Repo seems to be gone? User action or GitHub action?
Regardless, for visibility as to maybe-why this happened, here are screenshots of the user editing comments to insult/make them say something they never did;
That's a useful feature for long-running issues to include updates in the opening post. Or to improve formatting when a bug reporter isn't familiar with markdown.
And that it shows in the edit history should at least discourage abuse.
The vanishing small percentage of people that would actually check a comment’s history are the same people who would check a Wikipedia entries history.
At a bare minimum, the post should have in big bold lettering: Edited by <user_name>.
Allowing the maintainer to prepend a comment to the top seems more sensible to me to be honest. Would make API use harder potentially, but it would avoid weird abuse like this.
github is meant for collaboration, designing it around adversarial use would be a loss for everyone. Adding a function to report absusive edits rather than an entire post would be a better choice imo.
Report to whom? Github, who allows the behavior and therefore doesn’t see anything wrong with it, or the repo admins who have proven they they couldn’t give a rat’s ass about the very thing you’re reporting? The well is already poisoned, there is no reason to think that they’d suddenly change their stance and cooperate.
In this case at least, github (most probably) banned this account, presumably after reports. There are also other stories for github banning accounts for pr trolling kind of behaviours. So not sure if everything is perfect, but at least there are cases such things work.
reporting abusive edits requires moderation/arbitration. the rules can instead be changed to sidestep the issue, while maintaining the value of the feature.
No, that's not obvious at all. A single event is evidence that some abuse still happens, it does not tell us how much more abuse there would be in the counterfactual where the history wasn't available.
I get what you're saying, but I feel like they should highlight comments in some way if a repo admin completely replaces a comment with different text. I'm struggling to imagine a situation where that would really be appropriate. The "Edited by: username" seems too easy to overlook.
I maintain the formatter for Dart, so a lot of my job involves maintaining the issue tracker for the formatter.
I use this feature all the time. Users get Markdown wrong, give titles to issues that don't make any sense, have typos, etc. Being able to edit issues helps me keep the issue tracker easier to understand and navigate for maintainers and users.
Every feature can be used. That doesn't mean every feature should not exist. The fact that the edit history is still visible means it's next to impossible to abuse the feature. It works fine.
Markdown is pretty tricky for new users to figure out, so quite often, users will just paste big snippets of code without formatting them, which is nearly unreadable. I'll usually edit these posts to add ```backticks``` around any code.
This is particularly useful when editing the top-level comment of a popular issue to specify the current status. Or when a peer opened a placeholder issue and you fill it up. Etc.
If you actually use GitHub as a social network of sorts, there are many reasons to do edit comments. All the edits are visible anyway. You're on Git-Hub, you can already edit everything you have write access to.
That also means that some users will be pressured to censor illegal speech no? If you live under e.g. a regime that disallows or discourages criticism, now suddenly the onus is on you to do something about those comments because you have the ability to. If you couldn't edit the comments it's not your fault.
Either way I think it's a pretty stupid feature the way it's implemented; it should show the edit more clearly or indicate that the comment has been written by multiple people (like StackOverflow does), especially if edits change more than e.g. 10% of the original comment.
The responds and edits are simply unprofessional and immature. I don't hate AI and in fact I use it for many research based tasks, helping me narrowing a lot of tough topics, but it is the People with these kind of attitude turns me off.
Exactly, being dishonest is the real problem here.
Luckily, every edits are recorded in history, so they can't really hide their abusive behavior, for now. Even if they did, seem like there are often people faster in archiving their posts than they hiding their post.
I think the open abuse of people raising issues with the project is morally worse than the license issues or even lying about AI usage. Fraud is already bad, but someone can do that for reasons other than pure mean-spiritedness. To pull this nonsense, you have to actively take pleasure in making other people feel bad.
Did you make up A-Lot-AI? Can I suggest "A-Lott-a-AI"?
