Everyday after I settle myself down on my medicine ball eating my happy sausage & egg white on a whole wheat toast breakfast, I start reading tech news. It’s important, very. Hell, it’s vital I’d say. By tech news I mean ranging from gadget sites like Gizmodo & Engadget, to Ars Technica, TechCrunch, Mashable and Hacker News. HN is still so far the best one cause the top page contents are generally filtered by rather tech-savvy members.
A lot of articles on HN are very specialized and specific to certain topics. It can range from assessment of certain techniques and patterns, to new framework, library and even micro-optimization in bitwise operations. I’ve learned a ton from those. Basically this blog post is to highlight some of the things I thought was cool, broken down to hopefully non-technical human-readable pieces 🙂
1. Egor Homakov hacked GitHub
So what is GitHub? For non-geeks, GitHub is a social coding sites. Instead of sharing life dramas, you share codes and cool projects you’ve been working on. It’s incredibly popular and if you’re a developer without a GitHub/BitBucket account, it’s like a designer without a portfolio. Having cool projects on GitHub (cool is defined by the number of forks, a.k.a how many people develop things based on your code, and # of watchers, a.k.a how many people care about your projects) can easily get you a job at any tech company, cause it actually demonstrates your ability to produce good maintainable code, which is the unit of work developers produce.
So GitHub is like Facebook for coder and it’s built on top of a framework called Ruby on Rails (actually just Rails, Ruby is the language). In designing a framework it’s always tricky to measure the amount of customizability you want to offer. There’s no one size fit all, really. And from what I’ve read, there’s been a debate on how Rails enforces whitelisting, or security in general. How much security does a developer want? It’s always been a tough question.
What Egor found has been a know vulnerability in Rails. He posted an issue which got ignored, thus led to his demo on the master branch of Rails project itself. GitHub disabled his account while they were trying to patch it, then enabled it later on, which was ok. You can read more about this right here: Hacker commandeers GitHub to prove Rails vulnerability
2. Sabu, leader of LulzSec got arrested
So Sabu is the leader of LulzSec, which got merged into Anonymous earlier. The group has been conducting a series of DDoS attacks against banks and government websites to protest or sometimes, revenge for certain characters such as the soldier got arrested for leaking to WikiLeaks.
First of all, what is DDoS? DDoS is Distributed Denial of Service attack. The key is distributed. A DoS attack means someone floods your website/server with tons of requests (by tons I mean it can go up to billions and more). Since those requests occupy a large chunk of your server’s capacity to serve other users, it will eventually got overwhelmed and shut down. If you bounce/restart it, same thing happens.
Such attack coming from 1 machine is easily blocked due to unique IP address. You can simply blacklist such IP. A distributed one is much harder since it comes from multiple IP addresses running malicious software without users knowing. Such machines can be called zombies.
Now an organization can function the very same way. A normal company today has the board of directors, CEO, CTO, Cxx and such which are decision makers for the company. This can lead to what is called “single point of failure”, which means if the top tier is gone, the company collapses. LulzSec was like that, with a leader, Sabu. Sabu got arrested and LulzSec is gone.
Anonymous, however, isn’t. It is a “distributed” organization meaning there’s no single point of failure. Each subgroup, or even person, functions on his own will to serve the organization’s philosophy, which can be interpreted in any way one can. Therefore, with LulzSec gone, Anonymous isn’t guaranteed to be weaker, since LulzSec might function by itself, still following the philosophy and is in charge of its own operation.
In the computer world this allows an infrastructure to be scaled horizontally by replicating and synchronizing redundant data source. However, humans clearly cannot (yet) replicate ourselves to such an extent that we can backup ourselves to the cloud and such. Anyway, you guys can read the article right here: Sabu betrayed Anonymous
Just some random thoughts… 🙂