Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Knowing someone involved with the Chamberlain technology stack, it sounds like certain users had reverse engineered the API and suddenly caused a DDOS on the Chamberlain cloud with their requests.

This is a cloud service with real costs. Chamberlain has a responsibility to maintain access for its users.

I can’t speak for Chamberlain, but this reaction seems reasonable.



The usual answer to a DDoS from some users is to add rate limiting, not “remove the service”


I know this isn't a correct answer to the overall problem, but holy shit, just how much cloud resources could you possibly need to support a garage door opener? This feels like a "top end of the free tier of some PaaS" kind of usage. 0.2% of their userbase doing a cloud poll every 30 seconds or so is not a DDoS, it's a small caching issue.


I guess when you’re probably talking about millions of customers, it depends on what services they offer.

Although when the API is exposed to unfiltered external requests, I think the answer is no amount of cloud services is enough.


Sure, it's reasonable to stop unauthorized apps from DDOSing your service.

But is it reasonable to need to make a request to their cloud service to open a door right in front of you?


Sounds like they could implement local network IoT and reduce their server costs to $0 - but then they wouldn't be able to get a continuing revenue stream.


Another reasonable response would be rate limiting user requests per token or user to stop individuals from spamming.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: