No as a Service

https://github.com/hotheadhacker/no-as-a-service

64•radeeyate•7mo ago

Comments

Haeuserschlucht•7mo ago

artogahr•7mo ago

blahaj•7mo ago

> Rate Limit: 10 requests per minute per IP

I understand that one wants some rate limiting so that others don't just use this as a backend for their own service causing every single request for their service to also create an API request. But this is as simple and resource unintensive as it gets for an HTTP server. 10 requests per minute is just silly.

Also could it be that the limit isn't enforced against the origin IP address but against the whole Cloudflare reverse proxy?

jaywcarman•7mo ago

10 requests per minute per IP is plenty enough to play around with and have a little fun. For anything more than that you could (should!) host it yourself.

blahaj•7mo ago

So it is just purposefully made to be less useful? Is that part of the joke?

The rate limit still pretty surely isn't applied per IP.

arp242•7mo ago

Mate, it's a joke, not a serous service. The only silly thing here is going off on a tangent about the rate limit.

mindtricks•7mo ago

If it helps you, think of the rate limiter as the "no" final boss.

choult•7mo ago

Well this is something... someone creating a service off the back of a meme that's been flying around my networks for the past two days...

ziddoap•7mo ago

Fun idea. I wonder why the rejection messages are repeated so often in the "reasons" file.

"I truly value our connection, and I hope my no doesn't change that." shows up 45 times.

Seems like most of the rejections appear between 30 and 50 times.

khanan•7mo ago

Was wondering the same thing.. Probably cruft so it looks impressive at a glance.

Retr0id•7mo ago

If you ask LLMs for a long enough list of things, they often repeat entries.

MalbertKerman•7mo ago

There are 25 unique responses in that 1000-line file.

justin_oaks•7mo ago

Once you remove the duplicates that are different only because of the typos in them, yes, that's correct.

mikepurvis•7mo ago

A single large file is also sadness for incorporating suggestions from collaborators as you're always dealing with merge conflicts. Better might be a folder of plain text files, where each can have multiple lines in it, and they're grouped by theme or contributor or something.

spiffyk•7mo ago

A folder of plain text files will be sadness for performance. It's a file with basically line-wise entries, merge conflicts in that will be dead easy to resolve with Git locally. It won't be single-click in GitHub, but not too much of a hassle.

Retr0id•7mo ago

It's ~fine for performance if you load them once at service startup. But I agree, merging is also no big deal.

mikepurvis•7mo ago

In fairness, I doubt most of these kinds of meme projects have a maintainer active enough to be willing to conduct local merges, even if it's "dead easy" to do so.

Maybe then this is really a request for Github to get better/smarter merge tools in the Web UI, particularly syntax-aware ones for structured files like JSON and YAML, where it would be much easier to guess, or even just preset AB and BA as the two concrete options available when both changes inserted new content at the same point. It could even read your .gitattributes file for supported mergers that would be able to telegraph "I don't care about the order" or "Order new list entries alphabetically" or whatever.

cf. https://github.com/jonatanpedersen/git-json-merge

KTibow•7mo ago

It might be a weighted random.

ziddoap•7mo ago

Might be!

Not the way I'd approach it, but as a joke service, if it works it works.

varun_ch•7mo ago

> {"error":"Too many requests, please try again later."}

I guess it still works.

lgl•7mo ago

Bug report: when the server is overloaded, the No's are no longer random :)

kenrick95•7mo ago

Classic Hacker News hug of death

xnorswap•7mo ago

It looks like it's limited to 10 requests per minute, it's less of a hug and more of a gentle brush past.

It's documented as "Per IP", but I'm willing to bet either that documentation is wrong, or it's picking up the IP address of the reverse proxy or whatever else is in-front of the application server, rather than the originator IP.

Why do I think that? Well these headers:

    x-powered-by Express

    x-ratelimit-limit 10

    x-ratelimit-remaining 0

Which means it's not being rate-limited by cloudflare, it's express doing the rate limiting.

And I haven't yet made 10 requests, so unless it's very bad at picking up my IP, it's picking up the cloudflare IP instead.

egberts1•7mo ago

Probably all those cookies tipped and triggered the connection rate limiter.

xnorswap•7mo ago

I'm not following you at all?

NotMichaelBay•7mo ago

It's so elegant. Even in failure, it's still operational.

riquito•7mo ago

Love it, it's brilliant, but I think the rate limiting logic is not doing what the author really wants, it actually costs more cpu to detect and produce the error than returning the regular response (then my mind goes on how to actually over optimize this thing, but that's another story :-D )

hotheadhacker•7mo ago

Rate limiting has been removed

Retr0id•7mo ago

It could be genuinely useful for testing HTTP clients if it had a wider array of failure modes.

Some ideas:

- All the different HTTP status codes

- expired/invalid TLS cert

- no TLS cipher overlap

- invalid syntax at the TLS and/or HTTP level

- hang/timeout

- endless slowloris-style response

- compression-bomb

- DNS failure (and/or round-robin DNS where some IPs are bad)

- infinite redirect loop

- ipv6-only

- ipv4-only

- Invalid JSON or XML syntax

zikani_03•7mo ago

Not exactly what you are asking for, but reminded me that Toxiproxy[0] exists if you want to test your applications or even HTTP clients against various kinds of failures:

[0]: https://github.com/Shopify/toxiproxy

deanputney•7mo ago

Not sure why, but reasons.json is mostly duplicates (as many as 50!) of the same 25 responses: https://gist.github.com/deanputney/4143ca30f7823ce53d894d3ed...

