Github didn't need moderation because there were only good people. It feels really sad because, all these bots just abuse the trust github has to its users
Haven't you heard! The whole Google search system has gone to pure sh*t, and they aren't planning to do anything about it. This just follows logically.
Does Google have a "do not index" at this granular level. Can you tag low-karma posts as "Do Not Index" at the post level and have search engines pay attention? Just curious. Seems like that might be another brick for the wall.
09:06 that would make reporting bugs hell for new accounts: 1. user discovers bug in program 2. program has 'report bug' link that takes user to github issues page 3. user finds out that account is needed to create issue and he doesn't have github account 4. user creates account 5. user fails to create issue (account too new)
@@fate2784 Three words: Minecraft mod users. That's the biggest source of bug reports and testing for mods in Minecraft, and we can't be the only ones who have their end users basically serve as bugtesters. Caught a weird three-way interaction once in Fabric between Identity, qouteall-fork Gravity Changer, and The Bumblezone, reported it to all of them and linked them all to the issue on Identity (the crash was being caused in Identity's menu for some weird reason I still don't get). The final issue was because Gravity Changer and one of the Bumblezone mod's creatures fought over the player gravity (the Bumblezone dev stepped in and explained what was going on) and Identity was loading way more than it needed to from the mobs to get their behaviors, and qouteall fixed the conflict with a change in Gravity Changer's handling. But yeah sometimes the end user IS the only one who can find the weird bugs.
Taking the rep based posting approach runs the risk of making GH as useless as Reddit for ppl just starting out. I would like it not to become that type of circle jerk if possible.
Many repos use github as their support system. That's why I even have a github account. Many sites require post approval for new users. Requiring every user to have their own repos and contribute to other projects is problematic.
simple answer: make the score either completely invisible or invisible to others. Or just show it on a scale of "high", "positive", "uncertain", "negative"
@@chri-k That's still gonna make reputation farms, they're just gonna be farming "highs". Reputation-based bullshit is never providing anything useful the second bots are in because then it means you're incentivising reputation farm bots.
Github says so much about AI, yet not a single one thought "oh, maybe we can use AI to do something really useful, prevent spam and bots". Maybe their confidence is not so high after all.
@@ahdog8Maybe there could be a “queue” where the AI detections are logged, then a maintainer of the repository can approve it if it is a false detection. Then GitHub could collect the statistics on the number of approved false detections and retrain the AI.
The thing that really blows my mind is their platform is a platform of programmers. Why can't they just make a basic API and let us write our own filters? They can have their own in-house filters run first then repo filters run second.
That would be passing the problem on to their users. People don't want to have to manage spam on top of everything else that goes with managing a project.
@@hausdorffspace I get that this would probably be used as an excuse by github to not fix the issue themselves, but lets be pragmatic here, this is already an issue the users are dealing with. At least we can deal with this issue with a chainsaw rather than a hand-axe with very little effort on githubs side. We can make the argument they should be making their own chainsaw later - when it's more convincing after they see the cost of running a demanding API due to the problem being so vast.
I think part of the influx of younger, newer users is also the degradation of stack overflow. Many of the questions that would be posted to stack overflow are now being posted as issues on the repo due to the toxicity and general unhelpfulness of stack overflow's senior users.
yep. ive dealt with their toxicity in the past, so i can fully agree. when the site that is supposed to help with learning becomes toxic, people will move elsewhere to try to get better results
We had some boundaries as programmers. Even the worst of worst wouldn't touch a site that does good for the programming community. It's such a shameful act to do this on github and attack the internet archive.
6:00 the problem here is that git is a tool that value the integrity of the data over how the data is represented, so everything is documented. Yes, bulk action on spam PRs is feasible, however i don't think average git user would like the ideal that a whole pull request would be deleted completely
Git should keep history. That is not the argument. GitHub, the service, should enable hiding or permanently deleting spam. Not unwanted requests, etc. but there should be a path to remove spam like this. If its only retroactive and based on user bans, that'd be fine. Nobody is arguing that the integrity of git should be compromised. Only to remove spam from er website.
Yeah I like the idea of making suspicious issues private, I think that fixes the incentive without having to make issues/PRs deleteable once they're public. There's always the threat of edits but they'd have to be on already-good issues.
i've seen singular repos get spammed before, but now that it's becoming more widespread, something needs to change also, the pr tutorial using the expressjs repo is so stupid 😭
13:12 This also allows malicious actors to hide problems presented through issues. Not saying you're wrong, but being able to make issues has helped bad things get noticed before. I think your solution is better than what exists now, but I hope there's another way that also addresses this.
One challenge with the "you can't do anything until you prove some value" is that someone might sign up with the primary purpose being reporting a bug or similar. You also get bots that start up and interact with each other until they have a high enough reputation to spam everything else. Rate limits, limited publishing, negative reputations (and network effects of those) can go a long way. Still hard to do automatically while keeping the good stuff from a low activity human.
We're getting closer to the world where internet anonymity is over. For all the bad stuff China does, them requiring that all internet accounts be associated with an ID is sounding like a good idea...
13:13 tbf, I think a simple captcha thing would solve this. I get it, it is possible to automate captcha solving, but it costs money and it is the best counter incentive existing.
A small project me and a few other devs were working on got hit with something similar except they leaked how to get access to the development server 😭😭😭😭😭
How did they discover it in the first place? And they leaked it where you can see it (and even are likely to be the first to do so) rather than sell it on an underground site... isn't that a relatively good thing? Granted, other ways to warn you might have been better, but still...
I was flagged as a spammer for a joke pull request I made and the support agent told me to remove the violating content. *You can't remove pull requests.*
0:06 The problem with the last gh spam video was the several minute rant about gh being awful for overwriting an issue/pr (even though they are immutable) then realising that you'd made a mistake with what part of the pr you were looking at, but then just leaving in the several minute rant about something that wasn't real, which made it seem like disingenous disaparagement. Not even an edit in post to preempt that the rant ended up amounting to nothing.
this is not exclusive to github. I have noticed this being an issue with other websites that allow user made content or ask questions like Samsung or Sony
This pisses me off so much. People just trying to donate time to improve software everyone uses and filth like this just has to ruin it for everyone and waste already limited time
in all the irony, that is true. we're already seeing the dark side of LLMs when the topic is still fresh and hot in the public discourse. people are definitely being turned off from LLMs cause of the bad actors
@@fomxgorl It's also very easy to use LLMs to combat bad actors. Not even LLMs are needed. Sentiment analysis models that are orders of magnitude smaller and cheaper to run would suffice to filter the spam.
LT doesn't use github for 2 main reasons: 1. Some differences in git engine itself. 2. Procedure to commit into kernel is so fucking complicated that lame pr system will simply not work
But somehow the letter from my school proving I'm a student that I specifically had to get for Github from the bursar's office is checked so aggressively it can't be verified.
GitHub also doesn't know what a contributor is. Despite me contributing to a repo, when issues were closed to non-contributors, I was blocked as well. :D
Maintainers should have the ability to restrict interactions for unverified or newly created account, maybe even introduce a verified checkmark system like Twitter and the maintainer could then allow only verified or whitelisted people to interact
7:12 In cases where lets say Org members have a fallout, due to the difference in how they envision the project, causing one member to be kicked, You would need the (good quality) issues by that user to still be present, else it will lots of broken pieces here and there (specially with pulls).
I don't think theo was advocating for issues being automatically deleted for banned users, just that it needs to be an option to deal with spammers. Also there could be reasonable restrictions, like you cant delete pull request/issues that have been merged/mentioned in commit messages.
For all Reddit's flaws, the Karma system generally seems to help quite a lot with spammer bots as it enforces a certain minimum reputation for various subs. Well, it used to at least, now the OF people are EVERYWHERE.
So not too long ago, there was this org called ScamOSS who used a bot to spam people with useless issues that can be summed up as "we couldn't help but notice you used a naughty four-letter word in your code comment." I wish that spammers featured in this video would start to spam their repos instead of repos by people who did nothing to deserve it.
I wonder if spammers will in the future try to use things like Devin to build up a reputation on many accounts, and then use those accounts to create spam...
Also looks like they need a... "Demo Account" (for lack of a better word) that can automatically interact with real users to simulate github interactions without actually effecting a live project.
I feel like GitHub is trying to target enterprise private “communities” not realizing that git lab is the enterprise option. This is also why I am scared to write a bug report to an open source project, as I usually assume I’m doing something wrong.
You're partially wrong about github not having any moderation tools. It does, but I can agree that they might not be sufficient or as easily discoverable as they should be. Repo owners absolutely can delete issues (and likely PRs too, although I'm not sure) - there's literally a button to do that on the right sidebar, along with other ones like discussion locking. While there isn't a mass-delete option (or I'm not aware of one) usually when an account is deleted after it gets reported, all the issues and PRs the user has created go down with that user. But of course you first need to get through github's support, which isn't always a quick and easy task. In addition, repo owners can lock down the repo, with 3 available levels - blocking new gh users, only allowing previous contributors, and only allowing repo members. There's also another tool that isn't that obvious - GH actions. You can set up a GH action with your PAT to invoke the GH API to close, delete and block users when conditions you define are met.
So you prefer a world where I need 10000 github points to be important enough to report bugs? Or where everyone looks down upon you cuz you're not a platinum member?
09:20 thats a bad solution imho, they should be hit with hard captchas and rules but not be completely disbarred from any real interaction, it makes the new user experience so miserable
6:23 Because this is almost the , not for some random reason I guess. When you allow for arbitrary deletion in a repo that can have like 100 collaborators, how exactly do you know that all of the members are alright with it?
i think hidding might be better solution, like you can chose to hide those issues but the issue is somewhat viewable by the public (those with a github account), I think this might be able to solve the google indexing issue since google don't have access with those issue.
@Theo maybe building a temp. issue creation service with security filters? So you can deactivate the issue creation on github until it's fixed. But you still can add issues using an external service. Can help building it if you want. Alone I dont have enough knowledge about moderation...
I checked and you *CAN* delete issues, but it is per issue. You have to click the issue and in the bottom right there is a delete button. I dont see a delete issue endpoint in the api docs, but probably if you delete the initial comment it deletes the issue
"contributed some where else" this can be easy avoided, create fake repo and make multiple commits there. Probably account age is first filter that should be used, you have months to find duplicated accounts and delete them before they can post anything.
As a self proclaimed god pro 10x programmer self taught ninja, I can say that being given the same rights as everyone else on GitHub has made programming accessible to me. I am in favor of making complicated: everyone keeps the same rights and we put ai to filter shit. Just dump a shit tonne more money on ai and blockchain. Also Linus should keep his right to dump a shit ton obscenity on you anytime you act like an idiot and that should always hurt your feelings, love and hate to you all🎉
This is the type of thing that ends up crashing your platform leading to someone else taking over the platform. This really feels like some Microsoft style incompetence. Like Skype.
Can't wait until all models got their *"LINK IN GITHUB"* 😭😭😭💀💀💀
next stage of monetization: OnlyGits.
(my github account was made in june 2008...)
“models”
what a weird way to spell slut
**Insert Ryan Gosling Blade Runner meme**
Github didn't need moderation because there were only good people. It feels really sad because, all these bots just abuse the trust github has to its users
No, it feels sad because such a large platform is missing essential features.
@@mag2XYZ
No, it feels sad because these bots abuse the trust github has to its users. It is sad because github don't have a basic spam detector.
Bots will show up on any platform that is sufficiently visible and successful. They were inevitable in current internet.
@@stage6fan475which is a third reason this is sad
@@mag2XYZBiG cOmPaNY BaD mentality
Why is google indexing such obvious SEO spam, is the deeper question I have.
Haven't you heard! The whole Google search system has gone to pure sh*t, and they aren't planning to do anything about it. This just follows logically.
Because Google is already serving SEO spam, they literally see nothing wrong with it, it's the norm for them.
Does Google have a "do not index" at this granular level. Can you tag low-karma posts as "Do Not Index" at the post level and have search engines pay attention? Just curious. Seems like that might be another brick for the wall.
@@R.Daneel Just put the page behind a log-in. Google can't index pages that require authentication to veiw
@@Patmorgan235Us login-gating open source repo issues is not the answer.
09:06 that would make reporting bugs hell for new accounts:
1. user discovers bug in program
2. program has 'report bug' link that takes user to github issues page
3. user finds out that account is needed to create issue and he doesn't have github account
4. user creates account
5. user fails to create issue (account too new)
ideally end users shouldnt be posting in issues... it should be the dev team/contributors/library users
@@fate2784uhm... no?
@@fate2784 how "library users" are even gonna report anything? and what if it's an open source game, how to i report a bug i found on it?
He was talking about priority and spam queues, which solves that issue trivially.
@@fate2784 Three words: Minecraft mod users. That's the biggest source of bug reports and testing for mods in Minecraft, and we can't be the only ones who have their end users basically serve as bugtesters.
Caught a weird three-way interaction once in Fabric between Identity, qouteall-fork Gravity Changer, and The Bumblezone, reported it to all of them and linked them all to the issue on Identity (the crash was being caused in Identity's menu for some weird reason I still don't get). The final issue was because Gravity Changer and one of the Bumblezone mod's creatures fought over the player gravity (the Bumblezone dev stepped in and explained what was going on) and Identity was loading way more than it needed to from the mobs to get their behaviors, and qouteall fixed the conflict with a change in Gravity Changer's handling.
But yeah sometimes the end user IS the only one who can find the weird bugs.
Taking the rep based posting approach runs the risk of making GH as useless as Reddit for ppl just starting out.
I would like it not to become that type of circle jerk if possible.
It will also give rise to reputation farms, basically accounts creating bogus repos and contributing nonsense to each other in order to gain rep.
yeah, maybe limit the amount of PRs/Issues a day for new accounts or if you never had more than N of non-closed issues, something like that
Many repos use github as their support system. That's why I even have a github account.
Many sites require post approval for new users. Requiring every user to have their own repos and contribute to other projects is problematic.
simple answer: make the score either completely invisible or invisible to others.
Or just show it on a scale of "high", "positive", "uncertain", "negative"
@@chri-k That's still gonna make reputation farms, they're just gonna be farming "highs".
Reputation-based bullshit is never providing anything useful the second bots are in because then it means you're incentivising reputation farm bots.
Github says so much about AI, yet not a single one thought "oh, maybe we can use AI to do something really useful, prevent spam and bots". Maybe their confidence is not so high after all.
Exactly my thought! This is a dead simple use case for AI and they're failing it
I think this is a bad idea. I feel like any AI would likely produce lots of false negatives
@@ahdog8Maybe there could be a “queue” where the AI detections are logged, then a maintainer of the repository can approve it if it is a false detection. Then GitHub could collect the statistics on the number of approved false detections and retrain the AI.
i tried reporting some of the issues, then it said i can't create tickets anymore because i reported too much...
The irony is palpable
The thing that really blows my mind is their platform is a platform of programmers. Why can't they just make a basic API and let us write our own filters? They can have their own in-house filters run first then repo filters run second.
That would be passing the problem on to their users. People don't want to have to manage spam on top of everything else that goes with managing a project.
Thats like telling youtube channels to be the sole responsible for moderating comments... why provide the platform then
@@hausdorffspace I get that this would probably be used as an excuse by github to not fix the issue themselves, but lets be pragmatic here, this is already an issue the users are dealing with. At least we can deal with this issue with a chainsaw rather than a hand-axe with very little effort on githubs side.
We can make the argument they should be making their own chainsaw later - when it's more convincing after they see the cost of running a demanding API due to the problem being so vast.
pretty sure such an API already exists? I believe you can implement such a filter with GitHub action.
@@asl9750AFAIK Redot engine team did that as they deal with Github spam of different variety.
Even simpler solution: add a element to all issues from new accounts so that Google doesn't index them.
I think part of the influx of younger, newer users is also the degradation of stack overflow. Many of the questions that would be posted to stack overflow are now being posted as issues on the repo due to the toxicity and general unhelpfulness of stack overflow's senior users.
Unfortunately, I think this is probably the core reason.
yep. ive dealt with their toxicity in the past, so i can fully agree. when the site that is supposed to help with learning becomes toxic, people will move elsewhere to try to get better results
It was the influx of new users to Stack Overflow that degraded it.
It is hilariously ironic that Microsoft, the bastion of AI, has failed to use AI in one place where it would be the most efficient.
We had some boundaries as programmers. Even the worst of worst wouldn't touch a site that does good for the programming community. It's such a shameful act to do this on github and attack the internet archive.
Extremely bold to open link after link of porn leaks live on stream
Bleeding edge user behaviour :D
I doubt those links lead to actual leaks, it's usually just spam, virus or other ad nonsense.
Yes, but to be fair those were links to the issues on Github
6:00 the problem here is that git is a tool that value the integrity of the data over how the data is represented, so everything is documented. Yes, bulk action on spam PRs is feasible, however i don't think average git user would like the ideal that a whole pull request would be deleted completely
Git should keep history. That is not the argument. GitHub, the service, should enable hiding or permanently deleting spam. Not unwanted requests, etc. but there should be a path to remove spam like this. If its only retroactive and based on user bans, that'd be fine.
Nobody is arguing that the integrity of git should be compromised. Only to remove spam from er website.
Yeah I like the idea of making suspicious issues private, I think that fixes the incentive without having to make issues/PRs deleteable once they're public. There's always the threat of edits but they'd have to be on already-good issues.
@@ethanchapman1776 what if you hide the pr or issues but it's still accessible, just that we need to click on some extra checkbox to view them
Ain't no way Sophie Rain made it here!
Fun fact: I taught Sasha Grey some Bash earlier this year (I am not joking)
Damn, theo rizzing up baddies with some old school bash.
@@arogueotaku He knows the game. React is not enough anymore.
@@t3dotgg Did you teach her about piping or was she already well versed?
@@t3dotgg Where are the leaks, I checked the closed issues I can't find it.
I didn't even know this was an issue thank you Theo!
i've seen singular repos get spammed before, but now that it's becoming more widespread, something needs to change
also, the pr tutorial using the expressjs repo is so stupid 😭
Gotta get that t-shirt, right? It's Hacktoberfest after all!
No T-shirts this Hacktoberfest :(
13:12 This also allows malicious actors to hide problems presented through issues. Not saying you're wrong, but being able to make issues has helped bad things get noticed before. I think your solution is better than what exists now, but I hope there's another way that also addresses this.
Lol your explanation of, 'as the number of users of a product increases, the average intelligence decreases,' it's perfect.
Imagine how much damage can be done when malicious repo owner has ability to ban and purge all activity of user from his repo
One challenge with the "you can't do anything until you prove some value" is that someone might sign up with the primary purpose being reporting a bug or similar. You also get bots that start up and interact with each other until they have a high enough reputation to spam everything else.
Rate limits, limited publishing, negative reputations (and network effects of those) can go a long way. Still hard to do automatically while keeping the good stuff from a low activity human.
you know what this sounds like ? stackoverflow.... and I felt worried if github become like StackOverflow, it would be hell for new comers
We're getting closer to the world where internet anonymity is over. For all the bad stuff China does, them requiring that all internet accounts be associated with an ID is sounding like a good idea...
13:13 tbf, I think a simple captcha thing would solve this. I get it, it is possible to automate captcha solving, but it costs money and it is the best counter incentive existing.
A small project me and a few other devs were working on got hit with something similar except they leaked how to get access to the development server
😭😭😭😭😭
How did they discover it in the first place? And they leaked it where you can see it (and even are likely to be the first to do so) rather than sell it on an underground site... isn't that a relatively good thing? Granted, other ways to warn you might have been better, but still...
Karma requirement will lead to AI bots generating code, making and merging pull requests from each other to farm karma, just to post spam
This is how open source quickly becomes closed source
I asked a question on one of the major repos the other day, and immediately got a response from someone trying to phish me. Really, really lame.
I was flagged as a spammer for a joke pull request I made and the support agent told me to remove the violating content. *You can't remove pull requests.*
props to github for treating everyone's contribution equally, I see this as a nice thing and great for new contributors
Couldn’t agree more with this video. Awesome rundown, Theo! As an open source maintainer, handling this is such such a bothersome nuance.
I didn’t know this was an issue until you mentioned it
0:06 The problem with the last gh spam video was the several minute rant about gh being awful for overwriting an issue/pr (even though they are immutable) then realising that you'd made a mistake with what part of the pr you were looking at, but then just leaving in the several minute rant about something that wasn't real, which made it seem like disingenous disaparagement. Not even an edit in post to preempt that the rant ended up amounting to nothing.
this is not exclusive to github. I have noticed this being an issue with other websites that allow user made content or ask questions like Samsung or Sony
Imagine a microsoft product is the reason another microsoft product dies
How the hell is there no, mass select issues and delete?
This pisses me off so much. People just trying to donate time to improve software everyone uses and filth like this just has to ruin it for everyone and waste already limited time
Knowing Microsoft, they will just try to train copilot to fix it, and fail.
Thank you letting me know another potential place to spam I never thought of ❤️🔥
This could become the start of the downfall of GitHub. I hope they can turn this around
AI being missused is more likely than a force for good
in all the irony, that is true. we're already seeing the dark side of LLMs when the topic is still fresh and hot in the public discourse. people are definitely being turned off from LLMs cause of the bad actors
@@fomxgorl It's also very easy to use LLMs to combat bad actors. Not even LLMs are needed. Sentiment analysis models that are orders of magnitude smaller and cheaper to run would suffice to filter the spam.
The fact that Linus Torvalds doesn't use the github PR system seems like an even better idea now than it did before.
LT doesn't use github for 2 main reasons:
1. Some differences in git engine itself.
2. Procedure to commit into kernel is so fucking complicated that lame pr system will simply not work
@@yaroslavpanych20671. I would like to know the difference
2. That sounds like a Torvalds problem, not Github problem.
But somehow the letter from my school proving I'm a student that I specifically had to get for Github from the bursar's office is checked so aggressively it can't be verified.
What are the odds that the spambots plaguing Github were made with Github Copilot?
GitHub also doesn't know what a contributor is. Despite me contributing to a repo, when issues were closed to non-contributors, I was blocked as well. :D
4:57 Kinda arguably the contrary, you never really knnow the value of someone beforehand, but I get it.
Thank god my bash script with 0 stars doesn't have this problem 💀☠️
You can delete issues though...? If you're the administrator of a repository, there is a "Delete Issue" button on the right hand side.
Maintainers should have the ability to restrict interactions for unverified or newly created account, maybe even introduce a verified checkmark system like Twitter and the maintainer could then allow only verified or whitelisted people to interact
7:12 In cases where lets say Org members have a fallout, due to the difference in how they envision the project, causing one member to be kicked, You would need the (good quality) issues by that user to still be present, else it will lots of broken pieces here and there (specially with pulls).
I don't think theo was advocating for issues being automatically deleted for banned users, just that it needs to be an option to deal with spammers. Also there could be reasonable restrictions, like you cant delete pull request/issues that have been merged/mentioned in commit messages.
Oh, the timing of an HREFS ad at the start of a video about SEO abuse...
For all Reddit's flaws, the Karma system generally seems to help quite a lot with spammer bots as it enforces a certain minimum reputation for various subs. Well, it used to at least, now the OF people are EVERYWHERE.
So not too long ago, there was this org called ScamOSS who used a bot to spam people with useless issues that can be summed up as "we couldn't help but notice you used a naughty four-letter word in your code comment." I wish that spammers featured in this video would start to spam their repos instead of repos by people who did nothing to deserve it.
I wonder if spammers will in the future try to use things like Devin to build up a reputation on many accounts, and then use those accounts to create spam...
They are already doing it. Probably in a minor scale, but wait some months more.
5:57 the block button
there is an option to delete an issue on your own repository. I suppose it would be possible to try and automate this using their api?
They could take the same approach as Stack Overflow
I saw an issue made by a 4 year old child
Strava also has the same problem and is being exploited in a very similar way, they never thought of simple protections to avoid this abuse.
07:10 github does have "Delete issue" for one issue at once (don't know about delete many issues at once)
edit: see 15:30
I’ve been thinking about hosting repos elsewhere
Also looks like they need a... "Demo Account" (for lack of a better word) that can automatically interact with real users to simulate github interactions without actually effecting a live project.
11:33 the most useful Hacktoberfest PR be like
Yes, and to expand on this, do some GitHub competitors have features to avoid this issues?
I feel like GitHub is trying to target enterprise private “communities” not realizing that git lab is the enterprise option.
This is also why I am scared to write a bug report to an open source project, as I usually assume I’m doing something wrong.
The reason for this spam is specifically and only Google which ranks sites like Github way too highly.