If you did, this is the greatest thing created in 3 ABC ("After Bullshit ChatGPTification";
ChatGPT launched in 2022.).
NB: Since ChatGPT is basically the new Messiah for many, I really think we should now be using dates like 3 ABC or 5 POS. POS stands for "Prior to Overlord Slop/Shit". I suggest we give up AD/BC.
But, please, I'm not the messiah! (hopefully you have watched Life of Brian!)
Had a conversation with the Zigbook maintainer. It’s either a young kid or somebody that has some serious growing up to do. Just generally weird behavior.
Indeed: @zigbook changed the title "Fix license violations" "Im mad because you wrote code similiar to mine >:(" 3 minutes ago (https://github.com/zigbook/zigbook/pull/43)
At one point they added a “R******D COMPLAINT” (censored for HN) ticket sticker to… idk, oppose AI-use accusations? Somebody seemingly talked them down from it though. Just bizarre. Like watching a midlife crisis through GitHub issues.
I really loved this PR, very fair, appropriate, sensible, proportionated; masterpiece! Could easily be used as example in all git commit writing guides around (half-joking).
I could sort of understand it if the PR used all sorts of judgemental/accusatory language or something. But it doesn't; it's straight-forward and factual. Outright bizarre behaviour.
By that token, is the harmed party here also immature? Also do you work at GitHub and did he hurt your feelings by... being dead accurate as to several engineering failures?
I mean, focus on whatever you want, but he hasn't done anything Linus Torvalds hasn't done (at least similar enough).
Sadly the important information, what was actually edited, isn't part of that mirror. (It's async fetched by the ui when clicking on the edit information on GitHub)
I reported it to Github, supplied links to the edits and to this HN thread. The canned response was:
"Our review of the account(s) and/or content named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response."
It took 2h40m, genuinely impressed how quick the turnaround was :)
"Quick research - author's actual profile is https://github.com/zk-evm, and he's a potential scammer from crypto spaces, who also happens to be running fake GitHub Organisation of the Cursor editor, along with related BuyMeACoffee claiming it being official page of the "Cursor AI Editor"."
Well, the name of the "real" account is "zkevm.dev", and the previous account was zk-evm. Those are just letters to me, but it does seem like a clear link. Couldn't say that either is "real", though.
But copyright infringement is a legal wrong (a civil liability).
Is what they're doing infringing on a copyrighted work? Or does it fail to uphold license terms? Many open source licenses have some amount of attribution as a requirement, so that'd be something to consider.
I genuinely believe more people violate permissive licenses than copyleft license. I have no data to back this up, but just look at how much people focused on if LLMs were violating the GPL by reproducing code covered by the GPL without reproducing the license. If LLMs violate the GPL, they violate all licenses besides ones that are effectively public domain.
This probably depends on country, but AFAIK in most of europe, even in public domain, the „you can’t pass another’s work as your own” part of copyright is still active and doesn’t expire.
This piques my interest, what is the legally required recognition of a derivative's parent work? Must I be able to list dependencies, or should I be able to verify whether a parent work is included in mine? What if my work is a second derivative of a work which I am unaware of, because the work in between improperly didn't recognise its parent? Am I legally responsible to investigate such cases?
AI is actually beginning to encourage "restricted source", public-only-gets-binary debates to simply avoid such legal issues.
Write a snail-mail letter to get the real sources. Repositories are private with a small well-vetted list of contributors. Also avoid slop-PR headaches that away.
Sorry, this sounds like the absolutely worst idea ever. The way to kill open source as such. Sloppy PRs will end when the idiot HRs release there is no value in them. Plagiarism isn't really anything new and AI doesn't really change much there. But adding friction to examining source is a sure way to make no one care to contribute.
Honest question, what are "HR"s? I only know that acronym for "Human Resources" and I don't understand how that has anything to do with code contribution
If you were licensing MIT, ostensibly it’s not the copying you care about, just the attribution. There is always the option to turn off prs, or even distribute code without using github.
