This UI is predicated on the notion that the user will connect the word you're asked to type to the repository you're intending to modify.
Most of the time that's true, or we'd be hearing about this happening all of the time. But 'most of the time' is not 'every time'. 'Almost always' is also not 'every time'. This is a distinction that Human Factors people make that victim-blaming nerds do not.
You've seen the video on Youtube (or Reddit) of the guy holding the fish throwing his phone into the lake? He didn't do that because he was stupid, he did it because he made an executive decision to, "hold fish, take picture with phone, throw it in the water" and then his motor cortex swapped 'it' to the wrong hand and went on autopilot.
If you don't like that example, I know of a highly secure data center in Seattle that had the emergency power cutoff button pushed not once but twice by different tenants. The first time was a pure accident of bumping it while doing maintenance. The second time someone opened an acrylic case and pushed the button because they thought "buttons open doors, I see a button. Sure is weird that it is covered with a box... hey why did the lights go out?" You have problem, you observe action or object that solves problems (maybe not this problem), monkey brain attempts action to see if problem is solved.
Typing in the repository name narrows the gap between intent and action, but it doesn't close it. Technically making someone type, "Make hippie/hippie private" would at least make them spell out the intent, narrowing it again. But it doesn't make them state the intent. Strictly speaking, they are being told to transcribe text. Whether they parse the text they're typing or not is a separate step, in two different parts of the brain. Any of those fails to connect and you have a catastrophic destruction. From a Precautionary Principle standpoint, the consequences are exactly the same with all three options, and only the likelihood has changed.
If you want to make a big dent in outcomes you have to also reduce the consequences, not just the opportunity. Making all actions reversible is the most conceptually simple and the most technically difficult option. Parceling out consequences over time is usually less difficult, and if you pick an order that makes the feedback immediate, then the person realizes quickly that what they meant and what they said didn't line up, before the real damage kicks in.
Github is built around git. The two biggest ways to permanently lose data from git, one of them is protected by permissions and may be off by default. The other one is automatic but takes 30 days. That's two very different precedents that have been set, and they picked the wrong one to emulate.
Most of the time that's true, or we'd be hearing about this happening all of the time. But 'most of the time' is not 'every time'. 'Almost always' is also not 'every time'. This is a distinction that Human Factors people make that victim-blaming nerds do not.
You've seen the video on Youtube (or Reddit) of the guy holding the fish throwing his phone into the lake? He didn't do that because he was stupid, he did it because he made an executive decision to, "hold fish, take picture with phone, throw it in the water" and then his motor cortex swapped 'it' to the wrong hand and went on autopilot.
If you don't like that example, I know of a highly secure data center in Seattle that had the emergency power cutoff button pushed not once but twice by different tenants. The first time was a pure accident of bumping it while doing maintenance. The second time someone opened an acrylic case and pushed the button because they thought "buttons open doors, I see a button. Sure is weird that it is covered with a box... hey why did the lights go out?" You have problem, you observe action or object that solves problems (maybe not this problem), monkey brain attempts action to see if problem is solved.
Typing in the repository name narrows the gap between intent and action, but it doesn't close it. Technically making someone type, "Make hippie/hippie private" would at least make them spell out the intent, narrowing it again. But it doesn't make them state the intent. Strictly speaking, they are being told to transcribe text. Whether they parse the text they're typing or not is a separate step, in two different parts of the brain. Any of those fails to connect and you have a catastrophic destruction. From a Precautionary Principle standpoint, the consequences are exactly the same with all three options, and only the likelihood has changed.
If you want to make a big dent in outcomes you have to also reduce the consequences, not just the opportunity. Making all actions reversible is the most conceptually simple and the most technically difficult option. Parceling out consequences over time is usually less difficult, and if you pick an order that makes the feedback immediate, then the person realizes quickly that what they meant and what they said didn't line up, before the real damage kicks in.
Github is built around git. The two biggest ways to permanently lose data from git, one of them is protected by permissions and may be off by default. The other one is automatic but takes 30 days. That's two very different precedents that have been set, and they picked the wrong one to emulate.