Looks like another instance, I am dealing with a very similar issue. I didn't even notice any sort of tiers, as I had 17 grand in costs accumulate at a similar pace.
I (a hobbyist running a small side project for a dollar or two a month in normal usage, so my account is marked as "individual") got hit with a ~$17,000 bill from Google cloud because some combination of key got leaked or my homelab got compromised, and the attacker consumed tens of thousands in gemini usage in only a few hours. It wasn't even the same Google project as for my project, it was another that hasn't seen activity in a year+.
Google refuses to apply any adjustments, their billing specialist even mixed up my account with someone else, refuses to provide further information for why adjustments are being rejected, refuses any escalation, etc. I already filed a complaint with the FTC and NYS attorney General but the rep couldn't care any less.
My gripe is not that the key was potentially leaked or compromised or similar and then I have to pay as a very expensive "you messed up" mistake, it's that they let an api key rack up tens of thousands in maybe 4 hours or so with usage patterns (model selection, generating text vs image, volume of calls, likely different IP and user agent and whatnot). That's just predatory behavior on an account marked as individual/consumer (not a business).
Be very careful about using googles apis as a consumer, they have poor rate limiting and ineffective anomoly protection.
I (a hobbyist running a small side project for a dollar or two a month in normal usage, so my account is marked as "individual") got hit with a ~$17,000 bill from Google cloud because some combination of key got leaked or my homelab got compromised, and the attacker consumed tens of thousands in gemini usage in only a few hours. It wasn't even the same Google project as for my project, it was another that hasn't seen activity in a year+.
Google refuses to apply any adjustments, their billing specialist even mixed up my account with someone else, refuses to provide further information for why adjustments are being rejected, refuses any escalation, etc. I already filed a complaint with the FTC and NYS attorney General but the rep couldn't care any less.
My gripe is not that the key was potentially leaked or compromised or similar and then I have to pay as a very expensive "you messed up" mistake, it's that they let an api key rack up tens of thousands in maybe 4 hours or so with usage patterns (model selection, generating text vs image, volume of calls, likely different IP and user agent and whatnot). That's just predatory behavior on an account marked as individual/consumer (not a business).
Agree totally. I'm super paranoid and anxious about this issue. I've seen too many horror stories posted on Reddit. I did set alarms at $10 a day on the account, but those are only alarms and it could be thousands over before I see them.
I think Google did finally implement hard limits this month and I need to go and find that setting, but it's useless if, like you say, they have shitty rate limiting and measurement so that you're way over the limit before they stop you.
And this is why I am immediately shifting to bunny from cloudflare at this point.
A week ago I (a hobbyist running a small side project for a dollar or two a month in normal usage, so my account is marked as "individual") got hit with a ~$17,000 bill from Google cloud because some combination of key got leaked or my homelab got compromised, and the attacker consumed tens of thousands in gemini usage in only a few hours.
Google denied a rate adjustment, and haven't reached back out to me for a good few days now. My credit card denied the charge because it was over my credit limit by a good few thousand dollars and they suspected fraud, but now I am terrified of being taken to collections and ruining my prospects of renting an apartment due to my credit score/history being ruined, or them just taking me to court.
I am never going to use "use now pay later" services, especially with cloud portals where it's so hard to put in a actual cap, and the cloud provider not having any sane rate limits. I am fine paying if it was negligence or a mistake on my part as a very expensive lesson in security, but 17k is brutal.
The fact they don't have an easy way to hard cap usage (especially for an individual account) and have ineffective rate limits (how on earth is an account that pays a few dollars a month able to run up tens of thousands in just a few hours), makes me never want to use their (or any use now pay later with no easy caps or rate limits) service ever again. Or even a phone number to call.
If you're in the USA contact your state AG + Senator and present your case. Mention that Google is abusing small owners due to their ineptitude in security practices, construct the argument that makes it appear Google is squeezing small users like a mob boss/cartel.
Also before doing this save anything important that Google owns (gmail, youtube videos, anything in storage). The leaders at Google are vengeful enough to completely lock you out for challenging them.
