I don't need "modern alternatives" to things that aren't broken. I'm not interested in replacing my one tool with N others when I understand my threat model and understand the benefits of my existing, battle-tested tooling.
The opening paragraph is off-putting:
> Did your last Yubikey just break?
Is this supposed to imply that I'm not supposed to be inconvenienced by my security token breaking? Of course I am. I've lost and misplaced my Nitrokey on numerous occasions, leaving me completely locked out of my systems without physical access. That's a feature, and that's intended.
> Perhaps you forgot an offline backup password.
What does that have to do with PGP?
> Maybe you're just tired of living like a spy and never using smartphones.
That absolutely has nothing to do with PGP.
> Linux distributions and many other software update mechanisms use PGP signatures to prevent malicious mirrors or network attackers from altering the contents of their packages.
GnuPG's use here is hidden from the user by the package manager. Most users have no idea it's using PGP, and don't understand what it is. They work through a package manager's abstractions. If you replaced PGP with something else, the user would likely be none the wiser. Why does it matter? Also, why do I want to abandon a keyring?
For manually verifying signatures: why does the weight of the tool matter? Is `gpgv' (which is probably already installed on your system) really weighing you down that much? Tools like signify emphasize keysize and speed compared to RSA. Do you _really_ notice as a user? Is that _really_ the bottleneck for what you're doing? It might be, but I suspect for your average user, it's not.
> I wrote one as a party trick last month – it's less than 200 lines of code and that includes some silly key parsing tricks.
Are we worried about attack surface? GPG is heavily audited---you're far more likely to be pwned through one of the 100s of other poorly audited programs on your computer. And in any case, I don't care how easy it is to write---leave the crypto to the experts. An easy-to-understand implementation is great and certainly preferred where possible, but that's only part of the battle. And tools like GnuPG already have their implementations written and audited by numerous parties over the years. That doesn't mean they're bug-free, but it's not like we're starting from scratch here.
> Original need: You want to store individual pieces of data without making their contents accessible to anyone else on your system.
I'm not arguing against the use of other programs, but I see nothing wrong with GnuPG (or PGP) for this. Again, it's a widely supported tool that's probably already available on your system, and it probably came with your distribution image, so it probably can also be trusted. Directing users to install programs is a risk in its own unless it can be authenticated through the distribution's package manager---users must understand how to verify the program themselves otherwise.
Using GnuPG also gives you some other benefits for free, like support for a smartcard, even over SSH. (You should generally prefer symmetric algorithms for long-term secrets, but if you know your threat model, or have secrets that are easily changed or don't need to stay secret long term, asymmetric may be a fine choice for you if you gain the benefit of a security token.)
> Original need: You have files that you want to send to another person, but you don't want the data to be visible in transit or stored in the cloud. For this, folks often attach an encrypted ZIP file to an email.
> Modern alternative: magic-wormhole.
This works out great (or a tool like OnionShare) if it actually addresses your problem. But what if I want to encrypt files to N people who may be online at different times, and store that file somewhere? What if I _do_ actually want to communicate over email? I happen to do most of my communication with online communities via email.
PGP does suffer from many legitimate issues, like forward secrecy. Certainly use the right tool for the job. I'm not going to use PGP as an alternative to OMEMO, for example---they're fundamentally different.
Things that certain people see as weaknesses, like logistical issues surrounding the establishment and maintenance of a web of trust, aren't weaknesses to others. I have no problem with people suggesting useful tools for certain tasks. But I'm frustrated by the FUD around PGP, as if it's insufficient for any job. It does work, it is battle-tested, and it is trusted.
PGP is still widely deployed, whether you like it or not. "I don't like it" isn't a valid argument for considering something "legacy", when it works just fine for certain cases.
I'm a father of 7- and 5-year-olds, and I constantly think of this.
I have some anxiety issues and frequently have mild panic attacks, which can have symptoms similar to heart attacks. I have vasovagal responses triggered by odd and benign things. I also have bad muscle tension in my neck and upper back, which can extend around into my chest. And to top it all off, because I have children, I am often sleep deprived and drink too much caffeine. Heart-related issues are on my mind so frequently that I've almost convinced myself that I'm going to die of a heart attack one day, despite me being in good health.
