I'm the GitHub employee that fixed the bug. I usually try not to get involved with stuff like this but I feel like I'm in a unique situation to correct the record here.
"They purposefully allow this glaringly obvious mechanism for insulting and annoying their members and are actually involved in the joke."
I've never heard of the joke. I've never heard of anyone at GitHub being involved in one of these jokes.
There has been one case that I'm aware of where someone mass added people to a repository in order to fill up activity feeds. That person was banned. It's an issue we'd like to address more generally.
"Until I broke their server they were all laughing at my 'testing' then they were pissed when they had to fix the bug I found."
I fixed the bug without being aware of any of this. I check our exception monitor every day. It was there. It was obvious. I fixed it.
It was a simple bug triggered by branch names that look like commit SHA1s. Here's the commit:
> It's an issue we'd like to address more generally.
I wish you would. I'm apparently not the only one who's had this "joke" played on them, and it'd be nice if it was ended.
Here's how you do it: If someone adds me to a project, either I can reject that add, OR I can block a project and they can never say anything to me again.
Pretty easy.
Also, you should talk with Tom about this joke, I'm sure he knows allll about it.
As a first measure I think we could make it so that once you removed yourself as a collaborator from a project, it would not be possible for the person to re-add you. I realize that's not ideal but would be much more trivial to implement than UI / additional server state for confirmation before being added.
That'd be a good moderate solution. It'd keep the simplicity of your collaborator UI intact, but let me avoid this kind of abuse. You might want to make it a "remove" and a "remove and block" so that people don't get into a bad state on accident.
That seems a bit stateful. For every project you'd have to remember the set of people who've removed themselves. What if a person later removes themselves and then changes their minds?
Maybe a simpler solution is: you can't add people, you can just send them an invite. The person can then choose to accept the invite or not.
If I suspect someone at github is in on the joke, then submitting a ticket to have them fix the problem wouldn't work. They'd just laugh at me and ignore it like they've done with other people.
Did you at least try to contact their support? If "someone is in on it" and they're all laughing at you already, yea, nothing would happen. But what if you're just making assumptions about them for no reason? it's hard to cry that they hate you and won't do anything if you didn't try official channels to get shit fixed.
Zed really has a victim complex. As Ryan validated above, I can guarantee you anyone who has any authority at all at github did not encourage or sanction this behavior. It may not have been high on the fix queue, but thats because they expected people to be rational, and they can just manually ban the people who abuse the system.
Zed.. seriously... the world is not out to get you. We love your code and your contributions. Don't let a few losers get you down.
You have to stand up to the trolls now. The internet has created a permanent record of slander and humiliation from anonymous people, so if you don't stand up to it then it'll be assumed that there was some merit to what they said.
If Zed's story is correct, an it'd be foolish of him to have claimed this it if wasn't, then this particular individual is proof that ignoring trolls doesn't work.
There's also another problem with your response - why the hell should anyone _else_ have to deal with unwanted dickjokes? Github almost certainly don't like the way Zed's brought attention to this, but it's _their_ poorly though out infrastructure (or more optimistically, their incomplete implementation of a good idea) that's providing a platform for Nick to go round harassing people he doesn't like. Nick needs to grow the fuck up and understand that unwanted dickjoking and homophobia isn't funny outside his special little circle of friends, but Github need to understand there's millions of idiot-Nicks out there, and ensure their product doesn't even allow this sort of behaviour to start.
I wouldn't necessarily fault github in this situation. The product started with a great community and it would have been wasteful for them to have spent their time early on implementing defense mechanisms against abuse instead of focusing on features.
For example, I wouldn't expect them to add spam filtering to their message system, but if viagra ads started popping up on github it'd be a worthwhile addition. However, to label that poorly thought out or an incomplete implementation of messaging seems unfair.
Of course, now that the community is larger and github is being used as a platform for childish squabbles/recruiters/etc, it's a good idea for them to fix these types of issues as they pop up (which they're already doing).
Yeah, I guess that's where I was going with my "incomplete implementation" alternative.
Sure, you launch with a MVP that doesn't include protection against trolls, but you really want to have at least a plan for how you're going to deal with them when you finally gain enough traction to start attracting them (and if _I_ were Github, I'd be profusely apologising to Zed, and _very_ publicly smacking down Nick (and his idiot copycat friends)).
