Report: NSA knew about “Heartbleed” Internet security disaster for two years — and said nothing; Update: NSA denies

posted at 4:09 pm on April 11, 2014 by Allahpundit

This reminds me of Stuxnet in the sense that, in both cases, the feds chose to pursue their own interests knowing full well that sinister forces would inadvertently benefit. They unleashed Stuxnet for a noble purpose, to derail Iran’s enrichment program, but at a high cost — namely, once Stuxnet was identified and the code made public, malevolent states or even malevolent freelancers could appropriate it for nefarious ends. They chose to open Pandora’s box because they hoped that what flew out might, at least, neutralize an Iranian bomb. It worked, for awhile, but Iran’s program survived. As did Stuxnet’s code.

Same deal with Heartbleed. This security flaw didn’t originate with the NSA the way, say, the exploit of Google’s fiber-optic cables did. If the reports today are true, it originated with an act of negligence on New Year’s Eve(!) 2011 by the small team of coders responsible for OpenSSL, the software used by huge swaths of the Internet for encryption. Anyone who knew of the flaw, be it a national security analyst or a hacker looking for easy money, could exploit it to decrypt virtually any encoded information stored by a site using OpenSSL — passwords, credit card info, you name it.

The NSA knew, and said nothing.

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said…

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers…

Evidence [that criminals exploited the flaw] is so far lacking, and it’s possible that cybercriminals missed the potential in the same way security professionals did, suggested Tal Klein, vice president of marketing at Adallom, in Menlo Park, California…

“[NSA officials] actually have a process when they find this stuff that goes all the way up to the director” of the agency, Lewis said. “They look at how likely it is that other guys have found it and might be using it, and they look at what’s the risk to the country.”

Follow the timeline. If the flaw originated in early 2012 and the NSA has known about it for “at least two years,” that means NSA hackers (of whom there are, per Bloomberg, more than 1,000) discovered it almost immediately while the rest of the world, including the criminal world apparently, found out just last week. Are they that far ahead of the tech curve where even a high-profile, ubiquitous piece of encryption software like OpenSSL can’t be cracked by most hackers for years but it can be cracked by the NSA almost overnight? Or is it that freelance hackers, for whatever reason, just aren’t devoting as much energy to cracking it as NSA is? Given that OpenSSL is a key to most of the Internet, you’d think freelancers would have been after it night and day since it launched.

Read this short but alarming Wired piece on who’s responsible for OpenSSL. It’s a team of four coders, obviously skilled but not so skilled that an error this big couldn’t slip past them. And not so well funded that they could afford a thorough security check before going live. Exit question: If the NSA’s goal is to protect national security, is that goal best served by suppressing info about a security hole that exposes data about millions of Americans and their businesses? Or by keeping quiet and using the flaw to find a certain class of very bad guys?

Update: A firm denial from the NSA. The second paragraph here is interesting:

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report. The Federal government relies on OpenSSL to protect the privacy of users of government websites and other online services. This Administration takes seriously its responsibility to help maintain an open, interoperable, secure and reliable Internet. If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.

When Federal agencies discover a new vulnerability in commercial and open source software – a so-called “Zero day” vulnerability because the developers of the vulnerable software have had zero days to fix it – it is in the national interest to responsibly disclose the vulnerability rather than to hold it for an investigative or intelligence purpose.

Plenty of hawks have spent the last few hours defending the NSA for exploiting Heartbleed. Their job is to gather intelligence, not play defense for private websites. They did their job. What’s their story now that the NSA itself says it would have played defense for those websites had it known about OpenSSL?


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

NSA’s motto: “To Protect and To Serve” — Its a cookbook!

tominsd on April 11, 2014 at 4:12 PM

They keep the government secure. America, not so much.

xuyee on April 11, 2014 at 4:13 PM

Report: NSA knew about “Heartbleed” Internet security disaster for two years — and said nothing

Why would they say anything?

Never let a good disaster go to waste.

Dr. ZhivBlago on April 11, 2014 at 4:14 PM

I am even sure they exploited it themselves also. This is how sick and twisted government can get when left unchecked.

If your first reaction is not believing it, then take a moment and think about how we never thought the NSA would go over the lines they have crossed repeatedly.

watertown on April 11, 2014 at 4:14 PM

Knew about it, you say? They were most certainly the ones who originally discovered it and used it to their advantage!

