Universal PGP, link courtesy of slashdot.

i want to highlight a point made in jakob’s alertbox –

Security as default: …no email should exist in an unencrypted state unless it’s being read or written.

a hearty AMEN! from head to toe, email is badly designed, and it’s a shame that it’s been in use this long in its broken state. Was just listening about how the creator of the MTP (predecessor of SMTP) admits that email was not built with security in mind…and with (somewhat) good reason — back in the day, email was not nearly as ubiquitous as today, and its usage was, for the most part, not as “important” as it is today. There are folk who store extremely important, extremely sensitive info in emails. The transport isn’t encrypted by default, nor does it offer decent protection (without being an SMTP wiz) from UCE.

as far as the storage–on most standard systems (unix, MS i’m familiar with), it is not stored encrypted, it is not sent encrypted by default. To add encryption to a standard email client (on Windows, at least) is so stinking annoying and not worth many non-powerusers’ time. The more i think about this the more ridiculous it sounds, that email is in a bad state.

Yeah, I’m aware of “better” transports (although i don’t know of the ability of any publicly available ones that offer easy to configure filtering and encryption options), and better clients, but apparently they ain’t in place, ‘cos we have these virii spreading. what the deal?

i guess i shouldn’t expect much, though. at more than one of my previous jobs it was expected that people on my team have my personal login info. Coming from a Unix Sys Admin background, that just ain’t right.

aight, so he’s hitting the nail on the head with the latest alertbox — This is a classic struggle, i think, of any software developer–it’s not as glamourous to focus on bugfixing and making a solid product, when there are so many fancy things i could do! this is precisely what i’ve run into with my blog updater software–i wanted to add a “config wizard”, and do a little check for the .NET framework in the installer, provide drag & drop image uploading in a post, among other things…but the time i spent doing that is so much better spent refactoring, and making the software less bug-prone. The refactoring is *essential*. This being my first C# nontrivial project, i spent my time learning how everything works and while in the beginning started out nicely, at points where the analogy between java and C# broke down, and i was green at (particularly this UI from “scratch” thing), it appears as if i hacked my way to a solution.

at any rate, yes yes, i’m enjoying the article, and hope you do too