Yes, weirdly enough. People make new accounts, create (or generate?) a bunch of crap PRs (e.g. adding random words to READMEs, shuffling whitespace around, ...) in repos they picked somehow, ... to get a free t-shirt in the end.
Initially, at least from what I remember, the "spam" mostly was purpose-made repos a la "make a PR in this repo to add your username to this list and get a Hacktoberfest point", which didn't drain others time. But now it spreads to random projects, since they try to block those purpose-made repos.
Haven't figured out yet which repos are picked why, it doesn't seem to be entirely random. Seen it on some projects I'm involved with, others not at all. As mentioned in the article, the HTML spec is hit every year. ...
Maybe they should either just give you a t-shirt on sign up or not give a t-shirt at all but prizes to the best contributions or something like that. I'm unconvinced that the prospect of getting a t-shirt would incentivize someone to put a lot of effort in a contribution. I feel like people who do put in the effort would do it regardless of the t-shirt.
DigitalOcean's network is one of the worst on the internet in regards to abusive traffic (DDOS, spam email, hacking attempt origin points.). I know this term is as good as dead these days but their SysOps are not good netziens. Abuse complaints never receive replies, their system images are insecure by default, they encourage novice users to take extreme risks in order to sell more product. /End rant.
I have never received a response to abuse complaints about zombie machines hitting my network, not once. If you run a website or network you would do well to add the entire DO ip space to your firewalls blacklist.
I'm sympathetic, but I'd be interested to know whether there's also an increase in non-spam contributions. We probably need to wait a while to find out, since it's reasonable to expect the spammy t-shirt-seeking PRs to be front-loaded and the substantive PRs (if any materialize) to take some time.
edit: and it's worth saying, sometimes a newbie's first PR is pretty indistinguishable from spam. It would be ironic if one of the results of this project was teaching a bunch of young programmers that they're not needed or wanted in FOSS.
I get where you're coming from but I think you're missing the point. The issue seems to be that even if there are good contributions coming in their benefit is disproportionately outweighed by the work and disruption caused by the large volume of spammy PR submissions.
I'm not missing that point, I'm asking whether it's true. The right way to answer that would probably be to find out how many of the new submitters from previous years went on to continue to become valuable contributors.
As an open source maintainer, I'd gladly sift through a mountain of spammy PRs (heck closing 4 per hour, as called out in the article, is almost zero trouble), if it means even a handful of real significant progress and issues fixed and potential future maintainers.
A snapshot of one year's participation in that specific period isn't too relevant to what we are discussing, because it doesn't track sustained future contributions by those same users.
In theory they are. In practise the lack of a test dataset - and the lack of access to their dataset - means it's virtually impossible for a third party to make any significant contribution to the data processing code.
Such an effort would have to start with them voluneering a test dataset and/or schema.
+1. I feel the same way. If one out of 20 drive-by contributors stick around and become regular, that would be a real win for me. (I'm currently maintaining a project with 20k GitHub stars and we have four regular contributors.)
I was at a wonderful Hacktober event last year (thanks, Setlog and FOSS-AG!) and think some pretty good stuff came out of it. The incentive to submit low quality PRs became quite obvious quite quickly however.
My gut says that Hacktober probably spawns some productive contributions, but most of them would likely have been submitted anyway.
From my perspective last year as a first time participant in other people's open source projects, I don't think I would've made any of the contributions I did without Hacktoberfest.
Projects tagged with the Hacktoberfest tag tended to signal either projects that were both active and had low barriers of entry for newbies, or weird mechanical turk-esque spam. While the latter is unfortunate, the former isn't nearly as easy to find as it should be the other 11 months of the year.
I'm sure there's a bump in non-spam contributions as I have submitted them and know others who have too, but I suspect it is a small fraction compared to the T-shirt spammy seekers as numbers have grown over the years.
I myself have submitted small PRs during Hacktoberfest but they were still meaningful corrections and in addition to at least 5 significant contributions. We do need better signalling. I tend to pick projects I already follow or have been tagged for Hacktoberfest.
Last year, in addition to usual work by long-term contributors, my project got four useful bugfixes (all from the same person and taken from our recommended first contributions list), a few trivial typo fixes, and no spam.
I've seen people say they benefit from Hacktoberfest and some people say they get a lot of spam, and it's hard to know which outnumbers which, but I don't think anyone should be saying with confidence that it's a pure negative, and I think DigitalOcean's suggested fixes (disallow new accounts, disallow people who've gotten too many contributions marked as spam) are probably the right direction to go.
Oh, this is really unlucky. I like Hacktoberfest and always get my T-shirt. Perhaps opt-in would be a great idea.
I can see why this happens, though. I've noticed that a whole bunch of projects have `good-first-issue` being something like "Re-architect module loading system" while most commits are like "correct typo". Like, jeez, man.
The participants are probably just pattern-matching against the commits available.
EDIT: Decided to go look at the spam that OSM got (a project close to my heart) and what the hell, man, look at this diff
<removed>
* Tom Hughes [@tomhughes](https://github.com/tomhughes/)
* Andy Allan [@gravitystorm](https://github.com/gravitystorm/)
+
+
+ Made with Love
This is just awful! I really feel for the maintainers. This user is just adding nonsense to a bunch of places.'
EDIT again: Whoops, guys, I didn't mean to cause more spam to the project. Removed the diff link. Jesus Christ, I ended up becoming the villain I was complaining about by linking it.
Oh you're right! I was reading on my phone and bucketed that picture as a link to the other blog posts like the carousel at the bottom and mentally skipped it. My mistake!
Sorry about that carousel. I want to get rid of Disqus entirely (when I started the blog in 2012 they were not so icky). But, then I think about related yak-shaving, like moving off of Jekyll...
I’ve been down that rabbit hole myself. My blog is still running Jekyll but my comments are now on a self-hosted install of Commento. It works pretty well. For me the main feature is that it’s not Disqus, but another nice benefit is that comments support Markdown now!
I’ve heard of people spamming readme commits to get their github graph green... I guess if an employer is tricked by something like this they are kinda asking for what they get.
That’s a failure of imagination and evidence of having never read the Git manual pages, because the GitHub contribution graph respects commit time (which you absolutely can override), and it’s a trivial hour-long project to write messages on it. I had greenscale pixel rendering of images on the contribution graph working in about an hour, most of which was figuring out the heuristics for quantity in each cell (hint: it’s not as complex as you think).
I can’t understate the simplicity of doing it, and I’d be nervous about someone taking the other approach as indicative of their technical depth. Then again, they’re already spamming READMEs so it’s not as if it was a strong signal to start with.
It's pretty easy, but if I'm looking at your Github to look at your work I can't find anything if you've clobbered your true history with a message.
I don't ever see that as a negative signal, but I do see it as a positive signal if I can just read your code, so if you write good code in public and you hide it, I can't find it.
Of course, whether you care is up to you, but if I find solid code there I'm going to recommend skipping technical evaluation if you're considering working with me.
I once thought about making a script that automated git actions which would show you as active, but not actually do anything. Turns out theres too much real work to do to make it!
Sometimes it feels like software development has devolved into a sea of posturing and marketing oneself. It's faintly depressing to see reminders of that trend which are as stark as this.
It's a fitting allegory, though. This contest has used free T-shirts to solicit open-source contributions in the same way that the industry has used high salaries to solicit creative and impactful contributions.
Now imagine that you're trying to fill a position, and these pull requests are analogous to candidate interviews. You might start to have some sympathy for people who believe that we need some sort of professional certification for the trade.
It's unfortunate considering the democratizing promise of low-cost computing, but how else can you effectively deal with this "market for lemons" caused by large swaths of people acting in blatant bad faith?
When seeming is taken for being, being becomes seeming. \
When nothing is taken for something, something becomes nothing.
“But we obtain the puzzling result that, when rewarded, volunteers work less. These findings are in line with a large literature in social psychology emphasizing that external rewards can undermine the intrinsic motivation for an activity.”
Be very careful assuming that a payment motivates open source developers. If you offered to help me do something for an hour for whatever internal motivation you might have, and afterwards I offer you $5 for your time, you would likely be demotivated.
If you offered to help me do something for an hour for whatever internal motivation you might have, and afterwards I offer you $5 for your time, you would likely be demotivated.
