This doesn’t surprise me at all… Just like bots in games. Selling a service that benefits another. Its shady, but definitely believable.
Also, what if this is an actual viable way to “market” for an open source project?
I almost commented something like “thats extremely overpriced, why dont you set up a raspberry pi to do it for you for free” and then i realized the people who could do that dont need fake stars.
On the one hand, one Raspberry Pi would not really suffice. As @theherk@lemmy.world argued, you would need legitimate email addresses, which would require either circumventing the antibot measures of providers like Google or setting up your own network of domains and email servers. Besides that, GitHub would (hopefully) notice the barrage of API requests from the same network. To avoid that and make your API requests seem legitimate, you would need infrastructure to spread your requests in time and across networks. You would either build and maintain that infrastructure yourself –which would be expensive for a single star-boosting operation– or, well, pay for the service. That’s why these things exist.
On the other hand, although bad programmers might use these services to star-boost their otherwise mediocre code, as you suggest, there are other –at least conceivable, if not yet proven– use cases, such as:
- the promotion of less secure software as part of supply chain attacks, with organizations sticking to vulnerable libraries or frameworks in the erroneous belief that they are more popular and better maintained than alternatives, for example;
- typosquatting; and
- plain malware distribution.
Automation. You replace the user with a script that does everything. Not that hard. Captchas dont really work anymore with ai, and you can pay people to do it for you for a fraction of a cent instead of the absurd prices listed.
But you still need the user accounts. Which must be created and are verified by email. Then you have to generate tokens for them to call the api endpoint to add the star. I’m not saying it isn’t doable, but it would be non-negligible and GitHub is going to squash you back at some point creating all those accounts from one source.
Why would it be? Software is good based on it’s use and recommendations from real folk, not *s. Many project not on github
Yeah, I’d argue that the project can be good and not widely used. Do you think that there are projects with real use case and are great open source software and not widely used because its buried under the *s?
It could be a relatively inexpensive way for niche marketing. Especially if the developer has a payment option with the software. Probably a decent way to get the software out in the open for profitability, no?
From a pragmatic standpoint, yeah it would accomplish that goal. However, that discounts the intended purpose of the stars, which is to represent an individuals attribution of personal value and trust. They lose significance and become misleading if you can buy them, which holds true even for good software. When we see a github star is should represent someone who has used the software, finds value in it or who respects and trusts the project.
Just trying to play a little devils advocate. Not saying that its ethical to do it, but if morals/ethics don’t play a part in the decision, it could prove useful. Besides, I’d imagine that its already being extorted pretty heavily if there’s that much competition for sellers, hah.
But stars equal discoverabiliy, or at least contribute a good chunk to it.
Well for me personally if I am seeking an application to solve a problem and there are 2 comparable options which are on github, I will first try the one with more stars. Especially if there is a large discrepancy.
When I compare a github vs a non-github project I take into consideration that the other code forge has fewer users, and also I generally prefer devs who take the initiative to get off github. So I will usually give them a go unless the project is too incomplete/stale/inactive.
There is a clear situation in Foss( even more in self hosting) where projects are presented as free open source but they are intended to monetize at the end and use the community help for development.
Can you give examples of this? What is the coat to the end user? Hardware, IT-services (VPS, and alike?) or like map providers using OSM data?
Isn’t this kinda what the controversy around the ElastiSearch licensing change was about? I think people have had similar frustrations with HashiCorp software, but I don’t know the details.
In my opinion that was a little different. The enterprise was using the software basically, contributing nothing but selling services around it. The licence was meant to force them to help out monetarily from what they were making off it. But rather than do that Mason forked it and now have to support their own imp with their own devs.
If I understand them correctly, @geography082@lemm.ee’s point is not that it is wrong to monetize FOSS, but rather that companies increasingly develop open source projects for some time, benefiting from unpaid work in the form of contributions and, perhaps most importantly, starving other projects from both such contributions and funding, only to cynically change the license once they establish a position in their respective ecosystem and lock in enough customers. The last significant instance that I remember is Redis’ case, but there seem to be ever more.
Why a real person would star a project? When I star a project then my GitHub home is littered with activity from that project. I hate that, so I never star anything
open collective has a minimum star limit to signup.
But they accepted our project even though we didn’t meet it. I always thought it was silly, and was glad they were flexible.
