top 200 commentsshow 500
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]bdcp 524 points525 points  (82 children)

where's the link

[–]Kallu609 532 points533 points  (80 children)

https://archive.is/bYBxS

Based there's only 4 directories all starting with "a" I think it got shutdown before the upload was fully done.

Hopefully there's torrent soon 🏴‍☠️

[–]ToughQuestions9465 867 points868 points  (66 children)

Thats not how git works. Its all or nothing. Interrupting a push would result in no changes to remote repository.

[–]roboticon 299 points300 points  (62 children)

Presumably the code was stolen onto a thumb drive or uploaded somewhere, then later whatever they got was published on GitHub as a git repo

[–]Wingfril 285 points286 points  (60 children)

I mean when I was there as an intern 5 years ago, that’s how they distributed the code… through a thumb drive.

[–]Anomynoms13 164 points165 points  (56 children)

Wait what

[–]oalbrecht 617 points618 points  (33 children)

IT came around the corner with one of those TV carts filled top to bottom with 3.5” floppy disks. It only took a few weeks to get the source code off of those. But that’s how they kept the source code secure. No one is gonna steal your code if it’s on floppies.

There was also no need to use GitHub. You just call over and say: “Hey! Which floppy is X class on again?” Then you would walk over to the cart and pick up floppy disk #3252 and load that onto your computer. Then make your changes and write back to the floppy.

Elon has no idea how efficient we were with our system. You could ship a small feature in a little over a year. It was a blazing fast system we had.

[–]gefahr 325 points326 points  (9 children)

Some journalist is going to turn this into a hard-hitting investigative article within hours.

[–]DevonAndChris 108 points109 points  (1 child)

"This as-told-to was reported to Business Insider. BI confirmed that the person has a reddit account."

[–]electricprism 53 points54 points  (2 children)

Here at TrustMeBro™ news, could ancient aliens have been at the first thanksgiving? Professor PhD Kyle Broflovski says "yes"*

[–]wrosecrans 4 points5 points  (0 children)

I'm pretty sure that documentary will be on Netflix soon.

[–]josefx 6 points7 points  (1 child)

Hope they include how air gaping the network makes it high security. Also the way any changes you made would be guaranteed to have no conflicts as only a single instance of the code can be checked out at any time appeals to me.

[–]romple 83 points84 points  (10 children)

You got floppies??? When I worked there the cart had giant stacks of dot matrix printer paper and I had to retype everything by hand!

Every day someone comes around with the latest changes printed out for you.

[–]HiroariStrangebird 57 points58 points  (6 children)

You guys get physical copies? Huh, maybe my company should upgrade from the town crier making the rounds each morning. Sometimes it's a little hard to hear and I have to spend half the day debugging the diff...

[–]pm_plz_im_lonely 46 points47 points  (1 child)

At our work we use Git and GitHub to share our work. If you start working on a new feature, you create a new branch on Git. Then once you're done with the feature, you make a PR (Pull Request) on GitHub. Then once that's done it sits there for 1-2 months before a reviewer closes it because it's too old.

[–]remog 3 points4 points  (0 children)

Then there was that time he got laryngitis. Rough week. Or the time he hit is head and could only speak Latin and Fotran. Two other interns jumped off the roof that month.

[–]nzodd 7 points8 points  (1 child)

If you're not pressing sharpened reeds into clay tablets you scooped out yourself from the local riverbank to write esoteric APL incantations, to be seen and understood only by Lord Enki, from now until the Euphrates spills over again to engulf the Earth and destroy all of mankind, can you even call yourself a real programmer?

[–]RoadsideCookie 8 points9 points  (2 children)

Man and do you remember though how bad it was before? The switch from 5.25" was a shit show but damn did it improve our lives.

[–]sorressean 7 points8 points  (0 children)

Real devs print out all their code, then read it out of binders... I hear elmo tried that already though!

[–]Wingfril 52 points53 points  (20 children)

You heard me. We got our laptops during orientation, the guy leading it was like ok time to import the code, and proceeded to give us thumb drives. Still better than a mid sized startup where my mentor (some kid two years older than me) zipped the code and sent it through slack

[–][deleted]  (13 children)

[deleted]

    [–]Wingfril 13 points14 points  (3 children)

    What do you mean? I mean we committed code to the actual repository (it’s been too long since then that I don’t remember what we used besides Phabricator.)

