I keep seeing things with several regular screws and one a funky type (security torx and such), If they want to make it tamper evident, put a dot of acrylic on the screw,

Then there's clips that will snap together to make a tight fit exactly once. And of course the stupid plastic rivets.

I have no idea what devices you are seeing.

It's actually a good strategy for MS, I think, and I believe Ballmer screwed up by not following this strategy.

For other companies, it only works in the short term because their competitors win in the long term because without good employees, the company can't develop new products. However, for MS, this just isn't a concern. They're a monopoly in many markets, especially in business software; companies aren't going to suddenly stop buying Windows, Exchange, Office/Outlook, etc. MS can milk their existing customers for a couple of decades I think, and could easily jack up prices greatly.

I think MS (and their products) will get worse before this gets better.

Doesn't matter, people will still buy MS products no matter what. Businesses aren't going to wean themselves from MS's enterprise software anytime soon. This was a good decision: the research efforts were costing money which wasn't being made up in new sales.

MS's best course of action is to cut out as much R&D as possible and other bottom-line costs, and then try to extract as much money from existing customers as possible by jacking up prices. Thanks to their monopoly position in several markets, this shouldn't be hard.

IIUC, this is not a survey of the *level* of sexual assault, but of the rate. And if the sample questions quoted above are typical, then I'm surprised that it isn't higher.

OTOH, the questions that were listed above (in the discussion about poorly worded questions) don't distinguish between a bit of uncomfortable humor and forcible rape. One presumes that actual criminal activity is rare, but this isn't evidence of that.

That said, in groups that are predominantly male and relatively isolated from external contact, one might expect that undesireably agressive sexual behavior would be relatively common. The real question to me is how moderate is the degree of undesireably agressive sexual behavior. (The rate would be interested *IF* coupled with the degree.)

That's a really good point. But I guess they could just disable bluetooth. I'm starting to wonder if today's Apple is as incredibly stupid as Sony was 10-15 years ago. Though, Apple might actually be right: the people who buy Apple stuff are such sheep they, unlike Sony's prospective customers a decade ago when they tried to push proprietary audio formats, might actually buy into Apple's proprietary junk.

No, we can't use TrueCrypt in the name. The license terms are clear about that. We're trying not to use True, and we have been told that it would be best not to use Crypt, though I think that's going a bit far.

IronCrypt is a good suggestion. It is fucking squated. God I hate squatters. Worse than lice or ticks.

This is not correct. Each individual file in TrueCrypt has a clear copyright notice at the top. Every file with any E4M license will be replaced from scratch. After that, we'll do the files that have TrueCrypt license, though mainly so we can migrate to a better FOSS license.

Some people post warrat canaries, but I stopped. Our current defense strategy is having developers around the world. Also, we have weekly voice meetings that are hard to fake, and enable us to know we're dealing with the same person each week.

Personally, I've boning up on skills for finding weaknesses in crypto code. I just did a 2-week marathon of being a huge a-hole over at the Password Hashing Competition. Telling people why you think their algorithms are not secure does not make you popular, but I have to admit it was fun. Applying the same sort of analysis to TrueCrypt makes me want to set my hair on fire.

TrueCrypt's saving grace is that it is not an on-line app. Even in the first "rebranding" release, we're removing it's tendency to ping the Internet whenever you click on a help button. If an attacker could hack the volume data, for example, he'd totally pwn TrueCrypt. But... in that case, he already owns you most likely.

I find EncryptAll not bad. The bar here is not that high... just has to be an improvement. The guys on the CipherShed team would kill me for suggesting Pure-Crypt, but I think that's available and also aligns us well with Pure-Privacy, the new foundation promoting online privacy.

I totally agree with your list, which means you are better than most of us geeks at picking, or at least evaluating names. I would love an alternative to CipherShed. I bet you could help here. Can you think of better names.

I like the name password-hashing entry in the PHC called OmegaCrypt. I was considering contacting the author, Brandon, to see if he'd let us use it. Some people on the CipherShed project don't want either True or Crypt in the name, partly for fear of trade-mark dispute, and partly to show that we're doing an honest clean fork, with an intent to rewrite it all under a popular FOSS license (the latest BSD license is currently the leading condender).

but don't try anything too clever. Otherwise some cop will get a gut feeling or a hunch and the minute he's officially taken off the case you're toast.

You know it. And from watching things like Bones and CSI:Miami I know that not only do they investigate every case like its the only thing they have to do with their time, but that money is also generally no object. And if you are really unlucky, the laws of physics will turn out to be fairly flexible to.

Infringement has a lot to do with who you're pissing off. I this case, I am not so worried about the original TrueCrypt team. These guys did a ton of work for years, almost for free, because they thought the world needed it. Well, the world still needs it, and we have some new volunteers (but need more!). The E4M owner has some gripes about use of E4M licensed code in the tool. I think we need to focus on the E4M code and get it out of there ASAP. We can then take some more time to redo the whole GUI and everything else.

So, I'm invovled in the CipherShed project. In fact, I bought the domain originally when Niklas suggested it. I also bought FalseCrypt :-)

This thread is actually very helpful. I've been very concerned that we need to pick a better name. The unfortunate truth is that we geeks totally suck at picking name!

RealCrypt is excellent, IMO. That's why the RealCrypt fork of TrueCrypt exists :-) It's a Fedora-packaged fork that drops all the Windows stuff. There's also a VeraCrypt fork. OpenCrypt.net was offered to us by the owner, which is very generous, but there is an OpenCrypt already, which oddly enough has to do with encryption rather than vampires.

Please keep picking on the name, and suggesting alternatives! If someone here provides one, I'll try to have it adopted. We *barely* still have time to make a name change.

The rich don't need good service. They'll pay their $9k each, get pissed off, and the site will be down after a couple of years due to non-renewals; meanwhile, the site founders will have made $10-20 million (2,000 people, your numbers, times $9k = $18M) and can retire quite comfortably.

I wish I had thought of it....