编程知识 cdmana.com

GitHub: I open source myself; CEO: it doesn't exist

Python The actual combat community

Java The actual combat community

Long press to identify the QR code below , Add as needed

Scan code, pay attention to add customer service

Into the Python community ▲

Scan code, pay attention to add customer service

Into the Java community

Xiao Xiao From the Aofei temple
qubits reports | official account QbitAI

GitHub All of a sudden “ Open source ” Part of my code , And put it in GitHub On .

The cause of the incident is like this :

TypeScript The developer of the Resynth All of a sudden Po An article , Represents a code managed service GitHub All of the source code has been leaked .

He said , To the official GitHub DMCA In the suspicious documents submitted , An unidentified person uses GitHub A vulnerability in the application , Pretend to be GitHub Of CEO Nate · friedman (Nat Friedman) Upload secret source code .

As soon as something goes wrong , stay HN It has aroused a heated discussion among netizens , It's also sparked a new round of GitHub Thinking about security .

Net friend lrvick Express , Many security personnel, including him , Long ago GitHub Many of the related vulnerabilities have been publicly demonstrated on . But unless “ Come up with a virus ”, Microsoft doesn't acknowledge the existence of these vulnerabilities at all .

and , He said it a long time ago ,GitHub There is a serious design flaw in the part that submitted the signature , But now it's happening , They're the ones that get attention .

therefore , How did this strange user do it ?

How to fake CEO I leaked the code ?

GitHub Source code manager for Git, It doesn't effectively prevent users from counterfeiting .

Git Is more like email , That means , Users can choose the user name and fill in the email address at will , So it doesn't matter if you do something small .

—— Unless the information submitted has GitHub CEO Friedman's GPG Signature , otherwise Git When submitting information , There's no way to confirm if this is CEO My submission .( The problematic code submission this time , There is no CEO My signature information )

GPG(GNU Privacy Guard) It's a key software , Is used to encrypt 、 The content of the signed communication , It can also be used as a key to manage asymmetric cryptography .

Unless GPG The signature is associated with the email address , It does not confirm the authenticity of the submitted object .

in other words , When you make a submit request to Git Local warehouse , You will get a hash value representing the submitted request , It allows you to jump directly to your branch .

GitHub Similar to a Web Applications , Responsible for providing browser to Git Request interaction of the underlying architecture , It will store all branches in an underlying Repository , Even if it doesn't appear in the usual form in URL Architecture .

therefore , A file submitted by an unknown user “ In all fairness ” Into the GitHub Of DMCA The repository , It's also a fake CEO The way Friedman looks .

To do this , This strange user first copied a copy of DMCA The repository 、 Make a branch , Easy to submit It's going to leak out GitHub Source code ;

then , Unknown users forged Friedman's user name and email address , Submitted it to . therefore , stay DMCA In the repository , A user named Friedman , I submitted a copy of GitHub Source code .

CEO After response , Netizens have exploded

Regarding this ,GitHub CEO Friedman responded , Express GitHub Some time ago, accidentally confused a part of the source code to the customer , But it doesn't affect GitHub The safety of the .

He even recited a browning poem : Everything is fine , It's normal, too , Skylarks spread their wings and fly , The snail crawls on the thorns , Everything goes well in the world !

But apparently , Netizens don't care if the source code is CEO I leaked , contrary , This incident once again aroused them against “GitHub Open source ” The anger of the matter itself .

Net friend exabrial: you ( finger CEO) Think it's normal ? Are you trying to fake / invalid DMCA, Delete what else ?

CEO friedman : Here we suggest you read DMCA How it works .

Net friend dannyw: If GitHub We really advocate open source , It won't be the way it is now . as far as I am concerned , Microsoft is RIAA Members of .

Net friend dannyw The reason why RIAA( The recording industry association of America ), Because GitHub Some time ago, we should RIAA The requirements of , Delete... Directly GitHub On the open source pipeline Video Downloader Youtube-dl.

A stone makes a thousand waves , Original GitHub The first item deleted was 18 individual , Now a search , There came out 4000 Multiple .

Some developers say , This time “ Forgery ” Estimate and Youtube-dl The item was deleted about , It may also be that forgers are not open to Microsoft GitHub Source code complaint .

About GitHub Open source , And it has to be acquired from Microsoft GitHub After a series of actions .

Microsoft and its “ Open source ”

since 2018 Microsoft acquired GitHub after , Always claiming to be “ Committed to open source ”.

Resynth Express :“ We've seen a lot of commercials ( Microsoft's love of open source ), Microsoft's advertising , It really puts it at the forefront of open source development .”

But with what Microsoft advocates “ Open source ” The idea is relative to , It directly banned open source code from the community several times .

Recently , That's the trigger for the forgery “Youtube-dl Banned events ”.

Some developers said , Want to make GitHub Open your own source code , Now in Microsoft's view , It's absolutely impossible .

Resynth Also said , Due to the existence of closed source software 、 as well as Git Expansion , Give Way GitHub It looks more like an attempt to “ Including open source projects ” The platform of , Not open source itself .

for example , This year, 6 month ,GitHub There have been two hours of downtime , During this time , Thousands of open source projects cannot be accessed and used .

For this time GitHub The source code leak event , What do you think ?

It's gone GitHub Source address :
https://web.archive.org/web/2/https://github.com/github/dmca/tree/565ece486c7c1652754d7b6d2b5ed9cb4097f9d5

Reference link :
https://arstechnica.com/information-technology/2020/11/githubs-source-code-was-leaked-on-github-last-night-sort-of/
https://www.zdnet.com/article/github-denies-getting-hacked/
https://resynth1943.net/articles/github-source-code-leak/
https://news.ycombinator.com/item?id=24994746
https://www.theverge.com/2020/6/29/21306674/github-down-errors-outage-june-2020




 Programmer column   Scan code and pay attention to customer service   Press and hold to recognize the QR code below to enter the group 

Recent highlights are recommended :  

  My girlfriend thinks the annual salary is 50 Ten thousand is the average level , What do I do ?

  The sexy goddess of the biggest straight men forum in China overturned

 IntelliJ IDEA Fully optimized settings , Efficiency bars !

  Very useful Python skill


Here's a look Good articles to share with more people ↓↓

版权声明
本文为[Osu lk0wespa]所创,转载请带上原文链接,感谢

Scroll to Top