Sunday, September 29, 2013

Runaway Open Source Project - Lessons learned from developing HiSRC

TL;DR: Never reference files on servers you pay for in Open Source projects.

Today I noticed my monthly Amazon AWS bill was $20 more then normal.

Somehow 143GB of outbound transfer had happened in Sept. After an hour or two of investigation and deleting things out of buckets that may have caused it, I finally turned on logging and waited.

The logging revealed a plethora of requests for a file called 50K. I couldn't even remember what the file was there for. I thought maybe my account had been hacked. I finally Googled cdeutsch/50K and it immediately clicked.

Back in April of 2012 I helped developed the open source javascript library HiSRC. HiSRC checks for high resolution support and does a quick bandwidth test, if it detects either, high resolution images are served up dynamically on the client side.

Unfortunately I had placed the 50K test file in one of my Amazon S3 buckets and didn't change or remove that Url when making the library available publicly.

Fast forward to August 2013 and adoption of the HiSRC library has started to catch on by big names sites such as the following:

While it's flattering to have my nick cdeutsch appear in the source code of these sites, it's costing me money.

I've deleted the 50K file, but Amazon S3 will still charge me for the 403 errors that are now happening.

I'm waiting to hear back from Amazon on how to resolve this and am working on contacting the 3 biggest sites to get them to make the necessary changes.