GPG Programmer Werner Koch Is Running Out of Money

New submitter jasonridesabike writes "ProPublica reports that Werner Koch, the man behind GPG, is in financial straits: "The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded." (You can donate to the project here..)

A personal appeal

[Anonymous Coward]

from GPG founder Werner Koch

Latest update

[Anonymous Coward]

From the linked article:

Update, Feb. 5, 2015, 5:55 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations have also poured into Werner Koch's website donation page to the tune of nearly $50,000 so far.

Re:Latest update

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well that's good to hear.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlTUChMACgkQnludVzJNqF2p2ACdFew+WZRFx3tgIWLSizrfZuc/
k1EAoK35K6UURyN3CXW5eUEP4bVas9BP
=UQA4
-----END PGP SIGNATURE-----

Re:Latest update

[gwolf]

You should really update your key. A 1024D key with a SHA1 primary signing algorithm is no longer considered safe.

(Data point: We did quite a work in Debian to migrate to 2048R with SHA256)

Re:Latest update

[chihowa]

It's funny that you should mention that. Werner Koch still uses a 1024D key [mit.edu] for email. In fact, nearly everyone at g10code.com either has no key listed or uses 1024D. Most of the people involved in the development of GnuPG use ancient 1042D keys.

It's not just GnuPG, though. Phil Zimmermann only uses 1024D [philzimmermann.com].

Perhaps there's something we're missing?

Re:Latest update

[gwolf]

Interesting thing you mention. Well, our migration was prompted by some theoretical advances; if you look at our slides at DebConf14 [debconf.org] you will see some references to papers presented at the EuroCrypt 2012 conference talking about the relative strengths of different keys.

I don't contest that Zimmerman and Koch know how to communicate securely and what it takes, but maybe we are talking about a different threat model. One thing is identity assurance just for the sake of identity assurance, but in Debian we use it as a core infrastructural part: Get hold of my GPG key, and you have potential root access to thousands of computers. Of course, there are human checks in place, and it's quite unlikely you'd get away with yours... But it's possible.

Re:

[Frobnicator]

I don't contest that Zimmerman and Koch know how to communicate securely and what it takes, but maybe we are talking about a different threat model. One thing is identity assurance just for the sake of identity assurance, but in Debian we use it as a core infrastructural part: Get hold of my GPG key, and you have potential root access to thousands of computers.

Holy Hell, I hope you mistyped something!

It is 2015. If you've got a single password (your private key) with root access to that many machines, something is terribly wrong over at Debian.

For THOUSANDS OF MACHINES let me introduce you to the concept of a key vault. You start with your two-factor credentials to the vault, check out temporary credentials for the individual machine's keys or services you need, and use them for the day.

Do not allow your single private key -- no matter how many bits long it i

Re:

[stoborrobots]

I assume he means that his GPG key is used to sign packages which get loaded to the Debian repository, which you could potentially use to upload a package with a root-executed file in it...

Re:Latest update

[swillden]

Holy Hell, I hope you mistyped something!

He didn't, and he's right, and there's nothing wrong with what he's doing.

The key in question isn't a login authentication credential used to access large numbers of machines. It's the key used by Debian systems to verify that they trust software packages from Debian. Note that all Debian software packages are installed as root, and run scripts as root during the installation process. Many Debian software packages include binary code that is run as root during normal usage.

This means that an attacker with the signing key and access to the download servers can create packages that run whatever code he likes on every machine that installs them, as root. If he picks packages that every running Debian system has to have, he can control all well-maintained machines within a few days. That would be hundreds of thousands, maybe millions, of machines, not thousands.

Re:

[gwolf]

Holy Hell, I hope you mistyped something!

It is 2015. If you've got a single password (your private key) with root access to that many machines, something is terribly wrong over at Debian.

Others have replied, but I think I should do so as well: Yes, we don't use a PGP key to log in to thousands of machines, but we use it to validate package uploads that enter the archive. If I sign+upload a malicious binary package, it's just a matter of time until it reaches users.