You stand up for yourself so much that you also stand up against things that aren't actually there. Your threshold for identifying something as a conspiracy against you or 'the world' has become too low. There is not enough evidence that Github is 'in on it' to assert it as fact. Occam suggests their product simply isn't finished and some features are on the 'Todo' list because relatively few people have complained about them.
As far as I can tell the only side effect of being added to a project, is that it shows up in your list of your repositories on your [private] dashboard.
Edit: see http://github.com/zedshaw , he's not listed on the dongml project, because that link only shows your forks, not repos you have commit access to
In an age where following Wikileaks can get the FBI secretly after you, there's no way I want a platform to let people just add me unilaterally. Yeah, paranoid, sure, but I really don't like that I'm just associated with any random project some jackass wants to put my name on.
I agree that this needs to be fixed. But I don't think it's a something that needs a rant, and that must be fixed right away or I'll crash the server / migrate my projects.
I think we disagree on the severity of this issue.
Depends. You might not be convicted, but the judicial system is not known for being very technologicaly adept. You might be arrested while they sort it out, that can damage your reputation.
> judicial system is not known for being very technologicaly adept
Exactly my point. To invoke the extreme example, simply being connected to child porn in the media can destroy your life. The media hasn't been known to be tech savy either.
The major point is WHY should anyone have to see something they don't want to? And minor point is, seriously, this is like an hour fix if they wanted to.
I'd be careful saying "this is like an hour fix" and then attributing it to malice, unless you work there. It's like saying the "unknown or expired link" message you get on HN is "like an hour fix...if pg wanted to" and thus pg hates us.
The point is that it's actually a fairly minor interaction issue that hasn't caused any major problems until now, and while we can't know why they haven't fixed it, it's probably because they just hadn't gotten around to it yet.
Most of the malice comes from a YC startup who is playing in a space where customer trust is essential.
Here's to hoping they beat on their front-end guy and whoever else thinks this shit is funny before their employee makes it trivial for established competitors to destroy their professional credibility.
It's probably more than an hour fix, depending on how they did it. Remember that it is more usable to just let people add someone else without a confirmation. They'll have to add a confirmation on the other side, or a block mechanism, which is a different workflow.
It's because he pushed commits. I have commit access on a private repo on github that I have not pushed commits, and I am not listed on the contributors page.
If you don't quit the project all the time folks will assume you're associated/endorsing the repo.
"You've just been given commit rights to kkk/meeting-minutes" wouldn't be a good message to get after you've told a prospective employer to have a look at your Github profile.
What if I put a link to my github account on my resume. And a potential employer sees me being a member what someone thought of as a joke? Losing potential jobs is a big deal.
Has anyone considered the possibility that Zed and this "Nick Martini" person are actually one and the same, and that we are all being trolled by Zed? He's demonstrated in the past that he thrives on attention--more specifically dramatic and controversial attention such as this.
Also, there's always mumbling about immaturity and hipster fanaticism within the "Rubyist" community. But have we seen any example of it outside the titillating tales of Zed Shaw?
"Ideas don't matter, execution matters."
"It's not the product it's the team."
"The best companies are the ones that know how to 'hustle.'"
"College is an outdated mode of knowledge transfer, start a company instead."
"Build a company around a small, easily implemented idea with quick turnaround to iterate towards market success."
HN has its own self-replicating thought structures just like any other community :)
I'm a bit surprised that Github would allow one of their employees to behave that way without firing them. Love Zed or hate Zed, he's still a user, and you're still a company providing a service; show some professionalism.
Zed: I'm on your side here, but please stop rising to these assholes' attacks. You're not going to convince them to change their ways, and getting into a pissing match with them gives them what they're looking for. You won this one, but your time is worth more than this.
I wouldn't mind finding out more about the whole story. Did Zed try to contact someone at github to try to get a fix for this problem before writing his little script? To get this person banned? Whatever it takes for him to stop showing up as a collaborator, regardless of what dick obsession github employees might have?
Or is the extent of his github contact just passive aggressively trolling a troll and then blaming github for doing nothing when he did nothing to work with them?
All I'm reading is assumptions and more assumptions in his post about who might be the author of @HackerNewsTips and github employees liking dicks therefore they won't help him and will just laugh. That's not terribly convincing.
Yes, one of their employees actually fixed a bug I caused so someone there knows, yet here we are again.
Now I know what you're saying, I should go through their bug tracker bureaucracy for a few weeks. File some nice bugs, talk with people, go down to their office, pick up some schwag, and then after they've had about 6 months to fix the problem I'll finally have dongml off my project list.
Sorry, but if they don't fix it after it causes a bug in their system, and after other people complain about it, then it probably won't get fixed. Based on that, I'll just write about it and move on to something else (again).
No matter github's priorities or prior knowledge of this issue, there is always the option of manual intervention. That is probably what I would have contacted github for if I found myself in your problem.
I was just wondering if you tried to contact someone at github before reaching the conclusion that you needed to take this into your own hands. This is before finding the bug they needed to fix and letting the world know in a super high profile blog post that you had a problem. Even if it wouldn't do anything in the short term other than banning the account in question, github would have documented history of abuse and another big +1 for fixing the way adding collaborators works. I don't mean that you have to spend 6 months and become drinking buddies with everyone at github to get anything done. Even a simple one liner email like "this dick is being a dick with his dicks" to support would be better than assuming they're not going to do anything.
Basically, I'm trying to see this from a developer perspective. We expect these kinds of bug reports and emails from users (or, at least, analytics that would correspond with a problem) and we know that we can't read minds (well, I don't know about you, but I know I can't). We also have priorities. Yet we have users and clients and bosses that want to disregard all that :) If you do know that this was a well known problem to github and they didn't want to address your particular issue, then kudos to you for your creative trolling of a troll and deciding to switch to another provider. Otherwise, I don't know, I'm pretty ambivalent on how I feel about people complaining without saying anything to the company/person in question. I can't blame you for being frustrated, but part of your frustration might be self-inflicted.
Yes. Regardless what you, I, or Github thinks of him, as a company their best move is to issue a public apology over this.
Imagine they get into a spat with him -- they start calling him names, he fights back etc. Then some customer has to make a decision on whether they want to pick Github, are they going to like seeing and hearing public spitting matches between them and Zed, is that going to look like mature, reliable company to trust the crown jewels (source code) of one's company to? -- No.
rimantas, I think you're missing the point -- Zed knows that his "recommendation" holds relatively little weight; however, sometimes it's good to remind a company that they can still lose customers, and how easy it can be to do so.
Let's say I am having a dinner in a nice quiet restaurant but there is some noisy, aggressive drunk at the table nearby.
I'd be more than happy for the restaurant to lose that customer.
Was it Sprint who ditched 10% of their customers who used to complain the most so they could spend less time arguing with them and provide better service to the rest instead?
Note, this is not to say, that any of these examples applies there but just to illustrate my first sentence.
I'm having dinner in a nice quiet restaurant, but there's a table of noisy aggressive jerks at a table nearby, who happen to be restaurant staff and their friends, who're causing existing customers to leave and driving away potential customers.
Github lost me as a prospective customer (and I currently pay for multi-user accounts at both BeanStalk and Kiln).
They had an unhappy customer, and their staff felt the best way to handle it was to mock the customer publicly. That's juvenile bullshit, no matter what you think of the customer.
you're an idiot then because there is no verification that the twitter user is actually a github employee. zed should be the one apologizing here for just making bullshit up. at no point did anyone at github say anything bad about him.
I have reason to believe, aside from Zed's post, that at least one GitHub employee was involved in the harassment. I could be wrong, but my beliefs aren't based on nothing. The startup world is very small.
Thank you for the reminder that HN is now reddit.
P.S. Nobody's mind was ever changed by a sentence that begins 'you're an idiot'.
I believe he's speaking about the curator of HackerNewsTips, who from the last few tweets, sounds like he might be the GitHub employee who had to deal with the wrath of Zed.
I think that's Zed's assumption, but it also seems to be completely unwarranted. The HackerNewsTips guy was making (funny, accurate) jokes that are in keeping with the tone of the rest of the feed.
I never said Nick Martini is a github employee, I know who he is and he's definitely not there. I said:
1. I suspect HackerNewsTips is a github employee. I'd also suspect a fellow former PowerSet employee.
2. They are not only in on the joke (from their Ruby connections), but like the joke, and that's why they don't really fix the problem.
