mpol writes: Over at atavist.com is an interesting story that is being unraveled. It is a story based on years of crime journalism. Kingpin Paul le Roux started his career as programmer/entrepreneur, but it was hard to make a living. One of his software products was E4M, encryption for the masses, on which Truecrypt is based. Things changed when he got into illegal pharmacie, and doctors and pharmacists all over the US were part of his scheme. He made hundreds of millions in illegal prescriptions. If he stopped there he could have walked off and live the easy life. But he expanded into drug trafficking, and even had his own militia in Somalia for a short while. He left a trail of dead people, but was finally captured in 2012. The last few years he worked on the other side, bringing in other people of his organisation. Speculation is that Paul le Roux was the author and maintainer of Truecrypt, and can now divulge information on the weak points of that software to the US authoraties, making the software unsafe, as was previously mentioned by the people of Truecrypt.
mpol writes: We're all aware of PRISM and the NSA deals with software houses. Just today it was in the news that even Microsoft gives zero-day exploits to the NSA, who uses it to prepare themselves, but also uses the exploits to break into other systems. At my company we use Git with some private repositories. It's easy to draw the conclusion that git-hosting in the cloud, like Github or Bitbucket, will lead to sharing the sourcecode with the NSA. Self-hosting our Git repositories seems like a good and safe idea then. The question then becomes, which software to use. It should be Open Source and under a Free License, that's for sure. Software like GitLab and GNU Savane seem good candidates. What other options are there, and how do they stack up against each other? What experience do people have with them?
mpol writes: "In the past WhatsApp has been hightly critisized over their insecure use of the XMPP messaging protocol. Recently new versions of their app have incorporated encryption.
It seems the trouble isn't over yet for WhatsApp and its users. Sam Granger writes on his blog that WhatsApp is using IMEI numbers as passwords. This is at least the case with the Android app, but other platforms are probably using similar methods. Since it is easily readable what someone's IMEI number is, this isn't really secret information that should be used for authentication. In the wake of the Apple/FBI UDID fiasco, will we see lists with phone numbers and IMEI numbers appear on the net?"
mpol writes: "The job market can be hard right now, depending on your background and location. Having a disability makes things even more interesting. 7 years ago I suffered from a psychosis (interview: http://vimeo.com/48355668), and I am diagnosed with schizophrenia. I have been recovering quite good, and last year I started searching for a paying job. I found one, but it didn't turn out to be the right place, so I'm back at my volunteer job as web developer. My current workplace is quite unique, as there are several people who had a psychosis in the past, or are diagnozed with autism. When I look at myself I know that I have some things that will always play up more or less. I'm very sensitive for the atmosphere at the workplace for example. I also need clear communication, more so than other people. Furthermore, a workweek of maybe 20-25 hours is the max for me. I tried self-employment, but motivation and discipline are a bit hard to come by, and it's not something that will work for me longterm. In theory it's perfect, in practice not so much. I'm not sure what my short-term future will look like, but for this year I'm quite happy where I am, but next year I might go searching for a salaried job again.
I'm wondering if there are more people on Slashdot who have a job in ICT, or are searching one, and also have disabilities. How did you land at your job, and what issues do you run into in daily practice."
mpol writes: "Sergei from MariaDB speculated on some changes within MySQL 5.5.27. It seems new testcases aren't included with MySQL anymore, which leaves developers depending on it in the cold. "Does this mean that test cases are no longer open source? Oracle did not reply to my question. But indeed, there is evidence that this guess is true. For example, this commit mail shows that new test cases, indeed, go in this “internal” directory, which is not included in the MySQL source distribution." On a similar note, updates for the version history on Launchpad are not being updated anymore. What is Oracle's plan here? And is alienating the developer community just not seen as a problem at Oracle?"
mpol writes: "Over at pkh.me, a FFmpeg developer seems to have quite a fresh view of the situation with FFmpeg and its fork Libav. "One year and a half ago, an important part of FFmpeg developers decided to change the way the project was managed. This led to some kind of takeover, mainly to get rid of the old maintainer dictatorship, but also to change development methods, redefine objectives, etc. Then, for various reasons I will quickly explain, these people made a new project called Libav." It makes for an interesting read behind the scenes."
mpol writes: "Forbes magazine published a profile of French exploit-selling firm Vupen last April. Now there's a blog article about a broker from South Africa, complete with a price-list of zero-day exploits and their platform. iOS is the highest valued here. The article also claims most exploits are being sold to agencies of the US government. It does raise a concern though. What if black-hats got more serious, and the US government would become a victim. When shit hits the fan, how will they react."
mpol writes: "Statcounter released new statistics today and 1366x768 monitors feature now the most used screen resolution on the internet. These screens are available in most cheap laptops, and therefore probably sold and used very much. With 19.2% it is beating the old 4:3 resolution, which still has 18.6% usage share. And you do know, you have lies, damn lies, and statistics."
mpol writes: "Ever since I learned of the Reed-Solomon algorythm I was amazed at the technical wonder of it. Just as amazed as I was about the error-correction in pressed Audio-CDs. I do know that at a very low-level it is integrated into harddisks. It's also built into RAID-6 and other server-grade software. For my self-made photo's and music collection in flac I always remember to make 5% par2 files, just in case of corruption of the files (and yes, that does happen). I sometimes feel I have to advise the people around me to do the same, so they won't lose their data, but I feel that workflow is too technical for most people. I'm wondering why Reed-Solomon isn't more transparently integrated into our software. For example, when you rip music to flac or mp3, the ripper should also make par2 files. The same with a photo made into a raw or jpg file. This file should have par2 information inside it or right next to it. Then the management software for media should repair the files when it encounters corruption. All handled transparently, without requiringing any technical knowledge or activity from the user. Why hasn't this been done. The algorythm is from 1960. Even Audio-CDs from 1983 had it built in. And it's now 2012."
mpol writes: "KDE's Plasma Active introduced last Saturday its own 7" tablet. According to Aaron J. Seigo, "It's the first tablet computer that comes with Plasma Active pre-installed". The 'Spark' with its 7" screen is built around a Cortex A9 with a Mali-400-gpu, 512MB RAM and an SD-card slot. It will have a 800x480 screen resolution and will cost around 200 Euro. It is actually a rebrand of the Zenithink ZT-180 C71, which comes with Android by default. On a personal note, Aaron J. Seigo will no longer be sponsored by Qt Development Frameworks to work on Qt and KDE. He will however stay involved with KDE and Free Software he says."
mpol writes: For years I've been using a home-server with Linux, but recently I've been getting doubts about the electric bill. I'm not touched by the recession yet, but I would like to cut costs, and going from a 100Watt system to a 30Watt system would save me 70 bucks a year. The system doesn't need to do much, just apache, imap, ssh and some nfs, but I do prefer to have a full-fledged system, where I can choose what to install on it. I also don't really care if it's a low-power Via or an ARM processor, I do prefer it to be cheap. A full system for max 300 bucks would be nice. That way I would have earned it back after 4 years on powersavings. I've been reading about the Western Digital Mybook World Edition, which has an ARM processor, but isn't that easy to install Debian on. A Mac Mini draws about 85Watt, so that isn't an option either. I would accept something just a bit more than turn-key, but not a hack-job. I've done hack-jobs enough in the past, now it's time for smooth and easy. Adding a temporary cdrom or dvd-rom, or an usb disk with an iso to install from would have my preference. Are there Slashdotters who run nice and cheap low-power Linux systems? What can you recommend?