Github Has A SERIOUS Problem | Prime Reacts

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
GitHub has a serious problem and I didn't really realize this was happening until just recently in fact I even went out and kind of validated some of the stuff I am able to go and buy Stars Watchers followers Forks all of that now you're probably saying well come on man didn't you know this you can do this on Instagram you can do all that well the thing about Instagram and why I have less problems with it on Instagram it's like buying ads it's like promoting something whereas in GitHub stars and stuff is one of the ways in which I measure if I should use a project or not there's a trust Factor that's associated with it if I see a post with 10 000 likes I don't associate trust with that post okay I I associate something else virality with the post some other item whereas with GitHub stars have a more sacred if you will meaning it has a meaning that's set apart from other type of start items right like if you go to Twitter and you look at how many followers I have which is by the way almost a hundred thousand don't forget the volume but here's the deal is that this right here this doesn't mean I'm right it doesn't mean I'm wrong it doesn't mean that you can trust my opinions more it doesn't mean you can trust them less it simply doesn't mean anything other than for whatever reason people are following me that's just that and so GitHub with stars there's something else about it when I use a project I really do consider it like if you honestly go on here and go like this GitHub react right let's look at the Facebook react one right here and okay what do we got here we got uh two hundred and twelve thousand stars okay let's do this again let's go like this angular uh GitHub let's look up angular on GitHub and so you can see right away that angular only has 87 89.7 000 so in some sense react is about three times cooler than angular react is probably used three times more by devs if I were trying to get a job and I knew nothing about the industry I'd probably use something like Forks stars and Watchers as a way to kind of understand which projects you'd want to put your time into yeah stars are supposed to be telling the truth so I I when I saw this it was pretty shocking to see that you can buy stars and how much are they so this article is really cool uh yes and yesterday uh him and I talked about this and apparently like he told me to go for it go talk about all this stuff but they did quite a bit of research and uh him and Alexandra did a lot of research into getting this to work which is pretty exciting so check this out this is super weird the best and most obvious way to judge an open source project is to look at the code but this can be the kind of tedious and sometimes you don't like what you see there agreed and well I mean is it the best way you know again you get into the whole idea of how someone else programs and sometimes it's super annoying so I prefer some other litmus test right projects depending on it all that kind of stuff Stars perhaps so an alternative that we all naturally develop on our own or have been advised to is to see how many people have started the project and then pick the one with the most stars which I actually argue is not necessarily a bad way of doing it I really do think that it's not a bad way to do this I would have TJ on I'd love to have TJ on but unfortunately TJ is currently flying right now if I'm not taken if TJ was in here and he says I'm not flying and I'll join in of course I'd bring him in this is a TJ article to the max oh no no he's not flying today he's giving his presentation on using oh camel and Neil Vim at Jane Street TJ he's a real engineer like a real one uh for example react has uh 207 000 Stars compared to angular's measly 88 000 Stars so we conclude that react.js is a better framework Ben Awad the meat stick is right the meat stick is absolutely right well the above joke not that react is a better no no it is a better front end framework uh it is not a good idea to judge the quality of an Open Source by how many stars it has I don't I don't know if that's true I think Stars generally besides for the fact that we now know you can buy them have been a good way to understand two things about an open source project the person who is working on the project is someone that people like let's just be real if John Carmack right now uploaded a hello world in C it would get 10 000 Stars not because John Carmack did something amazing but because John Carmack did it so stars represent some quality behind the authors sometimes the second thing they do is they just they tell you that a lot of people rely on it enough that they go to it enough times to go oh I should start this I want to know what's happening right so there's something real there and so I do not agree with the statement at all I think stars are or have been a good way to measure some level of quality how many times have you gazed upon an open source and wondered uh fabulously about the correlation between the number of stars garnered and the actual value of the project if it's zero then you're okay you're a better person than me I don't think it's I don't think you can say this I think it's fine to do that but if not allow me to introduce you to my recent experiments and research it's likely uh that this will be the first time you encounter with this bizarre Market well I discovered it yesterday and now I'm seeing this yep that's a thing you can buy Stars just purchase them like Instagram likes as a known used marketing technique buying GitHub stars is equally tangible I do agree with that that buying Stars you can greatly shift how people view your project even though it's alive right it could be a complete lie let's go by I actually picked I was actually gonna buy some stars to see how well it works um but I'm gonna be real here for a second when you go on YouTube and you watch a video and it promotes a specific GitHub library in a sense they're buying Stars they are they're buying stars from you because what they're doing is they're getting you to visit it okay it is real it is true you're still buying Stars when you get someone to sponsor your project and so this is just a more gross way of doing it but is it really much different like is it that much different the only difference is that there's real people but are they really real people or are they just NPCs at the end of the day and what I mean by NPCs I I really do mean this is that you just go and start it because you like whatever person said it right you're you are starring something because somebody else said to not because you're actually liking the thing it's called marketing yeah of course it's called marketing but I'm just trying to like argue in my head if it's real right because there's I mean this is the gray areas how evil is this star buying versus getting someone who has software credibility to promote your project because let's just face it if I was to go on Twitter and I were to tweet drizzle om is absolutely fantastic please go check out their GitHub and Link it they're gonna get some level of stars simply because I said the thing right not because it's real not because what they're doing is actually good it's because I said it it makes you an NPC are you any more real than these other people be right back starring drizzle I just use them as an example we just got done doing that can you buy likes on Netflix I don't think so I don't I don't think that's how it works that'd be really bad idea if you bought likes on Netflix likes aren't for the show likes or for your taste they're for us to show you the right thing uh I I start all your repos daddy you just gonna call me an NPC hell yeah picking nothing but an FBC baby boy popularity does not equal quality well sort of sort of right all right premium Stars bear with me I know you're thinking what the hell there are different types of stars yes there are premium stars are the kind that is much more expensive the most legit looking and most notable or no let's see and most notable I believe uh those stars have a higher chance of staying over the long term I put on incognito mode and started hunting using my second identity Boogeyman uh or bogeyman as some people call it so he bought Stars 25 premium GitHub Stars for twenty dollars that's pretty expensive so cost me 20 euros I oh yeah you're right those are 20 fake dollars those aren't United States Freedom Units those are some other kind of thing I don't know what those are but those aren't real uh which uh which is about 0.8 fake units per star it's expensive not that you did let's see not if you deduct it from your taxes why couldn't you right you could imagine a company deducting it from their taxes because they're just doing it as part of marketing it's a marketing expense but I'm going to show you how they look like in a minute it took six hours for my order to complete and the accounts look legit each have a profile picture look at this look at those pictures like look at this person co-founder of JS for girls like they're they may even be impersonating real people here crazy crazy each profile picture different companies they work for and a couple repository and contributions to one or more open source projects next to being a GitHub member for over a year yeah it looks legit you wouldn't even notice cheap Stars whenever you see premium Goods remember the bargain uh Bin isn't far behind probably me real uh there was also cheaper options like this one thank you for your order hey uh bogey uh just to let you know we've received your order uh five seven what do oh my goodness if that is an auto increment encounter which is what it looks like to me that's what I'm guessing here that means there was 57 000 purchases before this is that what I'm like genuinely looking at right now oh man now I want to go now I want to go purchase some fake stars and see if this in because I think this looks like it could be from it looks like it could be from this site right here Baddie shop right it has like the same colors that light uh orange and white I should buy and then I should buy again and I should see if it is literally an auto incrementing item because if that's the case think about that like that really means that really means that there's been 57 000 people purchasing this like completely destroys all credibility in GitHub Harpoon is getting some love huh I'm actually planning on rewriting Harpoon I am I've been planning on a while I have some ideas to make it much much better and then I will never have to touch it again and never answer anybody's problems I reckon that 57 000 people you do you reckon you reckon that it is 57 000. dude there's and it's at a single shop oh dear sweetness