On the other hand if you offered to buy them a beer or a coffee it would probably be very motivating. I'm not sure why this is. Maybe cash just feels lazy and impersonal, so the amount being offered has to be big enough to counter that feeling.
It's the implicit conversation with the beer-buyer that matters. You are offering your time (which is atleast valuable to you) along with the beer. If you just buy a beer and left instantly, it's gonna be worse than $5
It's the implicit conversation with the beer-buyer that matters.
That is certainly a plus, but I don't think that's all of it. If I was working on something for a friend, that they had no idea how to help with. Then at some point they dropped off a snack or drink as a thank you, I would be happy about that. If they offered me a $100 bill I would be offended because they're not my boss, and my time is worth more than that.
I want to say that a small token of appreciation feels better than having my value quantified to an insulting amount. However, it may be even more basic than that. Food is a powerful reward, there is a reason it is used to train animals. It also could be that introducing money makes something feel like an obligation.
Offering $5 dollars feels like it's ascribing a low value to the time/effort to help. Offering a coffee or beer feels like a better gesture/token of appreciation. It's not about the value then but about the gesture.
For anyone who is working, people are "giving" them $5 all the time. But they probably don't have people buying them coffee/beer/lunch all the time.
I actually would be very motivated. From the perspective of a contributor the worst thing that can happen is that their patch gets rejected or ignored. If you get paid for something it means someone actually wants your contribution. It's less likely to be ignored or rejected outright.
"Volunteer work is an increasingly large, yet ill-understood sector of the economy. We show that monetary rewards undermine the intrinsic motivation of volunteers."
The earlier sentence make it clear they are talking about monetary rewards specifically, not any kind of reward. A t-shirt might notionally have a $ value, but it is not a monetary reward. Plus, the nature of a branded t-shirt has an obvious team-participation / prestige value.
If rewards demotivate people, we should also avoid positive recognition, or praise, which is a form of reward; of course this is unintuitive, so I assume monetary rewards are a special case.
On the other hand, what kind of people are going to logically participate in an event where the reward is a Hacktober branded T-shirt? What are their likely motivations?
> Sometimes it feels like software development has devolved into a sea of posturing and marketing oneself.
I've been saying it for a long time, but the reason that this and other problems (like high developer burnout) seem like especially bad problems that the world of "software development" is facing is primarily because they're especially bad in the GitHub culture (and as a consequence of that culture), and the developers who are experiencing the worst of it are part of that community. Ditch the 'Hub, its userbase, and what is considered "best practice" there, and then many of these problems get dialed back a lot.
Much like follower counts on other social media sites, GitHub's contribution graph and profile timeline should have never been public. They should have been neat features of your personal dashboard that you alone are able to see when you're signed in—providing some form of encouragement à la the Seinfeld hack and to help you manage your work—but not for others' eyes. The gamification of "social" leads to degenerative behavioral patterns.
The effect of those things on github are minuscule comparing to that of medium and twitter. I never even looked at anyone else's github profile. Most of the time it's medium and twitter that take me to their projects and I only evaluate the project with the context of who they are on twitter or what they've written on medium.
I've seen quite a few people market themselves by saying how many stars they have on github, and some even started putting something like "If you find this useful, please star it" in their documentation. It's not quite "like, share & subscribe" yet, but it's on the way. Any public metric will be optimized for, I guess.
> Most of the time it's medium and twitter that take me to their projects and I only evaluate the project with the context of who they are on twitter or what they've written on medium.
Please revisit my original comment. When I wrote it, I put some effort into qualifying things to make it clear that I'm not talking about just what happens on GitHub on the site. I referred to its culture. The things you just described are part of that culture, and very notable elements of it.
I agree but calling that "github culture" is unfair. It's a culture that emerged independently from github and like I said those metrics on github should not be the target for criticism. I found them pretty useless but some metrics can be good in a team context. I don't think they are a major part of the problem, let alone part of the cause.
it all started when people blogged about their programming tricks way back, and hacker news should be part of the problem before github is. Github at least has functions other than a social hub.
> Ditch the 'Hub, its userbase, and what is considered "best practice" there, and then many of these problems get dialed back a lot.
This sounds like "Without GitHub you will get less spam", which is probably true, but I think the reason is not "github is bad", it's: Less people will find your project.
Maybe that's a worthwhile trade-off, but it's very different from "all will be better without Github"
Less people finding your project could be an improvement if the people you loose are the onse that just create the kind of spam contributions mentioned in the article. You don't need GitHib for useful software to become popular, it is just one channel. And you definitely don't need the gamified bullshit like total stars on your profile.
> Maybe that's a worthwhile trade-off, but it's very different from "all will be better without Github"
Making up quotes is not cool; those aren't my words, and that's not my position, so I'm not going to be gulled into defending it or kept from calling attention to what amounts to a sleight of hand here, even if it wasn't intentional.
(And this really chafes, because after I wrote what I meant, I even revised it to pre-empt[1] getting sucked into a discussion where someone responds to the wrong reading—specifically trying to avoid things like this. But when people don't even respect the constraint of sticking to others' actual words and instead conjure up other words that make for a more convenient world[2] to operate in, then there's almost nothing that can be done.)
> This sounds like "Without GitHub you will get less spam"
Well, it shouldn't; that's reductive.
If the bad stuff that arises from GitHub, its culture, and its practices were proportionate to its size, that would be one thing. (But also not itself a good reason not to consider ditching it—just like it's not obviously true that it would be a good idea to use Windows because the risk of malware is rational given its size as a target.) What's bad about GitHub, though, might in fact be disproportionate to its size—and in some cases, especially with respect to the practices that get promoted in that world, are things that are bad irrespective of GitHub's size.
I have no skin in this game, but I find that "all will be better without Github" is a reasonable short approximation of your "Ditch the 'Hub, its userbase, and what is considered "best practice" there, and then many of these problems get dialed back a lot.".
You have explained your criticism of GitHub, and I agree that it should have done things differently from the beginning. Still, your proposed solution for users is literally to "Ditch the 'Hub", promising that "many of these problems get dialed back a lot". It's really not a far stretch to "all will be better without Github".
> Still, your proposed solution for users is literally to "Ditch the 'Hub", promising that "many of these problems get dialed back a lot".
This is accurate. Let's let that be the place we stay.
> I find that "all will be better without Github" is a reasonable short approximation [...]
Well I don't, and it's my position, isn't it? It's not accurate. I don't think that "all will be better without GitHub"—and what's more is that I practice the "without GitHub" part; I have the firsthand experience to be able to say it's not true, so I wouldn't try to tell anyone that it is—and I didn't. I'm responsible for my own ideas, not ones imagined upon me.
Moreover, if I argue that A and B are not equivalent and that I prefer deal with A in its original form and not B, and you argue that they are equivalent, it's not rational for either party to insist that we deal with B in place of A. So let's not.
That is false. Firstly, even if your project is not hosted on github, clones of it will appear on github anyway.
Secondly, planting yourself in the middle of a vast ocean of garbage is not a good strategy for being found. You might be thinking of the Github of twelve years ago.
> devolved into a sea of posturing and marketing oneself
Don't think it's devolved at all this has been the norm from the 80's onwards (perhaps earlier).
Look at how fractured open source is today and the sort of egos that come with it everywhere you look. While the points made in this article are valid, it's great that someone is incentivising people to interact with various projects rather than do their own thing rather than climb blindly up the same treacherous mountains others have done long ago.
Hey, also why not rewrite it in rust :)
Being a contrarian is easy, fixing these well acknowledged problems is hard.
This is strange, I wonder why they are targeting this repo? I have labeled some issues 'hacktoberfest' and have gotten very well meaning contributions. Here is an example https://github.com/earthly/earthly/issues/334
Within seconds of doing so, people started adding reactions to it and then someone 'suggested changes' that were essentially a commit revert. It's the community saying the changes were undesired, but those things nevertheless do notify maintainers. I only realized then that I was creating one of those situations where people pile on a few hundred comments onto a PR that are thin me-toos onto one side or the other.
I think they should completely reverse their approach: instead of instigating people to create senseless PRs, DigitalOcean should use the GitHub API to find contributors who made meaningful first contributions to existing projects over the last year, and send them T-shirts... in October?