We'll see if HackerNewsTips is a github employee, or if they've been in on these "Ruby dick jokes". I've got good insider knowledge that some of them are involved, but that's been wrong before.
Until then, assume that it's just one guy being a jerk and he's doing it without their knowledge.
Hehe, yeah, and I'm probably in their weird secret block list they vaguely mention.
The thing to remember is most of the entrepreneurs claim to want a meritocracy but don't really. They don't want people to criticize their products, call bullshit on their marketing, or make something better to compete with them directly. When they say "meritocracy" they mean "everything I make has merit".
So, in keeping with that, they like to take communities like HN and pretend it's a free market of ideas supporting the meritocracy, then secretly manipulate your opinions behind the scenes by killing articles and blocking people they just don't like.
But hey, it's fun talking to everyone late at night between hacking bouts. :-)
>The thing to remember is most of the entrepreneurs claim to want a meritocracy
Do they really? I think most people here are fine with pg weighing down on what he thinks is inappropriate.
I have no idea what it is that got blocked or killed here so won't comment on that but I don't think many people on HN are under the delusion that this is a free market community of any sort.
Is GitHub really aiding and abetting this kind of anti-social behaviour/feature? This kind of allegation demands an official response, and soon. Otherwise it's mega bad PR.
More than anything, I'm surprised that you can add a collaborator to a project unilaterally. A way to request an add seems like a natural choice considering you can request pulls.
It probably was never a top priority feature ... until now.
But they should definitely respond, with an apology, regardless if they all personally hate Zed and would love nothing more than see him get hit by a bus.
Zed throws hissy fits about shit like this, and attracts trolls, because, trolls love public hissy fits. But at the same time Zed writes awesome code and is well known in the open source community.
I am not saying whether we should personally like him or not, but Github getting into a spat with him over this in public can only result in their PR failure.
I don't want an apology, I want them to add a feature that prevents people from abusing others. If throwing a "hissy fit" gets it done then rock on. If not then I'll go somewhere else.
That's what's great about a meritocracy in a free market.
I think the larger community has to shun this kind of behavior from Github. It's unacceptable and unprofessional.
Although I don't like how Zed is repeatedly qualifying the homophobic Martini as a Ruby guy, as if Ruby made him this way, Martini is a douche from his behavior. This has nothing to do with languages.
Yes, that functionality is at https://github.com/account/repositories . I think the problem here is that there's nothing (?) to prevent the user being re-added. The article does state a github employee showed Zed how to do this - no details though
There is nothing to block someone from doing it other than report them for abuse or get a different account and hope they don't find you.
The problem with reporting this as abuse though is the owner of the project wins his little lame-troll attempt. He got you to react, so he's all happy. The only way to really stop it is if people's whole accounts were removed from the site, but then they'd just go make another account and do it again.
Instead, they need to require a confirmation, and/or let you block projects. I prefer the confirmation because you can just ignore it and then nothing happens. A block would mean someone does it and then you have to do work to stop them.
This is the key to the argument here. It seems Zed said "they won't respond to any complaint" and never filed one before he went to DDOS the account and inadvertently the whole site. Seems like poor form from all sides.
I didn't DDOS the site, I did commits that overwrote ones he was doing then tried to break his repo.
Keep in mind that I suspect there's at least one gihub employee in on it and supporting it, so no amount of submitting tickets and begging will get them to change it. If I can't block the guy, and I can't thrash his repo, and I can't humiliate him, and someone at github is in on it, then all I've got left is writing about it and moving on.
Its a language, get over yourself. The rails guys != all ruby users. This is just Zed wanting a confirm step so someone with a grudge stops annoying him.
But what's wrong with calling people out on a public forum? There are lots of people doing bad things in this world, and the only cure is for us to confront them and out them.
It's the closest thing we have on the internet as "speak softly and carry a big stick".
Github is a company. Remember, they make money, have employees, and are a corporation. I didn't say Tom Preston-Warner was an asshole, I said github has a problem with how their collaborators work and they refuse to fix it. Without people pointing out flaws like this and reporting on companies like this we'd all just be a bunch of corporate slaves buying their random crap.
I knew some github employee(s) were in on it, and that if I removed it he'd just add it again, and at that point just figured why the hell am I bothering with this? Might as well fight back at the jerk and then hope he gets a hint.
