More

Maxious · 2026-04-16T13:20:28 1776345628

https://ai.google.dev/gemini-api/docs/billing#prepay

Maxious · 2026-04-16T13:20:12 1776345612

> When your Prepay credit balance on the billing account hits $0, all API keys in all projects linked to that billing account will stop working simultaneously. Prepay credits apply only to Gemini API usage costs; you can't use them to pay for other Google Cloud services.

https://ai.google.dev/gemini-api/docs/billing#prepay

Maxious · 2026-04-16T13:16:46 1776345406

> The Gemini API supports monthly spend caps at both the billing account tier and project levels. These controls are designed to protect your account from unexpected overages, and the ecosystem to ensure service availability

https://ai.google.dev/gemini-api/docs/billing#project-spend-...

rtkwe · 2026-04-16T13:19:12 1776345552

The problem is it's specific to that API and defaults to uncapped so people who aren't using it and haven't heard about the issues with the Firebase API keys probably won't have set them.

isoldex · 2026-04-16T13:56:32 1776347792

Spend caps exist for Gemini (Maxious linked them) - they just default to OFF. For an API that can bill four figures per hour, opt-in safety by default isn't a UX choice, it's a billing strategy

zozbot234 · 2026-04-16T13:23:23 1776345803

Except that Google's own statements are extremely clear that "leaked" (i.e. public) API keys should not be able to access the Gemini API in the first place: "We have identified a vulnerability where some API keys may have been publicly exposed. To protect your data and prevent unauthorized access, we have proactively blocked these known leaked keys from accessing the Gemini API. ... We are defaulting to blocking API keys that are leaked and used with the Gemini API, helping prevent abuse of cost and your application data." https://ai.google.dev/gemini-api/docs/troubleshooting#google...

For extra clarity on the exact so-called "vulnerability" that Google identified, see: https://news.ycombinator.com/item?id=47156925 This describes the very issue where some API keys were public by design (used for client-side web access), so the term "leaked" should be read in that unusually broad sense. Firebase keys are obviously covered, since they're also public by design.

(As for "Firebase AI Logic", it is explicitly very different: it's supposed to be implemented via a proxy service so the Gemini API key is never seen by the client: https://firebase.google.com/docs/ai-logic Clearly, just casually "enabling" something - which is what OP says they did! - should never result in abuse of cost on the scale OP describes.)

sillysaurusx · 2026-04-16T13:26:48 1776346008

There are other vectors, e.g. a compromised GCP key leading to $13k in Gemini charges (posted 3 days ago) https://www.reddit.com/r/googlecloud/comments/1sjzat3/api_ke...

whywhywhywhy · 2026-04-16T13:44:23 1776347063

Why is the default uncapped then other than the hopes of billing people who screw up or get exploited.

logankilpatrick · 2026-04-16T13:58:47 1776347927

We have a bunch of different protections in place, every account has a billing account cap by default (see: https://ai.google.dev/gemini-api/docs/billing#tier-spend-cap...), in the addition to the ability to set more granular developer spend caps.

drfloyd51 · 2026-04-16T13:51:14 1776347474

See also: Why is the default cap so low? I lost €78bojillion because my API stopped working.

Barbing · 2026-04-16T14:33:54 1776350034

Demand on-call phone numbers, autodial the entire company when it looks like they’re about to lose their first bojillion.

No, you don't really have to give Google a bunch of phone numbers. The input box will also accept entry of the following text:

“I'm a big stupid idiot, and when my API stops working, which it will, it will be all my fault and not Google's.”

jamespo · 2026-04-16T14:00:22 1776348022

Monitoring could pick this up in minutes rather than how long this took to discover

Maxious · 2026-04-16T07:28:39 1776324519

Model authors are welcome to add support to llama.cpp before release like IBM did for granite 4 https://github.com/ggml-org/llama.cpp/pull/13550

Maxious · 2026-04-16T07:24:38 1776324278

They spent several years in stealth mode but the initial release was llama.cpp.

Ollama v0.0.1 "Fast inference server written in Go, powered by llama.cpp" https://github.com/ollama/ollama/tree/v0.0.1

em-bee · 2026-04-16T08:19:24 1776327564

They spent several years in stealth mode

doing what?

trying to build themselves what llama.cpp ended up doing for them?

saghul · 2026-04-16T08:37:46 1776328666

I asked myself the same question. Some other commenter mentioned above they started with some Kubernetes infrastructure thing and they pivoted later.

Maxious · 2026-04-16T02:22:16 1776306136

He might have been a top bloke then but in recent years he has had irreconcilable relationship breakdowns with his co-founder https://www.reddit.com/r/australian/comments/1m3ilhy/inside_... , wife and CFO https://www.afr.com/technology/mike-cannon-brookes-wins-inju... and most recently CTO https://www.afr.com/technology/atlassian-slashes-1600-jobs-a...

Maxious · 2026-04-11T14:44:17 1775918657

Ability to virtualize on Apple devices and linux with GPUs https://github.com/scipy/scipy/issues/24990

Maxious · 2026-04-10T12:13:08 1775823188

Some devs did get the email and follow the process and still got kicked out

> Don’t let anyone tell you it’s because we didn’t read our emails or submit the right verification paperwork. Cuz we did all that back in October. > And this month, we were suddenly and without any warning locked out.

https://x.com/OSRDrivers/status/2042286973461709183

Maxious · 2026-04-08T11:52:51 1775649171

It's got a little zig mystery blob that does the hashing. Messing with that would run afoul of DMCA anticircumvention right?

Maxious · 2026-04-08T10:48:23 1775645303

Things can be worse - this decision means 2 out of the 3 principals of the Vienna School of Agentic Coding have not sold out to OpenAI

disiplus · 2026-04-08T10:53:43 1775645623