GPG Programmer Werner Koch Is Running Out of Money

New submitter jasonridesabike writes "ProPublica reports that Werner Koch, the man behind GPG, is in financial straits: "The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive. Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded." (You can donate to the project here..)

A personal appeal

from GPG founder Werner Koch

Latest update

From the linked article:

Update, Feb. 5, 2015, 5:55 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations have also poured into Werner Koch's website donation page to the tune of nearly $50,000 so far.

Re:Latest update

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well that's good to hear.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlTUChMACgkQnludVzJNqF2p2ACdFew+WZRFx3tgIWLSizrfZuc/
k1EAoK35K6UURyN3CXW5eUEP4bVas9BP
=UQA4
-----END PGP SIGNATURE-----

Re:Latest update

[gwolf]

You should really update your key. A 1024D key with a SHA1 primary signing algorithm is no longer considered safe.

(Data point: We did quite a work in Debian to migrate to 2048R with SHA256)

Re:Latest update

[chihowa]

It's funny that you should mention that. Werner Koch still uses a 1024D key for email. In fact, nearly everyone at g10code.com either has no key listed or uses 1024D. Most of the people involved in the development of GnuPG use ancient 1042D keys.

It's not just GnuPG, though. Phil Zimmermann only uses 1024D.

Perhaps there's something we're missing?

Re:Latest update

[gwolf]

Interesting thing you mention. Well, our migration was prompted by some theoretical advances; if you look at our slides at DebConf14 you will see some references to papers presented at the EuroCrypt 2012 conference talking about the relative strengths of different keys.

I don't contest that Zimmerman and Koch know how to communicate securely and what it takes, but maybe we are talking about a different threat model. One thing is identity assurance just for the sake of identity assurance, but in Debian we use it as a core infrastructural part: Get hold of my GPG key, and you have potential root access to thousands of computers. Of course, there are human checks in place, and it's quite unlikely you'd get away with yours... But it's possible.

Re:Latest update

[CronoCloud]

Done, thanks for the reminder.

Re:Latest update

[Frobnicator]

I don't contest that Zimmerman and Koch know how to communicate securely and what it takes, but maybe we are talking about a different threat model. One thing is identity assurance just for the sake of identity assurance, but in Debian we use it as a core infrastructural part: Get hold of my GPG key, and you have potential root access to thousands of computers.

Holy Hell, I hope you mistyped something!

It is 2015. If you've got a single password (your private key) with root access to that many machines, something is terribly wrong over at Debian.

For THOUSANDS OF MACHINES let me introduce you to the concept of a key vault. You start with your two-factor credentials to the vault, check out temporary credentials for the individual machine's keys or services you need, and use them for the day.

Do not allow your single private key -- no matter how many bits long it is -- to have root access to thousands of machines.

Re:Latest update

[iluvcapra]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use GnuPG to secure some archival things in the cloud.

I'd consider giving some money to it if it was actually usable for its first and
most important function, namely, securing emails. It works perfectly, but it's
deployment is utterly lacking, no major vendors have gotten far enough behind it to
enable it by default, and even knowledgable users don't do something as simple as
sign their emails, to at least advertise to others that they have a key.

Also I live in LA, I can see ICANN from my office window, and there are basically no
opportunities to get your key signed. GPG has no community.

These aren't technical problems with GPG, they're problems with how it's marketed
and how it's positioned in platforms. In my opinion, GnuPG needs users a lot more
than it might need $60k in emergency funds. Get the users and the funding will likely
be obviated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: GPGTools - http://gpgtools.org/

iEYEARECAAYFAlTUP/sACgkQdILWxHwGqZcRfwCcDco8z5LG0gS2JR7LvifOEE1U
eJUAn1ZbFlj9V7t/Es380X6tEen5RBWs
=TrGp
-----END PGP SIGNATURE-----

Re:Latest update

you can put your pubkey on Slashdot, text entry field at the very bottom: https://slashdot.org/users.pl?...

Re:Latest update

[stoborrobots]

I assume he means that his GPG key is used to sign packages which get loaded to the Debian repository, which you could potentially use to upload a package with a root-executed file in it...

