35 Burst results for "Simons"

Wife of Missing Chinese Official Calls Government a 'Monster,' 'They Eat Their Children' - Newsweek

AP News Radio

00:34 sec | Last week

Wife of Missing Chinese Official Calls Government a 'Monster,' 'They Eat Their Children' - Newsweek

"Pressure to address concerns of the safety of a Chinese professional tennis player who has gone missing thanks why went missing school after accusing a former top government official of sexual assaults many abroad have called on China to show how well being the calls come off to Chinese state media pace didn't email in which banks says she's safe and that the assault allegation is untrue Steve Simon the CEO of the women's tennis association said he did not believe paying both the email all believed what was written the W. T. A. S. demanded a full investigation and is prepared

Steve Simon Tennis Women's Tennis Association China W. T. A. S.
Andrew Klavan: You Have to Be Able to Speak the Plain Truth

America First with Sebastian Gorka Podcast

01:04 min | Last month

Andrew Klavan: You Have to Be Able to Speak the Plain Truth

"Welcome back to America first one on one with Andrew clavin. You mentioned that people are starting to realize the importance of culture and the emotional frequency on which people have to be appealed to. Yes. And it really, it's going to need to be fearless. And it's very hard to do. Because everybody's got something to lose. Everybody's got something to lose. And the thing about it is, is you have to be able to speak the plain truth. Without rage, and without hatred, you really do it, because sometimes we get so angry and they're very good at making us anger. That's one of Obama's superpowers. He can make people so angry. That even when you're speaking the truth, you sound like you're kind of a bad guy. And we have to learn, you know, it's that old Paul Simon song. You got to have some tenderness in your honesty. We have to speak the truth absolutely fearlessly. People say, when I talk about being polite when I talk about being respectful when I talk about being civilized, people think I'm being restrained or cowardly. Not in the least. I think you can see you need to say without shouting in people's faces. And then they start to experiences myself. They start to say, you know what? That's actually

Andrew Clavin America Paul Simon Barack Obama
Dan and Mark Meadows Know How to Thwart Cancel Culture

The Dan Bongino Show

01:17 min | Last month

Dan and Mark Meadows Know How to Thwart Cancel Culture

"We're talking to Mark Meadows former chief of staff to president Trump former congressman from North Carolina is an upcoming book called the chiefs chief check it out available on pre order and don't worry So I'm not going to let them cancel here We're going to have you back in the day the book's release or that week I am if they cancel you in one spot we'll just push it to another spot for sales It's just a beach ball underwater So don't worry about that There's no chance That means a lot And honestly the publishers Dan you get this The publishers I went with actually had been canceled from two of the biggest publishing houses Kate hartson Luis Burke Simon Schuster and another well-known publisher had been canceled And that's why I went with them We're not going to let the left win So with Friends like you I can't help but succeed Yeah I mean listen anything they cancel I just create an alternate tech platform I mean they tried to cancel us by demonetizing us on YouTube I got involved with rumble you know they booted us with Twitter I went over to parler that I heard people get canceled for books I started a book publishing thing So I put my money where my mouth is I don't know what that surprised me a bit So thank you for being a friend to the conservative movement

Mark Meadows President Trump Kate Hartson Luis Burke Simon Chiefs North Carolina Youtube Twitter
"simons" Discussed on "You're In Charge: Conversation that Spark Change" with Glenn Pasch

"You're In Charge: Conversation that Spark Change" with Glenn Pasch

01:31 min | Last month

"simons" Discussed on "You're In Charge: Conversation that Spark Change" with Glenn Pasch

"I believe there's two great qualities of leaders that septum apart from others. One is their ability to coach and develop their team, managing down, leaning in, helping them achieve their potential and generate consistent success. But I think the other trait that really separates the really truly great leaders is their ability to manage up or reach up to those in their organization or outside of their organization to create a network of people that are going to help mentor them. Push them to maximize their potential. I think we have a tendency as leaders to think that once we hit a certain level, we don't need help, but the truly great ones really are always searching for someone to help them push them coach them. And that's what we're talking about in today's power episode of the podcast with Scott simons. Now he by all means is an incredibly successful individual. He's a partner in owning automotive dealerships and multiple other businesses, but the key to his success and he shares that today is surrounding himself with other like minded individuals who are successful who challenge him, show him different ways to strategically become a better business person, a better person himself and a better leader. So let's dive into today's power episode of you're in charge conversations at spark change and chat with Scott simons about surrounding yourself with people who are.

Scott simons
Armando Simón Exposes the Left's Lies About Christopher Columbus

Mark Levin

01:57 min | Last month

Armando Simón Exposes the Left's Lies About Christopher Columbus

"And we know what marxists do to history Well there's a piece today in where is this Sorry folks issues and insights By amando Simone the let me read this to you The accusation which often sound more like insults than rational accusations about Columbus Range from the gruesome claiming he chopped off Indians hands for not bringing gold or carrying out genocide total fabrications To the infantile ridiculing the fact that one of his ships sunk he was not the captain of that particular ship and they were sailing an uncharted seas Abounding in hidden reefs to the stupid Democrat politicians and Native Americans claiming that Columbus carried out genocide in North America where he never set foot nor sail Nonetheless we can expect the usual posturing and slogan airing on Columbus day as you heard By historically illiterate leftists in indigenous people some of the latter being about as Native American as Elizabeth Warren One should consult primary sources preferably in the original Spanish and not in translations His log book they called the capitulations legal documents also known as the book of privileges The contemporary biographies and especially Lewis Castro vehi testamento And others Both written by friar bartolome de la casas was every schoolchild in Spain and the Caribbean nose was the apostle of the Indians for working indefatigably to protect the Indians from his fellow Spaniards De la casas never mentions Columbus committing any crimes And a Las casas did not shrink from the accusing anyone When the contrary mentions Columbus as a constantly protecting the

Amando Simone Columbus Lewis Castro Elizabeth Warren Friar Bartolome De La Casas North America De La Casas Caribbean Spain Las Casas
Ravens Honor the Late Michael K. Williams With Omar Whistle From 'the Wire'

The Dan Patrick Show

00:40 sec | 2 months ago

Ravens Honor the Late Michael K. Williams With Omar Whistle From 'the Wire'

"David. Simon he was the creator of the wire walked into the stadium last night for the ravens win over the kansas city chiefs. He got to hear the omar whistle from the wire. They played that in the stadium last night. So the sound of omar whistling to farmer in the dell as they had their opener last night. It was pretty cool pretty cool moment. There is david. Simon said it's the little things that are going to get me. I guess but michael is going to last but Omar one of the great characters. Michael k williams found dead and At age fifty four. That was a couple of weeks ago.

Simon Kansas City Chiefs David Ravens Omar Dell Michael K Williams Michael
Goodson Runs for 153 Yards, 3 TDs in No. 5 Iowa's Victory

AP News Radio

00:41 sec | 2 months ago

Goodson Runs for 153 Yards, 3 TDs in No. 5 Iowa's Victory

"Tyler Goodson ran for a career high one hundred fifty three yards and three touchdowns and fifth ranked diet was thirty to seven trouncing of Kent state goods and had a forty six yard touchdown run in the first quarter and added a thirty five yard scoring run in the third we knew they had a good defense they ask the athletes but the guys in front of the good job enter Simons and okay sure the running backs hello yes hello split second just to get over the top of it when they did and they did that he capped the scoring with a two yard burst in the final period the Hawkeyes offense had four hundred forty yards after averaging two thirty eight in the first two games I will also limited can't stay to eighty yards on the ground two hundred eighty below its season average I'm Dave Ferrie

Tyler Goodson Simons Hawkeyes Dave Ferrie
Everyone Should Have a 'Not to Do List'

The Mindvalley Podcast with Vishen Lakhiani

00:55 sec | 2 months ago

Everyone Should Have a 'Not to Do List'

"To create aim of education. And self help is not knowledge for knowledge sake. It's action right. Knowledge times actually equals power. You want to act like a person of thought and you wanna think like a person of action right but what keeps you from acting. Because if you don't act you don't get the result right and so i believe for part of our mindset. You have your to do list. Every successful people have person has to do list in your to do list is probably really really large. I'm suggesting you have not to do this when it comes to your mind set. What's on your to-do list you know. Simon cynic and i have a video on facebook as thirty seven plus million views. Probably one of the people that watched it shared it. Just talk much. Your phone Train your brain to just be distracted reactive right in all those things and that should be on your not to list or don't at your phone that last half an hour a day in the first half an hour a day right and you know this stuff but are you doing

Simon Cynic Facebook
Chatting With the Authors of 'Change Ringing on Handbells'

Fun with Bells - bell and handbell ringing interviews

02:29 min | 2 months ago

Chatting With the Authors of 'Change Ringing on Handbells'

"My guest today a teen stuck settling and simon gay who are the authors of two volumes of books on changing on handbells the i was published in twenty twenty and the second is imminent. Can you give me an overview of the first book the basic techniques book how it's structured and what it contains it starts right from the beginning and it doesn't assume any knowledge of changing your handbells or even on tower bells. In fact the eddie chapters would also be a good introduction to the basic principles of changing itself. We hope so. It covers everything from how to find set at handbells have about buying handbells to go about finding people to ring with and then it works through the steps in changing starting from played hunting going through playing ball hand other straightforward methods and in the later chapters it gets up to kenton oxford triple major and finally w. so stop short moving onto surprise methods which will remain subject of volume two but it covers everything up to a standard repertoire including surprise methods aka and tina. Was there anything else that you wanted to add about the book. Yes i volume. The book covers territory that quite few other older books on handball ringing cover what i hope our books stands out as is really starting from first principles so you really have to know nothing about changing. And you don't even have to be a bell ringer to pick this book up and learn to ring bells so it really talks about how to find other ringers. What bell ringing is introduces each method in a lot of detail. At the other thing about it is that it has a lot of really guitar grams. Which simon has done a really good graphics program for a so everything is not worthy in the way older bell ringing. Instruction books are so that. Yeah so we definitely want to point it at a wide audience as possible. Do you get feedback on. Who's reading it. mostly people who are already ringers. And that's probably really. We haven't done. Wider marketing of potential audiences are international groups of tune. Bell ringers for example who might want to branch out into other types of ringing. A lot of people have picked up our books through the promotion. You can order a set at emails. Guitar book for discount and a lot of people have picked up their rigging that way. In the lockdown there have been more sales of our book because of the lockdown than might have been

