this post was submitted on 31 Dec 2024
437 points (99.3% liked)

Open Source

31889 readers
146 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

This doesn't surprise me at all... Just like bots in games. Selling a service that benefits another. Its shady, but definitely believable.

Also, what if this is an actual viable way to "market" for an open source project?

https://www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings

top 50 comments
sorted by: hot top controversial new old
[–] B0rax@feddit.org 17 points 6 days ago

You can buy any metric on the web. Amazon reviews, YouTube subscribers and likes, X followers, Reddit karma, …. I am not surprised that GitHub stars are one of them.

[–] BaumGeist@lemmy.ml 15 points 6 days ago

On the Caveat Emptor ("Let the buyer beware") side of things, I look at other metrics well before I rely on stars.

How many contributors does it have? How many active forks? How many pull requests? How many issues are open and how many get solved and how often and how lively are the discussions? When was the last merge? How active is the maintainer?

Stars might as well be facebook likes imo: when used as intended, they didn't say much more than "this is what the majority of people like" (surprise, I'm on lemmy bc I have other priorities than what's popular), now they mean nothing at all.

[–] desktop_user@lemmy.blahaj.zone 5 points 6 days ago (1 children)

how is twidium managing to charge so much more?

[–] BradleyUffner@lemmy.world 10 points 6 days ago

Their stars are hand crafted from raw virginal pixels by blind monks using only their toes.

[–] Magnetic_dud@discuss.tchncs.de 3 points 6 days ago (2 children)

Why a real person would star a project? When I star a project then my GitHub home is littered with activity from that project. I hate that, so I never star anything

[–] fxdave@lemmy.ml 4 points 6 days ago

you can turn off notifications from starred projects

[–] jagged_circle@feddit.nl 3 points 6 days ago

open collective has a minimum star limit to signup.

But they accepted our project even though we didn't meet it. I always thought it was silly, and was glad they were flexible.

[–] atridad@lemmy.atri.dad 1 points 6 days ago

Amazing. Good thing I don’t use GitHub :)

[–] nutsack@lemmy.world 1 points 6 days ago (1 children)

shouldn't this sort of thing destroy your algorithm ranking

[–] Mubelotix@jlai.lu 5 points 6 days ago (1 children)

Github is very naive and has 0 protection against spam-stars and multi-accounts.

[–] Gork@lemm.ee 121 points 1 week ago (1 children)

Also cybersecurity implications here. Nefarious actors can prop up their evildoings with fake stars and pose as legitimate projects.

[–] aliser@lemmy.world 27 points 1 week ago (1 children)

my first thought. I usually rely on stars for "trustworthiness" of random projects before running their code.

[–] entropicdrift@lemmy.sdf.org 1 points 6 days ago

Ironically an open source project with under 100 stars now seems more trustworthy by default because you can be sure they aren't lying

[–] AI_toothbrush@lemmy.zip 67 points 1 week ago (2 children)

I almost commented something like "thats extremely overpriced, why dont you set up a raspberry pi to do it for you for free" and then i realized the people who could do that dont need fake stars.

[–] djsp@lemmy.world 2 points 6 days ago

On the one hand, one Raspberry Pi would not really suffice. As @theherk@lemmy.world argued, you would need legitimate email addresses, which would require either circumventing the antibot measures of providers like Google or setting up your own network of domains and email servers. Besides that, GitHub would (hopefully) notice the barrage of API requests from the same network. To avoid that and make your API requests seem legitimate, you would need infrastructure to spread your requests in time and across networks. You would either build and maintain that infrastructure yourself –which would be expensive for a single star-boosting operation– or, well, pay for the service. That's why these things exist.

On the other hand, although bad programmers might use these services to star-boost their otherwise mediocre code, as you suggest, there are other –at least conceivable, if not yet proven– use cases, such as:

  • the promotion of less secure software as part of supply chain attacks, with organizations sticking to vulnerable libraries or frameworks in the erroneous belief that they are more popular and better maintained than alternatives, for example;
  • typosquatting; and
  • plain malware distribution.
[–] theherk@lemmy.world 28 points 1 week ago (6 children)

How would the raspberry help? It is accounts needed.

load more comments (6 replies)
[–] CosmicTurtle0@lemmy.dbzer0.com 41 points 1 week ago (3 children)

What is Twidium's deal? They are the most expensive and take the longest.

[–] filcuk@lemmy.zip 38 points 1 week ago (2 children)

Obviously their stars are the bestest

[–] jagged_circle@feddit.nl 5 points 6 days ago (1 children)

I think you're joking, but if their accounts dont get banned immediately and the stars removed a week after you pay, then their stars are actually the bestest

[–] HiddenLayer555@lemmy.ml 5 points 6 days ago* (last edited 6 days ago)

There's a chance their stars take so long because they might be using click farms to manually generate them which would be harder for spam detection to catch compared to generating stars with bots and hacked accounts, since technically there are actually x many people actually giving you stars, they're just being paid to do so.

[–] einlander@lemmy.world 21 points 1 week ago

Got to make it look organic and viral.

[–] AI_toothbrush@lemmy.zip 29 points 1 week ago

Its not good that some of these are instant. I guess they try to make it look organic.

load more comments (1 replies)
[–] Stanley_Pain@lemmy.dbzer0.com 28 points 1 week ago

Can we get a nice chart for Upvotes on Reddit costs? Asking for a friend. /s

[–] phar@lemmy.ml 25 points 1 week ago (13 children)

I am not a programmer. But I have been using github as an end user for years, downloading programs I like and whatnot. Today I realized there are stars on github. Literally never even noticed.

load more comments (13 replies)
load more comments
view more: next ›