Re:Latest update

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 You're right in that gnupg needs people and groups to get behind it. I started using Linux in 2002 and didn't start using gnupg till 2007. While part of the reason was that I had been using an e-mail client without built in gpg support, another part was I didn't know much about it. I might not have even realized I already had it installed. I do sign e-mail, and I do have my pubkey here on Slashdot and the keyservers. And sometimes, in threads related to e-mail security or pgp/gnupg, I'll even post a signed comment -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJU1FBQAAoJEGgrLreJLenh5HkIANWxqtMDYvF87o9K7qy18oSt 7NylbnZWEOL4NrJ0Uypttm6mRskLOIZCx5/MyGSU2hFwvRvMwsAOcBCoxHLMIoUY v4riY90LnvnKvB4uEVBPKiiUD1HpVsmysLyihCQnXzrwUOIzPk0QiVEdvOGf6unc jm14zTkINsfFUjKxt1YInOQbuDL6Gb8OAiFyEIfjUQ+4cZqlZym0/a70L1HOXJSI rWgYH6LiFMjJ2c5DLmDJHkCOBrAyXk7qSBhFRPO7PopM6oM1RL1UElIYP1qB/4zw G+O2dIhZrTcbwhLXQW1Yf2Oal6tpRNnzGCBqWf3BTlCyw1EjJMbDuLKk1ZFsEQA= =32VS -----END PGP SIGNATURE-----

Re:Latest update

[swillden]

Holy Hell, I hope you mistyped something!

He didn't, and he's right, and there's nothing wrong with what he's doing.

The key in question isn't a login authentication credential used to access large numbers of machines. It's the key used by Debian systems to verify that they trust software packages from Debian. Note that all Debian software packages are installed as root, and run scripts as root during the installation process. Many Debian software packages include binary code that is run as root during normal usage.

This means that an attacker with the signing key and access to the download servers can create packages that run whatever code he likes on every machine that installs them, as root. If he picks packages that every running Debian system has to have, he can control all well-maintained machines within a few days. That would be hundreds of thousands, maybe millions, of machines, not thousands.

Re:Latest update

[El_Muerte_TDS]

Additional update (from the article):

Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project

Re:Latest update

[dryeo]

You want a key that is close but not impossible to break. How else can you feed the right information to others?

Re:Latest update

[drinkypoo]

Perhaps there's something we're missing?

What you're missing is that if these people wanted to communicate securely, they wouldn't want you to know about it, and they wouldn't be dumb enough to use a key which is associated with their known identity by the world.

Re:Latest update

[drinkypoo]

What harm would come from knowing that the inventor of PGP uses PGP?

You're not too into this whole computer security thing, are you?

Re:Latest update

[Talderas]

So basically.... the Linux Foundation gave him $60,000 to keep working on the project and told him to shut up and not disclose it until after the pity article to trick people into donating when they otherwise wouldn't have.

Re:Latest update

[gwolf]

Holy Hell, I hope you mistyped something!

It is 2015. If you've got a single password (your private key) with root access to that many machines, something is terribly wrong over at Debian.

Others have replied, but I think I should do so as well: Yes, we don't use a PGP key to log in to thousands of machines, but we use it to validate package uploads that enter the archive. If I sign+upload a malicious binary package, it's just a matter of time until it reaches users.

Of course, there are some caveats: First, I must convince users to use my package. This is, my malicious code should not go in a very uninteresting package, it would go to one that I know that has many users. But, second, it should not attract too much attention, as others would likely find my backdoor. Say, if I wanted to reach maximum number of machines, I could update an "Essential" package, such as base-files. But first, the package is not mine (so my friend Santiago, the package maintainer, would jump at the unexpected upload). And it does not get updates often, so others would probably debdiff it and uncover my betrayal. And third, that would make my malicious package enter the unstable distribution. Were I looking for a real foothold on a large amount of computers, I'd have to wait probably around two years until it reaches a stable release.

That's why I said "thousands" and not "millions" :-)

Re:Latest update

[polymeris]

Pardon the ignorance, but how complex is a library like GPG? How come he still needs to dedicate himself fulltime to it, after almost 20 years? I would have thought, by now, you wouldn't need more than the occasional bug-fix or maybe port to new language standards.

Re:Latest update

[CronoCloud]

The inline signatures are smaller if you use SHA1, which is not recommended as that Debian fellow stated. Then Slashdot doesn't mess up the formatting, my previous post is butt ugly because I had to switch to HTML formatting to actually post the thing.

If you're using gpg in e-mail you use MIME so it's not an issue.

Re:Wrong Koch

That guy sucks. I will give him money when he gives me that back door I've been asking for.

Open Source

Open source software is generally accompanied with the idea that it should be given away, although the two aspects are technical unrelated.

Often the people behind it end up underfunded with only the occasional VC passing by raking it in.