Kenton Oxford Simon Handball Tina AKA Bell
Remembering Michael K. Williams & His Legacy

Awards Chatter

01:48 min | 2 months ago

Remembering Michael K. Williams & His Legacy

"Today's episode. We remember the magnificent character actor. Michael kenneth williams. Who was found dead on monday of a suspected drug overdose at the age of fifty. Four williams was a five time emmy nominee for best supporting actor in a limited series or tv movie for bessie in two thousand fifteen. The night of in two thousand sixteen and when they see us in two thousand nineteen for best informational series or special for vice in two thousand eighteen. He was an executive producer of the show. And for best supporting actor in a drama series this year for hbo's lovecraft country indeed. Even before his tragic passing he was the favourite to take home. His first statuette on september nineteenth williams also appeared on the sopranos alias. Boston legal happened. Leonard and many other acclaimed. Tv shows as well as in films. Such as two thousand seven's gone baby gone two thousand nine the road and two thousand thirteen twelve years a slave which won the best picture oscar but he was best known for his work on to other. Hbo drama series for which he criminally never was even for an emmy the wire on which he played omar little and boardwalk empire on which he played chalky white the wire which was created by david. Simon is considered by many including me to be the greatest show in the history of television. And he the greatest character on it a gay shotgun-wielding stick up man who terrified even baltimore's most hardened criminals whistling hunting. We will go as he stopped the streets and famously warning one challenger you come at the king you best not miss. The new york times described the character quote one of primetime preeminent anti heroes in a tv era defined by them close quote

Michael Kenneth Williams Williams Bessie Emmy Omar Little HBO Leonard Boston Oscar Simon David Baltimore The New York Times
Remembering Michael K. Williams & His Legacy

Awards Chatter

01:58 min | 2 months ago

Remembering Michael K. Williams & His Legacy

"Today's episode. We remember the magnificent character actor. Michael kenneth williams. Who was found dead on monday of a suspected drug overdose at the age of fifty. Four williams was a five time emmy nominee for best supporting actor in a limited series or tv movie for bessie in two thousand fifteen. The night of in two thousand sixteen and when they see us in two thousand nineteen for best informational series or special for vice in two thousand eighteen. He was an executive producer of the show. And for best supporting actor in a drama series this year for hbo's lovecraft country indeed. Even before his tragic passing he was the favourite to take home. His first statuette on september nineteenth williams also appeared on the sopranos alias. Boston legal happened. Leonard and many other acclaimed. Tv shows as well as in films. Such as two thousand seven's gone baby gone two thousand nine the road and two thousand thirteen twelve years a slave which won the best picture oscar but he was best known for his work on to other. Hbo drama series for which he criminally never was even for an emmy the wire on which he played omar little and boardwalk empire on which he played chalky white the wire which was created by david. Simon is considered by many including me to be the greatest show in the history of television. And he the greatest character on it a gay shotgun-wielding stick up man who terrified even baltimore's most hardened criminals whistling hunting. We will go as he stopped the streets and famously warning one challenger you come at the king you best not miss. The new york times described the character quote one of primetime preeminent anti heroes in a tv era defined by them close quote given this week. Sad news i thought i would resurface an interview that i recorded with williams just over a decade ago. Shortly after the first season of boardwalk empire

Michael Kenneth Williams Williams Bessie Emmy Omar Little HBO Leonard Boston Oscar Simon David Baltimore The New York Times
"simons" Discussed on Jogo Bonito

Jogo Bonito

03:29 min | 3 months ago

"simons" Discussed on Jogo Bonito

"And the failure to accept that people they like would mile or think a heroes kind of ugly side and that dynamic for unite funds or renowned funds in general is something that nobody's really touched upon no not enough has been you know big enough lawyers been shown upon that as well said an unfortunate reality is that and crow Too big to be impacted by these current Methods of talking about The situation so is reality but that that's that's all went to psych of youtube clean barrel. It's really struck me this week with the release of kanye west new album and his association with I known in debate and obviously with marley mountain action is being led against him at the minute can. Us in mainstream media. Take an awful lot of flax. That and i'm not defending him for that. Because i think his a parent to say shape such people feel like is known that are mental health issues. There and i feel like now. That's no excuse. Why wise k. To attack that pass and not someone else who is you could argue that. They are at the same level within their respective fields. They as many people know cristianos they do kanye west so why is not the same in sport. I don't understand the dynamic. It's the same of course sports. That's something that i found Thing isn't it and there was a study done a while ago condom. Podcasts isn't doing but it's it's one of the reasons support football teams We identity bond with them. It's really invasive It's happening a lot in uk politics Where it becomes kind of supporting them. No matter what so Whereas with kanye you don't identity bond to that level Because of all these reasons he said. I'm not saying that's the only one i'm not saying. That's the reason well but i i would say this might be one of the reasons sega's is i think it's great that we have given time on the part because i think if we awang independence mall football podcasts and most of them and i think lots of them will decision and i think the more people that bernard again it just it just creates a powerful for these things just so just so people are aware and just oh doesn't go away that's important. I'm not sure. Fees if this will go way such limitations and such but yeah we could became on glutton. I would love to know what. Marcus rush vid thinks. Yeah yeah penny crystals anyway right the quick break. Let's get into part to We'll we'll start with some more transfer to into into where these these primarily teams around under and a bit of your teams. Okay see you shortly. Listens.

marley mountain youtube kanye west football kanye sega Us uk Marcus rush bernard
"simons" Discussed on Jogo Bonito

Jogo Bonito

04:22 min | 3 months ago

"simons" Discussed on Jogo Bonito

"But you know it's rinaldo. Ami was less us focus on the this narrative solid because it is simple model addressing discussed the other side. But do you think he got played because we know that he was in paris prior To to for some reason he was in paris. I i just. I thought was masterful by. He's his agent akin. Like they will merge into mendez. Okay they just what. We'll mush your option mendez. And you're the one together But it's brilliant spy him and and actually is kind of in the face of wire. Hurricane was just left looking very very silly with on his face This this guy in the wondrous were that suitors if city weren't available to take To to take dive options weather because it didn't look what. Psc which must have you know like you said the players losing out here but it didn't feel to me felt very small by men. Does i am wholly by united the rinaldo situation. It's not it's not. Panacea is no but a will grow enough and sensible. Enough to understand that whole gay mendez. Tote it around his client aid kind of his job and be kind of a prudent way of doing things. I mean i thought stage that they know united were definitely interested. They obviously have to have second options. How that really lays you know a minorities mind only he. You know i'm you know. Did he actually really wanna play. The ed or parasol will order in his mind. What did that end up whenever no But it seemed it ended up being the most logical fair. I think i seriously could never see bernardo playing pat and obviously he could never have moved to paris at just the with all the messy men by pay neymar dynamic..

mendez rinaldo paris Ami Psc Hurricane bernardo pat
Renaissance Hedge Fund Execs to Pay $7B in IRS Settlement

Wall Street Breakfast

00:34 sec | 3 months ago

Renaissance Hedge Fund Execs to Pay $7B in IRS Settlement

"Simon's and robert mercer along with current and former executives of hedge fund. Renaissance technologies will personally pay as much as seven billion dollars in back taxes interest and penalties to settle a long-running dispute with the internal revenue service a tax settlement. That may be the largest in history simon's who started renaissance before retiring as the firm's chairman. On january i will make an additional quote settlement payment of six hundred seventy dollars according to the firm. Mr simon's will also pay back. Taxes related to his

Robert Mercer Renaissance Technologies Simon Internal Revenue Service Mr Simon
How Crypto Will Fix South Americas Money Problems

The Pomp Podcast

01:03 min | 3 months ago

How Crypto Will Fix South Americas Money Problems

"Simon's here. how are you good. Man figure permanent. Of course Let's start with value. Do you guys building what. What is the goal here. So in simple terms we are a business. I crypto payments solutions for letting america and we are focusing venezuela which is going to hyper inflation and because of that people are looking for stable currencies right for for new solutions and the interesting thing is that typically benders are the ones who said the medium and the currency that they wanna accept right so being a business for solution is actually an interesting way to tackle this problem because we're focusing on giving businesses away to charge in stable points their costumers and in a way we're creating this marketplace say namic within consumers and businesses and the final objective say is to create crypto economies in latin america.

Simon Venezuela America Latin America
Where Do Afghanistan's Refugees Go?

World News This Week

00:40 sec | 3 months ago

Where Do Afghanistan's Refugees Go?

