> we are going to refer to this cluster of activity as PURPLEURCHIN.
Is it just me that find it lame the usage of a code name for marketing purpose when in fact it just a simple abuse of the platform free quota with risks only for the platform?
I expect the cat-and-mouse game of crypto mining abuse may continue to plague "free" cloud and CI services for a while.
Though the tradeoff of burning an estimated $100K of github resources (though presumably github gets cheaper rates for Azure or whatever it runs Actions on) to net $137 for the scammers seems like it might run into scaling limits.
Interesting that CAPTCHAs are apparently useless for their supposed purpose of blocking robots.
> Assuming the costs of a user paying for the cheapest Ubuntu CI runner to perform the same computation, this would be a use of approximately $103,000 of GitHub’s resources.
$103k at retail price != $103k of costs. Github's owned by Microsoft so presumably they have access to cheap Azure instances. The costs only go down when you consider that free tier CI workloads are small and fungible among regions and server types.
> several thousand free accounts to earn $137
That sounds like it's getting close to the point where you'll show up in a simple random sample of user accounts.
The engineering effort of setting this up and keeping it running seems like it's a lot more than $137 of developer time.
Meh, services that assume everyone is a good actor just penalize honest users and line the pockets of bad actors.
Kind of like how the internet wasn’t designed with bad actors in mind so now we must all use Cloudflare or get taken down by a $5 booter cluster of smart toasters.
Shame on Github for the free nonsense that’s subsidized by paying customers.
Is it just me that find it lame the usage of a code name for marketing purpose when in fact it just a simple abuse of the platform free quota with risks only for the platform?