
Show HN: POC to show the flaw in project collaborator notifications on GitHub - 719Ben
https://github.com/719Ben/attention-whore
======
codazzo
Interesting POC, I found out about it precisely in my github feed. Now, you
really could have given it a different name. If you change it people will not
have a problem sharing it. It's unnecessarily offensive!

~~~
719Ben
I am the project creator and after some feedback I agree. The project's name
has been changed.

~~~
BinaryBullet
You showed up in my feed as well (multiple times). I thought this was an issue
that had been fixed in the past?

~~~
719Ben
I think the fix is simple. Make people confirm that they want to be a
collaborators before notifying all their followers.

~~~
BinaryBullet
Yeah... I just vaguely remember something like this popping up in the past. I
guess it was a slightly different issue. Your suggestion would work, or at
least only showing up in feeds until the collaboration has been accepted.

What's your /graphs/traffic page look like? Have a lot of people checked the
page out?

[https://github.com/719Ben/notice-
me/graphs/traffic](https://github.com/719Ben/notice-me/graphs/traffic)

~~~
masklinn
> Yeah... I just vaguely remember something like this popping up in the past.
> I guess it was a slightly different issue. Your suggestion would work, or at
> least only showing up in feeds until the collaboration has been accepted.

Zed was a recipient of drive-by-collaboration back in 2011:
[https://web.archive.org/web/20110603111859/http://sheddingbi...](https://web.archive.org/web/20110603111859/http://sheddingbikes.com/posts/1306816425.html)

The intent was a bit different, followers were not the target, the user being
added was, but the core problem was the same: you don't get to confirm if you
_want_ to become a project's collaborator (and can't squelch such requests),
you just get added.

> The question then comes up: How is it that someone can just add you to a
> project on github without your permission? Well, github will just let you
> unilaterally add someone else. You can just pick a random person and give
> them commit rights to it. It's under the assumption that you wouldn't do
> something as stupid as adding someone who hates you to your own project. In
> this case, it's a project the person doesn't care about, so adding them is
> just intended as an insult.

> […]

> It took Nick Martini two days to fix his repo. Despite what Martin says on
> his blog it actually was very little effort from me and most likely
> considerable more for Nick. You would think that would be the end of it.
> Nick would leave me alone.

> Then today, he added me to the dongml project again.

> Since there's no way for me to remove myself, and since github won't create
> a way for me to block him, or report his project for abuse, I'm mostly left
> with leaving it there.

> Of course, I have another option, which is to continually destroy his
> project until github bans me from their servers. But now I have my code on
> there...or do I?

------
endel
Just today there was 2 annoying GitHub users doing this, probably using your
script. I always report this kind of activity to GitHub. Hopefully they'll
need to do something now that you made this accessible.

~~~
swang
Yes same here. One project was also repeated which suggests that everytime you
add/remove someone their followers get a new notification. Edit: oops
nevermind.

------
captn3m0
I noticed this in my feed yesterday (via a user that seems to have been banned
now[0].

[0]: [https://github.com/tushar-rishav](https://github.com/tushar-rishav)

------
bevacqua
I posted a fix here: [https://ponyfoo.com/articles/github-for-human-
beings](https://ponyfoo.com/articles/github-for-human-beings)

------
AndyKelley
This has been driving me nuts. I used to report all instances but GitHub
doesn't care so I resorted to only blocking offending users.

------
basicallydan
Urgh. You got me, 719Ben. I saw it on my feed, too. Three people: defunkt,
mojombo and paulirish.

------
howareroark
Gotta love the hustle! ;) Gotta push that new track to get big!