Eschelon on April 11, 2014 at 4:15 PM


NSA’s motto: “To Protect and To Serve” — Its a cookbook!

tominsd on April 11, 2014 at 4:12 PM

Yeah, if in fact they were still chartered to defend US. It seems they are now chartered to defend the government FROM us.

HomeoftheBrave on April 11, 2014 at 4:15 PM

If the NSA’s goal is to protect national security, is that goal best served by suppressing info about a security hole that exposes of millions of America’s private entities in the name of using it to find a certain class of bad guys?

Have they demonstrated any results that show that their goal is, in fact, to protect our security? I must have missed that one.

iurockhead on April 11, 2014 at 4:16 PM

Shoving a cock into an @ss does not procreate no matter how often you do it.
Let me know when the first two guys insemination of their feces creates new life.
You asking what my IQ is? When I was tested I capped the test and was given the highest possible that it could ascertain. I think my I.Q. is satisfactory.

astonerii on April 10, 2014 at 9:31 PM

John the Libertarian on April 11, 2014 at 4:17 PM

Are they that far ahead of the tech curve where even a high-profile, ubiquitous piece of encryption software like OpenSSL can’t be cracked by most hackers for years but it can be cracked by the NSA almost overnight?

It’s not hard to believe. In fact, ‘immediately’ is the most likely time for them to have caught the bug. This is open source, widely used. They can audit all the check ins just like anybody else, and they have the paid manpower to do it. What one coder doesn’t catch, someone else might.

Fenris on April 11, 2014 at 4:19 PM

Why is there still such a thing as the NSA? This criminal organization should have been disbanded when it was exposed.

Another Libertarian on April 11, 2014 at 4:21 PM

Shoving a cock into an @ss does not procreate no matter how often you do it.
Let me know when the first two guys insemination of their feces creates new life.
You asking what my IQ is? When I was tested I capped the test and was given the highest possible that it could ascertain. I think my I.Q. is satisfactory.

astonerii on April 10, 2014 at 9:31 PM

John the Libertarian on April 11, 2014 at 4:17 PM

Lather, rinse, repeat

LeftCoastRight on April 11, 2014 at 4:22 PM

If the NSA’s goal is to protect national security, is that goal best served by suppressing info about a security hole that exposes data about millions of Americans and their businesses? Or by keeping quiet and using the flaw to find a certain class of very bad guys?


Or to use the flaw to further enable their illegal search and seizure of the information of innocent people.

Coincidentally, the company that makes the firewall software I use is EXPANDING their business scope to include VPN hosting combined with VPN integration into all aspects of their software.

I wonder why?

PolAgnostic on April 11, 2014 at 4:23 PM

NSA’s motto: “To Protect and To Serve” — Its a cookbook!

tominsd on April 11, 2014 at 4:12 PM

serve with fava beans and a nice chianti.

rbj on April 11, 2014 at 4:24 PM

John the Libertarian or anyone in the know, I must ask, why do you repeating this nasty quote from Astonerii? S/he is not my favourite person but what are you trying to accomplish? No vent passive-aggressive, I’d just like to know.

JFKY on April 11, 2014 at 4:25 PM

It’s like our government’s soul purpose anymore is to monitor, harass, threaten and steal from it’s citizens.

JellyToast on April 11, 2014 at 4:27 PM

If the NSA’s goal is to protect national security, is that goal best served by suppressing info about a security hole that exposes data about millions of Americans and their businesses? Or by keeping quiet and using the flaw to find a certain class of very bad guys?

Not trying to be snarky here but it depends on who you ask.

The NSA is filled with individuals who had no ethical qualms with the data mining operations because the agency viewed themselves as the good guys. It was (and is) spying but it isn’t spying spying.

“[NSA officials] actually have a process when they find this stuff that goes all the way up to the director” of the agency, Lewis said. “They look at how likely it is that other guys have found it and might be using it, and they look at what’s the risk to the country.”

Somebody should ask Alexander (and also Clapper) about what they were thinking and why they made the decisions they did.

Happy Nomad on April 11, 2014 at 4:27 PM

Read this short but alarming Wired piece on who’s responsible for OpenSSL.

