@@gerooq what he does is not overly complex, there is no way he could put a senior engineer out of a job, not saying he isnt talented, but anyone thats been learning dev for a few or more years will be able to do similar things to him
Happened to my startup (pretty much unknown outside of Egypt), but then I realized it was an attempt at credential stuffing and our login endpoint must've gotten on some list of something. Long story short, Cloudflare blocked all of that 😅
Some people just like to see what they can do to a system, it doesn't really matter what the system is. People found ways to attack the telephone system just to see if they could.
Thank you for the extension and the apps, it actually became my favourite dating app by now. Sooo nice to just talk to people who understand the things I’m into and also a dating app where not every second girl is a catfish. Thank you soooo much for this.
they're probs talking about overall requests: so like the html is one, then at least one css page, some javascript, images and with all that it becomes many request per page load
I've been working with AWS for a few years now and yeah - this is a hard lesson to learn. As soon as you open up anything to the internet, it's gonna get hit very hard. Glad you learned this without a massive bill!
Great video. Gives perspective to us beginners how insanely difficult is to run app in production. In development everything looks sweet. All these warning in courses "don't use this in production" make more sense.
felt bad for last video for VS-Stories, now same for this one.... Godddddd.... Nice videos Ben, Keep making lots of videos for us. Lots of love from India....
@@tiagosansaodev That's called survivorship bias. Just because nobody has ever met an angular dev doesn't mean they don't exist. It just means nobody has lived to tell the tale...
Hey Ben, huge fan, great works man! I wonder if you consider using a tool like Thundra to inspect your lambda functions or webapps in case of any similar issues. Disclaimer: I work for the company and be more than happy to see you in our Slack.
I could imagine the invocations not lining up with the requests is because Puppeteer loads the whole website which with uses way more requests to load all the different JS and CSS files.
This is a great lesson for anyone who runs a non-cacheable site like Carbon: consider finding some DDoS-protection feature, even just a basic one that alerts you if you get too many requests from a single source. Or even a single well-meaning developer can sink your site.
I don't think banning reports containing "hi" and "hello" is reasonable. I think it's not too uncommon instead of writing "This person harrassed me" to write " *Hello* , this person harrassed me". See what I mean?
should add a developer section along with love and friendship so people can find other devs to help with projects or issues durring development. devs helping devs ya know
Lambda functions auto-retries twice by default on failure, so when puppeteer fails, the lambda will retry the entire flow, hitting carbon 2 more times. And like you mentioned, that’s not even considering the potential retry built into puppeteer
Spawning a brand new Puppeteer process for every lambda invocation sounds very resource intensive tbh. It's probably better to have one Chromium/Puppeteer process running in the background and have it create a new tab for every call to your API
For your Google Places API, make sure you're only setting the components you need in the request (like address_components) and you can also use geolocation to more accurately pinpoint their location if you haven't already. Those two should help some with the bill but I'm no expert, just basing it off their API (and implementing it once)
are u using api gateway for that lambda func? I think u can set max concurrent request + max request per second there and the location dropdown, I guess u can add country/location table in yr postgres + make an API for UI to call, then will be lower cost others thing looks nice
I feel you on the Apple payment issues. Do a Spotify/Netflix and require people to pay for premium on the web where you can just use Stripe (although you can’t tell people that’s what they need to do in the app because Apple won’t allow that through review). It’s such a ballache.
I think there aren't just one request per Lambda instance per page view for render, because Carbon is written in Next.js so there maybe you have invoked SSR generation for each request and that's like a few new JS and CSS generated plus a lot of different assets (but probably most are just stored in static site like netlify), and if you multiply it by 9 or 10 for each of these "just in time" assets I think it make sense to have millions of requests
5:40 - Puppeteer loads images and css and everything. That's not just one request to them when ur lambda calls, using Puppeteer. Requests != visits. One visit creates multiple requests. Factor 100+ is still a bit much, though.
