Start with these four aspects to become a great CTO

[[151585]]

This is an invisible war. The troublemaker's name is a code name - "XcodeGhost-Auther". A month ago, he was still unknown, but now among the programmer community, how many people don't know his code name?

Wellington and his team of eight knew almost nothing about this mysterious name. They were faced with only a bunch of numbers, but in the end they had to spend a whole day cleaning up the problems caused by "XcodeGhost-Auther".

This is a string of malicious code, named XcodeGhost. Wellington called this string of code a "source code virus". He didn't know how many users had downloaded this infected app, nor how long this string of code had existed. His only impression of the words "source code virus" was a short line of introduction in a corner of a university textbook.

Wellington graduated ten years ago and has been working in program development for ten years. He is now the iOS development supervisor of a well-known Internet company in Beijing, managing a team of nearly 100 people.

[[151586]]

XcodeGhost caused a stir on the 19th

On Saturday, September 19, Wellington was lying in bed, promising his girlfriend that he would buy a house within the Fifth Ring Road in Beijing in the future, when his phone rang. The company's CTO sent a notice from the National Internet Emergency Center, "Our app is on the infected list."

Wellington got up, got dressed, and waited for instructions from his boss. The manager in charge of the APP release was called back to the company overnight to deal with the matter. Wellington received the task to decipher the code next Monday.

If the Tencent security team had not accidentally discovered this implanted malicious code a week ago, no one knows how long it could continue to hide.

Major security centers quickly responded and found that the earliest source of infection could be traced back to March this year. An account named "codeFun" was locked, and almost all links with malicious code were posted on major websites by this account.

On September 17, Alibaba Mobile Security released its first analysis report, "There's Something Wrong with the Xcode Compiler - Analysis of the XcodeGhost Sample," and named this code sample XcodeGhost.

In the following week, Wellington's circle of friends was full of analysis and interpretation of XcodeGhost. Soon, apps implanted with malicious code were exposed, including WeChat, Didi Taxi, AutoNavi Map, Tonghuashun, NetEase Cloud Music, 12306 and other commonly used apps.

Behind this code is a programmer-like mystery. Code has no emotions, and it is impossible to grasp the psychology of troublemakers through these data.

After decompiling the backend, Wellington was amazed at the secrecy of the code. "They did it very cleanly, leaving no trace. This is a sophisticated team with rich experience."

On September 19, the creator of the malicious code showed up. He registered a Weibo account named "XcodeGhost-Auther" and stated that the incident was not threatening at all. "This is just an accidental discovery by a poor iOS developer... It will not affect anyone. It will only be a dead code in the future."

Appthority Information Security Company determined that 476 applications were affected by the XcodeGhost code, far exceeding the previous expectation of more than 40 applications.

Appthority shows that the infection first broke out in April this year, and the number of infections continued to grow in the following five months.

But for experienced technical managers, this is not a means of self-realization in technology. He seems not so upright. The technical manager of an Internet company emphasized that the behavior of "XcodeGhost-Auther" may be innovative, but it looks like a side job.

"What does this prove?" The technical director believes that the greatest sense of accomplishment for technical personnel should come from creation, and he does not want anyone in his team to aspire to be a disruptor.

For an Internet company, technical personnel occupy an important position. What kind of programmers does the Internet need? This is a question worth thinking about. Lagou found some industry experts and provided some essential suggestions for becoming an excellent programmer.

Strong technical skills

Arron is the CTO of a fast-growing Internet company. He leads a technical team of more than 100 people and is constantly recruiting new talents. He values ​​technology, which is directly related to the quality of the product.

"Technology always comes first. Good technology can realize good ideas." Since this is the professional ability that is most easily measured and tested in interviews and written tests, strong technical skills are the foundation of a programmer's survival.

Professional Ethics

Arron firmly believes that kindness is more important than intelligence.

"It's hard to be a good person in the technology world because the benefits are huge." On the black market, user data is clearly priced. If one day you see a programmer buying a house and a car overnight, then he may have made a fortune.

One thing Wellington often worries about is whether someone on his team will package and sell all the user information of the website. "You know, there are always a dozen people who have access to all the information."

Professional skills and professional ethics are both indispensable. "However, if she is a pretty girl, I can't lower my standards in terms of character, but it doesn't matter if she is a little bit inferior in terms of skills." Wellington smiled and said to Lagou that it is easier for programmers to find jobs than programmers.

Learn safety knowledge

Wang Biao, a white hat from Wuyun.com, has been following the XcodeGhost incident. He defines a qualified engineer as one who must have some knowledge of Internet security. "It is a basic principle to download software from the official website, especially software related to the company's business. Downloading from a third-party source without verifying the hash value is a basic common sense mistake."

Arron can understand those programmers who download Xcode through unofficial channels, although he will never allow his team to download through unofficial channels. "Efficiency and security have always been a contradiction, and the convenience of unofficial channels is enough to make people relax their vigilance. For most Internet startups, it is difficult to set up a dedicated security team. It costs money but has no actual output."

Apple said it would place the download source of Xcode in China. This reduces the threat of source code viruses, but the Internet world is still full of dangers.

Keep learning

Wang Biao told Lagou that in his eyes, Internet security is not a flower in a greenhouse, but a real experience accumulated from bloody lessons. "The blood shed in each incident will not be in vain, it will form our higher standard access measures in the future. Good programmers should not fall in the same place twice."

"The difference between a good programmer and a good coder is just two words - learning!"

Paul Graham once wrote in his book The Great Hacker:

"A good hacker is able to carry a lot of context in his brain. When he looks at a line of code, he's not just looking at that line of code, he's looking at the entire program that's related to that line of code."

Through learning, programmers can expand their working memory, allow more context to be loaded into their brains, and eventually run programs in their brains and become programmers.

Arron forced all the technical staff in the company to study. He said to Lagou: Programmers should die if they don't learn.

Author of this article: Xiyue, original production of Lagou.com