Just this month Google shipped what I understand as hard limits in AI Studio/Gemini/whatever it's called this week. I had existing billing alerts (best you could do before IIUC), but set these new hard limits up immediately. Feels good!
I was curious what instruments this use, looks like a special form of radar? Does this mean it effectively gives us very accurate height maps regardless of cloud coverage, and is able to differentiate between what surface material it's seeing?
> Radar instruments can image Earth’s surface through clouds, precipitation, regardless of sunlight, making them particularly well suited for monitoring polar regions. The Sentinel-1C and -1D satellites also carry an Automatic Identification System (AIS) instrument – improving the mission capacity to detect ships and sea pollution. The Sentinel-1D AIS was also activated as the satellite passed over Antarctica capturing the presence of ships in these extreme areas.
Synthetic aperture radar is basically building a bitmap of radar reflectivity. So what you get looks a lot like a photo. You can end up with very non-photo artifacts though - blown out pixels caused by corner reflectors, bright things can result in ghost copies in multiple places and if there’s other radar operating in the same frequency bands it can end up on the picture.
The core idea is that you send out pulses as you pass over the ground and then record the echoes. You can create an image by - for each pixel in the image - working out the response you would expect to receive back and correlating that with the actual responses you saw. That gives you a reflectivity value. You can do it in multiple polarisation to better distinguish things.
Ideally you want to have a large collecting area (aperture) for radar to get good resolution. But it isn't practical to put a big radar dish in space. So they use a small aperture and simulate a larger one by sweeping out an area over time and using some clever maths. Hence 'synthetic aperture radar'.
What you can get in a single image are 5.5cm wavelength microwave backscatter - this means surface materials can be differentiated by looking at texture differences at that scale. So - tarmac vs a ploughed field, for example. There's 2 polarizations as well, so you can identify e.g. vegetated areas also, which scatter the signal in a different way.
A single image from Sentinel-1 won't give a height map directly, but a pair can using interferometry (InSAR), as the phase of the backscattered signal is also measured. With that you can derive something about the terrain. It's not super accurate though for absolute height maps.
And yes the signals pass through cloud and it works at night.
If my understanding is correct (and I'd love to be corrected if not!), it can be used to generate super accurate differential heightmaps. It won't tell you exactly how high a peak is, for example, but it can tell you that it's dropped a few millimeters since the last time you measured.
Typically you will get an image pair for an area every 6-12 days. The phase used in interferometry is massively affected by atmospheric conditions, which can vary a lot in this time, and are difficult to correct for. So, one pair is often not enough for this. But if you look at a bunch of pairs for that area over a longer time period, you might be able to correct for the atmospheric effects and get your differential height map. You can get more accurate elevation models 'out of the box' with different systems, e.g., the SRTM (one of the most well known publicly available global elevation maps) [1] was made with insar but 2 antennas on one craft, and Germany's TanDEM-X [2] is a pair of satellites flying in formation a few hundred meters apart, capturing the same area at the same time.
Mikrotik makes some very capable routers. The Rb4011 is incredibly powerful and very low power, and has an SFP+ port, so you can use a sfp+ to rj45 if needed, or straight modem -> sfp+ connection, to get faster than 1 gig speeds.
It has a steep learning curve though, albeit it's extremely rewarding and powerful once you gwr over that curve. It should handle routing 1 gig with zero issues, and is under $200. You can do bonding, vlans, esoteric ip rules, and tons of "misc" functionality.
Do not go with ubiquiti, their hardware is very poor and their UI is very buggy and simply poorly designed, it's focused on people who know a bit above an average person about networking, which I suspect is not the case for most people here.
I have that router, and it can do up to about 2.5Gb/s with actual routing. I have it on a 10GBe direct connect to my "main" 4 port switch, but that just means it can take in multiple unrouted LAN segments.
Once you start doing much esoteric the speed slows down, if you get off the fast path it can be pretty intense (thought they do sell bigger ones that can route more packets).
Agreed, it's nice to have the number right there and they don't make claims beyond what it actually can do (and arguably, when you're up at 10GB+ your router and your switch shouldn't be the same hardware anymore).