"Abc's sherry preston has more on what happens to those afghan refugees who are able to get out and seek asylum among the first things that afghan refugees would have to put down on the special immigrant. Visas or siv's that get into the united states is where they would want to go jennifer. Simon is in charge of resettlement at the international rescue committee which works with the us government to find places for refugees to live those coming into the country. Have either of family relatives. I wish is something that they would note their applications. There are several regions of the country with relatively high concentrations of afghan families already including northern california northern virginia and parts of

Sherry Preston ABC International Rescue Committee Jennifer Simon Us Government United States Northern California Northern Virginia
Martin Luther King, Jr. Fortnite New Game: I Have a Dream Speech

NPR Politics Podcast

01:30 min | 3 months ago

Martin Luther King, Jr. Fortnite New Game: I Have a Dream Speech

"Epic games the company the developers behind fortnight have done something kind of interesting it also kind of ties into what i cover for npr. So i thought it was really interesting. It is as we pointed out in the last segment. It's the anniversary of the march on washington. And dr king's i have a dream speech and they've worked with time studios in time magazine to create this experience called march through time. Players can be teleported to what they're calling. Dc sixty three which is like this kind of a reimagined alternate universe. Washington dc built by users. And you can actually take your character and traveled to the lincoln memorial and the national mall. And here recordings of dr king. Giving the i have a dream speech. There are also like many games that you can do. Yes are you doing the usual fortnight stuff while you're there like my question. This is my question to an eye full disclosure. I have not gotten a check out this experience myself yet but a really smart gaming journalist. I follow erin ashley. Simon actually did you can find on twitter. She put up a four minute. Video of what people are doing. And yeah there's some of the emotes as they call them of people dancing and things like that but you can also hold up signs at the rally. There are collaborative experiences. That are sort of educational. There were puzzles. So yes some of the traditional fortnight stick. But there's also kind of a learning angle here too. I see people describing it as like an interactive online museum.

Dr King NPR Time Magazine Lincoln Memorial Erin Ashley Washington Simon Twitter
Cuomo Declares State of Emergency: Hurricane Henri Bearing Down on Tri-State

Always In Fashion

01:37 min | 3 months ago

Cuomo Declares State of Emergency: Hurricane Henri Bearing Down on Tri-State

"Hurricane on re is bearing down on the tri state with current models showing the category one storm, likely making landfall by early tomorrow afternoon. Somewhere along Central or Eastern, Long Island. Laundry is expected to come ashore with the sustained winds of at least 80 MPH with wind gusts topping 100 MPH. Widespread flooding is expected and Governor Cuomo declaring a state of emergency for Long Island, New York City, Westchester and the Hudson Valley Coastal Connecticut, also under a hurricane warning, including New Haven, Middlesex and New London counties. Earlier today, Cuomo telling New Yorkers in flood prone areas to evacuate If you know you are in an area that tends to flood if you know you are in a tidal area that tends to flood, if you know You are in an area that is subject to title surgeons. Get out of that area now, please. Widespread power outages are also expected in the city and parts of New Jersey. We're under a tropical storm warning and could see upwards of four inches of rain and winds hitting 50 MPH. Mayor de Blasio, announcing that outdoor dining in the city will be suspended tomorrow. The New York City concert in Central Park is going on as scheduled at this hour with Bruce Springsteen and Paul Simon. Among the headliners. A crowd of 60,000 was expected on the Great Lawn, with the mayor urging all concertgoers to head home immediately as soon as the concert

Governor Cuomo Hudson Valley Coastal Long Island Hurricane Westchester New York City New London Cuomo Middlesex New Haven Connecticut Mayor De Blasio New Jersey Central Park Bruce Springsteen Great Lawn
Aspirin May Help Treat Aggressive Breast Cancer

BBC World Service

01:06 min | 3 months ago

Aspirin May Help Treat Aggressive Breast Cancer

"Breast cancer scientists. The Christie NHS Foundation Trust in Manchester here in the UK say the commonly used painkiller could be employed to make tumors, which are hard to treat more responsive to anti cancer drugs. Starting a trial to see if the painkiller works Health correspondent Simon Dettman reports around one in five breast cancers are triple negative. It's the type that hormone treatment and most targeted cancer drugs don't work against, and it disproportionately affects those aged under 40 and black. They face a treatment combination of surgery, chemotherapy and radiotherapy that can come with side effects. If the clinical trial in humans using aspirin is successful, it could boost the effectiveness of the immunotherapy drug, a value map, which helps immune system target and attack cancer. Charles and Animals have been successful Doctor and Armstrong. The trial leads says that inexpensive aspirin combined with immunotherapy could ultimately provide a safe, new way to treat breast cancer. Simon Deadman. Let's get the

Christie Nhs Foundation Trust Simon Dettman Cancer Breast Cancer Breast Cancers Tumors Manchester UK Charles Armstrong Simon Deadman
The Cure Bassist, Simon Gallup, Says He’s Leaving the Band

MyTalk 107.1

00:40 sec | 3 months ago

The Cure Bassist, Simon Gallup, Says He’s Leaving the Band

"You guys open your show with a song by the cure. Perhaps if you were out Cat video Festival you might have Her DJ Rock lobster spin the song Love Cats by the Cure. Oh, well, the second longest tenured member of the cure just up and decided on Facebook to say he's out of the band. I wonder if he told others before he telling Facebook. Maybe I don't know. Simon Gallup. He is 61 is the bass player. He's been in the cure since 1979 other than the singer Robert Smith. He's the longest tenured member of the band. He just said he is fed up with betrayal, and he's out and good luck to them all. Oh, so that sounds like he did not tell them beforehand. I don't know.

Simon Gallup Facebook Robert Smith
Companies Mulling Charging Unvaccinated Employees More for Health Coverage

WTOP 24 Hour News

00:30 sec | 3 months ago

Companies Mulling Charging Unvaccinated Employees More for Health Coverage

"Against Covid 19 could soon be paying as much as $50 more per paycheck for health insurance. Companies across the US try to protect their employees and themselves from the outbreak. CBS News spoke with Wade Simon's a partner at Mercer Health Benefits Consulting firm. He says the idea of charging unvaccinated employees more for health coverage is gaining momentum among his clients in manufacturing, retail hospitality financial services. And other sectors.

Covid Wade Simon Mercer Health Benefits Consult Cbs News United States
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

01:56 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"Reading your career this i mean. I don't know if i'm betting my career on this. But i'm basically like coming out and saying in the face of all these facebook people and react people that you guys probably have a problem. You guys probably have a very severe problem and at minimum at minimum. You need to open source this to a lenox foundation like entity to help insulate the web against this thing at minimum. Who man i listen. I don't necessarily. I don't disagree. Because i think that The popularity of react. I mean it certainly would not hurt. It certainly would not hurt for them to release it so that it's too. It's like some foundation right where you know you can have actual multiple organizations collaborating on a thing. Right and i will say is like facebook when you think of the companies that really are are leading the bleeding edge of of security not at least in the top three kind of in my view. So you know. We're by confidence. Let's be honest. let's be honest. They actively do the opposite. Yeah i i did you hear. Did you hear about the vpn company. They acquired several years ago. No i actually didn't hear facebook owns a vpn. I believe let's look it up right now. Facebook did. We'll do another sean stack. What's i'm sorry. I'm just i'm Facebook pays teens to install. Vpn that spies on them. Maybe that's what i'm looking for data. you're talking about. Yeah you're talking about the teenagers were they. Were like oh. This is a different. Oh wait what does this..

lenox foundation Facebook sean stack
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

05:50 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"Effing dot com website. If he wants to change the google search result. He can do that if you have like. If you have some random chrome extension that he happens to own suck can change your search results with with the assumption that that that there's like a back door in reactor something or like some. I mean come on man. Is this a. Is this a back door. It's a message passing to any shared state and by shared state. I mean like any new any frigging like thing. You can sneak a one zero through. Did you ever take a security class in in comparison stay pure science right. Doodo i'm actually entirely self-taught delta okay. So i'm not trying to turn on turn denigrate wherever i took a security because security class that i dropped out of But but on the first project basically what they teach you is if you can sneak a one and a zero through any whole you can sneak in entire program through that hole. And i feel like do. The browser is just full of these little holes. You can sneak ones and zeros through to to an extent so i think that rows actually do quite good in this regard. 'cause like you know as we sit here right now google's got fifteen thousand cores fussing that kobe's fussing meaning trying to sneak ones and zeros effectively through every single. Api service right. And i think that it's an important measure right of like how secure something one is like. You know if you're trying to secure your house it sure helps to have locks on the door you know. That's just that's like a good structural principal for for building. Something insecure like making it down. Obvious how you break. In the thing the flip side of it too though is like how well tested it. Is you take the safe out of fort. Knox that doesn't mean that no one will ever get into that safe right right but that you know in front of kremlin putin's can have that open within the hour right. What makes knock safe is is the end the end and testing of that right they have guns and god knows what and they're running drills all the time on that's why for knox's fort knox that's a similar thing with with what you have with chromium bright especially now that microsoft is entering. The game is that. I'm not saying that these things are not vulnerable disease. But you certainly you see a lot of them. Then things you know on on on browsers then for things like windows and that's because the security posture they take it pretty seriously and they're dumping tons of money into this stuff right so to your point. Yeah you theoretically possible. Scher bright just as much as any other kind of piece of software right but browsers are unique in the sense that they started off from day zero browsers. They started off with zero. Trust model right does not true. Actually when you look at a traditional operating systems they off not with the assumption of multi tenant software that needed to be securely isolated so browsers actually tend to have some of the best security period. You know and that's and that's why we're seeing a lot of companies moving to this stuff because there's not a lot of other great alternatives because again even if you'd promise dino if you want to build something that's got better door locks great but that doesn't mean that doesn't mean that it's any hardly door locks are are to keep the good guys out right. That's that's like that saying so true. They're putting on better door locks but even more fundamental problem. We have a more fundamental problem. And and that's largely a measure of. How much money can you spent. How many cores every minute of the day. Seven days a week during sixty five days a year. How many how many can you have buzzing echoed base right. Got fifteen thousand. I think only outside of that. You're talking nation states anyways like i think that that's From from a security point of view. I think browsers are are uniquely position in that regard right. Let's let's actually assume that browsers are as secure as you're sort of suggesting they might be here. We just reviewed the fact that react is essentially obscure to anybody who does not work on the reactor core team right in the sense. It's a very complicated piece of software for sure. I mean you can certainly audit and review the code and compile yourself or whatever right but nobody does because nobody does because it's not truly open source for sure right like yes. They are kind of driving. The development of that themselves initials that themselves incense right right so if there is one communication channel that react accidentally or on purpose leaves open for the militias like button to access your booked right if they leave. Open one thing in the library. Your worked yeah. Yeah yes absolutely if there is if there is something that is intentionally being left open intentionally or unintentionally oriented centrally for that matter absolutely all right and and if you had to bet ten thousand dollars as to the binary yes or no answer as to whether such a hole existed. What would you bet on in react. Yes i don't know if i'll bet on react i i. I'm a lot more masking binary. Yes or no. You have to bet ten thousand dollars. It can be a fifty one percent a confidence interval or whatever. But like. I'm just asking i'm not asking actually asking. You bet ten thousand dollars unless you want to know it. It's a really interesting question because you like you know. Because i'm betting my.