So when you're throwing a party and suddenly have guests trashing the neighbor's front yard, do you stop the party or let the party go on for another month because it was so good last year "and we'll change something next year, in the mean time can you build a fence"?
I'll not advocate calling DigitalOcean on the phone, but tagging the CEO on the complaints on twitter might be more effective than tagging the community manager who professes he is not listened to.
It seems it will be necessary for DO to put more of a burden on potential t-shirt recipients to prove that they are making valid PRs and acting in good faith.
A first step would be to only allow contributions to selected projects that have first approved to be included in Hacktoberfest.
Yes, especially since they don't seem to be willing to dedicate more to policing this - apparently everything related to it is handled by one employee, who's obviously limited in what they can do: https://twitter.com/MattIPv4/status/1311392743885869057
Huh, does he think he's funny? Spamming the Linux kernel git seems like a good way to be considered a major wanker. And doing it from a non-throwaway Github account?
I dream of the day I can walk into a job interview and brag about how many PRs my Open Source projects have to reject per day. Maybe that's just my Nobody Privilege talking though.
Are Hacktoberfest contributions checked by an API now? Could you not require the maintainers to tag the PR "Hacktoberfest contributed" and only that would get you a tee? People would know not to submit junk because the maintainers wouldn't give them the label for junk.
That would be an order of magnitude more maintainer effort than flagging spam is right now. Not to mention that the number of maintainers being aware of this event is probably quite low.
How is it more effort to label legitimate PRs than to label spam PRs? Are you saying legitimate PRs are an order of magnitude more than spammy PRs? Because it sure doesn't look like it.
> Are you saying legitimate PRs are an order of magnitude more than spammy PRs? Because it sure doesn't look like it.
The numbers quoted elsethread look like that to me. Not necessarily the full 10x difference, of course, but choosing just between these two systems it appears clear to me that there would be more work for maintainers and/or significantly less people being eligible for T-Shirts because few maintainers are actually aware of Hacktoberfest if every PR had to be tagged by the maintainer to count for eligibility.
Maybe accounts eligible to get the t-shirts should be only the ones that have a certain amount of past contributions. Like at least a year old? Maybe that would be unfair to recent contributors, but there's always next year. Just like you can't perform some actions on Stack Overflow before you achieve a minimum reputation score.
Perhaps the approach should be: Provide a GH username, submit actually useful code, have it reviewed & merged. Then, when the username is listed under some commit in master you can mail them their damn shirt.
Incentivizing spam should be criminalized over the next decade if we are to maintain our humanity.
This isn't some backseat driver telling DO how to run their event better. This is literally someone who is supposed to be benefited by the event (an open source maintainer) who is saying the event has negative value for them. They have skin in the game, they're doing this for free compared to the DO employees who are being paid to administer the event.
Why? Open source has worked perfectly fine before this and maintainers are saying it's a net negative. So why not stop? Because DO doesn't get a PR campaign anymore?
I'm appalled by this behaviour but also bemused. What's the motivation for spamming repositories just to get a t-shirt? I mean, are the t-shirts really that good?
It's probably less effort to get this t-shirt than it is to get achievement badges or hats or whatever for many video games, and this nets you an actual physical achievement badge.
What you're saying makes perfect sense - no complaint or disagreement from me - but I'm still struggling to wrap my mind around this because when all's said and done we're still talking about a vendor t-shirt, and how cool can that really be?
If it does motivate people and they like them, then fine: I guess it's just different strokes for different folks.
People actually pay extra money for t-shirts that have specific brand names on them and entire businesses are built around that. It shouldn’t be surprising to you that there are people that want particular shirts.
It pretty much boils down to this. Not only are vendor t-shirts actually a physical item but they are also often uniquely designed; many vendors only provide certain designs for certain events. So they really become a badge of honor and can gain in emotional value: "been there, got the t-shirt..."
Definitely. I've always wanted a cool Hacktober Fest t-shirt like the ones my co-workers have. But I certainly wouldn't spam open source projects just to get one.
You might wait, what, a 10 person line to get a free t-shirt? Making 5 “corrected typo” commits is probably equivalent to that effort and looks like 5 is enough to get past a spam tag.
I really wouldn't. I'm not a minimalist by any means but I've been decluttering for a while and am certainly long past the point where I'll tolerate having possessions that I don't want. Maybe this is a privileged point of view but, as with swag in general, most vendor t-shirts are honestly just tat.
You would be surprised by the stuff people do for free swag. I don’t get it either, but I’ve seen first hand how hard people go for that sort of stuff.
It’s a shame it has led to people spamming repos, however.
There are a ton of automated trivial pr spammers out there that aren’t even in it for a t-shirt. Maybe it’s vanity or just wanting to see the world burn ¯\_(ツ)_/¯
In my experience the average American goes into a leave nothing behind mode whenever baited with Free.
Just look at the kind of mayhem Black Friday precipitates, and that's not even free - just a promise of exceptional discounts.
The comedian Doug Stanhope has an amusing bit about free healthcare and how wastefully it would be consumed by Americans conditioned to maximally abuse anything offered free of charge.
Edit: I don't mean to suggest Americans have a monopoly on this sort of behavior, it's just the country/culture I'm by far most familiar with.
The spammers appear to be overwhelmingly Indian, based on the usernames in the screenshots. Which is somehow unsurprising to me (there are 1.5 billion of them, after all).
It's kind of like that episode of Pinky and the Brain where they finally are able to take over the Earth by convincing everyone who moves to a paper mache copy of the Earth a free t-shirt. People love free t-shirts.
Judging by the names in the screenshots and linked github profiles it sounds like a lot of spammers are Indian students.
Thousands of students are all trying to get a low effort contribution in to have an extra line of "experience" on their resume and a T-Shirt from a western Silicon Valley company as signaling? Judging by the poor quality of the contributions, and the fact it's on GitHub, maybe folks studying IT?
I am an Indian, and I've studied at an Indian university for my undergraduate degree, and I've witnessed spam like this everywhere. Not hacktoberfest, but I've been a part of it myself for some of the other things. Wish I had behaved better.
In most of these cases, it usually starts with someone really talented doing it with all the good intentions, and everyone else wanting to get in on that 'swag' and appear just as 'talented' and 'unique' amongst their peers. The freebies are mostly for 'show off'.
A few hours ago this link showed extremely low effort LeetCode/Programming Challenge problems and solutions aggregation repos created by us Indians (disproportionally more than any other country at the time I checked) with very silly open issues created & marked as 'hacktoberfest2020' (looks like some of them are gone now)[1].
But, from what I heard from my uni recently, things are improving and this year folks are trying their best to form groups to focus on meaningful contribution over spam.
Even after all that, unfortunately for us though, we'll still have bad actors, probably at the same percentage as any other country, but amplified due to our population and hyper-fixation with an unreal perception about most things we do.
Why do Indian IT students seem disproportionately represented when it comes to things like this? It seems like there is a strong culture of "getting ahead at all costs". This is seen in shitty YouTube tutorials, blog posts, open source submissions, all the way down the very bottom of the barrel with call centre scammers. Care to explain for us?
you're surprised motivated people, who lack privilege and dont know any better, resort to what they know and have been taught to do? who live on much less than you do and therefore can live off much lower value economic activity?
is it fair to place the blame squarely on them or is it better to recognize that the global system we are complicit in has created this tremendous waste of human potential?
Your comment seems to exude a kind of inadvertent tone suggesting "they fault is not with them, but in their lack of civilization". In other words, it's likely racist.
By GDP per capita, India is where the US was at in the 1950s. Would we excuse this behavior in the 1950s West just because "they lack privilege, don't know any better, resort to what they know and have been taught to do..."? Of course not, because relative poverty is no excuse for unethical behavior.
quite the contrary, i was calling it out in the person i was responding to. but now you have accused me of being racist, i am unable to continue the conversation. have a nice day.
I am still divided on your opinion about it being economical, but it was definitely not racist.
Identifying a privilege gap is not racist. India is definitely not in the same place as 1950s America which was the post-WWII boom. Sometimes called the Golden Age of america.
Then again, we do have some cultural issues to overcome, and yes, a lot of the cultural issues are a result of a traumatic period spent under the boot of the colonizers.
