Lmst

Updated rate limits for unauthenticated requests

https://github.blog/changelog/2025-05-08-updated-rate-limits-for-unauthenticated-requests/

#HackerNews #UpdatedRateLimits #UnauthenticatedRequests #HackerNews #APIChanges #RateLimiting #TechNews

🚀 Oh wow, #Supabase is now officially the golden child of the "Too Many Requests" club, raising $200M to ensure even MORE requests get queued. 🙄 I guess their new valuation proves that rate limiting is the new black in tech fashion! 💸
https://finance.yahoo.com/news/exclusive-supabase-raises-200-million-112154867.html #TooManyRequests #TechFashion #FundingSuccess #RateLimiting #HackerNews #ngated

#ReleaseMonday — One of the recent (already very useful!) new package additions to #ThingUmbrella is:

https://thi.ng/leaky-bucket

Leaky buckets are commonly used in communication networks for rate limiting, traffic shaping and bandwidth control, but are equally useful in other domains requiring similar constraints.

A Leaky Bucket is a managed counter with an enforced maximum value (i.e. bucket capacity). The counter is incremented for each a new event to check if it can/should be processed. If the bucket capacity has already been reached, the bucket will report an overflow, which we can then handle accordingly (e.g. by dropping or queuing events). The bucket also has a configurable time interval at which the counter is decreasing (aka the "leaking" behavior) until it reaches zero again (i.e. until the bucket is empty). Altogether, this setup can be utilized to ensure both an average rate, whilst also supporting temporary bursting in a controlled fashion...

Related, I've also updated/simplified the rate limiter interceptor in https://thi.ng/server to utilize this new package...

#ThingUmbrella #DataStructure #RateLimiting #OpenSource #TypeScript #JavaScript

In a night build of my hobby app, Trello apparently gave me CAPTCHA as a response to a valid API request with a valid API token 😀 Innovative approach to API rate-limiting! I hope this was just a bug on their side…

#trello #api #atlassian #ratelimiting

Quotas and rate limits play a crucial role in managing resource consumption. Quotas regulate consumption over time, while rate limits curb intense request spikes. Learn how we applied these mechanisms to ensure fair usage across all tiers! #APIM #RateLimiting

Rate limiting in Supabase? Cron UI? Get it in #2 of my newsletter

https://news.supa.guide/p/2-rate-limiting-with-supabase-and-a-cron-ui

#supabase #ratelimiting #database #postgres

https://code-maze.com/aspnetcore-web-api-rate-limiting/ - #RateLimiting in #ASPnet Core #APIs: https://github.com/stefanprodan/AspNetCoreRateLimit is great for most scenarios, but builds their own to learn.

@DeltaWye @SynAck @Kuniti_shino @ErikUden OFC that's the nature of most services tht are open t new users.

#Abuse being a statistical inevitability:

#Shitter (rather #Teitter before #Mus ruined it!) had #API #RateLimiting to make #Spamming less effective (255 Statuses per 24hrs) even back when #TweetDeck was a seperate company...

Making dynamical limits that instantly lockout i.e. brand new accounts sending the same.message to 10+ others as a DM within 48 hours of registration should act as a speed-bump to #Spammers.

It won't prevent it entirely but make it more cumbersome.

Sadly #Mastodon #Developers refuse to acknowledge the need for efficient filtering.and ban list managment that every other web-facing application / system can do using blocklist feeds.

This prevents remediation and correction of #banlists & #blocklists, leaving a lot if domains burned forever as the only.options are "replace" and "merge" and the average #ActivityPub admin or even #User isn't going to learn or setup a #git!

which is frustrating as I maintain multiple blocklists to help cleaning up the mess.

I.e. there isn't really a good way to combat #Typosquatting-based #Phishing beyond banning.offending domains...

#RateLimiting is an age-old #ReverseProxy feature focused on protecting against DDoS attacks. It treats all clients the same and is purely technical. In this day and age, most #API providers offer different subscription tiers; the higher the tier, the higher the rate limit, and the more you pay incidentally. It’s not technical anymore and requires to differentiate between clients.

In this post, I want to detail how to do it with #ApacheAPISIX.

https://blog.frankel.ch/different-rate-limits-apisix/

My colleagues are putting together a new DoS protection mechanism in the upcoming Knot Resolver 6. Together we have written a blog post outlining how it works. Enjoy!

https://en.blog.nic.cz/2024/07/15/knot-resolver-6-news-dos-protection-operators-overview/

#KnotResolver #KnotDNS #DNS #DDoS #DoS #security #ratelimiting

Dell API abused to steal 49 million customer records in data breach | …an example of poor security through lack of both rate limiting & behavioural modelling
https://alecmuffett.com/article/109806
#RateLimiting #dell #privacy

Dell API abused to steal 49 million customer records in data breach | …an example of poor security through lack of both rate limiting & behavioural modelling

Once they gained access to the portal, Menelik told BleepingComputer they had created a program that generated 7-digit service tags and submitted them to the portal page starting in March to scrape the returned information.
As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.

https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/

https://alecmuffett.com/article/109806

#dell #privacy #rateLimiting

@chriskirknielsen checked as well. Not available on free tier here neither … disappointed. Might have to rent a server for static sites and POCS to avoid non fixed costs. #netlify #rateLimiting

playing with my new #threshold #sphinx, and hmmm the rate-limiting causes about 32GB of RAM to be used for puzzle solving in case of 5 shareholders and all puzzles solving in parallel. i guess for the threshold setting i might want to tune down on the highest level of difficulty for the rate-limiting...

#ngi0 #nlnet #passwordmanager #ratelimiting

In one of the conversations about the great spam attack that happened this weekend, someone mentioned that some sort of rate limiting for new users might help mitigate this sort of thing in future.

I think that's not a bad idea, hey? A brand new user shouldn't be able to post more than, say, 60 times per hour (perhaps exclude Boosts from that, because Boosting is so quick and easy). And that limit gets removed once they've made their 100th legitimate post.

Obviously, some Fediverse server software might implement this while others may not, so it's important that it's implemented at the API level for incoming posts. If the user's home server doesn't enforce the rate limiting, but your server does, then your server shouldn't accept more than 60 incoming requests from that user per hour.

What do you think, @Gargron? Obviously make the limit configurable, but 60 (excluding Boosts) is probably a sensible default, no? 🤔

#SpamAttack #Fediverse #Security #RateLimiting