And while we're at it. Since 1.4 RC is live, and available to test out.
There is a feedback thread relating to it:
https://discourse.joinmastodon.org/t/1-4-rc-feedback/134
Announcing Rust 1.17
https://blog.rust-lang.org/2017/04/27/Rust-1.17.html
(submitted by steveklabnik)
Good news, rclone is not backdoored! Why reproducible builds matter, and how easy they are in Go
https://blog.filippo.io/reproducing-go-binaries-byte-by-byte/
Kaitai Struct: declarative binary format parsing language
http://kaitai.io/
(submitted by mpweiher)
Yussss, John Wiegley's talk from Bayhac about lenses is up. I got a lot out of this one.
Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. https://www.debian.org/News/2017/20170417
Here's more context around his arrest: https://meduza.io/en/feature/2017/04/10/mathematics-teacher-accused-of-inciting-mass-riots-now-also-accused-of-supporting-terrorism-and-once-again-detained
'According to investigators, βthe suspect posted materials calling for riots in the center of Moscow with the help of special software designed to hide traces of his Internet presence, [namely] using servers based in [foreign states].β' -- so, it seems, organizing protests in Moscow, possibly using Tor
I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska
A cool video showing how SecureDrop works, by Lucy Parsons Labs in Chicago https://www.youtube.com/watch?v=LkgN244ggzs
Uber likely responsible for 24-35% reduction of drunk driving accidents in NYC
http://www.economist.com/blogs/graphicdetail/2017/04/daily-chart-0
(submitted by petergatsby)
Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
Opening up cyberspace with Matrix and WebVR
https://matrix.org/blog/2017/04/04/opening-up-cyberspace-with-matrix-and-webvr/
(submitted by vanburen)
Introducing Espresso
https://www.blog.google/topics/google-cloud/making-google-cloud-faster-more-available-and-cost-effective-extending-sdn-public-internet-espresso/
(submitted by vgt)