Such is life in the give-away world!

No, he's not

[Ydna]

Looking at the list of donors page, it has this curious summary:

In 2015 we received 2535 donations of 87299 € .
In this year we received 2826 donations of 97255 € .

I'm not sure how to read that as this year is 2015. But if this is all for one person, they don't seem to be hurting for funds now.

Re:No, he's not

[Rinikusu]

Sub taxes, sub equipment, for a one man operation he could certainly be doing better in the private industry pushing dick pills and dick pics.

Re:No, he's not

To be fair, this hit reddit about 8 hours ago, and the funding has been rolling in since. Still, if you've ever used GPG, kick the guy a few dollars. It's pretty likely that this influx of money is going to be a very short term thing, and it would be nice if development costs were covered for at least another few years.

Re:No, he's not

[geantvert]

I suspect that the first line is for the donations they were effectively received and the second shows all pledges.

Re:No, he's not

[Negatif]

The article was published earlier today - it looks like a lot of donations have come in after that.

Re:No, he's not

[pz]

And subtract retirement, and insurance payments, etc., after all that, no one is going to get rich on EUR 90K per year. Not going to starve, but not going to get rich, either.

To present some perspective, as an employer in the US (yes, I realize things are probably different in Germany), if my personnel budget is USD 90K, that means my employee is getting only USD 61K in salary. The rest goes to various overheads that I pay to support the position.

Re:No, he's not

[i.r.id10t]

And then the employee usually has to pay *more* direct from his/her check, both taxes and things like insurance

Re:No, he's not

[sg_oneill]

Yep, and $90K for an experienced programmer is a steal. Back in my consulting days i could easily clock $200K a year.

For some reason I stopped. No idea why,

Re:No, he's not

[houghi]

In Belgium, a company that has an FTE cost of 90K means that the emplyee will get also around 60K as salary, which means around 30K-40K in his pocket to spend.

Salaries are mostly calculated per month and you normaly have to device by 13.78, (13th month and payed holiday) so that makes a pay of around 2500EUR per month. (what he sees on his paycheck). The average is 3100 EUR. I excluded Brussels as that is not representative.

So in Belgium he would also not starve, but also easily get a job that pays more.

And this is just the taxes, so no infra structure cost. It will include insurance and most likely100% public transport or mileage for 50% for car usage to and from work.

Re:No, he's not

[geantvert]

You are probably right.

Re:No, he's not

[Ginger+Unicorn]

Running out of money and not getting rich are two different things. If you're on 90k euro a year and you're running out of money, you need to reevaluate your expenditure. I consider myself running out of money when i can only afford a 2.50GBP ready meal instead of spending 4 pounds on a proper meal.

Re:No, he's not

[HnT]

You cannot compare being an employer in the US to being an independent contractor with one employee in Germany. Things are very, VERY different here in terms of insurances and retirement. To give you just one example, the usual figure thrown around by workers in the US is to have at least 1 or 2 million for retirement. This is a figure absolutely no regular European employee will ever lay aside in all their working years unless they have a 1%er position.

90k Euros a year even as a contractor and after taxes and insurances translates to netting roughly 40k-50k Euros in a country where the estimated net salary is 2k a month and many, many people have to make do with significantly less than that. I would say average rent is somewhere between 500 and 800 a month not accounting for utilities.

Programmer median salary is 42k a year, senior developer median is 55k. Employees also give up almost half their pay for insurances, taxes etc.

You do the math. 90k a year is pretty great in Germany and definitely in the top 10% or 5%.

Re:No, he's not

[jittles]

Looking at the list of donors page, it has this curious summary:

In 2015 we received 2535 donations of 87299 € . In this year we received 2826 donations of 97255 € .

I'm not sure how to read that as this year is 2015. But if this is all for one person, they don't seem to be hurting for funds now.

My guess is that one is a list of donations for the proceeding 12 months while the other is just for the 2015 calendar year. This would mean that he received almost no donations in the 2014 time period.

Re:No, he's not

[usuallylost]

In the article it says he is looking to pay himself a reasonable salary and to hire one additional full time programmer to assist with the development. Basically he wants to get back to the situation he had pre 2012 before his funding ran out and he had to lay off his staff. It sounds like after this he probably is OK for the time being. Though he is going to need to maintain similar levels of funding going forward if he is going to be able to hire staff.

It seems to me that the more interesting question is how many of the other important open source projects are in the same position? Is there a better way to fund them? I mean this guy made his funding goals by getting the media to talk about the situation back in December. That doesn’t seem like a sustainable model.

