Joel, I can’t speak for github, so I’ll speak for myself.
I think the account name has a potential to cause public confusion. This may result in negative consequences to github, the github community and the public itself.
This is immaterial to you. Let it go.
(For anyone who likes analogies, it’s like having a “dummy corpse” on the front lawn, left over from halloween).
The username is malware. Github does not namespace user profiles, so the link to the account would be https://github.com/malware . There is no Github user with the name "about". If you go to https://github.com/about it is not a profile page, but a page describing github itself. I assume that github may want to make a page describing malware.
They don't need a specific EULA for this. They can terminate your account at any time, for any reason [0]. The downside of them giving easy, memorable /paths is that you're subject to this sort of thing on occasion.
Yelp has something even more uncomfortable to maintain - custom subdomains [1]
If my username is preventing them from creating a /malware page, I'd have no problem at all with that explanation; their lack of namespacing is convenient, but can cause these problems to occur.
But why hide behind the shroud of "privacy and security" if that is the case? I'd happily relinquish (not that I have much choice in the matter) the name if it was a namespace clash.
> Just one of several examples why they don't owe you a reason.
Of course they don't owe me a reason; when does a corporation ever owe you a reason for most things it does? It doesn't stop us from asking for answers.
I agree. I just wanted to know! But, as the replies on this post have shown, the only thing you get for asking questions that you don't have the answer to is vitriol and ridicule on HN.
I write technical posts that require lots of experimentation, time and research, and no one gives a shit. I write a rant-y blog post on Friday night about something trivial that I found frustrating and suddenly I'm a moron with an IQ the size of my shoe that is a waste of human life.
Used to be nice around these parts. Unfortunately, it is rapidly going the way of Reddit. I have yet to find a community that allows downvoting to remain a nice place. Sooner or later, the quality of conversation goes downhill.
The "CA ownership verification" ones are a bit excessive.. 'admin', 'administrator', 'webmaster', 'hostmaster', or 'postmaster' are the currently permitted localparts for domain validation. (From 3.2.2.4.4 of https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-...). It was more 'CAs make up their own scheme' in the past though but thankfully that's been reigned in.
Even before I got halfway through the article, I knew I'd see the ever-present "due to privacy and security concerns" garbage.
If a company is contacting a customer, don't play that line. Be honest. If the reason why you can't be honest is due to embarrassment, don't phrase it as a request. Mealy-mouthed language about empty, unverifiable platitudes is not only pointless, it's insulting in a technical context.
So they are working on an (updated?) internal blacklist of usernames IMHO. Seems annoying but not nefarious. I would shrug, take the offer, find a new username and move on.
Isn't the logical solution to this prefixing user urls with something like /u/ or /user/? Off the top of my head I can think of reddit doing this but I suppose for github the downside of this is it would break a huge number of existing links. One of those slightly un-winnable situations unless you think of it from the start I suppose.
I think unprefixed user urls was the right decision; I love GitHub URLs and how easy to manually type they are. I can imagine user urls are typed more often than info page urls.
Also, they could always just prefix their pages instead. (ie, github.com/about/xxx, github.com/info/xxx).
I really hope they don't prefix user urls. Github is one of the only sites I can navigate by just typing in the name of url. It also makes git tasks at the command line easier.
This reads like a "play stupid games, win stupid prizes" kind of situation. Why would you ever want to name yourself malware, let alone to use it "with the intent of working on some new open source stuff"? From both a professional and personal point of view that's an asinine decision.
I'm going to have to side with GitHub on this one.
EDIT: Not really sure why downvotes (-2 at time of this edit update) are heading my way here, mind chiming in and contributing to the conversation then?
> Why not? What about the (currently in use) github user names such as `hacker` or `virus`?
Not sure, but I wouldn't be shocked if they are at risk themselves, those aren't exactly great either. I'm also not GitHub, nor do I care if they end up getting in trouble for those names either.
> The whole point of the account was to publish things that I didn't deem worthy of my other accounts.