I just can't get over how ridicioulus the "no ai" statement is.
I really love the part where llm.txt has the same notice, something humans will never read, or the fact that llm.txt exists considering that there is distaste for AI in every part of this llm generated book.
The "no AI" statement reminds me of the Chinese idiom: "there are no 300 taels of silver here" (there is no money buried here). It's a clumsy way of denying something.
"Not generated by AI" is something that every programmer everywhere is going to say about their own work, even when it's obviously AI generated. I've started to publicly call people out when I see they've posted something on social media (LinkedIn, etc.) when I see they've made an AI-generated post. The fraud has to stop.
I'm not ashamed to use AI if it improves my output, people draw the line of "acceptable use" differently just like drug addicts talk shit about each other's drugs to justify their own. I think honesty is more important than cleanliness.
I stopped using linkedin once the mediapipe epidemic started and everyone who could type pip install mediapipe could write a half baked hand and face gesture demo to show themselves as the "cool programmer".
I remember reading the original zig book post and how weird it smelt. Even though it’s LLM written there’s more than a trivial amount of effort put into it. What could anyone possibly have to gain by doing this?
Playground wise, is Zigs wasm compiler able to compile out simd wasm in the browser? I'm trying to find the best languages that can. So far it's just assemblyscript and c/c++ and their compilers are big.
When zigbook first appeared here, I took a cursory scan, and it looked pretty solid and a useful resource. Seems it duped me and got me good. I was even defending the use of AI a little - although the claim needed to go.
Seems they just were just trying to do over a nascent community that I'm interested in seeing growing and wasn't a member of yet.
since zig is famously decentralized, i don't think there is a way to effectively combat bad actors like these? there is no "official zig org" that can disown them
But he isn’t. He’s just writing an AI slop book about Zig. Surely there’s nothing legally wrong with that? He never said it’s an official book or backed by the Zig project.
The trademark cudgel is used on people who release an incompatible language that they insist on calling Zig, confusing people who want to try Zig. Or people who add malware to the Zig tool chain and try to distribute that.
Trademark can’t be used to control bad actors like zigbook.
Incorrect. Not honoring the attribution requirement in the MIT license is a
copyright infringement because it violates the terms of the license, which are legally enforceable conditions.
We are specifically talking about what the Zig project/foundation headed by Andy Kelley can do to such bad actors using the Zig trademark - which is exactly nothing.
I wouldn't be so quick with the "incorrect" if I were you. You haven't even taken the trouble to read two sentences.
I read a lot about this when Rust was considering adopting a trademark policy. The main use cases for enforcing the trademark were
- preventing someone who hardforked the project from creating an incompatible language while using the same name.
- preventing someone from distributing malware while still using the same name.
Because if you notice, neither of these clash with the MIT license that many languages use. You need to enforce your trademark to stop this kind of behaviour.
Zigbook can argue that they aren’t causing any confusion between themselves and the Zig language. The Zig foundation could argue that the name implies an endorsement by the project and they should call themselves The Unofficial Zig Book instead. I don’t know which way it goes.
In a decentralized but communicating community, this kind of post is raising awareness, and then the others in the community will make their own choices regarding the matter.
Lying potentially opens up fraud angles if they are soliciting or receiving something of value. Maybe false advertising even they are giving it away for free. A lot of this will depend on who has jurisdiction
Neither are the Zigtools folks. If you've ever run an open source project, you know that instead of running on money, they run on community goodwill. Having people take the project's creation, claim it as their own, and not comply with the license, are all damaging to people's motivation to contribute.
Ditto... I love Zig as a language but I worry the high-level community builders (including Andrew) are a little too antagonistic to foster a positive, tolerant, patient community in the long term. In saying that, my infrequent interactions in the reddit and discord are always pleasant.
