Hacker News new | past | comments | ask | show | jobs | submit login

On a serious note, I'm a bit surprised that GitHub makes it trivial to compute the rate at which new repositories are created. Isn't that kind of information usually a corporate secret?



When your moat is a billion wide, you tend to walk around in your underwear a bit more I guess.


Excellent Diogenes quote reference.


Do you mean a specific quote here? I couldn't find the reference.

reply


The answer to that question is in the eye of the beholder or something idk

reply


I'd have thought Diogene's moat was mostly personal-fragrance-based

reply


unless you're youtube?


Is there any reason for GitHub to hide this information though? How could it be used against them?

(I understand many companies default to not expose any information unless forced otherwise.)


Companies usually hide this type of information so competitors have a harder time determining if they are growing/shrinking/neutral.


Companies usually hide this type of information so VC's / stonk investors will give them more money.

reply


And engineers thinking of scale would usually try to steer away from a sequential id because of self inflicted global locking and hot spots.


The rate of creation is like meh, but being able to enumerate all of the repos might be problematic, following new repos and scanning them for leaked credentials could be a negative... but github may have a feed of new repos anyway?

Also, having a sequence implies at least a global lock on that sequence during repo creation. Repo creation could otherwise be a scoped lock. OTOH, it's not necessarily handled that way --- they could hand out ranges of sequences to different servers/regions and the repo id may not be actually sequential.


>following new repos and scanning them for leaked credentials could be a negative

People do this. GitHub started doing it too so now you get a nice email from them first instead of another kind of surprise.


Email, bleh, I'm sure I'm not the only one who basically /dev/null's emails from github about pearl-clutching "security" but I wanted to point out that for quite a few providers they actually have an integration to revoke them if found in a public repo, which I think is way more handy

https://docs.github.com/en/code-security/secret-scanning/sec...

and the list is way bigger than I recalled: https://docs.github.com/en/code-security/secret-scanning/int...


You can turn those GitHub security warnings off if you don't want them.

>quite a few providers they actually have an integration to revoke them if found in a public repo, which I think is way more handy

Yes I've also gotten an email from Amazon saying they revoked a key someone inadvertently leaked (but so long ago I only remember that it happened). I read my AWS emails at least.


> but github may have a feed of new repos anyway?

Yes: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-... (you can filter to only show repositories created since a given date).

reply


and using their obscure graphql api, you can do the same for -new commits- across any repos.

they have some secret leaking infra for enterprise

reply


What would be the issue with global lock? I think repo creation is a very rare event when measured in computer time.


and you can find the latest ID incredibly quickly using binary search! (I used to track a bunch of websites' growth this way)


You can see the rate of creation of new users too.

Which is arguably even more interesting…




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: