All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
This doesn't surprise me at all... Just like bots in games. Selling a service that benefits another. Its shady, but definitely believable.
Also, what if this is an actual viable way to "market" for an open source project?
You can buy any metric on the web. Amazon reviews, YouTube subscribers and likes, X followers, Reddit karma, …. I am not surprised that GitHub stars are one of them.
how is twidium managing to charge so much more?
Their stars are hand crafted from raw virginal pixels by blind monks using only their toes.
On the Caveat Emptor ("Let the buyer beware") side of things, I look at other metrics well before I rely on stars.
How many contributors does it have? How many active forks? How many pull requests? How many issues are open and how many get solved and how often and how lively are the discussions? When was the last merge? How active is the maintainer?
Stars might as well be facebook likes imo: when used as intended, they didn't say much more than "this is what the majority of people like" (surprise, I'm on lemmy bc I have other priorities than what's popular), now they mean nothing at all.
Why a real person would star a project? When I star a project then my GitHub home is littered with activity from that project. I hate that, so I never star anything
you can turn off notifications from starred projects
Amazing. Good thing I don’t use GitHub :)
Programming never needed these sorts of social media features in the first place. Do you part by getting your projects off of Microsoft’s social media platform used to try to sell you Copilot AI & take a cut of your donations to projects with Sponsors.
For reference, there is codeberg.org, operated by a German nonprofit and based on the open source Forgejo, among other open alternatives.
I like hub.darcs.net & smeder.ee myself. Git is overrated.
Git is overrated.
That's interesting to read; I wasn't even aware of the existence of Darcs — or any other alternative to git supposedly worth considering, for that matter. Would you elaborate on it?
Pijul is also worth looking at.
Fundamentally anything with a snapshot-based model is reliant on patch order mattering. As such you always end up with some centralized server. Pijul & Darcs are based on Patch Theory that says if Patch B is applied before or after Patch A assuming there is no conflict or dependence, it should not matter in a communicative way—that is to say the 1 + 2 ≡ 2 + 1. You can avoid a series of conflicts & better support a distibuted/decentralized development model if the order doesn’t matter.
Federated repo hosting website when?
Radicle can do it presently but a lot folks dismissed them since they worked on cryptocurrency stuff independently. Weird thing to be hung up on considering they were separate endeavors, but folks are fickle.
I am not a programmer. But I have been using github as an end user for years, downloading programs I like and whatnot. Today I realized there are stars on github. Literally never even noticed.
The stars are more important when you're a developer. It indicates interest in the project, and when it's a library you might want to use that translates into how well maintained it might be and what level of official and unofficial support you might get from it.
Other key things to look at are how often are they doing releases and committing changes, how long bugs are left open, if pull requests sit there forever without being merged in etc.
And if the developers were to give up on the project, how likely it would be for someone to fork it and continue.
If you’re trying to peddle malware then it’s a way to fake popularity
That's unfair. Throwing out FUD doesn't make it true.
Why be in a rush to judge? Might wanna watch some projects which have used this tactic.
Might be legitimate projects are willing to do whatever to attract eye balls.
Just for shiats and giggles, keep an open mind.
I was pointing out a use case
Tbh I never look at stars, but do at prs and issues
Closed PRs and Closed issues?
What if it's a side project with 1 star, 0 issues (because no one made any) and no PRs because no ones done work on it?
More so if spme software had dozens or hundreds of open issues/PRs for months that never get looked at I'll look elsewhere
Don't want unstable dependencies
Really does depend on what we are talking about. Some random software that is not critical? Sure. Some system breaking library that would take down my servers in case of malfunction? No bueno.
Throwing out FUD.
The stars reflect the marketing effort put in. Has no correlation to the software quality or whether it's critical or not.
Initially, the stats will reflect amount of marketing effort put into the project.
The marketing will attract both users and a flow of issues and PRs.
I've done zero marketing for my packages. And it shows ;-)
Also cybersecurity implications here. Nefarious actors can prop up their evildoings with fake stars and pose as legitimate projects.
my first thought. I usually rely on stars for "trustworthiness" of random projects before running their code.
Ironically an open source project with under 100 stars now seems more trustworthy by default because you can be sure they aren't lying
I almost commented something like "thats extremely overpriced, why dont you set up a raspberry pi to do it for you for free" and then i realized the people who could do that dont need fake stars.
On the one hand, one Raspberry Pi would not really suffice. As @[email protected] argued, you would need legitimate email addresses, which would require either circumventing the antibot measures of providers like Google or setting up your own network of domains and email servers. Besides that, GitHub would (hopefully) notice the barrage of API requests from the same network. To avoid that and make your API requests seem legitimate, you would need infrastructure to spread your requests in time and across networks. You would either build and maintain that infrastructure yourself –which would be expensive for a single star-boosting operation– or, well, pay for the service. That's why these things exist.
On the other hand, although bad programmers might use these services to star-boost their otherwise mediocre code, as you suggest, there are other –at least conceivable, if not yet proven– use cases, such as:
shouldn't this sort of thing destroy your algorithm ranking
Github is very naive and has 0 protection against spam-stars and multi-accounts.
Yes, and its strange
There is a clear situation in Foss( even more in self hosting) where projects are presented as free open source but they are intended to monetize at the end and use the community help for development.
This happened in the earlier years of Android. Developers were FOSS until people helped them get the app to a polished state. Then close it and charge money. Make a big push to promote the paid app.
Also, what if this is an actual viable way to “market” for an open-source project?
I am fortunate enough to not market my stuff:
If somebody finds and can make use of it. Great.
In the other case who cares? Didn't hurt or cost me anything to publish it.
Fake GitHub stares have other implications: Typosquatting is a real issue and fake stars make it more convincing that it is the genuine project.
What is Twidium's deal? They are the most expensive and take the longest.
Obviously their stars are the bestest
Got to make it look organic and viral.
Its not good that some of these are instant. I guess they try to make it look organic.