The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica) [LWN.net]

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 5, 2015 23:38 UTC (Thu) by lmb (subscriber, #39048) [Link] (4 responses)

I donated, and I would encourage everyone to do so, too. GnuPG is an important piece of software and piece of the core infrastructure.

However, combining the individual donations (which now already exceed the €120k goal), the Linux Foundation grant, and yearly separate grants of $50k from Stripe and Facebook each makes me think that Werner will probably have to hire more than 2 developers this year to actually spend all the (well deserved) money.

I'm happy to see that the project gets a break and a year that, after some that were apparently quite harsh, might be quite comfortable.

On the other hand, they're now on the hook to actually make GnuPG better. ;-)

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 6, 2015 0:11 UTC (Fri) by coriordan (guest, #7544) [Link] (2 responses)

> will probably have to hire more than 2 developers

Or put some in the bank so he doesn't have to hope for the same luck next year.

Encryption isn't a project that's going to get finished in 2015 :-)

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 6, 2015 0:17 UTC (Fri) by lmb (subscriber, #39048) [Link] (1 responses)

True, that. But my guess is that with this funding, 3 engineers are quite possible even while putting stuff in the bank. I hope one of them is a UX guru. ;-)

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 17, 2015 17:12 UTC (Tue) by Baylink (guest, #755) [Link]

And since, as we all know, 2 geeks are 897 times as productive as 1 geek...

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 6, 2015 14:28 UTC (Fri) by Wol (subscriber, #4433) [Link]

> However, combining the individual donations (which now already exceed the €120k goal), the Linux Foundation grant, and yearly separate grants of $50k from Stripe and Facebook each makes me think that Werner will probably have to hire more than 2 developers this year to actually spend all the (well deserved) money.

At £1000/week (the typical fee for a contractor) that E100K in recurring grants won't go very far. It'll pay for one contractor, and leave less than half of it for Werner himself.

If he sets up a limited company, and pays himself and one other, I guess they'll be on a gross salary of about E35K. Not bad, but not good either. I get the impression US salaries are noticeably higher ...

Cheers,
Wol

Poured?

Posted Feb 5, 2015 23:55 UTC (Thu) by ncm (guest, #165) [Link] (5 responses)

I would hesitate to use the word "poured" here. Yes, the amount is better than in previous months, but it remains a drip compared to what is collected by "security companies" that produce much less valuable work. It is a shame that we cannot do better for our benefactors.

If you have not given lately, now would be a good time.

Poured?

Posted Feb 6, 2015 12:40 UTC (Fri) by clump (subscriber, #27801) [Link]

Very well said, thank you.

Poured?

Posted Feb 6, 2015 19:07 UTC (Fri) by malor (guest, #2973) [Link] (3 responses)

If I understand the figures correctly, he's now at $300K+ for the year, which should cover the project for a good while. It might be smarter to find some other under-funded project, like maybe SSH, and give them whatever you would have donated instead.

GPG will need money again in a year or two, so don't forget them, but right now they've got a bunch of cash, while other important projects are starving.

Poured?

Posted Feb 6, 2015 20:50 UTC (Fri) by spaetz (guest, #32870) [Link] (2 responses)

If you read the linked interview you'll see that he was on 25k/year for the last 10 years, with a kid and a non-earning wife. Give him the 300k and be happy he is as idealistic as he is. I wish him all the best.

Poured?

Posted Feb 8, 2015 11:42 UTC (Sun) by malor (guest, #2973) [Link] (1 responses)

Oh, yeah, absolutely, I'm happy he's gotten the money. I hope he buys himself some nice stuff! I also hope the open source community as a whole can keep him, and maybe a couple other talented coders, happily employed making the software better.

I'm just saying that, at this exact moment, giving him more money will probably have less overall impact than giving money to one of the other perpetually-underfunded security projects, like OpenSSH. It sounds like he's in good shape for a year or two, and they're begging for scraps.

This doesn't mean "don't ever give him more money", not at all. But with him temporarily flush with cash, those that are feeling generous would likely produce more overall social benefit by donating to other projects, at least for the next few months.

I really hope this marks a sea change: the crypto infrastructure is tremendously important, and I'd like the people working on it to be paid enough to be comfortable.

Poured?

Posted Feb 8, 2015 17:55 UTC (Sun) by dd9jn (✭ supporter ✭, #4459) [Link]

I would actually second this. There are more underfunded projects we all rely on. Something needs to be done. I'll check with the FSFE whether they can compile a list of such projects and raise attention for the problem.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 6, 2015 1:24 UTC (Fri) by The_Barbarian (guest, #48152) [Link] (13 responses)

Simple one time donations are good and all, but I wouldn't mind seeing options to donate on a recurring basis, using something like Patreon (Patreon itself might not be the best since it focuses on creative/artistic works usually. That said, I know of at least one science blogger using it).

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 6, 2015 7:30 UTC (Fri) by ssmith32 (subscriber, #72404) [Link] (10 responses)

That would be a nice option! I read the article update correctly, at least Facebook and stripe pledged recurring annual contributions. However, if Germany is anything like the US.. after taxes and benefits, the 100k won't go too far.. hopefully he has some exempt status available ..

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 7, 2015 18:09 UTC (Sat) by Felix (guest, #36445) [Link] (9 responses)

Usually in Germany an individual can not get any kind of tax exemption. It's pretty similar to the US in that case. And 25k in Germany is a pretty low income. Not terribly low as in "can barely survive" but the new minimum wage in Germany is roughly equivalent to 16-17K per year. Direct comparison to the US is a bit difficult because you'll get full health insurance for about 1K per year (includes non-working family members).

A seasoned software developer usually earns between 50-70K per year (some areas like Munich, Frankfurt, Hamburg are much more expensive than other places like Berlin).

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 8, 2015 17:52 UTC (Sun) by dd9jn (✭ supporter ✭, #4459) [Link] (8 responses)

Health insurance for 1k/y? For various reasons I have a private health insurance which is about 400 EUR/month. I am locked to it and can't get back to the more expensive but family friendly public systems. My wife is on sabbatical and still has to pay about 200 EUR/month for public health insurance (and for the dentist you have to pay a lot of extra fees).

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 10, 2015 13:08 UTC (Tue) by fb (guest, #53265) [Link] (6 responses)

I don't know the details about Germany. Are you, dd9jn, in Germany?

My experience working in the EU is the actual cost of health insurance varies a lot per country and also per income bracket. I assume a married couple earning €25k a year would receive a big government sponsored discount (in one form or another) when compared to a couple earning, say, €100k per year.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 10, 2015 13:15 UTC (Tue) by fb (guest, #53265) [Link] (1 responses)

@dd9jn

Ouch! I realised now (from reading the last posts in the article comments), who I was answering to.

Apologies!

I'm surprised Germany doesn't give you some form of tax advantage or reimbursement for the health insurance. In France health insurance is substantially cheaper for a formally employed person. At the same time in The Netherlands (where I work now) is a lot more expensive.

Social insurance in Germany

Posted Feb 10, 2015 20:51 UTC (Tue) by dd9jn (✭ supporter ✭, #4459) [Link]

For low incomes the tax in Germany is pretty low. However, the social insurances (health, pension, unemployment) accounts for most of what is subtracted from the gross income: 14.6% for health insurance plus about 0.9% depending on the public health agency (we have ~200 of them each with a very well paid board). 2.35% for nursing care insurance, 18.7% for the public pension, and 3% for unemployment. For all you earn above 4125 EUR/month you do not need to pay health insurance, for the pension rate that clip limit is 6050 EUR. The employer has to pay about 45% of these rates.

If you are self-employed or earn more than 4575 EUR/month you are allowed to get out of the system and setup a contract with a private health insurance company. Thus all well earning people don't participate at all in the public health system. For self-employed people a private health insurance is often the only option because voluntary opting for the public health insurance means that you have to pay a premium based on an assumed high income which is higher than what you have to pay for a private insurance. If you run out of paid projects for some time you have to keep on paying that high premium and you may soon be on the rocks.

The health system is pretty expensive and a cash cow for most in the health sector - except for nurses, family physicians, and assistant doctors. As with all corrupt systems the owners of this cash cow are controlling themselves.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 10, 2015 13:29 UTC (Tue) by paulj (subscriber, #341) [Link] (3 responses)

It's pretty meaningless to talk about "my experience in the EU" for stuff like healthcare, that is not subject to EU standardisation. There are a variety of vastly different systems across Europe, and each country is different to the next.

