The difference is this, you’re likely working for the company whose proprietary code you’re working on and using as a “training model” while contributing to the greater good of that codebase.
I learned to code when a misconfigured CGI server spit out an application's code (it was written in Perl) instead of executing it. While that starts going down the long and complicated road of whether or not the machine is acting definitively, I think for our purposes here we can assume that the intent was for me to not have access to the code.
So you were probably illegally accessing another person or companies systems.
Nice you got something out of it, I'm not judging you either, but it was probably not the correct way to operate. What you should've done was notify the owners of the incorrectly configured system and left it at that.
You're also not a massive international conglomerate who should know better than to read every ones code and use it to turn a profit without first asking for permission.
I use Github like a bank, not a public library (unless I'm working on open source). I never would've allowed them to read through all my code and use it for profits without at least asking.
> So you were probably illegally accessing another person or companies systems.
Illegal would imply some kind of intent or malice. I was legitimately trying to access the executed result, which I would have been authorized to do if the service was operating normally.
> What you should've done was notify the owners of the incorrectly configured system and left it at that.
Seems unrealistic to "leave it at that". I had to read the output to understand it wasn't what I expected, and once I read it I knew how to code, at least to a cursory degree. The code was simple and it was a service I used frequently, so it was immediately clear how the code translated to the results I was accustomed to. Maybe that would be harder to do that now in my old age, but I was just a kid so I had neural plasticity on my side.
> I use Github like a bank, not a public library (unless I'm working on open source). I never would've allowed them to read through all my code and use it for profits without at least asking.
I don't know what kind of banks you deal with, but banks normally do read through your banking records and use that information to sell services to their clients – notably loans, which require knowledge of your deposits to offer.
> So you were probably illegally accessing another person or companies systems.
Misconfigured CGI handlers in Apache were very common in the late 90s, treating Perl as text/plain. There's no laws being broken, just a bad httpd.conf and no one is getting locked up for malicious intent.
If I leave my door unlocked, is it ok for you to come into my home and have a party ? Could I do that at your house or place of business ?
What if you intentionally or unintentionally took down a server that controlled important infrastructure which people depended greatly on? Flood warning system for example ?
So I write you a letter asking for information and you accidentally copy me your notes on how to gather the information in your response. Nothing illegal is happening when I read your notes. Maybe I should not read them for ethical reasons, but it's not illegal.
This only applies if you were reading the code, not executing any code on the remote system (which I thought you were doing). It sounds like you were doing something different.
Either way, I still think you're in the wrong, kind of like checking out a naked person getting changed because they accidentally left their blind open. It was available, maybe it was clever, but it's a strange way to learn how to code. Why didn't you just buy a coding book, or borrow some from the library ? Was the code really of good quality if the server was configured so badly?
Obviously we have a difference of opinion and that's ok.
The issue as described by the original poster was that the code was not executed but displayed. They read it and understood how it works. This set them on a trajectory to try it themselves. This is how they started. Maybe a book was involved at a later stage.
Sure, you can argue that they were not supposed to read the code, so they shouldn't have. But without some tangible harm I don't see why we're supposed to disapprove of it. Maybe allow some hacker spirit while posting on Hacker News :-)
I’ve done similar things in the past so I said I’m not judging them, but after some time working with computers myself I’ve become more compassionate and I think the better thing to do is help a fellow sys admin and report the problem. That’s the hacker spirit.
You’ve been authorised to see this code.