430 stories
·
9 followers

Hottest Editors

9 Comments and 14 Shares
Elon Musk finally blocked me from the internal Tesla repository because I wouldn't stop sending pull requests for my code supporting steering via vim keybindings.
Read the whole story
gmuslera
126 days ago
reply
Emacs hottest feature was it's demise: climate change is caused by people abusing C-x M-c M-Butterfly https://xkcd.com/378/
montevideo, uy
Share this story
Delete
8 public comments
copyninja
121 days ago
reply
I'm still emacs user (slight correction spacemacs)
India
satadru
125 days ago
reply
2035 — The rising popularity of retrocomputing brings about a vim keybinding mod for ResEdit, written by a CRISPRed kid.
New York, NY
minderella
126 days ago
reply
Notepad Plus baby!
tingham
126 days ago
reply
Should I be ashamed more for still listening to Slipknot or that I still use Vim?
Cary, NC
Cthulhux
126 days ago
reply
ed is the standard text editor.
Fledermausland
sirshannon
126 days ago
reply
2010 and 2015 are correct for me.
alt_text_bot
126 days ago
reply
Elon Musk finally blocked me from the internal Tesla repository because I wouldn't stop sending pull requests for my code supporting steering via vim keybindings.
Covarr
126 days ago
reply
I'm pretty sure 2020's hottest editor will be a minecraft mod that can load plaintext files as in-world signs and then resave them back to plaintext files.
Moses Lake, WA
beowuff
126 days ago
It'll be called mc-vim
duerig
126 days ago
And you'll have to pay McDonalds royalty money to use it... :)
Samuele96
126 days ago
It sound pretty much like atom

The US is Officially a Banana Republic: the CIA is trying to topple the Government

1 Comment and 3 Shares

There's an electoral coup underway.

The number of potentially faithless Republican electors is now up to 50, more than enough to deny Trump the votes he needs for an EC win and/or give Hillary Clinton the votes she needs to win.

The stealth effort, led by liberals who believe Trump is a danger to the US, has been underway since the election.  

That effort only gained traction with Republican electors when the CIA leaked that Russia had intervened in the US election to help Trump win.  

Of course, the timing of the CIA's leak wasn't random.  

It was something much more sinister.  It was an opening salvo by the CIA to actively influence the Electoral College and stop Donald Trump from becoming President.  

In other words, the CIA is trying to topple Trump.

Why?  Self preservation. 

The real reason is that Trump was working with Peter Thiel to corporatize the intelligence gathering of the United States around companies, like Palantir, that can adopt and employ technology much faster and with more efficacy.  In other words, Trump is planning to turn the CIA and the NSA into peripheral collection systems.  

That was unacceptable to the CIA, an agency with a strong sense of self-importance.  

They acted again today when the head of the CIA refused to brief the House Intelligence Committee on the their claims because the chairman of the committee, Devin Nunes, was part of Trump's transition team.    

Instead, the CIA leaked more information this afternoon to influence electors:

"new intelligence shows that Putin personally directed how hacked material.. was leaked"

However, due to tight legal restrictions on the use of the information the CIA gathers and who it gather it on (i.e. US citizens), I anticipated that any new leak would be from allied sources not covered by these restrictions.  

That proved to be correct:

"The intelligence came from diplomatic sources and spies working for U.S. allies."

What's next?

We can expect to see more leaks this weekend, before the EC votes on Monday.  

What kind of info?  A shred of evidence (a taped conversation would be best), gathered by US allies and not the CIA, that shows that Trump knew about the hack or came to an agreement with Putin.  

At that point, the EC will definitely flip and Trump will be denied an electoral college win on Monday.

After that we head to the courts and start down the road to street level violence.  

To avoid the chaos of merely unseating Trump, the electors may award Hillary Clinton the win since she is best able to gather the establishment around her to fight off Trump's bid.

Regardless, we have moved another step towards what looks more and more like another US civil war.  

It's not a long trip, now that we are a Banana Republic.  

Sincerely,

John Robb

Read the whole story
gmuslera
243 days ago
reply
montevideo, uy
Share this story
Delete
1 public comment
skorgu
244 days ago
reply
2016!
wreichard
243 days ago
Hey, Bolton says the hacks were perpetrated by the Obama administration as a false flag! We have taken leave of reality.
wreichard
243 days ago
And personally, I think people like this are part of the reason Obama has been hesitant to push any of this--because it probably means Civil War in the US.
wreichard
243 days ago
(Not because of the CIA.)

