Threat Hunting isn't exactly a new concept, it's been around for ages.
But it seems someone, somewhere decided it is going to be the new "hype-base" for magical next generation boxes.. because the previous hype (Threat Intelligence) is dying.
So yeah, cue 2-3 years of "you must hunt proactively with our products"-hype
True. And! Luckily Canonical has a really stellar track record with users privacy issues.
iOS 8 is not a pig. It's not a living thing at all it's a mobile operating system. And. If it was living, I doubt it would live at the farm.
Having said that, I have not have any issues on any of my upgraded devices (4 iPads in the family, 2 iPhone 5s) and the devices have not expressed any need to roll in the mud either.
Did you actually read the thread?
You know, where Linus tracks down the thing and collaborates very professionally with other devs?
Yes, he uses harsh language at times, but who the fuck doesn't. He does not work in enterprise environment, it's his own mailinglist.
Julian, is that you?
Two guys - working working over a decade without funding etc.
Ennead was 29 in 2005 (http://www.wolfmanzbytes.com/windows/70-truecrypt-encryption.html) and they obviously developed it on their freetime.
Fast forward from that to today and you got couple of middle-aged devs, probably with more demading careers and perhaps even families and maybe with young kids.
They started it as a Windows project, when Windows was...a completely different beast than it is today.
It's no wonder TrueCrypt didn't get very many (any?) releases in the past couple of years.
It's certainly a very interesting way to exit stage.
It's just his page, read the actual quote I referenced, it's nothing to do with Steve Gibson - he is just quoting two people on twitter.
Bottom line - we have no evidence of warrant canary or "dev rage quit".
Personally I'm more inclined to believe the devs calling it than any NSA scheme, but again.
According to this page - someone e-mailed a dev contact and claims they called it quits due to lack of interest
(Scroll to the bottom, the green box).
The only real "confirmation" we have is the info on the TrueCrypt page. It's over (no matter what the reason is), best to move on.
Seriously, if it's FOSS, doesn't that mean anyone can take the TrueCrypt code and do with it what they will?
Yes, but TrueCrypt has never been FOSS and by the looks of it never will be. It has always had it's own license that contained distribution and copyright-liability restrictions.
It's never been accepted as "open-source" by OSI.
So how about a write-up in English Mr. Golem?
DRM in Firefox will download a binary module from adobe
What could possibly go wrong?!
A lot of browsers are to blame for this. Both Chrome and Firefox place a big search bar in the middle of the screen and put it in auto-focus as soon as the browser starts.
Firefox gets most of its funding that way (ironically from Google) and Google gets to harvest our searches in both cases.
It's a browser UI issue, not a user issue.
Right now, I think the team is mostly focused on having "something usable" in OpenBSD and I doubt they care too much about anything else outside their scope.
Having said that - forking OpenSSL to something usable and burning the remains with fire is a great idea, however there is considerable risk that the rush will cause new bugs - even though right now those commits have been mostly pulling out old crap.
Fixing the beast is going to take a long while and several things will need to happen:
- Upstream hurry to put more crap into the RFC needs to cease for a while. We don't need more features at the moment, we need stability and security.
- Funding. The project needs to be funded somehow. I think a model similar to Linux Foundation might work - as long as they find a suitable project leads. But major players need to agree on this - and that's easier said than done (who will even pull them to the table?)
- Project team. Together with funding, we need a stable project team. Writing good crypto code in C, is bloody hard, so the team needs to be on the ball - all the time. And the modus operandi should be "refuse features, increase quality". Requires a strong Project Lead.
- Patience.. fixing it is a long process, so you can't go into it hastily. You need to start somewhere (and here I applaud the OpenBSD team), but to get it done, assuming that above is in place - expect 1-3 years of effort.
If all else fails, lower your standards.