I find the "EMBEDDED MALWARE DESTROYED MONTHS OF WORK" issue opened on the jqwik repo to be baffling. Do they not use source control? And if not, what are they doing on GitHub
Well, this is just the natural result of people who have never watched a single youtube video or a resource about programming and went directly from using a little chatbox to giving full access to their machine via claudecode or similar coding tools. Claude or codex will never create a git repo for you unless explicitely prompted somewhere.
It kind of is, you push to a repository which is not on your computer. Force push protection stops you from rewriting history and default branch on github is protected by default and requires an option to be disabled (or well used to, I use gitea these days).
The backup part of that is that you are sending a copy of your code to a separate server (github).
It has nothing to do with git. Making a copy on a separate server would still be a backup even if you weren't using git. Using git without pushing your repo somewhere else would not be a backup.
It was a fake post anyway, but the instructions were to remove the output of that library and code using it, not delete everything on the computer or project.
restic/borg is not a backup application because you backup to a folder in the same directory called `.git`... doesn't sound right does it? git (and other source control systems) in every shape and form are a backup tool. In fact, a lot of people use git as a backup system for their OS configuration.
> restic/borg is not a backup application because you backup to a folder in the same directory called `.git`... doesn't sound right does it?
It does sound right.
Obviously the world isn't black and white, and whether something is a backup depends on what threats you are backing up against. Backing up in case of disk failure looks different then if you want your backup to survive a nuclear war.
But ultimately yes, if you configure restic/borg to backup to a different directory on the same disk (and not even different access control), that is not a backup.
If you make a git repository on your machine and then delete the entire directory it is in you can not recover it despite git being DVCS. If you have 2 forks of the repo stored on the same disc as the upstream repo and that disc dies, you lose everything.
I'm paying homage to the saying that "RAID is not a backup." In a technical sense RAID can create a backup of each block, but that is not what people are referring to when they say that phrase. They mean it as a backup as one may need for disaster recovery.
Making an actual copy of it that can be stored separately. Just tracking changes being made doesn't mean there is another copy of everything somewhere. The goal of backups is for the probability of destructions of different backups to not be correlated with each other.
I agree source control is not backup, because it implies having `git` is enough. It's not. Example: an Agent or process deleting your .git folder doesn't protect your code.
Or if the AI agent decides "delete" means something much broader than just source, and includes other project resources, such as databases
At the end of the day we have a developer injecting malicious instructions into their project, with the openly stated goal of causing data deletion, and the people supporting that effort are doing so because of their personal ideology. We have laws against this for a good reason.
