423
submitted 8 months ago by db0@lemmy.dbzer0.com to c/opensource@lemmy.ml

Yet another "brilliant" scheme from a cryptobro. Naturally this caused a gold-rush for scammers who outsourced random people via the gig economy to open PRs for this yml file (example)

top 50 comments
sorted by: hot top controversial new old
[-] redcalcium@lemmy.institute 80 points 8 months ago

It's hilarious that PR author in that example has monkey profile pic. I guess what people are saying about never trusting people with monkey pfp is true.

[-] frezik@midwest.social 78 points 8 months ago

Actually, I only want to add one file, tea.yml, to your repository. Because I have a job that requires uploading the file and I also don't know what it is used for.

So you want me to merge a file you use on your job and you don't know what it does?

I see no issue. Merged!

[-] sigh@lemmy.world 16 points 8 months ago
[-] SigHunter@feddit.de 9 points 8 months ago
[-] jeffhykin@lemm.ee 68 points 8 months ago* (last edited 8 months ago)

For context, Tea (the cli tool) was created by the author of homebrew. But for some reason he changed the name to pkgx and made tea into the crypto thing: From the creator of Homebrew, Tea raises $8.9M to build a protocol that helps open source developers get paid

He's probably interested in blocking these kinds of PR's.

[-] mosiacmango@lemm.ee 58 points 8 months ago* (last edited 8 months ago)

He's probably interested in blocking these kinds of PR's.

He is now that people are spamming the high profile projects he used as examples in his "get paid" cryptobro scam videos and it's pissing people off in the FOSS communities hes trying to worm the project into.

Hilariously, he stated that he would be really unhappy if people were doing this to his actual FOSS projects, which makes me wonder why he didn't use them in his examples instead of the completely unrealted Node.js and ghost projects.

Its almost like he made himself getting rich someone else's problem. Totally unlike crypt bro behaviour, of course.

[-] ezchili@iusearchlinux.fyi 66 points 8 months ago

That's insane

Also lol at the people getting mad at the tea maintainer for "name calling" the guy hired to write up the scam PR

Gig economy or not this idiot should have known better

[-] db0@lemmy.dbzer0.com 67 points 8 months ago

Lol classic reply from the monkey pfp "I didn't know, I'm sorry, please don't ban me, sir". These fuckers know exactly what they're doing seeing from how they obfuscated the pr purpose, and act all ignorant when caught. It's exactly the same behaviour game cheaters exhibit when caught red handed

[-] rbos@lemmy.ca 45 points 8 months ago* (last edited 8 months ago)

Honestly doesn't sound like a terrible idea on paper, but this spam outbreak could kill it before it gets off paper in a real way. Giving devs a bad taste will stay around a long while.

Edit: and of course the well-earned general attitude toward cryptocurrency as scammer playgrounds is automatically putting it way in the red too.

[-] flumph@programming.dev 26 points 8 months ago

Dude also used a LLM to generate descriptions for the packages he's serving from his package manager. And of course, it got them wrong, creating a headache for the actual package maintainers

[-] chicken@lemmy.dbzer0.com 17 points 8 months ago

I do like the idea of streamlining donations to open source projects directly through a package manager, and crypto seems like a good fit for that (decentralized, uncensorable). The issue here seems similar to knowing what charities are properly using funds; making a system to make decisions about how to spend money is hard when there's so many people looking to misdirect it to themselves, and the point of this would be to relieve the people who would be donating the money from putting effort into doing the research themselves, so that big problem has to be solved.

[-] Kusimulkku@lemm.ee 38 points 8 months ago

which should prevent idiots like @onedionys from being able to figure out how to create the file.

Wow, slow down @mxcl. Calling people names is not constructive not warranted here.

Lmao fuck off

load more comments (1 replies)
[-] nothacking@discuss.tchncs.de 19 points 8 months ago* (last edited 8 months ago)

Why does the tea project not have users claim ownership of GitHub profiles. That way it could be retroactively applied with no effort on the user or maintainer.

[-] Cethin@lemmy.zip 5 points 8 months ago

I assume it's because they don't just want to count owners but also maintainers. How do you count maintainers? Does one accepted PR count? If not, how many? Counting owners only that would be fine though.

[-] tranxuanthang@lemm.ee 15 points 8 months ago

It's sad that a lot of the username come from Vietnam (my country). I remember when the Stellar airdrop announced there were people trying to buy GitHub account for 3-5$ for "their company's project". Many people do the thing that called "MMO" like that here, that doesn't realistically provide any value. They just want to get rich as fast as possible with only simple jobs such as copy and paste.

[-] flying_sheep@lemmy.ml 4 points 8 months ago

I greatly respect the way Vietnam has put things like stable rice prices over Western money. As far as I understand it, this allows for a society where nobody lives in abject poverty. But it also prevents people from getting rich quick by milking their own people. So if I got all of this right, it's not surprising that some people encountered the idea of getting rich quick through the Internet and try that now.

[-] chebra@mstdn.io 4 points 8 months ago

@flying_sheep

> nobody lives in abject poverty. But it also prevents people from getting rich quick by milking their own people

lol.. no.. not at all

load more comments (5 replies)
[-] nayminlwin@lemmy.ml 5 points 8 months ago

I've seen video ads claiming to show you a way towards passive income from other people's videos somehow. Now it's coming to open source projects...

[-] towerful@programming.dev 5 points 8 months ago

Ive seen an uptick in twitch users offering graphics packs for streamers.
I presume some company has figured out the prompts to get AI generated emote packs, and now hire people to offer this service randomly to small/medium streamers.

load more comments
view more: next ›
this post was submitted on 27 Feb 2024
423 points (98.0% liked)

Open Source

31223 readers
200 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS