This doesn’t surprise me at all… Just like bots in games. Selling a service that benefits another. Its shady, but definitely believable.
Also, what if this is an actual viable way to “market” for an open source project?
Also cybersecurity implications here. Nefarious actors can prop up their evildoings with fake stars and pose as legitimate projects.
my first thought. I usually rely on stars for “trustworthiness” of random projects before running their code.
I almost commented something like “thats extremely overpriced, why dont you set up a raspberry pi to do it for you for free” and then i realized the people who could do that dont need fake stars.
Automation. You replace the user with a script that does everything. Not that hard. Captchas dont really work anymore with ai, and you can pay people to do it for you for a fraction of a cent instead of the absurd prices listed.
But you still need the user accounts. Which must be created and are verified by email. Then you have to generate tokens for them to call the api endpoint to add the star. I’m not saying it isn’t doable, but it would be non-negligible and GitHub is going to squash you back at some point creating all those accounts from one source.
On the one hand, one Raspberry Pi would not really suffice. As @theherk@lemmy.world argued, you would need legitimate email addresses, which would require either circumventing the antibot measures of providers like Google or setting up your own network of domains and email servers. Besides that, GitHub would (hopefully) notice the barrage of API requests from the same network. To avoid that and make your API requests seem legitimate, you would need infrastructure to spread your requests in time and across networks. You would either build and maintain that infrastructure yourself –which would be expensive for a single star-boosting operation– or, well, pay for the service. That’s why these things exist.
On the other hand, although bad programmers might use these services to star-boost their otherwise mediocre code, as you suggest, there are other –at least conceivable, if not yet proven– use cases, such as:
- the promotion of less secure software as part of supply chain attacks, with organizations sticking to vulnerable libraries or frameworks in the erroneous belief that they are more popular and better maintained than alternatives, for example;
- typosquatting; and
- plain malware distribution.
What is Twidium’s deal? They are the most expensive and take the longest.
I think you’re joking, but if their accounts dont get banned immediately and the stars removed a week after you pay, then their stars are actually the bestest
There’s a chance their stars take so long because they might be using click farms to manually generate them which would be harder for spam detection to catch compared to generating stars with bots and hacked accounts, since technically there are actually x many people actually giving you stars, they’re just being paid to do so.
Can we get a nice chart for Upvotes on Reddit costs? Asking for a friend. /s
I am not a programmer. But I have been using github as an end user for years, downloading programs I like and whatnot. Today I realized there are stars on github. Literally never even noticed.
The stars are more important when you’re a developer. It indicates interest in the project, and when it’s a library you might want to use that translates into how well maintained it might be and what level of official and unofficial support you might get from it.
Other key things to look at are how often are they doing releases and committing changes, how long bugs are left open, if pull requests sit there forever without being merged in etc.
And if the developers were to give up on the project, how likely it would be for someone to fork it and continue.
An experienced developer could easily step in. The hold back is getting compensated for the effort rather than being forced to turn tricks on the local street corner (aka work a job).
This is why devs are walking away.
Companies offering jobs to maintainers rather than directing funding at them is nonsense. Gov’ts and companies will wake up as cracks start snowballing in their tech stack.
That’s unfair. Throwing out FUD doesn’t make it true.
Why be in a rush to judge? Might wanna watch some projects which have used this tactic.
Might be legitimate projects are willing to do whatever to attract eye balls.
Just for shiats and giggles, keep an open mind.
Closed PRs and Closed issues?
What if it’s a side project with 1 star, 0 issues (because no one made any) and no PRs because no ones done work on it?