Re:No, he's not

[johnnys]

What he said. GPG is a very useful tool. I've used it for a while so I kicked in some money.

Re:No, he's not

[Oligonicella]

Is this a nerd version of an SJW? You're not ____ , therefore you don't understand ____ and must not speak or question?

Nawh. You're a troll. Bet you're the same guy who says "Music should be free! Artists should do tours to make their money."

Re:No, he's not

[Talderas]

It's either this year (2015) in which cast the number of donations increased by just under 300 over these first 6 days of February. If it's this year (past 365 days) then it means that over the past year, excluding January, there were a bit under 300 donations totalling to just under 10,000.

Re:No, he's not

[Enigma2175]

PGP has brought incredible value to people, and thus its inventor should be rewarded properly.

However, this person is not the inventor of PGP, Phil Zimmermann is. Koch just wrote an open source program that complies with the OpenPGP RFC. This is certainly valuable and I do think that the community receives sufficient benefit from this program to support it financially, but Koch isn't an inventor, he is a programmer that implemented a public standard.

Re:Hal Finney

[cheesybagel]

Wrong. PGP was created by Phil Zimmermann and Hal Finney was the second developer they hired. GnuGP is an open-source reimplementation of the PGP standard written by Werner Koch.

Re:Werner *Koch*

[sjames]

He is more likely to get money from the ducks I think.

Re:Hal Finney

[cheesybagel]

s/GnuGP/GnuPG/.

Re:FOSS Funding

[bill_mcgonigle]

Can't he just sell support or something? Isn't there supposed to be viable funding models for FOSS projects?

He does sell support.

However, I suspect he's been offered many contracts and never knew about them:

Please do not send any attachments with ZIP files or any HTML in it. They are all silently discarded. Note, that this includes messages send as plain text plus HTML.

There is something I'd like to do with GPG that isn't a standard yet. I'll have to remember to scrutinize Thunderbird's settings before sending him a solicitation.

dear werner, please finish the damn thing

Michelangelo finished the pieta in 2 years. You've had 18!! Look, it's good stuff, and you could probably milk this till retirement. Even Michelangelo realized finally that if he took one more swing at his sculpture, he'd have detracted from it.
You keep this up, you're gonna turn out just like that Torvalds kid.

Re:Wrong Koch

[bobbied]

Too bad, I know of two of his relatives who have more money then they know what is morally correct to do with.

You mean donating $100 million to help build up a hospital in New York isn't morally a good thing?

http://freebeacon.com/blog/koch-brother-donates-money-to-hospital-liberals-protest-not-a-parody/

Another $100 Million for Cancer Research at MIT.

Another $25 Million for Cancer Research at MD Anderson in Huston TX.

Then there are donations to the Arts, National Museums and believe it or not *environmental* projects which are on record...

Yea, these Koch brother guys are the surge of the earth all right, spending all that money on such bad things...

Re:FOSS Funding

[CronoCloud]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thunderbird won't send HTML messages unless you configure it to do so. It's plain text by default.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlTUEuwACgkQnludVzJNqF3w5wCfRu8HX2sBa1lR/W6CS4gUao45
K7gAn22FGqPkAX2BH3s0PYa5JqTgM5vy
=H6cw
-----END PGP SIGNATURE-----

Donor List = Watch List?

[turkeydance]

like...really, really watch very closely.

Perhaps he should make his software easier to use.

[bhspencer]

Like so many encryption schemes it is still too difficult for the man in the street.

Koch might hire you with the new money

[raymorris]

Take another look, knowing that Koch now has funds to pay a decent writer.

Re:Wrong Koch

[riverat1]

They also gave money to the Berkeley Earth project. That one didn't quite turn out like they wanted.

They also tried to give money to the Florida State University Economics Department with some provisos:

First, the curriculum it funded must align with the libertarian, deregulatory economic philosophy of Charles Koch. Second, the Charles Koch Foundation would at least partially control which faculty members Florida State University hired. And third, Bruce Benson, a prominent libertarian economic theorist and Florida State University economics department chairman, must stay on another three years as department chairman — even though he told his wife he’d step down in 2009 after one three-year term.

So much for academic freedom.

Uhhhh

[Sycraft-fu]

You realize even taking taxes in to account, most people make a lot less than that and do just fine, right? When you see income reported, it is normally pretax. If you think most people are making more than 90,000 Euro a year, you are really out of touch. That's a lot of damn money, in any country, enough to live well. You aren't rich, but you are doing just fine.

