[faustomorales]

Seems like an innocent enough mistake. Remind me of when I once helped organize a volunteer hackathon with people from different companies. We created a Slack organization just for the occasion. At the end of the event, I was supposed to ask all attendees to delete all the data we had given them before they went home. The message I posted to #general (the channel everyone in a Slack organization is required to be in) with @everyone tagged was something to the effect of:

"Thank you everyone for contributing to our shared mission. When you are done with your work today, please delete all the data from your machines. Hope we see each other again soon!"

Slack gave me a dire warning that my message would send notifications to so many people across so many time zones. This didn't surprise me because attendees came from various countries for the event. So I dismissed it.

But I had accidentally sent it to my company's Slack organization instead of the hackathon-specific one. I didn't realize it until a co-worker sent me a private message asking why I had just tried to fire everyone at our company.

[blensor]

The real problem was that so many people felt the urge to reply to that PR making it so much worse than a single ping.

I can live with the random message that has nothing to do with me, but having to delete an endless stream of messages because so many people felt the need to reply already knowing that it would go out to everyone is really annoying

[janoc]

I happened to be hit by the Github incident. The worst is not the guy who made the mistake (happens) but the fools who hit Reply-All to first complain about spam and then to yell at each other to stop hitting Reply-All, making the problem exponentially worse ... facepalm

Oh and one has even posted a "goatse" image there ...

[richardw]

Happened in my wife’s company of around 40k people. Mail to all, replies to stop replying, many hours to stop the firestorm. Then next timezone 8 hours out started replying. I don’t know why they didn’t just kill permissions to the mailing list.

[cycomanic]

Similar thing happened at uni when I was doing a PhD.

The graduate office had some sort of mailing list which included all PhD students (or maybe even graduate students). There was maybe one mail a year to this list.

At some point someone replied to the list (don't ask why the allowed everyone to post), they want to be unsubscribe, trigger a torrent of emails of people wanting to unsubscribe, people telling people to use the link on the email, people asking why they get this email, others telling everyone to stop replying (the irony). It was a study of human psychology.

The whole thing lasted a week, I think in the end somebody was competent enough to restrict who could write to the list or maybe they just nuked the list.

[_Microft]

Are you familiar with this story of an email storm at Microsoft already?

https://techcommunity.microsoft.com/t5/exchange-team-blog/me...

[spockz]

Outlook has this amazing feature to ignore email threads: https://support.microsoft.com/en-us/office/ignore-all-email-...

[monkpit]

They also have Reply Storm Protection in Exchange now:

https://techcommunity.microsoft.com/t5/exchange-team-blog/re...

[anamexis]

https://en.wikipedia.org/wiki/Email_storm

[bennyp101]

A few years ago someone managed to email the whole of the NHS with a test email ... on a Monday morning... [1]

[1] https://arstechnica.com/information-technology/2016/11/nhs-e...

[fnordpiglet]

I’ve seen this happen in some context at least once every five years throughout the 30 years of my career. The absolute best ones cause large scale incidents due to the volume of the messages. I always looked at it as a random celebration that brings all the trolls and introduces them to the idiots.

[johnnyanmac]

It's the "law" of numbers. 400k pings, even if only 1% clicked on the repo, and maybe 10% of them commented: that's 400 comments to make. Even on internal repos I've never seen productive discussion really happen past 50 or so comments.

And then the news broke out and that drove even more than 1% to check out the drama. Maybe even had some people sign up for Epic just to check it out.

[mumblemumble]

It wasn't even that many people. Maybe (and generously, I think) 100 commenters out of ~400,000 people who got notified? That's 0.025%.

[zenexer]

All of those 400k people were notified because the author tagged a group containing 400k people. For every comment, 400k emails went out.

I never commented, but I received an email for every comment in that issue. The email queue was so backed up that I was receiving emails for quite some time after the issue was closed.

[blensor]

And some troll did the same thing with another pull request about 2 hours ago.

[umanwizard]

The worst is that it becomes clear eventually that people are responding just to troll.