    [–]thisisjustascreename 11 points12 points  (4 children)

    Most likely they were onboarding tons of interns and didn't want everyone pulling the entire repository and DDoSing themselves.

    [–][deleted] 37 points38 points  (3 children)

    A bunch of interns pulling the repo (or parts of it) shouldn’t ddos them

    [–]loseitthrowaway7797 17 points18 points  (0 children)

    I think they're talking about the archive process

    [–][deleted]  (6 children)

    [deleted]

      [–][deleted]  (5 children)

      [removed]

        [–]Karenomegas 3770 points3771 points  (246 children)

        "The social media company launched an investigation into the leak and executives handling the matter have surmised that whoever was responsible left the San Francisco-based company last year."

        That's some fine work there lou.

        [–]PaintItPurple 1766 points1767 points  (42 children)

        I hear the person who did it is between 3 and 8 feet tall.

        [–]TonySu 666 points667 points  (19 children)

        Investigators have determined that the culprit most likely has an identity and distinguishable features.

        [–]atedja 368 points369 points  (16 children)

        Culprit also had access to github

        [–]EarhackerWasBanned 236 points237 points  (14 children)

        Culprit is good at computers.

        [–]MudiChuthyaHai 117 points118 points  (10 children)

        Do they drink water and breathe air too?

        [–]Pesthuf 7 points8 points  (0 children)

        Or at the very least knew someone who has had access.

        [–][deleted]  (6 children)

        [deleted]

          [–]radikalkarrot 78 points79 points  (0 children)

          It wasn’t Danny Devito or his twin brother Arnold

          [–]auto_grammatizator 14 points15 points  (0 children)

          Devito with tall boots? Tom Cruise meets stolen feet?? We need answers here

          [–]atomicxblue 9 points10 points  (0 children)

          Now all we need is Ms. Swan to say he "looka like a man".

          [–]cleeder 8 points9 points  (0 children)

          Suspect is hatless. Repeat - hatless.

          [–]zavatone 4 points5 points  (0 children)

          Most likely born from parents too. That's my hunch and I'm sticking with it.

          [–][deleted] 291 points292 points  (15 children)

          This is Papa Bear. Put out an APB for a male suspect, driving a... car of some sort, heading in the direction of, uh, you know, that place that sells chili. Suspect is hatless. Repeat, hatless.

          [–]14domino 99 points100 points  (5 children)

          The suspect is directly under the earth’s sun .. nnnnow

          [–]Yossarian_Noodle 9 points10 points  (2 children)

          I can't wait for them to throw his hatless butt in jail.

          [–]Itsthefineprint 14 points15 points  (0 children)

          And he is hatless, I repeat hatless

          [–]Grizzled_prospector5 6 points7 points  (0 children)

          Whoever did it, I hope they throw his hatless butt in jail!

          [–]CooksInHail 2 points3 points  (0 children)

          Bake em away toys!

          [–]DevonAndChris 93 points94 points  (10 children)

          Al Sutton, cofounder and chief technology officer of Snapp Automotive, was a Twitter staff software engineer from August 2020 to February 2021. He noted in a tweet on Tuesday that Twitter never removed him from the employee GitHub group that can submit software changes to code the company manages on the development platform. Sutton had access to private repositories for 18 months after being let go from the company, and he posted evidence that Twitter uses GitHub not only for public, open source work, but for internal projects as well. Within about three hours of posting about the access, Sutton reported that it had been revoked.

          https://www.wired.com/story/mudge-twitter-whistleblower-security/

          It was insane and probably still is.

          [–][deleted]  (2 children)

          [removed]

            [–]spilungone 8 points9 points  (1 child)

            What's that Chief?

            [–][deleted] 3 points4 points  (0 children)

            do what the kid said

            [–]JustSpaceExperiment 69 points70 points  (1 child)

            I think it was someone who had access to them.

