66 comments

[ 3.6 ms ] story [ 130 ms ] thread
It's similar but not a dupe
interesting - still seems different to me. Those are about different news articles reporting on the same "event". These are two different (though similar) individual's experiences of Hacktoberfest.
I mean, you can finesse it a zillion different ways but it's the same story. You can tell it's the same story because you get the same kinds of comments. There's always someone who hasn't seen the story. There's always some slightly different take someone could write about the story. But if these aren't duped out, the front page would be the same five stories every day and complaints about how it's the same five stories.

Just flag dupes and carry on!

My manager mentioned Hacktoberfest a while back. Honestly I’d never heard of it. When I went to check it out, I was greeted with millions of commits of whitespace. Now I dream of the whitespace. I’ve learned to embrace the whitespace. And it’s fellow companions, the humble carriage return and line feed.
i prefer 3 spaces intentation or tabs, please accept my RP
I suppose, as a DigitalOcean subscriber for the past five or so years, I should probably send them an angry email about this. I don't know if they'll be particularly threatened by me pulling my $12 a month, but maybe it'd at least get this noticed by some part of the org that isn't keeping up with engineering news...
I already contacted support and they sent me a “we’re working on it, here’s our response[1]” response, which I didn’t feel was good enough. I’d send them a support message to make it known that their customers are displeased about their actions.

[1] https://hacktoberfest.digitalocean.com/hacktoberfest-update

I've contacted support as well to express my disappointment.
Unless you make billing department notice, they aren't going to care.
I want to say just go spam PRs on the DO repos and maybe they'll do something about it.

But totally don't do that because you read it here.

Coming soon, if it's not already here in Preview Edition: Eternal Hacktober. Every day GitHub more resembles a gamified social media platform.
People really seem to be looking for someone to blame here, but Github was always public and there was always the ability for any random person to inundate you with garbage pull requests. My experience maintaining open source projects is that most pull requests are more work to review (and coach) then they would be to just do from scratch yourself. But you're letting people contribute to something bigger than themselves, being a part of something. And, the first small request may lead to big improvements in the future. So maybe it's not all bad.

It doesn't bother me that DigitalOcean is incentivizing people to contribute to open source. Yeah, they were pretty bad at it, but we were all bad at it at some point. Encouraging people to take that chance is valuable to me. (Some other comments mention sending DigitalOcean an angry email because they are customers. I'm a customer too! Maybe I'll send them a nice email.)

Github could do some work to improve this. For example, they could add a feature that requires lint/tests to pass before the PR is even brought to the attention of a maintainer. That would be good even outside of Hacktoberfest; I have no doubt wasted a colleague's time pointing out a lint error that the linter would have pointed out a few minutes later (if I had not forgotten to run it).

People get a chance to try out open source contribution. Github gets some ideas on how to improve their product. I'm just not all that angry.

Why would lint/tests fail when docs or README are sabotaged?
Maybe people lint their docs or README with something like vale.
DO isn't some charity, and it's not their first go around. Dangling free stuff in front of people and then offloading the burden of spam mitigation on people who didn't ask for it is careless at best and arrogant at worst

edit: I should also mention, I feel bad for the Community Platform Manager on twitter who can't really fix anything on his own but is still pained that people are unhappy. DO has dumped a bunch of crap on him too.

The point is that DO incentivizes "do something which takes time from maintainers, without bringing them value"

GitHub fundamentally has some mechanisms which incentivizes some "useless" PRs especially to popular projects ("see, I contributed to $popular_project") while it directly adds the metrics ("oh, just one line changed") where most people quickly learn that there is no point in those.

Mind that looking at PRs is not a short thing. Usually I try to follow up with folks who send partially useful things to learn about users and maybe get them to contribute repeatedly. I won't expect anything from Hacktoberfest spamers.

>People really seem to be looking for someone to blame here

Well... DO created a contest that rewarded low effort PRs and an Indian youtuber made a video telling his viewers to make spam PRs to claim shirts from DO. With some searches you could find 10ks of garbage PRs on github almost all from Indian accounts and in similar format to one shown in youtube video. This isn't beginner programmers making mistakes it's just garbage.

https://www.youtube.com/watch?v=v9902nonYas

> This is what we get with corporate-sponsored “social coding”, brought to you by Digital Ocean and GitHub and McDonalds, home of the Big Mac™. When you build the Facebook of coding, you get the Facebook of coding.