kremlin putin google fort knox kobe Knox knox dino microsoft
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

05:50 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"Effing dot com website. If he wants to change the google search result. He can do that if you have like. If you have some random chrome extension that he happens to own suck can change your search results with with the assumption that that that there's like a back door in reactor something or like some. I mean come on man. Is this a. Is this a back door. It's a message passing to any shared state and by shared state. I mean like any new any frigging like thing. You can sneak a one zero through. Did you ever take a security class in in comparison with pure science right. Doodo i'm actually entirely self-taught celta. Okay so i'm not trying to turn on turn denigrate wherever i took a security because security class that i dropped out of But but on the first project basically what they teach you is if you can sneak a one and a zero through any whole you can sneak in entire program through that hole. And i feel like do. The browser is just full of these little holes. You can sneak ones and zeros through to to an extent so i think that so rows actually do quite good in this regard. 'cause like you know as we sit here right now google's got fifteen thousand cores fussing that kobe's fussing meaning trying to sneak ones and zeros effectively through every single. Api service right. And i think that it's an important measure right of like how secure something one is like. You know if you're trying to secure your house it sure helps to have locks on the door you know. That's just that's like a good structural principal for for building. Something insecure is like making it down. Obvious how you break. In the thing the flip side of it too though is like how well tested it. Is you take the safe out of fort. Knox that doesn't mean that no one will ever get into that safe right right but that you know in front of kremlin putin's can have that open within the hour right. What makes knock safe is is the end the end and testing of that right they have guns and god knows what and they're running drills all the time on that's why for knox's fort knox that's a similar thing with with what you have with chromium bright especially now that microsoft is entering. The game is that. I'm not saying that these things are not vulnerable disease. But you certainly you see a lot of them. Then things you know on on on browsers then for things like windows and that's because the security posture they take it pretty seriously and they're dumping tons of money into this stuff right so to your point. Yeah you theoretically possible sure. Bright it just as much as any other kind of piece of software right but browsers are unique in the sense that they started off from day zero browsers. They started off with zero. Trust model right does not true. Actually when you look at a traditional operating systems they off not with the assumption of multi tenant software that needed to be securely isolated so browsers actually tend to have some of the best security period. You know and that's and that's why we're seeing a lot of companies moving to this stuff because there's not a lot of other great alternatives because again even if you'd promise dino if you want to build something that's got better door locks great but that doesn't mean that doesn't mean that it's any hardly door locks are are to keep the good guys out right. That's that's like that saying so true. They're putting on better door locks but even more fundamental problem. We have a more fundamental problem. And and that's largely a measure of. How much money can you spent. How many cores every minute of the day. Seven days a week during sixty five days a year. How many how many can you have funding echoed base right. Got fifteen thousand. I think only outside of that. You're talking nation states anyways like i think that that's From from a security point of view. I think browsers are are uniquely position in that regard right. Let's let's actually assume that browsers are as secure as you're sort of suggesting they might be here. We just reviewed the fact that react is essentially obscure to anybody who does not work on the reactor core team right in the sense. It's a very complicated piece of software for sure. I mean you can certainly audit and review the code and compile yourself or whatever right but nobody does because nobody does because it's not truly open source for sure right like yes. They are kind of driving. The development of that themselves initials that themselves incense right right so if there is one communication channel that react accidentally or on purpose leaves open for the militias like button to access your booked right if they leave. Open one thing in the library. Your worked yeah. Yeah yes absolutely if there is if there is something that is intentionally being left open intentionally or unintentionally oriented centrally for that matter absolutely all right and and and if you had to bet ten thousand dollars as to the binary yes or no answer as to whether such a hole existed. What would you bet on in react. Yes i don't know if i'll bet on react i i. I'm a lot more masking binary. Yes or no. You have to bet ten thousand dollars. It can be a fifty one percent. You know a confidence interval or whatever but like i'm just asking i'm not asking actually asking you bet ten thousand dollars unless you want to know it's a really interesting question because you like you know because i'm betting my.

kremlin putin google fort knox kobe Knox knox dino microsoft
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

07:06 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"It in the sense that your your manipulating native elements using a different like rendering engine using java script yob with i mean i think the caveat there right is like it's being bundled in with the application binary right i. I wouldn't expect it to like be able to be exploited over the air. You're i mean. Although i guess with expo actually. That's an interesting interesting implication. Is that if you could actually cause expo all these things that allow over the updates without push me in the app store. That's actually an interesting. I never even thought about that. That actually is a kind of a. That's an an attack vector. That is kind of scary is that it's tear it. Yeah holy cow. I never thought about that. 'cause you're you're actually sidestepping. The app store review process. And you're and you're allowing third party coders download and execute on demand which is like which is interesting from from anita device perspective frightening because the native installed apps have permissions right there like you're browsing the internet casually the sand boxing on that stuff tends to be quite good right. It's interesting yes. So i don't know if you saw start tweeting about this yesterday. And i posted a youtube video. The youtube video got taken down somehow and basically a bunch of like you know. Facebook employees just disagreed with me vociferously. And i'm like okay. Like prove me wrong. Prove me wrong and they said. Show me your evidence. What evidence you need. This is possible right. it's possible. Yeah wow yeah. That's that's pretty frightening. That's like actually pretty frightening. I literally spent two and a half years writing a laudatory book about facebook. I don't know if you knew that called move fast. It's it's it was the number one book and software engineering for some time. I think it now. It's number two number three on amazon. It's super laudatory. The company i love react. I love the ecosystem. I think lennox for the front end basically. It's it is. It is a project that is as important as it has brought us together as a software community but it is also as dangerous as lennox If it's not managed properly. And i think facebook is making a really big mistake by trying to manage this all themselves. Oh the development of react you man. Yeah it's it's it's not real open source. It's fake open source disagree. I don't disagree. I don't disagree with that. actually there does. It definitely does seem to be a bit of a black box. How is it that way like. Do you have any idea how hoax work giving hoax low data onto your screen. You know you're not you're not an expert. You're not a javascript expert. How would you know like i'm not. I'm not a highly technical software. Podcast with sixteen hundred hours of experience. How would i know how react hooks. Work yeah i again i actually. I think this is just an issue across the industry. Right like we're you. Your were all standing on the shoulders of giants right. And i think that the problem is that that's and we've kind of gotten away with this because there's been more good actors than bad but we're read a point now. Where the attackers will i mean you know. People have an incentive to attack. These things have realized that you know doing these brute force attacks you know we've companies have gotten pretty good at securing their api points or whatever right but it's actually a lot easier to go after the developers were building that software in the first place like those are the people that have a target on their back now. He's working in enterprise company as software. Developer has each again to target on their back. Because that's where supply chain attack slipping in during the development process. Right anytime you're you're relying on an open source package which is like all the time right. You know how. Often i mean. How realistic to your to your point is like you even have the requisite knowledge slash time to like for a package. You're going to install to go pore over every line and go okay. Yeah this looks legit like imagining ten thousand line library that for like charting graph or something right. It's like no you're not like you're gonna look at the number of downloads and you know. I don't know whatever right determine if there's something you want to use and you're gonna install it right and that's that is exactly how the stuff happens and now you have something that is militias that like with a nearly every modern development. Jane has access to your entire computer now. Right and this is terrible. Worm factor in the ecosystem particularly around the post. Install script field. that's been unaddressed. Like five years like this brought up by sam. Coney like five years ago has not been addressed We're we're we're actually the first people that have addressed the thing and we're universally start up. You know like doing this stuff. But it's it's it's pretty frightening. Like i think we're i think we're saying i think we're at the beginning stages i i think we're just starting to see what happens when there's an incentive to actually go and invest in attacking developers and developer environments in this offer that the writing so this was such a jarring experience for me. It was actually super drawing for nick to. He was also terrified he was experiencing he. He experienced his own show. I don't even want to go into some of the other stuff we've been experiencing lately But suffice to say my tinfoil hat is very on right. now i started to basically like ima- i thought first of all this repainting attack like it could have taken place in any number of ways right. It could have been any number of vectors. That could have done this right. And then i was talking to to a to a react. Say a a a react. Heavy heavy knowledge expert. I won't say more than that person who was basically saying. Hey look this is actually not the easiest way to do this kind of attack like maybe you could do it but you know actually this is just really not the best way to do it. He sent me a link to some super obscure like php library. That you can use them like dude. If somebody wants to hack the you i they're gonna use react. Why would they use anything else if they want to. Hack the ui on a native device. They're gonna use react native. Why would they use anything else. It's basically made to do this. And as i realized that. I became terrified because i realized like we're already living in the metaverse. Were already living in sucks metaverse. He wants to change anything that we're seeing. He can do it anything. Not just anything on facebook website. Not just anything on a react website. Anything whether it's whether it's angular whether it's the google.

app store lennox facebook youtube anita boxing amazon giants Jane sam nick google
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

