1. 16

  2. 7

    Ahhh, .plan. Nature’s original, asynchronous, standup.

    1. 4

      Site is dead right now, but every time .plan comes up, I have to think back to the late 90s. Before blogs we read John Carmack’s .plan files on Quake development. Also a blog, of sorts.

      Also finger is a protocol where you absolutely notice its age, but that’s what it makes it fun to play around.

      1. 5

        As far as I know, Carmack was the only person that had any reach using plan files. The entire protocol was only known (outside unix shops and universities) through his usage.

        1. 3

          I suspect CS facilities in universities might have used it, but ditched it as soon as any alternative became available (i.e: the web).

      2. 4

        It uses minisign to verify authenticity.

        This verifies that the plan was signed by an Ed25591 public key you already have, but I don’t see how you get that key, nor how you verify that the matching private key belongs to the entity that claimed to author the plan.

        In other words, PKI is always the hard part of using key-pairs, and I don’t see any sign of PKI here…?

        1. 4

          That’s outside the scope of the project, though.

          You verify it the way people using cryptography have always verified it, you either:

          • post your fingerprints to a friend via an unsecured text channel, for them to promptly immediately forget about

          • post to MIT’s key servers and hope against hope that National Security won’t have any sway over a University that receives hundreds of millions of pounds from various Security-related Government agencies – or more realistically – the poor intern working for the key server sub-department who is soon to be under an NDA and receiving a nice healthy cash injection

          • post your fingerprints via a “secured” text channel, and hope that Signal hasn’t had any backdoors inserted in their proprietary software systems, and-or that Google (or someone working there) hasn’t received a healthy sum to do that

          • somehow meet up with someone and hope not only that this is the same person that you have been talking to online, but also that you both don’t catch COVID-19 or other contagious dieseases on the plane over, and that their laptop hasn’t been interfered with by the Customs Officials – who, last I recall, were opening up laptops and either poking around in them, or (if encrypted) copying the hard disks for a nice chunky supercomputer to crack like a nut

          Arguably, all those options are infinitely trustier than relying on someone who made a weekend project to have stronger morals and ethics in the face of new-car money or new-house money, anyway.

          If it makes the argument stronger, feel more than free edit in arguments about how both foreign and commercial entities {fund / are capable of doing} all of the above with eye-watering, byte-changing money.

          1. 3

            OK, so it’s a checkbox feature Marketing made them add. Got it.

        2. 2

          This is a really cool concept, I miss these old utils.