Hm, turns out Drupal allows the whole world to create accounts by default. Yikes.
Related Posts
When a tool supports both regular expressions and literal strings, which should be the default?
If you default to regex, users can match more strings than they realise (e.g. `foo.txt`) or less (e.g. `foo(bar)`).
I typically see regex as the default, but I prefer the opposite.
I find it odd that people recommend Docker for sandboxing agentic coding tools. Isn't it easier to just create a separate user account on the machine?
It's an established security boundary, and viewing output is easy (just make the user's home directory world readable).
TIL Drupal has a credit system to give preferential treatment to people and organisations who contribute regularly! https://dri.es/solving-the-maker-taker-problem