07:06 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"It in the sense that your your manipulating native elements using a different like rendering engine using java script yob with i mean i think the caveat there right is like it's being bundled in with the application binary right i. I wouldn't expect it to like be able to be exploited over the air. I mean although i guess with expo. Actually that's an interesting interesting implication. Is that if you could actually cause expo all these things that allow over the updates without me in the app store. That's actually an interesting. I never even thought about that. That actually is a kind of a. That's an an attack vector. That is kind of kind of scary. Is that it's tear it. Yeah holy cow. I never thought about that. 'cause you're you're actually sidestepping. The app store review process. And you're and you're allowing third party. Coders download and execute on demand which is which is interesting from from anita device perspective frightening because the native installed apps have permissions right there like if you're browsing the internet casually the boxing on that stuff tends to be quite good right. It's interesting yes. So i don't know if you saw start tweeting about this yesterday. And i posted a youtube video. The youtube video got taken down somehow and basically a bunch of like you know. Facebook employees just disagreed with me vociferously. And i'm like okay. Like prove me wrong. Prove me wrong and they said. Show me your evidence. What evidence you need. This is possible right. it's possible. Yeah wow yeah. That's that's pretty frightening. That's like actually pretty frightening. I literally spent two and a half years writing a laudatory book about facebook. I don't know if you knew that called move fast. It's it's it was the number one book and software engineering for some time. I think it now. It's number two number three on amazon. It's super laudatory. The company i love react. I love the ecosystem. I think lennox for the front end basically. It's it is. It is a project that is as important as it has brought us together as a software community but it is also as dangerous as lennox If it's not managed properly. And i think facebook is making a really big mistake by trying to manage this all themselves. Oh the development of react human open source. It's fake open source disagree. I don't disagree. I don't disagree with that actually. Does it definitely does seem to be a bit of a black box. How is it that way like. Do you have any idea how hoax work giving hoax low data onto your screen. You know you're not you're not an expert. You're not a javascript expert. How would you know like i'm not. I'm not a highly technical software. Podcast with sixteen hundred hours of experience. How would i know how react hooks. Work yeah i again i actually. I think this is just an issue across the industry. We're your were all standing on the shoulders of giants right. And i think that the problem is that that's and we've kind of gotten away with this because there's been more good actors than bad but we're read a point now. Where the attackers i mean. People have an incentive to attack. These things have realized that doing these brute force attacks you know we've companies have gotten pretty good at securing their api points or whatever right but it's actually a lot easier to go after the developers were building that software in the first place like those are the people that have a target on their back. Now he's working in enterprise company as software. Developer has each again to target on their back. Because that's where supply chain attack slipping in during the development process. Right anytime you're you're relying on an open source package which is like all the time right. You know how. Often i mean. How realistic to your to your point is like you even have the requisite knowledge slash time to like for a package. You're going to install to go pour over every line and go okay. Yeah this looks legit like imagining ten thousand line library that for like charting graph or something right. It's like no you're not like you're gonna look at the number of downloads and you know. I don't know whatever right determine if there's something you want to use and you're gonna install it right and that's that is exactly how the stuff happens and now you have something that is militias that you know like with a nearly every modern developmental. Jane has access to your entire computer now. Right and this is terrible. Worm factor in the ecosystem particularly around the post. Install script field. that's been unaddressed. Like five years like this brought up by to coney like five years ago has not been addressed We're we're we're actually the first people that have addressed the thing and we're universally start up. You know like doing this stuff. But it's it's it's pretty frightening. Like i think we're i think we're saying i think we're at the beginning stages i i think we're just starting to see what happens when there's an incentive to actually go and invest in attacking developers and developer environments in this offer that the writing so this this was such a jarring experience for me. It was actually super drawing for nick to. He was also terrified he was experiencing he. He experienced his own show. I don't even want to go into some of the other stuff we've been experiencing lately Suffice to say my tinfoil hat is very on right. now i started to basically like ima-. I thought first of all this repainting attack like it could have taken place in any number of ways right. It could have been any number of vectors. That could have done this right. And then i was talking to to a to a react. Say a a a react. Heavy heavy knowledge expert. I won't say more than that person who was basically saying. Hey look this is actually not the easiest way to do this kind of attack like maybe you could do it but you know actually this is just really not the best way to do it. He sent me a link to some super obscure like php library. That you can use them like dude. If somebody wants to hack the you i they're gonna use react. Why would they use anything else. If they want to hack the you. I on a native device they're gonna use react native. Why would they use anything else. It's basically made to do this. And as i realized that. I became terrified because i realized we're already living in the metaverse. Were already living in sucks metaverse. He wants to change anything that we're seeing. He can do it anything. Not just anything on facebook website. Not just anything on a react website. Anything whether it's whether it's angular whether it's the google.

app store lennox facebook youtube anita boxing amazon giants Jane nick google
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

06:29 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"Yeah generally. Yeah generally speaking. Yeah anytime imported java script library you are opening up this type of attack effectively right so now. Let's like talk about the real world. So let's say let's say. I just import a normal facebook like button on a webpage. You would agree that the same is true. That facebook could if they wanted to essentially pass messages to change the components. On your webpage. Yeah i think yeah with with with the caveat of like if you're emporia jobs for file from facebook. Cdn which i think is kind of the default that they push you towards. Yeah like they. They could swap that code out to any other number of bad things. Yeah so for example facebook. If you made this page facebook could could take that. Hello world component and blow it up into an entire web page. That looks like facebook. For example facebook could like if they were militias. They could basically do this strategy to take your hello world page and maliciously turn your website into facebook. Yeah yeah i mean. Yeah i it it certainly it certainly possible. It'd be an interesting growth strategy for facebook to do but like but it's certainly possible like if they have javascript executing on your on your webpage. Yeah i mean. I would say it's a little bit more terrifying than interesting and i and i think this is a possibility right. This is a legitimate possibility. This could happen. Let me take it a step further. Do you know anything about react native. Yeah i mean depends on how how much. But but i certainly need you know as a as a technology Yeah i'm familiar with a could this same technique be used to essentially repaint a native application. If if the native application is pulling in well. I mean certainly right like if like typically i mean we're talking about we're kind of talking about well i if you're importing third party javascript. Like yeah absolutely right. I think that. I mean and this i think the same applies for a lot of other languages while this is kind of common across the industry is like if you're importing third party libraries they can get unfettered access right typically to your application at run time. I think that's kind of the major issue here right so yeah i think like react native. You publish malicious react native application. There's nothing really stopping necessarily from going in and and in fact that runtime right. That's not even what i'm saying. I'm saying like let's say i load. Let's say a load like literally like soundcloud and soundcloud doesn't even have React native in it. but i'm i'm operating on an insecure wi fi network and because of that insecure wi fi network a malicious attacker is able to send down the necessary binary to install and run. React native on. Like on my on my application or stay on my iphone and And basically repaint soundcloud to look like something else. Is that possible. I mean potentially right. I mean i i think just about anything is possible. I think because. Now we're now we're kind of getting into the into the the question in in some sense of encryption and and that sort of thing like you know man in the middle of talks right and so i think it kind of depends on the implementer but like yeah sure. I mean theoretically absolutely. It's it's done is it has been done before definite. So here's what. I'm getting by the way i'd love to talk to you about stack blitz. But so i went to defcon recently. And i believe that this attack happened to me. Oh interesting yeah. I was wondering where this is going this is. This is kind of specific. Okay so so so i. I'm interested in so. Tell me about this. So i experienced my native applications being taken over and repainted. Wow yeah it was terrifying. I was just like on ios or android. Or wow what. What was it being renault. Sorry sorry sorry. Sorry was android was android. Okay now in iowa's user that surprise have it's andrea. I'm like okay. Giving so i went to defcon. I basically said look. I'm going to do gonzo journalism. I'm gonna get myself destroyed. It defcon took my devices. I took three three cell phones and a laptop to defcon. And just got myself phoned. And i didn't really do anything to let myself. I just heard that you know if you go to defcon. you're gonna get pound if you take your devices. That's your apparently not supposed to take devices to defcon. But being myself. I took my vices. And i got postponed so i was just like hanging out at my. Does the super super compute. Cto nick dealers hotel. And and and. And i'm i'm logging into the insecure hotel wifi and within a matter of hours to edit three of my cell phones or completely bricked. One of them was a brand new iphone. it was completely bricked. I mean it was it was it was in a meaningful every meaningful sense brick. I couldn't i couldn't like i couldn't use the internet. It was really weird like it was a brand new phone brand new phone who is bricked. i couldn't couldn't access the internet. The only two things to to buy second access the internet on where my laptop which was which was acting super weird and an android phone and the android phone is. What was my main phone before. Before i switched iphone after this experience so i took my android phone to the gym at one point and i experienced this repainting attack. I call it a ui attack. I don't know what else to call it. It scared the living hell out of me. It was super scary. Because i saw some shit. That just was terrifying. Imagine imagine if somebody wanted to repaint your application experienced terrify you..

facebook Cto nick dealers hotel renault andrea iowa
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