Thank you, I could not agree more. These companies exist because their services and products are being bought by someone else, and in the end the consumers are either actual consumers or governments (who consumers vote for). I place minimal blame on companies, because clearly consumers don't care, and instead want to buy the cheapest products possible.
That'd be great if they didn't BUY politicians to write laws that subsidize their extraction and hamper legislation to actually combat the externalities THEY produced.
Consumers do care, but their choices are between bad and awful because the economics (structured by the extraction companies) stacks the deck against solutions.
What are you talking about. The corporations, man, are not responsible for the zoning apocalypse American cities dealing with. You literally cannot live in a walkable high rise in most of Brooklyn, SF, LA, Austin, etc., not because of BIG AUTO, but because literally the neighbors there don't like tall buildings and want more free street-parking spaces for their cars.
If it applies or not us irrelevant, what only matters is to what degree is it able to be enforced (and in practice) against companies that have no assets under EU jurisdiction. From what I gather, it's very little, so most smaller companies simply don't care.
> what only matters is to what degree is it able to be enforced (and in practice) against companies that have no assets under EU jurisdiction
This is exactly true. Now sure the nervous nellies will be all over what outlier things can happen as is typical. In a practical sense the EU does not have the resources to go after (other than perhaps a few test cases for publicity) anything but the juicy or most flagrant cases.
Once the discussion on whether the EU can enforce laws over its territory is over, one can think about the content of GDPR and how its guidelines are good practices that your users will appreciate, even if GDPR doesn't apply to you.
Pretty sure that both instances you're talking about (Huawei/Megaupload) are perfect examples of parent's point --- the US is capable of enforcing laws outside of its territory, the EU is not.
Unless you think the US is going to go to war with its allies, its military power has little importance in this context. The US is a large, wealthy market for imports and a supplier of many products and services that it exports. It's a huge financial centre. Despite the unfortunate state of its government and public services by the standards of a modern democracy, it's still broadly aligned with other modern democratic nations in terms of values and culture, which means it's still a much safer partner to trade and cooperate with than you'd find in some other large parts of the world.
This makes playing nice with the US a diplomatically and economically sensible policy, up to a point. I suspect the US will find it encounters that point increasingly often, partly because the rest of the world is also changing and partly because Trump did so much damage to international relations and the US may never fully recover. The ongoing negotiations about global corporate taxation are a good if rather dull example.
I switched all my home machines' shell to fish, and my work computer also to fish, and it has been an amazing productivity boost for myself. The extremely ergonomic way it represents history (old commands) is what does it for me.
If I need to script something, I always do it in bash (which is easy to transition to from bash). I don't use the fish language for any scripting because of incompatability, but as a command line interface to my systems it has been a massive boom to my quality of life. I could not reccomend it more.
Ah sequel. I did a stint of ruby on Rails work many years back, and remember seeing sequel for the first time. It's documentation web page is honestly probably the best "what is this" and "getting started" page I have ever seen for any library.
I don't know if it's the library itself or the documentation contents or the documentation website theme, but it jives absurdly well for me. I also really like the simplicity+flexibility of the library itself, and have yet to find anything even close to it in the c# or c++ world.
I (a hobbyist running a small side project for a dollar or two a month in normal usage, so my account is marked as "individual") got hit with a ~$17,000 bill from Google cloud because some combination of key got leaked or my homelab got compromised, and the attacker consumed tens of thousands in gemini usage in only a few hours. It wasn't even the same Google project as for my project, it was another that hasn't seen activity in a year+.
Google refuses to apply any adjustments, their billing specialist even mixed up my account with someone else, refuses to provide further information for why adjustments are being rejected, refuses any escalation, etc. I already filed a complaint with the FTC and NYS attorney General but the rep couldn't care any less.
My gripe is not that the key was potentially leaked or compromised or similar and then I have to pay as a very expensive "you messed up" mistake, it's that they let an api key rack up tens of thousands in maybe 4 hours or so with usage patterns (model selection, generating text vs image, volume of calls, likely different IP and user agent and whatnot). That's just predatory behavior on an account marked as individual/consumer (not a business).