gelstudios / gitfiti

abusing github commit history for the lulz
MIT License
8.07k stars 1.12k forks source link

has this been brought to github's attention? #30

Open nmccready opened 8 years ago

nmccready commented 8 years ago

Cool project.

From a security / ethical standpoint:

I only bring this up as many companies check Github and look at things such as this to see if a user is actually an active dev. This basically makes the history checking invalid by either false positives or the other way around. Basically I think it devalues what a person's profile history means.

I am not attacking this project this is mainly to start a friendly discussion on what github should or should not do.

stuntguy3000 commented 8 years ago

I do not believe anyone in a situation where a company would review a GitHub profile, would be using this application.

nmccready commented 8 years ago

Right but what if the were doing something like https://github.com/ben174/gith draw where you could make up a false active diagram.

nmccready commented 8 years ago

https://github.com/ben174/git-draw/issues/1

gelstudios commented 8 years ago

It absolutely devalues one aspect of an account's "profile history", and that the point of manipulating the graph for laughs. It might help to know that only an authenticated user can see commit graph activity from their own private repositories. So to any other user viewing profiles, an empty or near empty graph is not an indicator of much.

I understand your concern, but what better way to demonstrate that the commit graph is a not an indicator of a profile's importance? Hopefully someone who sees gitifi style art in the graph will immediately realize that they should take it with a grain of salt, and instead read the code.

Ethically? As for GitHub's stance on the matter, I haven't heard any complaints. At least one GitHub support engineer is aware of this toy/tool, as I did have to ask for my commit graph to be re-built a few times in the early days of gitfiti. Their response was positive: "Looking good!"

nmccready commented 8 years ago

@gelstudios cool, when I say ethical I am just stating the possible intent of someone to falsify there history.

Sylvain303 commented 8 years ago

It's the purpose of hacking!

Having new stuff from such thing that where not designed to perform it at the base. Human is naturally cheating, for fun or for profit. So @nmccready of course you're right, but… what? Should we stop developing GPLed software because it could offer opportunity to evil people to steal them for bad purpose. I don't think so.

Be permitted to cheat our account's "profile history", it is just reallity, and it's really cool! That's the first thing I thought when I saw the github's history diagram: "it would be cool to draw pixel diagram here!"

Thanks @gelstudios to bring that dream to life! Just awesome! ;)

nmccready commented 8 years ago

No, hacking of course is good and it points out flaws in github's APIs. I am just merely bring this up so github takes note and possibly patches it. Whats the point of github's stats if their false?

Sylvain303 commented 8 years ago

@nmccready, I do not agree.

Hacking is good! Don't confuse with cracking done by evil pirate. Hacking is more an art and a natural freedom of creativity.

You can hack your harddrive for example and play music with it. It was not designed to be a music instrument, but keep in mind that some people have the freedom to use it that way. :smile:

You can hack the Linux kernel to produce a driver for your favorite toaster… etc.

I personally think that this kind of hacking (art of doing cool things with unpredictable stuff) offered by gitfiti is really funny and don't hurt anything.

Cheater if any, will be discovered sooner or later…

You may be interested in The beauty of data visualization - David McCandless - YouTube :wink:

Walkman100 commented 8 years ago

The importance of a comma. I'm pretty sure @nmccready meant No, hacking of course is good

eneko commented 8 years ago

Trusting the GitHub chart as a reliable "profile" is never a good idea. Anyone using github-pages for a personal website or blog will appear as a highly active developer, while they might be just writing articles.

Instead is much better to look at the profile commit history and projects contributed to.

eneko commented 8 years ago

The chart also does not display to contributions private repositories (unless the viewer has access to them). And, if your replies transferred to a new organization, you loose your history on it.

It is just a chart :)

SCKelemen commented 8 years ago

How would GitHub stop this anyway? They have to allow commits in the past, for commits that actually happened in the past. I don't see GitHub's API as being wrong. It's just not they way it was intended to be used. I really don't think GitHub will have a problem with this, either. Each repo is owned by the party that creates it or otherwise owns it.

SCKelemen commented 8 years ago

Trusting the GitHub chart as a reliable "profile" is never a good idea. Anyone using github-pages for a personal website or blog will appear as a highly active developer, while they might be just writing articles. Instead is much better to look at the profile commit history and projects contributed to.

I hate when people use GitHub for this. I am a developer, but I have few code changes on GitHub. Most of the code I work on is proprietary, or on another source control system. How does this make me any less of a developer than GitHub users?

Sylvain303 commented 8 years ago

You're right, it's the common way of how people misunderstands diagrams.

Some time we are even betrayed intentionally by some diagram, some view of such or such data. Does it already happens to you?

Don't believe what you see or ear blindly, dig and doubt reasonably about what is shown to you, especially if it sounds false.

That's especially why this kind of hacking is good, as a reminder. It reminds you that this diagram it not all. It is not a proof that this particular developer is better or not. It is just a diagram. Controlled by github in this case, which displays some information.

So, should we worrying about stopping such reminder, such game? Is our effort at the best place? Is this hacking an expression of freedom, or some evil oriented manipulation? What does it teach us?

From my current knowledge, I would say in response to @nmccready's initial question: Yes, this project is cool, and it respects both security and the ethical standpoint. By providing us a reminder of our freedom and open our ethical perspectives, as opensource software always did.