Slashdot Mirror
Apple Intern Reportedly Leaked iPhone Source Code (theverge.com)
Earlier this week, a portion of iOS source code was posted online to GitHub, and in an interesting twist, a new report from Motherboard reveals that the code was originally leaked by a former Apple intern. The Verge reports: According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system. The former employee apparently took "all sorts of Apple internal tools and whatnot," according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak. The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year. Eventually, the code was then posted in a Discord chat group, and was shared to Reddit roughly four months ago (although that post was apparently removed by a moderation bot automatically). But then, it was posted again to GitHub this week, which is when things snowballed to where they are now, with Apple ordering GitHub to remove the code.
The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.
5 people can keep a secret, if 4 of them are dead.
Hmm. It's almost as if when a company asks to to sign a confidentiality agreement, they fuckin mean it, and for good reason.
Breakfast served all day!
It will be a warning to the next Thief.
Are you fucking kidding me?
Let's say you're an artist that makes a popular webcomic. Someone got ahold of the entire corpus of years of your work, and posted it on their own site, making it available for anyone who wants it (regardless of whether they try to monetize it themselves).
So when you discover this, you're going to say "OH WELL, Looks like it's out there! I guess I'll just sit on my thumbs and accept it because I have no recourse!"
Fucking NOPE. Apple has invested billions in research and development in their source code.
I'm not sure who taught you to believe that you're entitled to other peoples' work for free without their consent, but where I come from that's called SLAVERY, you stupid fuck.
Apple is completely within their rights to pursue this as far as necessary, and to sue anyone who's been a part of it for everything they're worth, and have them locked up for YEARS.
That wasn't a "cute little mistake". IANAL but I will be shocked if this can't be prosecuted under corporate espionage laws.
This kind of bullshit enrages me (could you tell?), and no, you're not part of some "empowered" culture when you fucking steal from others. I hope they throw the book at this piece of shit.
Name the intern so other companies can know who NOT to hire.
You want to have a position that involves trust, then live up to it. Break that trust and live with those results too.
san quentin
There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It's Apple code. It will be bulletproof, Like an apple.
I really have no idea how secure Apple code is, (Z-80 forever!) but this is funny.
Fifty years of Yippie! 1968-2018
Assuming this stays out of criminal court, this kid's salary will be garnished for a lifetime as he tries to pay back the judgement against him.
---- The above post was generated by the Turing Institute. Maybe.
That school is thought is all well and good (and I actually support the idea), but it's ONLY appropriate if the work is donated voluntarily, as is the case with open source projects.
Taking the work of others without consent is unacceptable.
I think the point is, the code is out there. Apple can't get it back.
The hackers that care will get a hold of it, one way or another, and Apple can't do much about it. Especially outside of the United States.
Hell, the hackers that care almost certainly *already* have the code.
According to Apple on this matter, "the security of our products does not depend on the secrecy of our source code".
File under 'M' for 'Manic ranting'
No, it just has more stupid filters to prevent stupid people from doing stupid stuff. Pretty much all malware on Android and iOS is from users installing shit they shouldn't. I must have missed those websites that could root Android devices just by visiting a site like iOS did so many times.
And now this intern has ruined life for all other interns in the company - past, present, and future. I'm sure all of the current interns have gotten a "leak like this guy and we'll ruin you" speech by now, and I bet web crawlers are already trained on past employees and interns looking for a hint of anything similar. Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner while they're working. Thanks, asshole, for ruining the intern experience for everyone.
So when you discover this, you're going to say "OH WELL, Looks like it's out there! I guess I'll just sit on my thumbs and accept it because I have no recourse!"
Can you stop mass market distribution? Yes. Can you stop underground distribution in iPhone cracking circles? Hell no. This is mostly a show to act like they're taking it seriously and law enforcement is cracking down on it and whatever but... nope. It's still security theater, it's not going to protect against any of the actual threads.