The casual vandalism of hundreds of thousands of people’s time and attention is absolutely mind-boggling to me. I saw similar things at large (50k+ employees) companies when some reply-all chain got started — people who clearly knew better, replying just for the lulz.

If it were up to me, I would have fired them immediately. Nobody has the right to conscript other people into their personal sense of humor.

[sph]

I wouldn't go that far.

It's annoying to get useless email, but 95% of the non-spam email I receive everyday is useless crap: T&C changes, some company newsletter that somehow I never unsubscribed to, other notifications deemed so important I cannot unsubscribe to, a GitHub thread I subscribed to years ago and now has a very active discussion.

It's not like every single person received 400k emails in one go, it's 400k people receiving those 10 or 20 messages from the same thread over an hour. Annoying, waste of time, but not unheard of.

[umanwizard]

The attitude annoys me more than the actual effect.

I’d also fire someone who “trolled” the company by spraying graffiti on the side of the building. Trivial to remove or even ignore, yes, but the unprofessional and juvenile mindset, taking pleasure in annoying everyone else, is enraging all by itself even if no practical harm was done.

[sph]

This is not an Epic employee that trolled the company.

This is random people on the Internet that probably didn't even know they were part of that notification group, as explained elsewhere in this thread, and then joked around a little longer than they should have. It might not been immediately clear to some that each of their responses was to be sent to all 400k.

Not at all the same crime as you paint it to be. In any case, there is no one that's fireable here, so no need to try looking for some kind of righteous justice here.

[mxkopy]

I don't think it's trolling, it's just having a lighthearted moment in an unexpected situation. You can't blame individuals for doing what they're supposed to do, i.e. replying to emails; at that point it's the moderators' jobs to kill mailing permissions or something.

>the unprofessional and juvenile mindset, taking pleasure in annoying everyone else, is enraging all by itself even if no practical harm was done.

Working at your company sounds hellish.

[fnordpiglet]

You’ve obviously never removed graffiti.

[zenexer]

People want GitHub to fix their system. Epic also has annoying process whereby you have to join their GitHub organization to access certain free tools, which is why they have a GitHub group with 400k people in the first place.

Edit: What great timing—someone just opened a new issue with the same tag. This needs to be fixed on GitHub’s end.

[rightbyte]

> If it were up to me, I would have fired them immediately.

That sounds a bit harsh. As a user of FOSS mailing lists I don't even think it is strange to send a mail to everyone.

It is a process issue where mailing lists are used for one way coms but still are writable for all.

[UncleEntity]

> If it were up to me, I would have fired them immediately. Nobody has the right to conscript other people into their personal sense of humor.

I’d just fire everyone with a sense of humor, that’ll show them.

I’ve heard some people spend whole minutes setting up a joke for the punchline. How many billions of dollars does that cost the economy each year one has to wonder.

Outright theft of wages if you ask me!

[umanwizard]

Intentionally annoying other people isn’t comparable to telling jokes.

[NullPrefix]

UNSUBSCRIBE!

[qwertox]

> Seems like an innocent enough mistake.

I doubt it. If you look at the PR, it does not add any value at all, but introduces a mistake ("for our repositories"), plus the commit message is kind of strange.

[progval]

Looks like a typical PR from young programmers who are learning English, which is consistent with the rest of the profile.

[silisili]

I don't quite get the mindset here. I'm (slowly and lazily) learning a new language, and can't imagine going into some native speaker's repo and trying to correct it...

[5e92cb50239222b]

Blame the interviewers who require OSS contributions. Same with DigitalOcean and their "hacktobefest"¹, or whatever it's called. LKML is full of attempts at these. For some reason I remember a particular exchange (but it's quite typical) between Linus and some random 16 year old ESL student, who bugged Linus for days to accept his "typo fixes" (most of which weren't really typos), and Linus's replies in the manner of "lemme get right on that". From what I understand it's just something you have to deal with as a prominent OSS figure.