Then you shouldn't really be concerned what is or isn't your GitHub username then.
> Having a terrible name was kind of the point.
And thus "play stupid games, win stupid prizes" ended up being the result. QED.
I think if you use the username malware, I think you should expect this kind of stuff. It's not atypical for a company like that to have references to malware that might interfere with your username.
Github is totally within their right to hold this close to their vest for whatever reason, I don't see the big deal with it.
Where does the line get drawn the OP asks? I'm unsure, but I believe in Github to make a smart call there. Not every situation is a slippery slope to facism / dictatorships, and I'm unsure why many things nowadays are described with this sort of notion attached to them.
Definitely feel like I wasted time reading this whole thing, and now wasted time posting, and now I'm sad.
> Github is totally within their right to hold this close to their vest for whatever reason, I don't see the big deal with it.
True, but github could have avoided this kind of issue all together by putting all accounts under a different namespace or domain. In fact that's what they should do now to be "future proof". I don't understand why would any business think that domain.com/username is the right thing to do.
Yea, since you know how to make the perfect products, perhaps you should just take githubs money.
Edit: To clarify, looking back it's simple to just make such assumptions. But many popular sites have existed off of this model which github holds such as facebook, twitter, myspace back in the day IIRC. I'm not saying Github made the perfect decision at the time, but they didn't make a foolish one necesarily given the landscape of how user based sites have existed.
Hindsight is always 20-20. This is the way at least two major websites (Twitter, Facebook) work, and it appears to have more customer benefit than not.
it seems like too much fuss over a small request for a product that the author is not paying for. Github seems to have made a polite request and offering one year free service on his professional account. is there a reason to even post about it? moreover, the username is not just a regular username, it has special connotations on how others perceive it.
Seriously? This guy spent far too many words wasted speculating about something that is transparently obvious. https://github.com/malware speaks for itself. The Github rep should have said - "Dude, name yourself malware and you're surprised stuff like this happens? Try changing your name to NULL and see how that works out for you."
I'm not sure I understand your comment. I could not find github's username blacklist, so I don't think it's "transparently obvious", but if there is a blacklist feel free to share it.
Why is everyone looking for reasons be outraged all the time? Github don't owe you an explanation for asking to change your username for whatever reason (even though it is obvious in this case) on a free service that you have been using.
Who said I'm outraged? If you read the post I made, and the emails I sent, I do believe I come across as measured. At most, slightly frustrated.
This doesn't outrage me in the slightest.
> Github don't owe you an explanation for asking to change your username for whatever reason (even though it is obvious in this case) on a free service that you have been using.
Of course they don't owe me an explanation. But does that stop me from trying to figure it out with a public blog post?
And what if I had been a paying user for the `malware` account? Would that suddenly make this forced name change not okay? I've paid Github probably north of $1,000 over the lifetime of my personal account. Would that make a difference?
Some other possibilities as to why off the top of my head:
Github has been served with a confidential court order, warrant etc that requires this.
Github has a confidential contract with a large company or government entity and they are requiring this as part of that contract.
A piece of existing malware in the wild points to this address for a possible command and control server or verification that it's in a VM or whatever, and they want to deal with it, like that guy that registered those nonsense urls.
> Github has been served with a confidential court order, warrant etc that requires this.
I thought of this, but figured since the account was essentially bare of public activity it was low probability.
> Github has a confidential contract with a large company or government entity and they are requiring this as part of that contract.
An interesting idea!
> A piece of existing malware in the wild points to this address for a possible command and control server or verification that it's in a VM or whatever, and they want to deal with it, like that guy that registered those nonsense urls.
Very possible, although putting 'malware' in your CnC endpoint name might not be the brightest of ideas :)
I think the account name has a potential to cause public confusion. This may result in negative consequences to github, the github community and the public itself.
This is immaterial to you. Let it go.
(For anyone who likes analogies, it’s like having a “dummy corpse” on the front lawn, left over from halloween).
reply