I know a lot of people talk about GH outages, but I personally haven't encountered it even tho as you can see form my profile (github.com/crisdosaygo) I'm on there everyday. Maybe my workflows don't hit the weak spots, idk.
But the reason I created this was because Actions always worked so well for me, and it seemed to have so many possibilities to build things on it.
Regarding the Global Free Tier, every GH account comes with Actions Minutes and this is way to have a nice CLI to put them to use toward your building, and maybe have a spot for agents to do some work you don't want locally.
Bigger picture, I feel GH led the way providing this idea of "compute as utility" (free compute for even free GH accounts, was amazing - but I really think that the future is shaped like that). I'm serious about that: AI will eventually become cheaper to train and infer, and the oversupply of compute will be a background layer we will have access to much cheaper. Just one of the trends. So the idea of the Global Free Tier or Background Compute as a universal utility, is something I think si really real.
Also probably important to note that the reliability issues GH seems to have faced, are more of a recent uptick, but Actions has had this free tier for ages.
Given the consistent outages everywhere on GitHub, they actually should put GitHub Actions under a paid tier only if they want their platform to be sustainable and stable. Period.
It's quite irresponsible of them to have almost all the core features free and a paid tier would significantly reduce abuse of it (and especially GitHub Actions) like this.
If they don't, then don't be surprised to see more outages on their platform.
Honestly, I was tyring to pick a name, and I picked the one that made me laugh the most. Sparks joy. Because that's what it really is: a charity of ghost machines. GH provides these amazing free compute minutes, and this is a way to use them to focus on dev tasks.
I built this because I was always creating machines on GH actions to test builds on different OS, and I wanted a tight CLI that could do it. I always saw Actions as this great resources and ephemeral machines you could do dev work in just were a natural way for me to work, so this grew out of that workflow.
I didn't expect it to blow up, so it wasn't 100% finished when I posted it. But it should stabilize pretty quickly.
This idea is great in concept, and I think it's important to state that, but the GitHub Actions stuff is against TOS iirc + they will need to address that pretty quickly.
The multiple levels of abuse here are astounding. That grown adults can think projects like this are acceptable, let alone promote them, is hard to believe. I am 90% sure this is yet another vibecoded project. Has vibecoding really corrupted people?
First, I am fairly certain this violates Github's ToS. Second, it effectively amounts to a denial of service. Third, are people seriously using the .charity TLD to host something this frivolos? Have people got no sense of propriety anymore?
No, this is just using GH Actions runners as ephemeral dev machines for your software work, plumbed together with cloudflared and tor for SSH and HTTP connectivity. It would likely been just a % of all Actions across all other jobs even if it was wildly popular. This is a mistaken interpretation, in reality.
Yeah, I think that's what the program creates in your github account. I see the source to those files embedded in the executable. (I'm not running the executable, but I downloaded the linux one to my mac to take a look inside.)
I don't believe in releasing source anymore after years of doing it. It's closed source, Rust binary, proprietary but free software offered as a utility. It's the same patterns as used by coding agents and many other CLI tools.
Won't the supply-side incentives misalign with demand-side's desires in this case?
If you choose a specific company's free tier, you can rely on reputation and switch if they misbehave (e.g. they exfiltrate your secrets, log all your activities, build a profile on your workload behavior, etc). But if you don't know where your workload being deployed, the operator has less incentive to treat your compute with respect.
Means this is really only useful for nearly-public workloads, where tampering is not a critical failure mode.
I think there's a case for self-hosted runners, and right now it only supports the basic ubuntu, macos and window latest. But I see a path to adding the larger paid runners as part of the toml for machine shape in future.
this is exactly what a bad actor would do to temp the greedy. If they are providing free ssh access, why not just use an ssh client instead of curl|sh? That's crazy! And free compute is even crazier. I guess they could make money based off training or selling whatever you put on there.