06:07 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"But the the question is like is the main threat listening for those messages and and if it is it is it going to send something back right like the and that's user codes like that's code you will be permitted. Doesn't say in the back. You just need to send messages from the militia button to the other component and it's just a one way thing just needs send messages to that button and then have that button do what it wants to do right. Just needs to be unit directional gotcha. Yes it can definitely post message chew. It's parents threat for sure. And then the and the and it's just the is that thread listening for messages and was with and that sort of thing which it most likely is right so again if i had this hello world component and then i load the militias facebook like button and then the militias facebook like button starts posting messages to try to convince the hello world component to change into a like button. That is conceivable right. Yeah i mean you you would have to intentionally added an event listener for the messages coming up and for cross origin frame. You also after you'd have to specify like a wild card. There's kind of a couple of things you would have to do as as the owner of that website to like. Allow this stephen. Make it to the but i'm saying i'm saying from malicious point of view like let's again. Let's say this like button. Is somehow malicious you import this militias button. It's trying to convince the hello world component to turn into a like button. Is there a way to do that. If let's let's say okay let's let's let's put it simply. Okay you've got basically just a hello world reoccupy. It's just an educational like website that you're building a hello world react component. And the next thing you do is like okay. I will now. I want to import a like button to this page. You're just messing around as a developer. But let's say you. You accidentally import by the militias. Facebook like button that the all the bullish facebook like button tries to do is change all of the other elements on the page into bullishness. Facebook like buttons. I'm saying is it possible to design. That militias like button. Is it possible to design that. Yeah yeah i. I think i think so right. I mean especially if you're if you're executing arbitrary javascript on that page absolutely right because you effectively have full control over that page. That point right right so every page generally is going to be able to do this. Every page is able to do this and if you if you did import this militias button it would. It would have the rights. It would have the potential to transform this hello world component into into whatever it wants to. Yeah generally. Yeah generally speaking. Yeah anytime imported java script library you are opening up this type of attack effectively right so now. Let's like talk about the real world. So let's say let's say. I just import a normal facebook like button on a webpage. You would agree that the same is true. That facebook could if they wanted to essentially pass messages to change the components. On your webpage. Yeah i think yeah with with with the caveat of like if you're emporia jobs for file from facebook. Cdn which i think is kind of the default that they push you towards. Yeah like they. They could swap that code out to any other number of bad things. Yeah so for example facebook. If you made this page facebook could could take that. Hello world component and blow it up into an entire web page. That looks like facebook. For example facebook could like if they were militias. They could basically do this strategy to take your hello world page and maliciously turn your website into facebook. Yeah yeah i mean. Yeah i it it certainly it certainly possible. It'd be an interesting growth strategy for facebook to do but like but it's certainly possible like if they have javascript executing on your on your webpage. Yeah i mean. I would say it's a little bit more terrifying than interesting and i and i think this is a possibility right. This is a legitimate possibility. This could happen. Let me take it a step further. Do you know anything about react native. Yeah i mean depends on how how much. But but i certainly need you know as a as a technology Yeah i'm familiar with a could this same technique be used to essentially repaint a native application. If if the native application is pulling in well. I mean certainly right like if like typically i mean we're talking about we're kind of talking about well i if you're importing third-party javascript like yeah. Absolutely right. I think that. I mean and this i think the same applies for a lot of other languages while this is kind of common across the industry is like if you're importing third party libraries they can get unfettered access right typically to your application at runtime. I think that's kind of the major issue here right so yeah i think like react native. You publish malicious react native application. There's nothing really stopping necessarily from going in and and in fact that runtime right. That's not even what i'm saying. I'm saying like let's say i load. Let's say a load like literally like soundcloud and soundcloud doesn't even have React native in it. but i'm i'm operating on an insecure wi fi network and because of that insecure wi fi network a malicious attacker is able to send down the necessary binary to install and run. React native on. Like on my on my application or stay on my iphone and And basically repaint soundcloud to look like something else. Is that possible..

facebook stephen
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

05:40 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"That's it's it's getting pretty serious. So i think over the next half decade or decade. There's a lot there's a lot that's going to have to happen to prevent these things. And i think a lot of people are are a lot of companies are adopting chromium in general is like the work. That's been done. There is perhaps the most well security tested piece of software ever known to man outside of some secret stuff in the government or something. But if you look at like cloudflare workers like their entire security model is based on you know. The guarantees that the v. Eight gives you write for secure multi tenancy and that sort of thing so this like a lot of a lot of what google has invented with with chromium has invested is actually being used to protect against of the worst of this stuff which is pretty interesting right but okay so returning to my example though. Let's let's take it a step further. So let's say i have a web page. All it has is again. A hello world component and. Let's say a facebook like button. So if i import facebook like button. Let's say it's actually controlled by like kind of an evil malicious version of facebook. Let's say it's a bizarro world. Where like facebook as a militias company and this like button loads on your page and the first thing that the like button does is it turns the hello world component into another like button. Is that possible. I think yeah. I mean it depends if you're if you're importing javascript that's just gonna like execute. Yeah like absolutely right. I mean. I think a lot of these like button. Things or whatever from facebook are typically cross origin. I frames in which case like no it. Wouldn't it wouldn't be possible right but like any time you're like taking arbitrary java scripted and throwing it on your page you're pretty much giving you're pretty much giving that script the ability to do whatever it wants. Your page writes a the question is how much do you trust that code wri- reading through it and also is that on demand that you own because if it's not then how much you know what your guarantee that that domains not to end up in the hands of a rogue actor right so i i think those are. That's kind of the the tree of of questions. I think you'd have from a security perspective there. So so this cross s-o-f-i import a like button. It's in a across origin. I frame typically. I mean yeah i mean like you know at least back in the day. I'm not sure what they're doing these days. But i mean that's like the facebook like button used to be a a i frame effectively that you put on your web page then. It was like you know hosted off of facebook server or whatever right and that does give you a really good security guarantees. Because if you're just putting an i frame on your page that is cross origin isolated it. It doesn't have access to actually execute code on the main thread outside of that. I framed on. And that's how we do like that's a big part of how we do our security model with like web container effectively. So is there not a way to post messages to other threats or to communicate messages threats there. Yes and you can use the post message. Api but the the question is like is the main threat listening for those messages and and if it is it is it going to send something back right like the and that's user codes like that's code you will be permitted. Doesn't say in the back. You just need to send messages from the militia button to the other component and it's just a one way thing just needs to send messages to that button and then have that button do what it wants to do right. Just needs to be unit directional gotcha. Yes it can definitely post message chew. It's parents threat for sure. And then the and the and the is that thread listening for messages and was with and that sort of thing which it most likely is right so again if i had this hello world component and then i load the militias facebook like button and then the militias facebook like button starts posting messages to try to convince the hello world component to change into a like button that is conceivable right. Yeah i mean you have to intentionally added an event listener for the messages coming up and for cross origin frame. You also after you'd have to specify like a wild card. There's kind of a couple of things you would have to do as as the owner of that website to like. Allow this stephen. Make it to the but i'm saying i'm saying from malicious point of view like let's again. Let's say this like button. Is somehow malicious you import this militias button. It's trying to convince the hello world component to turn into a like button. Is there a way to do that. If let's let's say okay let's let's let's put it simply. Okay you've got basically just a hello world reoccupy. It's just an educational like website that you're building a hello world react component. And the next thing you do is like okay. I will now. I want to import a like button to this page. You're just messing around as a developer. But let's say you. You accidentally import by the militias. Facebook like button that the all the bullish facebook like button tries to do is change all of the other elements on the page into bullishness. Facebook like buttons. I'm saying is it possible to design. That militias like button. Is it possible to design that. Yeah yeah i. I think i think so right. I mean especially if you're if you're executing arbitrary javascript on that page absolutely right because you effectively have full control over that page. That point right right so every page generally is going to be able to do this. Every page is able to do this and if you if you did import this militias button it would. It would have the rights. It would have the potential to transform this hello world component into into whatever it wants to..

facebook google stephen
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

05:44 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"What i'm asking is can this. Militia component the imported interact with the hello world. Oh certainly i think that that's kind of outside of this. Yeah that's outside the scope of like white like stack bullets necessarily. I'm just i'm just i. This is something. I've been researching alive just kind of curious about it. Yeah totally i mean. It's it's a real problem so like you know for a lot of large companies is exactly why they don't rely on cd ends and that sort of thing this is kind of you know. Were i think even things like dino might have been issue is that there actually is value right to enterprises in particular of like having very hard set origins right where they're going to get packages nassar thing where they can scan these things about them. Kinda yada yada right but yeah absolutely like what you just described as totally totally a you know. A potential attack factor. Some word of you know there's actually been cases of this where you know. There's a cd. Add back a while ago package. You might have heard of it. It's like the cdn for everything. Kinda on mpm. And i think they forgot to redo diaz or something like that but for like a day there is like these pop ups showing up on all the lights having to me yeah turned other some rogue wordpress component. We had one day. We started serving those kind of tebboula kind of ads. That we're like you know. Use worms to reconfigure your hairline or you know can consume consumed gum balls until you can have a reverse mortgage or you know. You won't believe these top ten links for geriatric drug abuse or does these really rural adds that nobody. But nobody actually clicks on and everybody knows that nobody clicks on them but the way that the internet gets paid and we don't really ask question them so these started started appearing on software engineering daily dot com one day. We couldn't figure out which plugging was doing it until we started disabling all the random wordpress plug ins we had. Wow that's that's insane. I mean that's and that's a great example right of like modern software is is. It's surprising its surprising. How how insecure ally the default czar with a lot of this stuff. And that's kind of been why the key things for us over the past five years we've learned a lot about is man there. There's a lot of holes in an emmy now over the past year. It's it's become an issue because you have nation states now that are actually funding these attacks. That's it's it's getting pretty serious. So i think over the next half decade or decade. There's a lot there's a lot that's going to have to happen to prevent these things. And i think a lot of people are are a lot of companies are adopting chromium in general is like the work. That's been done. There is perhaps the most well security tested piece of software ever known to man outside of some secret stuff in the government or something. But if you look at like cloudflare workers like their entire security model is based on you know. The guarantees that the v. Eight gives you write for for secure multi tenancy and that sort of thing so this like a lot of a lot of what google has invented with with chromium has invested is actually being used to protect against so the worst of this stuff which is pretty interesting right but okay so returning to my example though. Let's let's take it a step further. So let's say. I have a web page. All it has is Again a hello world component and. Let's say a facebook like button. So if i import facebook like button. Let's say it's actually controlled by like kind of an evil malicious version of facebook. Let's say it's a bizarro world. Where like facebook as a militias company and this like button loads on your page and the first thing that the like button does is it turns the hello world component into another like button. Is that possible. I think yeah. I mean it depends if you're if you're if you're importing javascript. That's just gonna like execute. Yeah like absolutely right. I mean. I think a lot of these like button. Things or whatever from facebook are typically cross origin. I frames in which case like no it. Wouldn't it wouldn't be possible right but like any time you're like taking arbitrary java scripted and throwing it on your page you're pretty much giving you're pretty much giving that script the ability to do whatever it wants. Your page writes a the question is how much do you trust that code wri- reading through it and also is that on demand that you own because if it's not then how much you know what your guarantee that that domains not gonna to end up in the hands of aerobic actor right so i i think those are. That's kind of the the tree of of questions. I think you'd have from a security perspective there. So so this cross s-o-f-i import a like button. It's in across origin. I frame typically. I mean yeah i mean like you know at least back in the day. I'm not sure what they're doing these days. But i mean that's like the facebook like button used to be a a frame effectively that you put on your web page then it was like you know hosted off of facebook server or whatever right and that does give you a really good security guarantees. Because if you're just putting an i frame on your page that is cross origin isolated it. It doesn't have access to actually execute code on the main thread outside of that. I framed on. And that's how we do like that's a big part of how we do our security model with like web container effectively. So is there not a way to post messages to other threats or to communicate messages threats there. Yes and you can use the post message..