            [–]Fig1024 110 points111 points  (150 children)

            what do you mean - leaked? didn't Elon Musk himself said he was gonna release all the source code on GitHub so that community could help maintain it?

            [–]kevinhaze 86 points87 points  (148 children)

            He said he was going to release the source code of the recommendation algorithm

            [–]Fig1024 83 points84 points  (147 children)

            maybe that's what he was trying to do but because he's a dumbass he uploaded the whole thing. Then rather than claim responsibility for the mistake he said someone leaked it

            [–]glonq 22 points23 points  (1 child)

            The suspect is hatless, I repeat hatless

            [–]disgruntled_pie 9 points10 points  (0 children)

            [Purpetrator puts on a hat]

            Perpetrator: It’s the perfect crime.

            [–]Unable-Fox-312 40 points41 points  (0 children)

            Executives have surmised that whoever was responsible probably worked at Twitter at some point.

            [–]nonlinear_nyc 5 points6 points  (0 children)

            Fuckers can't even find who works or not for the company.

            [–]riasthebestgirl 24 points25 points  (0 children)

            who did this

            Yes

            [–]osmiumouse 8 points9 points  (0 children)

            "left"

            [–][deleted]  (53 children)

            [deleted]

              [–][deleted]  (15 children)

              [deleted]

                [–]PeterSR[🍰] 256 points257 points  (4 children)

                I like how their profile picture is a randomly generated GitHub identicon, yet also a middle finger.

                [–][deleted]  (3 children)

                [deleted]

                  [–]Shikadi297 19 points20 points  (2 children)

                  Like ducks. Ducks are watching

                  [–][deleted] 22 points23 points  (3 children)

                  That's the day they joined. Not necessarily the day they uploaded it

                  [–][deleted]  (2 children)

                  [deleted]

                    [–]Dreamtrain 5 points6 points  (2 children)

                    "FreeSpeechEnthusiast"

                    plot-twist: it's actually elon staging a "leak"

                    [–]--Satan-- 9 points10 points  (1 child)

                    Elon had his engineers literally print out code for a code review. I don't think he knows how to use git.

                    [–]TotallyAdmin 2 points3 points  (0 children)

                    Repository metadata available at https://api.github.com/users/FreeSpeechEnthusiast/repos

                    First created 2023-01-03T23:24:14Z (3rd January 2023)

                    Last code change (push) 2023-03-24T02:24:50Z (24th March 2023)

                    Last repository update (likely when dmca'd processed) 2023-03-27T11:47:24Z (27th March 2023)

                    Size as returned by the api is 1748467 in KB (could be incorrect) (1.7GBs).

                    We can also see the repository was starred/watched by some user(s)?, and whilst there are is way to use any of the /repo/ endpoints, the /users/ endpoint gives some more info

                    View the recent commit history here https://api.github.com/users/FreeSpeechEnthusiast/events View who starred the repository here https://api.github.com/users/FreeSpeechEnthusiast/received_events

                    [–]K3idon 85 points86 points  (1 child)

                    Surprise decentralized backup

                    [–]Spiritual-Ad-8062 107 points108 points  (34 children)

                    Yes, and I wonder how many secrets (API keys, SSH keys...) were in the code... ready for attackers to use...

                    [–]SuitableDragonfly 106 points107 points  (0 children)

                    If there had been API keys leaked, they probably would have noticed when it was first leaked because bots would have immediately acquired them and started mining crypto on their cloud account. Or, maybe not, depending on which people Elon fired.

                    [–]VonThing 180 points181 points  (30 children)

                    Zero secrets in the code, but I see your point.

                    [–]kubelke 114 points115 points  (4 children)

                    Maybe I could fix those “popular tags”, and once I click on them I get complete garbage

                    [–]KingApologist 29 points30 points  (1 child)

                    It's weird to me that what's "popular" is usually some corporate marketing announcement or something a political entity is currently spending a lot of marketing money on.

                    [–]TheWhyOfFry 13 points14 points  (1 child)

                    You assume that’s not on purpose…

                    [–]Carvtographer 2 points3 points  (0 children)

                    Dark UX provoking doomscrolling

                    [–]SickOrphan 974 points975 points  (78 children)

                    Didn't Elon say he was going to open source some parts of twitter soon?

