GitHub disabled adguard filters repository (opens in new tab)

(twitter.com)

90 pointssiproprio1y ago37 comments

37 comments

The issue is resolved now, the repo is available again.

We have not received any response to the support case that we opened, but we assume that it was a false positive of some automatic algorithm.

As a consequence of this we're going to set up a mirror outside Github so that the work didn't stop if something like that happens again.

UPD: We received the official response explaining that this was a mistake. I must admit the whole situation was resolved really quickly, good job.

rsync1y ago

You may have a free-for-life account which will allow you to:

  ssh user@rsync.net git clone mirror git://github.com/blah/blah

Just email us.

tredre31y ago

They're using github as an HTTP CDN, are you saying that rsync.net now supports this use case?

1 more reply

lacker1y ago

This does seem like exactly the sort of thing that would trigger false positives. The product is fundamentally a list of a bunch of text found in malware, so any sort of malware detector that's based on the textual content seems likely to give a false positive.

hifromwork1y ago

*in phishing, not in malware. Adguard domains are unlikely to be found in malware.

sethops11y ago

Maybe it's being taken down because GitHub is not happy about serving as a free CDN for a non-source code repository?

Brian_K_White1y ago

The title says the repo is a filters repo. Did the repo actually contain filter rules, or was it used to distribute the closed source plugin package?

I would argue filter rules count as source code as much as anything else. It doesn't matter if the thing reading the filter rules is not open source.

Aside from that, github intentionally hosts all kinds of content that isn't literally code. gists, pages, wiki, discussions, issues.

People also host books on github where the text is the code and git is the update system and github is the distribution system, all exactly the same as with a c program. It's not abusing the system like using the CI compute to do random other work, it's using the facilities for exactly what they are each intended for. github wants everyone to use and grow to depend on github for things like that.

Wowfunhappy1y ago

But they've encouraged uses like this for ages, see also Github Pages.

If they're going to change the policy, at least announce it first...

1 more reply

8organicbits1y ago

No. https://news.ycombinator.com/item?id=41438980

Kim_Bruning1y ago

In general this is why you shouldn't depend on 3rd parties like this. Though hopefully in this case it's mostly a brief mistake?

teqsun1y ago

I see adblockers as another casualty of the end of the ZIRP era. Big Tech was benevolent when the money was free, but now that they have to tighten the waistband all the nice open-sourced add-ons (like 3rd party readers, ad-blockers, etc.) are all getting killed off (or at least they're trying to)

crooked-v1y ago

On the other hand, Apple is adding a "this is totally not an adblocker, I promise" it's-obviously-an-adblocker to the next version of Safari as a builtin feature. It's pretty barebones, as Apple copycat features tend to be, but I think it's a decent indicator of their attitude on the subject.

layer81y ago

My understanding is that it’s a DOM element hider. While it is possible to hide some ads with it, it probably won’t disable the tracking.

frizlab1y ago

They intended it as an adblocker initially and dialed back the tone because of pressure from ad companies and co.

a1o1y ago

There are adblockers for Safari too in the Appstore

csapdani1y ago

The repo is accessible now.

Havoc1y ago

We really need at least a duopoly in the git space. Nothing against github per se but they've got way too much of the mindshare.

mulmen1y ago

Better yet some kind of decentralized source control protocol.

auguzanellato1y ago

Technically git is already decentralized, the issue is where git repos get hosted.

1 more reply

nephyrin1y ago

For those that haven't bothered clicking the link, they add:

> Github was struggling with "malware" comment spam lately and we added several filter rules that block this stuff. Maybe this is what triggered disabling the repo?

The comments so far immediately jumping to conspiracy speculation is depressing.

It's already back up.

lucifargundam1y ago

And its because of situations like this, that I push to multiple foundries at the same time. Consolidation of resources is makes it only as secure as your control of maintaining them.

throawayonthe1y ago

pure speculation but i bet it’s somehow because it contains links to copyrighted/illegal content (to block it) lmao

giancarlostoro1y ago

Not that I agree, but for future reference, they keep all their DMCAs public here:

https://github.com/github/dmca

btown1y ago

Or just plain old links to malware, because sometimes even non-interactive links in a plaintext document can be presented by an attacker with context that socially-engineers a target to copy-paste a malicious URL into a browser.

I'm actually shocked that Github didn't have Adguard white-listed to prevent this from being picked up by malware scanning tools already. And it's a shame, because the whole point of scanning for malware is to protect people from falling victim to new attacks, and killing the filter repository is entirely counter to that goal.

kevingadd1y ago

Yeah putting full unobfuscated links to malware or copyrighted content into your repository seems like an obvious way to get it blocked. If they masked the URLs a bit it might've been fine.

dopp01y ago

if they were obfuscated the urls the app itself would need to process it to un-obfuscate, then the performance would take a hit, but I get your point. It's just the wrong service to host this.

PS: could not check the link, as my country blocked twitter.

hifromwork1y ago

FWIW:

* I often put malware samples in my repositories on github (I prepare malware analysis trainings, and I develop my trainings on github). Never got banned.

* There are a ton of leaked malware sources (and/or binaries) stored on github. They are not banned

* Github is full of blatantly obvious malware (at best "pentesting tools", at worst "educational projects"). Sadly, not banned too.

toastercat1y ago

Adblock is ethically equivalent to theft. This is a good thing, as far as I'm concerned (even if it wasn't deliberate).