Re:Uhhhh

[CRC'99]

I hate to say it - but most people who do OSS work for the masses don't get paid for it.

I do packaging for Xen used from hobby users through to Disney - yet I get about $400AUD per year in donations. I also have to go buy my own test hardware (I need UEFI kit atm!).

I understand exactly what Werner means and the challenges faced - but I too don't see a solution for this. OSS has been linked for too long as a 'free solution' - which means nobody puts a currency value on the software and services that are made available to the world. I think its the mental relationship of OSS being 'free' causes it. Nobody blinks an eye to pay $100 for a Windows license - yet go for a $10 donation to an OSS project and people lose their minds...

Re:Uhhhh

[MightyYar]

Who is talking about "most people"? This guy seems to have a pretty interesting skill set - it is conceivable that he could do much better applying it to something more lucrative.

Re:Uhhhh

[gnasher719]

You realize even taking taxes in to account, most people make a lot less than that and do just fine, right?

On the other hand, why would someone creating important software that everyone wants to use, be content with "making a lot less and doing just fine"?

The guy can just give up what he is doing right now and get a better paying job, with no stress trying to get money every year.

Re:Uhhhh

[Kjella]

It's more than taxes, for example here in Norway I have 100% sick leave pay from day 1. As self-employed you get 0% for days 1-14 and 65% of some average of past income for day 15-365, if you want more you need expensive insurance. You have to pay your own pension fund. The rule of thumb is usually that that an employee COSTs almost 2x salary all in all.

Re:Uhhhh

[ACE209]

That Angela "Marktkonforme Demokratie" Merkel is communist, is news to me.

Re:Uhhhh

[MightyYar]

Are you looking for a pedantic argument? I'm not really interested in that. It's pretty clear that they guy is not happy with the current financial situation (which has since been relieved, apparently).

Re:Uhhhh

[MightyYar]

It sounds like the funding came in after his plea, so I can't really fault him. The strategy worked, apparently.

Re:Wrong Koch

Correct, their donations have no moral basis; they are only doing this because one of them had cancer and they are hoping to ensure their own survival. Gates on the other hand is fighting malaria and other diseases that are of moral concern because people don't need to worry about them.

Re:Wrong Koch

As someone who has spent a lot of time working around Ph.D. academics, let me clue you in. EVERY US university of any appreciable size whores itself out like this to some collection of rich benefactors/organizations. Mainly because half of the degrees it awards are outright worthless for a career (hard to get alumni donations from the Literature major that has spent the past 10 years since graduation working their way up to local Starbucks manager, or worse, gotten a humanities Ph.D.) and the other half are for jobs that congress and corporations can't outsource fast enough.

Most American universities have long since ceased being about education, and are now primarily indoctrination camps spreading the propaganda and ideology of the highest bidder.

Re:Wrong Koch

[macsimcon]

Right, and all those donations don’t even add up to a fraction of the nearly $1B they plan on spending to influence the 2016 election.

If a Nazi donated $100 to a soup kitchen, does that forgive Auschwitz? And don’t lecture me on Godwin!

Ah hell why not

[gatkinso]

20 euro for you

Re:Ah hell why not

[gatkinso]

Now get back to work, you.

Re:Wrong Koch

The goodness of their philanthropy does not excuse their usurpation of the 'Democratic Republic', the USA. They are part of the reason the US is now a Corporate Oligarchy!

Re:Wrong Koch

[WarSpiteX]

Dude, you're posting on Slasbergers with people who read The Fountainhead as teenagers and it totally blew their minds, and been assburgers types they can't grow out of the mindset.

Re:Wrong Koch

I love how everyone claims to have a monopoly on morality.

Phil Zimmerman

[fred911]

How soon we forget someone who stood up. Someone who should be honored for his contributions to free speech, expression and privacy,

  Besides, isn't PGP Snowden used?

Re:Wrong Koch

[epine]

Dude, you're posting on Slasbergers with people who read The Fountainhead as teenagers and it totally blew their minds, and been assburgers types they can't grow out of the mindset.

Funny, in my experience it's the people who aren't blessed with Asperger's syndrome who are particularly prone to pontificate on the basis of choir-pleasing ass-pluck.

Perhaps we should really rename it obsessive factual reality disorder.

Furthermore, a great many people who read The Fountainhead at a young age and found it mind blowing went into politics. How I wish more of these people had enough Asperchlorians in their bloodstream to balance their own chequebooks.

