I don't care if it's beautiful, or how it auto-saves drafts, I want an e-mail client designed with security from the start. Everyone seems to be up in arms about privacy these days, but people forget both how much data is available inside their mail spools and the fact that none of it is encrypted. Put S/MIME or PGP support in your roadmap as a first-class feature and I'll be interested in your mail client. Consider a text-only mode and develop with a type-safe language and I'll definitely take a second look.
Encryption is not the be-all and end-all of security. Here is a good example: your boss sends you a signed, encrypted message that just says, "You're fired!" You send that signed message to the secretary you have a grudge against, encrypted using her public key instead of yours. Now the secretary thinks she is fired too (potentially leading to mayhem within the company). This discusses the issue in depth:
PGP and S/MIME do not encrypt the subject line of emails; this is an easy way to leak information. You also do not get encryption of References/In-Reply-To headers, and various other headers that can leak information.
In PGP and S/MIME, the ciphertext is signed. You don't encrypt a signed message, you sign an encrypted message.
You can't take a signed message that was encrypted with your public key, decrypt it, re-encrypt it with somebody elses public key, and expect it to still appear signed by the original sender when the new recipient decrypts it.
[edit] There are of course serious problems with the lack of header signing/encryption and replay attacks though I agree. Hence why I add a small note at the end of all of the pgp signed comments on my blog: "This signed text was written for https://grepular.com/ only"
The link I provided discusses this as well; not only are there other attacks, but those other attacks are potentially more severe. A man-in-the-middle attacker can claim credit for a message by substituting their own signature for the sender's. A naive encrypt-then-sign system will also lack non-repudiation in some cases (e.g. when using RSA signatures and encryption), and will only provide non-repudiation on the ciphertext itself (not the plaintext; this may or may not be what you want).
Sounds like a simple solution would to duplicate the headers in the body and encrypt them along with the message. That way, even if you resend that email, the encrypted To: field would make it obvious that it was meant only for you.
AFAIK Yorba uses Vala which is a native C#-like language.
I do agree with you that PGP and S/MIME would be awesome features but most people using Linux are so frustrated with default apps that I think they wanted to show their focus on the basic workflow.
Letting Johnny encrypt[1] sounds like an interesting topic of research, although IMO research probably shouldn't be bound to any particular product until it's no longer research.
Why don't you do some research before posting FUD? The people planning this project built Shotwell, the default photo organizer for Fedora and Ubuntu. Clearly they know what they're doing. http://en.wikipedia.org/wiki/Shotwell_(software)
I fail to see how them building a photo organizer app has any relevance in his wish for a security minded email application. Sure, the company might know what they're doing, but nowhere in the introduction video did they discuss security - the most talked about points were usability and aesthetics. It seems to me that dguido's comment isn't actually FUD, but rather an observation about their proposal...
Forgive me if this comes across as snarky, but when "beautiful" is the very first word used to sell me a piece of software, it would help if it were actually beautiful to look at. I'm sure it's well-built, but Geary looks like every run-of-the-mill mail client I've ever seen.
Remember that this is Linux, where 29 out of 30 applications look like ass. And what's worse - the Linux guys strut it as a badge of pride! Riddle me that!
---
Edit: I'm not claiming that they're struting _this_ particular app as a badge of honor. I meant struting _bad designs_ as a desirable outcome, placing "functionality" over "design". Example: Gimp. Works fine, looks terrible.
Function and design don't have to be mutually exclusive, you know?
I have to wonder, if someone were to fire off a pull request with GUI improvements for aesthetics and UX, would the maintainers approve it, or refuse it?
Yes, but sometimes I really just want to get shit done.
Right now I'm sitting here as Calibre converts a epub file to mobi and is going to automatically send it off to my Kindle. Calibre is really, really ugly and the work flow is terrible. But I don't care because it does what I want, can suck in a ton of different formats, and in the end I have a document sitting on my Kindle that I can read.
Assuming you're talking about the GIMP when you ask about precendence, at least there is a user interface designer since a couple of years (peter sikking, GIMP UI blog at http://blog.mmiworks.net/search/label/GIMP).
