> That comparison spot the difference pic is really scary. I had to check it 2 times myself before I could spot that the last line is different.
That's not the only difference. The other difference is that you also have to type the full repository name, including the organization name.
If they wanted to delete the correct repository, they would have to type httpie/.github, but instead they typed httpie/httpie.
It's unfortunate what happened, but without GitHub removing the possibility at all to delete repositories/change the visibility, I don't know what else they could have done to try to prevent it. It's really hard as a user to affect the wrong repository, as you are gonna have to mentally and literally pause to write out the organization name + repository (httpie/httpie in this case) and if that doesn't stop you, I don't think anything would.
I'm not convinced that would have really solved the problem. One could just as easily post a screenshot of two nearly identical dialogs where the only different is that one says "This will remove 54 stars" and the other says "This will remove 54,000 stars" and the same argument could be made that "the only way to notice the difference is if you happen to notice those 3 zeros."
>I'm not convinced that would have really solved the problem.
It almost certainly would help. When you attempt to delete a world of warcraft character you are prompted with the character's level, among other info. This is the biggest difference you'll see between the delete procedure for a level 1 alt with < 1 hr played and a level 80 (or w/e) character with >10,000 hr played if you've named them similarly.
Because of the relatively low character limit and the popularity of alts, this feature (delete character) gets a lot of use and misuse so it's reasonable to expect the developers to have put some thought in to it.
It seems like a pretty easy feature to build. No database changes required, and I wouldn't be surprised if the API already returns the star count for the repo so it's client-side only. I'd guess somebody could do it in a couple of hours (famous last words lol). I'd guess adding that feature would be less time/effort than restoring httpie's stars. A/B testing might be a little harder since conditions like OP's don't happen often, but you could at least do some testing.
There is a difference between using UI tweaks (color/size/motion) to call out information, and actually displaying that information.
Right? As in, "this will affect 0 stars" vs "this will affect 54,000 stars" is an informational difference. Calling out "this will affect all stars" (without specifying a number) doesn't break a user out of doing it to the wrong repo, since that message is the same in both cases.
> That's not the only difference. The other difference is that you also have to type the full repository name, including the organization name.
This is not true.
We had an internal tool at a previous job that required you to type the name of a service's cluster into a field before deleting it. Automated deployments sometimes got left behind - and users would go in periodically and clean them up.
If you watched folks, they would type the name of the cluster being deleted into that box UNTIL they had to do this many times in a row. As soon as it was a "batch" job, folks would go through the motion of:
1. click delete
2. double click service name
3. ctrl+c
4. click text input
5. ctrl+v
6. press "Confirm"
It was remarkable, after someone did this once, I don't think I ever observed them going back to typing in the cluster name. That algorithm of "copy and paste" carried over into every prompt they saw of that form moving forward.
I'm guilty of this too - I no longer type the prompted name for this form of confirmation dialogue, it's a copy-and-paste.
Lol, I do this whenever they ask me to re-enter my email/password for verification even though I know exactly the purpose this mechanism is trying to enforce.
Humans will always take the easiest route. We just have to accept that and come up with better solutions that aid humans or fit to our very weird nature.
This is exactly what you start doing on Github too, since many repo operations require you to do it. Seeing this warning modal where you have to copy-paste some string is what you expect when clicking delete/make private/make public. I don't know if it really helps.
I think you make a good point, the retyping is not perceived as a genuine sort of 2-factor step but is perceived like an annoyance. Maybe the consequences of the action should be shown in a screenshot with a 5 second wait. Personally the only reason it works for me as a 2-factor is because I think about what Github's intent is when they prompt me to retype the repo name and therefore I take a moment to reflect that I indeed want to do what I want to do. But isn't that backwards? I have to imagine what Github's intention was instead of simply seeing a ui and understanding it for what it is.
I mean obviously users are going to cut and paste that output. It's completely hostile design in terms of usability on their part. What did you expect to happen?
There are certain repository actions that require an interaction and assistance from GitHub customer support.
The community was valuable to GitHub as well.
I could see a spec on “sizable community thresholds” where if an interaction might blow away something of that size GH affords you an exchange with a “concierge” forcing a minor exchange with a real person.
This UI is predicated on the notion that the user will connect the word you're asked to type to the repository you're intending to modify.
Most of the time that's true, or we'd be hearing about this happening all of the time. But 'most of the time' is not 'every time'. 'Almost always' is also not 'every time'. This is a distinction that Human Factors people make that victim-blaming nerds do not.
You've seen the video on Youtube (or Reddit) of the guy holding the fish throwing his phone into the lake? He didn't do that because he was stupid, he did it because he made an executive decision to, "hold fish, take picture with phone, throw it in the water" and then his motor cortex swapped 'it' to the wrong hand and went on autopilot.
If you don't like that example, I know of a highly secure data center in Seattle that had the emergency power cutoff button pushed not once but twice by different tenants. The first time was a pure accident of bumping it while doing maintenance. The second time someone opened an acrylic case and pushed the button because they thought "buttons open doors, I see a button. Sure is weird that it is covered with a box... hey why did the lights go out?" You have problem, you observe action or object that solves problems (maybe not this problem), monkey brain attempts action to see if problem is solved.
Typing in the repository name narrows the gap between intent and action, but it doesn't close it. Technically making someone type, "Make hippie/hippie private" would at least make them spell out the intent, narrowing it again. But it doesn't make them state the intent. Strictly speaking, they are being told to transcribe text. Whether they parse the text they're typing or not is a separate step, in two different parts of the brain. Any of those fails to connect and you have a catastrophic destruction. From a Precautionary Principle standpoint, the consequences are exactly the same with all three options, and only the likelihood has changed.
If you want to make a big dent in outcomes you have to also reduce the consequences, not just the opportunity. Making all actions reversible is the most conceptually simple and the most technically difficult option. Parceling out consequences over time is usually less difficult, and if you pick an order that makes the feedback immediate, then the person realizes quickly that what they meant and what they said didn't line up, before the real damage kicks in.
Github is built around git. The two biggest ways to permanently lose data from git, one of them is protected by permissions and may be off by default. The other one is automatic but takes 30 days. That's two very different precedents that have been set, and they picked the wrong one to emulate.
The other thing they could do is make user/organization structure for that profile readme the same - as he mentioned, he had just done it on his personal account, which is of the form `<user>/<user>`, so doing `httpie/httpie` for the organization made contextual/autopilot sense in the moment.
A lot of us navigate by typing, be it CLI, in our IDE, URLs etc.
And we must have got used to type hundreds of times our company or project names every day, in many places.
I can't imagine typing <project name>/<project name> in a input box triggering in us a lot consciousness or extra care. Typing something more unusual could actually be more impacting I think.
That's not the only difference. The other difference is that you also have to type the full repository name, including the organization name.
If they wanted to delete the correct repository, they would have to type httpie/.github, but instead they typed httpie/httpie.
It's unfortunate what happened, but without GitHub removing the possibility at all to delete repositories/change the visibility, I don't know what else they could have done to try to prevent it. It's really hard as a user to affect the wrong repository, as you are gonna have to mentally and literally pause to write out the organization name + repository (httpie/httpie in this case) and if that doesn't stop you, I don't think anything would.