Of course, there are some caveats: First, I must convince users to use my package. This is, my malicious code should not go in a very uninteresting package, it would go to one that I know that has many users. But, second, it shoul

Re:

[dryeo]

You want a key that is close but not impossible to break. How else can you feed the right information to others?

Re:

[drinkypoo]

Perhaps there's something we're missing?

What you're missing is that if these people wanted to communicate securely, they wouldn't want you to know about it, and they wouldn't be dumb enough to use a key which is associated with their known identity by the world.

Re:

[drinkypoo]

What harm would come from knowing that the inventor of PGP uses PGP?

You're not too into this whole computer security thing, are you?

Re:

[CronoCloud]

Done, thanks for the reminder.

Re:

[iluvcapra]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use GnuPG to secure some archival things in the cloud.

I'd consider giving some money to it if it was actually usable for its first and
most important function, namely, securing emails. It works perfectly, but it's
deployment is utterly lacking, no major vendors have gotten far enough behind it to
enable it by default, and even knowledgable users don't do something as simple as
sign their emails, to at least advertise to others that they have a key.

Also I live in LA

Re:

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 You're right in that gnupg needs people and groups to get behind it. I started using Linux in 2002 and didn't start using gnupg till 2007. While part of the reason was that I had been using an e-mail client without built in gpg support, another part was I didn't know much about it. I might not have even realized I already had it installed. I do sign e-mail, and I do have my pubkey here on Slashdot and the keyservers. And sometimes, in threads related to

Re:

[CronoCloud]

The inline signatures are smaller if you use SHA1, which is not recommended as that Debian fellow stated. Then Slashdot doesn't mess up the formatting, my previous post is butt ugly because I had to switch to HTML formatting to actually post the thing.

If you're using gpg in e-mail you use MIME so it's not an issue.

Re:

[El_Muerte_TDS]

Additional update (from the article):

Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project

Re:

[Talderas]

So basically.... the Linux Foundation gave him $60,000 to keep working on the project and told him to shut up and not disclose it until after the pity article to trick people into donating when they otherwise wouldn't have.

Re:

[polymeris]

Pardon the ignorance, but how complex is a library like GPG? How come he still needs to dedicate himself fulltime to it, after almost 20 years? I would have thought, by now, you wouldn't need more than the occasional bug-fix or maybe port to new language standards.

Can't even pay for music

[Rinikusu]

Something everyone claims to want, but too cheap to pay for. Thanks, Stallman!

No, he's not

[Ydna]

Looking at the list of donors page, it has this curious summary:

In 2015 we received 2535 donations of 87299 € .
In this year we received 2826 donations of 97255 € .

I'm not sure how to read that as this year is 2015. But if this is all for one person, they don't seem to be hurting for funds now.

Re:No, he's not

[Rinikusu]

Sub taxes, sub equipment, for a one man operation he could certainly be doing better in the private industry pushing dick pills and dick pics.

Re:No, he's not

[pz]

And subtract retirement, and insurance payments, etc., after all that, no one is going to get rich on EUR 90K per year. Not going to starve, but not going to get rich, either.

To present some perspective, as an employer in the US (yes, I realize things are probably different in Germany), if my personnel budget is USD 90K, that means my employee is getting only USD 61K in salary. The rest goes to various overheads that I pay to support the position.

Re:

[i.r.id10t]

And then the employee usually has to pay *more* direct from his/her check, both taxes and things like insurance

Re:

[sg_oneill]

Yep, and $90K for an experienced programmer is a steal. Back in my consulting days i could easily clock $200K a year.

For some reason I stopped. No idea why,

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Ginger Unicorn]

Running out of money and not getting rich are two different things. If you're on 90k euro a year and you're running out of money, you need to reevaluate your expenditure. I consider myself running out of money when i can only afford a 2.50GBP ready meal instead of spending 4 pounds on a proper meal.