This article at Forbe’s maybe covers it better:
“What’s Really Scary About Heartbleed”

whatcat on April 11, 2014 at 4:29 PM

If the flaw originated in early 2012 and the NSA has known about it for “at least two years,” that means NSA hackers (of whom there are, per Bloomberg, more than 1,000) discovered it almost immediately while the rest of the world, including the criminal world apparently, found out just last week. Are they that far ahead of the tech curve where even a high-profile, ubiquitous piece of encryption software like OpenSSL can’t be cracked by most hackers for years but it can be cracked by the NSA almost overnight?

Or more likely they are responsible for putting the bug there in the first place.

sharrukin on April 11, 2014 at 4:30 PM

Abolish the NSA. There is nothing in the Constitution authorizing them.

ConstantineXI on April 11, 2014 at 4:31 PM

If the NSA’s goal is to protect national security, is that goal best served by suppressing info about a security hole that exposes data about millions of Americans and their businesses?

Given that SSL is an internet standard used by everybody, and that the NSA has a vested interest in maximizing its access to information to achieve the best possible results, yup. Welcome to the exploitation of asymmetric information.

What’ll really burn them up is if there ends up being a flaw they don’t discover but foreigners get to first.

Stoic Patriot on April 11, 2014 at 4:34 PM

I wonder if Edward knew about this???

redguy on April 11, 2014 at 4:34 PM

NSA hackers…discovered it almost immediately while the rest of the world, including the criminal world apparently, found out just last week.

If the NSA employees aware of the OpenSSL error are anything like Mr. Snowden who’s willing to bet the house on that assumption?

Nomas on April 11, 2014 at 4:37 PM

Won’t be long when you go to a log-in protected account instead of a “Forgot Your Password” tab to click there will be an NSA tab to click.

fourdeucer on April 11, 2014 at 4:40 PM

NIA
National Insecurity Agency.

astonerii on April 11, 2014 at 4:42 PM

Given that SSL is an internet standard used by everybody
Stoic Patriot on April 11, 2014 at 4:34 PM

No – not everybody, it’s OpenSSL – i.e. “freeware” – which is compromised on this, though it is used by 66 percent of the sites who use SSL protocol.
http://www.forbes.com/sites/kashmirhill/2014/04/10/whats-really-scary-about-heartbleed

Here’s a list if the Top 1000 sites re: Heartbleed status. Though the big/important sites have patched it since this list was created.

whatcat on April 11, 2014 at 4:43 PM

If the NSA’s goal is to protect national security

Baaawwwhahhhaaaahhhaaaaa..
:O

burrata on April 11, 2014 at 4:44 PM

OT: Harry Reid behind the BLM Bundy land grab in Nevada; to have a Chinese solar firm develop the property into a solar farm. His son Rory was the County commissioner at the time of the deal and is now the lawyer for the land deal…

PatriotRider on April 11, 2014 at 4:44 PM

Yeah if you’re in this business, you’re probably keeping very close tabs on these open source projects so it’s not like they have elite hackers plumbing for vulnerabilities day and night. Probably an intern that checks their source control’s commit logs every day…

Starnick on April 11, 2014 at 4:44 PM

Click on Drudge for the full story…

PatriotRider on April 11, 2014 at 4:45 PM

Won’t be long when you go to a log-in protected account instead of a “Forgot Your Password” tab to click there will be an NSA tab to click.

fourdeucer on April 11, 2014 at 4:40 PM

Won’t be long before three wrong tries at your password results in your phone ringing with NSA at the other end of the line.

Happy Nomad on April 11, 2014 at 4:45 PM

Can’t wait for the EMP attack and start living off of the land again…

Seven Percent Solution on April 11, 2014 at 4:47 PM

Yeah if you’re in this business, you’re probably keeping very close tabs on these open source projects so it’s not like they have elite hackers plumbing for vulnerabilities day and night. Probably an intern that checks their source control’s commit logs every day…
Starnick on April 11, 2014 at 4:44 PM

Though most home users probably should concentrate most on things they can control, with the biggest security culprits being Java, Adobe Acrobat and Flash.

whatcat on April 11, 2014 at 4:48 PM

Why am I not surprised? Has the same effect as finding out Congressman Cummings was partaking in IRS shenanigans.

