What I find remarkable here is that it’s the perfect storm of the last ~5 years of SV dev culture. Hey, let’s build a Jurassic Park quote bot for a mission critical service at this weekend’s “hackathon” and then put the code on github, complete with the single auth token that we use for both work and leisure! There is no think, only do!
There are bots scraping. As part of a talk I published the git repo of a legacy codebase, not realizing it had still-valid AWS tokens three years back in its history. The repo went live as I started my talk; I wasn’t off the stage before a bot had found them and spun up 20 of the largest instances to mine Bitcoin. AWS was proactive in alerting me to the unusual usage and support was kind in cancelling the charges.
What I find remarkable here is that it’s the perfect storm of the last ~5 years of SV dev culture. Hey, let’s build a Jurassic Park quote bot for a mission critical service at this weekend’s “hackathon” and then put the code on github, complete with the single auth token that we use for both work and leisure! There is no think, only do!
Or, how to make tens of thousands of dollars from github searches.
The number of passwords on github alone is a crackers wet dream.
There are bots scraping. As part of a talk I published the git repo of a legacy codebase, not realizing it had still-valid AWS tokens three years back in its history. The repo went live as I started my talk; I wasn’t off the stage before a bot had found them and spun up 20 of the largest instances to mine Bitcoin. AWS was proactive in alerting me to the unusual usage and support was kind in cancelling the charges.