As a 30-something who read /. in the early days but had no experience to comment from; I had linux 3.5" floppies from bootleg books I got in NYC, the nearest LUG was over an hour away, I could read code but hadn't written any yet. Why comment when I knew how out of touch I was? Eventually registered this UID because my main net name was taken (maybe I did register from one of those long lost 'free pop3 accounts") and used a new persona I had just created for anonymouse purposes.

It takes special skills to program? Maybe if you are doing some rather complex operations, but in the same regard I wouldn't want to re-gear the transmission or rebuild the engine of a car while I'm perfectly capable of customizing other aspects of a vehicle. Programming is the same way, someone can be capable of doing something they want to do (run a website and manage the database; or script their everyday crap into a few lines of code) without being 'an uber hax0r' who understands OS theory at the assembly level and capable of dealing with the full range of network security threats.

Mythologizing programming is what leads to the nephew who knows a little html being assigned as the head of IT; after all that little html takes all that programming knowledge!

And since your opinion of other programmers is so low:

Even most programmers who program for a living suck at their jobs, and I don't expect someone who's not serious about it to be any better.

might I suggest that the D-K effect is in full show and, on behalf of all coders, hackers, code monkeys, keyboard jockies, and everyone who's ever touched a computer, may I ask, beg, and plead, that you to please never write another line of code again.

Did you read their instructions? My parents use Thunderbird for email, because it's what I recommended for them. I decided to test on my clean box (browser only for the most part) and see how fast I could get my email, encrypt it with Enigmail and GPG, generate and upload a 4k key, and send out a signed email. Less than 10 minutes, most of that was waiting for the download because I've got torrents running elsewhere. With TBird installed, it was a few seconds to install GnuPG, a second for Enigmail, and less than a minute for me to get a key. The instructions walked through how to upload keys to any of various key servers, and sent off an email to my parents to see the same infographic and instructions on how they can and should do the same thing.

Sure, it used to be all command line tool with no GUI, that was only usable by *nix geeks; no longer. The plugin is all built into TBird or your email program of choice's plugin system, and has a GUI that is just a few clicks away. Sure, it won't work on webpage email systems yet; if that's what you rely on then you have some valid complaints against the email provider and not against encryption.

Why not? Assume, for discussion, a malicious compiler. It looks for common code used in encryption and changes parts of the code (see Reflections on Trusting Trust). Identifying the keys should not be that hard with known algorithms, so go for that. Then just replace all keys with 0xDEADBEEF or another known pattern of bits. Viola, encrypted data that can be opened only with code compiled via the corrupt compiler, or by the attacker who knows what bit pattern was used.

This would also be why verifying that TrueCrypt 7.1 could be compiled with a known compiler and certain settings to get a binary with the same fingerprint as the one distributed. The binary distribution could have been corrupted intentionally or by a malicious compiler.

And for compiling something like a basic C compiler, one could feasibly write their own using ASM from a base of something like CC500 (a 600ish line C compiler). Use said custom compiler to build something like PintOS (full code review possible by one person, I had to do so in collegiate OS courses) on a micro that is running nothing but your compiler from a RS232 port that you are monitoring with a logic analyzer (to watch out for stray data from the 'host' computer at this point). This gets you up to OS and compiler on your chip and board of choice, though you may need a bootloader. From there, you could compile the rest of a known tool chain, like GCC and all it's accompanying tools; if you've reviewed them satisfactorily.

As for trusting your hardware: good luck, you'll need it. Even if you can get a copy of the lithos used in producing your chip, you will have just a statistical analysis of the chance of a spy in your chip. Since you can't just decap and dissolve the layers to make sure. Perhaps with the lithos in hand you could get custom made chips, but that's not going to be any 'big iron' like an x86-64. So you've shifted the needed trust down to just the silicon (and microcode if needed) that are comparatively harder for an individual to make on their own. I suppose you could mimic the CPU on an FPGA or PLC, but you are back to "trusting trust" that the compiler didn't recognize something and stuff it in the binary.

It still amuses me that the shift from analog devices to digital shifted where the specialization was required so drastically. A 555 could be built from a handful of discrete components (resistors were just long lengths of wire, capacitors were just two plates with a gap, and diodes were whiskers; transistors were the exception), but programming analog devices was considered a black magic art. Now, with IDEs and reference books most people can write some code if they sit down and follow a book (like building a crystal radio from a kit back in the "before my time" days) but building the hardware at the most basic level (logic gates on silicon) is magic beyond all but a few.

So what if there is? Assuming that your organization did audit 7.1, and found no problem, what makes it a risk now? Sure, you wouldn't want to migrate to 7.2 in a years time, and any fork from 7.1 would require a new audit; but I would hope that if you put that much effort into it that you would audit 7.2 internally or any further fork version as well, which would leave you with either a 'this is clean' or 'this is fishy' answer.

I don't doubt that many large organizations are looking at directions to migrate, since the 7.1 public audit won't be done for a while and the security of even the old version is thrown into question (and a cursory audit by even crypto pros can miss things) so the lack of trust seems obvious. I just don't understand the sudden increase in lack of trust when compared to "hey, this code by two guys we don't know provides some pretty heavy encryption that takes a Ph.D. in maths to understand and check." I do, however, understand the need of a large corporation to plan future migration, and that knowing what you'll be using next year or in 5 years is important, and the audit of 7.1 might not be finished or may turn up flaws by then. It's the short term trust change that I don't get.