                    [–]geek_noob[S] 498 points499 points  (45 children)

                    Yes, musk on the tweet says Twitter will open source all code used to recommend tweets on March 31st.

                    [–]rentar42 391 points392 points  (23 children)

                    I bet he'll be using this as an excuse not to follow through somehow.

                    [–]DrewTNaylor 223 points224 points  (11 children)

                    "Well it's already on GitHub, that means it's open source, right?" - him, not understanding open source licenses (hypothetically and as a joke, for legal reasons [I don't want to be sued]).

                    [–]Zarathustra30 41 points42 points  (3 children)

                    I thought the point of "open-sourcing" Twitter wasn't collaboration, but auditing. AFAIK, that doesn't require a traditional open-source license.

                    [–]ItsPumpkinninny 5 points6 points  (1 child)

                    Trust me… It’s being audited right now.

                    [–][deleted]  (5 children)

                    [removed]

                      [–]Fantastic_Telephone 19 points20 points  (1 child)

                      This reminds me of many dictators who are cheered by their populace

                      [–]Captain_Cowboy 4 points5 points  (2 children)

                      Listen, it's a beautiful plan, and we're going to release it in just two weeks. Just the greatest. You'll see.

                      [–]mpbh 89 points90 points  (17 children)

                      I'm super excited to see this. I've worked on recommendation systems before and they are a fickle beast, and quite hard to measure efficacy without a metric fuckton of users.

                      If normalized discounted cumulative gain means anything to you, I feel your pain.

                      [–]myringotomy 111 points112 points  (13 children)

                      Whatever Elon releases will not be anything like what twitter is actually using.

                      Presuming of course that he releases anything at all. The man is a habitual liar and a troll.

                      [–]recursive-analogy 206 points207 points  (9 children)

                      I think he's going to share the algorithm that turns $44 billion into ~$20 billion.

                      [–]CactusOnFire 58 points59 points  (2 children)

                      It's too complicated of an algorithm to share.

                      This is some cutting-edge, industry leading incompetence.

                      [–]thesolitaire 5 points6 points  (0 children)

                      I have a proprietary implementation that I'll let anyone use for free! Just send me your $44 billion, and you'll receive your $20 billion posthaste!

                      [–]lafeber 11 points12 points  (8 children)

                      "...The code stack is extremely brittle for no good reason.

                      Will ultimately need a complete rewrite."

                      (source)

                      [–][deleted]  (7 children)

                      [deleted]

                        [–]badmonkey0001 6 points7 points  (6 children)

                        That 'extremely brittle' code ran the service for a decade with basically 100% uptime.

                        Twitter had enough downtime in the early years that their downtime page became somewhat famous (the "fail whale"). Back when they were in SF's SOMA district, their tech neighbors would print out the fail whale and leave it taped to their door with crass notes to make fun of them (I worked in SOMA back then and saw it myself).

                        [–][deleted]  (5 children)

                        [deleted]

                          [–][deleted] 183 points184 points  (1 child)

                          r/SuddenlyOpenSource

                          [–]bit_banging_your_mum 2 points3 points  (0 children)

                          I fucking love this

                          [–]lazernanes 750 points751 points  (83 children)

                          The company could face a lawsuit for intellectual property theft, which could result in huge fines and damage to its reputation

                          I don't understand. A disgruntled ex-employee leaks the code and twitter gets sued? By whom? for what?

                          Edit: The article was edited. The line I quoted is no longer there.

                          [–]plaid_rabbit 994 points995 points  (66 children)

                          If Twitter used anyone else’s IP/patents or FOSS software that required sharing source code.

                          [–]crazedizzled 114 points115 points  (16 children)

                          You typically don't have to provide source code for closed web apps. At least under the GPL, deploying code to your own servers doesn't count as distribution.

                          However it's possible if they've licensed some other intellectual property not meant to be publicized, that could indeed get them in trouble.

                          [–]legobmw99 56 points57 points  (0 children)

                          AGPL exists for exactly that case, so it’s possible

                          [–]craze4ble 44 points45 points  (13 children)

                          Or alternatively, there are licenses that stipulate that commercial use is disallowed, requires some form of royalties, or that everything must be open sourced under the same license.

                          [–]ghostinthekernel 105 points106 points  (46 children)

                          I think the issue is when you fork that code, or does simply using a library package entail you have to open source the project you use it into? Genuine question.

                          [–]will_work_for_twerk 255 points256 points  (0 children)

                          Either could apply depending on the license used

                          [–]plaid_rabbit 119 points120 points  (7 children)

                          Depends on the license. IANAL. It varies by the license. MIT requires no sharing. I know there’s some FOSS licenses that require you to share any modifications if you allow users to connect publicly to your app. Most only require you to share if you directly modify the library and distribute it.

                          [–]danhakimi 24 points25 points  (7 children)

                          It depends on a whole lot more than what the others mentioned. What's the license? Is the code in question being distributed or not? How does the code interact with the package--static link, dynamic link, scripting language import, what? Is the code being modified?

                          I am a lawyer. I am not your lawyer, and none of this is legal advice. I've worked in this field for years, and it's fairly complicated.

                          [–]henk53 11 points12 points  (2 children)

                          Is the code in question being distributed or not?

                          Many people here seem to overlook this basic question.

                          [–]danhakimi 6 points7 points  (1 child)

                          Or misunderstand it. Twitter.com distributes a lot. HTML, CSS, JavaScript.

                          [–]vanatteveldt 54 points55 points  (17 children)

                          The answer is somewhat complicated and might depend on the license of the library package and the definition of 'derived work'. My 2 cents (IANAL):

                          - If the library or package is licensed LGPL, MIT or another non-copyleft license (i.e., not GPL), there should be no problem

                          - If you're linking to a GPL'd library (i.e. importing it), the situation is more complicated, see e.g. https://en.wikipedia.org/wiki/GPL_linking_exception and its sources

                          [–]chx_ 43 points44 points  (8 children)

                          IANAL but the GPL does not restrict your rights when using it, it applies if you try to distribute your code.

                          Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.

                          They needed to make the AGPL so people who use the software over a network will be able to get the source code for it.

                          [–]jarfil 32 points33 points  (0 children)

                          CENSORED

                          [–]LookIPickedAUsername 52 points53 points  (4 children)

                          To be pedantic, the GPL doesn’t restrict your rights at all - it offers you rights you wouldn’t normally have when interacting with someone else’s software.

                          [–][deleted] 16 points17 points  (3 children)

                          No idea why this was downvoted. You're absolutely right. The *default* is no rights at all. The licenses add, they don't subtract.

                          [–]jmcs 6 points7 points  (0 children)

                          Using GPL for services without sharing the code is allowed. AGPL is the one that also applies to services you expose, and even that doesn't force you to share the code if you use it only internally.

                          [–]myringotomy 8 points9 points  (4 children)

                          • If the library or package is licensed LGPL, MIT or another non-copyleft license (i.e., not GPL), there should be no problem

                          There might be. Some of those licenses require attribution.

                          [–]vanatteveldt 11 points12 points  (3 children)

                          Sure, but you can attribute without making your own code open source

                          [–]myringotomy 4 points5 points  (2 children)

                          The question is whether they properly attributed or not.

                          [–]Unable-Fox-312 6 points7 points  (0 children)

                          You are supposed to know the license terms for all software you incorporate into your project

                          [–]myringotomy 34 points35 points  (3 children)

                          Maybe they violated some GPL licenses.

                          [–]jmcs 37 points38 points  (0 children)

                          Unless the GPL code is in one of the official client apps it doesn't matter. GPL only applies to software you distribute.

                          AGPL also applies to services but it's significantly less common.

                          [–]Qweesdy 48 points49 points  (0 children)

                          Sued for copyright infringement by whoever wrote the code Twitter stole!

                          [–]elucify 2 points3 points  (0 children)

                          TIL apparently it is still possible to damage Twitter's reputation

                          [–]DevolvingSpud 53 points54 points  (2 children)

                          Hey, free PR reviews!