Really informative video, especially about what GitHub could do to solve it.
GitHub has practice in previous Hacktobers and the rubbish PRs.
Actually you can ban someone from forking/making issues, but im 99% sure its only for organizations, not repos or single users.
You're partially wrong about github not having any moderation tools. It does, but I can agree that they might not be sufficient or as easily discoverable as they should be.
Repo owners absolutely can delete issues (and likely PRs too, although I'm not sure) - there's literally a button to do that on the right sidebar, along with other ones like discussion locking. While there isn't a mass-delete option (or I'm not aware of one) usually when an account is deleted after it gets reported, all the issues and PRs the user has created go down with that user. But of course you first need to get through github's support, which isn't always a quick and easy task.
In addition, repo owners can lock down the repo, with 3 available levels - blocking new gh users, only allowing previous contributors, and only allowing repo members.
There's also another tool that isn't that obvious - GH actions. You can set up a GH action with your PAT to invoke the GH API to close, delete and block users when conditions you define are met.
James Charles one 💀💀💀💀💀
the should just require 2 factor authentication as well as all the other features you explained
So you prefer a world where I need 10000 github points to be important enough to report bugs? Or where everyone looks down upon you cuz you're not a platinum member?
This is why we can't have nice things.
How about the new user from primary school or cramp school when whole class have to interact with their github account at the first day?
Deleting spam discussions one by one took me 24h of work that I could have used to actually answer issue and discussions.
Yeah, I think it can be better and it needs to be taken care of now.
12:42 so you want bots to create repos to gather "points" to post... great suggestion...
Has there been an update on this from GitHub's end?
Time to write a spam nuker lib huh
So it's not my fault, it's GitHubs fault. Great, unfixable then.
10:49 google recommending github gta 6 leaks LMAO
James Charles leaked video?? 😭😭
09:20 thats a bad solution imho, they should be hit with hard captchas and rules but not be completely disbarred from any real interaction, it makes the new user experience so miserable
I thought github forced 2FA now
2FA doesn't do anything to mitigate bots. Bots can use TOTP authenticators without a problem.
2fa proves you have a 2nd check to login, nothing more.
All the AI in the world and spam is still such a problem.
Wait... there isn't a day one rate limiter?
6:23 Because this is almost the , not for some random reason I guess. When you allow for arbitrary deletion in a repo that can have like 100 collaborators, how exactly do you know that all of the members are alright with it?
i think hidding might be better solution, like you can chose to hide those issues but the issue is somewhat viewable by the public (those with a github account), I think this might be able to solve the google indexing issue since google don't have access with those issue.
you can ban a user from submitting issues though
but obviously that doesn't help much
@Theo maybe building a temp. issue creation service with security filters? So you can deactivate the issue creation on github until it's fixed. But you still can add issues using an external service. Can help building it if you want. Alone I dont have enough knowledge about moderation...
Or creating a service to close and hide this issues automatically for you.
The only thing that will get Microsoft to act on this is if it starts affecting Copilot training data
I checked and you *CAN* delete issues, but it is per issue. You have to click the issue and in the bottom right there is a delete button. I dont see a delete issue endpoint in the api docs, but probably if you delete the initial comment it deletes the issue
"contributed some where else" this can be easy avoided, create fake repo and make multiple commits there.
Probably account age is first filter that should be used, you have months to find duplicated accounts and delete them before they can post anything.
eeerm, it's right behind me is'nt it?
As a self proclaimed god pro 10x programmer self taught ninja, I can say that being given the same rights as everyone else on GitHub has made programming accessible to me. I am in favor of making complicated: everyone keeps the same rights and we put ai to filter shit. Just dump a shit tonne more money on ai and blockchain. Also Linus should keep his right to dump a shit ton obscenity on you anytime you act like an idiot and that should always hurt your feelings, love and hate to you all🎉
Only index issues that a maintainer has commented on
But did you watch the livestream tho
We dont need hierarchy, there are many other ways of solving this issue
I mod for a few channels, PLEASE tell me why I am still playing whack-a-mole on the "cheap viewers" spam.
This is the type of thing that ends up crashing your platform leading to someone else taking over the platform. This really feels like some Microsoft style incompetence. Like Skype.
I guess we have an issue at hand