Re:Wrong Koch

Got a source on that? I'd like to cite it to a few people.

Re:usability

[CronoCloud]

Remember that Werner's native language isn't English. I think the PDF version of the Documentation is fairly good. The HTML version...could use a bit more work on the navigation interface.

http://www.gpg4win.org/documen...

Re:Perhaps he should make his software easier to u

[CronoCloud]

It's not that hard to use, there are GUI tools for gpg use on all platforms. Heck, I created my old key using GPA (gnu privacy assistant) a GUI interface to gnupg, since I couldn't get enough entropy on the command line. (As an aside, I created that key on a Playstation 2 Linux kit) I was/am no genius either. GPG4Win uses Kleopatra to interface with gpg, which is nice. Take a look at the PDF documentation on the gpg4win website

http://www.gpg4win.org/documen...

Re:Wrong Koch

[CronoCloud]

You forgot the friendly closing:

Sincerely, The NSA

That would have made it slightly funnier.

Re:Wrong Koch

[zapadnik]

Actually it is Billionaires like Warren Buffet, Bill Gates, Thomas Steyer, and the Wall Street cronies who are all Democratic Party donors because the the Democratic Party has no problem with using political control over the economy. The Establishment Republicans are bad, but at least have a veneer of Free Market principles (which means, citizens free from Government interference, which is what this is really about).

The Tea Partiers are the only real ones in the US who oppose the revolving door of cronyism and government corporatism. Of course, the media doesn't want you to know this, which is why so many Slashdotters get in a lather based on propaganda rather than listening to the economic arguments of the Tea Partiers, Thomas Sowell, Milton Friedman, etc who all oppose the distortion of the marketplace that Government brings, with the distortion of the political space that corporatism (which is only possible through Big Government) brings.

The only solution is Limited Government. A Limited Government can't hurt its citizens, can't fund massive deficits and can't enable cronyism. This is what the US Founding Fathers wanted, and why the Tea Party was actually formed (most Slashdotters believe the Tea Party is what the Extreme Left says they are, and confuses prudent fiscal conservatism with social conservatism when they are not the same at all).

Re: Wrong Koch

[macsimcon]

Another right-wing canard to debunk. Oh well here goes...

For every Soros who is spending money to promote "collectivism" (code used by Ayn Rand-loving sociopathic troglodytes who haven't had a date this century) , there are ten or more Adelsons and Kochs promoting their fascism. It isn't even close dude.

I think it's great that the Koch brothers give to charity, but at those levels, it's like someone who earns $40K per year giving $100 in total to charity each year. Not exactly a sacrifice.

It's even worse because that worker earning $40K per year can't pay for all of their necessities for life on that salary, where the Kochs have already paid for everything they'll ever need.

Re:Hal Finney

[anagama]

I know it is against the rules to RTFA, but sometimes it is worth it:

Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet. ... The U.S. government subsequently investigated Zimmermann for violating arms trafficking laws because high-powered encryption was subject to export restrictions.

In 1997, Koch attended a talk by free software evangelist Richard Stallman, who was visiting Germany. Stallman urged the crowd to write their own version of PGP. "We can't export it, but if you write it, we can import it," he said.

Inspired, Koch decided to try. "I figured I can do it," he recalled. He had some time between consulting projects. Within a few months, he released an initial version of the software he called Gnu Privacy Guard, a play on PGP and an homage to Stallman's free Gnu operating system.

As a side point, Stallman is endlessly criticized around here, laughed at, etc. But he inspired Koch to do something really important and that should be recognized a little bit. Obviously Koch deserves massive praise (and funding) because he did all the work, but it also struck me how important philosophical and moral principles can be in making the world a better place because they can inspire people to do the work.

Re:A better place for it

[armanox]

Except if you put it in systemd, then it becomes confined to Linux. Side note, GPG gets used across quite a few platforms (I see OS X, Windows, and VMS listed on the binaries page, and seems to be good on other Unix systems too), so it makes for a great utility for others to be able to use to verify whatever.

