Dev.to is banned by HN so that’s limiting.

This is definitely news to me. Why?

I asked this same question last week:

https://news.ycombinator.com/item?id=27108910

Have a scan through the homepage. I often find the same few people posting broad questions over and over again to generate engagement. On top of that I feel most of the article titles tend to be click bait. I have come across one or two really good articles but they are very much the exception.

I'd guess due to too many low quality or spammy submissions from there.

The other answer is apparently the reason. It’s a shame, too, because it flags people as self-promoting even if they’re posting interesting articles that have no self promotion at all.

If you host a static blog I don't think you don't need cloudflare.

Cloudflare Pages [1] is relatively new, but I recently had a pleasant experience using it for a small static site recently

[1] https://pages.cloudflare.com/

Gcp bandwidth is only free up to 1gb. The site I host on there would easily exceed that with without cloud flare in front.

Besides, it lowers latency for users by being a real cdn with a lot of points of presence, and therefore improves the experience.

If your data is metered, is a good idea for peace of mind. Otherwise you risk someone dosing you and getting a large bill. That applies to both static or dynamic content.

Could you explain how that would work? I thought DOS generally worked by overloading a host with mostly invalid incoming packets.

Are DOS attacks that cause lots of outgoing bandwidth common? And wouldn't launching such a DOS attack be somewhat expensive in the first place?

Also, I don't think any of the hosting companies I use have metered bandwidth. I assume that if I used excessive bandwidth I'd just end up saturating the network, but for a blog with mostly text and a few images that shouldn't be an issue.

As example: The comment above explicitly mentioned using GCP. GCPs "free" tier includes a whopping 1 GB of free traffic each month, everything over that is individually billed. (Arguably the correct answer is "don't use cloud hosts for such things, their bandwidth is stupidly overpriced for this use case", not "use a CDN to mitigate that")

> I thought DOS generally worked by overloading a host with mostly invalid incoming packets.

It's any traffic. It can be invalid packets if that's effective, but it can also be complete http requests.

> Are DOS attacks that cause lots of outgoing bandwidth common?

They're commonly about saturating the incoming bandwidth. But there's nothing wrong with more outgoing traffic if someone wants to hit you that way.

> And wouldn't launching such a DOS attack be somewhat expensive in the first place?

Not if you're using other people's hacked endpoints. (Which is pretty much the default these days)

If you use a service with just a data cap, that's fine. I commented with AWS / GCP / others in mind.

DoS is often misunderstood.

It's perfectly normal for legitimate traffic to accidently DDoS you if you have low specs (or a huge unwieldy site) and get a link somewhere popular like HN.

I run a blog on a small cloud VM. If it made front page of HN all those visitors would DDoS my site "by accident" in no time.

Don't forget, accessing a website the normal way is outbound bandwidth.

Incidentally, I like to use my blog to explain topics that aren't widely understood outside of tech people or domain specific experience.

Maybe I should be a bit more active and explain things like this?