Hacker Read

andrepd · 2022-10-17 12:33:23

This is some highly impressive logic right here.

Proposition: "They don't use private code".

Proof: "They said they don't use private code. Either the private code appearing is published somewhere else, or they are using private code. Lying would be bad. Therefore the code is published somewhere else, and they don't use private code".

reply

s73v3r_ | karma 1597 | avg karma 0.61 · | 2018-03-16 18:15:37+00:00

"So if this mechanism makes sense to you as a way of guaranteeing that your code won't be in other people's accounts"

Nobody but you is claiming this.

reply

orlp | karma 7784 | avg karma 14.97 · | 2022-07-02 06:17:48

    >> * Don't lie about what it does.
    >> * Don't hack people by smuggling some nasty code into minor version updates.
    >> * Don't leave people vulnerable to third party exposure by not taking care of your private keys.  
    >
    > If you get hit by any of those points you list, then you're the one responsible for that.

If someone on the street hands you a free sample, say a candy bar, is it then your responsibility to check that the candy bar:

1. contains no razor blades (malicious behavior), and

2. contains no peanuts because of your allergy even though the packaging says it doesn't (lying about what it is)?

Obviously not, anyone handing those out violating those assumptions is an asshole and in most jurisdictions a criminal. It is not the responsibility of the acceptor to check these things, our society expects (and enforces through the law) that people are honest and non-malicious. Even if the sample is free.

The exact same applies to source code you distribute. It would not be reasonable to analyze every free candy bar for hidden razor blades by meticulously taking it apart, nor do a spectral analysis for peanut traces in exactly the same way it is not reasonable for people to verify every line of code.

reply

saagarjha | karma 56017 | avg karma 2.29 · | 2019-12-11 13:59:10+00:00

> They could have kept their own code that uses FUSE secret

If they had linked against FUSE they’d need to provide code.

reply

deletes | karma 2329 | avg karma 3.39 · | 2014-03-27 05:50:23+00:00

This is exactly the reason they responded. By changing the code quietly, they would implicate themselves. An official PR statement like this is obligatory.

What is more probable, that they a lying, or that the random generator generated not a single code that matched, which is very(!) improbable by itself, but two codes that belong to the same account, generated at the same iteration.

reply

Natsu | karma 12935 | avg karma 2.26 · | 2014-03-05 07:11:08+00:00

Then where is the proof? This code was found wanting years ago....

watwut | karma 13879 | avg karma 1.1 · | 2021-04-15 06:18:46+00:00

> Why anyone rejects the code then use it anyway.

So that he does not have to pay bounty.

reply

crocowhile | karma 1818 | avg karma 3.08 · | 2011-04-12 15:22:21

>I have never taken anyone else's code.

This is REALLY hard to believe. Also, god bless the person who thought me to use other people's code.

reply

maxerickson | karma 36996 | avg karma 2.02 · | 2014-03-19 12:16:41+00:00

It's stated in the article that a couple of people had used the false value in code that was not distributed.

tedunangst | karma 26000 | avg karma 2.74 · | 2015-05-04 18:05:36

> what constitutes stealing code?

Creating an archive of code, encrypting it, then uploading it on your last day at work.

reply

pavlov | karma 46014 | avg karma 6.7 · | 2016-10-29 17:06:48

No disagreement there. Mathnerd314 asked for proof of stolen code, which of course is difficult to provide when we're talking about a closed source product. So the original authors must resort to indirect proof like comparing visuals and inspecting the binary.

zimpenfish | karma 8997 | avg karma 1.63 · | 2019-06-17 09:20:25+00:00

> Most people cannot take their code with them and show off.

And if someone turned up with code from their previous employer, that'd surely be a huge red flag anyway.

reply

vidarh | karma 41717 | avg karma 2.6 · | 2012-08-20 14:54:32+00:00

3) The code was indeed obvious for the people who had worked on the project for a while.

When you get familiar with a domain it is very easy to get blind to what people without exposure to it will consider obvious or not.

reply

jlarocco | karma 7189 | avg karma 2.49 · | 2013-06-18 14:09:57

The question seems to totally miss the point.

Whether the code is open or not is irrelevant. They shouldn't be spying in the first place.

reply

vidarh | karma 41717 | avg karma 2.6 · | 2013-08-02 15:17:54+00:00

That's only true if they distribute the code, is it not?

prepend | karma 20867 | avg karma 2.84 · | 2022-10-28 22:45:35

In what world is a print out of code proof of work? This sounds way too stupid to be believable.

Perhaps the two people don’t have knowledge of the situation.

reply

kumarm | karma 2148 | avg karma 5.13 · | 2020-11-15 19:08:34+00:00

They did take the code. Here is the proof: https://github.com/facebook/react-native/commit/f9c2157141b8...

(Posted in another thread on same discussion).

reply

jsanroman | karma 31 | avg karma 1.11 · | 2012-10-19 16:07:58

Maybe I'm naive, but could they be stealing someone's code? Otherwise I think it's just someone who's trying to prove something.

enriquto | karma 13207 | avg karma 3.02 · | 2020-08-24 18:02:46

Not that they abstain from doing that shit today, when code is not often published.

An educated and motivated layperson at least would have the chance to learn whether the critique is faulty. Today, with secret code, it is impossible to verify for almost everybody.

reply