you're right depending on the starting number Fair Fair did you notice uh slow browsing on GitHub I don't know this is slow browsing you could simply uh be in let's see an offset to fake sales yeah it could be but I want to know that would be amazing if we can prove there were 57 000 people that bought these Stars I know dude it would be you'd at least know that there's some thousands of people because if I get a number that's higher than they how much you want to bet that this article and me talking about it and other people talking about it is gonna make more people buy Stars what if I'm doing the world a disservice right now what if I'm making the world okay I I cannot live in a world where somebody else makes the world a better place Gavin belsum the primogen I might be that person right now now uh what's the difference well the biggest one is those brand new accounts the whole bisco what were you trying to say uh you're a bad influence I know why but if I pull the plug will happen if I am the bad one Gavin Belson doing it uh they were created at the time of my order if they don't have any fake personal information or repositories okay so look at this what do we got here all right and after a month they all got uh they they're all gone GitHub detected and banned them oh interesting 1002 Stars three stars so they did get a bonus star because of that oh I'm putting it on the tubes hell yeah okay so it looks like from March 11th to May 9th they got this okay what's crazy is that you can reach out to them and they're going to redo your order for free detecting fake stars now this is the cool thing are you ready for this this is cool this I don't know how how do you detect fake Stars I don't even I'm not even sure how you detect fake stars because you'd have to like scrape the users look at when they're created oh okay they listed all right here I discovered uh astronomer okay so everybody go be an NPC and like it I have an NVC a tool to detect illegitimate stars from bot accounts on GitHub uh it works by fetching data from every GitHub user who starred a repository then Computing How likely it is that those users are real humans by they're using their trust algorithm uh let's see the trust score is computed based on different factors the average amount of Lifetime contribution among star gazers the average amount of private contributions the amount of public created issues the amount of public authored commits the amount of publicly opened issue uh pull requests uh the amount of public code reviews the average weighted contribution score okay every fifth percentile from 5 to 95 is weighted uh contribution score the average account age older ones are more trustworthy okay I mean Fair so I tried astronomer on three repositories and saw the results all right here we go fetching uh 69 users for 2013. look at this so we got some A's we got some B's we got some C's some E's down here some lower trust ones in the lower percentiles but in the higher percentiles there's a huge amount that are recommended as trustworthy kind of wild right nice yeah it was nice it was six times noise or how he does it uh from the ministry of Truth well the thing is is that I'd rather this trust algorithm I don't you know it's funny how they have their trust algorithm and I don't bet an eye at this one you know why because this is an opt-in trust algorithm that I can run on various things to see how trustworthy it is it's much different in GitHub goes we're going to reduce we're gonna expose the trust algorithm I'd go ew you know it's funny all right depends on the place is how you perceive how trustworthy their trust algorithm is all right cheap Stars okay so for the cheap stars look at that look at that it is fully identifying cheap stars as likely fake and it's identifying premium stars as likely like 50 percent good kind of wild huh a legit stars as a control check fetching okay so here we go uh here's legit stars look at that all A's how Wild is that buy previous stars for a five dollars a month uh so that's scary the premium Stars scored decently as a b with the cheap ones resulting uh in the lowest a score e who knows maybe that's an Ultra Premium star Service uh that's gonna score an a maybe uh lesson learned uh as you shouldn't judge a book by its cover you shouldn't judge an open source project by the number of Star gazers as we saw in this article this is an option that they are not legitimate it's likely uh any other social media platform where fake accounts and fake likes exist instead ask your colleagues your community on Twitter why you should pick this project over another you uh could can also start a new discussion or create an issue on GitHub asking for people's experiences if that's not enough you can review the Project's code though we all no that's not something we have time and energy for on a daily basis right choosing a high quality open source project can be a challenging task however there are key factors to consider in making such a decision as the guild hole structures created a long term okay so this is all about these kind of things I am more Curious just about the Stars we don't need to know I think you guys can all figure out how to do proper things you're looking for right I'm sure you guys can figure this out now here's the thing that's really interesting to me and I'm going to put on the tinfoil hat because you know I love a good conspiracy from time to time are you ready for my big conspiracy run the trust algorithm on angular repo we should do that I'm not gonna do it now but we should better question can you go to the site and see if the public order status page uh where T just takes ID order one two three I don't know that one but that that uh that is interesting that is interesting we I I don't want to explore around right now but that is something we'd want to play around with Okay so here's my big conspiracy that I think you could end up doing you could theoretically create a project that mirrors some other thing that's useful that people want to use in some ecosystems people love using new libraries JavaScript that has a it has an ability to build some native piece of code as part of the installation process npm you could then buy a bunch of Premium Stars drive up your star count do it over time so it looks like it's going up create a Twitter account be tweeting about it next thing you know people are opting in and using your open source item you started creating a movement and then you could do a supply chain attack yeah I was about to say that's what I was going to end with a supply you could literally do like some psyop supply chain tack which is kind of wild because most people don't look at anything htmx hdmax is glorious okay htmx one everything they got due to how prolific a memer the Creator is okay you don't ever talk dirt about the Creator he the horse head posting language is a real one you can steal all the Bitcoins right uh downloads uh per week oh that's a good metric that's how we got react buy my credibility for only five five dollars a month yeah anyways anyways it's just something I uh thinking about this is that you could buy influence even if you're not going to do something nefarious with that influence like say supply chain attacks you could most certainly use it to grain to gain street cred to effectively jump start your career okay you do be looking good on that camera thank you is the Trojan Horse designed to destroy the react community no the react Community is a trojan horse designed to destroy HTML we all know this it's the other way around uh I have seen that a hashicorp is doing this anyways it is very interesting what you could do it's very interesting what you could do with all this anyways just something I've been thinking about I think GitHub has a serious problem I think that uh I think it's really it's gonna be really really tricky right it's gonna be really really tricky because that is that is kind of gross right I made multiple accounts to boost my own Stars a year ago and got street cred for my first uh job interview don't regret it somehow this doesn't bother me as much you did it all yourself you know you were you went off and you did you did all the things you need to do uh maybe you even wrote like a little script to help really give yourself subtract you're hustling okay you did your own thing something about you doing it feels different um I don't know self-made we call that a hustle yeah you're not just buying your way in you didn't pay to play you hustled the play and I could respect the hustle okay I can respect the Hustle but this is messing with my uh with my world view right now it is I don't know bird should just put the right every everybody in the world should just put their American Social Security number and their profile for easy verification boom goes to the dynamite the name is GitHub really does have a serious problem because now all credibility has been lost and I don't know what to do
Info
Channel: ThePrimeTime
Views: 82,611
Rating: undefined out of 5
Keywords: programming, computer, software, software engineer, software engineering, program, development, developing, developer, developers, web design, web developer, web development, programmer humor, humor, memes, software memes, engineer, engineering, Regex, regexs, regexes, netflix, vscode, vscode engineer, vscode plugins, Lenovo, customer service
Id: fi-QKFjC--M
Channel Id: undefined
Length: 19min 3sec (1143 seconds)
Published: Fri Aug 18 2023
Related Videos
Git Is Awful | Prime Reacts
ThePrimeTime
199K
Dear ThePrimeagen, You Are Wrong | Prime Reacts
ThePrimeTime
90K
Don't Contribute to Open Source
Theo - t3․gg
223K
Case Of The Sabotaged Trains | Prime Reacts
ThePrimeTime
77K
11 - There will be no programmers in 5 years
Simply Good Business
19K
Why Men Have No “REAL” Friends… | Richard Reeves
The Diary Of A CEO Clips
80K
How GitHub's Database Self-Destructed in 43 Seconds
Kevin Fang
956K
Removing TypeScript - DHH | Prime Reacts
ThePrimeTime
146K
I Stopped Using GitHub (Kind Of)
Theo - t3․gg
60K
Dev Caught Catfishing EVERYONE
ThePrimeTime
92K
Twitter algorithm open-sourced… Is Elon playing 5D chess?
Fireship
796K
The Fall Of Stack Overflow | Prime News
ThePrimeTime
38K
Why I DONT LIKE Open Source Software w/ Jonathan Blow | Prime Reacts
ThePrimeTime
227K
So You Think You Know Git - FOSDEM 2024
GitButler
1M
This CLI Tool is AMAZING | Prime Reacts
ThePrimeTime
78K
Uncle Bob LOVES Functional Programming | Prime Reacts
ThePrimeTime
114K
The Pain Of Frontend Dev | Prime Reacts
ThePrimeTime
234K
What Does Your Editor Say About You | Prime Reacts
ThePrimeTime
278K
The Darkside of Software Engineering
ThePrimeTime
166K
Gitlab DELETING Production Databases | Prime Reacts
ThePrimeTime
311K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.