Re: Wrong Koch

http://www.washingtonpost.com/blogs/right-turn/wp/2014/03/27/democrats-funded-by-billionaires-complain-about-republicans-funded-by-billionaires/

"But if it’s all that terrible to take billionaires’ money then the Democratic candidates and the Senate Majority PAC should give back their billionaires’ cash"

http://www.realclearpolitics.com/articles/2014/04/08/the_lefts_billionaire_outsider_hypocrisy_122196.html

"Who are the Senate Majority PAC’s biggest donors? They include out-of-state billionaires like Hollywood bigwig Steven Spielberg, music mogul David Geffen and former New York City Mayor Michael Bloomberg. “Mayor Mike” donated $2.5 million to the group earlier this year. According to the Center for Responsive Politics, the group’s donor list isn’t short on moneymen funding races in states they don’t live in."

Pot... meet kettle.

Re:Wrong Koch

No, sorry. I promise it's true though. I read it on a Slashdot comment.

Me too!

[dark.nebulae]

I'm running out of money too, if anyone wants to send some to me that would be great!

- Bill Gates

S/MIME called .. it wants it's something something

[ModernGeek]

I switched to S/MIME because of the easy ability to have a third party sign your key, and the recipients recognize it; utilizing a similar web of trust that we use for SSL. Sure it isn't perfect, but it's a good platform. All the major mail clients support it as well. Unless you're really worried about privacy, it's good enough.

However, I feel it's the duty of large corporations that profit from the efforts of men like Werner Koch to hire, retain, and support these people, and allow them to freely continue their research. If not through employment, then through grants.

<joke>I guess he shouldn't have sold all his Radio Shack stock</joke>

Re:Wrong Koch

[I'm+New+Around+Here]

Asperchlorians

My new favorite fake word.

Not to unseat my favorite real word: quintessential.

Re:Wrong Koch

[crispytwo]

Asperchlorians

take note: coined today!

#loveit

Patreon?

[aklinux]

Interested users could even set up regular donations.

Re:Hal Finney

[tigersha]

> Stallman is endlessly criticized around here, laughed at,

Have you ever seen him live? I have.

Besides, he is usually not laughed at here. That is the scary part.

Re:Wrong Koch

[Andtalath]

Assburgers is often used as a means of indicating that someone does not in fact have Aspergers Syndrome, but is merely acting like an ass.

Re:Hal Finney

[Andtalath]

He is a smelly hippy.
However, he is very intelligent and has a solid foundation for what he's saying.

So while he is somewhat ridicolous, he is also highly fascinating.

Re:Wrong Koch

[johanw]

If you want to see what a healthy combination of as free as possible market and government protection for the underclass does, go visit northern Europe. Both fundamentalists views on the economy (pure communism and libertarianism) lead to disaster.

Re:Wrong Koch

[Sique]

Greece is actually an example of the "low taxes for rich people" approach, not for collectivism. In Greece, allowing rich people and property owners to avoid taxes brought the whole state in financial disarray while at the same time "trickle down" economics just didn't work.

From a taxation point of view, Greece is a libertarian heaven. Your point being?

Re:Wrong Koch

[Hognoxious]

No, Captain Obvious, because we already knew what he meant.

Re:Wrong Koch

[mister_playboy]

No, there are four brothers. The youngest two are twins.

Long story but interesting: http://www.motherjones.com/pol...

Do not mix up FOSS and running a business so fast!

[HnT]

Note this part of TFA:

For almost two years, Koch continued to pay his programmer in the hope that he could find more funding.

So he is also a business owner making bad decisions and pays employees doing programming for him. Are FOSS projects not usually run by not financially dependent-on-each-other volunteers and on code submissions? It seems to me GPG has failed to establish something other projects have successfully done: a tightly knit community in which the whole project does not rest on the shoulders of one man alone. It seems Mr. Koch was trucking along on government funding alone and had no other source of income, this feels like another bad decision to me. This whole project feels like a very strange mixture of FOSS and running a business based on it while expecting to be paid as if it was a closed source, shareware program.

By all means, he deserves all the donations he can get but maybe it is high time to take a step back and look at how some things might have been run badly and how to improve on that.

Re:Wrong Koch

[Pieroxy]

Are you implying that northern Europe is a disaster? You should visit Greece and Sweden, you'll see a great difference.

Re:Wrong Koch

[gordo3000]

really? considering almost all their money goes to support folks who push for exactly all those things, I think I'll be using revealed preferences to figure out what they really believe, rather than listening to the PR spin.

Yes they are

"The Koch brothers are not literal fascists;"

Yes they are.

You may be thinking they aren't literal *NAZI*s, which may be (probably is) true, but go look up the definition of facist, and Kochs are facists, literally. Or do you not know what literally means?

I gave him $10USD, who the fuck cares?

[EmagGeek]

I gave the guy $10. I doubt the NSA gives a shit who donates money.