I'm not trying to make money on this. I just think it's a useful utility. The SSH tunnels are provided by cloudflared and tor (as a backup, CF free tunnels sometimes flake).
To be honest a bit true, I use exe.dev and it prefers to use ssh or or just directly within the browser itself and that certainly helps with the trust (also exe.dev is awesome, +1 to it using since day 1)
Also the repository itself doesn't exist anymore as it shows me a 404, I haven't run any code or anything but it would definitely be nice if keepamovin talks more about it as the idea itself is nice but yeah.
Some years ago I toyed with the idea of running a minecraft server inside github actions,
I used tailscale to create a public endpoint and saved the world in an artifact that was re-loaded on the next run. It worked really well, but the point was never to actually use it for real.
Is there a meaningfully useful version of automatically write to an encrypted disk / RAM that could be used with a random cloud instance? Obviously the decryption key would be in RAM somewhere but as a short term best practice it might be somewhat useful
I wish the link for "Global Free Tier" [1] included an actual list of the free tiers GhostBox is using (ideally also including some kind of table/rubric for comparisons and any limitations, benefits, etc unique to each).
It sounds like Github Actions is the first choice, if it's unavailable (or if Github blocks GhostBox in the future), are each of the alternatives viable as a more or less drop-in replacement? Or would there be loss of functionality?
Those are the questions I had when reading through the site so I think some basic technical docs would go a long way to help people understand the project and decide to give it a try. I like the cute/whimsical branding but I'll admit to doing a little internal eye-roll when I clicked that link expecting technical specifics and instead read:
> GitHub Actions is only the first place ghosts come from. There are strange little pockets of temporary compute all over the internet. Ghostbox makes them feel like one small machine.
It's a neat idea though, and I've definitely had moments where I wished I could just spin up a free, temporary VM/container to do something but didn't feel like researching the current free-tier landscape and filling out a sign-up form and stuff.
Right now it's only GitHub Actions. I didn't want to overbuild in case it wasn't a thing for others. I mostly use Actions myself. But I'm open to adding more. I think the GFT is real.
Thanks. I posted and really didn't expect any points. So checking back after 40 minutes and seeing it blown up was quite a shock. I'm working through all the things people have pointed out!
So that's why we will see GitHub Actions continuing to go down so frequently every day of the week. From their "terms of service" [0]
> Ghostbox is software for launching short-lived development machines using third-party infrastructure such as GitHub Actions, tunnels, shells, agents, and related developer tools.
So this will go down, just like GitHub Actions since it abuses the subsidised free tier of GitHub Actions to run a service like this and it is likely against the GitHub TOS.
AI=generated article that asks you to download and run some random binary. Github account is just more AI slop. Everything to me just screams that it's a malware.
Or this is normal here?
I know a guy who gets a bunch of old hardware as a recycler, We made the Shell On Demand Appliance for DEFCON[1] awhile back and would love to expand it, but power/internet would just cost too much. we have the hardware and software to do this. just not the long term recurring
Thanks, I know exactly something which has been in my mind to build which can be made possible with this.
Basically any golang/any language cli application preferably-static can be dropped and ran in ghostbox plus xterm in browser (and additionally cloudflare tunnels) or perhaps directly to give a web link.
Anyone can then click on that web link to then try out the cli application. Think jujutsu and others too and they can do this upto 90 minutes.
Feel free to pick up on this idea as more importantly than not, I would personally love to see an idea like this, even something with asciinema to finally show how an app feels and looks.
Can you please tell me more about what is the structure behind Ghostbox and on what service does it run upon? Hetzner/OVH or something else? I would be interested to know more about the infrastructural decisions behind it and does it run on firecrackers, quite so many questions!
This is a really cool project, thanks for making this and have a nice day!
Thanks, bud. Right now it just uses spins up an ephemeral machine from GitHub Actions. I mostly used GH myself so have not added any more providers yet - but the Global Free Tier is trending up. Will add more in future.