Live today, because you never know what tomorrow brings
That was the longest verbal masturbation I've ever been witness to.
Clearly, you think you're amazing. Also, you apparently think stealing is okay.
Making copies of a work *without* permission of the owner is a crime. Unless you REALLY feel that way, in which case I'll just help myself to copies of your social security card, birth certificate, credit card number, and other tidbits. After all, it's not REALLY stealing if it's just a copy of your information right? And if I sell those copies to someone else and make money from doing so, I haven't REALLY done something wrong, right? After all, it's just a copy, not an appreciable good.
What THEY do with it isn't *my* fault.
Also, fuck you.
Maybe hire a more experienced software engineer next time.
When copyright returns to a sane length, THEN you can make this argument. Until then all IP is up for grabs. Copyrights are social bargains, and we have been getting the shaft on that for a good long while now.
Good-bye
I'm pretty sure the source code for an Operating System is of sufficient length to be safely considered proprietary information (copyrighted or not).
Until then all IP is up for grabs.
Try making this argument in a courtroom without getting laughed out of the building.
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
A strict definition of theft may require that the person who has had something stolen has been deprived of something of value to them, but there's no requirement in the definition that the something necessarily be tangible, only that it has value.
And its value doesn't even need to be objective or monetary... it only needs to be valuable to the person who had lawful jurisdiction over whatever was stolen.
Consider copyright, for example, which is supposed to entail the exclusive right to control who may make copies of a work. Exclusive, by definition means that nobody else is doing it, so when someone makes an unauthorized copy, they are actually depriving the copyright holders of some measure of their exclusivity of control on the copying of that work. Whether one thinks that copyright holders should not have this amount of control is irrelevant.. it is the entire point of copyright, and because copyright is protected by law, the copyright holder is recognized as the lawful possessor of the exclusivity it entails. Once infringed, the copyright holder's exclusivity is dilluted, and is never as strong as it was before.
File under 'M' for 'Manic ranting'
You mean like installing apps from the playstore that have malware hidden in them?
You're right. This is apple.slashdot.org and the sponsors of this sub-slashdot are really fucking mad.
How dare somebody disobey the Apple.
WTF, has Slashdot be overtaken by a big herd of fucking Eagle Scouts now?
Apple has rolled out a brigade of defenders, that is for certain.
Yes, like installing apps from Apple's iOS app store that have malware hidden in them.
It gets around and it goes around.
Won't someone think of the shareholders?
You are not alone. This is not normal. None of this is normal.
Clearly they should reduce him to a grease spot on the pavement somewhere so that people brandishing their iGadgets can urinate on said grease spot and hiss.
What has happened to Slashdot? Stealing code isn't 'cool' but a leak like this is interesting and nerds should be scrambling to get a peek at it.
Also, S. Jobs' edict about 'stealing' should apply. Except Jobs is dead and Apple has become so 'big' that the original company is a fossil, and the people who control it now have made it a big fucking hard thing, very very VERY hard. Success does that, once the Accountants scramble aboard.
That doesn't change the fact that it still deprives the copyright holder of some level of exclusivity of control that they would have otherwise still had if the infringement had not occurred.
File under 'M' for 'Manic ranting'
He was just told to 'go make some copies' without further instructions, and proceeded to copy some random files onto a public-facing website. Not his fault he didn't understand.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
If this guy gets caught, the punishment he gets will make him wish he was "just" a rapist.
Avantgarde Hebrew science fiction
Stopping mass market distribution has a meaningful amount of value. People/organizations do things with full knowledge it won't eliminate a problem, but will reduce it. Besides, I contend that a takedown to GitHub has increased the publicity any meaningful amount. The story was that it was available for a short period of time smack dab in GitHub. The whole horses having left the barn metaphor breaks down .. some horses are still in there, might leave tomorrow, it's an easy action to take, so it's reasonable to close it again.