The author has this spot on. Everyone who has ever emphasized things like "your commit graph" and metrics like "number of PRs opened", or who uses GitHub star count to judge a project's popularity is collectively responsible for this kind of problem.

GitHub is a good tool, but its social aspect does not optimize for meaningful coding contributions, it optimizes for visibility. I agree with the author that sr.ht would likely avoid this problem since it's optimized for actual problems that programmers need to solve.

That being said, I think there are two other factors at play here:

1. I had a lot of internal debate about whether or not to say this, but calling it out for what it is – there is a bit of latent racism inherent in this outcry. A lot of the people making the requests seem to be male and South Asian, and I think this triggers people's inbuilt resistance to South Asian names. They will fall over themselves to advise `alina_stravinsky599` on the best way to make a typofix, but will yell "shitoberfest!" when `navinshah53` makes the same PR. [1]

2. Digital Ocean seems to want to juice metrics and use Hacktoberfest as a PR marketing move, so they have no incentive to actually offer personal mentorship that can enable anyone to make meaningful contributions to Open Source. Their "Beginners" page (https://hacktoberfest.digitalocean.com/details#beginners) recycles generic information about making PRs.

---------------------

[1] A personal, optional perspective regarding this: If you are a fellow South Asian man like me who actually wants to contribute to Open Source, remember that OSS maintainers will consider your PR as guilty until proven innocent. This is not fair, just like life. Your PRs need to be non-trivial, typo-free, and have perfectly passing tests. If you feel like submitting a simple PR to fix a typo or something, avoid the temptation and just leave it for others to participate in this feel-good fest. Consider spending that time writing closed-source code for money instead.

> They will fall over themselves to advise `alina_stravinsky599` on the best way to make a typofix, but will yell "shitoberfest!" when `navinshah53` makes the same PR.

Sorry, but stereotypes exist for a reason. South Asians (Indians) are very much over-represented in the "spam commit" category. And so, if people see this enough, they will build up a natural and understandable annoyance and resistance to future commits from such people.

> South Asians (Indians) are very much over-represented in the "spam commit" category. And so, if people see this enough, they will build up a natural and understandable annoyance and resistance to future commits from such people.

Try applying this logic to literally anything else in life (say crime statistics) and you will wade into racist territory in short order. I don't see why we get to be the honorable exception.

That all being said, I kind of agree that complaining about it is futile. I think that smart and practical Indian dudes should account for this kind of racism during their career. Hence my advice (which I follow myself) to them to stick to writing proprietary software and improve their skills in that arena. Or play the open source game on extra hard mode, it's their choice really.

Are you arguing that stereotypes are bad because they have the potential to be racist, or are you arguing that there is no value in applying a high-pass filter despite the high noise to signal ratio in online interactions?
Very, very ironically -- my high-pass filter suggests that your comment is edging down the well-trodden "let me convince you that actually, racism is okay in some circumstances" route.

So I will bid you a good day!

I guess you really are arguing against something purely because you associate it with "the r word".

Your argument is: "if you apply x to y, you get z, therefore x is always bad". Complete lack of critical thinking, and purely an emotional reaction to z.

> Sorry, but stereotypes exist for a reason

Because for very good reasons relating to survival in a no-tech world with dangers around every corner, the human brain jumps to over-generalities.

Generalisations can be a fantastic time-saver. I optimise for efficiency. If my false-positive rate is too high then maybe the data my brain has trained on is poor. But from what I've seen so far, and from what I've heard from other people, the data my mental model has been trained on is fairly representative across the board in this instance.
Trash commit freqs, unlike crime stats, are filtered not through institutions but through one's own mind. Granted, one can carry a lot of biases in what they look at and what they notice, but this issue applies to all heuristics in general.

That said, I used to carry a lot of… biases against Indian developers since that's what all the Chinese programmers talk about on Weibo and Telegram. I have seen a lot of impressive folks since then, so I don't really have that particular generalisation any more.

Heck, Chinese ppl would do the same 薅羊毛 thing if our mail service was less shitty. We even have js devs charging people in cash and stars for documentation. That's what you learn from living in no community.

> This is not fair, just like life. Your PRs need to be non-trivial, typo-free, and have perfectly passing tests.

How is this unfair? I haven't contributed to many projects precisely because I think it's disrespectful to the maintainers to submit anything but non-trivial, typo-free and with passing tests.

There's even a guide on contributing to open source software (and also about opening issues) that says this.

