That's nothing. I've set up a massive file-sharing service based around these systems. And it's completely undercover; to the casual observer, it looks like a used-car lot!

Based on this comment, I'm assuming you haven't heard of Unity.

I'll add my thanks as well. The whole reason I came to this thread was because I hoped someone would post something like this.

I've already posted, so somebody please mod parent up!

The quote in the summary:

So you're talking about a people getting a degree where the only career option is teaching others so they can seek the same degree? And the MLA thinks the fix is to make that degree easier to get? I suppose it does have the benefit of people wasting less of their life pursuing a degree that is worthless out in the real world, but it looks to me like a PhD in Humanities is the academic equivalent of a Ponzi scheme.

You know, I think this is the first time I've seen Metro and professional used in the same sentence. At least, the first time where the sentence didn't end with, "my ass!"

I don't know. I've seen Cars 2.

I remember once hearing that, everywhere that golf is played, it's called golf. I'm not well-traveled enough to be able to confirm, though. Anybody who hasn't spent their entire life in midwest USA care to comment?

Kind of interesting, since the linked article is basically the exact opposite of over-hype. I think the really relevant point is this:

If we assume that the TrueCrypt announcement is a NSL warrant canary, then the question is "Why now?" "Why?" is a stupid question - of course the government would like a backdoor into TrueCrypt. But why the NSL now?

Option A is that, since the TC developers are anonymous, their identities have only recently been discovered by the government agencies that issued the warrant. I'll admit this is possible, but it seems unlikely.

Option B: Version 7.1a of TrueCrypt has a flaw that is known to government agencies, but has not yet been discovered by the community. The government is worried that the ongoing code audit will discover and remove this flaw, and they issued a NSL requiring that if the flaw is discovered, the updated version include a government-approved backdoor. TC devs made the warrant canary announcement rather than agree to comply.

Option C: At some point after the release of Version 7.1a, the TrueCrypt devs received a NSL requiring a backdoor in the next released version. TC dev team technically complied by not releasing a new version, since there were no known weaknesses in 7.1a. The code audit has uncovered a flaw and informed dev team, leading dev team to shut down the project and invoke warrant canary.

It will be interesting to see what happens with the code audit. Hopefully the audit team had the foresight to set up a warrant canary themselves. At any rate, Steve Gibson does have a point - the code is out there, and the audit will continue. TrueCrypt will be forked, and work will continue.

Their actual identities and locations are unknown. There's plenty of intelligence agencies around the world that would go along with a firmly-worded "request" from US intelligence agencies. I think it's safe to assume that, if this announcement is due to government threat, we're talking about legal threats rather than death threats. An agent that says "backdoor your software or we kill you" is very likely going to kill you for making the sort of announcement that popped up today.

True, but it's still an open-source project. Uploading backdoored binaries would be easy enough, but compromising the code would be a lot more complicated.

I'm sure the NSA is very good at writing obfuscated code, but there are other factors in place. The TC code audit started a few month ago, and there hasn't been an update to TC in 2 years. Any new updates to TC are going to be reviewed *very* carefully - sudden updates to a 2-year-stable project right after the beginning of a code audit looks very suspicious.

I use TrueCrypt. I realize that there are other options out there, but TrueCrypt has a few advantages - namely that it allows hidden volumes and it's cross-platform, free-as-in-beer, and open-source, (even if not technically FOSS). So now what? TrueCrypt won't go away. I can save a copy of the installer for the 2012 release, and, more importantly, there are copies of the code out there - particularly in the hands of the code audit team.

If we assume that the TC dev got an NSL, it would potentially explain the announcement. The dev decided to burn the crop and salt the field rather than let it be co-opted by the NSA. And, based on what happened with LavaBit, the NSA must have anticipated at least the possibility of this response. If anything, it was probably more likely. LavaBit was a commercial operation - they had a financial incentive to go along, keep their mouth shut, and keep the business going. Instead, they decided to do the right thing and shut down.

So assuming the NSA sent a National Security Letter to the TC dev, why, and why now? NSLs have been around for years. It seems odd that the NSA would wait until now to try to force in a backdoor, particularly with the likelihood that attempting to do so would result in the "burn and salt" response. If the NSA felt it was worth forcing TC into a go-along or shut down choice, they would have done it years ago.

One possibility is that TrueCrypt has an exploit that is currently know by the NSA, but not known by TC devs. Once the code audit started, the NSA was concerned they would lose their backdoor, and issued National Security Letters to the audit team requiring they don't expose the flaw, and to the dev team requiring they don't fix it. At this point, this seems like it might be the most likely option, assuming we aren't looking at a site defacement. Hopefully we'll get some clarification soon.

Virus-ridden, goes down regularly?

Most of the Kardashians are about 3 additional cosmetic surgeries away from being indistinguishable from Cardassians.

...and this, ladies and gentlemen, is why experimenting with hallucinogens is a bad idea.

No mod points, but thank you for this. I've managed to tweak my work PC enough that the parts of Win8 that piss me off mostly stay out of my way, but hunting through the mess of settings makes me curse the day Balmer emerged from the primordial soup of whatever parallel evolutionary track coughed him up.