That being said, blame is not useful, the people responsible are dead, and hopefully we can mature as a culture. I see lots to be hopeful about, but lots to be fearful about too. The transition of power from colonials to our republic was botched, and now we're stuck with a broken political machine, and the powerful are trying to break it further.
I was very deliberate in avoiding calling you racist. I said explicitly and deliberately that your comment (not "you") seemed (not "certainly was") inadvertently (not "intentionally") racist.
The way I read the GP post it’s more “the way economics are structured strongly incentivized them to engage in this behavior.” which is more a statement about how pressure and incentives work on humans than anything racist. I doubt that people in the US would react differently to the same incentives.
Comparing the raw GDP of the US in the 1950s to India now is glossing over a lot of points. For example, GDP per capita does not capture the (in)equality of wealth distribution in a country. Or how that GDP ranks on a scale: The US in the 1950s was in a high, probably even the top position (I didn’t check exactly which) - India with the same GDP now is definitely not. That makes a huge difference in perception.
It’s easy to dismiss the status value of a brand name piece of clothing or any token that elevates your status if you’re already high up on the ladder.
None of that excuses the behavior in the sense that it makes it “ok”. But it contributes to the explanation of why such behavior clusters in specific communities.
For me, that I’m ahead, it’s easy to look down and say that this is unethical behavior, but it’s important to keep in mind that I’m applying my ethics from a privileged vantage point - and likely you’re doing so as well.
> By GDP per capita, India is where the US was at in the 1950s.
In the 1950s the US's GDP per capita was the highest. Is that the case for India today?
> Would we excuse this behavior in the 1950s West
I mean the 1950s West was no bastion of ethical behavior. Wasn't that when the cigarette industry in the US started its decades-long campaign of misinformation, obfuscation, and false advertising to cover up the harmfulness of their products? And this was flagrantly unethical behavior by some very privileged people. This is without even getting into how women or minorities were treated.
> relative poverty is no excuse for unethical behavior.
One man's "unethical behavior" is another man's "playing by the letter of the rules, not the spirit". Spamming PRs for a free T-shirt is no way comparable to call center scams.
Lack of ethics or interest in the subject, luring to the ways of gaming the system - I'd say this reputation is well deserved, as someone who studies here.
> the global system we are complicit in has created this tremendous waste of human potential?
Thanks for writing -- I like that way of thinking about spammers etc -- that they could have been doing something meaningful instead, if the world and society made more sense
I've had multiple examples of "spam" from Indian and Chinese students who scraped an email from GitHub repos, wanting endorsement or to fill questionnaires or somesuch.
> Thousands of students are all trying to get a low effort contribution in to have an extra line of "experience" on their resume and a T-Shirt from a western Silicon Valley company as signaling? Judging by the poor quality of the contributions, and the fact it's on GitHub, maybe folks studying IT?
Well, not exactly. There are a lot of people in India who are very passionate about open source and who actively try to get others to participate. So they organise events teach others how fork a repo and submit PR's. Batch-mates are either forced or join after seeing the enthusiasm. Unfortunately, these are not moderated and things go downhill soon where a PR is sent for the sake of it.
They probably should validate a somewhat matching commit with the same e-mail address ending up in a branch or something. Few if any projects modify those.
That's my point :) Arguing that because this would exclude some small number of projects does not make sense if from the get go you exclude a large number of open source projects.
Just a piece of anecdata in regards to this, last year in my first Hacktoberfest I made a PR for an open issue on a project that got no response from the maintainer until a week later, where he said something along the lines of "Oh sorry, I missed this one, I'll get to it soon", and then he just never reviewed it or anything else on the project ever again.
I frequently perceive a sense of entitlement from drive by PR contributors, as if they are giving a gift to the maintainer, when in reality, it often takes more time for the maintainer to test, review, and give feedback on contributions than if they’d done it themselves.
I imagine the people spamming repositories for a T-shirt are the same people who will harass maintainers to “just merge it already.”
This is one reason why I generally open an issue first. Lets talk about my problem first. Maybe I add a PR / branch / patch as a PoC. Maybe it gets closed with "No" a few month later.
However, I don't see how that works with a hackaton mindset.
>I frequently perceive a sense of entitlement from drive by PR contributors, as if they are giving a gift to the maintainer, when in reality, it often takes more time for the maintainer to test, review, and give feedback on contributions than if they’d done it themselves.
If that's what you think then why accept pull requests at all on your project?
Most of the PRs I make outside of work and personal projects are to obscure libraries I found useful, which usually have a maintainer whom awakens from their slumber once every few lunar cycles.
(I maintain a handful of small libraries that meet your description, and only recently "awakened from slumber" to release a new version of https://github.com/hunterloftis/throng after five years)
I'd take that a step further and require that the PR fixes an existing issue opened by a different user. Go ahead and fix a typo too if you want, but that alone won't get you a t-shirt.
Wow. Just a moment ago I received a PR to slightly modify a readme, in a way that seemed unusual (no insertion of links or anything, but odd punctuation choices). I couldn't understand why someone would send it, and then saw this post.
To be fair I always send PRs that correct very small things in documentation such as typos and punctuation. But I do that all the year not only during Hacktober Fest.
That's totally normal I would say. Once you have repo with a few thousand stars there will also be occasional spam requests from what I guess are people that want to be able to pin the repo to their profile. Can't imagine dealing with the spam that the post is describing.
Yeah, we just got a "Fix a typo in README" PR that added the words "Fix a typo in the README" to the README, and we're a pretty niche open source repository.
This is especially stupid of the spamming participants. If you so desire a t-shirt and don’t want to make any meaningful contributions, just make your own BS repo and make your own BS pull requests.
I intended to make meaningful contributions last year and accidentally hit the quota just by making PRs to my own projects.
The first user I looked at from the repository mentioned in the article did all of the above. Spam PRs in someone else’s repo, spam PRs in their own (fake) repo, spam PRs in a sock puppet’s (also fake) repo. The only thing they haven’t tried is writing a legitimate PR.
I foresee maintainers automating the process of flagging _every_ pull request as spam for the event window, and communicating that decision to the actual community beforehand.
For some context it's worth quoting directly from the published statistics available at (1). Although if this is based on manually tagging something as spam it is probably an understatement.
Of the 483,127 PRs submitted during Hacktoberfest, only 23,299 (4.82%) were identified as spam, with 19,587 (84.07%) of those being in a repository that the Hacktoberfest team excluded from the competition for not following the shared values and 3,712 (15.93%) being labeled as "invalid" by project maintainers.
They literally checked for a label with text "invalid" and that's it. The OP, for example, used the label "spam" so it doesn't count. Simply closing the PR without merging or commenting doesn't count. Any other text label doesn't count.
Their FAQ (linked from the submitted article) says:
>[...] please give them an `invalid` or `spam` label and close them. Pull requests that contain a label with the word `invalid` or `spam` won’t be counted toward Hacktoberfest.
Since project maintainers don't have to opt in to Hacktoberfest, there's no reason for them to know that the FAQ exists. Most maintainers are unaware of what's going on and will just close the spammy PRs without tagging them.
They also mention the label "invalid" multiple times and never the label "spam." So even if they count "spam" for making entries invalid for a reward their stats do not seem to take that into account.
Ah. Nonetheless given this is analysis over historical data I would label any PR that hasn't been merged in over the last year as effectively spam. The fact that none of their stats seem to include how many PRs were actually merged in is rather concerning.
That's easier to deal with, because the maintainers can just reject the PRs and not have to worry that the spammer will get goodies from Digital Ocean if they don't mark it as "invalid" or "spam" or some other magic tag. And as a maintainer, high on my list of "reasons to reject" would be "bugging me about a PR from a random person I've never had a submission from before and who has no other track record of contributions to open source projects".
Right, that relies on the maintainers knowing that they are "expected" to do the extra work to tag those with special tags, otherwise closed PRs count as "good".
The absolute number definitely does mean something! Its work created for maintainers. Checking and tagging a PR takes non-zero time. Creating 24,000 invalid PR's is a massive burden on the open source community.
Given that there's been a year since last year's event this should be a fairly clean piece of data at this point. Even longer or more involved valid PRs should have been merged in by now.