Things like this are the reason why companies like GitHub then put everything under a paid tier.
I know a lot of people talk about GH outages, but I personally haven't encountered it even tho as you can see form my profile (github.com/crisdosaygo) I'm on there everyday. Maybe my workflows don't hit the weak spots, idk.
But the reason I created this was because Actions always worked so well for me, and it seemed to have so many possibilities to build things on it.
Regarding the Global Free Tier, every GH account comes with Actions Minutes and this is way to have a nice CLI to put them to use toward your building, and maybe have a spot for agents to do some work you don't want locally.
Bigger picture, I feel GH led the way providing this idea of "compute as utility" (free compute for even free GH accounts, was amazing - but I really think that the future is shaped like that). I'm serious about that: AI will eventually become cheaper to train and infer, and the oversupply of compute will be a background layer we will have access to much cheaper. Just one of the trends. So the idea of the Global Free Tier or Background Compute as a universal utility, is something I think si really real.
Also probably important to note that the reliability issues GH seems to have faced, are more of a recent uptick, but Actions has had this free tier for ages.
Given the consistent outages everywhere on GitHub, they actually should put GitHub Actions under a paid tier only if they want their platform to be sustainable and stable. Period.
It's quite irresponsible of them to have almost all the core features free and a paid tier would significantly reduce abuse of it (and especially GitHub Actions) like this.
If they don't, then don't be surprised to see more outages on their platform.
Do you realize how disastrous it would be for the open-source ecosystem to remove actions from the free tier?
Yeah, I can't imagine if open source maintainers had to pay for their own laptop, food, electricity, housing, transportation, or compute time.
They might have to figure out running CI on their own hardware. The horror.
Weird to have a .charity TLD but promote abusing Github Actions as free compute.
Volunteering the money of others is a favourite human pastime.
Honestly, I was tyring to pick a name, and I picked the one that made me laugh the most. Sparks joy. Because that's what it really is: a charity of ghost machines. GH provides these amazing free compute minutes, and this is a way to use them to focus on dev tasks.
IN future, I think I'll add other providers.
[dead]
That's so weird.
The repository now appears to be disabled.
https://github.com/DO-SAY-GO/ghostbox-releases
https://github.com/crisdosaygo/ghostbox-home-reveal
I built this because I was always creating machines on GH actions to test builds on different OS, and I wanted a tight CLI that could do it. I always saw Actions as this great resources and ephemeral machines you could do dev work in just were a natural way for me to work, so this grew out of that workflow.
I didn't expect it to blow up, so it wasn't 100% finished when I posted it. But it should stabilize pretty quickly.
Happy to know what you think and talk about it.
This idea is great in concept, and I think it's important to state that, but the GitHub Actions stuff is against TOS iirc + they will need to address that pretty quickly.
The multiple levels of abuse here are astounding. That grown adults can think projects like this are acceptable, let alone promote them, is hard to believe. I am 90% sure this is yet another vibecoded project. Has vibecoding really corrupted people?
First, I am fairly certain this violates Github's ToS. Second, it effectively amounts to a denial of service. Third, are people seriously using the .charity TLD to host something this frivolos? Have people got no sense of propriety anymore?
No, this is just using GH Actions runners as ephemeral dev machines for your software work, plumbed together with cloudflared and tor for SSH and HTTP connectivity. It would likely been just a % of all Actions across all other jobs even if it was wildly popular. This is a mistaken interpretation, in reality.
You can read what it is more clearly, here: https://github.com/crisdosaygo/ghostbox-home-reveal
Like social media vibe coding doesn’t change people. It just makes their character more obvious
GitHub is going to love this. No wonder Actions keeps getting worse and worse.
Looks like the Github repo has already been nuked, I'm guessing for violating ToS on Github actions?
The website has a broken github link. Repo is here https://github.com/DO-SAY-GO/ghostbox-releases but it's only a README.md with binary releases. No public source code?