"Old man yells at systemd"
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
If you steal electricity a power plant has to make more, it's consumed just like the water from the tap. How is that not a physical, tangible resource? While the signal in a cable loop is passing through anyway, you're only listening in like turning on your radio. Unauthorized use of bandwidth is displacing other people's traffic, though I think this is more like identity theft / fraud where you trick an ISP into making virtual deliveries instead of physical deliveries from Amazon.
A strict definition of theft may require that the person who has had something stolen has been deprived of something of value to them, but there's no requirement in the definition that the something necessarily be tangible, only that it has value.
I think you've confused "strict" with "casual" because we do use it about anything of value that we've been deprived of or taken without permission, but "he stole my girlfriend" or "he stole a kiss" has never been a criminal offense. Unless he literally kidnapped her, but that still wouldn't be theft. And in these #metoo times maybe the latter will be soon, but anyway... Theft in a legal sense has always been about ownership and possession.
Consider copyright, for example, which is supposed to entail the exclusive right to control who may make copies of a work.
Yes so when you created a new right you also created a new crime violating that right - copyright infringement. Legally, it's not theft. And despite the newspeak, IPR is not property. But like all things of value we casually use words like that, same way we say "he stole the combination to my safe" even though it was more likely copied. But when you're trying to use that casual definition in a legal or moral debate you're only making a fool of yourself.
Live today, because you never know what tomorrow brings
I guess they'll have to think of an alternative to security by obscurity.
Hopefully there are no glaring security holes revealed in the code.
What you want is security in depth. Multiple layers of obstacles to get around. Obscurity is a perfectly fine first layer of defence.
:-)
And what do you mean "no glaring security holes"? I rather hope that ther are _no_ security holes, glaring or almost perfectly hidden. Perfectly hidden is fine, because it's perfectly hidden
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
Many years ago, in Germany they had the very first case of someone stealing electricity. At a time ages ago when not everybody had electricity supplied to their home, someone connected their home to their neighbour's supply. Got caught, and it turned out it was not illegal to any of the laws in place at the time.
They created a new law.
There was also in the 1970's a first case of computer fraud. It turned out that with fraud, you needed to convince _a human_ of something that isn't true. The person _almost_ got away with it, except at the very end _a human_ signed a checque made out to him, based on false data supplied by a computer. If that checque had been printed by the computer without a human involved, he would have got away with it. They changed the laws.
The intern copied a work. He didn't steal shit. Making a copy of something is the opposite of stealing.
I stopped reading right here.
In your latter example, a human is still being deceived... specifically, anyone who has jurisdiction over the funds in the account, since those people are making the (invalid) assumption the computer is only going to remove authorized funds, and of course one would have to deceive the computer to otherwise access such funds. The fact that this assumption is invalid doesn't change the fact that it's still stealing any more than it's not stealing to take a convertible that doesn't belong to you if the keys are sitting in plain view on the passenger's seat. By the transitive property, in your example, a person committing such an act is still deceiving the authorized account holder(s). The law only needed to be made explicitly clear on this point so that no further potential misinterpretation could apply.
File under 'M' for 'Manic ranting'
... so he never works in silicon valley again!
If you take something from someone else, that's stealing. Copyright infringement amounts to the taking of some of the exclusivity that the copyright holder otherwise had to control over who can make copies of the work, so the infringer is stealing that from the copyright holder. Full stop.
Now you can argue that one has no compunction against stealing when it might serve what they could argue is some greater and more important good, and suggest that there is no moral dilemma involved with theft in such a case, but as far as I can see, the people who insist that copyright infringement isn't theft are generally more interested in rationalizing why it might be morally okay to commit copyright infringement while simultaneously claiming to find stealing immoral are actually just unable to verbally express how stealing, as an action, might not necessarily be morally wrong at all, but instead it depends on the context in which it was done.
