Julian, is that you?
Two guys - working working over a decade without funding etc.
Ennead was 29 in 2005 (http://www.wolfmanzbytes.com/windows/70-truecrypt-encryption.html) and they obviously developed it on their freetime.
Fast forward from that to today and you got couple of middle-aged devs, probably with more demading careers and perhaps even families and maybe with young kids.
They started it as a Windows project, when Windows was...a completely different beast than it is today.
It's no wonder TrueCrypt didn't get very many (any?) releases in the past couple of years.
It's certainly a very interesting way to exit stage.
It's just his page, read the actual quote I referenced, it's nothing to do with Steve Gibson - he is just quoting two people on twitter.
Bottom line - we have no evidence of warrant canary or "dev rage quit".
Personally I'm more inclined to believe the devs calling it than any NSA scheme, but again.
According to this page - someone e-mailed a dev contact and claims they called it quits due to lack of interest
(Scroll to the bottom, the green box).
The only real "confirmation" we have is the info on the TrueCrypt page. It's over (no matter what the reason is), best to move on.
Seriously, if it's FOSS, doesn't that mean anyone can take the TrueCrypt code and do with it what they will?
Yes, but TrueCrypt has never been FOSS and by the looks of it never will be. It has always had it's own license that contained distribution and copyright-liability restrictions.
It's never been accepted as "open-source" by OSI.
So how about a write-up in English Mr. Golem?
DRM in Firefox will download a binary module from adobe
What could possibly go wrong?!
A lot of browsers are to blame for this. Both Chrome and Firefox place a big search bar in the middle of the screen and put it in auto-focus as soon as the browser starts.
Firefox gets most of its funding that way (ironically from Google) and Google gets to harvest our searches in both cases.
It's a browser UI issue, not a user issue.
Right now, I think the team is mostly focused on having "something usable" in OpenBSD and I doubt they care too much about anything else outside their scope.
Having said that - forking OpenSSL to something usable and burning the remains with fire is a great idea, however there is considerable risk that the rush will cause new bugs - even though right now those commits have been mostly pulling out old crap.
Fixing the beast is going to take a long while and several things will need to happen:
- Upstream hurry to put more crap into the RFC needs to cease for a while. We don't need more features at the moment, we need stability and security.
- Funding. The project needs to be funded somehow. I think a model similar to Linux Foundation might work - as long as they find a suitable project leads. But major players need to agree on this - and that's easier said than done (who will even pull them to the table?)
- Project team. Together with funding, we need a stable project team. Writing good crypto code in C, is bloody hard, so the team needs to be on the ball - all the time. And the modus operandi should be "refuse features, increase quality". Requires a strong Project Lead.
- Patience.. fixing it is a long process, so you can't go into it hastily. You need to start somewhere (and here I applaud the OpenBSD team), but to get it done, assuming that above is in place - expect 1-3 years of effort.
USA had absolutely no grounds to remove Saddam Hussein from the power.
The only reason they received U.N mandate is because they fabricated the WMD evidence and outright lied at the hearing.
On top of it they captured people - detained unlawfully without a charge or trial and tortured during their captivity.
Condi Rice and the rest of the Bush Jr. administration should be tried for their crimes.
But at least he answered the questions instead of copy&pasting 2 year old article from his blog
JoCo > McAfee
There is - F-Secure has a cloud solution called Younited. http://www.younited.com/
You didn't even read the summary? That's very
" iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system"
Yeah, the hash update succeeds, so err contains successful value when it jumps to the end. It never reaches the dead part where it updates.