We stopped AI bot spam in our GitHub repo using Git's –author flag

https://archestra.ai/blog/only-responsible-ai

77•ildari•48m ago

Comments

ildari•48m ago

Hi HN community, I wanted to share our approach to reduce amount of AI slop PR's and issues in our repo. We enabled "require prior contribution" flag on GH and created a CI script that creates a tiny commit co-authored with you, if you pass captcha on our website. Worked really well and we were able to block at least 500 bots in the first week. Sharing a screenshot from cloudflare: https://archestra.ai/hn-comment-cloudflare-challenge-outcome...

satvikpendem•35m ago

Yep, this is similar to some other version control tools like Tangled which has vouching.

https://blog.tangled.org/vouching/

tln•23m ago

Thats a really elegant solution.

How does the website trigger the CI script? Through GH rest API?

ildari•16m ago

thank you, yep through the rest API, here is the example: https://github.com/archestra-ai/website/blob/29ebdacbd8a22b9...

silverwind•20m ago

PR spam is a major problems for repo that run bounties. Maybe GitHub should temporarily block accounts from raising PRs if like 95%+ of them are getting rejected.

marginalx•14m ago

Problem is the bots can create any number of github accounts and continue spamming. Though this would be a good simple defense to start with.

hiccuphippo•12m ago

GitHub has not incentive for blocking AI. It's like asking an ad company to build an adblocker into their browser.

cdrnsf•5m ago

GitHub and Microsoft are actively contributing to the problem, why would they admit fault?

zer0tonin•19m ago

> Should we stop giving fun test tasks to our job candidates?

Yes

hiccuphippo•14m ago

The irony of the .ai domain.

delduca•12m ago

For now…

ramon156•11m ago

See, this is an article that uses dashes correctly. It adds value, creates a bit of buildup

chrismorgan•3m ago

This is funny to me because the title on this submission currently refers to “Git's –author flag”, which is an extremely incorrect use of a dash. (The original article doesn’t make the mistake. Not sure if the error is from the submitter or from an HN title mangulation.)

arecsu•11m ago

Makes me wonder if an ELO-based system would work to mitigate these issues. People who merged PR successfully onto a project, that had real issues acknowledged, the quality of their responses measured by other users reactions or something, etc, multiplied possibly by the degree of importance of the project where their activity has been made. Won't be about human vs AI, but actual helpful effective being vs low effort/spammy contributions. Issues and PRs could be sorted and filtered by their ELO score. I'm saying ELO as analogy to "score based given the context", not really a 1:1 translation of the ELO system

petterroea•8m ago

What I see is a (clever) hack, and GitHub continuing to provide good tools to its users.

captn3m0•5m ago

This has a security implication which is overlooked. Contributors to a repository have higher rights, such as avoiding approval requirements for fork PR runs. GitHub warns in the docs:

> When requiring approvals only for first-time contributors (the first two settings), a user that has had any commit or pull request merged into the repository will not require approval. A malicious user could meet this requirement by getting a simple typo or other innocuous change accepted by a maintainer, either as part of a pull request they have authored or as part of another user's pull request.

First Streaming Fraud Case: A Musician's Alleged $10M Scam

Show HN: ThreeFour – run multi-step procedures one step at a time

How to Read Like a Child Again

Microsoft testing adjustable taskbar, Start menu in Windows 11

AI Has Broken Containment

News.Y Combinator.com/Submit

Antislop: Identifying and Eliminating Repetitive Patterns in LLMs

ImpactArbiter – A PyTorch autograd trap for LLM memory bugs

The US space enterprise is desperately waiting for Starship

A Rust-Python thing I am working on. Apache 2 licence

Bachelors Without Bachelor's: Gender Gaps in Education and Declining Marriage

Skybridge – the MCP Apps framework released v1.0

Windows 11 brings back much-missed taskbar options

Everything You Need to Know About Black Cocoa Powder (2022)

Show HN: Eazip – Password-protected ZIPs (AES-256) in the browser, no upload

At Protocol for Agents

For 20 years, Stephen Colbert distinguished truth from truthiness

Preventing AI agents from executing destructive terminal commands

OVCS: Raspberry Pi–powered electric car

Can we combine excellent design and branding simultaneously?

Show HN: Citycal – Collaborative Events Calendar

How India's cooking fuel shortage is driving up California's gas prices

Show HN: Kaption – Live OCR subtitle overlay

Clojure Freed Me from the Ceremony

HTML5/EPUB3 Version of SICP

Judge grants accused CEO killer Mangione's bid to suppress evidence

Information for most known natural bodies in our solar system

A Master's Degree Isn't the Job Guarantee It Used to Be

Linux 6.6 LTS To Linux 7.1 Bechmarks: Performance Up 13% Threadripper Over 3 yrs

Amazon is deploying these cargo e-bikes for deliveries