Re:

[HnT]

You cannot compare being an employer in the US to being an independent contractor with one employee in Germany. Things are very, VERY different here in terms of insurances and retirement. To give you just one example, the usual figure thrown around by workers in the US is to have at least 1 or 2 million for retirement. This is a figure absolutely no regular European employee will ever lay aside in all their working years unless they have a 1%er position.

90k Euros a year even as a contractor and after taxes

Re:

[Oligonicella]

Is this a nerd version of an SJW? You're not ____ , therefore you don't understand ____ and must not speak or question?

Nawh. You're a troll. Bet you're the same guy who says "Music should be free! Artists should do tours to make their money."

Re:No, he's not

[Enigma2175]

PGP has brought incredible value to people, and thus its inventor should be rewarded properly.

However, this person is not the inventor of PGP, Phil Zimmermann [wikipedia.org] is. Koch just wrote an open source program that complies with the OpenPGP RFC [ietf.org]. This is certainly valuable and I do think that the community receives sufficient benefit from this program to support it financially, but Koch isn't an inventor, he is a programmer that implemented a public standard.

Uhhhh

[Sycraft-fu]

You realize even taking taxes in to account, most people make a lot less than that and do just fine, right? When you see income reported, it is normally pretax. If you think most people are making more than 90,000 Euro a year, you are really out of touch. That's a lot of damn money, in any country, enough to live well. You aren't rich, but you are doing just fine.

Re:Uhhhh

[CRC'99]

I hate to say it - but most people who do OSS work for the masses don't get paid for it.

I do packaging for Xen used from hobby users through to Disney - yet I get about $400AUD per year in donations. I also have to go buy my own test hardware (I need UEFI kit atm!).

I understand exactly what Werner means and the challenges faced - but I too don't see a solution for this. OSS has been linked for too long as a 'free solution' - which means nobody puts a currency value on the software and services that are made available to the world. I think its the mental relationship of OSS being 'free' causes it. Nobody blinks an eye to pay $100 for a Windows license - yet go for a $10 donation to an OSS project and people lose their minds...

Re:

[MightyYar]

Who is talking about "most people"? This guy seems to have a pretty interesting skill set - it is conceivable that he could do much better applying it to something more lucrative.

Re:

[ACE209]

That Angela "Marktkonforme Demokratie" Merkel is communist, is news to me.

Re:

[MightyYar]

Are you looking for a pedantic argument? I'm not really interested in that. It's pretty clear that they guy is not happy with the current financial situation (which has since been relieved, apparently).

Re:

[MightyYar]

It sounds like the funding came in after his plea, so I can't really fault him. The strategy worked, apparently.

Re:

[gnasher719]

You realize even taking taxes in to account, most people make a lot less than that and do just fine, right?

On the other hand, why would someone creating important software that everyone wants to use, be content with "making a lot less and doing just fine"?

The guy can just give up what he is doing right now and get a better paying job, with no stress trying to get money every year.

Re:

[Kjella]

It's more than taxes, for example here in Norway I have 100% sick leave pay from day 1. As self-employed you get 0% for days 1-14 and 65% of some average of past income for day 15-365, if you want more you need expensive insurance. You have to pay your own pension fund. The rule of thumb is usually that that an employee COSTs almost 2x salary all in all.

Re:

[geantvert]

I suspect that the first line is for the donations they were effectively received and the second shows all pledges.

Re:

[geantvert]

You are probably right.

Re:

[Negatif]

The article was published earlier today - it looks like a lot of donations have come in after that.

Re:

[jittles]

Looking at the list of donors page, it has this curious summary:

In 2015 we received 2535 donations of 87299 € . In this year we received 2826 donations of 97255 € .

I'm not sure how to read that as this year is 2015. But if this is all for one person, they don't seem to be hurting for funds now.

My guess is that one is a list of donations for the proceeding 12 months while the other is just for the 2015 calendar year. This would mean that he received almost no donations in the 2014 time period.