Most folks who drop by the GIMP developer mailing list with UI suggestions are not providing very high-quality feedback, is my understanding. Of course, the GIMP is a large project, and it's hard for "outsiders" to know where things are headed and how to fix things.
Most open source projects don't have the luxury of having a person dedicated to UI design, which of course can be problematic for modern "UI-intense" applications.
> I have to wonder, if someone were to fire off a pull request with GUI improvements for aesthetics and UX, would the maintainers approve it, or refuse it?
This model may work for one evening js libs, not serious opensource projects with a large userbase. You just don't fire off a pull request that turns the project upside down because you feel like it without any consulting, expecting it to be accepted right away because it's nice (even if it is). So the most probable scenario would be to reject it and invite you to engage in working on the project before you propose drastic improvements.
The state of gui linux email clients has been abysmal for years. My primary usage mode is across multiple imap accounts with a decade of email and probably 15Gb total..
Evolution - imo bloated, painful, and abandoned.
Thunderbird - Less bloat, but not really progressing.
Opera's m2 email client was probably the best i could find for significant volume though closed source.
The cli clients are significantly better mutt + notmuch, and sup were my favorites.
I finally just went down the gmail road..
Beauty and features are great, usability at volume is even better. Good luck to yorba folks.
I use notmuch with Emacs in an X window. It'll display image attachments and give me clickable HTTP links, which is great. If X forwarding isn't an option, I can always just fire up an ssh session and read it in emacs -nw.
First off - the project itself is just not worth the effort in my opinion. There are a lot of email clients already in the FOSS world and most of them are pretty good. Not perfect, sure, maybe lacking polish - of course. But they do their job and that's really all I want from email. (And for a lot of things - like conversations - I actively try keeping them OUT of email.)
They try kinda-sorta hard to pretend that I'm living in a dreary pit of begrudging acceptance using Thunderbird on Linux, but that only works if that's actually the case. It's not. Search could be a tad faster, conversation might be neat, sometimes, and there probably are exotic cases where you have dozens of imap accounts open that things get sluggish. None of these are killer features that sell me on this project because none of these are out of reach for the applications that already exist. (And again, as an actual user, I don't really care.)
The video was... confused. I think they realized that you do need to "sell something" when you do a fundraiser like this, but all they came up with were minor features that felt lukewarm - both in the technical sense and in the way they were presented. There is very little about what their passion point is in all this, except "better" and "faster" and... kinda more like gmail and mail.app. FOSS Projects usually start out with pain points that need to be addressed and with passionate people who care very, very deeply about them. I don't see that here.
The telltale is when the project lead goes for the "we've come so far". And then lists... conversation view, an html composer and connecting to multiple accounts. And then we arrive at the point where he almost starts explaining why they need our help. Where they want to go with this. What will make this so amazing in the future. Why I should feel passionate about it and for them. Why I should want to give them my money.
Nothing of that happens, he just stumbles into the final sentence. Please donate to Yorba today. And that's really all there is.
Finally, I don't really think lines like "bring you software so good, you don't know it's Open Source" (and a lot of further weird stuff in the same direction) is anything but carelessly smug. I'm not sure they have any idea whatsoever what kind of audience they're selling to.
Sorry guys, but this is not how FOSS works. You can't piss in the river and then ask people to pay money to follow you further upstream.
Agreed--in particular, "software so good, you don't know it's Open Source" seems like a great way to alienate your audience. The people who think that Open Source is categorically low-quality are already happily using Mail.app or Gmail or even Outlook.
I get the sense that the majority of this problem is that there is a lack of separation from the backend from the front-end. If you separate the two and have a decent front-end language you should get individuals to compete for having the best/most-usable front end. At least that was the dream of MVC.
Vala is a new programming language that aims to bring modern programming language features to GNOME developers without imposing any additional runtime requirements and without using a different ABI compared to applications and libraries written in C.