I spend a lot of time worrying, so if I could share my advice with others: if you are worried, just see a doctor. It's not worth being wrong. One day I had symptoms of a heart attack for hours and went to an urgent care facility and got an EKG and x-ray of my heart. They found nothing, and attributed it to musculoskeletal pain. Considering I've been worrying about my heart for many years prior, those tests gave me a strong sense of relief and allowed me to focus on learning how to control my anxiety without getting into a feedback loop (anxiety -> heart attack symptoms -> more anxiety from worry). I can now calm myself down pretty quickly.
This may seem obvious, but getting extra sleep and cutting out caffeine helps immensely with all of the above symptoms. Easier said than done as a parent whose kids don't even sleep through the night. :)
I have been experiencing these same symptoms. I started seeing a therapist again, which is starting to help me control and understand the trigger sources for my anxiety. Thank you for sharing such a personal thing, it helps me know I'm not alone in letting my brain trick me.
Please remember that GNU is not just a collection of programs that fall under the umbrella of the GNU Project---GNU is a complete operating system, and it was an explicit decision to use existing free software when it was already available, and write replacements only for non-free components needed replacing. A detailed history of the development of GNU can be found here:
As distro maintainers know, it is a lot of work to come up with the right combination of programs to produce a complete, working operating system using _existing_ free components and being able to draw inspiration from existing GNU/Linux distributions. Imagine how difficult this effort was 30 years ago when nobody had done it yet.
Most of my communication with various people/communities is done via mail. For those using Emacs:
I use a Kanban (or GTD, depending)-style workflow using Org mode and Gnus. Org mode recognizes `gnus:'-prefixed links. For certain types of mail, I use an Org capture template within Gnus which inserts a TODO item into an Org document, along with a link to the original message (which can be opened in Gnus using C-c C-o).
You can then go through your usual workflow as you would with any other item; mail is just another source of data.
Considering that the task originated via mail, chances are it'll require some back-and-forth, potentially over the course of weeks and perhaps with a handful of people involved. I also keep detailed timestamped logs of correspondence and my actions, linking to important messages as needed. This is particularly useful for large threads, since I highlight the most important information. Since I'm logging via Org mode (and not my MUA), my logs can also include any other additional information and time tracking that has nothing to do with mail, so this creates a useful timeline that combines both actions and correspondence into a single view.
Because this is married with the rest of my Org-based task management, my mail also shows up in my agenda and reporting.
This is a great setup. I used to have the same configuration, but ended up replacing Gnus with Notmuch.
I'm far from a Gnus guru, so perhaps I'm missing something, but why do you prefer Gnus to Notmuch or Mu4e?
IMHO Notmuch has a very clear MUA model. Plus it's extremely fast and simple. Everything is done via tags. Notmuch never ever touches your email. This is the task of a backend, which has to translate tag changes into Mailbox actions. I do this using a few trivial Bash one-liners, which accommodate for Gmail's unusual IMAP implementation.
Mu4e is more similar to Mutt, as it does touch email directly, allowing you to move emails across folders or delete them. I also found the interface a little bit less snappy than Notmuch.
Gnus has some great ideas, but it's quite slow and the internals are a mess. It needs some serious refactoring.
I haven't researched Notmuch, but I've heard some interesting things about it. I used to use Mutt back in the day. Whatever I use would have to have Org integration, though.
Tbh, I just haven't researched other things and I haven't had the time. But Gnus does seem to fit well how I organize my mail: I subscribe to a lot of mailing lists, each of which are filtered into their own folders via Sieve scripts, before they touch my MUA. I also organize normal mail similarly.
This is a late reply, but thanks for your input. I'll look into them further. What interests me is your replacing Dovecot + Sieve with your MUA; I'll have to see if I want to do that or not.
No worries. For some time, before fully transitioning to Notmuch as a MUA, I was running Gnus with just Notmuch (using nnir notmuch search backend). So no Dovecot or Sieve. A pure Maildir.
I'm not sure whether you'd loose any feature like this, I don't think I did. But perhaps it's much simpler and quicker to switch to Notmuch for Emacs.
> A GNU program should not recommend, promote, or grant legitimacy to the use of any non-free program. Proprietary software is a social and ethical problem, and our aim is to put an end to that problem. We can’t stop some people from writing proprietary programs, or stop other people from using them, but we can and should refuse to advertise them to new potential customers, or to give the public the idea that their existence is ethical.
Excluding material isn't censorship---GNU stands by its principles. You wouldn't expect a vegan organization to advertise means of obtaining meat, for example.
I'd like to add that using proprietary software is not an act that deserves condemnation, it's not a moral failing or something like that. The GNU project opposes proprietary software as it is considered a social and ethical problem. Although I advise against it, you are free to use proprietary software for whatever reason (including possibly ethical or financial reasons) --- there are no mechanisms in place to prevent you from doing that in Guix (and the fact that Linux libre cannot load certain user-supplied firmware is a bug).
As a project, however, we do not recommend the use of proprietary software and don't provide a platform for advice on how to replace free parts of Guix with non-free software.
The use of proprietary software becomes an ethical problem when network effects are in place. Otherwise, it is the mechanisms of proprietary software itself that we object to, for example the barriers it poses to helping friends or neighbours and the way it gives developers control over the users.
I'll contact Christian Grothoff today and make sure nothing suspicious is going on and ask him to update the GNU forward if the domain has indeed changed.
The opening paragraph is off-putting:
> Did your last Yubikey just break?
Is this supposed to imply that I'm not supposed to be inconvenienced by my security token breaking? Of course I am. I've lost and misplaced my Nitrokey on numerous occasions, leaving me completely locked out of my systems without physical access. That's a feature, and that's intended.
> Perhaps you forgot an offline backup password.
What does that have to do with PGP?
> Maybe you're just tired of living like a spy and never using smartphones.
That absolutely has nothing to do with PGP.
> Linux distributions and many other software update mechanisms use PGP signatures to prevent malicious mirrors or network attackers from altering the contents of their packages.
GnuPG's use here is hidden from the user by the package manager. Most users have no idea it's using PGP, and don't understand what it is. They work through a package manager's abstractions. If you replaced PGP with something else, the user would likely be none the wiser. Why does it matter? Also, why do I want to abandon a keyring?
For manually verifying signatures: why does the weight of the tool matter? Is `gpgv' (which is probably already installed on your system) really weighing you down that much? Tools like signify emphasize keysize and speed compared to RSA. Do you _really_ notice as a user? Is that _really_ the bottleneck for what you're doing? It might be, but I suspect for your average user, it's not.
> I wrote one as a party trick last month – it's less than 200 lines of code and that includes some silly key parsing tricks.
Are we worried about attack surface? GPG is heavily audited---you're far more likely to be pwned through one of the 100s of other poorly audited programs on your computer. And in any case, I don't care how easy it is to write---leave the crypto to the experts. An easy-to-understand implementation is great and certainly preferred where possible, but that's only part of the battle. And tools like GnuPG already have their implementations written and audited by numerous parties over the years. That doesn't mean they're bug-free, but it's not like we're starting from scratch here.
> Original need: You want to store individual pieces of data without making their contents accessible to anyone else on your system.
I'm not arguing against the use of other programs, but I see nothing wrong with GnuPG (or PGP) for this. Again, it's a widely supported tool that's probably already available on your system, and it probably came with your distribution image, so it probably can also be trusted. Directing users to install programs is a risk in its own unless it can be authenticated through the distribution's package manager---users must understand how to verify the program themselves otherwise.
Using GnuPG also gives you some other benefits for free, like support for a smartcard, even over SSH. (You should generally prefer symmetric algorithms for long-term secrets, but if you know your threat model, or have secrets that are easily changed or don't need to stay secret long term, asymmetric may be a fine choice for you if you gain the benefit of a security token.)
> Original need: You have files that you want to send to another person, but you don't want the data to be visible in transit or stored in the cloud. For this, folks often attach an encrypted ZIP file to an email.
> Modern alternative: magic-wormhole.
This works out great (or a tool like OnionShare) if it actually addresses your problem. But what if I want to encrypt files to N people who may be online at different times, and store that file somewhere? What if I _do_ actually want to communicate over email? I happen to do most of my communication with online communities via email.
PGP does suffer from many legitimate issues, like forward secrecy. Certainly use the right tool for the job. I'm not going to use PGP as an alternative to OMEMO, for example---they're fundamentally different.
Things that certain people see as weaknesses, like logistical issues surrounding the establishment and maintenance of a web of trust, aren't weaknesses to others. I have no problem with people suggesting useful tools for certain tasks. But I'm frustrated by the FUD around PGP, as if it's insufficient for any job. It does work, it is battle-tested, and it is trusted.