I even go so far as insisting that my coworkers infer my source from vague documentation & then create their own white-room implementations. They'll get not so much as a println or an import math from me.
I've been using Lichess as a password generator, seeding it with my opening moves. A key derivation function needs to be computationally hard, and I figured chess was a good start. Sadly, I've also inflicted a CAPTCHA-style nightmare every time I need to use a password. OTOH, that also goes for Joe Hacker trying to get to my passwords.
But now I wonder how this leak affects my account security. Maybe I should just switch to Go?
There's a real classic called Binary that's even harder. There's even a metagame, "Bughunt", where you get a fly swatter and travel down endless corridors of tubes searching for bugs before they land. Urban legend is there's a game that is the most perfect grind ever, called Unary. It's basically the Platonic Ideal of Grind.
Couldn’t happen. Linux is used by the largest companies in the world. The license fees alone are enough to have an equivalent to the US army physically protecting systems that house the source code.
I’m sure the NSA (whom relies on Linux) would prevent the leak too.
Hmm, it may be too late. I just found something claiming to be the real thing in an unsecured repo [1]. It doesn't even appear to be a hack, but perhaps just a permissions misconfiguration. Linus is going to feel real silly about this one. Oh well, get ready for the zero days!
For anyone unaware, lichess is an open source website. The source code was leaked by "ornicar" - the maker of lichess.org - and the link to the source code is their GitHub. Pretty good April fools joke!
Hypothetically speaking. If I were to take their (OS) code and try and sell it to someone who actually believes I am a 1337 hacker, how much trouble would I be in?
Depends whether you tried to sell a license to the software, or the copyright to the software. The later you can't do, the buyer would have a fraud case against you.
The former is fine, as long as the license is the one that the software is publicly licensed under.
Unless you really have a trade secret (such as some obscure and
unpatentable process) then Kerckhoff/Shannon's second principle
applies as well to business as to cryptography;
2. It should not require secrecy, and it should not be a problem if it
falls into enemy hands; [1]
Took me a moment too. I'm only vaguely acquainted with Lichess, so for the first half of the post it was buzzing in the back of my head, isn't this OSS?. I finally, confused, resorted to google to confirm. Then I came back here to make low-effort posts to continue the gag. Good times.
Lichess is one of the most impressive OSS web apps out there. I've spent more than 240h playing blitz on there, and it doesn't have any bugs or hiccups from what I can tell.
Looking at the source code, two things strike me. First, the Scala backend code is incredibly easy to read and inviting. This is a great poster child of how you can a build simple, reliable app in that language.
Second, I'm surprised that the UI code (written in Typescript) is essentially untested. Given the high quality of the code, I was expecting the frontend code to be thoroughly covered by tests, maybe even written in Test Driven Development. But although Jest is included, there seems to be only one test file in `ui/` (and `yarn run test` doesn't seem to work currently). Is the app tested manually after every commit?
49 comments
[ 4.1 ms ] story [ 106 ms ] threadMaybe offer all users a free month as way of apology?
I learned endless maths to understand the cake.
In the end, to my great wrath, I learned that cake is a lie.
I even go so far as insisting that my coworkers infer my source from vague documentation & then create their own white-room implementations. They'll get not so much as a println or an import math from me.
But now I wonder how this leak affects my account security. Maybe I should just switch to Go?
1.e4 e5 2.Ke2?
I’m sure the NSA (whom relies on Linux) would prevent the leak too.
https://github.com/torvalds/linux
The former is fine, as long as the license is the one that the software is publicly licensed under.
On a lighter note: what better day than today to be a day of jubilation for Scala fans? :)
Unless you really have a trade secret (such as some obscure and unpatentable process) then Kerckhoff/Shannon's second principle applies as well to business as to cryptography;
2. It should not require secrecy, and it should not be a problem if it falls into enemy hands; [1]
[1] https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
edit: Oh Ok. Good one! :D
Looking at the source code, two things strike me. First, the Scala backend code is incredibly easy to read and inviting. This is a great poster child of how you can a build simple, reliable app in that language.
Second, I'm surprised that the UI code (written in Typescript) is essentially untested. Given the high quality of the code, I was expecting the frontend code to be thoroughly covered by tests, maybe even written in Test Driven Development. But although Jest is included, there seems to be only one test file in `ui/` (and `yarn run test` doesn't seem to work currently). Is the app tested manually after every commit?