I don’t blame GH at all.
Source: https://web.archive.org/web/20230702215522/https://sh.itjust...
This is Hacker News. Hacking is about using, in particular, technology in surprising ways that were not intended by the creators.
The reason that hacking is even a thing: It's actually possible to break things in a responsible, non-destructive way (in contrast to most things in the physical world).
If we skip the responsible part, we are just... breaking things and incurring costs. Why should that be okay?
I don't really see anyone blaming GitHub, not even the original post, I'm not sure why all the responses here are insinuating that?
There is absolutely nothing wrong with GH stopping that and it's very wrong to insinuate otherwise like OP is doing.
Wouldn't be surprised if GH would permaban him.
I don’t want to quibble with the term “abuse”, because I think in this scenario it depends on whether intent is a factor and whether we should trust their stated intent. But depending on how you look at it, GitHub would be just as likely to benefit from hiring the author as they would from banning.
It's a wordplay to call that anything else than abuse.
For what purpose?
Creating an infinite loop that updates a file and commits it is hardly worthy of a job offer.
I'm reminded of a time in high school where my friend almost got himself banned from the school computers.
At home he had dial-up internet (it was 2003 and he lived in a very rural area). But at school he had megabits of bandwidth he could (ab)use. So he started pirating everything on the internet using a computer nobody ever used in a side-room of the library. It ran 24/7 downloading his long list of desires: games, movies, tv series, etc. He stored his spoils on his network drive, which had no limits on how much it could hold (until he got caught). He'd occasionally bring in a hard drive, copy everything that fit on it and bring it home with him on the school bus.
But all good things must end.
The network admin for the school board eventually came by and sat him down. He showed my friend a pie chart where, as he described it to me, "my name was on the portion that took up more than 2/3 of the pie". After a conversation, all the data got deleted, my friend got a stern warning, and somehow didn't get into any worse trouble than that.
I don't get this attitude. Shit happens, we talk about it, we don't do it again. Not everything needs to have dire consequences.
Note that the message only said “the potential to affect other users”. I would expect a professional service to catch such things before it actually affects other users.
The editor of the magazine almost stopped the contest because he worried that someone might actually win real money and the magazine would be on the hook. But the author reassured him: human nature being what it is, the winning number is going to be not only larger than 1 million, but much larger than you can imagine.
And so it was. The winning number was (IIRC) some tower of exponentials that would take most of the universe to write out as decimal digits. The SciAm budget was safe.
If readers had coordinated somehow, they could have won a million dollars from SciAm and divided it among themselves. They might have made a hundred dollars each. But the author knew that such coordination would be impossible. Human nature would not allow it. Someone, somewhere, was going to send in a ridiculously large number to win. Classic Prisoner's Dilemma.
The GitHub case is the same. Human nature being what it is, someone, somewhere is always going to try to push the limits. As the developer of a SaaS development platform, this is something I'm taking to heart.
They could have been in quite some trouble!
https://clintonwhitehouse3.archives.gov/WH/glimpse/president...
So even if people were to try, I don't see that being a big bother. Not that it's not malicious to do this now
Monorepo's in particular could be impacted
1. Some HN users might/could have been personally inconvenienced by OP's action and they prefer resenting him rather than GitHub for whatever reason
2. Many HN users get paid a lot to work on SaaS themselves, so seeing a peer (however big it is) get abused for (what appears to be) entertainment is terrifying to them
I think this is exactly why it's great, and it's basically turned into a GitHub advertisement. Either GitHub is simply unable to handle weird abuse methods and/or the abuse prevention is improved.
As an enterprise, wouldn't it be a bit concerning if your git host was unable to function (or respond appropriately) when presented with a random script kiddie?
This person didn't have bad intentions, but other people out there most definitely do.
dont fuck with shit I use.
This just doesn't seem right to me. Why? Its obvious at some point you'll harm the service. If the goal was to test it, why not try locally with git.
This is also how I feel about the Tor project getting their knickers twisted over people who do research on the live network. If the network can't handle it, then it's not resilient to attack. Asking people nicely not to do stuff that degrades your product will not make the product suddenly anti-fragile.
A service is offered for free, with no documented limits or restrictions, so you push the service to its breaking point... Just to see what happens?
Because you can't. GitHub is not open source, you'd need to steal the source code to try it locally. This comment is for educational purposes only, not trying to give OP ideas!!1
But you're right in spirit of course. Would be more interesting to install Forgejo/Gitea, GitLab, GitWeb, gitolite, TortoiseGit, etc., test them on various limits, and write that up in a nice blog post for magic internet points.
The "(and git)" portion can of course be tested locally. What OP will find out is that there is no more inherent limit on the number of commits in a repo than there is an inherent limit in the number of nodes in a linked list.
You can go on forever till you run out of disk space. Possibly repacking will eventually require more than available memory.
It's obvious that the author is lying about that part, he only wanted to push GitHub to its limit, but he did say git:
> I decided to see how many commits GitHub (and git) could take before acting kind of wonky. At ~19 million commits (and counting) to master: it’s wonky.
Test the behavior of git locally, without testing GitHub.
That’s not obvious at all. One would expect a professional service to have limits in place to prevent any negative impacts.
Linux[0] itself has about 1.2 million commits, so apparently Linux is within an order of magnitude of bringing GitHub to it's knees?
Part of the GitHub response afaik included the info that they went as far as they could with dedicated and beefier servers but asked for a software fix.
I would think that if GitHub anticipates a normal repo growing this large they can give it the special treatment
I rather know the rule: by good engineering, you can modify a system to handle a one magnitude increase with respect what it was designed for. As soon as a two magnitude increase can occur, you better redesign the system.
Entitled much? The author should be happy GitHub didn't just ban them for violating the ToS and intentionally trying to break things.
I think the sentiment here shows the current state that software engineering has devolved into. It’s a 9-5 where you put in minimal work and get mad when someone breaks your system because you might have to do an hour of work to fix it on your weekend.
This account basically subscribes to thousands of repositories and monitors all activities. I am suspecting this account is harvesting user activities. I am not sure why GitHub allows this type of data harvesting.
To be honest, this is why companies also should not discourage this. Imagine if a malicious group did it with multiple users at the same time. At least now they will have pro active alarms for it.
