Chester Wisniewski's nakedsecurity describes Wisniewski's specialty thus: "He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics." So he's obviously someone who might know a little about preventing future Target-style security debacles. We've also interviewed tech journalist Wayne Rash about this topic, and will probably interview another security expert or two. Many Slashdot users may find all this credit card security talk boring, but for those who handle security matters for a living, especially for retailers, it's vital information. So here's Tim Lord talking with Chet, who is a recognized security expert for Sophos, one of the big dogs in the IT security field, when Chet was in Texas for the latest iteration of Security B-Sides in Austin. (Alternate video link.)

This is a conversation with Frank Muscarello, CEO and co-founder of MarkiTx, a company that brokers used and rehabbed IT equipment. We're not talking about an iPhone 3 you might sell on craigslist, but enterprise-level items. Cisco. Oracle. IBM mainframes. Racks full of HP or Dell servers. That kind of thing. In 2013 IDC pegged the value of the used IT equipment market at $70 billion, so this is a substantial business. MarkiTx has three main bullet points: *Know what your gear is worth; *Sell with ease at a fair price; and *Buy reliable, refurbished gear. Pricing is the big deal, Frank says. With cars you have Cars.com and Kelley Blue Book. There are similar pricing services for commercial trucks, construction equipment, and nearly anything else a business or government agency might buy or sell used. For computers? Not so much. Worth Monkey calls itself "The blue book for used electronics and more," but it only seems to list popular consumer equipment. I tried looking up several popular Dell PowerEdge servers. No joy. An HTC Sensation phone or an Acer Aspire notebook? Sure. With price ranges based on condition, same as Kelley Blue Book does with cars. Now back to the big iron. A New York bank wants to buy new servers. Their old ones are fully depreciated in the tax sense, and their CTO can show stats saying they are going to suffer from decreasing reliability. So they send out for bids on new hardware. Meanwhile, there's a bank in Goa, India, that is building a server farm on a tight budget. If they can buy used servers from the New York bank, rehabbed and with a warranty, for one-third what they'd cost new, they are going to jump on this deal the same way a small earthmoving operation buys used dump trucks a multinational construction company no longer wants.

In February, 2013 Computerworld ran an article titled A new way to sell used IT equipment about MarkiTx. The main differentiator between MarkiTx and predecessor companies is that this is primarily an information company. It is not eBay, where plenty of commercial IT equipment changes hands, nor is it quite like UK-based Environmental Computer, which deals in used and scrap computer hardware. It is, rather, the vanguard of computer hardware as a commodity; as something you don't care about as long as it runs the software you need it to run, and you can buy it at a good price -- or more and more, Frank notes -- rent a little bit of its capacity in the form of a cloud service, a direction in which an increasing number of business are moving for their computing needs. Even more fun: Let's say you are (or would like to be) a local or regional computer service company and you want to buy or sell or broker a little used hardware. You could use MarkiTx's price information to set both your buy and sell prices, same as a car dealer uses Kelley Blue Book. We seem to be moving into a whole new era of computer sales and resales. MarkiTx is one company making a splash in this market. But there are others, and there are sure to be even more before long. (Alternate video link.)

What happens when your oven is on the Internet? A malicious hacker might be able to set it to broil while you're on vacation, and get it so hot that it could start a fire. Or a prankster might set your alarm to wake you up at 3 a.m. - and what if someone gets access to the wireless security camera over your front door and uses it to gain access to the rest of your home network, and from there to your bank account? Not good. With the 'Internet of Things' you will have many devices to secure, not just a couple of computers and handheld devices. Timothy Lord met Mark Stanislav of Duo Security at BSides Austin 2014, which is where this interview took place.(Here's an alternate link to the video.)

This is wide-ranging interview with Dev Patel and Poulomi Damany of BitYota, an Analytics as a Service startup that works specifically with MongoDB. Open Source? Not yet. But hopefully soon, they say. And why should an IT person or programmer care about marketing-oriented analytics? Because the more you know about functions in your company besides IT (such as finance, investor relations, and -- yes -- marketing), the more valuable you are as an employee. Dev also mentions the two main things he looks for when recruiting for BitYota: "One is intellect, and the other is attitude." He points out that this is not true merely of BitYota, but of any strong startup. This is all good information for any job-seeker hoping to land a spot with a startup -- and for anyone who is happy with where he or she works but hopes to earn promotions and raises, too.

It goes up, it goes down, it goes upside down and keeps on flying. We're talking about Curtis Youngblood's latest quadcopter prototype, but as his website says, "Curtis has been flying and competing with RC Helicopters since the early 1980s and is a Multi-time World Champion and Multi-time 3D Champion." This lucky dog has managed to turn his hobby into a business; he makes and sells radio controlled helicopters -- not the $60 ones from Harbor Freight, but sophisticated aerial beasts that can carry still and video cameras and could easily be used as short-range drones, except that these are hobbyists' toys -- for hobbyists who can afford to spend hundreds and even thousands of dollars, anyway. There are plenty of quadcopter kits on the market for lots less than Youngblood's creations, along with build-it-yourself guides. But these won't fly upside down. For that, you need variable-pitch rotors and sophisticated control systems. "But what about 3-D printing?" you ask. Of *course* you can use a 3-D printer to make a quadcopter. That was an inevitable development. Here are open source instructions for building one. Enjoy the ride!

RSA holds big-time annual security conferences. The 2014 U.S. edition had 25,000 attendees, Stephen Colbert as the closing keynote speaker, and a major controversy (and some anger) from potential speakers and attendees over RSA's reputed $10 million contract with NSA to make sure the company's encryption software had back doors the secretive agency could use to spy on people and companies that use RSA software. This is part of a story that might be called The Snowden Revelations if it is made into a movie, but right now it's still controversial, and enough of a bombshell in the IT security industry that F-Secure's Mikko Hyppönen decided not to speak at this year's U.S. RSA conference, followed by Bruce Schneier, DEFCON founder Jeff Moss, Princeton professor Ed Felten, and other security luminaries.

And so, TrustyCon -- the Trustworthy Technology Conference -- was born. It was a sellout, with 400 people attending at $50 a head, and another 300 on a waiting list who couldn't get in. Slashdot's Tim Lord managed to get in, and got to speak briefly with several people there, including one of the TrustyCon organizers, Joel Wallenstrom. These were crude interviews, done on a "catch as catch can" basis, and the sound in them is poor. (Google sent a camera crew and shot over seven hours of the conference speakers, which you can watch on YouTube if you want to view TrustyCon presentations in good HD with great sound.). Will there be another TrustyCon next year? According to The Register, "The conference organizers said that, at this point, the plan is to hold another get-together next year, but that a final decision will be made closer to the time."

The intro to our first video interview with Pwnie Express 'Founder and CEO and everything else' Dave Porcello back in 2012 started with this sentence: 'Pwnie Express is a cute name for this tiny (and easily hidden) group of Pen Test devices.' They have more tools now, including some they've released since we mentioned them and their (then) new Pwn Pad back in March, 2013. Now they're working with Kali Linux, a distro built especially for penetration testing (and formerly known as BackTrack). In this video we have Tim Lord chatting with Dave Porcello about recent Pwnie Express happenings at RSA 2014. (If you don't see the video below, please use this link.)

The QuintessenceLabs website doesn't mince words when it comes to self-promotion. It boasts that they are "The world’s first company to harness the quantum properties of lasers to herald a new generation of data security." InvestCanberra says, "the defense and security policy and procurement centre of Australia is the natural location for large conglomerate defense and security corporations and specialist cyber security, advanced communications and radar, ICT and surveillance businesses alike," and goes on to list QuintessenceLabs as one of several "locally headquartered companies that have grown into internationally successful organizations."

Here's another statement taken from the company's website: "QuintessenceLabs is the first in the world to exploit a new generation of quantum cryptographic technology which enables unbreakable, secure storage and communication of sensitive information through the generation of an ultra-secure cryptographic key." Unbreakable? That's a strong boast. Is it true? And even if it's only partly true, your upper management may call on you to explain (and possibly implement) laser-based quantum security, so you need to know what it is and how it works -- and whether it's something your company (or your client companies) need.

There is this guy, Eric Holscher, who has been doing FOSS development for quite a while. He's been on GitHub since 2008, and got involved in Gittip not long after it started in 2012. Not long after that, Eric started thinking about how open source software developers have all kinds of conferences and have many communities they can join and learn from each other, while those who write documentation, especially for FOSS, typically work all alone in a vacuum.

So why not have a conference for documentation writers (and developers who want to hook up with writers who can help them make high-quality docs)? Don't limit it to FOSS, but make sure that's the emphasis. Call the conference 'Write the Docs' and have the first conference in Portland, Oregon, in 2013. Which is exactly what Eric did. A year later, a second 'Write the Docs' conference is scheduled in Budapest (Hungary) at the end of March, and the next Portland conference is set for May 5.