Because TrueCrypt is abandoned with nobody really able to prove they own it, other than the people who have the Authenticode and PGP/gpg keys, it just might be that their licenses are not enforcable, and the code might be essentially public domain.

However, all it would take is one person or organization suing people, with some "proof" (no matter how unsubstantiated) to cause a lot of hassle in the court system, and this would not just affect the TC successor, but possibly the users as well.

It would be expensive, but I've wondered about starting from scratch with a clean room set of code that is functionally identical, or if there is F/OSS code from a relevant project, using or forking that. This way, some party doesn't step out of nowhere and start suing people in large quantities because they have some random signed statement that they have copyright ownership of the code.

All and all, I also think it might be wise to merge projects. CipherShed + OTFE, for instance. This way, there is less duplication of effort, and more work can be done getting it to work on more platforms, as well as getting the code audited and vetted for security by people who know what they are doing.

Cool, they have en_RN as a language choice, like in RedHat 5.x? (Not RHEL... RedHat.)

People should be moving to 2FA anyway as a general rule. With the fact that breaches and thefts of the entire password hash database are becoming the rule and not the exception, it is wise to not just have that single form of authentication be the only thing between your stuff and an attacker.

On the server side, what would help is a specific appliance, similar to a HSM that stores private keys, but dedicated for authenticating ID/password tuples [1]. The database stays on the device, and only ever leaves via a SD card slot [2] or gets replicated with another device. Authentication is done via protocol of choice, and the device itself handles the password comparison and returns the value. Timeouts can be placed in as well, so if someone is trying to brute force a user account, it would just return "no" for everything until the timeout expired, or perhaps a timeout message.

With a device like the above, a blackhat may be able to get everything else, but the hashed DB table is still not theirs, barring physical compromise.

[1]: It doesn't have to be username/password, but some unique identifier like a Windows SID so if the user changes their handle, E-mail address or other info, authentication can proceed as normal.

[2]: Not a USB slot since USB devices can present themselves as a lot of things. A SD card can be used for other things, but explicit drivers are needed. To boot, SD cards reserve a portion of their space for encrypted data.

Maybe I am just cynical. I personally prefer the idea of a "better shut things down NOW, as this battery may be going ka-boom", but I wouldn't put this past most companies.

Even in the enterprise, some makers of SANs have cache batteries that have to be replaced... and the gauge isn't the battery life, but just a rough calendar, so I wouldn't be surprised to see more shenanigans done to force people to buy more batteries than devices.

I hope you are right. I am jaded about this, and have a feeling that this technology will be used as another way to keep people on the upgrade treadmill for devices, even what they currently have is still usable. I also wouldn't be surprised to see device makers tie the fail warning to battery age as well, as assurance that nobody will use their older models of cellphones or tablets past 2-3 years. I hope I'm wrong, but I wouldn't be surprised if I see the fact that battery age be slipped in to the fact a battery is rendered inoperable. Some printer companies did it with their cartridges, so that even ones out of the packaging were expired due to date/time and were inoperable.

If not blocking charging, the device maker could just have the device hard-shutdown and refuse to turn on if this comes up. It won't protect against stupidity... but it will be purchased to make the lawyers happy, and that rendering batteries inoperable earlier on means a nice revenue stream. In fact, it can be the case that replacement batteries are not sold, forcing consumers to have to buy a new device (under the excuse that the battery and electronics are so precisely matched that they cannot be separated.)

Not sure how much this will benefit the end user. Yes, not having explosion prevention is nice, but for the most part, this is a nonissue. Another line of defense might make things a tad safer... but in reality, this pre-fail technology will be used for boosting the replacement battery revenue stream.

That is exactly what will happen. If device makers don't use this technology somehow, they will be sued when someone leaves the device in an extremely hot area such as on the dash of a black car in 100 degrees F (~38 degrees C) and it ruptures, or someone tries "wave charging" their device as per a "friend's" advice on /b/.

We will see this technology get widespread adoption not because it benefits the consumer in any way... but it allows for more batteries to be sold, similar to how the chips on ink cartridges that disallow printing cause more printer supplies to be sold.

Very true. I'm reminded of one vendor that as part of the contract got their own direct connect to company LANs in order to directly service/support their software. I always worried that all it took was some compromise on the vendor's side, and it was a big gaping hole that could be easily nailed. The vendor was pretty much protected (part of the software contract), so if they got hacked, it was pretty much game over.

I did stick in a firewall though. The vendor had unfettered access to their machines... but no unrelated boxes, and their machines were also sectioned off. However, it was like putting a bandaid on a bullet wound, because of all the things their software touched.

Point of sale systems are not rocket science. We had better quality of code when game companies made Playstation 1 CDs (as they could not be updated, so what was released was it.) It might just be time to return to that finished quality of code... but still have an update mechanism. An update mechanism that requires not just signed firmware, but someone physically pressing a button (so the software can't be remotely updated.)

I wouldn't blame the IT staff. A lot of places have PHBs that feel that security has no ROI, so give token (at best) funding to security.

As it stands now, most companies will not suffer much even with a critical breach. PCI-DSS3 is only for the little guys, and HIPAA, SOX, FERPA, and other regs are lightly enforced if that. The people who suffer are end users, and that doesn't really matter.