Wow, such an apple to oranges comparison. I scanned the page but didn't see anything better, so we should assume that 84.07% of all pull requests submitted during Hacktoberfest are to repositories excluded for not following the shared values. That implies that of the 483,127 PRs, 76,962 are to qualifying repositories, and in fact that 15.93% of ALL valid PRs are spam.
This is exactly my point. They listed the top-line, total number of all PRs without any filtering, then when they calculated the "spam ratio" they filtered out "invalid repos" as well as "spam PRs". It's a misleading statistic.
That's an insane amount of spam. The percentage is irrelevant, look at the real number: we're talking tens of thousands of instances of undue burden on the maintainers of open source packages.
And the number of "nice PRs" is essentially irrelevant here: this is not a zero sum game, a thousand good PRs don't cancel out a project getting flooded with bad PRs.
If your event can't prevent substantial abuse of the community you pretend to do this for, you should stop your event and figure out how to do better.
Hey domenic - I work for DigitalOcean on the Community team.
We also noticed an uptick in spammy PR's and we are working on a bunch of immediate and long term changes to improve the situation for Open Source maintainers like you.
We have a system to invalidate spammy PR's, but not spammy users.
The problem with most "spam flagging" solutions is:
1. They only kick in _after_ the PR is created and the maintainer's time is wasted.
2. In some cases they might actually cause more harm than good. A user is flagged for spamming, gets blocked, creates another account and spams some more... etc.
For that reason we are focusing our efforts on just re-routing these impatient users into guides that have them creating PR's on their own repos.
Long term we are definitely committed to updating the program to make sure it's delivering on the mission of getting people positively involved in open source.
We could change it to be opt-in only, but the participants who are creating spammy PR's have already shown they don't read rules, so I think they would continue to create the same PR's.
That's why, to deal with the immediate issue we're creating an obvious, even lower-effort route for the impatient participants to take (follow a guide to create 4 PR's on your own repo) - and longer term we'll make bigger changes (maybe including an opt-in only model) that solve the perverse incentive issues that seem to be driving this PR spam.
Classic Goodhart’s law: “When a measure becomes a target, it ceases to be a good measure."
I don’t know the solution for this. But sheer number of PRs/commits is obviously meaningless. We just don’t have a better (cheaper) proxy to latch on to.
Indeed, DO could have done something about that at some point in the past 5 years.
(Although the free cloud resources idea sounds worse to me - those have actual value (spam, mining, ...), so there'd be a real incentive to try and automatically game this)
Google's Summer of Code was a little annoying too. You'd get this wave of Indians, where GSoC is extremely popular, asking you what they could do for you if they knew some C++. It was a lot of work to deal with their applications and shepherd them along a project and it usually yielded little in the end. We wanted new contributors, but at best we'd get a sort of working idea over a summer.
I know for some other projects GSoC worked out well. I'm sure people will pipe up telling us how we're doing it wrong if we couldn't get good results from GsoC candidates, but after a couple of years I was tired of being involved with it and got cynical about it.
WRT GSoC We're constantly tweaking the program to make it more relevant and less time wasting for projects. Early on, we got people doing extremely negative things to 'succeed' in the summer of code.
It's reasonable to bow out if it's not working for your project. Maybe check us out every few years to see if we've addressed your problem :-)
Oh, Octave is still doing GSoC. I just haven't been involved with it in a while. I guess it's still working for someone else, glad to hear it's gotten better.
I'm sorry it didn't work out for you. For you, was a "good result" just a good project, or a contributor with continued involvement?
Coming from the other side, as someone who was a GSoC student, but whose involvement with open source ultimately dropped off over the years, I think one of the problems here is the timing. GSoC students are typically in their third or fourth years of undergraduate study, which are followed by internships and on-campus data structures & algorithms interviews which require a lot of preparation. Then for the first couple of years in the industry, most haven't sorted out their work life balance sufficiently to want to code in their free time. It's only recently (2-3 years after I graduated) that I started feeling like I had enough time to get back into open source.
The fact that there as many Indians applying as there are, I think is due to a combination of the factors that 1. there are a lot of Indian CS undergrads 2. internships are extremely competitive, so GSoC is perceived to be an alternative (which it really is not)
Your Linux-example a) is by a long-term contributor having a bit of fun and b) is better quality than many of the spam commits in that it actually makes things a miniscule amount better. IMHO, actual typofixes in the scope of Hacktoberfest are okay - they help a tiny bit and they don't hurt much. If someone learns how to make actual PRs through that, fine by me.
compare e.g. clear spam, which adds a copy of someones website into the HTML specification repo: https://github.com/whatwg/html/pull/5972/files There is no scenario in which that is even a potential improvement.
Have you read the pull requests? I did and I'm appalled that someone would waste maintainers time like this. It's so pointless, and for what? A t-shirt?
And when their attempts to "contribute" to the WHATWG and Let's Encrypt documentation repos didn't go through, they resorted to creating a handful of dummy projects of their own, then making five pull requests on those repos from a new Github account.
At least that doesn't inconvenience open-source maintainers, I guess. It's clear that the spirit of the event has been lost, though.
- please let that site know of the problem instead. Thanks!</p>
+ please let that site know of the problem instead.We will try to better ourself Thanks!</p>
I feel bad for the repository maintainer, but they take Digital Ocean's initiative in extremely bad faith during this article. People are frequently incentivized to do the wrong thing and, oh look, here we are. This situation could be resolved or at least improved upon by Hacktoberfest and a load of maintainers sitting down and talking things out.
This is a comms problem, not a "corporate-sponsored distributed denial of service attack against the open source maintainer community". The well-meaning frequently cause more problems than they solve, but it is better to have them on the inside of the tent pissing out than on the outside of the tent pissing in, it is said.
No, this article never even implies DO is doing this intentionally. The tone is annoyed, even aggrieved, but not really angry. The author, in fact, seems to be rightly applying Hanlon's Razor, and is constructively figuring out how to fix this unintended down-side to what should be a nice gesture by DO.
Perhaps, but actively saying things like “most importantly, we can remember that this is how DigitalOcean treats the open source maintainer community, and stay away from their products going forward.”
Which is not constructive. I think DO should sort this out and there’s any number of decent options just in this HN thread, but this post is only going to help if it generates enough negative publicity on HN for DO to recognize. In and of itself, it’s just another fed-up dev.
This is unfortunate, and I agree with other commenters that Hacktoberfest should be opt-in.
I had a great experience with Hacktoberfest last year. I tagged a few issues with Hacktoberfest and got a nice PR from someone showing me how to configure my Vue project for unit testing.[0] It was a non-trivial PR and a useful contribution.
If they can't make it opt-in, at the very least they should:
1. Only count PRs that contain something like "#Hacktoberfest" in the GitHub comment accompanying the PR. This would make it easier for maintainers to weed out the spam or at least understand where it's coming from and what term to search for when they encounter this unprepared. Also, it would give "visibility" to the event, so it should even fly with management!
2. Only count merged PRs. Apparently DigitalOcean have a "reason" for not doing this, because some projects don't use the PR merging feature directly. I think they should reward users who educated themselves on this point and only opened PRs on projects that do merge them.
2. I think the other argument you could make against that is not everyone has the same time to merge. If it takes two weeks to get merged, I basically have to have the PR in by the second week of October.
> I had a great experience with Hacktoberfest last year.
Yeah same here, but as a contributor. I decided I wanted to make my PRs count and decided on a targeted effort of taking one mans tiling WM for Windows[1] and fixing enough of the stability issues and race-conditions I found to the point where I should be able to use it myself.
Not a single one of those PRs was “cheap”, and the resulting improvements in quality and stability has lead that WM now to seemingly have more users and doing better than it used to.
And now I have a tiling WM whick is actually usable the times I have to use Windows. Win win, as far as both I and that project-owner is concerned.
Why are you actively making the :sparkles: open source community :sparkles: less welcoming :hearts: and inclusive :smiley:???
Next you'll tell me you object to frivolously renaming the m*ster branch of every project at your company and forcing edits to every bit of extant Git-related shell script out there.
It's a new world, buddy — only blue-hairs and anti-racists need apply.