He's losing more and more trust in humanity for every video
Bro 😂
true
Lol calm down
Lol
Growing up, I think they call it.
81% males
Vsinder? more like VSgrindr
Bruh 💀
If the ratio is 50/50, the devs probably made a bunch of fake female profiles
Lmao
Actually that's pretty on par with reality. Most recent stats have Tinder users in the US split 72% male to 28% female
Nah that's actually closer to Tinder demographics.
alternate title: i accidentally DDoS'd carbon
Or "I accidently brought down an innocent website!"
VAANG Companies: VSinder, Amazon, Angular, Netflix, Google
don't put them next to these petty unknown companies
Wait, what is Angular doing in there?
Why would you put VSinder next to tiny, unknown companies like google lol
Google? Is that a company? I have never heard of it in my life
@@navthenugget Yeah they're just a search engine company or something haven't heard much about them either
They probably got pissed Ben took the anonymity away.
suspect thing to say
I know right? It's like children walking around in the skins of grown men. Childish as heck.
@@nomtijorti *foreskin
This 'series' of you launching products and following up on how they do and being honest about all mistakes is amazingly educational
i like how despite your experience, you still honestly acknowledge what you don't know, and then make a video about it
That's the wrong thing to do - He is giving them publicity
He's 23, he's not THAT experienced
@@CBMaster2 I am also 23 and I don't know even one fourth of him. I am so jealous.
@@snowwsquire ? jealous much?
@@gerooq what he does is not overly complex, there is no way he could put a senior engineer out of a job, not saying he isnt talented, but anyone thats been learning dev for a few or more years will be able to do similar things to him
I love this. The fact that someone went after this app is wild to me. Some people must really dislike code snippets. 😂
I've had random projects being DDoS'd in the past, I think it's just for fun
Or tinder.
Happened to my startup (pretty much unknown outside of Egypt), but then I realized it was an attempt at credential stuffing and our login endpoint must've gotten on some list of something. Long story short, Cloudflare blocked all of that 😅
Some people just like to see what they can do to a system, it doesn't really matter what the system is. People found ways to attack the telephone system just to see if they could.
If it can be hacked, it will be hacked, and for no reason
Angular devs learn hacking
@Azer Gamer YT Hahahhaha
Waiting for the attacker to comment "I did it."
You're sus
dude u sus
vote
Definitely impostor
I did it
People attack VSTinder just to have the pleasure to watch this video. I can imagine the laughs of that guy while DDoSing you.
not gonna lie this put a smile on my face
@@Meleeman011 Found the attacker.
@@Meleeman011 sus here
🤫
People are underestimating/ignoring the tech insights that are there in this video. Pure gold.
people thinking ben has enemies: this is production
Hahahaha. Now they’ll know what it’s like to perform a patch in production.
thats cause he does lol
I have a goal: I want to be your success story that met their future spouse on VSinder.
Or husband
@bychtromae oh i didn't know that
Step 1: Make sure you're gay.
Sorry It wasnt a DDoS, my mom just really loves a good and thick extension
Make VScode - spotify integration so that people can listen to same music while coding
That already exists actually.
When you code, you already have Spotify on your PC.
@@halbgefressen9768 underrated
Bad idea
Please leave software engineering please . Pros don't listen to music while coding
I spent 15 minutes writing a React joke but when I click vsinder was like bruh
The curse of Ben Awad's VS Code extensions
Thank you for the extension and the apps, it actually became my favourite dating app by now. Sooo nice to just talk to people who understand the things I’m into and also a dating app where not every second girl is a catfish. Thank you soooo much for this.
Love your attitude and breakdown of events dude, great work!
Ben: I don't really know why it was failing but it's working now
that's a programmer for sure
This made made my day, absolutely hilarious. Thank you Ben
The sweet pain of going prod
This boy somehow makes VS code compete with the 2 giants: App strore and Google play. Microsoft is gonna kiss his ass definitely.
