The article discusses that IP-based limiting doesn’t work as well as it used to. Because of NATs, proxies, etc., IP addresses are a lot more ephemeral and flexible, so they’ve seen the same big perpetrators adapt and change IPs when rate-limited. I expect we will start to see support for anonymous downloads go away in the next several months in many major OSS registries.
Charging is a good idea.
In any case it would not be crazy to rate-limit. If you’re downloading the same 10,000 components a million times, you deserve to be limited.
The article discusses that IP-based limiting doesn’t work as well as it used to. Because of NATs, proxies, etc., IP addresses are a lot more ephemeral and flexible, so they’ve seen the same big perpetrators adapt and change IPs when rate-limited. I expect we will start to see support for anonymous downloads go away in the next several months in many major OSS registries.
Thank you!
I actually wondered if the article mentioned that and I just missed it. I went back to check and apparently missed it twice.
I’m genuinely surprised they’ve been able to handle the traffic for this long. The numbers are staggering!
Imagine big companies getting “You have been banned for bandwidth abuse”