If the NSA’s goal is to protect national security, is that goal best served by suppressing info about a security hole that exposes data about millions of Americans and their businesses? Or by keeping quiet and using the flaw to find a certain class of very bad guys?

Hail HYDRA!

zacmidnigh on April 11, 2014 at 4:54 PM

Won’t be long before three wrong tries at your password results in your phone ringing with NSA at the other end of the line.

Happy Nomad on April 11, 2014 at 4:45 PM

And before you can answer the phone your door blows in from the hinge side.

fourdeucer on April 11, 2014 at 4:59 PM

Allah, you’ve never programmed, have you?

It’s a team of four coders, obviously skilled but not so skilled that an error this big couldn’t slip past them. And not so well funded that they could afford a thorough security check before going live.

IBM’s shortest program is named IEFBR14 — so named because when IBM’s mainframe OS invokes a program to run, it puts the location to return to in Register 14. This was supposed to be a “do nothing” program, designed so that only the side effects (such as file creation or deletion) associated with the Job Control Language (JCL) which specified that it be run. So the simplest program originally had exactly one instruction, which gave it part of its name –

br r14

It also had a bug, which was discovered by users. Upon return, the operating system would check the return code in register 15, and succeeding steps of the job would be executed or not depending upon the “condition code” returned. But the program never set register 15, so whatever was returned was garbage — because R15 could be used as a “scratch register” and that’s what the operating system used it for.

IEFBR14 worked just fine if you had a single-step job, and not so fine if you had steps which followed the invocation of IEFBR14.

The correct version of the program, which clears register 15 to a known value (zero) is:

sr r15,r15
br r14

which, of course, is twice as many instructions as version 1

http://en.wikipedia.org/wiki/IEFBR14

There are no bug-free programs. Indeed, to prove a program correct involves exponentially more effort than it did to create it. So programmers depend on unit and system tests which test both nominal and (if the tests are good) off-nominal use of the program, but none of these tests will test every path through the program’s instructions.

The Bloomberg article seems to be somewhat political, and we understand the politics of Bloomberg quite well.

Remember how Stuxnet was discovered — it was by the Russians, and it happened because Russians were helping the Iranians and somehow carried the infection home. Indeed, looking at the initial locales of Stuxnet infection gives you a laundry list of individuals and organizations aiding the Iranians in getting a nuclear weapon. So, unlike you, Allah, I had no problem with the use of Stuxnet — because, once it was discovered, Microsoft moved forward quickly with patches to mitigate the vulnerabilities, but Stuxnet not only retarded Iranian development of nuclear weapons by several years, it also outed those who were aiding the Iranians.

The OpenSSL community knew about the problem since December 2013. The reason we are finding out about it only now is due to the fact that the patch sets had finally been released for all major operating systems using OpenSSH — which include Apple, Microsoft, Red Hat,…and appear to be in place.

Interestingly, Apple’s exposure was far less, because Apple’s version of OpenSSL in most of its operating systems predates the introduction of the bug — which says, of course, that Apples’ versions have other problems previously taken care of in the mainstream OpenSSL. In particular, Apple’s implementation bypassed signing checks, which meant that man-in-the-middle attacks which had been mitigated on newer systems were still possible for Apples’. That bug was just patched also.

There’s a site which you can use to check your online retailer for presence of Heartbleed — http://filippo.io/Heartbleed/

Even though the bug might be patched at your merchant’s site, that doesn’t mean you were not previously at risk. If the bug has not been patched, then I would recommend deferring use of that merchant until their server is patched — and then you should change your password if you are the least bit paranoid

unclesmrgol on April 11, 2014 at 5:09 PM

It’s a team of four coders, obviously skilled enough to write security software, but dumb enough to write it in C.

FIFY

corona79 on April 11, 2014 at 5:11 PM

FIFY

corona79 on April 11, 2014 at 5:11 PM

Java is written in C. Perl is written in C. Linux is written in C. Android’s OS is written in C.

C is not a dumb language. It is a powerful language, and with power comes abuse of power.

One of the most powerful features of C is its ability to bootstrap itself. The C compiler is written in C. Even gnu’s C++ compiler is written in C. In fact, try writing a Java compiler and interpretor in Java and see how far you get.

unclesmrgol on April 11, 2014 at 5:20 PM

I don’t think the NSA really needed that hole.