My point is that the same standards are not applied blindly, and that South Asian male names are judged more harshly that other ones for an equivalent PR.

And also, who said that your practices are the canonical ideal? Lots of people do get their first PR as a minor typo fix, and go on to do more significant things.

What I'm surprised is that Hacktoberfest is opt-out, not opt-in, and it's enough to file a Pull Request, not needing for it to be accepted. There, two things that D.O. could change right now to limit the spam, instead of lying about having their hands tied.
> it's enough to file a Pull Request, not needing for it to be accepted

This part never made any sense to me. Such an easy fix to make.

There are a lot of projects that might not merge a PR within a month and the further you are into October the more unlikely it gets that the PR is merged in time. As such I do like it that my contributions to a project do count, even if the maintainer isn't around right now...
I did think about it when writing the idea, and in the end it still looks to me that it would be worth it.

This rule would mean contributors would actually care to initiate a conversation about their intented work, and would probably drive them towards projects where there is some activity and positive feedback from the maintainer, instead of projects which didn't want or ask for any contribution, like it happens now.

Also, I think such constructive environment could drive a reasonable maintainer to help the contributors by fast-tracking the PR in case the end of October was approaching. And by taking into account the PR merge date, not the PR creation date, it would mean you as participant could start working on some PR even before October.

DO could just check again for merged PRs whenever they want.
I have all my projects in a Mercurial monorepo on my laptop. And then I use a repo converter to create mirrors on SourceForge and Github.

Now when I get a PR, I treat it as patch and merge it locally, before syncing the mirrors.

But then it is shown as not merged on Github. Especially the verified by github hash is cannot be stored in Mercurial

A D.O. representative talked about similar concerns on Twitter... my thought is that there are enough people able to do a plain and simple PR for giving out 70k t-shirts. This is nothing more that a corporate pr stunt, not a long-term opensource awareness effort, so it would be ok to just give out the t-shirts to the first valid merged PRs and call it a day.

Regardless, IMHO if someone wants to do a PR on your repo, asking you should be their first step.

Because that would mean a very small amount of t-shirts go out. I think people think of DO a little too much. This isn't some altruistic action to better Open Source. It's a marketing gimmick.

Less shirts going out == less shirts being worn == less DO's name plastered on every programmers' bodies.

This is not to say that Hacktoberfest hasn't been helpful for some Open Source projects but let's not pretend that DO's main goal isn't marketing.

(BTW, there is nothing wrong with that, they are a company who wants to earn money, and this way, they help Open Source a little bit too)

They shoud worry about the bad pr they get from the consequences of their careless marketing actions. But granted, we won't collectively start making t-shirts about it, so I guess in November everybody will forget and move on.
Can someone explain how these spams are created? Who creates these (I know DO, but why do they create a bot to spam repos)? What is the alleged motivation behind these PRs?

I am out of loop with this one.

It's not DO who are creating the bots. People are doing this to get free t-shirts from DO, without having to actually make meaningful contributions.
I was missing this piece of puzzle. It all makes sense now. Thank you.

Wait... why the hell is DO giving out free t-shirts in automated fashion without checking individual contributions! What could go wrong!!!

Yesterday, this youtuber exhorted its viewers to submit at least 20 PRs in not-so-popular repos so that at least 4 remain unmarked as "invalid" to qualify for free t-shirt: https://www.youtube.com/watch?v=v9902nonYas

He has 670K subscribers on Youtube, and he insisted that not a single t-shirt should remain unclaimed after 1st October.

Anger aside, it was DO's job to think of poor incentive alignments and loopholes, because at the Internet scale, every loophole gets exploited sooner or later. Maintainers have been telling them of the spam issue for years.

For urgent action, DO should try to get that YouTuber to create a follow-up video to ask people to stop spamming Github. Even canceling the HacktoberFest and restarting it with new rules would be better than just giving up (as Matt Cowley seems to be indicating here: https://twitter.com/MattIPv4/status/1311594424049307649 )

And eventually, invest in educating these new developers about a responsible way of participating in open-source.

(comment deleted)
It’s not bots, it’s hundreds or thousands of people doing the bare minimum to submit a pull request and get the t shirt
Can we stop spamming HN with stories about Spamtoberfest? We get it, DO did a bad thing solely for their benefit.