E.g., the country I'm in funds a top-notch and efficient health system free for all residents from general taxation. Even dentistry is free for pregnant women, new mothers, children and lower-income people.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 10, 2015 14:32 UTC (Tue) by fb (guest, #53265) [Link] (2 responses)

> It's pretty meaningless to talk about "my experience in the EU" for stuff like healthcare, that is not subject to EU standardisation. There are a variety of vastly different systems across Europe, and each country is different to the next.

Yet, *somehow* I have a standard EU-wide health card, and my children are vaccinated using a standard EU-wide calendar.

When I speak about "in my experience in the EU", I meant "in my experience working in a few different EU countries in the last few years". I'm well aware there are differences.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 10, 2015 15:15 UTC (Tue) by paulj (subscriber, #341) [Link]

Yes, equal *access* to local health care for EU residents is mandated by EU via the EHIC. ;) I havn't heard of EU vaccination schedules before, I'm pretty sure here those are set by state medical boards, and the following suggests it isn't standardised at all:

http://vaccine-schedule.ecdc.europa.eu/Pages/Scheduler.aspx

Generally, health care implementation is not something the EU gets involved in, because member states have such different systems for funding and accessing health care.

There are of course European and EU level organisations involved in medical outcome monitoring and recommendation, e.g. WHO-Europe, ECDC. EU does have some directives regulating aspects of the pharmaceutical industry and approvals.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 24, 2015 17:52 UTC (Tue) by pboddie (guest, #50784) [Link]

Yet, *somehow* I have a standard EU-wide health card

A few years ago, I had a hilarious time showing that card to some people at a hospital in Austria, although they fortunately went along with it - photocopying a plastic card and pulling out the paper forms was presumably their way of coping with the apparent unknown - and upon eventually receiving an invoice, which I showed to a German colleague who made various remarks about Austria that probably do not bear repeating here, I was reminded that the notion of walk-in public healthcare that one might see in the UK or the Nordic social democracies is pretty alien elsewhere.

Fortunately, the special "foreign" department in the Norwegian welfare system took over at that point, which was a pleasant surprise given the absolute mess perpetrated by that system in many other regards. But yes, what we appear to have is a way of making different kinds of health systems cooperate, presumably lubricated with a bit of money and a dose of bureaucracy. We'll miss it when the populist imbeciles of the continent dismantle it all because of supposed foreigner overuse as they requisition the funds currently making it work for their own vanity projects and to give nice things to their acquaintances.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 19, 2015 20:06 UTC (Thu) by Felix (guest, #36445) [Link]

> Health insurance for 1k/y?

This was based on a minium-wage employed worker (16k/year * 0,075% =~ 1200 €/year).

Other than that I can say that it seem's we seam to be in very similar situations even though our insurances bills are a bit smaller than yours.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 7, 2015 18:27 UTC (Sat) by rillian (subscriber, #11344) [Link] (1 responses)

Some organizations accept paypal 'subscriptions' for recurring donations. The OpenBSD Foundation for example.

Sites like Patreon are useful for discovery and aggregating small donations to avoid transaction overheads, but ongoing support is something projects can set up themselves.

The World’s Email Encryption Software Relies on One Guy, Who is Going Broke (ProPublica)

Posted Feb 7, 2015 18:37 UTC (Sat) by Limdi (guest, #100500) [Link]

> but ongoing support is something projects can set up themselves.

I assume support equals donations. Can yes. But who wants to donate for the donation infrastructure? snowdrift.coop allows recurring donations too.

Improving GnuPG

Posted Feb 8, 2015 21:47 UTC (Sun) by jondo (guest, #69852) [Link] (2 responses)

I hope this funding success now makes it possible to address some of the constructive GnuPG criticism from the Mailpile project (https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_...).

Improving GnuPG

Posted Feb 9, 2015 11:20 UTC (Mon) by lmb (subscriber, #39048) [Link]

Yes; the funding comes with an expectation (and possibly, obligation) to make good on advancing GnuPG. Werner is, with all due respect, somewhat more of a solitary bee, and I hope this success is not setting the project up for failure.

But I'm hopeful; perhaps it'll attract not just funding and paid developers, but also contributions from others that can now actually be incorporated, and revive GnuPG into a community-driven project. (While still ensuring Werner's livelihood.)

Improving GnuPG

Posted Feb 9, 2015 19:30 UTC (Mon) by dd9jn (✭ supporter ✭, #4459) [Link]

Thanks for reminding me that I drafted a response to these complains. I just posted them, see https://lists.gnupg.org/pipermail/gnupg-users/2015-Februa...