Eric Holder Admits That, If It Wanted, NSA Could Collect Internet Searches & Emails Just Like Phone Metadata

slickwillie2001 on April 11, 2014 at 5:22 PM

I’m so disturbed by the fact that I understand these programming comments that I’m trying to figure out how to take my own lunch money.

John Deaux on April 11, 2014 at 5:28 PM

And just who is it that will hold these criminals accountable? God help us and save us from liberal big government.

ultracon on April 11, 2014 at 5:32 PM

What part of “Nothing comes out of the NSA” do you not get?
It isn’t their job to do internet security, but it is their job to exploit whatever they can.

Count to 10 on April 11, 2014 at 5:43 PM

What part of “Nothing comes out of the NSA” do you not get?
It isn’t their job to do internet security, but it is their job to exploit whatever they can.

Count to 10 on April 11, 2014 at 5:43 PM

So what exactly do they do besides spy on Americans? I ask because I think foreign intelligence services will do that for free.

Apparently its up to the Russians to try to stop the terrorists like the Boston Bomber. They warned the FBI three times.

New IG report blames Russia for withholding info on Boston Marathon bomber

So what does the NSA do? They certainly don’t predict invasions of Crimea, Georgia, or what have you.

sharrukin on April 11, 2014 at 5:54 PM

This site gives a good explanation on the seriousnes of this Heartbleed bug.

Original release date 4/7/14, updated 4/11/14

http://www.kb.cert.org/vuls/id/720951

Also, the latest from Netcraft: http://news.netcraft.com/

From Netcraft info, it doesn’t seem like these Companies/websites are doing what is needed ASAP.

bluefox on April 11, 2014 at 6:04 PM

sharrukin on April 11, 2014 at 5:54 PM

Speaking of Russia, I wish you would listen to a Bible Teacher I heard last night. He had the foresight to record 5 years of his radio program. He passed away 26 years ago, but you would think he just recorded that program yesterday.

Supporters fund his 5 year program and so it continues today.

bluefox on April 11, 2014 at 6:11 PM

One of the most powerful features of C is its ability to bootstrap itself. The C compiler is written in C. Even gnu’s C++ compiler is written in C. In fact, try writing a Java compiler and interpretor in Java and see how far you get.

unclesmrgol on April 11, 2014 at 5:20 PM

+1

tominsd on April 11, 2014 at 6:11 PM

unclesmrgol on April 11, 2014 at 5:09 PM

You have a version of that in Sinclair ZX81 Basic?
:D

Other sites to use to test if a site is Heartbleed-free.

https://www.ssllabs.com/ssltest

https://lastpass.com/heartbleed

whatcat on April 11, 2014 at 6:16 PM

One of the most idiotic “features” of C is its lack of boundary enforcement.

FIFY

gets(), anyone?

corona79 on April 11, 2014 at 6:19 PM

unclesmrgol on April 11, 2014 at 5:20 PM

You might be interested in this site.

http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html

bluefox on April 11, 2014 at 6:26 PM

I find it entirely believable that the NSA has a small team of experienced software developers who are assigned to do their own internal code reviews of changes introduced into each new version of free software that’s used in mission-critical Internet infrastructure, looking for potentially-exploitable vulnerabilities.

I’ve been in IT and software development, for over 20 years. I don’t recall offhand if the OpenSSL project publishes a publicly-accessible repository of their code base, or if they just do a code drop for each release; but it’s entirely plausible that the NSA was aware of this bug within 2-3 weeks of the exploitable version of OpenSSL getting released, and starting slowly propagating and spreading throughout the intertubes; or, if OpenSSL has a publicly-accessible repo, even /before/ the first exploitable version of OpenSSL came out.

mrsam on April 11, 2014 at 6:32 PM

Speaking of Russia, I wish you would listen to a Bible Teacher I heard last night. He had the foresight to record 5 years of his radio program. He passed away 26 years ago, but you would think he just recorded that program yesterday.