403 comments
[ 3.1 ms ] story [ 316 ms ] threadInitially, at least from what I remember, the "spam" mostly was purpose-made repos a la "make a PR in this repo to add your username to this list and get a Hacktoberfest point", which didn't drain others time. But now it spreads to random projects, since they try to block those purpose-made repos.
Haven't figured out yet which repos are picked why, it doesn't seem to be entirely random. Seen it on some projects I'm involved with, others not at all. As mentioned in the article, the HTML spec is hit every year. ...
Free t-shirts are also pretty controversial due to child labor often involved at some point in the manufacturing.
https://news.ycombinator.com/item?id=22407343
https://news.ycombinator.com/item?id=22408905
edit: and it's worth saying, sometimes a newbie's first PR is pretty indistinguishable from spam. It would be ironic if one of the results of this project was teaching a bunch of young programmers that they're not needed or wanted in FOSS.
Maybe suggest that in an issue on that stats tracking repo?
Such an effort would have to start with them voluneering a test dataset and/or schema.
I have asked - https://github.com/MattIPv4/hacktoberfest-data/issues/5
My gut says that Hacktober probably spawns some productive contributions, but most of them would likely have been submitted anyway.
Projects tagged with the Hacktoberfest tag tended to signal either projects that were both active and had low barriers of entry for newbies, or weird mechanical turk-esque spam. While the latter is unfortunate, the former isn't nearly as easy to find as it should be the other 11 months of the year.
I myself have submitted small PRs during Hacktoberfest but they were still meaningful corrections and in addition to at least 5 significant contributions. We do need better signalling. I tend to pick projects I already follow or have been tagged for Hacktoberfest.
I've seen people say they benefit from Hacktoberfest and some people say they get a lot of spam, and it's hard to know which outnumbers which, but I don't think anyone should be saying with confidence that it's a pure negative, and I think DigitalOcean's suggested fixes (disallow new accounts, disallow people who've gotten too many contributions marked as spam) are probably the right direction to go.
I can see why this happens, though. I've noticed that a whole bunch of projects have `good-first-issue` being something like "Re-architect module loading system" while most commits are like "correct typo". Like, jeez, man.
The participants are probably just pattern-matching against the commits available.
EDIT: Decided to go look at the spam that OSM got (a project close to my heart) and what the hell, man, look at this diff
<removed>
This is just awful! I really feel for the maintainers. This user is just adding nonsense to a bunch of places.'EDIT again: Whoops, guys, I didn't mean to cause more spam to the project. Removed the diff link. Jesus Christ, I ended up becoming the villain I was complaining about by linking it.
I can’t understate the simplicity of doing it, and I’d be nervous about someone taking the other approach as indicative of their technical depth. Then again, they’re already spamming READMEs so it’s not as if it was a strong signal to start with.
I don't ever see that as a negative signal, but I do see it as a positive signal if I can just read your code, so if you write good code in public and you hide it, I can't find it.
Of course, whether you care is up to you, but if I find solid code there I'm going to recommend skipping technical evaluation if you're considering working with me.
It doesn't hide your work at all (commit frequency is an awful metric of valuable work, some people do a lot of "fix typo" commits).
Every employer worth working for will at least look at some actual code you've written, both in your own projects and in contributions to others.
And even then an in-person interview should be able to offset any github activity or lack thereof.
It's a fitting allegory, though. This contest has used free T-shirts to solicit open-source contributions in the same way that the industry has used high salaries to solicit creative and impactful contributions.
Now imagine that you're trying to fill a position, and these pull requests are analogous to candidate interviews. You might start to have some sympathy for people who believe that we need some sort of professional certification for the trade.
It's unfortunate considering the democratizing promise of low-cost computing, but how else can you effectively deal with this "market for lemons" caused by large swaths of people acting in blatant bad faith?
Which just goes to show how bad the status quo is.
Be very careful assuming that a payment motivates open source developers. If you offered to help me do something for an hour for whatever internal motivation you might have, and afterwards I offer you $5 for your time, you would likely be demotivated.
On the other hand if you offered to buy them a beer or a coffee it would probably be very motivating. I'm not sure why this is. Maybe cash just feels lazy and impersonal, so the amount being offered has to be big enough to counter that feeling.
That is certainly a plus, but I don't think that's all of it. If I was working on something for a friend, that they had no idea how to help with. Then at some point they dropped off a snack or drink as a thank you, I would be happy about that. If they offered me a $100 bill I would be offended because they're not my boss, and my time is worth more than that.
I want to say that a small token of appreciation feels better than having my value quantified to an insulting amount. However, it may be even more basic than that. Food is a powerful reward, there is a reason it is used to train animals. It also could be that introducing money makes something feel like an obligation.
For anyone who is working, people are "giving" them $5 all the time. But they probably don't have people buying them coffee/beer/lunch all the time.
here is the work that you cited if i am not wrong.
"Volunteer work is an increasingly large, yet ill-understood sector of the economy. We show that monetary rewards undermine the intrinsic motivation of volunteers."
-- https://ideas.repec.org/p/zur/iewwpx/007.html
The earlier sentence make it clear they are talking about monetary rewards specifically, not any kind of reward. A t-shirt might notionally have a $ value, but it is not a monetary reward. Plus, the nature of a branded t-shirt has an obvious team-participation / prestige value.
If rewards demotivate people, we should also avoid positive recognition, or praise, which is a form of reward; of course this is unintuitive, so I assume monetary rewards are a special case.
We all hear the stories of the person who saves a company a million dollars, and then gets giving a coffee cup (or an attaboy) for recognition.
It gets even trickier when the giver and the receiver have wildly different incomes.
Generally I find money to be a terrible proxy for what I actually value, but other options are worse proxies!
Good PRs are valuable, but require lots of work. Spam is not valuable, but it also does not require basically any work.
Hacktoberfest equally rewards both good PRs and spam equally. With those incentives, what are people logically going to produce?
Well, the answer is clearly "a lot of people," unless you can think of an alternate explanation for the increase is spam during Hacktober.
Why they want a damn T-Shirt so much is a totally valid question, though. I don't understand that either.
In both cases I get that what I care about gets into the project. It's enough for me.
You already got payment up front: software that the author(s) have made available to you for free.
You get payment by the author spending time to review your changes.
You also get payment afterward: free maintenance for your pet feature. (Not guaranteed of course but generally the case.)
I've been saying it for a long time, but the reason that this and other problems (like high developer burnout) seem like especially bad problems that the world of "software development" is facing is primarily because they're especially bad in the GitHub culture (and as a consequence of that culture), and the developers who are experiencing the worst of it are part of that community. Ditch the 'Hub, its userbase, and what is considered "best practice" there, and then many of these problems get dialed back a lot.
Much like follower counts on other social media sites, GitHub's contribution graph and profile timeline should have never been public. They should have been neat features of your personal dashboard that you alone are able to see when you're signed in—providing some form of encouragement à la the Seinfeld hack and to help you manage your work—but not for others' eyes. The gamification of "social" leads to degenerative behavioral patterns.
Please revisit my original comment. When I wrote it, I put some effort into qualifying things to make it clear that I'm not talking about just what happens on GitHub on the site. I referred to its culture. The things you just described are part of that culture, and very notable elements of it.
This sounds like "Without GitHub you will get less spam", which is probably true, but I think the reason is not "github is bad", it's: Less people will find your project.
Maybe that's a worthwhile trade-off, but it's very different from "all will be better without Github"
Making up quotes is not cool; those aren't my words, and that's not my position, so I'm not going to be gulled into defending it or kept from calling attention to what amounts to a sleight of hand here, even if it wasn't intentional.
(And this really chafes, because after I wrote what I meant, I even revised it to pre-empt[1] getting sucked into a discussion where someone responds to the wrong reading—specifically trying to avoid things like this. But when people don't even respect the constraint of sticking to others' actual words and instead conjure up other words that make for a more convenient world[2] to operate in, then there's almost nothing that can be done.)
> This sounds like "Without GitHub you will get less spam"
Well, it shouldn't; that's reductive.
If the bad stuff that arises from GitHub, its culture, and its practices were proportionate to its size, that would be one thing. (But also not itself a good reason not to consider ditching it—just like it's not obviously true that it would be a good idea to use Windows because the risk of malware is rational given its size as a target.) What's bad about GitHub, though, might in fact be disproportionate to its size—and in some cases, especially with respect to the practices that get promoted in that world, are things that are bad irrespective of GitHub's size.