You do know Carbon has an CLI project that spits out images? No puppeteer needed
they're probs talking about overall requests: so like the html is one, then at least one css page, some javascript, images and with all that it becomes many request per page load
Was about to write the same
CDN, ever heard about that?
@@user-mb4xy2cz3t amazingly still to this day, not many places use a CDN.
Probabaly will be some angular devs 😅
Haha, no we are not like that :)
@The Great Lord Kek no we r not
@The Great Lord Kek Yes we are
@@saqlainalvi3333 pretty sure we are though
@@greg6618 hey, where's the girl is from in your profile pic? Is she from monogatari series?
you should call this app VS Grindr
fuck'n LOL
This is a perfect lesson on lambda.
I've been working with AWS for a few years now and yeah - this is a hard lesson to learn. As soon as you open up anything to the internet, it's gonna get hit very hard. Glad you learned this without a massive bill!
Great video. Gives perspective to us beginners how insanely difficult is to run app in production. In development everything looks sweet. All these warning in courses "don't use this in production" make more sense.
I love these vscode versions of things and can't wait to see what others are coming if you decide to do more
felt bad for last video for VS-Stories, now same for this one....
Godddddd....
Nice videos Ben,
Keep making lots of videos for us.
Lots of love from India....
Just wanted to say that after really going through with the VSCinder: YOU ARE A LEGEND!
Congratulation! 200K
Love the Ajani, Caller of the Pride picture in the background :)
Noticed it by reading your comment 😁
Good Job 👏 . You learnt hard way but now you have valuable experience. Keep learning and Be curious.
You should have hit 1 mil by now dude your content is gold
Dude you got many enemies
Dem angular devs
Enemies .. lol
@@Khushpich I have never seen an angular developer, are they hostiles?
@@tiagosansaodev the legends says no one ever came back from seeing an angular dev
@@tiagosansaodev That's called survivorship bias. Just because nobody has ever met an angular dev doesn't mean they don't exist. It just means nobody has lived to tell the tale...
This projects sound like so much fun!
Thx for all the detailed info. Very interesting.
Damn Angular devs taking their revenge on you Ben. They are ruining developer's love life lol
MAAAN, you are a legend!!!
Great postmortem Ben! Glad the first week wasn't too hectic. Sounds like a lot of fun.
Becoming my favorite „real life DevOps“ channel on yt.
Many thanks for the honor witnessing the beginnings of a 1bn valuation unicorn as well. :-)
im so happy this guy is getting a following
this was a fun project!
Hey Ben, huge fan, great works man! I wonder if you consider using a tool like Thundra to inspect your lambda functions or webapps in case of any similar issues. Disclaimer: I work for the company and be more than happy to see you in our Slack.
Really like the tech stack breakdown for the whole app. You should do AWS's segment. THIS IS MY INFRASTRUTURE.
Man, you are a genius, no sarcasm, how do you get those ideas?
I felt your pain when you said ''puppeteer'' ... I was doing the same thing and had the same random errors lol.
It feels bright when you say "Of course it's Typescript"!🤣
Google went down recently and was fixed, VSinder went down and you fix! I see competition Ben. You competing with the Big Boiz!! Lol
Love watching Ben doing what he loves 🤣
I could imagine the invocations not lining up with the requests is because Puppeteer loads the whole website which with uses way more requests to load all the different JS and CSS files.
Lmao second time you make me laugh firstseeing the thumbnail of your video
I feel like a part of the problem is not using testers before releasing the final product
This is a great lesson for anyone who runs a non-cacheable site like Carbon: consider finding some DDoS-protection feature, even just a basic one that alerts you if you get too many requests from a single source.
Or even a single well-meaning developer can sink your site.
I don't think banning reports containing "hi" and "hello" is reasonable. I think it's not too uncommon instead of writing "This person harrassed me" to write " *Hello* , this person harrassed me". See what I mean?