Even with a good security staff in place, there is also the fact that you can't win a war with just defense. Ultimately, a network similar to SIPRNet or NIPRNet is needed, something that is not part of the Internet and has defense both by a centralized party, and at the endpoints, where machines communicating with each other is prearranged beforehand to minimize the damage of what a compromised box can do.

Sears, last time I checked was a definite IBM AIX shop with the point of sale terminals being a tad more than IBM 3151 VTs, except with a credit scanner and cash drawer. Is K-Mart on a different system, or do both Sears and K-Mart use the same POS these days?

Malware on Windows is one thing... nailing AIX systems actually would be an accomplishment.

Tragedy of the commons.

I see this during the weeks that there are festivals in Austin. People camping tables at local cafes, not ordering anything, but using the wireless network for Netflix, with an occasional uTorrent downloading a movie to watch later on.

One coffee shop here in Austin chucked their Wi-Fi because the tables kept occupied with people who didn't even at least buy a drink. As soon as they stopped doing that, their business went up, since they had paying clients again.

Another place turned off their APs from 11 to 1, and again, their business is booming.

If I had a shop, I'd have a Wi-Fi system that would use one time passwords (doesn't have to be extremely secure... something like AOL's old system with two words and a hyphen between them is good enough) which grant the user time, as well as a block of bandwidth. These would be free of charge with a purchase. This way, if someone wants to download a 22 gig BD-R rip, they can... but they will be making a lot of purchases. Elaborating on this, there could always be two tiers, one paid for with the one use password, and free... so people who made purchases would have higher precedence than the person who is at work, but whose laptop is in their car in the parking lot with a terabyte torrent chugging away.

It gets worse when you go RV-ing, to the point where a device with tethering or a personal Mi-Fi-like device is an absolute requirement. There are just too many people who will clog up a RV park's Wi-Fi, making it unusable for everyone else. Plus, for decent Wi-fi, it is expensive... and RV parks don't make that much money per square meter of space relative to a hotel or coffee shop.

The ironic thing is that even in rural Texas [1], even the coal rollers think that Teslas are extremely useful and hope that eventually the company would make a one ton pickup truck. It would make life nice for a number of reasons:

1: A lot of ranch vehicles tend to go a long distance, but get parked near the same spot at night, so an electric charger is useful.

2: Trucks need torque at 0RPM. Electric motors deliver here in spades.

3: Welders and other tools are needed. Having a heavy duty inverter and the ability to use the battery bank for powering an air compressor would come quite handy.

4: Electric motors need a lot less upkeep than a diesel engine. No pee cans, no DPFs, no EGR valves, air filters, oil filters, just very minimal maintenance required.

5: They use no fuel when stopped/idling, other than to keep the vehicle electronics going and the climate control system.

6: They are quiet.

7: An electric motor can sit indefinitely without worry about fuel turning to sludge (in the case of gasoline) or getting algae in it (like diesel.)

8: No exhaust.

Electric cars are like solar. Both sides, be it the hippies or the banjo country types understand how useful the technology is or can be.

We can solve that problem when we come to it. Right now, on a medium to long term basis, the goal is reducing greenhouse gas emissions, as waste heat is far secondary from the heat trapped via CO2, methane, and other gases. Waste heat can be an issue, but a society that will run into issues with it will have a lot better technology than what we have now, and could solve the problem. Right now, our civilization is in peril because of the burning of fossil fuels, and the conflict that obtaining access to them causes. Once pissing contests for oil wind up in the past, civilization can actually advance, and face challenges like having the problem of waste heat actually be an issue.

Costs are a big issue, but the problem with fusion is getting more energy than is put in... and keeping that reaction sustained indefinitely. Yes, one can get energy out, and sometimes more energy out for a brief bit with a tiny gold-plated capsule... but there is a huge jump from pulverizing a mini-nugget with a big boom to having a reactor that you can turn on, and let it power stuff on an indefinite basis. Same difference between an explosion from TNT and the small, controlled explosions pushing pistons down in an IC engine.

In the TFA, supposedly their dynomak [1] actually does a sustained reaction, but the key is how sustained. Even at a couple kilowatts, if it can just sit there and act as a steam turbine, it will power a UPS for a long time. Scaling up to megawatts is where it solves the big problems, because it can power desalination plants to keep California habitable and other things which are energy/cost prohibitive as of now.

As always, I hope this succeeds. Energy is money, and the more energy available, the more a country and a people can do.

[1]: Is it that different from a tokamak which have been in use for decades?

Isn't gathering, indexing, and trying to find heads/tails of data what Splunk is designed for? It is a commercial utility, and not cheap by any means... but at least this is one software package meant to sift through and generate reports/graphs/etc on stuff.

Disclaimer: Not associated with them, but have ended up using their products at multiple installations with very good results (mainly keeping customers happy with a morning PDF report that all is well, with the charts to prove it.)

I'd rather not punish the individual worker. They are here to try to eke out a decent living, improve skills, and generally try to fit in.

If I had my say, I'd dispense of the H-1B program entirely, and convert them into work visas or permanent resident cards. That way, the H-1B system which is an abomination is tossed, while the individual people who are here are not punished.