Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
What could've prevented the Codeberg incident? (safelyx.com)
7 points by BrunoBernardino 11 months ago | hide | past | favorite | 7 comments


Kind of ridiculous someone would go the distance to do THIS, but then again I'm not familiar with the platform and their relationship with the perpetrators.

However, I've been interested in the subject, and I can see how we'll need more moderation, especially, with AI content flooding everything, as well as, completely autonomous AI agents interacting with content and people.


One could suppose this was just really testing the system or an hypothesis, to see if it was possible or not.


I'm curious about this, but I'm not familiar with Codeberg.

Is this kind of "safety" check really the main process to prevent mass emails going out? Otherwise is it a free for all as far as the ability to mass email out?


Codeberg is a FOSS (Free and Open Source Software) alternative to GitHub, in a way. Not sure if that's what you were asking about.

There are many other ways to prevent or mitigate this specific kind of situation, as were suggested in Codeberg (Forgejo is technically the software it builds upon), like limiting email notifications to a number of mentions/people, adding a "report" button in the comments, sending notifications in smaller batches, but in reality, while these limit the attack surface area, it'll still go out to someone initially, whereas with content moderation, it's much less likely it'll go out to _anyone_. I see those as _complementary_ to automated content moderation.


I read half of the article and it hasn't answered this question: what happened?

I mean, I get that people received unexpected notifications and hate speech. But how? Did an admin send them? Did a bot go on all the projects? Can't we summarise that in 2 lines before going into a whole article about how to prevent "it"?


Someone created an issue in their repo and @ mentioned hundreds of people with two word ragebait message. It is just a feature that sometimes very useful that was used for spam. Nothing new, really.

You might've heard about someone accidentally sending email to thousands of people on Github a couple years ago: https://github.com/EpicGames/Signup/pull/24


Sorry, that is explained in the linked article from Codeberg, but I just added this sentence in the beginning as well: "Attackers hijacked the commenting system to mention other users and use the email notifications to include hate speech."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: