back to article Open-source devs drown in DigitalOcean's latest tsunami of pull-request spam that is Hacktoberfest

Hosting biz Digital Ocean kicked off its seventh Hacktoberfest on Thursday – and managed to seriously annoy the very developers the event aims to celebrate. Launched in 2014, Hacktoberfest was founded to inspire people to get involved with the development of open-source software. It attempts to do so by encouraging programmers …

  1. Notas Badoff

    Two sets of egotistical people 'helping' open source?

    Seems that Eternal September for open source is here.

    Looked at the risen to 28 list (which is now at 34) and at least 8 were changes to "404.html", a file in the root of the repo. And a bunch to readme.md. Numerous picayune changes proving they don't know English.

    One PR changed

    <div class="failed">

    to

    <marquee><div class="failed"></marquee>

    proving they don't know HTML either.

    Another added "<h2> HTML </h2>" to the readme.md just before the "### Code of conduct" heading, proving they don't know markdown either.

    And - sorry - but look at the user names. The competition over there to prove you are a really great web whiz is intense I hear. That this might be a honey pot trap never occurred to them? (Is there a 'ban' action for Github repos?)

  2. Anonymous Coward
    Anonymous Coward

    AI

    No auto bot to reject all submissions during this PURGE?

    Genuine question : is there no way to just > dev/null the lot for this period?

    1. Anonymous Coward
      Anonymous Coward

      Re: AI

      More friendly to simply disable pull requests for the period. I'd hate to have a valid pull request of mine get blackholed.

  3. Glen 1

    Don't be afraid to commit

    I think that perhaps contributors should be in a more structured workshop such as "Don't be afraid to commit"

  4. RM Myers
    Thumb Down

    Own Goal!

    The title says it all.

  5. Kevin McMurtrie Silver badge
    FAIL

    Better things to do

    Nobody proposed a tool to download public abuse databases then analyze traffic patterns of their listed servers? (Checking fail2ban logs...) I guess not.

  6. Anonymous Coward
    Anonymous Coward

    Attention to details

    How's this for a documentation bug report?

    https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211948

    1. Anonymous Cowtard

      Re: Attention to details

      Don't you just love it when the corrector needs correcting?

      "To many tiny errors so I just did a full rewrite below.”

      1. TeeCee Gold badge
        Coat

        Re: Attention to details

        ...and what was the reply from "many tiny errors"?

  7. MatthewSt

    Be Prepared...

    https://twitter.com/github/status/1311772722234560517 - they turned this feature round pretty quickly!

    1. bitwise

      Re: Be Prepared...

      my_doob (of ThreeJS) was requesting this feature about a couple of weeks ago, so someone may have had a mostly-working version of it sitting somewhere.

  8. noboard

    Impressive

    You come up with a contest intended to help open source, which causes these projects to shut down for a few weeks.

    Marketing strikes again.

    1. Wellyboot Silver badge

      Re: Impressive

      Nobody volunteered to process pull reqs all month so all contributors should calculate (at hourly rate) the time it takes to process these then sue the ejits offering financial inducement (free t-shirt) to cause that expense.

      The excuse being used that anyone can do this anytime doesn't wash, the same could be said about throwing a brick through your window.

      Marketing > "B" Arc passengers.

      1. Mike Pellatt

        Re: Impressive

        But FFS don't put the telephone sanitisers on the "B" Ark this time.

        Esp in the current circumstances.

    2. Francis Boyle Silver badge

      To be fair it's not just marketing

      It's the old rat/snake/whatever bounty problem. If you offer an incentive to do something useful people will always find a way to game your system.

  9. IGotOut Silver badge

    Digital Ocean?

    You mean those assholes who host 95% of "customers" that attack my website and do NOTHING about it.

    Cloudflare rule no.1. Drop everything originating from them.

    Wouldn't suprise me if El Reg have the same rule.

    1. doublelayer Silver badge

      Re: Digital Ocean?

      Malicious bots will find somewhere to host no matter what. As far as I know, DigitalOcean does respond to abuse requests and does take down people's servers when needed, but if malicious people find it easy enough to set up servers there, they'll still do it. Block those IP ranges and you'll find that others also attack. Block everywhere where attacks come from and you'll mostly eliminate the internet from accessing your site. I run a server there (almost all of its traffic is to provide services on request, it's not generating much), and if I scan my SSH and web logs, I find attack attempts coming from at least eight cloud providers and twenty non-cloud countries in the past week. Blocking all these ranges isn't a good answer to attacks because you'll at best reduce their quantity. Instead, make sure that not even a good attack will work and ignore the noise as the price of having a publicly-accessible system. If you're getting something like a denial of service attack, you have to worry about the source, but if you're getting automated login attempts, let them try a few times then ban their IP.

  10. Anonymous Coward
    Anonymous Coward

    Same issue with OS but...

    OsmAnd tried a rewards system for improving OpenStreetMap, which quickly led to the same result.

    With GitHub however, many projects add a "Help Wanted" tag to some issues. How would it work if they were to count only successful patches that close issues tagged with "help wanted"?

    Lastly, from a dev point of view, I see this as yet another advantage of not using Github in the first place.

    (edit: some good suggestions in Drew's post, quoted in the article. Worth a read!)

    1. doublelayer Silver badge

      Re: Same issue with OS but...

      This is a great point. The contest as they've set it up is seemingly well-designed to prioritize quantity over quality, and look at what they got last time. It would make a lot of sense for them to change the structure to actually help developers, meaning that really small PRs wouldn't count. Whoever sets up these rules isn't thinking hard enough about the purpose and benefit of what they're doing.

  11. Anonymous Coward
    Anonymous Coward

    Marketing

    Why. WHY are you a thing?

    1. Mike 16 Silver badge

      Re: Marketing

      Why? It's part of the "full employment for folks naturally inclined to be con-artists, but who are afraid they won't be able to get their favored mineral water in prison, so have cultivated an acute sense of the line between "deceptive but legal" and "fraud." Line width down to 3 nanometers, AFAICT.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like