a lead time for hardware is acceptable.
So if I may ask (and you can tell), what is the purpose of provisioning that many systems each day? Are they continuously expanding?
With a lot of stuff on top!
Not OP, but they are comparable efforts, especially since it's a relatively infrequent activity. You can rent dedicated boxes with off-the-sheld hardware almost instantly, if you don't want to deal with the hardware procurement, and often you can do that via APIs as well. And of course both options are much, much, much cheaper than the Cloud solution.
For sure speed in general is something Cloud provide. I would say it's a very bad metric though in this context.
I found it on their FAQ.
Yes, it is generally less restrictive, but... I have 4 domains, and now I have renewed all of them for the maximum amount. They will all expire after 2033. So unless I decide to add more domains (which is unlikely), I won't spend a cent in the next ~9 years. I wonder if they really enforce it as it is written or they consider still the renewal an expense "split" over the duration.
Still, I really don't understand. You can - and should - have proper rate limits on the API. You have API keys that uniquely identify the source, what is "the abuse" they are trying to prevent this way...?