The readme says it’s proprietary code that’s free to use during a “preview”.
Odd to be so tied to GitHub for proprietary code.
GitHub is one of the most readily accessible sources of parasitic compute resources.
https://github.com/crisdosaygo/ghostbox-home-reveal This looks more promising?
Yeah, I think that's what the program creates in your github account. I see the source to those files embedded in the executable. (I'm not running the executable, but I downloaded the linux one to my mac to take a look inside.)
Yeah this seems pretty sketch.. I would not run that binary.
I don't believe in releasing source anymore after years of doing it. It's closed source, Rust binary, proprietary but free software offered as a utility. It's the same patterns as used by coding agents and many other CLI tools.
Sorry I forgot to set it public. It's fine now.
Won't the supply-side incentives misalign with demand-side's desires in this case?
If you choose a specific company's free tier, you can rely on reputation and switch if they misbehave (e.g. they exfiltrate your secrets, log all your activities, build a profile on your workload behavior, etc). But if you don't know where your workload being deployed, the operator has less incentive to treat your compute with respect.
Means this is really only useful for nearly-public workloads, where tampering is not a critical failure mode.
That is why unless you own it yourself, a "free tier" is not truly "free".
This service uses GitHub Actions and it is likely against GitHub's terms of service and GitHub can pull the rug if they wanted to.
If you don't own it, there is always a catch when something claims to have a "free tier". This is one of them.
I think there's a case for self-hosted runners, and right now it only supports the basic ubuntu, macos and window latest. But I see a path to adding the larger paid runners as part of the toml for machine shape in future.
this is exactly what a bad actor would do to temp the greedy. If they are providing free ssh access, why not just use an ssh client instead of curl|sh? That's crazy! And free compute is even crazier. I guess they could make money based off training or selling whatever you put on there.
I'm not trying to make money on this. I just think it's a useful utility. The SSH tunnels are provided by cloudflared and tor (as a backup, CF free tunnels sometimes flake).
To be honest a bit true, I use exe.dev and it prefers to use ssh or or just directly within the browser itself and that certainly helps with the trust (also exe.dev is awesome, +1 to it using since day 1)
Also the repository itself doesn't exist anymore as it shows me a 404, I haven't run any code or anything but it would definitely be nice if keepamovin talks more about it as the idea itself is nice but yeah.
https://web.archive.org/web/20260501150640/https://github.co...
This is 100% against githubs TOS lol.
Some years ago I toyed with the idea of running a minecraft server inside github actions, I used tailscale to create a public endpoint and saved the world in an artifact that was re-loaded on the next run. It worked really well, but the point was never to actually use it for real.
No, these are dev machines you use for your software building, so it's not.
Is there a meaningfully useful version of automatically write to an encrypted disk / RAM that could be used with a random cloud instance? Obviously the decryption key would be in RAM somewhere but as a short term best practice it might be somewhat useful
Where is the source ? This looks fishy, no way I'll run this bin..
Couldn't get it working on MacOS or Linux:
$ curl -fsSL https://www.ghost.charity/install.sh | bash Checking for Ghostbox updates... curl: (22) The requested URL returned error: 404 Could not fetch ghost-linux-x64.tar.gz from https://github.com/DO-SAY-GO/ghostbox-releases/releases/late...
Perhaps removed?
"There are spare machines everywhere. GitHub Actions is only the first place ghosts come from." ... seems a bit odd.
Should work fine now. REpo was not public at first.
I wish the link for "Global Free Tier" [1] included an actual list of the free tiers GhostBox is using (ideally also including some kind of table/rubric for comparisons and any limitations, benefits, etc unique to each).
It sounds like Github Actions is the first choice, if it's unavailable (or if Github blocks GhostBox in the future), are each of the alternatives viable as a more or less drop-in replacement? Or would there be loss of functionality?
