The revolution will not be project-managed
posted by thelonius at 3:19 AM on November 23, 2015 [2 favorites]

but it will be Mind-Mapped?!
posted by mary8nne at 3:39 AM on November 23, 2015 [1 favorite]

Yes it will, thelonious. Anyone who can invent new project management tools that aren't built around ideas of profit/costs and fixed deadlines centrally will be doing a great service. We have to kludge current business tools to fit different community models and it's hard because the ideas of time-linear people-hierarchy are baked in, and so is capitalism.
posted by dorothyisunderwood at 4:28 AM on November 23, 2015 [14 favorites]

How about code that works and doesn't change every 10 seconds. [bias=hate agile].
But seriously the topics are important but only about 10% of developers need to worry about this stuff. There are 1000s of tools and I am pretty sure they all get used wrong... The problem doesn't seem to be tool sets as it is discipline.
posted by mrgroweler at 4:31 AM on November 23, 2015 [2 favorites]

How many "secure" messaging systems are out there right now? Now, how many of them do cryptography professionals actually trust? I've seen recommendations for TextSecure, iMessage and a few libotr-based apps with a bunch of caveats. Oh, and PGP, as if anyone is going to consistently use that correctly. Everything else is pretty much bunk.

I guess what I'm saying is that I don't hold out much hope for this laundry list of applications when something as basic as messaging has taken this long to hash out and the field has been filled with products that don't work as advertised.
posted by indubitable at 5:11 AM on November 23, 2015 [1 favorite]

Two out of three of those software projects she lists on her Patreon page are the secure messaging and email applications she's telling everyone else not to work on.
posted by XMLicious at 5:11 AM on November 23, 2015

Two out of three of those software projects she lists on her Patreon page are the secure messaging and email applications she's telling everyone else not to work on.


Not sure what your point is... Right now she considers better tooling more important than her own stuff.
posted by KaizenSoze at 5:36 AM on November 23, 2015 [2 favorites]

Two out of three of those software projects she lists on her Patreon page are the secure messaging and email applications she's telling everyone else not to work on.

From the first and last paragraphs:

We have enough secure messaging tools. We don't need any more.

If you're considering building a communication tool that doesn't advance the state of the art for the goals I stated up front, think about whether it's likely to improve security outcomes for users. If it doesn't advance the state of the art or directly improve outcomes, consider whether your effort would be better spent on something other than a communication tool.

The point is that those projects that Saitta is working on already exist. People have requirements besides simple messaging, and those requirements should also be addressed.
posted by zamboni at 6:46 AM on November 23, 2015 [1 favorite]

We're trying to lay the ground work for secure social and collaboration tools at gnunet but complications abound.

At present, you achieve privacy by running an end-to-end encrypted messager like XMPP+OtR or maybe Signal over Tor, only Pond beats this. We need a much better high latency messaging system that scales. And academics are mostly only working on dc-nets that cannot scale.

It we had a good messager then we can definitely route git push and pull requests over it, so maybe the right approach is to build git-like collaboration tools for other purposes, route them over the secure asynchronous messaging system that does not exist, get lots of techies . Board, and then build the guis.
posted by jeffburdges at 6:51 AM on November 23, 2015 [3 favorites]

What is the "tooling"? Is it the list of applications? That is the tools of the actively targeted people? Or is it software libraries to support these applications?
posted by bdc34 at 7:08 AM on November 23, 2015

People...this is hitting so close to home. I am a security engineer. I am literally right now (like really, right now) wrassling with this. These are difficult problems to solve for. SMH in agreement and going back to work now...
posted by Annika Cicada at 7:27 AM on November 23, 2015 [6 favorites]

Not sure what your point is...

If I were someone writing secure messaging tools I just wouldn't feel terribly persuaded to stop. She makes lots of good points on various security topics and seems like a very accomplished person from her bio, and in general I can definitely get behind anyone who also writes books like The Foundation Stone of Nordic Larp; it just seems important to note that the author here is doing the opposite of what the title of the essay asks of others.