nassar facebook dino diaz emmy google
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

08:07 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"You to run unmodified inside of your web browser and the benefits you get with that. Is that one of the things. I mentioned previously superfast etc but you would actually make bugging super easy because now you can actually crack open. Chrome web tools on a webpage actually debugging server side. No j. code right. We're talking about a developer environment. That's actually like a huge boon for like productivity and like you know developer experience. I is like if you're on. Local having to connect to like the chrome debugging protocol for that node process eric center. So kind of across the board browsers have gotten really really really powerful. And there's like more and more types of very sophisticated applications. Now that can actually run in browsers. Where like was not possible before. What's the sand. boxing properties of a web container. Good question. so it's actually the exact same as your browser. So that's like it kind of key selling points of the things that it respects the same kind of cross origin isolation that chrome security sandbox has rights. Like when you open up stack with dot com. You start a a no jazz or next product. Whatever obvious that's actually being entirely limited to that browser tab right which is like very like a huge step function upgrade from a security perspective. And it's actually like stacked what's this business is entirely on now. We actually sell primarily to fortune five hundred companies that are trying to protect themselves against supply chain attacks and also increase the productivity of their developers but by actually moving the dev environment into the browser it actually protects them from if you download some malicious mpm script. It actually can't shell out to the rest of your computer. It's completely isolated to this assembly based container container that we've created that mounts instantly in your browser okay. Let me ask you question if i have code running in a web container or for that matter any of these chrome sandbox environments and i have a react component on my web page can can the can the browser sandbox modified the react component. On my webpage. Can kim the browser sandbox. Sorry i boom asking is basically. Can there be. Is their message passing between this web container or any browser any of these browser. Sandboxes that you're describing. There are the same as web. Container is their message passing between that and and like let's say a react component on your page you can right. I mean i think that effectively the only way to do that is that like we have like a web socket. Api or something like that right. So like in the case of how. I think what you're describing at least can like can that somehow connects like so for example the next application. There's like hot reloading so there's like message passing that does happen via the web. Soccer protocol right. And so in that instance you have a reaction on the front end of that next application in the deb. Deb motor whatever that's talking to the backend code and when they change. It instructs that to load this module what about what about talking to talking to other front code is what i'm saying so like let's say you have. Let's say you have like one react component talking to another react component. They can pass messages between each other if if they're being rendered in the same like web page per se absolutely right. I think i'd i'd have to understand a little more about the use case you're describing. Let's let's good theoretical example. I've got a blank web page. It's blank except for a single react component that says hello world and then another react component that is like you know jeff's malicious react component and jeff's militias react component is just trying to send messages to the hello world reacts component in order to get the hello world react component to change. Is that possible. Oh got it. Yeah so i mean if you if you affectively malicious code that's executing on the same origin or same domain as your code. Yeah you're you're kind of in a world of trouble right so that would be like super bad. Typically the supply chain too. I this time back to the supply chain attacks thing that i've mentioned from a security perspective or like what. What are you probe in on for for this question. So it's kind of a socratic dialogue But like what. I'm trying to ask is like if you have a rogue front component. Let's let's say imported front and component. Let's say literally. I say Like at the top of my react application like whatever it is like import jeff's jeff's malicious like react component from some other place. All you're doing summoning making network call when you when you load this webpage. You're making network call out to jeff's mill jeff's malicious web components dot com and retrieving jeff's militias web component dot j. Or whatever it's hitting the page it's rendering and then you have the hello world component that you wrote yourself what i'm asking is can this militia component the imported interact with the hello world. Oh certainly. I think that that's kind of outside of this. Yeah that's kind of outside the scope of like y like stack bullets necessarily. I'm just i'm just i. This is something. I've been researching alive just kind of curious about it. Yeah totally. it's a real problem so like you know for a lot of large companies. This is exactly why they don't rely on cd and that sort of thing. This is kind of you know. Were i think even things like dino might have a bit of an issue is that there actually is value right to enterprises in particular of like having very hard set origins right where they're going to get packages and nassar thing where they can scan these things about them. Kinda yada yada right but yeah absolutely like what you just described as totally totally a you know. A potential attack factor. You know there's actually been cases of this where you know. There's a cd. Add back a while ago package. You might have heard of it. It's like the cdn for everything. Kinda on mpm. And i think they forgot to redo diaz or something like that but for like a day there is like these pop ups showing up on all the lights having to me yeah turned other some rogue wordpress component. We had one day. We started serving those kind of tebboula kind of ads. That we're like you know. Use worms to reconfigure your hairline or you know can consume consumed gum balls until you can have a reverse mortgage or you know. You won't believe these top ten links for geriatric drug abuse or does it really adds that. Nobody but nobody actually clicks on. And everybody knows that nobody clicks on them but the way that the internet gets paid and we don't really ask question them so these started started appearing on software engineering daily dot com one day. We couldn't figure out which plugging was doing it until we started disabling all the random wordpress plug ins we had. Wow that's that's insane. I mean that's and that's a great example right of like modern software is is. It's surprising its surprising. How how insecure ally. The default sar with a lot of this stuff. And that's kind of been. Why the key things for us over the past five years we've learned a lot about is man. There's a lot of holes in an emmy now over the past year. it's it's become an issue because you have nation states now that are actually funding these attacks..

jeff eric center Deb motor boxing nassar Soccer dino diaz emmy
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

05:39 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"Eric welcome to the show. We were just talking before the show that we actually met five or six years ago. What were you doing back then. And what have you done in. The intervening years led to stack bullets. Yeah this is a good question. I think when we met a back five six years ago so it must have been six actually because at the time. My my co founder and i we were running a company called thanks ter- and it was kind of like plural sites like a subscription model for educational content. We were teaching it full stack web development and it's a bootstrap company and actually the big problem. We ran into with teaching full stack. Web development was not even teaching like react or angular. Whatever concepts is like helping people get their endeavour environments up is actually the hardest part of the whole thing is people be like. Oh my my computer's out of file. Watchers like in react is broken. Reacts not broken your computers just messed up and So the short of it is that we ended up creating ended up being stock bullets which is like an in browser dev environment to solve this problem but it ended up taking on a life of its own. Interest has been growing like a weed sense then. We launched five years ago as of last week and we ended up selling our previous company. And so now. We're working fulltime on stack. Let's sell the education company. Yeah it was actually. It was actually really strong. Kinda glazed over all the worst parts of that because it was like kind of actually a really difficult time because thinks you're was you had a couple hundred thousand students at its peak. That were were using the thing and what's rocketed to a million within like a million users think within a year of us putting online so we're kind of is as a two-man shop we're effectively running to startups. And so we had to choose which one we wanted to focus on full-time unfortunately ended up meeting. A guy named joe teams who one of the top authors at plural site and he actually runs like and a couple other conferences and he actually ended up acquiring. Thanks drew from austin. He's been running it ever since awesome. Well let's get into stack blitz. So actually i guess the place to start is what's going on with full stack javascript development. These days yeah. Good good question. I think there's a lot. I think to to kind of like to kind of step back. I guess it might. It might help for us to to to start with what kind of different about stack bullets versus other online things. Because i think that might kind of set the four online. Id or not really a new idea per se right and day. I think probably the first major cloud nine back in like the early twenty times. There's been a kind of a handful of these. Things sent them up scott codes basis now etc so the key thing that we realized with stack. Let's back five years ago. They kind of blew our minds. When we're running to this problem getting an environment dev environment that'd be reproducible. And not run into issues teaching space tool chains. Where like you know. All these tools that people use for development are written in java script right like web pack and roll up etc. you know. it shouldn't be. Should it be like theoretically possible. Just kind of copy pasta that and like run it inside of the browser itself right and and this is very different from like if you look at code spaces or cloud nine the way that they actually do that computer because they spin up a vm. For every single user who comes to it and they execute the code on some streamed results of that back across the internet right. So it's like you're not actually getting. It's actually a worse experience in a local dab environment. 'cause you're introducing latency to the server someone's got to pick up the bill for that so usually it's not free to sign up there brutally slow and we realized you could actually get this stuff to run neatly inside the browser itself. You'd have all the benefits of a local environment and works off line superfast. There's no latency. there's no cost because it's like a person's you know computers using trinity to actually do the compute work so anyways the short of it is that we kind of had this realization that you know that this might be possible and so fast forward a couple of years and this actually become increasingly the case even in full stack web development. If you look at things like next jay ass they're blending the back end. What would be considered back. Backend code with the front uncover actually writing one code base. And if it's running on a server it's doing you know different sorts of logic throwing on the client knows how to seamlessly request that data in a way. That's kind of transparent you right so you know i kind of pause there but i think that's kind of the big trends that there's kind of this convergence happening in the java script world like what used to be like you know browser only or no gymnasts only or whatever have you they're converging and which is enabling very interesting types of architectures to be possible such as such as the most extreme example is is probably next in general i think for like general ob web application development kind of strikes that mark but if you look at like what we recently rolled out with stock blitz so back in may like what three months ago we actually rolled out. This new technology called web containers were essentially. It allows you out full no jazz containers inside of your browser right. So it's like literally allowing.