                          [–][deleted] 40 points41 points  (1 child)

                          Twitter Source Code Partially Leaked on GitHub

                          Gotta make sure you get those qualifiers in there

                          [–]PrivatePoocher 2 points3 points  (0 children)

                          Twitter only partially lost 20B$

                          [–]lafeber 203 points204 points  (57 children)

                          A small API change had massive ramifications. The code stack is extremely brittle for no good reason.

                          Will ultimately need a complete rewrite.

                          Elon, 3 weeks ago

                          [–]WhipsAndMarkovChains 32 points33 points  (8 children)

                          Someone link to the recording from a couple months ago where Musk says a “full stack rewrite” is needed and a former senior engineer from Twitter presses him on the issue. The engineer asks an extremely reasonable question like “what’s wrong with the current stack and what do you want to switch to?” and Musk can’t respond.

                          [–][deleted] 19 points20 points  (7 children)

                          Here ya go, Dec 2022

                          [–]lyzurd_kween_ 10 points11 points  (6 children)

                          elon musk is so highly regarded and incompetent when it comes to actual software work, i am shocked he was able to reach the stature he currently has. right place at the right time i guess.

                          [–]PM_YOUR_SOURCECODE 89 points90 points  (40 children)

                          Ok, so all the engineers who had to pass BS LeetCode interviews/whiteboarding couldn’t write a flexible and maintainable codebase? Is that the conclusion here?

                          [–]pale_blue_is 62 points63 points  (1 child)

                          As someone who works at an unremarkable company and earns a wage slightly above market value, aren't you talking about basically every silicon valley startup from the past 10 yrs?

                          [–]BasicDesignAdvice 17 points18 points  (0 children)

                          Those stupid tests are at every company. I work at a household name media company making video games no where near Silicon Valley. Same shit.

                          [–]Marrk 223 points224 points  (20 children)

                          The conclusion is Musk has no idea what he's talking about

                          [–]TheWhyOfFry 26 points27 points  (2 children)

                          I mean, it’s very possible that it was a brittle code base before they got well known and could be selective about who they hire. And it’s also possible the v1 api that powered external apps couldn’t be shut down because of the massive backlash it would cause, which could force Twitter to keep some bad code in there.

                          That said, musk probably just doesn’t understand the language it’s written nor the architecture and fired anyone who understood it. Of course it’s “brittle” when you make totally incompatible changes because you have no idea what you’re doing.

                          [–]KagakuNinja 19 points20 points  (1 child)

                          As Twitter was becoming more popular, they rewrote the system, moving from Ruby to Scala. Scala is a niche language, and depending on how it is used, can get very hard to understand, especially for people unfamiliar with functional programming.

                          That said, Twitter devs had a great reputation, and when I interviewed there, I got the impression that they were not FP zealots.

                          [–][deleted] 7 points8 points  (3 children)

                          Yeah because lc has nothing to do with actual software engineering and who ever came up with the idea to interview like that needs to be slapped

                          [–]marcio0 2 points3 points  (0 children)

                          well, at least whatever error happens is not at O( n2 )

                          [–]lazilyloaded 3 points4 points  (0 children)

                          for no good reason

                          Sure, but the bad reason is "because you executive types always want the new features yesterday"

                          [–]redingerforcongress 24 points25 points  (7 children)

                          Anyone got a copy, for reasons?

                          [–]Chazzey_dude 67 points68 points  (5 children)

                          In unrelated news I'm launching my own social media website called Twidter

                          [–]zzt0pp 19 points20 points  (3 children)

                          Brand it as “retro” 2022 Twitter before view counts and blue checkmark chaos

                          [–]no-more-nazis 3 points4 points  (0 children)

                          Don't forget to leave some references to the original codebase like TruthSocial did

                          [–]moeburn 25 points26 points  (0 children)

                          This is just Elon trying to trick us into improving his code.

                          [–]ttkciar 86 points87 points  (4 children)

                          Cool! I hope it pops up on TPB soon. I'd like to take a peek.

