49 comments

[ 4.1 ms ] story [ 106 ms ] thread
[April fools] and I fell for it.
Reminder: It's April 1.
Ah yes, the same reason I stopped reading slashdot in 2007.
This is a quality April Fool's joke. And sort of doubles as a reminder that contributions are appreciated.
Lichess should try to make this right.

Maybe offer all users a free month as way of apology?

Not enough. I want my money back!
What will programmers eat if their software is given away
Let them eat cake.
I travelled down endless paths searching for the cake.

I learned endless maths to understand the cake.

In the end, to my great wrath, I learned that cake is a lie.

Whatever scholars and authors ate centuries ago.
(comment deleted)
Ahh, now I can rest easy knowing that the email from GitLab about resetting my password was also just an April's Fools.
lichess is open source fyi
And ornicar is a core contributor
Not just a core contributor, the founder and core contributor.
Who hacks their own site for the source? Why not just make it OSS in the first place? Maybe it's a disgruntled employee thing.
I hope Linux is safe.
Nope, I checked. It seems there's a permissions error on their repo that accidentally made it public. No hackers even, just an awful mistake.
I've _always_ tried to warn my colleagues open-source wasn't safe because everyone could read the code, this is _yet_ another proof!
::This::

I even go so far as insisting that my coworkers infer my source from vague documentation & then create their own white-room implementations. They'll get not so much as a println or an import math from me.

I've been using Lichess as a password generator, seeding it with my opening moves. A key derivation function needs to be computationally hard, and I figured chess was a good start. Sadly, I've also inflicted a CAPTCHA-style nightmare every time I need to use a password. OTOH, that also goes for Joe Hacker trying to get to my passwords.

But now I wonder how this leak affects my account security. Maybe I should just switch to Go?

Nah, Go sucks. Play Rust instead. Way more fun.
Definitely C-level advice.
If you're into the occult, you can also become a saucerer and put a Hex on people.
Rust has a really steep learning curve apparently. You might like Valheim better.
This one had me thinking really hard, good one.
Valheim!? The whole reason one picks Rust is to avoid the 'grind
There's a real classic called Binary that's even harder. There's even a metagame, "Bughunt", where you get a fly swatter and travel down endless corridors of tubes searching for bugs before they land. Urban legend is there's a game that is the most perfect grind ever, called Unary. It's basically the Platonic Ideal of Grind.
> I've been using Lichess as a password generator, seeding it with my opening moves.

1.e4 e5 2.Ke2?

Magnus, is that you?
This is hilarious. Totally got me for a while!
That's awful, and hackers got Microsoft recently too. What's next, Linux? Only a matter of time.
Couldn’t happen. Linux is used by the largest companies in the world. The license fees alone are enough to have an equivalent to the US army physically protecting systems that house the source code.

I’m sure the NSA (whom relies on Linux) would prevent the leak too.

Hmm, it may be too late. I just found something claiming to be the real thing in an unsecured repo [1]. It doesn't even appear to be a hack, but perhaps just a permissions misconfiguration. Linus is going to feel real silly about this one. Oh well, get ready for the zero days!

https://github.com/torvalds/linux

Good 4/1 joke... thought for a moment wow, this company is open alright to the point of a discussion group around their hack! Too good.
For anyone unaware, lichess is an open source website. The source code was leaked by "ornicar" - the maker of lichess.org - and the link to the source code is their GitHub. Pretty good April fools joke!
Hypothetically speaking. If I were to take their (OS) code and try and sell it to someone who actually believes I am a 1337 hacker, how much trouble would I be in?
Depends whether you tried to sell a license to the software, or the copyright to the software. The later you can't do, the buyer would have a fraud case against you.

The former is fine, as long as the license is the one that the software is publicly licensed under.

Would've been funnier: "Chess.com source code accidentally leaked when fork from Lichess got accidentally presented as PR"
Classy joke. Kudos to the team.

On a lighter note: what better day than today to be a day of jubilation for Scala fans? :)

I was like, how does the source code have 11k stars? Aahhh.
> All our inner workings exposed!

Unless you really have a trade secret (such as some obscure and unpatentable process) then Kerckhoff/Shannon's second principle applies as well to business as to cryptography;

2. It should not require secrecy, and it should not be a problem if it falls into enemy hands; [1]

[1] https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

edit: Oh Ok. Good one! :D

Took me a moment too. I'm only vaguely acquainted with Lichess, so for the first half of the post it was buzzing in the back of my head, isn't this OSS?. I finally, confused, resorted to google to confirm. Then I came back here to make low-effort posts to continue the gag. Good times.
Lichess is one of the most impressive OSS web apps out there. I've spent more than 240h playing blitz on there, and it doesn't have any bugs or hiccups from what I can tell.

Looking at the source code, two things strike me. First, the Scala backend code is incredibly easy to read and inviting. This is a great poster child of how you can a build simple, reliable app in that language.

Second, I'm surprised that the UI code (written in Typescript) is essentially untested. Given the high quality of the code, I was expecting the frontend code to be thoroughly covered by tests, maybe even written in Test Driven Development. But although Jest is included, there seems to be only one test file in `ui/` (and `yarn run test` doesn't seem to work currently). Is the app tested manually after every commit?