10 comments

[ 2.7 ms ] story [ 27.9 ms ] thread
Very interesting... Obviously imperfect, but couldn't they just find a way to identify if a miner is running on the pipeline? Antivirus heuristics come to mind, but I'm not an expert at all in these topics.
This would result in a cat and mouse game requiring constant eng work
They will have to hide the anti-spam source code, after developing enterprise and community features in the open.
SaaS abuse unfortunately isn’t new.

On our SaaS app, we had to introduce a Captcha when adding users to an account. Spammers would write scripts to continually add, send welcome emails, and then delete users (getting around the 5 free user limit). They would place their spam in the account name, and the users first and last name.

Before we caught it, they were sending thousands of emails a minute via our paid-for upstream transactional email provider.

If it’s free, it’ll get abused eventually.

I really doubt credit cards will fix this, it's probably not hard to get lots of new credit card numbers (legitimately or otherwise.)
> Include public projects in pipeline minutes quota for free users.

Does that mean they just changed open-source projects from unlimited build minutes to 400 minutes a month? E.g. a single build a day if your build is 13 min (summing up every job's duration)?

Copying the discussion from http://disq.us/p/2h3tc04

> Jackie Porter: Remram - The 400 minutes per month will be a enhancement, coming in a future milestone for public projects. So, it is not effective immediately. We are researching the amount of minutes across open source contributions to make sure that we do not impact open source contributions in any way!

> Remram: 400 is low for active projects with multiple jobs so this sounds really scary! I am glad this is not set in stone.

> John Coghlan: Open source projects can also apply for the GitLab for Open Source program. Qualifying projects and organizations get 50,000 CI pipeline minutes and free licenses for GitLab's top tiers.