I wouldn't make such a conclusion. I don't think there is any info about whether OP got financial incentives for his work or not. In fact, he posted on Mastodon, he's gonna be doing open source Rust work further on.
I could believe it, the timespan should be 1966-1976, so maybe in late 70s. I know a lot of automation software was being written in my Eastern European socialist country in assembly language around 1974. I think mostly for 6800-based chips like probably MOS 6502.
I’m not sure I completely agree here. For private use, this seems fine. However, this isn’t how email encryption is typically implemented in an enterprise environment. It’s usually handled at the mail gateway rather than on a per-user basis. Enterprises also ensure that the receiving side supports email encryption as well.
Your mail either needs to be encrypted reliably against real adversaries or it doesn't. A private emailing circle doesn't change that. If the idea here is, a private group of friends can just agree never to put anything in their subjects, or to accidentally send unencrypted replies, I'll just say I ran just such a private circle at Matasano, where we used encrypted mail to communicate about security assessment projects, and unencrypted replies happened.
> Your mail either needs to be encrypted reliably against real adversaries or it doesn't.
It is, GPG take care of that.
> If the idea here is, a private group of friends can just agree never to put anything in their subjects, or to accidentally send unencrypted replies
That’s not what I’m talking about. It’s an enterprise - you cannot send non-encrypted emails from your work mail account, the gateway takes care of it. It has many rules, including such based on the sender and recipient.
Surely, someone can print the mail and carry it out of the company’s premises, but at this point it’s intentional and the cat’s already out of the bag.
If you're relying on a trusted gateway, you don't need any of this; just do TLS to the gateway to exchange messages. This is how 95% of corporate "secure email" systems work.
But you don't know how many SMTP relays the recipient has and if they are all secured. E2E encryption, be it via GPG or x.509/SMIME, is still good in that case.
Can you give an example of an email provider or technology that’s doing GPG or SMIME at the gateway? I’ve never seen that configuration and it doesn’t seem like it would make sense.
Either it’s just theatre, encrypting emails internally and then stripping it when they’re delivered, or you still need every recipient to be managing their own keys anyways to be able to decrypt/validate what they’re reading.
I will not name it, but I worked on such product for some time. In fact it is still being sold, maybe 3rd decade already.
> you still need every recipient to be managing their own keys anyways to be able to decrypt/validate what they’re reading.
Nope, that is handled at the gateway on the receiving side.
edit: Again, the major point here is to ensure no plain text email gets relayed. TLS does not guarantee that plain text email doesn't get relayed by a wrongly configured relay on its route.
There's like one or two use cases where encrypting email could work. The best case I've come across--Bugzilla has the ability to let the user upload a public key to encrypt emails for updates to non-public bugs. It's not a big use case--pretty much the intersection of "must use email" and "can establish identity out of band," which does not describe most communication that uses email. (As tptacek notes in a sibling comment, you pretty much have to limit this to one-and-done stuff too, not anything that's going to be in an ongoing discussion, because leaks via unencrypted replies are basically guaranteed).
Even my doctor's office and local government agencies support PGP encrypted emails, and refuse to send personal data via unencrypted email, but tech nerds still claim no one can use it?
Also there are a lot of special clickable actions (mentioned in the FAQ > About section, or just keep clicking until you find something, there are 20+ special actions).
> For security reasons (and to protect the PII of all our users and customers), everything was being shredded and/or destroyed. Nothing was being kept.
Wow! That’d sure be some waste of disk drives and memory. Do they destroy it themselves or some contractor does this?
I don't like it. Giving away or selling the components for free would have been better than just throwing it at the dump. I appreciate the PII concerns, but these days disks have built-in sanitation procedures, as part of an industry-wide program to reduce waste.
And if you throw away memory for PII concerns, that would be beyond crazy.
> Would be a shame if someone with too much time on their hands dug into the binary and added a few zeroes to the message limit
Can this be done via some binary-patch tool? Really curious. It would save recompile efforts.
edit: link
edit 2: I just realized, their Ubuntu repository only contains the Enterprise edition labeled "Free edition". This is really confusing. I does look like entishitification has started long ago: https://docs.mattermost.com/deployment-guide/server/deploy-l...
It seems like the Team edition has a bunch of other limitations, but it's hard to tell from how convoluted and incomplete Mattermost's various comparison pages are.
I personally find it less toxic than Xitter and that’s good. Less drama, lots of politics - which is probably normal at the moment but kind of annoying. Certain bubbles like gamedev are big. I think bsky is here to stay.
> as the European Union (and former EU states like the UK) are transparently run like banana republics whose barely-elected bureaucrats run them like their own little ramshackle empire for their personal enrichment
Bold Statement. I wonder though, could you offer examples of places in the world today where it is being done otherwise?
https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d...
reply