Monthly Archives: May 2014


TrueCrypt Shuts Down

See on TrueCrypt Shuts Down

Support for decade-old crypto program pulled, touching off Internet firestorm.

 

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

Ryan Seifert‘s insight:

One of the most popular and trusted file encryption systems was closed today; there is a huge amount of controversy over the event. What is even stranger is the suggestion to migrate to Bitlocker, Microsoft’s integrated encryption offering.

 

TrueCrypt was the common answer for easy and provable secure encryption; due to its open source nature and multi-platform support. Being open source allowed everyone (including security auditors) to review the code and point out any potential weaknesses or problems. The multi-platform support allowed the same encrypted partition to be accessed from Windows, Mac, or Linux.

 

The controversy is stemming around the the reason given for shutting down TrueCrypt (the sunset of Windows XP) and the suggestion to migrate to BitLocker. TrueCrypt supported up to Windows 8.1 (Current version) and everything between down to XP; it also supported many versions of Mac’s OSX as well as various flavors of Linux. The amount of development work required to support so many different platforms securely is immense; this disputes the shutdown reason stated pretty directly. Many proponents of TrueCrypt are very outspoken on closed source implementations of security applications (such as BitLocker).

 

Overall it is a strong blow to computer security and privacy in general to see such a strong and loved open source encryption system be closed.


So You Want To Write Your Own CSV code?

So you want to write your own CSV code?

So You Want To Write Your Own CSV code? Fields separated by commas and rows separated by newline. Easy right? You can write the code yourself in just a few lines.

 

Hold on a second…

Ryan Seifert‘s insight:

This is a great short article on how a ‘simple’ feature or request can balloon into a much more difficult and time consuming issue.

While the author jumps into some areas that are more than likely not going to be used; it is hard for the developer to know all edge cases. Substantial segments of work can potentially be removed if we know the originating file is RFC-4180 compatible or detailed information on areas it is not. Fully fleshed out requirements could answer those questions; but usually not before an estimate is requested/required.


EVERY eBay Account Holder Hacked

EVERY eBay Account Holder Hacked

Hackers obtain name, address, date of birth, telephone number, email address and password of 233 million people

Ryan Seifert‘s insight:

It seems like we can’t go 6 months without hearing about a high-profile hack; with significant numbers of accounts being compromised. This one hit close to home; I have many family and friends who are avid eBay users. My phone sounded like a PBS pledge drive after I sent out texts letting them know it was time to change their passwords. After the bewilderment passed the most common question was; how do I avoid this again.

I went with my normal tactic of introducing them to LastPass; but came up short when they asked for a free alternative for their phones (various versions of iOS and Android). A couple minutes of searching provided a decent answer; if a bit difficult to setup. KeePass can use Dropbox to sync the encrypted passwords between devices.  Took some tinkering but looks to work pretty well.

See on www.thedailybeast.com


Four Million to One

Four Million to One

We Help the World’s Best Developers Make Better Software.

 

As we pass four million Trello members I thought it would be a good time to share with other small software development teams the fact that providing high quality support doesn’t have to be expensive or impossible.  This includes a one business day initial response window for all newly created cases and making sure to follow through on all open cases until resolution.  With just a few tools and some dedicated time, it is possible for even just one person like myself to support our entire member base

Ryan Seifert‘s insight:

This is really inspiring!

 

I love the thought put into the support system. Many times support takes on the role of firefighter; reacting to extinguish flare ups and hopping from one fire to the next. The critical points I spot are the extensive online help (with Analytics even!), the canned email responses, and the smooth ability to escalate support issues. It is exciting to see how a single person can support over four million users!

See on blog.fogcreek.com