Today WikiLeaks published the CIA leak. The leak is a dump of over 7,500 internal CIA Confluence pages which include documentation of their tools, how-to guides, best practices and more. Vault 7 Instead of discussing the (im)morality of the CIA not disclosing the exploits they use on Android, iOS and Windows system — you can find plenty of those elsewhere — I will go through some unexpected gems of tech wisdom I found during a quick read of some of the documents. It’s amusing to see how, after all, under all the layers of secrecy and mystery we are all engineers facing similar challenges and using the same tools. Starting with the obvious: . Yes, the very same tools you use every day and love/hate. But there’s much more. the CIA uses JIRA , Confluence and git CIA developers also hate process Our workflow is pretty simple. A developer picks the item he is going to work on (something like implement compression) and creates a feature branch off of DEVELOP. The developer then goes and implements the changes and when complete a pull request is created to inform the team that he is done, and the changes should be merged. This is a pull request in a nutshell. That sounds like process, wait one second while I grab my pitchfork. User #1179751 — “ ” Justifying Implementing Pull Requests on Small Teams Not only they hate process as most of us do, but they seem to have a sharp sense of humor. They do Code Reviews & prefer small Pull Requests Keep the scope of feature branches narrow. It is much easier to do a code review on 100 lines of code, over a couple of thousand. User #1179751 — “ ” Justifying Implementing Pull Requests on Small Teams Words of wisdom, right here. They store passwords in clear text OSB unclass laptop #1 password (tag 2005K676, Dell service tag: 7731Y32): “OSBDemoLap9W53!” ( ) Without quotes OSB unclass laptop #2 password (tag 2005K677, Dell service tag: CN81Y32): “0sbP@ss” ( ) no quotes, first chracter is a zero User #7995631 — “ ” (added emphasis) OSB Passwords Not only they store passwords in clear text in a public wiki but it seems that even top notch government hackers need clarifying notes to solve the eternal conundrum of “ ”. The hilarious and sarcastic responses to the post feel almost as witty as a Reddit thread (emphasis added): Are the quotes part of the password? 2015–01–30 15:29 [ ]: User #9535837 That was a smart security decision. Please like my comment. 2015–01–30 15:10 [ ]: User #14588054 I noticed, but I still when I first saw the page. cringed 2015–01–30 14:50 [ ]: User #7995631 Its locked down to the OSB group… idk if that helps. 2015–01–30 14:30 [ ]: User #14588054 Am I the only one who looked at this page and thought, “I wonder if security would have a heart attack if they saw this.”? They believe in the “Bus Factor” If your physical form were displaced from the space-time in which it occupied, by the sudden and presence of a , would all the development work, ideas, and knowledge that you have contributed to the organization continue to be useful or even AVAILABLE? forcibly urgent large commuter bus User #524297 — “ ” Single Bus Theory Which is a grandiloquent way of saying: “ ”. Make sure you document everything and transfer knowledge in case you get ran over by a bus They need git cheatsheets too The “Oh crap I didn’t mean to commit yet” Trick # undo last commit and bring changes back into staging (i.e. reset to the commit one before HEAD) $ git reset — soft HEAD^ User #524297 — “ ” Git Trips & Tricks I agree, git CLI is far from perfect and hard to learn. They do use IRC, like in the movies Why IRC? For colloboration<sic>! We can easily chat with each other now! IRC is 1337! Author unknown — “ ” Internet Relay Chat Slack and HipChat are too mainstream. They also used pirated versions of Windows Skipping Windows 8 Activation The default MDSN Windows 8 installation requires Product Key Activation in order to setup. The following steps are useful in editing the MSDN iso to enable the Skip button during the install. […] User #3375374 — “ ” Funny Code 2013a C’mon… we’ve all done it. Yes, they search answers on StackOverflow too The answer came from a single StackOverflow post that mentioned a side-effect of opening a volume handle in a peculiar way. Although the author of the post cautioned the technique may not be reliable, we found in our testing that it was 100% effective on our target platform (Windows XP x64). User #71473 — ” Wait, didn’t I just securely delete that file?” Finally, they love their memes as much as anyone Sharp sense of humor, as I said.