Eric drew austin joe scott jay
"simons" Discussed on Software Engineering Daily

Software Engineering Daily

05:39 min | 3 months ago

"simons" Discussed on Software Engineering Daily

"Eric welcome to the show. We were just talking before the show that we actually met five or six years ago. What were you doing back then. And what have you done in the intervening years that led to stack bullets. Yeah this is a good question. I think when we met a back five six years ago so it must have been six actually because at the time. My my co founder and i we were running a company called thanks ter- and it was kind of like plural sites like a subscription model for educational content. We were teaching it full stack web development and it's a bootstrap company and actually the big problem. We ran into with teaching full stack. Web development was not even teaching like react or angular. Whatever concepts is like helping people get their endeavour environments up is actually the hardest part of the whole thing is people be like. Oh my my computer's out of file. Watchers like in react is broken. Reacts not broken your computers just messed up and So the short of it is that we ended up creating ended up being stock bullets which is like an in browser dev environment to solve this problem but it ended up taking on a life of its own. Interest has been growing like a weed sense then. We launched five years ago as of last week and we ended up selling our previous company. And so now. We're working fulltime on stack. Let's sell the education company. Yeah it was actually. It was actually really strong. Kinda glazed over all the worst parts of that because it was like kind of actually a really difficult time because thinks you're was you had a couple hundred thousand students at its peak. That were were using the thing and stack rocketed to a million within like a million users think within a year of us putting online. So we're kind of is as a two-man shop we're effectively running to startups. And so we had to choose which which one we wanted to focus on full-time unfortunately ended up meeting. A guy named joe teams one of the top authors at plural site and he actually runs like and a couple other conferences and he actually ended up acquiring. Thanks drew from austin. He's been running it ever since awesome. Well let's get into stack blitz. So actually i guess the place to start is what's going on with full stack javascript development. These days yeah. Good good question. I think there's a lot. I think to to kind of like to kind of step back. I guess it might. It might help for us to to to start with what kind of different about stack bullets versus other online things. Because i think that might kind of set the four online. Not really a new idea per se right and day. I think probably the first major cloud nine back in like the early twenty times. There's been a kind of a handful of these. Things sent them up scott codes basis now etc so the key thing that we realized with stack. Let's back five years ago. They kind of blew our minds. When we're running to this problem getting an environment dev environment that'd be reproducible. And not run into issues teaching space tool chains. Where like you know. All these tools that people use for development are written in java script right like web pack and roll up etc. you know. it shouldn't be. Should it be like theoretically possible. Just kind of copy pasta that and like run it inside of the browser itself right and and this is very different from like if you look at code spaces or cloud nine the way that they actually do that computer because they spin up a vm. For every single user who comes to it and they execute the code on some streamed results of that back across the internet right. So it's like you're not actually getting. It's actually a worse experience in a local dab environment. 'cause you're introducing latency to the server someone's got to pick up the bill for that so usually it's not free to sign up there brutally slow and we realized you know if you can actually get this stuff to run neatly inside the browser itself. You'd have all the benefits of a local environment and works off line superfast. There's no latency. There's no cost because it's like a person's computers using trinity to actually do the compute work so anyways the short of it is that we kind of had this realization that you know that this might be possible and so fast forward a couple of years and this actually become increasingly the case even in full stack web development. If you look at things like next jay ass they're blending the back end. What would be considered back. Backend code with the front uncover actually writing one code base. And if it's running on a server it's doing you know different sorts of logic throwing on the client knows how to seamlessly. Request that data in a way of transparence. You right so you know. I kind of pause there. But i think that's kind of the big trends that there's kind of this convergence happening in the java script world like what used to be like you know browser only or no gymnasts only or whatever have you they're converging and which is enabling very interesting types of architectures to be possible such as such as the most extreme example is is probably next in general i think for like general ob web application development kind of strikes that mark but if you look at like what we recently rolled out with stock blitz so back in so like what three months ago we actually rolled out. This new technology called web containers were essentially. It allows you out full no jazz containers inside of your browser right. So it's like literally allowing.

Eric drew austin joe scott jay
"simons" Discussed on KQED Radio

KQED Radio

05:36 min | 1 year ago

"simons" Discussed on KQED Radio

"Simons today on one eight the one a movie club reviews the help the twenty eleven drama shot to the top of the Netflix charts as soon as the protest started but the film has been fighting waves of backlash since it came out with many saying it's a white savior story that does more harm than good and if the help isn't helpful what is we ask our panel of film critics what movies they recommend listeners turn to the first he's been called the busiest man in America today Dr Anthony Fauci makes time for you and your questions that's all ahead on one eight live from NPR news on Giles Snyder president trump has signed an executive order on policing the move Tuesday follows weeks of national protests after the death of George Floyd to Minneapolis he orders aimed at encouraging best practices in tracking officers with excessive use of force complaints Democrats though say the order and legislation Senate Republicans are putting together do not go far enough the democratic led house is repairing more far reaching legislation meanwhile the New York police department is disbanding some of its anti crime units of plainclothes officers and reassigning those officers from member station WNYC in New York yes being con reports roughly six hundred officers are assigned to these units they're supposed to be proactive in addressing crime like getting guns off the street but police watchdogs say the units are overly aggressive especially in communities of color they're responsible for a disproportionate number of shootings and for years an increase in illegal street stops police commissioner Dermot Shea call disbanding the units a way to help and an era of stop and frisk and he says bringing down crime requires collaboration with the community legal advocates one officers from these units to be retrained before starting their new jobs the NYPD will maintain the anti crime unit for the transit system for NPR news I'm Yasmine Khan in New York Albuquerque mayor Tim Keller says militia groups such as the one blamed for violence at a protest last night that left a demonstrator shot or trying to prop up white supremacy his comments came at a Tuesday news conference after crews removed a statue of a Spanish conquistadors the center of the violence was horrific unacceptable act of violence this is something that despite all of that dialogue should never happen not for us despite the peaceful and meaningful visual that occurred before us smaller group remained very different tensions this kind of violence has no place in Albuquerque police say the man who was shot remains in critical condition a failed this city council candidate has been charged with aggravated battery with a deadly weapon the US and Canada will extend the ban on nonessential travel between the two countries it's been in place since March Emma Jacobs reports Canada's prime minister confirmed the continuation of the unprecedented measures speaking outside his home in Ottawa this morning prime minister Justin Trudeau said the border restrictions instituted to control the spread of covered nineteen will now remain in place until at least July twenty first this is an important decision that will keep people in both of our countries safe Canada made changes earlier this month to allow immediate family members of Canadians to cross the border the agreement has also exempted workers transporting goods and essential employees in sectors like health care and agriculture for NPR news I'm I'm a Jacobs in Montreal and this is NPR news the trump administration is suing former national security adviser John Bolton in a long running dispute over Bolton's memoirs the lawsuit seeks to block publication of the book about Bolton's stint of president trump's national security adviser the administration claims Fulton did not complete a pre publication review to ensure the manuscript does not contain classified material publisher Simon and Schuster though calls the lawsuit the latest in a series of Everest across publication of a book that the administration deems unflattering of the president a new study suggests chemicals to keep common products from catching fire may be unnecessary NPR's Rebecca Hersher reports exposure to the chemicals can harm human health or dental halogen and organic phosphate chemicals help keep plastics from catching fire but the chemicals can also disrupt people's immune and neurological systems and increased cancer risk a new study by researchers in California and Germany looks at the relative benefits of the chemicals compared to the risks and finds that manufacturers of common products conceivably decrease their use of the chemicals the authors suggest that a rise in smoke detector used and fewer people smoking cigarettes in their homes make the chemicals less necessary to prevent fires the consumer product safety commission is currently reviewing whether to limit or ban some types of such flame retardant chemicals electronics baby toys and other products Rebecca Hersher NPR news the major financial markets in Asia are mixed in Wednesday trading after Wall Street posted gains for a third straight day following government data showing retail spending was stronger than expected in may this is NPR news support for NPR comes from NPR stations other contributors include quicken loans rocket mortgage by quicken loans is committed to their clients team members and communities resources for people experiencing financial hardship are available online at rocket mortgage.

Simons
"simons" Discussed on C-SPAN Radio

C-SPAN Radio

02:06 min | 1 year ago

"simons" Discussed on C-SPAN Radio

"Name is Sheri Simons good to see you thank you for coming to Seattle I love being in Seattle when you were nominated I love this already what we look for in a running mate so I got to say there are some really good choices out there well well I only know but it would be presumptuous at this moment to talk about it but what I can do is describe is that okay we're not going to name but a lot but I will describe and that is I want a partner in this fight that's it I'm not looking for a political balance or on this part of the country or that part of the country we're in a fight and this is tough look what we're we are inclined you know the thing that scares me the most is every time the scientists go back and collect more data the problem is worse than we thought it was and we have less time than we thought we did we thought to be in these fights all the way our children can't put off their pre K. for another three or four more years we got to be in the fight to liver first straight early childhood education for our babies the urgency of the moment is upon us so what I want is I want a vice president who's going to be there shoulder to shoulder with me someone who believes someone who is willing to fight and while I'm at it while I'm at it because I think you have a right to see this I'm not only thinking about vice president I just want to mention a couple of others I will have a secretary of education public here's a shocker thank you patient actually believes in.

Sheri Simons Seattle partner vice president secretary