While we're on the topic, let's talk of ways Github can ease the load on OSS maintainers for the rest of the year too. Examples:

1. (someone else suggested) Mandatory to run linters or pass tests before sending a PR.

2. Vacation mode for repos, where all PRs are auto-declined, with a vacation auto-responder message. This is also good for maintainers' mental health.

3. Ability to whitelist contributors who are allowed to send PRs (this might be controversial and against the spirit of Open Source)

4. Ability to set a TTL on PRs per-repo. If an owner doesn't respond within the TTL, it's auto-closed.

5. Stop showing commit graphs and the other nonsense that turns committing code into a public performance.

I'm sure there are other suggestions.

> Let’s be honest. Hacktoberfest has never generated anything of value for open source.

This statement by the author is not true. I lead Home Assistant[1], last year the 10th most active project on GitHub[2]. We love Hacktoberfest at Home Assistant and gladly participate. We have gotten a lot of high quality contributions and some of these contributors also stayed and joined our core team.

We've been many years in the top contributed projects during Hacktoberfest. In earlier years spam was higher but now it's not too bad. The biggest thing that they did to reduce the spam to us was making sure our repository didn't get linked on their website.

I see a bunch of calls of people are trying to stop Hacktoberfest because it attracts people to open source and we're all so busy. But… if we get more people and we get them along as a maintainer, the long term work load can be reduced because more people are working on open source.

So instead of calls for trying to stop Hacktoberfest, let's ask for a better way to control spam. I think that the announced guide by DO to tell people to open a PR on their own repo is a good start.

And if anyone reading this is interested in participating in Hacktoberfest by improving their smart home, check out the Home Assistant Hacktoberfest blogpost[3]!

[1]: https://www.home-assistant.io [2]: https://octoverse.github.com/#top-and-trending-projects [3]: https://www.home-assistant.io/blog/2020/10/01/hacktoberfest-...

> if we get more people and we get them along as a maintainer

Big 'if' considering a majority of the spammy PRs I've seen today are editing the project's title to add "- An awesome project". It all feels very automated.

Thanks for commenting here, I use HA and I will contribute :)
So here is an community-wide project idea I just had: gather as many spam reports as possible, and build a training set that can be used next year to implent a Github Actions workflow to automatically reject Pull Requests based on a confidence threshold. Like a spam filter for PRs.

Something like this: https://github.com/marketplace/issue-label-bot but assigning an "invalid" label and closing the PR.

Maintainers might want to enable this only during October. It would be a cool reaction from the community, given that there is not much else we can do.

The best place where to find training examples that I can think of is @shitoberfest on Twitter (https://twitter.com/shitoberfest), but most of them are just screenshots, not actual links :(

> Let’s be honest. Hacktoberfest has never generated anything of value for open source.

That is a bold claim. Hacktoberfest being in the press reminded me how little I have been able to code in the last two years, and made me consider joining in FOSS again. There is a part of me that there is something elitist behind this. All these ordinary, run of the mill hackers intruding on the clique. What a horrible horrible blog post

Both posts use the same hyperbole of a DDoS on open source projects and it hurts both posts.

Dealing with spam is a pain, it's annoying and it being somewhat incentivized doesn't really help. But claiming that it's a huge load of work and pretending that maintainers are drowning in spam pull requests is also very ridiculous.

If you don't have the time to close a bunch of pull requests, then maybe it's time you get someone additional onto the project that can help you out. Ask the last few people that have made high quality PRs or maybe just helped with something small, whether they're interested in helping out more.

Stop whining of how hard the life of an OSS maintainer is and invite others to help you out.

I'm confused, your argument for saying this isn't a bad thing is and that developers are not drowning in spam is telling them to... Get more people involved, so that they can take some of the load off of the maintainer. You suggest that they aren't capable of running the projects they created entirely out of love for the craft, and were handling well enough, without help only because DO's marketing stunt might probably cause burnout.

Did I get it right or did I misintepret something?

> Stop whining of how hard the life of an OSS maintainer is and invite others to help you out.

Are you a maintainer? How many of them have you offered to help with the spam? And don't you think there are better contributions you could make if it weren't for the deluge?

- Create new github account

- Make PR via automation

- Earn prestigious t-shirt

- Sell prestigious t-shirt

- Repeat as many times as possible

Is this what's going on? With the right tooling you could net a profit. I mean you're crashing the reputation of the project and the value of the shirt, but from a ruthlessly objective perspective (Not that that's my perspective), who cares if you wreck those things?