1: https://drewdevault.com/2020/10/01/Spamtoberfest.html

[KyeRussell]

I am subscribed to the mailing list used to discuss development of the Django project. This is a very frequent occurrence. There is a constant stream of wannabe contributors that feel somehow inclined or compelled to ask the mailing list for a primer on contribution instead of reading the myriad disclaimers and existing documentation. It’s often obvious that they’re incredibly green behind the ears and barely know what Python or Django are, let alone how to use it. I personally find the combination of hubris and dishonesty jarring, though I appreciate that at the core of it is a cultural difference that I just don’t understand.

[ratww]

Bullshit. The number of jobs that require OSS contributions is minimal, and I've never seen that requirement for anything close to an entry-level job. This is people doing resume padding and making it worse for everyone: OSS contributors, interviewers and future candidates that don't engage in this spam.

And Hacktoberfest, before those incidents, was something for real OSS contributors. Not for spammers wanting a free T-shirt.

Blame the channels on Youtube that are teaching people to make inane contributions to game the system, the people spreading lies like "you need OSS contributions to get a job" and finally the people doing it. This is the reason we can't have nice things.

[Pako]

This kinda looks like an attempt to get a commit into a bigger open source repository. It'd look nice on a resume to say you "contributed to Unreal Engine on GitHub".

[madmax108]

This.

As someone who works with a lot of junior devs in India, I know the competition for early career roles in tech is immense, and so folks look at "open source contribution" as a "brownie point" to add in your resume. Having a "contributed to Unreal Engine" sounds great on paper and 3/5 companies would just take it at face-value and move this guy's resume higher up the stack.

And we have enough seasoned devs who try to be helpful to these junior folks and point out that the easiest way to get started in OSS is to provide/fix documentation for OSS since it's usually low barrier to entry + usually lacking in most OSS repos (The people praising the rr documentation is a great anecdote). But looks like the "quality" bit is lost in translation somewhere.

[bigDinosaur]

A company really wouldn't at least ask what the contributions were? What kind of 'competitive market' is it where you can lie so easily and get away with it?

[SwiftyBug]

But that's so weird because even if that's on the resume, any interviewer would be interested in know what the contribution was. Maybe revealing that you only "fixed typos" would do more harm than good?

[abirch]

Depends on your level of honesty. Given that you're fixing typos to say that you contributed to a project, you'd probably double down and quote the number of PR (remember to only do 1 typo fix per PR) and then add a real bug you may have fixed or make one up.

Unfortunately the entire interview process is why I usually try to hire former co-workers.

[kube-system]

That’s exactly the point. They want the interviewer to be interested so that they get an interview.

[vonseel]

I got a commit into Django a few years ago. It was just updating a documentation link, but are you saying I should put it on my resume?

[kordlessagain]

Ego loves pull requests.

[globular-toast]

It looks like a PR from someone more interested in building their profile than actually contributing anything useful to a project.

[raverbashing]

Yeah typical of people that have more narcissism than technical acumen

The better action would be to report the user as spam

[baisq]

I am in several communities that receive many users from the east and that is very common of them: absolute disregard for the rules, common courtesy or even common sense. If they want something, they will keep asking for it even if it's offtopic or even the wrong channel/group/forum/etc until they get it, regardless of whether they are disrupting ongoing conversations or whatever. I suppose that it's a cultural thing.

[ushakov]

i can assure you this is not a cultural thing

it’s just plain neediness

[ldjb]

This reminds me of something that happened to me a couple of years ago, near the start of the pandemic and when we had recently switched from Skype for Business to Microsoft Teams.

I needed to set up a one-to-one Teams meeting with a colleague, so I hit the 'Schedule meeting' button, added my colleague as an attendee, filled in the meeting name, date and time.

I saw that Teams was asking me to select a channel. I didn't realise this was an optional field, so I just selected the General channel in my department's Teams channel. It seemed the most appropriate. And so I sent out the meeting invite, thinking it would only go to one colleague (the only one I had selected as a participant).