Professionall trolling. GitHub made the world a better place - assuming open-source makes the world better that is which I do - and they've done this pixel-perfectly IMO downtimes aside. What this is about is pure hate from Zed, probably jelousy that some people from his past succeeded silently building one of the greatest web companies that exists with hardly no funding while Zed himself was writing rants. Mongrel might very well require a intelligent mind, but every intelligent person knows that the only way of owning trolls are by the dog treatment: ingore the trolls, and go on building great stuff. I know average people knowing this as common sense.
All the dick jokes are hilarious when you're hanging out with your buddies, but GitHub is a professional forum. Would you do the same thing on LinkedIn? How does that kind of misogyny reflect on your colleagues and employer?
While I don't claim to be any kind of feminist or understand gay rights, I will say this kind of odd "macho homophobe" seems to be a Ruby on Rails thing.
Livejournal had this problem a few years ago. You could add anyone to a community, and everyone's profile page had a list of all the communities they were in...
Zed should absolutely get off Github; he's enough of a troll magnet that people will figure out ways to mess with him even after this is fixed. It's easy enough to set up a bare repository on a random machine you have SSH access to.
'doesnotexist' wouldn't be a valid commit though, yes? From @zedshaw, when I asked him: '@edropple Yep, you can just push randomness in various ways, my favorite is: git push -f origin master:BIGASSHEX'
That doesn't actually do anything though. It pushes your local master branch to a remote branch called BIGASSHEX (creating it if it doesn't exist). So if you generate a new bigass hex each time you'll end up with a ton of randomly-named branches that all point to the same commit, so they use no space.
I think he found a way to take down Github (having to do with having too many branches in a project), but not actually a hole in Git.
Would be good to see github do something about it. Was looking to use github for some new projects but after reading this now I might have a look at alternatives
I'll take the article with a pinch of salt. There's no indication that github did anything actively here. Github's just missing some abuse reporting functionality here.
Simply adding someone to a repo makes it show up in their private repositories list and nowhere else. Annoying? Probably. A big deal? Hardly. (To have it show up anywhere else you have to commit to it.)
The HackerNewsTips twitter account is not confirmed to be a GitHub employee and rtomayko, who is at least somewhat trustworthy, flat out says it isn't.
The only interesting thing here is the bug related to the `[0-9a-f]{40}` regex -- and that's been fixed.
It's over, and it would be great if we could move on quickly from this one.
I'm not disputing that it's annoying. Props to GitHub if they improve it soon for sure.
I just have better things to do than start a big flamewar over something like this. If you add me to some joke repo and start doing these 'certain actions' so I get useless emails... well, I'll just write a mail filter that blackholes them and get right back to work.
Banning people is not enough, at least not if you only do it via technical means. If you let the banned user know that further interaction with the company's services will lead to legal action, you might have something that could work, but I doubt that too.
Github should take a clue from Facebook and other social network sites. Those sites often work in a explicitly-include-someone-in-my-social-sphere way instead of the other way.
But please take a minute to think about starting a mud-slinging contest with a pig. Think about how you repeatedly stated that you didn't understand the motivation to show you the peni, where you direct your limited attention and time, etc.
If you are considering all that already, well rock on :)
Zed: Here's how you fix it - Get the 4chan on it. They'll create projects with all sorts of unsavoury content then add all sorts of people. They'll fuck up GitHub once and for all and force it to shut down.
"They purposefully allow this glaringly obvious mechanism for insulting and annoying their members and are actually involved in the joke."
I've never heard of the joke. I've never heard of anyone at GitHub being involved in one of these jokes.
There has been one case that I'm aware of where someone mass added people to a repository in order to fill up activity feeds. That person was banned. It's an issue we'd like to address more generally.
"Until I broke their server they were all laughing at my 'testing' then they were pissed when they had to fix the bug I found."
I fixed the bug without being aware of any of this. I check our exception monitor every day. It was there. It was obvious. I fixed it.
It was a simple bug triggered by branch names that look like commit SHA1s. Here's the commit:
https://gist.github.com/88bc774d0c97e6c955c0
It affected only branch list pages with branch names matching [0-9a-f]{40}.
"If you don't believe me, look at the HackerNewsTips twitter account, which I know is astroturfed by a github employee."
That is not a GitHub employee. We don't hire anyone that witty as a rule.