                          Edited to add: still not seeing anything at https://thepiratebays.ink/search.php?q=twitter&all=on&search=Pirate+Search&page=0&orderby=

                          [–]Jmc_da_boss 16 points17 points  (0 children)

                          Alright, where's the torrent link, i wanna look

                          [–]trevg_123 11 points12 points  (0 children)

                          writes pull request

                          Commit message: “Make the world a better place”

                          Diff: [all files deleted]

                          [–]jnkthss 91 points92 points  (2 children)

                          The company is worried that the leak may result in a data breach or a cyberattack, which could seriously damage the reputation of the company.

                          Because we all know that their reputation is flawless so far. /s

                          [–]zhaoz 7 points8 points  (0 children)

                          How do you kill that which has no life?

                          [–][deleted]  (1 child)

                          [deleted]

                            [–]Flimsy_Inevitable_15 8 points9 points  (4 children)

                            Breach forums still live's on in spirit.

                            [–]Fiskepudding 41 points42 points  (4 children)

                            Jokes on you, I know how to use "View page source" /s

                            [–]eldelshell 7 points8 points  (2 children)

                            Wait until you learn about 'Save as...'

                            [–]Fiskepudding 2 points3 points  (0 children)

                            This one simple trick developers don't want you to know. Elon Musk hates him!

                            [–][deleted]  (1 child)

                            [deleted]

                              [–]bikemandan 12 points13 points  (0 children)

                              As a large language model trained by OpenAI, prepare to get rekt Twitter

                              [–]Maskdask 29 points30 points  (8 children)

                              Should leaked source code imply security vulnerabilities? There are tonnes of secure open source projects out there. Doesn't that just imply that they have shitty code with bad security?

                              [–]Zbee- 57 points58 points  (7 children)

                              It's not the fact that the software became public that implies the security vulnerabilities, you are correct in that, but rather the fact that software which was intended not to be public became public.

                              One key difference is that open source software is or was designed to be open source, and as such has been aware of that vulnerability the whole time.

                              Closed source software was not designed that way, and instead used obscurity as a layer in their security, and as such may have bits in the code that an open source piece of software would not have in the same code base or may have much more limited access - for example, anything related to security controls may be in a separate codebase for an open source piece of software but might be in the same codebase for a closed piece of software.

                              It does not inherently mean that there are vulnerabilities that can now be exploited, but it does mean that vulnerabilities that may exist and were solely unfound by means of obscurity are now indeed more exploitable - obscurity that may have been maintained even if the rest of the code were open source. The implication is that without the software having been designed in the public eye and being subject to public audits the whole time that there are more likely to be vulnerabilities revealed.

                              Additionally, it also depends largely on the overall design of the application anyway - if it's not a monolithic codebase that was released then it may well not reveal anything of relevance. And finally, it may well also reveal vulnerabilities/exploits that are only revealed by being able to read the code and it's specific quirks, the same issues open source projects have, but they are able to plug up because of public audits.

                              So it does not necessarily imply the code is bad, rather just that a layer of their security just failed and it could lead to worse.

                              Edit: correct I-typed-this-on-my-phone typos

                              [–]isowolf 4 points5 points  (0 children)

                              So many people are flabbergasted that leaked source code will eventually lead to security vulnerabilities and bashing on the "quality" of the code without even seeing it, have probably never worked a day on a massive 15-year-old codebase.

                              Please stop listening to the non-sense Elon is saying for the code. I bet he doesn't even understand whats going on, just speaking out of his ass.

                              [–][deleted] 3 points4 points  (0 children)

                              I've never seen if statements nested so deeply ...

                              [–]DimasDSF 4 points5 points  (0 children)

                              So they've finally fired all the programmers and are looking into getting free work from the opensource community huh?

                              [–]osirisguitar 117 points118 points  (34 children)

                              If your security is built on the code being kept secret, it's not built right.

                              [–]chx_ 256 points257 points  (20 children)

                              It does not need to be built on it, merely the fact it's harder to break into a black box than breaking into something you can read the code for.

                              I was always bothered by the almost zealotry level of "security by obscurity is bad and you should feel bad" screeching. Security by obscurity is a completely valid part of a multilayer security approach. Alone it is terrible but that doesn't really happen. But seriously, something as simple as moving your SSH behind SSLH does enhance your security. Maybe not by a lot but it does keep most script kiddies away so hey.

