- ‘Uber’s Crazy YOLO App Rewrite, From the Front Seat’ by Gergely Orosz for his blog
- ‘The Full Story of the Stunning RSA Hack Can Finally Be Told’ by Andy Greenberg for Wired
- ‘The 4th largest mobile browser exfiltrates users’ data even in Incognito mode’ by Gabi Cirlig
- ‘Developer Relations’ by Marco Arment for his blog
Gergely Orosz writes a account of Uber’s rewrite of their iOS app from Objective-C to Swift. This feels like a case of bad project management and in general just bad management all around. While its impressive that they were able to pull off a rewrite and ship it relatively bug free, this is obviously unsustainable as pointed out by the author himself.
Helix took a huge toll on most people. A few people quit during the project, but the majority of resignation notices came after we shipped the app. Many people did not even stick around a few months for March bonuses. Most of these resignations were in the US offices. However, one of my teammates in Amsterdam also quit because of the extreme stress of the project. During these months, working very long hours and over weekends became a norm and strongly encouraged by leadership, burning many people out.
Andy Greenberg writes the story of the RSA hack. Since the NDAs binding people from talking about this event have finally expired, a lot of details are coming out. One of the craziest parts of this was that Leetham was able to connect to the attacker’s exfiltration server and almost deletes the compressed file containing the company jewels before the attackers move the file out of his reach.
Leetham saw with dismay that the hackers had spent nine hours methodically siphoning the seeds out of the warehouse server and sending them via file-transfer protocol to a hacked server hosted by Rackspace, a cloud-hosting provider. But then he spotted something that gave him a flash of hope: The logs included the stolen username and password for that hacked server. The thieves had left their hiding place wide open, in plain sight. Leetham connected to the faraway Rackspace machine and typed in the stolen credentials. And there it was: The server’s directory still contained the entire pilfered seed collection as a compressed .rar file.
Using hacked credentials to log into a server that belongs to another company and mess with the data stored there is, Leetham admits, an unorthodox move at best—and a violation of US hacking laws at worst. But looking at RSA’s stolen holiest of holies on that Rackspace server, he didn’t hesitate. “I was going to take the heat,” he says. “Either way, I’m saving our shit.” He typed in the command to delete the file and hit enter.
Moments later, his computer’s command line came back with a response: “File not found.” He examined the Rackspace server’s contents again. It was empty. Leetham’s heart fell through the floor: The hackers had pulled the seed database off the server seconds before he was able to delete it.
Gabi Cirlig writes about how UC Browser sends sensitive information like URLs a user visits as telemetry to their server even in its incognito/private mode. This is why I disable/block telemetry is most situations.
At the time of the writing these issues have not been fixed even after contacting Alibaba, with user browsing/location data being sent to UCWeb’s servers in real time.
Marco Arment in a rare blog post talks about the sheer disrespect Apple has shown developers on its platforms. This blog post is going to be on my mind going into WWDC 2021 next week.
At WWDC next week, these same people are going to try to tell us a different story.
They’re going to tell us how amazing we are, how important our work is, and how much they value us. And for thousands of Apple employees who’ve made the great products and platforms that we love, including thehundreds of engineers presenting the sessions and working the labs, it’ll be genuine and true.
But the leaders have already shown us who they really are, what they really think of us, and how much they value our work.
That is all from me this week, see y’all next week!