1. https://pchiusano.github.io/2014-10-11/defensive-writing.htm...
2. https://wiki.lesswrong.com/wiki/Least_convenient_possible_wo...
You have explained your criticism of GitHub, and I agree that it should have done things differently from the beginning. Still, your proposed solution for users is literally to "Ditch the 'Hub", promising that "many of these problems get dialed back a lot". It's really not a far stretch to "all will be better without Github".
This is accurate. Let's let that be the place we stay.
> I find that "all will be better without Github" is a reasonable short approximation [...]
Well I don't, and it's my position, isn't it? It's not accurate. I don't think that "all will be better without GitHub"—and what's more is that I practice the "without GitHub" part; I have the firsthand experience to be able to say it's not true, so I wouldn't try to tell anyone that it is—and I didn't. I'm responsible for my own ideas, not ones imagined upon me.
Moreover, if I argue that A and B are not equivalent and that I prefer deal with A in its original form and not B, and you argue that they are equivalent, it's not rational for either party to insist that we deal with B in place of A. So let's not.
That is false. Firstly, even if your project is not hosted on github, clones of it will appear on github anyway.
Secondly, planting yourself in the middle of a vast ocean of garbage is not a good strategy for being found. You might be thinking of the Github of twelve years ago.
Don't think it's devolved at all this has been the norm from the 80's onwards (perhaps earlier).
Look at how fractured open source is today and the sort of egos that come with it everywhere you look. While the points made in this article are valid, it's great that someone is incentivising people to interact with various projects rather than do their own thing rather than climb blindly up the same treacherous mountains others have done long ago.
Hey, also why not rewrite it in rust :)
Being a contrarian is easy, fixing these well acknowledged problems is hard.
This quote can be applied to organizations on the wane.
This happen a few years back in UI design when designers started to put more work into presentation of projects than projects themselves.
I'll not advocate calling DigitalOcean on the phone, but tagging the CEO on the complaints on twitter might be more effective than tagging the community manager who professes he is not listened to.
A first step would be to only allow contributions to selected projects that have first approved to be included in Hacktoberfest.
The numbers quoted elsethread look like that to me. Not necessarily the full 10x difference, of course, but choosing just between these two systems it appears clear to me that there would be more work for maintainers and/or significantly less people being eligible for T-Shirts because few maintainers are actually aware of Hacktoberfest if every PR had to be tagged by the maintainer to count for eligibility.
Incentivizing spam should be criminalized over the next decade if we are to maintain our humanity.
If it does motivate people and they like them, then fine: I guess it's just different strokes for different folks.
It pretty much boils down to this. Not only are vendor t-shirts actually a physical item but they are also often uniquely designed; many vendors only provide certain designs for certain events. So they really become a badge of honor and can gain in emotional value: "been there, got the t-shirt..."
It is. T-shirts are wear items and getting a free one that looks decent is one less that you’ll have to buy.
It’s a shame it has led to people spamming repos, however.
Just look at the kind of mayhem Black Friday precipitates, and that's not even free - just a promise of exceptional discounts.
The comedian Doug Stanhope has an amusing bit about free healthcare and how wastefully it would be consumed by Americans conditioned to maximally abuse anything offered free of charge.
Edit: I don't mean to suggest Americans have a monopoly on this sort of behavior, it's just the country/culture I'm by far most familiar with.
Thousands of students are all trying to get a low effort contribution in to have an extra line of "experience" on their resume and a T-Shirt from a western Silicon Valley company as signaling? Judging by the poor quality of the contributions, and the fact it's on GitHub, maybe folks studying IT?
That type of academic spam isn't new sadly [0].
[0] https://academia.stackexchange.com/questions/41687/what-is-b...
In most of these cases, it usually starts with someone really talented doing it with all the good intentions, and everyone else wanting to get in on that 'swag' and appear just as 'talented' and 'unique' amongst their peers. The freebies are mostly for 'show off'.
A few hours ago this link showed extremely low effort LeetCode/Programming Challenge problems and solutions aggregation repos created by us Indians (disproportionally more than any other country at the time I checked) with very silly open issues created & marked as 'hacktoberfest2020' (looks like some of them are gone now)[1].
But, from what I heard from my uni recently, things are improving and this year folks are trying their best to form groups to focus on meaningful contribution over spam.
Even after all that, unfortunately for us though, we'll still have bad actors, probably at the same percentage as any other country, but amplified due to our population and hyper-fixation with an unreal perception about most things we do.
[1] https://github.com/search?p=1&q=label%3Ahacktoberfest+state%....
is it fair to place the blame squarely on them or is it better to recognize that the global system we are complicit in has created this tremendous waste of human potential?
By GDP per capita, India is where the US was at in the 1950s. Would we excuse this behavior in the 1950s West just because "they lack privilege, don't know any better, resort to what they know and have been taught to do..."? Of course not, because relative poverty is no excuse for unethical behavior.
Identifying a privilege gap is not racist. India is definitely not in the same place as 1950s America which was the post-WWII boom. Sometimes called the Golden Age of america.
Then again, we do have some cultural issues to overcome, and yes, a lot of the cultural issues are a result of a traumatic period spent under the boot of the colonizers.
That being said, blame is not useful, the people responsible are dead, and hopefully we can mature as a culture. I see lots to be hopeful about, but lots to be fearful about too. The transition of power from colonials to our republic was botched, and now we're stuck with a broken political machine, and the powerful are trying to break it further.
Comparing the raw GDP of the US in the 1950s to India now is glossing over a lot of points. For example, GDP per capita does not capture the (in)equality of wealth distribution in a country. Or how that GDP ranks on a scale: The US in the 1950s was in a high, probably even the top position (I didn’t check exactly which) - India with the same GDP now is definitely not. That makes a huge difference in perception.
It’s easy to dismiss the status value of a brand name piece of clothing or any token that elevates your status if you’re already high up on the ladder.
None of that excuses the behavior in the sense that it makes it “ok”. But it contributes to the explanation of why such behavior clusters in specific communities.
For me, that I’m ahead, it’s easy to look down and say that this is unethical behavior, but it’s important to keep in mind that I’m applying my ethics from a privileged vantage point - and likely you’re doing so as well.
In the 1950s the US's GDP per capita was the highest. Is that the case for India today?
> Would we excuse this behavior in the 1950s West
I mean the 1950s West was no bastion of ethical behavior. Wasn't that when the cigarette industry in the US started its decades-long campaign of misinformation, obfuscation, and false advertising to cover up the harmfulness of their products? And this was flagrantly unethical behavior by some very privileged people. This is without even getting into how women or minorities were treated.
> relative poverty is no excuse for unethical behavior.
One man's "unethical behavior" is another man's "playing by the letter of the rules, not the spirit". Spamming PRs for a free T-shirt is no way comparable to call center scams.
Thanks for writing -- I like that way of thinking about spammers etc -- that they could have been doing something meaningful instead, if the world and society made more sense
Well, not exactly. There are a lot of people in India who are very passionate about open source and who actively try to get others to participate. So they organise events teach others how fork a repo and submit PR's. Batch-mates are either forced or join after seeing the enthusiasm. Unfortunately, these are not moderated and things go downhill soon where a PR is sent for the sake of it.
They probably should validate a somewhat matching commit with the same e-mail address ending up in a branch or something. Few if any projects modify those.
I frequently perceive a sense of entitlement from drive by PR contributors, as if they are giving a gift to the maintainer, when in reality, it often takes more time for the maintainer to test, review, and give feedback on contributions than if they’d done it themselves.
I imagine the people spamming repositories for a T-shirt are the same people who will harass maintainers to “just merge it already.”
This means not all os projects are likely to yield you a t-shirt, but it does mean your contributions must be good and relevant to have a chance.
There is some technique to reviewing a project and knowing what is likely to be pulled based on its context.
That aught to cut down on it.
Fwiw, DO should be doing something for the projects that accept a PR from this “fest” either t-shirts or a donation to a foss advocacy org or similar.
However, I don't see how that works with a hackaton mindset.
If that's what you think then why accept pull requests at all on your project?
And on balance, I love open source!
