And while we're at it. Since 1.4 RC is live, and available to test out.
There is a feedback thread relating to it:
Announcing Rust 1.17
(submitted by steveklabnik)
Good news, rclone is not backdoored! Why reproducible builds matter, and how easy they are in Go
Kaitai Struct: declarative binary format parsing language
(submitted by mpweiher)
Yussss, John Wiegley's talk from Bayhac about lenses is up. I got a lot out of this one.
Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. https://www.debian.org/News/2017/20170417
Here's more context around his arrest: https://meduza.io/en/feature/2017/04/10/mathematics-teacher-accused-of-inciting-mass-riots-now-also-accused-of-supporting-terrorism-and-once-again-detained
'According to investigators, “the suspect posted materials calling for riots in the center of Moscow with the help of special software designed to hide traces of his Internet presence, [namely] using servers based in [foreign states].”' -- so, it seems, organizing protests in Moscow, possibly using Tor
I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska
A cool video showing how SecureDrop works, by Lucy Parsons Labs in Chicago https://www.youtube.com/watch?v=LkgN244ggzs
Uber likely responsible for 24-35% reduction of drunk driving accidents in NYC
(submitted by petergatsby)
Mastodon's federation introduces UX challenges.
One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.
Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).
Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?
Opening up cyberspace with Matrix and WebVR
(submitted by vanburen)
(submitted by vgt)
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!