It'd be easier to add new ones if they were in there a single time each. Maybe the duplication is meant to handle distribution?

finnh•7mo ago

ah, yes, the "memory is no object" way of obtaining a weighted distribution. If you need that sweet sweet O(1) selection time, maybe check out the Alias Method :)

justin_oaks•7mo ago

Knowing that there are only 25 responses, it makes it all the more funny that rate limiting is mentioned.

And you can host the service yourself! Hard pass. I'll read the 25 responses from your gist. Thanks!

thih9•7mo ago

Example responses:

https://raw.githubusercontent.com/hotheadhacker/no-as-a-serv...

anonymousiam•7mo ago

Looks impressive, but out of the 1000 possible responses, only 26 are unique.

qrush•7mo ago

Oh great, it's Balatro's Wheel of Fortune card as a Service (WoFaaS)

hombre_fatal•7mo ago

I made a lot of things like this as a noob and threw them up on github.

As you gain experience, these projects become a testament to how far you've come.

"An http endpoint that returns a random array element" becomes so incredibly trivial that you can't believe you even made a repo for it, and one day you sheepishly delete it.

blahaj•7mo ago

I don't think things have to be impressive to be shown. A funny little idea is all you need, no matter how simple the code. Actually I find exactly that quite neat.

TehCorwiz•7mo ago

I think you'll enjoy this better: https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpris...

seabass•7mo ago

{"error":"Too many requests, please try again later."}

a missed opportunity for some humor

richrichardsson•7mo ago

{"error":"Computer says no."}

readthenotes1•7mo ago

Beats "I have a headache"

n8m8•7mo ago

inb4 someone genuinely doesn't understand why you wouldn't do this with an LLM

macleginn•7mo ago

A worthy spiritual disciple of the Journal of Universal Rejection (https://www.universalrejection.org/)

svilen_dobrev•7mo ago

nice. Reminds me of BOFH (Bastard operator from Hell) . And those box-like calendars with page-per-day with some excuse^w^w tip on each :)

https://bofh.bjash.com/bofh/bofh1.html

hotheadhacker•7mo ago

The API rate limiting has been removed.

Serde's borrowing can be treacherous

13thrule

Show HN: Kill List–A local-first PWA where tasks deletes if not done by midnight

DHS Changes Process for Awarding H-1B Work Visas to Protect American Workers

Show HN: Rpmrepo-update – Incremental RPM repo updates for S3 (no full sync)

We "solved" C10K years ago yet we keep reinventing it

'Call of Duty' co-creator killed in fiery Ferrari crash caught on video

Hack your way to a good Git history

Reservoir thermal energy storage for data center cooling system

Is Our Democracy Failing Because We're Not Thinking Enough? – James Fishkin [video]

Show HN: GenresFox v0.4 – Hand-Written, Zero-Dependency Rust WASM

Why so many famous Berlin clubs are closing [video]

Show HN: Picunic – convert image to Unicode art using ML

Show HN: Typed-Prompts – Type-Safe Prompt Engineering

The Computer Chronicles – Artificial Intelligence (1984) [video]

Show HN: FIDO2 PRF with TPM and Fingerprint Auth for Confer on Linux

Taiwan ramps up plans for overseas chipmaking as threat from China looms

Do you need a lead scoring model?

What (I think) makes Gemini 3 Flash so good and fast

Safety panel says NASA should have taken Starliner incident more seriously

Python Anti-Patterns

Show HN: OmniWM a macOS tiling window manager Niri inspired

Pen testers accused of 'blackmail' after reporting Eurostar chatbot flaws

Nvidia Acquires Groq's Assets

Google is 'gradually rolling out' option to change your gmail.com address

SwiftUI, Universal, CloudKit-Based Free Cocktail App

Memory Safety

Trilium v0.101.0: 8-year anniversary of Trilium (personal knowledge base)

Use Codex (OpenAI Coding Agent Framework) for a Personal Search Solution

As HN: How do I route around Substack's age verification?

Serde's borrowing can be treacherous

13thrule

Show HN: Kill List–A local-first PWA where tasks deletes if not done by midnight

DHS Changes Process for Awarding H-1B Work Visas to Protect American Workers

Show HN: Rpmrepo-update – Incremental RPM repo updates for S3 (no full sync)

We "solved" C10K years ago yet we keep reinventing it

'Call of Duty' co-creator killed in fiery Ferrari crash caught on video

Hack your way to a good Git history

Reservoir thermal energy storage for data center cooling system

Is Our Democracy Failing Because We're Not Thinking Enough? – James Fishkin [video]

Show HN: GenresFox v0.4 – Hand-Written, Zero-Dependency Rust WASM

Why so many famous Berlin clubs are closing [video]

Show HN: Picunic – convert image to Unicode art using ML

Show HN: Typed-Prompts – Type-Safe Prompt Engineering

The Computer Chronicles – Artificial Intelligence (1984) [video]

Show HN: FIDO2 PRF with TPM and Fingerprint Auth for Confer on Linux

Taiwan ramps up plans for overseas chipmaking as threat from China looms

Do you need a lead scoring model?

What (I think) makes Gemini 3 Flash so good and fast

Safety panel says NASA should have taken Starliner incident more seriously

Python Anti-Patterns

Show HN: OmniWM a macOS tiling window manager Niri inspired

Pen testers accused of 'blackmail' after reporting Eurostar chatbot flaws

Nvidia Acquires Groq's Assets

Google is 'gradually rolling out' option to change your gmail.com address

SwiftUI, Universal, CloudKit-Based Free Cocktail App

Memory Safety

Trilium v0.101.0: 8-year anniversary of Trilium (personal knowledge base)

Use Codex (OpenAI Coding Agent Framework) for a Personal Search Solution

As HN: How do I route around Substack's age verification?

No as a Service

Comments