Re:

[usuallylost]

In the article it says he is looking to pay himself a reasonable salary and to hire one additional full time programmer to assist with the development. Basically he wants to get back to the situation he had pre 2012 before his funding ran out and he had to lay off his staff. It sounds like after this he probably is OK for the time being. Though he is going to need to maintain similar levels of funding going forward if he is going to be able to hire staff.

It seems to me that the more interesting question

Re:

[Talderas]

It's either this year (2015) in which cast the number of donations increased by just under 300 over these first 6 days of February. If it's this year (past 365 days) then it means that over the past year, excluding January, there were a bit under 300 donations totalling to just under 10,000.

Re:

[johnnys]

What he said. GPG is a very useful tool. I've used it for a while so I kicked in some money.

dear werner, please finish the damn thing

[Anonymous Coward]

Michelangelo finished the pieta in 2 years. You've had 18!! Look, it's good stuff, and you could probably milk this till retirement. Even Michelangelo realized finally that if he took one more swing at his sculpture, he'd have detracted from it.
You keep this up, you're gonna turn out just like that Torvalds kid.

Donor List = Watch List?

[turkeydance]

like...really, really watch very closely.

Ah hell why not

[gatkinso]

20 euro for you

Re:

[gatkinso]

Now get back to work, you.

Phil Zimmerman

[fred911]

How soon we forget someone who stood up. Someone who should be honored for his contributions to free speech, expression and privacy,

  Besides, isn't PGP Snowden used?

S/MIME called .. it wants it's something something

[ModernGeek]

I switched to S/MIME because of the easy ability to have a third party sign your key, and the recipients recognize it; utilizing a similar web of trust that we use for SSL. Sure it isn't perfect, but it's a good platform. All the major mail clients support it as well. Unless you're really worried about privacy, it's good enough.

However, I feel it's the duty of large corporations that profit from the efforts of men like Werner Koch to hire, retain, and support these people, and allow them to freely continue their research. If not through employment, then through grants.

<joke>I guess he shouldn't have sold all his Radio Shack stock</joke>

Patreon?

[aklinux]

Interested users could even set up regular donations.

Do not mix up FOSS and running a business so fast!

[HnT]

Note this part of TFA:

For almost two years, Koch continued to pay his programmer in the hope that he could find more funding.

So he is also a business owner making bad decisions and pays employees doing programming for him. Are FOSS projects not usually run by not financially dependent-on-each-other volunteers and on code submissions? It seems to me GPG has failed to establish something other projects have successfully done: a tightly knit community in which the whole project does not rest on the shoulders of one man alone. It seems Mr. Koch was trucking along on government funding alone and had no other source of income, this feels like another bad decision to me. This whole project feels like a very strange mixture of FOSS and running a business based on it while expecting to be paid as if it was a closed source, shareware program.

By all means, he deserves all the donations he can get but maybe it is high time to take a step back and look at how some things might have been run badly and how to improve on that.

Re:Wrong Koch

[Anonymous Coward]

That guy sucks. I will give him money when he gives me that back door I've been asking for.

Re:

[CronoCloud]

You forgot the friendly closing:

Sincerely, The NSA

That would have made it slightly funnier.

Re:

[Hognoxious]

No, Captain Obvious, because we already knew what he meant.

Re:Wrong Koch

[bobbied]

Too bad, I know of two of his relatives who have more money then they know what is morally correct to do with.

You mean donating $100 million to help build up a hospital in New York isn't morally a good thing?

http://freebeacon.com/blog/koch-brother-donates-money-to-hospital-liberals-protest-not-a-parody/

Another $100 Million for Cancer Research at MIT.

Another $25 Million for Cancer Research at MD Anderson in Huston TX.

Then there are donations to the Arts, National Museums and believe it or not *environmental* projects which are on record...

Yea, these Koch brother guys are the surge of the earth all right, spending all that money on such bad things...

Re:Wrong Koch

[riverat1]

They also gave money to the Berkeley Earth [berkeleyearth.org] project. That one didn't quite turn out like they wanted.