Maybe the title is more for capturing the attention of her audience, which seems just fine to me since it's writing which is entirely worthy of attention.
posted by XMLicious at 8:10 AM on November 23, 2015

it just seems important to note that the author here is doing the opposite of what the title of the essay asks of others.

I'm having trouble finding the part of the essay where Saitta asks people to stop working on existing secure messaging tools. Could you point it out to me?
posted by zamboni at 8:17 AM on November 23, 2015

"People need to do this thing" is not exactly a winning motivator.

It needs to be "People can feed their families by doing this thing" before it becomes serious.
posted by underflow at 8:19 AM on November 23, 2015

Could you point it out to me?

If you really insist on playing pointless semantic games: it makes no sense to ask someone to "stop" doing something unless they've already started doing it. But maybe you're pretending you can't see the title of the essay at all the same way you're pretending I didn't specifically mention it even in the very bit of my comment you quoted.

She said lots of interesting stuff, let's talk about that instead.
posted by XMLicious at 9:04 AM on November 23, 2015

If you really insist on playing pointless semantic games: it makes no sense to ask someone to "stop" doing something unless they've already started doing it. But maybe you're pretending you can't see the title of the essay at all the same way you're pretending I didn't specifically mention it even in the very bit of my comment you quoted.

The title is Please Stop Writing Secure Messaging Tools. Not contributing to, working on, or any of the other verbs that mean improving existing products. I can see your point if you're reading an implied writing code for, but I think it's pretty clear Saitta's talking about new projects, and addressing the community as a whole. It makes perfect sense, semantically speaking, to ask the security community to stop making new messaging tools. There's even a section discussing future improvements to Briar:

While we may have some of the pieces here, there's not yet an obvious choice for the set communication protocols on top of which to build. My personal favorite, Briar, is designed to enable tools like these. It's not ready yet, but the Briar team got some great news recently and we should be steaming ahead soon.

She said lots of interesting stuff, let's talk about that instead.

Sounds good.
posted by zamboni at 9:51 AM on November 23, 2015

How long until she's vilified for advocating tools terrorists can use to plan and collaborate in a secure, secret way that good, noble police forces cannot easily monitor?
posted by rokusan at 6:22 PM on November 23, 2015

Ain't seeing too much discussion of the cryptography in her projects Briar and MailPile, not even a mention in the EFF's score card, but several obvious points :

Just learn GnuPG if you need email encryption. It's painful, but it's widely used. There is imho never any reason to use anything besides GnuPG for email because anything email based starts off horribly compromised. Just a better option like Pond, Signal, XMPP+OtR, etc. if you're adopting new semantics anyways.

Appears that Brair does not use the Axolotl ratchet, so Signal will have much stronger forward-secrecy properties. Appears Brair operates most similarly to Ricochet, meaning no asynchronous operation. I'd imagine Brair has better crypto than Ricochet now, but if Ricochet adopts Axolotl then Ricochet wins that.

Pond has clearly better cryptography, resistance to traffic analysis, and operates asynchronously.
posted by jeffburdges at 6:08 AM on November 24, 2015

It needs to be "People can feed their families by doing this thing" before it becomes serious.

I think you may be misunderstanding the point of the essay. Saitta's calling for what is basically charitable work--the creation of free software that will solve a very specific non-profit need. Combining this with capitalism is exactly the wrong thing to do.
posted by suetanvil at 2:53 PM on November 24, 2015

Not quite. There are a bunch of experienced developers who lack crypto chops building encrypted messenger applications. In part, they're independently wealthy due to working in the corporate tech world, or startups, but now looking to do something more meaningful. In part, they've noticed that young people choose social networking applications based largely upon perceived privacy. Ain't likely you'll build the next Tinder but maybe if you build an honestly private app then you'll gain market share.

I think Eleanor Saitta is basically telling these developers, "You cannot just pick up crypto like you'd pick up a new programming language, so do not try to reinvent the encrypted transport. Just come help us build collaboration tools around existing encrypted messengers."
posted by jeffburdges at 8:39 PM on November 24, 2015