Fact is people use his software to help blow the whistle on tyranny and oppression all around the world. Regardless of what you think of him, his business practices, or even if you're retarded enough to think he has something to do with the Brothers Koch, the fact remains that keeping these tools alive to further the cause is more important than your petty political or armchair-MBA opinions.

community to the rescue

[hammarlund]

This story should be marked as SOLVED! http://news.softpedia.com/news...

Re:Hal Finney

So really we should be paying him instead of this Koch character then. Sounds like this prick is trying to steal Stallman's thunder.

Math says "No"

[T.E.D.]

You mean donating $100 million to help build up a hospital in New York isn't morally a good thing? Another $100 Million for Cancer Research at MIT. Another $25 Million for Cancer Research at MD Anderson in Huston TX.

Those gifts were spread out over the last 8 years. The Average American gives about 3% of their income to charity yearly. The Koch's made about $10 Billion last year, so reach that standard, they would have had to give $300 Million last year alone. It only looks like they are giving a lot in absolute terms because they are so ridiculously wealthy.

The Koch's are hardly alone in being relative skinflints. The percentage of income given to charity actually rises as income drops. For example, the most destitute zip in my town averages about 7.5%, while the richest gives less than 4% (yes, we are a generous state. Also a poor state). So if it is really charitable giving you care about (as your post seems to imply) then the best way to increase it is to find a way to move money away from the top end of our income distribution, and towards the bottom end.

Math.

Re:Wrong Koch

[Oligonicella]

Love it. Two AC's assigning themselves authority. Each contradicting the other. Neither providing a jot of sourcing. Probably both the same guy.

Re:Wrong Koch

[Oligonicella]

Perhaps you would be so kind as to provide some links to evidence of said "revealed preferences" instead of just typing out talking point PR?

Re:Wrong Koch

[Whorhay]

I'm not a fan of the Koch brothers but no one is all evil or all goodness and light. I disagree with the Koch's political spending, but we can still acknowledge the good some of their charitable giving does. As a parent of small children I've noticed that focusing solely on the negative behaviours does nothing to prevent it, while a more balanced approach seems to get better results.

Re: Wrong Koch

[Shatrat]

It isn't even close dude.

https://www.opensecrets.org/ov...

Actually it is close, and it's only in the most recent election that Republicans took the lead in fundraising. I expect this is largely driven by the general lack of progress on social issues and the outstanding progress towards a police state we have made.

Re:Wrong Koch

[oldmac31310]

Gates is only doing this in case he contracts malaria!

Re:Perhaps he should make his software easier to u

[CronoCloud]

Maybe not an average user, but I had zero experience with Linux or GnuPG before that, and I figured out how to do it.

Re:FOSS Funding

[CronoCloud]

Claws-mail defaults to plain text too...because it can't send HTML e-mail by design. It can display it just fine, but never sends it.

Also, I'm really tired of seeing the 'attachment' icon on pretty much every e-mail I get.

You would see the attachment icon if I sent an e-mail to you, I use PGP/MIME and sign all e-mail, the signature appears as an attachment.

Re:Wrong Koch

[gordo3000]

wait, you are so ignorant of the candidates the Koch brothers have supported in the last 3 election cycles you actually need someone to show you each candidate and their stance on the above policies? I am including the PAC money and which candidates it is deployed to support as well, of course.

Maybe you should actually start opening your eyes to what different candidates stand for. You seem to have fallen for the theory as compared to the political realities.

Here is what 3 minutes of searching did. Both Tom Cotton and Joni Ernst have said the Koch brothers funding was instrumental in getting them elected.

Both supported and continue to support the wars in Afghanistan and Iraq
Both are strongly against gay marriage

But if you have a list of candidates who were well supported by the Koch political machine that actually opposed the wars, the drug war, restrictions on gay marriage, and civil asset forfeiture, I'll happily reconsider.

Re:A better place for it

[armanox]

Interesting - I wonder why GNUTLS is a depedency (I'm building it from source on IRIX right now, no GNUTLS (currently built) on there). On the GPG website libksba is listed as optional, and npth is listed as 'you don't need it but probably want it'.

I'm all for replacing a lot of GNU software because of issues like that. Tying to build it manually ends up being a nightmare, because a lot of it depends on other GNU software they you may not want on there for various reasons.

Re:FOSS Funding

[rdnetto]

Kmail defaults to plain text as well. In fact, a lot of its design seems to indicate that its authors use mailing lists quite heavily...