I realised something was wrong a few moments later when I started receiving out-of-office responses from people I didn't recognise. I checked the meeting invite in my sent folder and realised it had gone out to the entire department. Hundreds of people, including all the senior managers and even the CTO!

Turns out that when you specify a channel when creating a meeting in Teams, it also sends the meeting invite to everybody who has access to that channel which, in this case, was the entire department. There was no indication that this would happen, however.

Still, I learnt my lesson. Now I know not to select a channel when creating a Teams meeting.

[ushakov]

what a UX failure

if they labeled this as “Invite members of channels” this would have been avoided

[macintux]

Ouch.

I try to not mix work and personal content on the same laptop, I’ve seen too many glitches (although usually not quite that embarrassing). Slack has been my one exception (although only on my phone). Thanks for the valuable reminder.

[Ansil849]

> I try to not mix work and personal content on the same laptop

It's kind of jaw dropping to me at how this is still not the norm and how people gratuitously mix personal and work content on the same devices, both mobile and desktop.

[dotancohen]

Purchasing, carrying, and maintaining two devices is expensive, heavy, and tedious. Easy always beats safe. Not to mention that there may be significant overlap between work and play for some people. I code Magento (PHP) during the day and contribute to open source PHP efforts as a hobby. In which environment (work or personal) should my notes and bookmarks be?

When I have a company issued laptop I use two machines. When I don't, then I use two accounts on the same machine. Most Linux distros even allow fast account switching in different virtual consoles. I use a different background and panel color for the personal and work environments. It's not a perfect solution, but neither is separate devices.

[can16358p]

This.

My work and hobby life is completely entwined. I have one powerful machine and micromanage my time by switching between windows of work and leisure.

Add the fact that I do coding as work and video editing as a hobby which both need powerful machines, and it would be very stupid, unmanageable, and inconvenient to buy two MacBooks.

[pharmakom]

Dual boot or at least have 2 users.

[can16358p]

I constantly switch between windows and micromanage time.

That's just impossible.

[Stratoscope]

I remember when I worked at an Alphabet company and they offered the option of using your personal phone to sign in to work stuff. (It wasn't Slack, it was one of the seventeen different chat systems they had going at the time.)

There was a teensy-weensy little caveat: Google IT could wipe your personal device at any time!

No thanks.

[yjftsjthsd-h]

That's... odd. Was this a long time ago? Because these days Android has work profiles that specifically exist to let you shove work stuff in its own separate space that can be managed separately from the rest of the device, and Google itself not using the feature that they built into the OS to support that exact situation would seem really weird.

[rwiggins]

Google does use Android work profiles - if you have an Android device. Unfortunately, iOS doesn't really have an equivalent concept (e: see comment below), so device-wide privileges are necessary there.

Everyone has their own level of comfort, of course. I've worked for two employers now whom I've given the power to erase my personal iPhone in exchange for the convenience of not needing to lug around a second phone.

Disclosure: I work at Google; opinions are my own.

[saagarjha]

iOS has user enrollment which is broadly equivalent: https://support.apple.com/guide/deployment/user-enrollment-a.... Google does not adopt this (but it could, b/234963918).

[Stratoscope]

Yeah, it was a while ago, and it's possible that I could be remembering some details wrong. It just struck me as "no, I would rather carry a separate work phone if I have to."

[yjftsjthsd-h]

Oh yeah, given that choice I would, and have, done the same! I just thought it was a mostly solved problem these days (but would like to know if not)

[inferiorhuman]

Yeah BlackBerry 10 had a similar feature called BlackBerry Balance. Still I'd rather carry two separate phones.

[macintux]

That’s a widespread problem. I worked for a dramatically smaller IT firm and it also gave employees the opportunity to register their phones with the company’s Exchange service; when I asked my boss whether we should warn them about the power that gave us, he felt it would just cause unnecessary alarm.

[idontpost]

Your boss was an asshole.

[bryanrasmussen]

well, probably, but maybe it meant that while it gave the power to do this he would never do it. However one should never say never in business, so maybe naive.