I took another look at the open source mail client "Evolution" last night after being a Thunderbird user for many years. I'm surprised how far it has come since last time I checked it out. Nice fast clean interface. Worked with PGP out of the box. Worked with my LDAP address book out of the box, including adding/editing entries. Worked with my Google calendars out of the box.
Did anyone else notice that when their CEO was listing out the things that people expect from an email client he was basically just describing features GMail popularised.
I won't comment on the usefulness of the product they're showcasing because a lot of people have already done so.
But seriously, those perks/prizes are absolutely horrible. The only different between the $25 and $50 prize is that you get three stickers? For $500 I can get a t-shirt and a one-hour conference call with the engineers?
Judging by the video and the prizes alone I get the impression these guys aren't quite sure how to sell their product.
"email is not a luxury any more, email is a necessity"
Is it just me, or is there something rather awkward with this sentence?
Personally, I believe a better open-source webmail would be the way to go, not a desktop client. Roundcube[1] has come a long way, but there's still a big gap to get anywhere near gmail.
I have Roundcube setup on my web server just for backup, so rarely use it. Just upgraded RC from 0.5.4 to 0.8.5 (upgrade script worked flawlessly) and I am amazed at how beautiful it looks (I actually thought the old version was slick).
IMO, it looks better than Gmail and displays plain text emails in a nice fixed font out of the box!
Just curious what I'm overlooking as I don't see a huge gap between Roundcube and Gmail.
you're right, the gap isn't that big. Hard to put my finger on it, but for me the general look&feel and 'snappines' of the interface still feels not as refined as gmail.
The threaded view is not nearly as good as gmail's where you just scroll to see the next message (once you view a single message). It feels like there's lots more double-clicks going on in roundcube to get to view messages and interact with things...
I suppose these are not huge functionality gaps, more refinements to the UI. Functionality-wise it would be nice to have some intelligent filters in roundcube like google's. That's where gmail is a combination of an email client and server though.
For filters I use Sieve [1] (comes with Cyrus Imap and I believe some others like Dovecot). There are a few plugins for roundcube that provide an interface for managing sieve rules [2], [3]. I tested both linked below and both worked, but they seem geared toward users who want a UI for rule creation, like in Gmail, whereas I have an existing sieve script I want to edit directly. Anyway, filter functionality is there in roundcube that's at least comparable to gmail, so long as your imap server supports sieve.
Is the state of linux email clients so abysmal that rebuilding the mail.app interface (without some of the fancy features (VIP, smart folders, etc)) is a desirable goal?
There aren't really any mail.app-like clients, with a heavily simplified interface. Most clients I can think of have very traditional interfaces, or are aimed at big mail users and lean on the heavily configurable side (like, say, mutt).
I'm not sure if there is a demand for this sort of simplified things for Linux, tough, but I guess I'm not the target audience.
Yeah those rewards are really odd. Seems they just got lazy and hoped people would want to pay money to talk / hang out with a team they havent heard of before.
I am about half way through 'Dreaming in Code', Scott Rosenberg's story of the early days of Chandler. I thoroughly recommend the book so far.
As soon as I saw this it felt like how OSAF might have started Chandler if they were starting out today, it has a similar clumsy feel to the goals and rewards.
Yeah, I felt like a bit of an asshole for pointing it out too. I hope Geary can be successful, an can learn lessons from the chandler project about how not to do it.
Not sure I see the point for yet another interface on top of mail for Linux. I suppose evolution is ugly enough something might be able to supplant it as a default. However, the lack of Outlook in a corporate environment is the real pain point for email on Linux.
I currently get by using a combination of Kontact and Davmail to get my email, address book and calendar working in my corporate environment. Fortunately we keep imap available as an option so I can get my mail at a decent pact rather than having to run through davmail for that part.
I'm not seeing where Geary is going to make anything better than what I already have. Kontact is already pretty enough.
Is it that necessary for another mail client? I find that Thunderbird works just fine myself. I'm not sure if I need something that's "beautiful".. All I need is when it gets the job done and thunderbird does that quite well.
Mail.app seems to be the big inspiration. (Not a snark -- I installed Geary from their PPA a couple days ago, and recently switched back to the Mail.app from gmail)