They also tried to give money to the Florida State University Economics Department with some provisos:

First, the curriculum it funded must align with the libertarian, deregulatory economic philosophy of Charles Koch. Second, the Charles Koch Foundation would at least partially control which faculty members Florida State University hired. And third, Bruce Benson, a prominent libertarian economic theorist and Florida State University economics department chairman, must stay on another three years as department chairman — even though he told his wife he’d step down in 2009 after one three-year term.

So much for academic freedom.

Re:

[Anonymous Coward]

As someone who has spent a lot of time working around Ph.D. academics, let me clue you in. EVERY US university of any appreciable size whores itself out like this to some collection of rich benefactors/organizations. Mainly because half of the degrees it awards are outright worthless for a career (hard to get alumni donations from the Literature major that has spent the past 10 years since graduation working their way up to local Starbucks manager, or worse, gotten a humanities Ph.D.) and the other half

Re:

[Oligonicella]

Love it. Two AC's assigning themselves authority. Each contradicting the other. Neither providing a jot of sourcing. Probably both the same guy.

Re:Wrong Koch

[Anonymous Coward]

Correct, their donations have no moral basis; they are only doing this because one of them had cancer and they are hoping to ensure their own survival. Gates on the other hand is fighting malaria and other diseases that are of moral concern because people don't need to worry about them.

Re:

[oldmac31310]

Gates is only doing this in case he contracts malaria!

Re:

[Anonymous Coward]

Got a source on that? I'd like to cite it to a few people.

Re:

[Anonymous Coward]

No, sorry. I promise it's true though. I read it on a Slashdot comment.

Re:Wrong Koch

[macsimcon]

Right, and all those donations don’t even add up to a fraction of the nearly $1B they plan on spending to influence the 2016 election.

If a Nazi donated $100 to a soup kitchen, does that forgive Auschwitz? And don’t lecture me on Godwin!

Re:

[WarSpiteX]

Dude, you're posting on Slasbergers with people who read The Fountainhead as teenagers and it totally blew their minds, and been assburgers types they can't grow out of the mindset.

Re:Wrong Koch

[epine]

Dude, you're posting on Slasbergers with people who read The Fountainhead as teenagers and it totally blew their minds, and been assburgers types they can't grow out of the mindset.

Funny, in my experience it's the people who aren't blessed with Asperger's syndrome who are particularly prone to pontificate on the basis of choir-pleasing ass-pluck.

Perhaps we should really rename it obsessive factual reality disorder.

Furthermore, a great many people who read The Fountainhead at a young age and found it mind blowing went into politics. How I wish more of these people had enough Asperchlorians in their bloodstream to balance their own chequebooks.

Re:Wrong Koch

[I'm New Around Here]

Asperchlorians

My new favorite fake word.

Not to unseat my favorite real word: quintessential.

Re:

[crispytwo]

Asperchlorians

take note: coined today!

#loveit

Re:

[Andtalath]

Assburgers is often used as a means of indicating that someone does not in fact have Aspergers Syndrome, but is merely acting like an ass.

Re:

[Whorhay]

I'm not a fan of the Koch brothers but no one is all evil or all goodness and light. I disagree with the Koch's political spending, but we can still acknowledge the good some of their charitable giving does. As a parent of small children I've noticed that focusing solely on the negative behaviours does nothing to prevent it, while a more balanced approach seems to get better results.

Re: Wrong Koch

[macsimcon]

Another right-wing canard to debunk. Oh well here goes...

For every Soros who is spending money to promote "collectivism" (code used by Ayn Rand-loving sociopathic troglodytes who haven't had a date this century) , there are ten or more Adelsons and Kochs promoting their fascism. It isn't even close dude.

I think it's great that the Koch brothers give to charity, but at those levels, it's like someone who earns $40K per year giving $100 in total to charity each year. Not exactly a sacrifice.

