←back to thread

A New Future for Icanhazip

(major.io)
980 points nkcmr | 7 comments | 06 Jun 21 19:21 UTC | HN request time: 0.001s | source | bottom
Show context
OskarS ◴[06 Jun 21 20:02 UTC] No.27415822[source]
I’ve seen packages that do ”internet-detection” by calling out to icanhazip.com, and I just thought that was so irresposnible. What if your package got popular, how much money are you costing the hoster? For services like this, people just don’t consider the fact that there’s someone on the other side.
replies(3): >>27416037 #>>27416043 #>>27416090 #
1. ljm ◴[06 Jun 21 20:30 UTC] No.27416037[source]
I feel the same about dependency steps in CI, without a cache or any similar structure. Package repos like Rubygems, NPM and PyPi get utterly rinsed by the continual downloading and redownloading of stuff the client should have already stored.
replies(3): >>27416407 #>>27417810 #>>27417948 #
2. trulyme ◴[06 Jun 21 21:15 UTC] No.27416407[source]
This. And both with GitHub and GitLab it takes quite a bit of an extra effort to setup caching. It hurts to see 'npm ci' download half the internet every time a developer pushes to dev server.
replies(1): >>27416595 #
3. yellow_lead ◴[06 Jun 21 21:41 UTC] No.27416595[source]
Would be interesting to speculate about the greenhouse effect of all these repeated downloads
replies(2): >>27418148 #>>27425471 #
4. Seirdy ◴[07 Jun 21 00:47 UTC] No.27417810[source]
That's why the first step of CI for me, when possible, is to rsync a .tar.gz file from the server I'm deploying to. The tarball contains statically-linked binaries and other stuff I'll need for the build.

It's also a good reason for CI providers to mirror package repositories.

5. SilverRed ◴[07 Jun 21 01:11 UTC] No.27417948[source]
Nothing is going to change until the hosters make it a pain to abuse. Rubygems could require an api key to download from and rate limit that key.

Sure you could attempt to generate a bunch of keys and cycle them but it would be easier to just cache your gems.

6. bombcar ◴[07 Jun 21 01:53 UTC] No.27418148{3}[source]
It used to be possible to have a squid or even a backwards varnish cache handle lots of this but https everything has made that much harder to do. Still possible, however.
7. ljm ◴[07 Jun 21 17:37 UTC] No.27425471{3}[source]
If nothing else, it is patently wasteful and, as a user, you don't really see CI billed in terms of network bandwidth. Just indirectly through the equivalent of mainframe minutes. And even then, that's not enough to discourage anyone from building a suboptimal pipeline.