The Real Clinton Conspiracy That Backfired

1 Comment
Comments
Read the whole story
gmuslera
276 days ago
reply
Unlike in the movies where the villain creates a monster that should be able to defeat to get the glory, we won't have The Incredibles to save us from what Hillary's campaing created
montevideo, uy
Share this story
Delete

Votes are being counted as fractions instead of as whole numbers

1 Comment
Comments
Read the whole story
gmuslera
289 days ago
reply
one person, 0.05 vote
montevideo, uy
Share this story
Delete

New leaks prove it: the NSA is putting us all at risk to be hacked

1 Comment and 2 Shares

The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others' computers. Those vulnerabilities aren't being reported, and aren't getting fixed, making your computers and networks unsafe.

On August 13, a group calling itself the Shadow Brokers released 300 megabytes of NSA cyberweapon code on the internet. Near as we experts can tell, the NSA network itself wasn't hacked; what probably happened was that a "staging server" for NSA cyberweapons — that is, a server the NSA was making use of to mask its surveillance activities — was hacked in 2013.

The NSA inadvertently resecured itself in what was coincidentally the early weeks of the Snowden document release. The people behind the link used casual hacker lingo, and made a weird, implausible proposal involving holding a bitcoin auction for the rest of the data: "!!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons?"

Still, most people believe the hack was the work of the Russian government and the data release some sort of political message. Perhaps it was a warning that if the US government exposes the Russians as being behind the hack of the Democratic National Committee — or other high-profile data breaches — the Russians will expose NSA exploits in turn.

The NSA has known of some security holes since 2013

But what I want to talk about is the data. The sophisticated cyberweapons in the data dump include vulnerabilities and "exploit code" that can be deployed against common internet security systems. Products targeted include those made by Cisco, Fortinet, TOPSEC, Watchguard, and Juniper — systems that are used by both private and government organizations around the world. Some of these vulnerabilities have been independently discovered and fixed since 2013, and some had remained unknown until now.

All of them are examples of the NSA — despite what it and other representatives of the US government say — prioritizing its ability to conduct surveillance over our security. Here's one example. Security researcher Mustafa al-Bassam found an attack tool codenamed BENIGHCERTAIN that tricks certain Cisco firewalls into exposing some of their memory, including their authentication passwords. Those passwords can then be used to decrypt virtual private network, or VPN, traffic, completely bypassing the firewalls' security. Cisco hasn't sold these firewalls since 2009, but they're still in use today.

Vulnerabilities like that one could have, and should have, been fixed years ago. And they would have been, if the NSA had made good on its word to alert American companies and organizations when it had identified security holes.

The Obama administration’s pledge to notify companies about flaws in common software

Over the past few years, different parts of the US government have repeatedly assured us that the NSA does not hoard "zero days" — the term used by security experts for vulnerabilities unknown to software venders. After we learned from the Snowden documents that the NSA purchases zero-day vulnerabilities from cyberweapons arms manufacturers, the Obama administration announced, in early 2014, that the NSA must disclose flaws in common software so they can be patched (unless there is "a clear national security or law enforcement" use).

Later that year, National Security Council cybersecurity coordinator and special adviser to the president on cybersecurity issues Michael Daniel insisted that US doesn't stockpile zero days (except for the same narrow exemption). An official statement from the White House in 2014 said the same thing.

The Shadow Brokers data shows this is not true. The NSA hoards vulnerabilities.

Hoarding zero-day vulnerabilities is a bad idea. It means that we're all less secure. When Edward Snowden exposed many of the NSA's surveillance programs, there was considerable discussion about what the agency does with vulnerabilities in common software products that it finds. Inside the US government, the system of figuring out what to do with individual vulnerabilities is called the Vulnerabilities Equities Process (VEP). It's an inter-agency process, and it's complicated.

There is a fundamental tension between attack and defense. The NSA can keep the vulnerability secret and use it to attack other networks. In such a case, we are all at risk of someone else finding and using the same vulnerability. Alternatively, the NSA can disclose the vulnerability to the product vendor and see it gets fixed. In this case, we are all secure against whoever might be using the vulnerability, but the NSA can't use it to attack other systems.

Playing games with language

There are probably some overly pedantic word games going on. Last year, the NSA said that it discloses 91 percent of the vulnerabilities it finds. Leaving aside the question of whether that remaining 9 percent represents 1, 10, or 1,000 vulnerabilities, there's the bigger question of what qualifies in the NSA’s eyes as a "vulnerability."

