1. 29

  2. 23

    GitHub URLs are pretty badly designed.

    For example, /contact is their contact page, and /contactt is a user profile.

    Apparently, there’s a hardcoded list of ”reserved words” in the code, and when someone adds a new feature, they add the word/path segment there and check that it’s not taken by a user.

    So it could perhaps be the case that they’re adding some feature related to malware?

    1. 13

      That could very well be the case – and I’d be totally fine with that. I understand being coded into a corner, and wanting to fix things for the greater good at the expense of a few users.

      I just can’t figure out why, for the sake of “privacy and security”, they don’t want to tell me.

      1. 16

        I think this is absurd behavior on GitHub’s part, and you’re right to be upset by it.

        Since you do seem curious, I have a guess why they’re being so evasive, and it’s pretty simple: They’re a large organization. The person you’re talking to would probably need to get approval from both legal and PR teams to tell you about their product plan before it’s launched. I have no information on how busy GitHub’s lawyers and PR people are, but I would expect an approval like that to take a few weeks. Based on what they told you about the timeframe, it sounds like they want to launch their feature sooner than that.

        What I’d really like to know is whether this is a one-off, or whether they’ve done it to other people before. It seems like their URL scheme will require it pretty frequently…

        1. 7

          The person you’re talking to would probably need to get approval from both legal and PR teams to tell you about their product plan before it’s launched.

          Which is why I didn’t single out the support representative that contacted me; they clearly were not in the decision process for any of this, and I don’t want to cause them any undue grief/trouble past my first email reply asking for clarification.

          To be clear: I don’t really care about the malware username, other than it’s a pretty cool name. I’m more interested in the reason behind why the forced rename.

          Lots of people (read: salty News of Hacker commenters) say it’s obvious (wanting to reserve the /malware top level URL) and call me dumb for even asking, but no one has given me any evidence other than theories and suppositions. Which is great! I love thinking and hypothesizing.

          1. 5

            I don’t have any documented evidence other than anecdotal, but when I worked at a similar company with an almost identical URL structure this was one of the hardest parts of launching a new top level feature. It turns out recognizable words make for good usernames… so it’s almost impossible to find one that’s still available when working on a new feature. The choice ends up being between picking a horrible URL or displacing one user to make it easier to find.

            It’s also worth noting that GitHub has a habit of being very secretive about what they’re working on - it’s almost impossible to get information about known bugs which have been reported before, let alone information about a potential new feature.

            I would be willing to bet that this is being done for something we’ll hear about in the next year or two.

      2. 11

        We made a team that was just the unicode pi symbol and GitHub assigned us the url /team/team.

        1. 4

          That’s a great unicode hack.

        2. 11

          The curse of mounting user paths directly to /. When in doubt, always put a namespace route on it.

          1. 6

            That was my thought as well. I would imagine they want it as a landing page for some new feature or product.

          2. 13

            The username is malware.

            1. 5

              There are many, many other usernames in use that I would consider to have the same level of negative connotation in the software world. Here are three that I thought up in about 15 seconds:

              Unless each one of those accounts is also being changed/removed, and I’m simply the first one to point this out, how is “malware” any worse than “virus” or “hacker”?

              1. 9

                Oh sorry my post wasn’t intended to make any judgement on the name or github’s actions. It’s just for everyone who would only click through to read what the name was.

                1. 4

                  Ah, my apologies then! I didn’t realize what you were stating.

                2. 4

                  I think they are not interested in whether it sounds negative or not.

                  They probably want that URL for one of their upcoming products.

              2. 7

                As a Github customer this really bothers me. I’m sure they have good intentions, but I don’t like their approach. It’s fortunate this person hasn’t used the account much, but who’s to say this won’t happen to others? And it definitely doesn’t help that they’re being deceptive about it.

                Furthermore, changing a username is not necessarily a quick and painless process as they describe. The action itself is quick and painless, but GitHub accounts are often integrated with other services, which may also have to be changed. It’s also popular to include profile links in email signatures and profiles on other sites.

                I hope they use this as an opportunity to fix whatever back end problem is making them do this.

                1. 4

                  I would guess some TrustyWeb url scanner used by an unnamed Client is hardcoded to flag domains that don’t 404 on /malware, and the Client doesn’t consider this their problem. It fits the arbitrary nature.

                  1. 4