// I'm going to do
message === 'hi'
// Not
message.includes('hi')
@@bawad hi
what
I love to watch the stuff i dont understand, I feel cool cause its Ben Awad
should add a developer section along with love and friendship so people can find other devs to help with projects or issues durring development. devs helping devs ya know
You are 2 years older than me and have like 10 years more experience. I'm probably throwing the towel but great work!
Okay Ben, I expect VSinder stories next. That's where the sponsored posts and ads can go :)
Waiting for VsTwitch
VsUA-cam
Vsitch
Lambda functions auto-retries twice by default on failure, so when puppeteer fails, the lambda will retry the entire flow, hitting carbon 2 more times. And like you mentioned, that’s not even considering the potential retry built into puppeteer
Thanks! Never was reconnaissance so easy...
Puppeteer seems much lighter than selenium damn
Spawning a brand new Puppeteer process for every lambda invocation sounds very resource intensive tbh. It's probably better to have one Chromium/Puppeteer process running in the background and have it create a new tab for every call to your API
For your Google Places API, make sure you're only setting the components you need in the request (like address_components) and you can also use geolocation to more accurately pinpoint their location if you haven't already. Those two should help some with the bill but I'm no expert, just basing it off their API (and implementing it once)
I love you Ben!!
2:46 this is exactly my kind of humor HAHAHAHAHAHA
Make sure you're using session-token for places API, also use autocomplete options to reduce costs
Not enough unit testing...
i think microsoft is way to small of a company to handle a social media as big as this
I love this app so much. I hope it stays up for a long time. It sounds like you may need a premium version to pay for that Google Places API though
Ben: "I'm gonna keep track of these people and they'll have a lifetime ban."
Google: I WANT HIM!
this was very entertaining
Deep down we know that this attack was made by some Angular lover
Should've known, Ben. None of us had a chance before.! (!_!)
My hero
Have you tried use Caprover, is heroku like opensource alternative.
I did this sorry, but thanks for letting me get experienced.
-dD
lmao also my lambda waiting for timeout cost me the most :D
Imagine being so out of ideas as a programmer that you literally DDoS a dating app for coders.
hey Ben, thanks for the great story! I have a question; can we have a online version of the profile in VSinder?
Ha ha all the drama!
keep it going!
How did Vercel contact you that you reacted so fast? did they call you or wrote an email/tweet and you literally saw it right at the moment
Hey, very cool extension! Hope you can update it to the new VSCode version!
A hero needs a enemy, what we will be hearing now if wasn't for this scam bags
That's it, humanity proved that you should never trust them.
Hacker: *DDOS’ Ben*
Ben: “Thank you!”
Will this change how you rate limit resolvers at all?
are u using api gateway for that lambda func? I think u can set max concurrent request + max request per second there
and the location dropdown, I guess u can add country/location table in yr postgres + make an API for UI to call, then will be lower cost
others thing looks nice
I feel you on the Apple payment issues. Do a Spotify/Netflix and require people to pay for premium on the web where you can just use Stripe (although you can’t tell people that’s what they need to do in the app because Apple won’t allow that through review). It’s such a ballache.
Did you switch to something like mapbox as a replacement for googles location service?
I think there aren't just one request per Lambda instance per page view for render, because Carbon is written in Next.js so there maybe you have invoked SSR generation for each request and that's like a few new JS and CSS generated plus a lot of different assets (but probably most are just stored in static site like netlify), and if you multiply it by 9 or 10 for each of these "just in time" assets I think it make sense to have millions of requests
ahahahahaha i knew you were the one who downed carbon lmao, said it in the previous video's comment xD
I sometimes start a report with a hi hello. Maybe test that logic first 😂
5:40 - Puppeteer loads images and css and everything. That's not just one request to them when ur lambda calls, using Puppeteer.
Requests != visits. One visit creates multiple requests. Factor 100+ is still a bit much, though.