Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dsecurity49 4 hours ago

The Snowden quote at the bottom of every single Werner Koch email has been living rent-free in my head since 2013. Also the fact that this project has been running since the late 90s, financed almost entirely by donations, and is quietly protecting basically all serious encrypted communication on the planet — and the announcement still goes out as a plain text email to a mailing list. No Medium post. No Twitter thread. No 'we're excited to share'. Just: here's the tarball, here's the SHA-1, verify it. Absolute last line of defense energy.

Retr0id an hour ago | parent | next [-]

Why is this AI-generated comment still at the top of the thread, after 3 hours? Is it finally time to give up on HN?

jore 3 hours ago | parent | prev | next [-]

I haven’t heard this quote before, but I am copying it here because it makes so much sense:

Arguing that you don't care about the right to privacy because you have nothing to hide is no different from saying you don't care about free speech because you have nothing to say. - Edward Snowden

pabs3 3 hours ago | parent | prev | next [-]

IIRC the GnuPG folks do a lot of consulting and sell additional software:

https://gnupg.org/service.html https://gnupg.com/ https://g10code.com/

snthpy 3 hours ago | parent | prev | next [-]

And they use SHA-1 for verification?

noosphr 2 hours ago | parent | next [-]

   If you already have a version of GnuPG installed, you can simply
   verify the supplied signature.  For example to verify the signature
   of the file gnupg-2.5.19.tar.bz2 you would use this command:

     gpg --verify gnupg-2.5.19.tar.bz2.sig gnupg-2.5.19.tar.bz2

   This checks whether the signature file matches the source file.
   You should see a message indicating that the signature is good and
   made by one or more of the release signing keys.  Make sure that
   this is a valid key, either by matching the shown fingerprint
   against a trustworthy list of valid release signing keys or by
   checking that the key has been signed by trustworthy other keys.
   See the end of this mail for information on the signing keys.

 * If you are not able to use an existing version of GnuPG, you have
   to verify the SHA-1 checksum.  On Unix systems the command to do
   this is either "sha1sum" or "shasum".  Assuming you downloaded the
   file gnupg-2.5.19.tar.bz2, you run the command like this:
dsecurity49 2 hours ago | parent | prev [-]

[dead]

da_grift_shift an hour ago | parent | prev | next [-]

The [THING] has been living rent-free in my head since [YEAR]. Also the fact that [THING]. No [X]. No [Y]. No [Z]. Just: [A]. Absolute [HYPERBOLE] energy.

At least this comment didn't have the double quotes left in ˙ ͜ʟ˙

gtsnexp 3 hours ago | parent | prev [-]

[flagged]

dsecurity49 2 hours ago | parent [-]

[dead]