Also https://crates.io/users/tony-iqlusion

That person is definitely not helping the perception that a significant fraction of the cryptofinance community is scammers, and that their presence has a negative effect on the community.

Oh wow ... that guy ... is also doing this?

That certainly puts his participation in the namespacing debates into a new light.

That account is weirder though, they have a bunch of real (and real popular) projects like zeroise, the filled-in projects are rather complex, and even the placeholder packages have a somewhat proper description, though some of them are very very odd.

They're not out there hawking popular names for sale and some of their placeholders are even "namespaced" (the abscissa or signatory subcomponents).

Interestingly, you can't name squat on GitHub. I just asked them for the guy squatting my first name and they gave it to me. Ah, the power of non-community-run product. You can do the right thing without having to worry about the slippery slope.

> I just asked them for the guy squatting my first name and they gave it to me.

Your... first name? So "rene" (if I was to assume a few things about your username)?

Haha, that's not my real first name. You know, like how Ronaldinho's actual first name is Ronaldo? Like that. The actual name.

Sure, and that's why I said I was assuming, but my (poorly communicated) intent was to question how unique your first name is, and how someone is squatting on it if it's a real account and maybe they have that name too?

I mean, it's probably not a big deal in this case. But if I had a github account that someone wanted and github just gave out my (personal?) info, I might feel a bit betrayed by them. I know, I shouldn't give them any info I really want private, but that doesn't mean I can't expect them to act responsibly with what I have given them. I just didn't want to state all that up front, because it assumes a lot about what happened when there wasn't a lot of detail provided.

It is nice when people can just make simple stuff happen though, I agree. It's just a hard line to walk, because you allow that and then you get stuff like the recent Twitter hack. It's hard for us to all have nice things and nice people that can help us because there really are a bunch of people out there to get you (or someone in a similar situation, at least). :/

They don't give you access to the account. They tombstone the old one and assign its handle to yours. So you get the other GitHub handle but your account retains its repos, its keys, etc and doesn't get mixed in with the other account.

Of course, if they just let you login to the other one that would be crazy business. You'd know the other guy's email for starters. But they don't.

It's all perfectly kosher. You just get the namespace.

Ah, they gave the account name. When you said "asked them for the guy" and "they just gave it to me", I was interpreting it as the guy's contact info and them just giving it to you, which is what was raising red flags for me. Yeah, it's much less problematic if they just let you use the name of a discontinued account (as long as the github single-sign-on stuff keys off an ID and not a name, which I assume it does).

Yeah sorry about that. Though it's funny. You can just scrape folks' repos to get their email anyway. They all include it in commits. Emails are better made public than kept private imho.

This also happens with PyPI. I've been lucky to reclaim a package name I wanted and had been squatted, but I've also seen some squatters observant of requests to reclaim squatted names, and then they start adding some (usually useless) functionality to the package. See [0] for one example.

[0] https://pypi.org/user/eaybek/

That is horrendous and it should be taken down due to obvious non-fair and possibly malicious intent.

So then they just change their script to only create 3 projects per generated username?

There's nothing you can do to prevent this except devise a system where it's inconsequential to register all of these names: namespaces.

If it bothers you that one person can do this with many packages, then presumably it bothers you that 100,000 people can do it benignly with a few package names which is what goes on in npm/ruby/cpan. The solution is to simply making them worthless.

Subreddits have the same problem.

Then packages will be resquatted. Maybe by the same person under different name.

Why is he not banned / moderated?

I think that, once you start taking down crates and users, you've opened a Pandora's box of responsibility.

The case above is clear but a whole load of not so clear cases would follow and then there would be a need for an appeals process.

My guess is that the developers have better things to do.

Crates.io is run by a couple volunteers, they (sadly) don't have the time to start playing cat-and-mouse with squatters.

Why isn't Mozilla funding them?

Mozilla is progressively dropping the rust project has they doesn't have the financial resources anymore

Even before, while Mozilla occasionally paid some people to do some development work, including creating it in the first place, they never paid for full-time support staff, which is what this would require.

That's unfortunate. It seems like the only way to have a successful language anymore is to have corporate backing.

Well we now have a number of companies who are paying for all sorts of things, Amazon and Microsoft being two of them. With hopefully more in the future once we get the foundation going.