undefined | Better HN

0 pointsactuator5y ago0 comments

I don't know anything about this but being an engineer myself I am assuming you hit a rate limiting function.

I am assuming Gmail caches the images when you upload, image upload being an expensive operation per se; when you uploaded so many at once, it must have triggered a rate limiting mechanism which stopped requests from you until the cooldown window kicked in.

Why would they add a rate limiting method? It makes sense for every product to have rate limiting beyond fair use, otherwise it makes it susceptible to denial of service attacks by attacking expensive APIs with high volume.

Why did the rate limiting mechanism blanket limited Gmail? I am assuming they either just have a global threshold or you breached both API and global threshold at the same time.

Should they have informed you? Maybe the message was in HTTP code.

Again, no way for me to verify this. These are just my assumptions from building rate limiting solutions in the past. Every service should have rate limiting mechanism, probably with better user messaging I guess.

0 comments

macspoofing5y ago

I can speculate just as well as the next guy. Their system could have been been rate limiting me, or maybe it decided I was a spammer abusing the system. The point is, there was no transparency.

actuatorOP5y ago

Well, limiting your control for some time on matching spamming heuristics is also kind of rate limiting. I am not sure I see the link between number of email attachments and spam though.

> The point is, there was no transparency.

Agreed on this and I alluded to this in my comment.

Though to play devil's advocate again, some security practices are intended to be not transparent. Like 404 instead of 401/403 on admin pages for non admin users. Not specifying what out of username,password,totp combo didn't match.

j / k navigate · click thread line to collapse