It’s just one of those unfortunate things where it’s hard and slow to be considerate while being easy and cheap to be inconsiderate.
(I maintain a handful of small libraries that meet your description, and only recently "awakened from slumber" to release a new version of https://github.com/hunterloftis/throng after five years)
I intended to make meaningful contributions last year and accidentally hit the quota just by making PRs to my own projects.
> Do pull requests made on my own repositories count?
> Yes, but we strongly encourage you to make quality contributions to other repositories.
So yeah, I suspect it's massively undercounting.
>[...] please give them an `invalid` or `spam` label and close them. Pull requests that contain a label with the word `invalid` or `spam` won’t be counted toward Hacktoberfest.
>const totalInvalidLabelPRs = await db.collection('pull_requests').find({'labels.name': 'invalid'}).count();
They also mention the label "invalid" multiple times and never the label "spam." So even if they count "spam" for making entries invalid for a reward their stats do not seem to take that into account.
In a sea of 5B PRs, 24k would look impossibly good.
And the number of "nice PRs" is essentially irrelevant here: this is not a zero sum game, a thousand good PRs don't cancel out a project getting flooded with bad PRs.
If your event can't prevent substantial abuse of the community you pretend to do this for, you should stop your event and figure out how to do better.
[1]: https://twitter.com/MattIPv4/status/1311366041897971712
[2]: https://twitter.com/MattIPv4/status/1311395478244818945
We also noticed an uptick in spammy PR's and we are working on a bunch of immediate and long term changes to improve the situation for Open Source maintainers like you.
Here's an official post where we walk through currently proposed changes: https://hacktoberfest.digitalocean.com/hacktoberfest-update
suggests to me that DO expected that maintainers would email DO about spammy users. is that the case?
The problem with most "spam flagging" solutions is: 1. They only kick in _after_ the PR is created and the maintainer's time is wasted. 2. In some cases they might actually cause more harm than good. A user is flagged for spamming, gets blocked, creates another account and spams some more... etc.
For that reason we are focusing our efforts on just re-routing these impatient users into guides that have them creating PR's on their own repos.
Long term we are definitely committed to updating the program to make sure it's delivering on the mission of getting people positively involved in open source.
Many maintainers put “Hacktoberfest” labels on issues they’re happy for newcomers to work on.
That's why, to deal with the immediate issue we're creating an obvious, even lower-effort route for the impatient participants to take (follow a guide to create 4 PR's on your own repo) - and longer term we'll make bigger changes (maybe including an opt-in only model) that solve the perverse incentive issues that seem to be driving this PR spam.
> This year, the first 70,000 participants who successfully complete the challenge will be eligible to receive a prize.
How about choosing 70,000 participants at random? Or any other criterion that doesn't encourage quick content-less contributions?
>When a measure becomes a target, it ceases to be a good measure.
I don’t know the solution for this. But sheer number of PRs/commits is obviously meaningless. We just don’t have a better (cheaper) proxy to latch on to.
Opt-in could help. So could better access control tools from GitHub.
DO could make it so that users have to use a specific tag on the PRs; there are tons of ways maintainers could filter on that.
DO could switch the prizes to be something less likely to draw spam than a t-shirt would - like free cloud resources.
TLDR; in the spirit of software - let's iterate on this imperfect event instead of junking it outright.
(Although the free cloud resources idea sounds worse to me - those have actual value (spam, mining, ...), so there'd be a real incentive to try and automatically game this)
Please stop blaming the victims for not doing enough.
[1] https://twitter.com/MattIPv4/status/1311391325443555328
[2] https://twitter.com/MattIPv4/status/1311392743885869057
I know for some other projects GSoC worked out well. I'm sure people will pipe up telling us how we're doing it wrong if we couldn't get good results from GsoC candidates, but after a couple of years I was tired of being involved with it and got cynical about it.
It's reasonable to bow out if it's not working for your project. Maybe check us out every few years to see if we've addressed your problem :-)
Coming from the other side, as someone who was a GSoC student, but whose involvement with open source ultimately dropped off over the years, I think one of the problems here is the timing. GSoC students are typically in their third or fourth years of undergraduate study, which are followed by internships and on-campus data structures & algorithms interviews which require a lot of preparation. Then for the first couple of years in the industry, most haven't sorted out their work life balance sufficiently to want to code in their free time. It's only recently (2-3 years after I graduated) that I started feeling like I had enough time to get back into open source.
The fact that there as many Indians applying as there are, I think is due to a combination of the factors that 1. there are a lot of Indian CS undergrads 2. internships are extremely competitive, so GSoC is perceived to be an alternative (which it really is not)
compare e.g. clear spam, which adds a copy of someones website into the HTML specification repo: https://github.com/whatwg/html/pull/5972/files There is no scenario in which that is even a potential improvement.
15 spam PRs in last two hours https://github.com/phpmyadmin/website/pulls?q=is%3Apr
9 spam PRs in the last day https://github.com/whatwg/html/pulls?q=is%3Apr+is%3Aclosed+l...
Take a look at this user who has made 21 commits this year. 20 of the commits are from today and all of them are for valuable additions like:
* "made with love"
* "you will love it"
* " with "
* "Please do try we have made this for you"
* "That was amazing dud"
* "lovely i loved it"
* "and awesome"
* "and cool"
https://github.com/shibin37
EDIT: Formatting
Yeah, it's pretty bad.
At least that doesn't inconvenience open-source maintainers, I guess. It's clear that the spirit of the event has been lost, though.
+ This PR would need another PR to fix white spaces and punctuation.
Do I get my free T-shirt now?
[0]: https://github.com/OscarZhou/CSharpTraining/pull/1/commits/8...
This is a comms problem, not a "corporate-sponsored distributed denial of service attack against the open source maintainer community". The well-meaning frequently cause more problems than they solve, but it is better to have them on the inside of the tent pissing out than on the outside of the tent pissing in, it is said.
No, this article never even implies DO is doing this intentionally. The tone is annoyed, even aggrieved, but not really angry. The author, in fact, seems to be rightly applying Hanlon's Razor, and is constructively figuring out how to fix this unintended down-side to what should be a nice gesture by DO.
Which is not constructive. I think DO should sort this out and there’s any number of decent options just in this HN thread, but this post is only going to help if it generates enough negative publicity on HN for DO to recognize. In and of itself, it’s just another fed-up dev.
[1] https://twitter.com/MattIPv4/status/1311420523067383814
I had a great experience with Hacktoberfest last year. I tagged a few issues with Hacktoberfest and got a nice PR from someone showing me how to configure my Vue project for unit testing.[0] It was a non-trivial PR and a useful contribution.
https://github.com/mtlynch/whatgotdone/issues/279
[1] https://twitter.com/MattIPv4/status/1311391325443555328
1. Only count PRs that contain something like "#Hacktoberfest" in the GitHub comment accompanying the PR. This would make it easier for maintainers to weed out the spam or at least understand where it's coming from and what term to search for when they encounter this unprepared. Also, it would give "visibility" to the event, so it should even fly with management!
2. Only count merged PRs. Apparently DigitalOcean have a "reason" for not doing this, because some projects don't use the PR merging feature directly. I think they should reward users who educated themselves on this point and only opened PRs on projects that do merge them.
2. I think the other argument you could make against that is not everyone has the same time to merge. If it takes two weeks to get merged, I basically have to have the PR in by the second week of October.
Yeah same here, but as a contributor. I decided I wanted to make my PRs count and decided on a targeted effort of taking one mans tiling WM for Windows[1] and fixing enough of the stability issues and race-conditions I found to the point where I should be able to use it myself.
Not a single one of those PRs was “cheap”, and the resulting improvements in quality and stability has lead that WM now to seemingly have more users and doing better than it used to.
And now I have a tiling WM whick is actually usable the times I have to use Windows. Win win, as far as both I and that project-owner is concerned.
[1] https://github.com/rickbutton/workspacer
Why are you actively making the :sparkles: open source community :sparkles: less welcoming :hearts: and inclusive :smiley:???
Next you'll tell me you object to frivolously renaming the m*ster branch of every project at your company and forcing edits to every bit of extant Git-related shell script out there.
It's a new world, buddy — only blue-hairs and anti-racists need apply.