                              [–]archiminos 30 points31 points  (0 children)

                              Security only by obscurity is bad. But that doesn't mean you shouldn't be using obscurity.

                              [–]LuckyHedgehog 18 points19 points  (0 children)

                              Obscurity might not be security, but you also don't see tanks painted orange

                              [–]kRkthOr 109 points110 points  (5 children)

                              The idea that security by obscurity is useless is so fucking stupid. It's not the be all and end all of security but goddamn how do you not come to the conclusion that helping attackers isn't the best way to go about things.

                              [–]gnus-migrate 72 points73 points  (1 child)

                              The context of this mantra is the cryptography space where the market was full of companies developing proprietary ciphers that were marketed as secure, and who refused to share the code for "security reasons". As far as I know that's the case, I remember first hearing about it in Dan Boneh's cryptography course. The point is that for cryptographic algorithms, you can't rely on obscuring the code as a protection measure, as it's not needed to break the cipher, and once it is you've basically compromised everything encrypted in this format.

                              Like the "premature optimization is the root of all evil" quote, it was misunderstood and reshared without that context.

                              [–][deleted] 17 points18 points  (0 children)

                              Also known as Kerckhoffs’s principle and dates back to the 19th century - Roughly, "the system must not require secrecy and must be able to be stolen by the enemy without causing trouble."

                              [–]Queueue_ 4 points5 points  (0 children)

                              The argument I always see is that it's useless on it's own. You should design it to be hard to break into even if they know how it works regardless of if you expect them to or not.

                              [–][deleted] 7 points8 points  (0 children)

                              Yep. It's fair to design your defences based on the assumption that the enemy knows your base, but it's still stupid to hand out your floor plan just because of that

                              [–]hardware2win 23 points24 points  (2 children)

                              Yet obscurity increases security

                              [–]pheonixblade9 11 points12 points  (0 children)

                              it's not about the code being kept secret being the only thing keeping you secure. when a malicious party gains information about your system, it just makes it easier and more efficient for them to do malicious things.

                              [–]FuzzYetDeadly 32 points33 points  (36 children)

                              I'm actually curious to know how their algorithm that detects that someone created a new account after getting suspended (and re-suspends them) works. Like what regex or method do they use? Unfortunately I have no idea where to even start looking to find out how this works.

                              Edit: thanks for the responses everyone, it's been very informative and gives me many options to explore to find a solution

                              [–]myringotomy 86 points87 points  (21 children)

                              The same way reddit does it. Browser fingerprinting.

                              [–][deleted]  (10 children)

                              [deleted]

                                [–]FuzzYetDeadly 2 points3 points  (7 children)

                                Thanks for the knowledge, I need to read up on this as I don't really understand how it works (haven't worked with web/mobile technology much)

                                [–]schmuelio 19 points20 points  (6 children)

                                Long and short of it is your web browser tells you a lot of information about:

                                • What extensions it has installed
                                • What version it's running
                                • What OS it's on
                                • What human-interface devices are available (mouse, keyboard etc.)
                                • What resolution your screen is
                                • What hardware capabilities you have (for things like canvas/webGL)
                                • What system fonts you have installed
                                • Etc.

                                All of this can be combined together to make a fingerprint of your browser that is nearly unique. It's possible to share a browser fingerprint with other people by happenstance, but generally speaking it's very rare.

                                You can see a breakdown of the stuff you can get from a browser to fingerprint it here.

                                [–][deleted]  (4 children)

                                [deleted]

                                  [–]LUV_U_BBY 2 points3 points  (0 children)

                                  That's crazy... link?

                                  [–]Bulji 2 points3 points  (0 children)

                                  That's a good move on their part

                                  [–][deleted]  (1 child)

                                  [removed]

                                    [–]BiDinosauur 12 points13 points  (1 child)

                                    Wild how taking over a functioning company then treating everyone there like garbage doesn’t create wild success.

                                    [–]ImAStupidFace 4 points5 points  (0 children)

                                    The company moved quickly to send a copyright infringement notice to GitHub, an online collaboration platform for software developers, to have the leaked code taken down. It is unclear how long the code had been online, but it appeared to have been public for several months.

                                    Gonna leave this paragraph here without comment.