It's even worse because that worker earning $40K per year can't pay for all of their necessities for life on that salary, where the Kochs have already paid for everything they'll ever need.

Re:

[Anonymous Coward]

http://www.washingtonpost.com/blogs/right-turn/wp/2014/03/27/democrats-funded-by-billionaires-complain-about-republicans-funded-by-billionaires/

"But if it’s all that terrible to take billionaires’ money then the Democratic candidates and the Senate Majority PAC should give back their billionaires’ cash"

http://www.realclearpolitics.com/articles/2014/04/08/the_lefts_billionaire_outsider_hypocrisy_122196.html

"Who are the Senate Majority PAC’s biggest donors? They include out-of-state bi

Re:

[Shatrat]

It isn't even close dude.

https://www.opensecrets.org/ov... [opensecrets.org]

Actually it is close, and it's only in the most recent election that Republicans took the lead in fundraising. I expect this is largely driven by the general lack of progress on social issues and the outstanding progress towards a police state we have made.

Re:Wrong Koch

[Anonymous Coward]

The goodness of their philanthropy does not excuse their usurpation of the 'Democratic Republic', the USA. They are part of the reason the US is now a Corporate Oligarchy!

Re:

[johanw]

If you want to see what a healthy combination of as free as possible market and government protection for the underclass does, go visit northern Europe. Both fundamentalists views on the economy (pure communism and libertarianism) lead to disaster.

Re:

[Pieroxy]

Are you implying that northern Europe is a disaster? You should visit Greece and Sweden, you'll see a great difference.

Re:

[Sique]

Greece is actually an example of the "low taxes for rich people" approach, not for collectivism. In Greece, allowing rich people and property owners to avoid taxes brought the whole state in financial disarray while at the same time "trickle down" economics just didn't work.

From a taxation point of view, Greece is a libertarian heaven. Your point being?

Re:

[gordo3000]

really? considering almost all their money goes to support folks who push for exactly all those things, I think I'll be using revealed preferences to figure out what they really believe, rather than listening to the PR spin.

Re:

[Oligonicella]

Perhaps you would be so kind as to provide some links to evidence of said "revealed preferences" instead of just typing out talking point PR?

Re:

[gordo3000]

wait, you are so ignorant of the candidates the Koch brothers have supported in the last 3 election cycles you actually need someone to show you each candidate and their stance on the above policies? I am including the PAC money and which candidates it is deployed to support as well, of course.

Maybe you should actually start opening your eyes to what different candidates stand for. You seem to have fallen for the theory as compared to the political realities.

Here is what 3 minutes of searching did. Both

Math says "No"

[T.E.D.]

You mean donating $100 million to help build up a hospital in New York isn't morally a good thing? Another $100 Million for Cancer Research at MIT. Another $25 Million for Cancer Research at MD Anderson in Huston TX.

Those gifts were spread out over the last 8 years. The Average American gives about 3% of their income to charity yearly. The Koch's made about $10 Billion last year, so reach that standard, they would have had to give $300 Million last year alone. It only looks like they are giving a lot in absolute terms because they are so ridiculously wealthy.

The Koch's are hardly alone in being relative skinflints. The percentage of income given to charity actually rises [philanthropy.com] as income drops. For example, the most destitute zip in my town averages about 7.5% [philanthropy.com], while the richest gives less than 4% (yes, we are a generous state. Also a poor state). So if it is really charitable giving you care about (as your post seems to imply) then the best way to increase it is to find a way to move money away from the top end of our income distribution, and towards the bottom end.

Math.

Re:

[mister_playboy]

No, there are four brothers. The youngest two are twins.

Long story but interesting: http://www.motherjones.com/pol... [motherjones.com]

Re:Hal Finney

[cheesybagel]

Wrong. PGP was created by Phil Zimmermann and Hal Finney was the second developer they hired. GnuGP is an open-source reimplementation of the PGP standard written by Werner Koch.

Re:

[cheesybagel]

s/GnuGP/GnuPG/.