Those are the questions I had when reading through the site so I think some basic technical docs would go a long way to help people understand the project and decide to give it a try. I like the cute/whimsical branding but I'll admit to doing a little internal eye-roll when I clicked that link expecting technical specifics and instead read:
It's a neat idea though, and I've definitely had moments where I wished I could just spin up a free, temporary VM/container to do something but didn't feel like researching the current free-tier landscape and filling out a sign-up form and stuff.[1] https://www.ghost.charity/#gft
Yeah, I'm open to this concept, but I'm a little hesitant to clone a private repo somewhere random and undisclosed and then inject secrets.
Right now it's only GitHub Actions. I didn't want to overbuild in case it wasn't a thing for others. I mostly use Actions myself. But I'm open to adding more. I think the GFT is real.
@keepamovin this looks cool, but notice that your README and github links are ghosting us (404)
Thanks. I posted and really didn't expect any points. So checking back after 40 minutes and seeing it blown up was quite a shock. I'm working through all the things people have pointed out!
Segfault provides something similar with a direct ssh connection: https://www.thc.org/segfault/
That's cool, thanks for sharing that.
I'd be worry about security tbf - this sounds cool until it's used to host some weird shenanigans and nobody has any kind way to tell who did what
None of the links to Github work because you're pointing at the main branch instead of your default branch ghosts-only
I appreciate the catch. Will change it. edit: should be good now.
Nice way to automate the unethical destruction of the commons. Shared space and community standards are for suckers.
So that's why we will see GitHub Actions continuing to go down so frequently every day of the week. From their "terms of service" [0]
> Ghostbox is software for launching short-lived development machines using third-party infrastructure such as GitHub Actions, tunnels, shells, agents, and related developer tools.
So this will go down, just like GitHub Actions since it abuses the subsidised free tier of GitHub Actions to run a service like this and it is likely against the GitHub TOS.
[0] https://www.ghost.charity/terms
Was this botted to the top of the front page?
AI=generated article that asks you to download and run some random binary. Github account is just more AI slop. Everything to me just screams that it's a malware. Or this is normal here?
botted, probably teampcp doing it's usual scams.
Just shut this down.
As unreliable as GitHub actions are, this is what ruins nice things (free for public repos) for the rest of us.
Its great that this is free for disposable use.
We need more of these. There are too many sandboxes that charge insane prices.
Curious what this runs on though and it would be great if this was completely open source.
Great work!
I know a guy who gets a bunch of old hardware as a recycler, We made the Shell On Demand Appliance for DEFCON[1] awhile back and would love to expand it, but power/internet would just cost too much. we have the hardware and software to do this. just not the long term recurring
[1] https://forum.defcon.org/node/246908
Thanks, I know exactly something which has been in my mind to build which can be made possible with this.
Basically any golang/any language cli application preferably-static can be dropped and ran in ghostbox plus xterm in browser (and additionally cloudflare tunnels) or perhaps directly to give a web link.
Anyone can then click on that web link to then try out the cli application. Think jujutsu and others too and they can do this upto 90 minutes.
Feel free to pick up on this idea as more importantly than not, I would personally love to see an idea like this, even something with asciinema to finally show how an app feels and looks.
Can you please tell me more about what is the structure behind Ghostbox and on what service does it run upon? Hetzner/OVH or something else? I would be interested to know more about the infrastructural decisions behind it and does it run on firecrackers, quite so many questions!
This is a really cool project, thanks for making this and have a nice day!
Thanks, bud. Right now it just uses spins up an ephemeral machine from GitHub Actions. I mostly used GH myself so have not added any more providers yet - but the Global Free Tier is trending up. Will add more in future.
An interesting set of ideas!
The broader concept seems to be "ephemeral environments", which is related to sandboxing, which is in turn is related to testing/debugging...
Related:
https://github.com/topics/ephemeral-environments
https://blog.invisiblethings.org/papers/2015/state_harmful.p...
[dead]