I decided to take this opportunity to retire my PGP keys for good. Over time I’ve come to view PGP as largely a failure — it never reached the critical mass, the tooling has always been problematic, and it’s now a dead end.
PGP is a failure because it has no critical mass, so author writes ~1300 lines of C code that will never reach critical mass, reinventing gpg-zip. Something something irrelevant swipe at email? Something something irrelevant swipe at git?
Author lists a few requirements, saying that PGP satisfies every requirement, and then says "I couldn’t find anything that fit the bill". Bullshit. This is a serious full-blinders-on NIH project.
Don't get me wrong, if you want to have fun writing a thing that does some stuff, and then you want to blog about it, cool. Rock on. Fun times had by all.
But don't be dishonest about it. That's just not right.
The only thing it’s [PGP] been successful at is signing Linux packages
Google "linux encrypt file" and nearly every single hit will be about encrypting files with gpg. Sigh.
> Author lists a few requirements, saying that PGP satisfies every requirement, and then says "I couldn’t find anything that fit the bill".
I read your comment before I read the article, and the above part specifically jumped out at me, and I thought "oh come on, that can't be an accurate representation of the article.
Then I read the article, and it is. Wow. He literally lists four reasons, saying PGP works for each one, and then says "I couldn't find anything that fit the bill".
Either this is sloppy writing or NIH-enabling cognitive dissonance of the highest degree.
It's impossible for me to believe that a person who can hand roll a file encryption tool in C, who knows how to use LUKS and signed git tags, who knows about ChaCha20 and HMAC-SHA256, didn't understand the results of a google search for "linux encrypt files". Did he have a seizure right after hitting enter in the google search box, inadvertently close the browser window, and then wake up and forget having done the search?
Did he not search at all? Did he search only in his own bellybutton and find nothing but lint and a few old pennies? Or did his own cognitive dissonance just keep him from admitting to being trapped in a massive NIH black hole?
Saying he found nothing is being dishonest because he either didn't bother looking in the first place or he ignored what he found.
PGP is a failure because it has no critical mass, so author writes ~1300 lines of C code that will never reach critical mass, reinventing gpg-zip. Something something irrelevant swipe at email? Something something irrelevant swipe at git?
Author lists a few requirements, saying that PGP satisfies every requirement, and then says "I couldn’t find anything that fit the bill". Bullshit. This is a serious full-blinders-on NIH project.
Don't get me wrong, if you want to have fun writing a thing that does some stuff, and then you want to blog about it, cool. Rock on. Fun times had by all.
But don't be dishonest about it. That's just not right.
The only thing it’s [PGP] been successful at is signing Linux packages
Google "linux encrypt file" and nearly every single hit will be about encrypting files with gpg. Sigh.