I don’t think Andrew is a bad guy, but his tone seems to attract a certain kind of person. All the technical people I’ve interacted with in the Zig community have been awesome, but for whatever reason it also attracts a lot of people who are just there to shit on anything mainstream.
Actual Zig community spaces like Ziggit is very pleasant as far as programming language forums go. I think Zig just occupies a unique space in the language ecosystem (a very performance oriented, production oriented language that is not afraid to rapidly try things and throw them out if it doesn't meet expectations in practice - not many languages sit in the middle of this venn diagram) and people see it as an opportunity to gain a social foothold in something potentially great.
It seems like it might be in the nature of a language with these goals and this development process to attract people like this, no matter how warm and welcoming the community leaders are.
This isn’t anything to do with Zig though, it just happens to be the language that this crook chose.
They’ve could’ve picked Nim and done this whole spiel there (you’d want to pick a fledgling language that isn’t saturated with documentation, so the stalwarts aren’t usable).
This is the first drama I've heard related to Zig, and seems to have nothing to do with the project itself–this is someone writing an online book about Zig
Zig has previously been involved in all kinds of drama. Including involving money, battles among developers, attempts to split/fork the language, and self-pushed conflicts with other programming languages. This is just the latest, in the long series.
Regardless, for visibility as to maybe-why this happened, here are screenshots of the user editing comments to insult/make them say something they never did;
https://imgur.com/a/LsvBXY1
https://web.archive.org/web/20251130091635/https://github.co...
The tool itself claims "Zero AI" (https://www.zigbook.net/) yet is very obviously A-Lot-AI.
At a bare minimum, the post should have in big bold lettering: Edited by <user_name>.
hmm... isn't this more of a 'personal viewpoint'? why are you stating this like a fact?
moreover, how would it "adding Edited by ~" constitute as a "loss for everyone" ?
I agree on adding "report abuse" button, but if no one notices that edit, how would anyone know what to report in the first place?
Normally, repository maintainers are not self-sabotaging like this.
discourage != prevent all
I use this feature all the time. Users get Markdown wrong, give titles to issues that don't make any sense, have typos, etc. Being able to edit issues helps me keep the issue tracker easier to understand and navigate for maintainers and users.
Every feature can be used. That doesn't mean every feature should not exist. The fact that the edit history is still visible means it's next to impossible to abuse the feature. It works fine.
If you actually use GitHub as a social network of sorts, there are many reasons to do edit comments. All the edits are visible anyway. You're on Git-Hub, you can already edit everything you have write access to.
Either way I think it's a pretty stupid feature the way it's implemented; it should show the edit more clearly or indicate that the comment has been written by multiple people (like StackOverflow does), especially if edits change more than e.g. 10% of the original comment.
I get why GitHub allows editing comments of other users though for public repos I guess it allows for this kind of abuse
Luckily, every edits are recorded in history, so they can't really hide their abusive behavior, for now. Even if they did, seem like there are often people faster in archiving their posts than they hiding their post.
If you did, this is the greatest thing created in 3 ABC ("After Bullshit ChatGPTification"; ChatGPT launched in 2022.).
NB: Since ChatGPT is basically the new Messiah for many, I really think we should now be using dates like 3 ABC or 5 POS. POS stands for "Prior to Overlord Slop/Shit". I suggest we give up AD/BC.
But, please, I'm not the messiah! (hopefully you have watched Life of Brian!)
I mean, focus on whatever you want, but he hasn't done anything Linus Torvalds hasn't done (at least similar enough).
100%.
https://docs.github.com/en/communities/maintaining-your-safe...
Edit: It appears that the repo is gone? User removed it or GitHub?
"Our review of the account(s) and/or content named in your report has concluded. We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response."
It took 2h40m, genuinely impressed how quick the turnaround was :)
Just your run off the mill AI grifter.
EDIT: https://lobste.rs/s/pbn3zy/zigbook_learn_zig_programming_lan...
"Quick research - author's actual profile is https://github.com/zk-evm, and he's a potential scammer from crypto spaces, who also happens to be running fake GitHub Organisation of the Cursor editor, along with related BuyMeACoffee claiming it being official page of the "Cursor AI Editor"."
The account is called zig-vm now.
And here's his real github account: https://github.com/gweidart
lists as a donation link: https://www.paypal.com/paypalme/Newcomer214
So, gweidart is probably this guy: https://www.linkedin.com/in/brandon-newcomer-7275aa228/
But copyright infringement is a legal wrong (a civil liability).
Is what they're doing infringing on a copyrighted work? Or does it fail to uphold license terms? Many open source licenses have some amount of attribution as a requirement, so that'd be something to consider.
It's crazy how many people treat MIT as if it were public domain.
Write a snail-mail letter to get the real sources. Repositories are private with a small well-vetted list of contributors. Also avoid slop-PR headaches that away.
Thank you for your educative post, letting the community know.
Don't let it to drag you down in any way. This is emotionally draining and takes away motivation, but keep going.
I really love the part where llm.txt has the same notice, something humans will never read, or the fact that llm.txt exists considering that there is distaste for AI in every part of this llm generated book.
https://en.wiktionary.org/wiki/%E6%AD%A4%E5%9C%B0%E7%84%A1%E...
https://github.com/Lillecarl/lix/commit/9ac72bbd0c7802ca83a9...
I'm not ashamed to use AI if it improves my output, people draw the line of "acceptable use" differently just like drug addicts talk shit about each other's drugs to justify their own. I think honesty is more important than cleanliness.
The no AI devs will get a "needs improvement" report.
You don't have to. I'm sure there are lots of other communities that welcome low-effort slop with no effort put into it.
> WebAssembly portable SIMD intrinsics
https://codeberg.org/ziglang/zig/src/branch/master/lib/inclu...
When zigbook first appeared here, I took a cursory scan, and it looked pretty solid and a useful resource. Seems it duped me and got me good. I was even defending the use of AI a little - although the claim needed to go.
Seems they just were just trying to do over a nascent community that I'm interested in seeing growing and wasn't a member of yet.
Good riddance, then.
Trademarks are the usual cudgel of choice to enforce a bad actor claiming to be part of offcial Zig.
The trademark cudgel is used on people who release an incompatible language that they insist on calling Zig, confusing people who want to try Zig. Or people who add malware to the Zig tool chain and try to distribute that.
Trademark can’t be used to control bad actors like zigbook.
Incorrect. Not honoring the attribution requirement in the MIT license is a copyright infringement because it violates the terms of the license, which are legally enforceable conditions.
I wouldn't be so quick with the "incorrect" if I were you. You haven't even taken the trouble to read two sentences.
I wouldn't be so quick with the dismissal if I were you. You haven't even taken the trouble to read the article.
Also, Quad erat demonstrandum - the infringing repo no longer exists.
- preventing someone who hardforked the project from creating an incompatible language while using the same name.
- preventing someone from distributing malware while still using the same name.
Because if you notice, neither of these clash with the MIT license that many languages use. You need to enforce your trademark to stop this kind of behaviour.
Zigbook can argue that they aren’t causing any confusion between themselves and the Zig language. The Zig foundation could argue that the name implies an endorsement by the project and they should call themselves The Unofficial Zig Book instead. I don’t know which way it goes.
Is the zig name or logo trademarked? What about the mascot he's using as his github picture?
They're violating the terms of the MIT license as mentioned in the article, so maybe Zigtools has legal standing.
As for lying about no AI, being an asshole isn't illegal, so no angle there.
Any other ideas I missed?
It seems like it might be in the nature of a language with these goals and this development process to attract people like this, no matter how warm and welcoming the community leaders are.
They’ve could’ve picked Nim and done this whole spiel there (you’d want to pick a fledgling language that isn’t saturated with documentation, so the stalwarts aren’t usable).