(no title)

I scanned through the comments and I don't think anyone raised the possibility that the developer might not be aware how many devices their code would be running on.

It's quite possible that a random just contracted to write software for some embedded system, with no context how many thousands or millions of devices it would run on. So they looked up OP's site, sees "supports unlimited requests and is free", shrugs and just writes implements the code.

Or, the dev might be told the system only had a couple thousand users, then somebody else copied the code and deployed it on a million devices.

You don't know the story, and I think the moral here is not to blame a faceless Android dev from China, but to implement quotas and controls and avoid falsely boast on your website that your service has unlimited scalability.

To me it just screams naivety to put up a free service, advertise it as unlimited and then calling people asshole when they make too many requests.

Personally I would never rely on a service like this since it's 100% obvious it would be sudpectible to junior developers misunderstanding what is reasonable usage.

If you're putting up an API assuming all consumers will consume it in some limited and reasonable way, then you need to rethink things a bit.

Can you imagine a fast food restaurant franchise CEO to complain how annoying it is that people ask for copious amounts of free ketchup? If you don't have a policy or anti-abuse measures, don't complain that "people are using too much" of the free stuff. That's ridiculous and detached from real life.

> There's always an individual with autism-level consideration for what one says, isn't there?

What does this sentence even mean lmao

Autism-level consideration for what one says or not, if you say something is unlimited I'm going to take your word for it. If it's limited, tell me the limits. If it's free to a point, tell me the point. If I need to bust out the CC, tell me I need to bust out the CC.

Don't say your thing is free and unlimited if you can't handle unlimited traffic for free..

Hacker News would be on the complete opposite end of the anger scale if this was an ISP telling their users they can't actually use the "unlimited" they promised, haha

Think of your average engineer doing mobile development. "Here, hit this url to get the device ip". They write the code, it makes 1 request. The average backend engineer isn't performance focused, why would the average mobile engineer be thinking about a distributed denial of service against some third party api? Most mobile engineers have to be guided to not slam their own backend servers, and do not approach problems in their sphere with the mindset to prevent this type of issue. Not knocking mobile devs, it's just literally not something they have to care about most of the time, and imo only the ones who go out of their way to have a solid understanding of the backend systems would even understand what's in play here

Besides that, odds are that this is malware of some sort hitting this service to get the infected device's public ip to phone it home for use in a command and control situation, and if so, they don't care that they are slamming this service.

Mobile devs who care about this type of thing will not need to make any sort of outbound connection anywhere to get the device ip address, it's right on the device already. These what's my ip sites are used by script kiddies and malicious software running on anything

"There's always an individual with autism-level consideration for what one says, isn't there?" isn't needed and I'd advise you to be more professional, or at least more human.

Relevant SMBC (especially to the sibling comments, holy shit): https://www.smbc-comics.com/?id=2095