We can agree that murder, after all, is morally wrong, but there is nothing immoral about killing, by itself... it depends on the context in which it was done. Killing in self-defense, for example, is not generally seen as wrong, especially when use of such retaliative force was justified. Stealing, one could argue, is a similar amoral act, and the rightness or wrongness of it depends on what, exactly, is being stolen, and the context of the entire thing.
But all of this doesn't mean copyright infringement isn't stealing. And suggesting that it isn't probably only means that someone is trying to rationalize why it's morally acceptable to commit copyright infringement when they think stealing is wrong.
File under 'M' for 'Manic ranting'
***APPLE FANBOY DETECTED*** Remember how Windows software source code is constantly stolen, and it doesn't affect them one Iota? They'll just make a new version, problem solved. The nice thing about a sourcecode breach on an established project, is that 1. it can be scoured for bullshit. 2. sometimes people can learn to fix their fuckups 3. helps the community as a whole, because the average consumer doesn't give two sh*ts about source code.
There are 2 groups of people you can make fun of on the Internet without fear of attack. The illiterate, and the Amish.
To precisely the same degree that copyriright infringement is, which I would argue is the case.
The thing is, I've never alleged that that in the case of copyright infringement, the work itself is being stolen. It's clearly not,. because the original still exists, and looking at the situation as if the copyrighted work is the only thing of value that exists in the scenario can easily mislead a person to believe that copyright infringement and theft are understandably practically opposites of eachother.
But the thing of value that gets stolen by someone who infringes on copyright is a measure of the exclusivity that the copyright holder had over who was allowed to copy their work. That exclusivity of control is the *entire point* of copyright, so it's not something you can just say shouldn't be there. Each infringement dillutes the creator's exclusivity by some amount commensurate with the potential for future distribution from that source, so it's not something that the creator can ever really get back once its lost either. It's not even entirely an artificial form of control either... merely an extension of exclusive control over who can copy the work that would naturally exist if nobody else had access to the work in the first place, and so copyright can be seen in that context as a kind of legal backbone that gives creators assurance they can maintain control over copies of their work even if they distribute it. Obviously, it requires that people respect it to be effective... but that doesn't mean that disrespecting it isn't theft.
File under 'M' for 'Manic ranting'
Fuck face, you keep missing the actual fucking violation, you're stealing the owner/creators RIGHTS to copy the work, not the work itself. By copying it, the toothpaste can't be put back in and copy right forever "stolen". What part of "copy" or "rights" can't you understand? Ever heard of licensing? Educate yourself, rather than trying to be weasely in justifying theft. You just look fucking juvenile and a crybaby.
How come a 4 year old can understand stealing as "taking something that doesn't belong to you without their permission" but so many adults can't? Is this just shitty parenting?
A few MB of code is NOT extremely small for an embedded device or a bootloader. Do you write some super high level bloated language or something?
Yes, it was an intern in this case, but in reality it could have just as easily been a permanent FTE, a contractor, or whomever with an agenda.
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
Perhaps a better analogy is your bank account details. If I copied your bank account details you would probably quite reasonably use the term 'stolen' (even if that's not strictly the correct word based on a particular dictionary definition) even though it hasn't caused you any harm nor have you been deprived of anything. Of course if I were to then sell/give a copy of those details to some nefarious party who then transferred your money somewhere then you would quite rightly hold me significantly accountable for taking possession of those credentials in the first place.
What you have said is correct and I don't think we need a new term, to redefine existing terms or to explain this in terms of copyright. I'm sure 'steal' or 'theft' is perfectly adequate to describe taking into your possession something that you know you should not have that does not belong to you, be that physical property, access credentials or source code. And most people with any mental capacity that aren't just being intentionally obtuse can understand that. i.e. I doubt the OP would be just fine with somebody taking and distributing his/her banking credentials on the basis that he/she has not been deprived of anything (yet) and I also doubt at that point he/she would be quibbling over the definition of 'stolen' or 'theft'.