Re:Hal Finney

[anagama]

I know it is against the rules to RTFA, but sometimes it is worth it:

Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. ... The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.

In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.

Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.

As a side point, Stallman is endlessly criticized around here, laughed at, etc. But he inspired Koch to do something really important and that should be recognized a little bit. Obviously Koch deserves massive praise (and funding) because he did all the work, but it also struck me how important philosophical and moral principles can be in making the world a better place because they can inspire people to do the work.

Re:

[tigersha]

> Stallman is endlessly criticized around here, laughed at,

Have you ever seen him live? I have.

Besides, he is usually not laughed at here. That is the scary part.

Re:Hal Finney

[Andtalath]

He is a smelly hippy.
However, he is very intelligent and has a solid foundation for what he's saying.

So while he is somewhat ridicolous, he is also highly fascinating.

Re:

[sjames]

He is more likely to get money from the ducks I think.

Re:FOSS Funding

[bill_mcgonigle]

Can't he just sell support or something? Isn't there supposed to be viable funding models for FOSS projects?

He does sell support [g10code.com].

However, I suspect he's been offered many contracts and never knew about them:

Please do not send any attachments with ZIP files or any HTML in it. They are all silently discarded. Note, that this includes messages send as plain text plus HTML.

There is something I'd like to do with GPG that isn't a standard yet. I'll have to remember to scrutinize Thunderbird's settings before sending him a solicitation.

Re:

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thunderbird won't send HTML messages unless you configure it to do so. It's plain text by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlTUEuwACgkQnludVzJNqF3w5wCfRu8HX2sBa1lR/W6CS4gUao45
K7gAn22FGqPkAX2BH3s0PYa5JqTgM5vy
=H6cw
-----END PGP SIGNATURE-----

Re:

[CronoCloud]

Claws-mail defaults to plain text too...because it can't send HTML e-mail by design. It can display it just fine, but never sends it.

Also, I'm really tired of seeing the 'attachment' icon on pretty much every e-mail I get.

You would see the attachment icon if I sent an e-mail to you, I use PGP/MIME and sign all e-mail, the signature appears as an attachment.

Re:

[rdnetto]

Kmail defaults to plain text as well. In fact, a lot of its design seems to indicate that its authors use mailing lists quite heavily...

Koch might hire you with the new money

[raymorris]

Take another look, knowing that Koch now has funds to pay a decent writer.

Re:

[CronoCloud]

Remember that Werner's native language isn't English. I think the PDF version of the Documentation is fairly good. The HTML version...could use a bit more work on the navigation interface.

http://www.gpg4win.org/documen... [gpg4win.org]

Re:

[CronoCloud]

It's not that hard to use, there are GUI tools for gpg use on all platforms. Heck, I created my old key using GPA (gnu privacy assistant) a GUI interface to gnupg, since I couldn't get enough entropy on the command line. (As an aside, I created that key on a Playstation 2 Linux kit) I was/am no genius either. GPG4Win uses Kleopatra to interface with gpg, which is nice. Take a look at the PDF documentation on the gpg4win website

http://www.gpg4win.org/documen... [gpg4win.org]

Re:

[CronoCloud]

Maybe not an average user, but I had zero experience with Linux or GnuPG before that, and I figured out how to do it.

Re:

[armanox]

Except if you put it in systemd, then it becomes confined to Linux. Side note, GPG gets used across quite a few platforms (I see OS X, Windows, and VMS listed on the binaries page, and seems to be good on other Unix systems too), so it makes for a great utility for others to be able to use to verify whatever.

Re:

[armanox]

Interesting - I wonder why GNUTLS is a depedency (I'm building it from source on IRIX right now, no GNUTLS (currently built) on there). On the GPG website libksba is listed as optional, and npth is listed as 'you don't need it but probably want it'.

I'm all for replacing a lot of GNU software because of issues like that. Tying to build it manually ends up being a nightmare, because a lot of it depends on other GNU software they you may not want on there for various reasons.