JTyQZSnP3cQGa8B1y ago

Ads have been brainwashing people for centuries, and they now deliver malware.

As you once elegantly said: “It's like natural selection except our society has not selected them.” We now have the tools to remove them from the gene pool and it’s a good thing.

toastercat1y ago

Except homeless people don't contribute anything good to society. Advertisers and services like YouTube do.

OfCounsel1y ago

A webpage serves many elements, all to which you are entitled to see. Adblock is just a way to decide which elements you see or do not see. Your ethical position, that we are compelled to see everything served to us, is troublesome.

toastercat1y ago

When you visit a website or a YouTube video, there is an implied social contract that you will view the ads and allows trackers in exchange for consuming content. Otherwise, you are essentially freeloading off peoples' hard work. If you are not happy with the ads, simply go to another website that doesn't serve ads, host your own PeerTube instance or whatever. Just don't steal and then be entitled about it.

1 more reply

j / k navigate · click thread line to collapse

37 comments

ameshkov1y ago

The issue is resolved now, the repo is available again.

We have not received any response to the support case that we opened, but we assume that it was a false positive of some automatic algorithm.

As a consequence of this we're going to set up a mirror outside Github so that the work didn't stop if something like that happens again.

UPD: We received the official response explaining that this was a mistake. I must admit the whole situation was resolved really quickly, good job.

rsync1y ago

You may have a free-for-life account which will allow you to:

  ssh user@rsync.net git clone mirror git://github.com/blah/blah

Just email us.

tredre31y ago

They're using github as an HTTP CDN, are you saying that rsync.net now supports this use case?

1 more reply

lacker1y ago

hifromwork1y ago

*in phishing, not in malware. Adguard domains are unlikely to be found in malware.

sethops11y ago

Maybe it's being taken down because GitHub is not happy about serving as a free CDN for a non-source code repository?

Brian_K_White1y ago

The title says the repo is a filters repo. Did the repo actually contain filter rules, or was it used to distribute the closed source plugin package?

I would argue filter rules count as source code as much as anything else. It doesn't matter if the thing reading the filter rules is not open source.

Aside from that, github intentionally hosts all kinds of content that isn't literally code. gists, pages, wiki, discussions, issues.

Wowfunhappy1y ago

But they've encouraged uses like this for ages, see also Github Pages.

If they're going to change the policy, at least announce it first...

1 more reply

8organicbits1y ago

No. https://news.ycombinator.com/item?id=41438980

Kim_Bruning1y ago

In general this is why you shouldn't depend on 3rd parties like this. Though hopefully in this case it's mostly a brief mistake?

teqsun1y ago

crooked-v1y ago

layer81y ago

My understanding is that it’s a DOM element hider. While it is possible to hide some ads with it, it probably won’t disable the tracking.

frizlab1y ago

They intended it as an adblocker initially and dialed back the tone because of pressure from ad companies and co.

a1o1y ago

There are adblockers for Safari too in the Appstore

csapdani1y ago

The repo is accessible now.

Havoc1y ago

We really need at least a duopoly in the git space. Nothing against github per se but they've got way too much of the mindshare.

mulmen1y ago

Better yet some kind of decentralized source control protocol.

auguzanellato1y ago

Technically git is already decentralized, the issue is where git repos get hosted.

1 more reply

nephyrin1y ago

For those that haven't bothered clicking the link, they add:

> Github was struggling with "malware" comment spam lately and we added several filter rules that block this stuff. Maybe this is what triggered disabling the repo?

The comments so far immediately jumping to conspiracy speculation is depressing.

It's already back up.

lucifargundam1y ago

And its because of situations like this, that I push to multiple foundries at the same time. Consolidation of resources is makes it only as secure as your control of maintaining them.

throawayonthe1y ago

pure speculation but i bet it’s somehow because it contains links to copyrighted/illegal content (to block it) lmao

giancarlostoro1y ago

Not that I agree, but for future reference, they keep all their DMCAs public here:

https://github.com/github/dmca

btown1y ago

kevingadd1y ago

Yeah putting full unobfuscated links to malware or copyrighted content into your repository seems like an obvious way to get it blocked. If they masked the URLs a bit it might've been fine.

dopp01y ago

if they were obfuscated the urls the app itself would need to process it to un-obfuscate, then the performance would take a hit, but I get your point. It's just the wrong service to host this.

PS: could not check the link, as my country blocked twitter.

hifromwork1y ago

FWIW:

* I often put malware samples in my repositories on github (I prepare malware analysis trainings, and I develop my trainings on github). Never got banned.

* There are a ton of leaked malware sources (and/or binaries) stored on github. They are not banned

* Github is full of blatantly obvious malware (at best "pentesting tools", at worst "educational projects"). Sadly, not banned too.

toastercat1y ago

Adblock is ethically equivalent to theft. This is a good thing, as far as I'm concerned (even if it wasn't deliberate).

JTyQZSnP3cQGa8B1y ago

Ads have been brainwashing people for centuries, and they now deliver malware.

As you once elegantly said: “It's like natural selection except our society has not selected them.” We now have the tools to remove them from the gene pool and it’s a good thing.

toastercat1y ago

Except homeless people don't contribute anything good to society. Advertisers and services like YouTube do.

OfCounsel1y ago

toastercat1y ago

1 more reply

j / k navigate · click thread line to collapse