[sofixa]

At least on Android, adding a corporate account explicitly lists what access you're giving to the corporate administrators.

[tannhaeuser]

Umm, I remember a time when Personal Computers were seen as universal, do-it-all devices. And there was this expectation, you know, that your FOSS-OS will put all your security and privacy choices into your hand. That was roughly before folks took the red pill and went all-in on intransparent browser apps and would program their change-the-world app for themselves, to be released when ready. Unlike today where they flaunt non-novel, insignificant, uninspired crap on github.

[can16358p]

I work for many different software projects.

I also do a lot of 4K video editing both as a hobby and occasionaly for work.

I also switch between tasks a lot daily.

I am mobile.

Yeah it would be perfectly economic, riskless, convenient, and definitely manageable to carry two fully specced MacBook Pros in my bag.

Not even jumping into the software licensing territory.

[ChrisMarshallNY]

Slack makes it easy. Terrible UX. I’m hoping it improves.

I have a set of different organizations in Slack, but I used to keep getting them mixed up (embarrassing).

What I did, was assign a different color theme to each org (on Mac. Doesn’t work on iOS). Helps me to differentiate quickly.

[rhinoceraptor]

Pretty much no company will pay for a work phone these days, even if you have on-call duty.

[lodovic]

I put a prepaid sim card in my old phone and use it exclusively for work 2fa. Now I can turn off that phone at my convenience and when this gig is over I can just switch to a new sim.

[Delk]

That sounds very culturally dependent. I don't know where the other people in this discussion are based, though.

[eurasiantiger]

If you work from home, have a separate work laptop, but connect it to the same network with your home computers, it’s all for nothing.

[saagarjha]

How so? Hopping around in your home network should not be possible by default and would be a gross overreach by any IT department, even beyond “you put data on this device and therefore we will search the entire thing”.

[lodovic]

Indeed, my work laptop is heavily firewalled, always assumes to be on an unsafe network, and uses a vpn and zscaler. Say you are on an airport wifi - I wouldn't expect corporate IT to scan the neighboring devices. No way it's going to snoop around on my home network, that would just expose the machine.

[eurasiantiger]

Interesting perspective difference; I was referring to protecting the work computer from threats, not the home network from corporate. You must work at happy places…

Apparently you would also be surprised by how common it is to use a home printer, a home wifi access point, etc. and have IoT devices in the network. Corporate firewalls and scanners only protect against unauthorised connections and known threats; zero-day exploits can still be much more effective from a local network.

[saagarjha]

I have a pretty dim view of endpoint security, seeing it mostly as a thing that works against me rather than for me. I feel that any threat model that includes "zero-day exploits" is almost always poorly formed and sensationalist, rather than grounded in a genuine evaluation of security tradeoffs.

[Aeolun]

Carrying two machines around all the time is no fun.

[dheera]

That and also in case there is any legal reason to sneeze the company laptop for discovery or anything you don't want any personal stuff on there.

Keep personal stuff on personal devices, and never use personal devices for work either.

[cyberlurker]

God bless you :)

But yes, we’ve seen from a number of US politicians how bad of an idea it is to mix personal and work on one device/account. Usually email.

It is annoying having two phones if work isn’t paying.

[jen20]

If work isn’t paying, what gives them the right to have email or chat in your personal phone?!

[dheera]

Many people are effectively sheep and will install a company app on their personal phone because "wow it's so convenient everything is all on one device".

That said ... employment is at-will, so there are no real rules here. It's not that different from if you sign up to be an Uber driver you're expected to have a car and a phone that you are willing to use for work, or you can't take the job. Nobody says it has to be the same device as the one you use for your personal email, it's just that you are expected to have a device for the job. So nothing legally prevents them from requiring you to have a device with the company apps on it, in return for you accepting some hopefully big enough salary.

For software engineering, if the salary is on the low end of market I expect work to buy me a work phone, if they require me to install any apps. If salary is on the high end, then I wouldn't fuss about it too much, I could just buy myself a separate personal phone for work with the pile of extra cash, but them buying me one would still be a nice, appreciated gesture.

[cyberlurker]

There is no right, just a personal choice. If you have to lug around the company provided laptop if you want to check your work calendar/email/slack/whatever, you may start to consider using your personal device.

[likortera]

My solution to this is to have two separate accounts on my work laptop.

One for work, the other one for side projects, personal browser, courses, learning, etc.

As long as you're not doing anything illegal and are running on a non Administrator account, I think it is a good compromise vs having to carry a second laptop.

[saagarjha]

Your company likely has full access to that account and I would generally not recommend using any devices owned by your employer for side projects unless they specifically allow you to in some sort of legal contract that says something along the lines of them not owning everything you do on that account.

[likortera]

> Your company likely has full access

No, they don't. At my company we buy our own laptops, and we expense them. There is no VPN and no company owned software installed. And most of what we do is Open Source anyway.

> specifically allow you to in some sort of legal contract that says something along the lines of them not owning everything you do on that account

Not a problem, my side projects are just for learning purposes. They're open source, and most of them end up abandoned. I'm not running a side business on a company laptop, so they can own everything if they want, I'm fine with that.

[saagarjha]

I’m glad it works out for you, but perhaps you see the issue with offering your advice unqualified in this situation?

[cmeacham98]

Did the slack warning not tell you the number of people it was going to ping? At least nowadays it says something like "You're going to ping X people in Y timezones".

[faustomorales]

Right you are, yes, it was that same message. I suppose what I meant to convey is, "despite the thoughtful safeguards built into Slack, I still managed to screw this up." :) I really appreciate Slack and it is my preferred workplace communication platform, so I hope no one reads my anecdote as criticism of the product. I can't think of any way Slack itself could have done more to prevent my mistake.

As more context, I do remember thinking, "that X number seems higher than I would expect, but maybe we had a lot of folks who signed up for the event that didn't show." I worked at a small company so the size of the company was on the same order of magnitude as the number of invitees to the event (~100). I explained away the Y time zones because I knew some people traveled internationally. I was also operating on very little sleep, so that probably didn't help.

[iuri1]

Well I used to have a gmail lab plugin which forced me into answering arithmetic questions when it was past 23 hours in my local time and I tried to send an e-mail

[Dylan16807]

Discord has a fun warning like that except it lies. It looks at how many people are on the server instead of the channel you're pinging.

[red_admiral]

Following up with "verify the pull request and merge asap" doesn't sound like someone who knows what they're doing, though.

[JohnJamesRambo]

Mission accomplished; now delete your machines.

[OOPMan]

Innocent or not I woke up this morning after the last one died down to see a new fake MR on the same repo.

It's trolling and childish trolling at that.

[al_borland]

Free Code Camp had a bug in their email notification system several years back. I suspect they weren’t incrementing the index in their loop… Since I was the first person in the email list, I got an email for every person in their list. I had to shut my phone off, as the notifications were going out of control and couldn’t keep up.

Fun fact, Gmail caps threads at 100 messages. So I had a full page of 100 email long threads in gmail on my phone.

[matsemann]

I did that exact bug once. But I didn't just get one email for each subscriber, since the index didn't increase the loop never terminated. Took me some time to actually kill the process (PHP script running at some provider back in the day). Got over a 100k emails to my Gmail, so much that my account crashed and it took a few days before I managed to log in again (got an error saying something went wrong when opening gmail in the browser). So at least then it was very possible to ddos someone's mailbox.

[sureglymop]

That's terrifying.. did the notifications make your phone unusable? DOSed by FreeCodeCamp...

[al_borland]

Yeah, pretty much. I forcefully shut my phone off, as I was unable to just get to the settings, and then was trying to DM the guy via Twitter to try and get it to stop. Eventually it did stop and he reached out to tell me what went wrong.

[yread]

It's difficult to strike a balance between "Are you sure?" and a message describing precisely what you're going to do and why it's unusual in these warnings. Slack could include the org in their message though