Wednesday, September 28, 2016

Ample Meal

Ample Meal show us the way of feature feeding.
I think of this as ideal fast-food. Think about it. You can buy it as Coca-Cola in some vending machine and you are good! No need to go to some cafeteria. Isn't great? Just drink a glass of your meal like milk and you're good. Terrific!

This is super time-saver!

Another gospel is Soylent. Ingredients.








Here is comparison.


Sunday, September 18, 2016

RetroShare: scandal over the free communication!

Unbelievable!
One of RetroShare maintainers tried to close an issue about sustainable security with no resolving it!
This may only mean government reached it.

The original issue report is pretty simple:
To improve security RetroShare could provide automatic keys regeneration feature.
New key may be sent to friends automatically by secure connection with old key. 
Upon successfull recieving, new key may be used to communicate while old one still used to friends who have not it yet updated.
Would you see how much resistance it takes? Unbelievable. I can't believe some government reached RetroShare. I guess we need a fork. The final reporters reply follows:

You must be kidding me. You need to update key before it compromised. I hope I'll get enough motivation to make it compilable on macbook, but I bet this pull request is better place to start on this #498
Please, think about this issue. It contains information of how to make communication sustainably secure. Any reasonable assumption you can make. For example, current RSA-2048 best brute-forcing is about half-year. Lets update keys monthly. Send new keys with RetroShare emails. Lets keep in mind we send only public part. We cannot state this is insecure operation.
Sorry my post might consist some rudeness. This is definitely wanted ticket that moves RetroShare secure communication to the new level. This might not be closed without special attention of community/society. Any ticket might not be closed without understanding on my opinion.
I respect RetroShare and you guys who work on it. This is only really free secure communication solution for the moment. Bitcoin has such ability but its not specialized on this purpose.
RetroShare became an etalon of freedom in communication and people got attention on this. This might not be used insecurely or for disclosing secure personal information any more if it was. If someone would see this like me at the topic then fork appears quickly. The best idea is to keep goal of the project for sustainably secure communication.


But what is even MORE important!

...bla-bla-bla...here!:
 @cavebit did not get issuer but he noted about great security issue:

cool down
I am still waiting for answers of my question! #423 (comment)Post-quantum deCrypto needs Post-Quantum EnCryption!
I assume you talk about GPG-Key updating, right? these keys are only used for authentication.
re-creating all the time the keys for authentication is a nightmare. Already doing the initial making-friends is a mess and not that easy. to make this problem recurring and to need to re-friend the network all the time is not making it more secure.
Insist on pushing the default to 4k RSA GPG-Keys for the authentication. that would make a benefit. rotation of the GPG-Keys is not improving. (How often do you replace your GPG-Keys for your Mail Accounts atm? )
More interresting is this part: To add some forced ReKeying after n hours.
Increase the actual key which is used to encrypt. To replace the key after n hours to improve the PFS functionality.
https://github.com/RetroShare/RetroShare/blob/master/libretroshare/src/pqi/authssl.ccThis is not the GPG-Key.
Also these certificates are signed at best with SHA1 <-- https://github.com/RetroShare/RetroShare/blob/master/libretroshare/src/pqi/authssl.cc#L589Just to be clear, actually RetroShare connections are encrypted by OpenSSL TLSv1.2: DHE-RSA-AES256-GCM-SHA384 and not with GnuPG!!!
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit <-- should be increased already to 4k
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
So before we start discussing the Keys for authentication after post-quantum crypto, we should increase security for today technology.

You know, multiple ciphering might have less security then single ciphering.

An issuer replies:
Thank you @cavebeat for pointing everyone to the DHE-RSA-AES256-GCM-SHA384 security problem.
I have dramatically good news to you.
Mr. Stolman have interested with this project a bit:
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
I will look for someone who can review Retroshare for me.
Please, be patient to issues shower that possible coming. Do not close any issue just if you want.

Friday, September 16, 2016

Nanny

Quickly, Anyone, tell me how to raise a kid!
Correct! Repeat everything over and over, forever.
Here is the program to repeat everything.

Reminders, Repeatings, Reading with camera.


Write up your ton of rules, make kid happy not to listen it from you ;)

Oh, almost forgot to say, but it is important. Once an author implement dictation support it would be realtime translator for deaf mute people.

Feel free to contact, ask, make any feature requests at this Facebook page.

Tuesday, September 13, 2016

HR

It is often situation to receive some sort of request for an audience from a HR personal of a company.
This is good.
Dear HR who hunting for software developers, please note:

  • Software developers are usually people who like to optimize and like laconic much.
  • Software developer are people. This means they have a life. This means own life.
  • Software developers are people who like respect.
These are suggestions for an HR to make productive talk to a software developer:
  • In skype request and first message give information of who you are, which company you from.
  • Also nice to mention where did you get the contact.
  • In the first message you definitely should (this is strongest suggestion) to give a link to the most complete opening description (software developers can read fast such things) or provide the description.
You'll wonder how fast things going with such approach, because the first message of the software developer would be some sort of "interested", "no, thank you", or even resume file sending.
Please, note, that software developer should not be able to send you first message or even to type hi before he sees the message with link or full opening description.

Other good practices:
  • Corporate style HR avatar icon with photo of recruiter in suite looking forward 
  • To have a video in youtube with information about corporation and bonuses (time saver)
  • Specify a salary range for each opening