Supporters fund his 5 year program and so it continues today.

bluefox on April 11, 2014 at 6:11 PM

You must mean J. Vernon NcGee.

whatcat on April 11, 2014 at 6:33 PM

bluefox on April 11, 2014 at 6:11 PM

You must mean J. Vernon NcGee.

whatcat on April 11, 2014 at 6:33 PM

Yes, I am. I found last night’s program addressed the current political state of our Country. Unbelievable. Hope you heard it:-)
I may download the MP3 to my PC.

bluefox on April 11, 2014 at 6:43 PM

OT: Harry Reid behind the BLM Bundy land grab in Nevada; to have a Chinese solar firm develop the property into a solar farm. His son Rory was the County commissioner at the time of the deal and is now the lawyer for the land deal…

PatriotRider on April 11, 2014 at 4:44 PM

That would not surprise anyone. I’ve been following this on Freerepublic. Prayers for Mr. Bundy and his family.

bluefox on April 11, 2014 at 6:56 PM

I personally find it far more believable that the NSA paid them to insert this bug, or compromised OpenSSL’s systems and introduced it themselves.

They previously paid off Symantec (Norton) and RSA to compromise their encryption with difficult to change default settings that are never presented to a user. By using substandard, identifiable seeds (“random” numbers that aren’t truly random), they reduce the effectiveness of normal encryption.

It’s just par for the course for this band of thieves. If you want net privacy, TOR, Tails, gnupg. Otherwise, forget it. They’re stealing everything you have until they’re put in jail.

Asurea on April 11, 2014 at 7:13 PM

What part of “Nothing comes out of the NSA” do you not get?
It isn’t their job to do internet security, but it is their job to exploit whatever they can.

Count to 10 on April 11, 2014 at 5:43 PM

You’d think it would be a wake up call to all those delusional Democrat voters who actually believe the government exists to look out for our best interests, eh?

John Deaux on April 11, 2014 at 7:18 PM

Update: NSA denies

So? We don’t believe anything the NSA says anymore.

Happy Nomad on April 11, 2014 at 7:19 PM

Yes, I am. I found last night’s program addressed the current political state of our Country.
bluefox on April 11, 2014 at 6:43 PM

Yup. I thought that too when I heard it this morning.

whatcat on April 11, 2014 at 7:20 PM

OT: Harry Reid behind the BLM Bundy land grab in Nevada; to have a Chinese solar firm develop the property into a solar farm. His son Rory was the County commissioner at the time of the deal and is now the lawyer for the land deal…

PatriotRider on April 11, 2014 at 4:44 PM

Well it IS Nevada, so you have to figure that if something nefarious is going on, it would have the stank of Dingy Harry all over it.

slickwillie2001 on April 11, 2014 at 7:21 PM

J Vernon is awesome. Been on the bible bus for two trips now.

Murphy9 on April 11, 2014 at 7:28 PM

bluefox on April 11, 2014 at 6:43 PM

Yup. I thought that too when I heard it this morning.

whatcat on April 11, 2014 at 7:20 PM

Glad you heard it. His program comes on my local radio station in mid afternoon and at 2AM. In my opinion, he’s the best Bible Teacher I’ve ever heard. I like his question & answer program on the weekends too.

bluefox on April 12, 2014 at 1:25 AM

Murphy9 on April 11, 2014 at 7:28 PM

Oh, that’s great. I miss some of the programs and I like that he sort of refreshes a bit on the next one. I’ve always been amazed at his insight and wondered how one person could learn that much in one lifetime.

bluefox on April 12, 2014 at 1:31 AM

I’m so disturbed by the fact that I understand these programming comments that I’m trying to figure out how to take my own lunch money.

John Deaux on April 11, 2014 at 5:28 PM

LOL

I spent a good part of my professional career chasing obscure bugs in FORTRAN and PI/1.

Good times, good times.

AesopFan on April 12, 2014 at 2:32 AM

I work at IBM in a “clean room” where we all wear Tyvek suits and nylon face masks. One of the new hires (and unrepentant liberal dunce) made this statement in a conversation on government spying, the NSA and the privacy rights of American citizens today:

“There’s no way President Obama would allow the NSA to spy on our cloud computing web sites like Evernote…”

One of the maintenance guys (20+ years with the firm and raised in a red state) laughed so hard his nylon mask broke apart.

thejackal on April 12, 2014 at 9:11 AM

One of the maintenance guys (20+ years with the firm and raised in a red state) laughed so hard his nylon mask broke apart.

thejackal on April 12, 2014 at 9:11 AM

LOL A *shaking your head* moment. Hope you and your friend are around when reality hits this newbie.

bluefox on April 12, 2014 at 10:20 AM