Not all vulnerabilities can be turned into exploit code. The NSA loses no attack capabilities by disclosing the vulnerabilities it can’t use, and doing so gets its numbers up; it’s good PR. The vulnerabilities we care about are the ones in the Shadow Brokers data dump. We care about them because those are the ones whose existence leaves us all vulnerable.

Because everyone uses the same software, hardware, and networking protocols, there is no way to simultaneously secure our systems while attacking their systems — whoever "they" are. Either everyone is more secure, or everyone is more vulnerable.

Pretty much uniformly, security experts believe we ought to disclose and fix vulnerabilities. And the NSA continues to say things that appear to reflect that view, too. Recently, the NSA told everyone that it doesn't rely on zero days — very much, anyway.

Earlier this year at a security conference, Rob Joyce, the head of the NSA's Tailored Access Operations (TAO) organization — basically the country's chief hacker — gave a rare public talk, in which he said that credential stealing is a more fruitful method of attack than are zero days: "A lot of people think that nation states are running their operations on zero days, but it's not that common. For big corporate networks, persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive."

The distinction he’s referring to is the one between exploiting a technical hole in software and waiting for a human being to, say, get sloppy with a password.

The NSA’s hubris: the "nobody but us" standard

A phrase you often hear in any discussion of the Vulnerabilities Equities Process is NOBUS, which stands for "nobody but us." Basically, when the NSA finds a vulnerability, it tries to figure out if it is unique in its ability to find it, or whether someone else could find it, too. If it believes no one else will find the problem, it may decline to make it public. It's an evaluation prone to both hubris and optimism, and many security experts have cast doubt on the very notion that there is some unique American ability to conduct vulnerability research.

The vulnerabilities in the Shadow Brokers data dump are definitely not NOBUS-level. They are run-of-the-mill vulnerabilities that anyone — another government, cybercriminals, amateur hackers — could discover, as evidenced by the fact that many of them were discovered between 2013, when the data was stolen, and this summer, when it was published. They are vulnerabilities in common systems used by people and companies all over the world.

So what are all these vulnerabilities doing in a secret stash of NSA code that was stolen in 2013? Assuming the Russians were the ones who did the stealing, how many US companies did they hack with these vulnerabilities? This is what the Vulnerabilities Equities Process is designed to prevent, and it has clearly failed.

If there are any vulnerabilities that — according to the standards established by the White House and the NSA — should have been disclosed and fixed, it's these. That they have not been during the three-plus years that the NSA knew about and exploited them — despite Joyce's insistence that they're not very important — demonstrates that the Vulnerable Equities Process is badly broken.

We need to fix this. This is exactly the sort of thing a congressional investigation is for. This whole process needs a lot more transparency, oversight, and accountability. It needs guiding principles that prioritize security over surveillance. A good place to start are the recommendations by Ari Schwartz and Rob Knake in their report: These include a clearly defined and more public process, more oversight by Congress and other independent bodies, and a strong bias toward fixing vulnerabilities instead of exploiting them.

And as long as I'm dreaming, we really need to separate our nation's intelligence-gathering mission from our computer security mission: We should break up the NSA. The agency's mission should be limited to nation state espionage. Individual investigation should be part of the FBI, cyber war capabilities should be within US Cyber Command, and critical infrastructure defense should be part of DHS’s mission.

I doubt we're going to see any congressional investigations this year, but we're going to have to figure this out eventually. In my 2014 book Data and Goliath, I write that "no matter what cybercriminals do, no matter what other countries do, we in the US need to err on the side of security by fixing almost all the vulnerabilities we find. ..." Our nation's cybersecurity is just too important to let the NSA sacrifice it in order to gain a fleeting advantage over a foreign adversary.

Bruce Schneier is the chief technology officer of Resilient, an IBM company, a fellow at Harvard's Berkman Center, and a board member of the Electronic Frontier Foundation. His most recent book is Data and Goliath.

Read the whole story
gmuslera
356 days ago
reply
"at risk of being hacked"... by an unapproved party. Approved parties by them are free to do so, seems.
montevideo, uy
Share this story
Delete

EpiPen Price Hike to $500 Sparks Outrage

1 Comment
Comments
Read the whole story
gmuslera
359 days ago
reply
Give a man a hammer and will see everything as a nail. Give him a monopoly, and see what happens.
montevideo, uy
Share this story
Delete
Next Page of Stories