I was surprised that Github Actions allows you to write scripts that anon users could trigger by opening PRs. But then it turns out this is how a lot of open source CI flows work. So maybe Github overlooked that they would become the biggest player overnight and be an obvious target?
It's really strange to me. You would think anyone offering free anything on the internet knows there are people out there who will automate abusing your compute, storage, IPs, any resources you leave exposed.
I've seen someone abuse a password reset form cuz they could advertise using that email addr '+' trick. (realuser+buy_our_scam@example.com). On a platform that didn't even have a million users. If it's free resources, there's no scam too unlikely.
It's really strange to me. You would think anyone offering free anything on the internet knows there are people out there who will automate abusing your compute, storage, IPs, any resources you leave exposed.
I've seen someone abuse a password reset form cuz they could advertise using that email addr '+' trick. (realuser+buy_our_scam@example.com). On a platform that didn't even have a million users. If it's free resources, there's no scam too unlikely.