Would you care to elaborate? The audit is by a third party, their trust could be verified; perhaps easier than trusting the unaudited TrueCrypt. Why is an audited 7.1 a security risk?

If it is a NSA/NSL canary, then the devs are restricted in what they can say about why they are abandoning the project. The logical choice, and the easiest lie to remember, is that "we are just tired of developing it."

Which, unfortunately, is also the same exact thing they would say if they were just giving up on developing it. So the only real clues are the content of the current web page, and the changes made to the new 7.2 TrueCrypt. That they suggest using BitLocker without a TPM chip (I never thought I'd be suggesting the use of a pre-made TPM chip; honest) and that the solution involves upgrading to the pro version of windows . . . it doesn't pass the smell test. Serious crypto guys wouldn't suggest those tools when drunk, much less just because they are quitting.

As for "we don't know who the people who 'verified' the canary are" . . . that's another part of those nasty NSLs. If the people who knew the canary were close enough to the project, they would be subject to the NSL terms and silenced. It makes sense that a good canary is one that only one or two people un-connected to the project know about. If, for example, the devs put a big dead yellow bird on their webpage, it would clue us all in, but it would also violate most of the "shut up or else" clauses of a NSL. So, the devs may have prearranged a few phrases, told one of X to Y different people who knew each other but had little to connect with the devs, and then hoped they could get some Z phrases (Z

Assumption made about NSA and USA NSLs. Could be the same thing from other governments, or the threat of having their family killed by mobsters. The cause doesn't matter as much as the result, which is that 7.2 looks very fishy and we all avoid it.

Wasn't there already a hole poked in the BICEP findings, like a day after publication? Something about not accounting for the possibility that their findings were evidence of post expansion gravity polarization, not pre-expansion...or something like that. I recall that the consensus was still "this is super cool observation and probably right, but the Nobel hangs on that tiny detail."

I appreciate the offer, but the 5 time zones make that a difficult trip. But if I get another job offer in the UK, then expect a new member. For just gossip, if you have a web presence (usenet, forums, etc) I'd be interested.

It probably was. But the modern method of sterilization that work even heat-insensitive bugs aren't easy. An autoclave could be constructed, but ethylene-oxide and the means to store sterilized goods for any period of time aren't so easy.

Butane torch (or methane/methanol from brewing), or a small sealed container in a wood oven at about 200F for a short time would heat the solder to the melting point. Sure, 200F is a ways away from the fire of a hot oven, but it's achievable. To re-solder the pieces, rosin from pine + tin/lead/silver from metal work (or saved from desoldering work) and the same hot oven box or a torch and a heat sink like a solder iron tip or screw driver. Heat tip, touch pad, repeat. BGA parts would be a beast, but who's going to need many of them?

I started my hobby at the other end of the fabric spectrum. I can weave bobbin lace, make nets, and crochet and tat lace (knitting eludes me), Basic metallurgy and small foundry construction, and low power electronics (if it can be powered by a lemon and metal, or a chain->magnet+wire) for data storage (picture wiki on a raspi, pedal a bike until you are done with your research!). And growing spices, as well as preserving them. We might need an economy to get started, but we could team up and kick ass.

As for reproduction issues that you bring up, rubber trees. Synthetic latex may not be available (i don't know how easy it is to make) but natural rubber (and the rubbers one could make with it) would still be around. But with out modern medicine, and the inherent increase in infant mortality rates, I don't foresee that being an issue for many people. To protect a woman, sure. To prevent the chance of becoming pregnant before safe, sure. But after they are safe and want to have kids, I'm not sure that birth control would be an issue. After all, each couple should have 3 or 4 kids (childhood and young adult mortality rates) just to keep populations stable, and to do that a woman might need to give birth to 10 babies. Scary, but I came from families that had that problem not even 70 years ago; without antibiotics and an OB-GYN and sterile tools, we'd be looking at rates similar to the worst periods that we humans have survived.

Seriously, it starts with "checks to individuals" and makes the firsts 38% of those Medicare/caid and ACA. Those checks aren't going to individuals! I never see a check from Medicaid, the doctors I go to might but it will be made out to their billing service. The check never goes to the hand of a single person! 21% is 'poverty programs' which, again, other than SSI/SSA don't go to individuals. Food stamp funding goes to the state, and the state disperses it; same as Medicaid actually.

So that's a chuck that doesn't make their numbers add up. Now they don't explain how they get that 0.5% of the budget goes to the top 1% of wealth. Could be as . . . . anything given the games they are playing with the other numbers. Sure, 10 billion is upsetting, but that's just a small chuck of the budget. Does it go to them as Medicare? Is it part of the various subsidies (farm, corn, ethanol, solar) that happen to be run by those people? What's the math? This is important since they blow so many other details.

Some are meal replacements (like high protein and fiber ones) while others are meal supplements. Check the calories and protein and all the rest, if it's not about 30% of the DV then it isn't a 'meal'. I've lived off a few of them for a few days (intestinal surgery sucks: liquid only for a few days, clear liquid for 2 days with the nastiest antibiotics...) but I really don't recommend it. I suppose that with the right gelatin & oil based multivitamin you could get by on them. But it's cheaper, if you don't worry about sodium, to grab a $0.99 microwaveable meat+starch+vegi frozen food (pot pie, sandwich, pizza, whatever) and then use the meal replacement shakes as a supplement to round out what the other food doesn't get you.