This is a really well done talk, with a very interesting peek into how the port is going. But beyond that, it's also a great example of how to give a technical talk in general, walking the line between bringing the uninitiated along, without talking down to anyone; all the while providing truly useful (and new) information. And kudos too, to whoever recorded the audio and visuals, and posted them for us to see -- if only all tech talks were recorded this well!
Thanks for sharing this one. There's so many brilliant and funny little vignettes in this piece. I'm amazed at what some people are able to do, so far outside anything I could dream about creating.
I'm sure you're being honest about your intent, but a glancing read of your previous comment sounded categorical, to my ear at least, "And they've all been proven false."
It’s hard from reading what is written how it is intended. Written communication is hard since it doesn’t encapsulate tone, emphasis, and other cues. I read “all” in this case to mean: “most of the commonly espoused objections”.
It's hard to know how these pieces fit together, especially if you have a fuzzy mental-model of the objectives and potential benefits. Is there a gentle introduction you'd recommend?
There are many ways to use PGP just as there are many ways to use openssl or any other cryptographic suite of tools.
For most individuals seeking to establish a long term durable personal keychain they want others to be able to externally trust and verify easily, I would suggest the following, which is more or less what most people in my circles do:
1. Buy a smartcard with touch support such as a Nitrokey 3
2. Ideally buy 3+ backup smartcards at the same time
3. Use Keyfork on AirgapOS booted on a laptop you trust to generate a 24 word mnemonic and split-encrypt it to 3+ smartcards (or write down mnemonic on paper if you lack budget for 3 extra smartcards)
4. If using backup smartcard set, split them up across 3 secure locations, or if using a raw mnemonic put on durable storage such as cryptosteel, and put that in tamper evident storage such as in a vacuum sealed bag with confetti with pictures you have copies of elsewhere.
5. Use keyfork to derive a PGP key and load it into your smartcard
6. Setup forced/locked "touch" requirement policies on all "slots" on your card so you must tap for each use (malware cannot do this, but easy for you to do)
7. Publish public key to keys.ogenpgp.org
8. Publish public key on your own domain name using Web Key Discovery
9. Use keyoxide docs to establish keyoxide profile with every internet platform you control attesting your key fingerprint is yours to make it easy for others form confidence that all of those are you, and your key is yours.
10. Major bonus: use QubesOS and map your smartcard only to an offline vault VM that prompts you for each use, and which security domain on your system wants to use your key, so malware is unlikely to be able to trick you even if your development environment is compromised.
From there you can use your provisioned smartcard with an openpgp smartcard capable ssh agent on your workstation for git signing, git push, ssh to servers, password management with password store, signing artifacts, thunderbird for email encryption, etc.
We plan on writing up a lot more public documentation for this sort of thing as the public docs suck, but we have helped thousands of people with this sort of thing.
Pop into #!:matrix.org or #keyfork:matrix.org if you want any help or advice for specific use cases.
A partially complete set of docs for different threat models is in progress at https://trove.distrust.co
There are many ways to use PGP just as there are many ways to use openssl or any other cryptographic suite of tools.
This is a very bad thing, because it is not in fact the case that there is one cryptosystem equally suited to all these tasks.
That you chose OpenSSL as your corroborating example is especially funny, because there is exactly one thing that OpenSSL is actually well-suited to doing (setting up TLS sessions), and then 20+ years of people getting themselves into grave trouble trying to get that library to do other things.
You spend a lot of energy steering people away from PGP, but what is your alternative to solve the same problems with the same threat models?
What do you want to shift the entire software supply chain security foundation of the internet to use instead and how?
Complaining the existing solution is not good enough is easy. Making things better and educating on current best efforts without creating centralized points of trust is hard.
Did you not read the post I linked upthread? You were quite confident in refuting its claims, so I assume we shared an understanding here.
Update
It looks like you drastically edited your comment after I replied to it, in ways that change the meaning of your prompt. That makes it impossible for us to continue discussing anything.
I hit send too fast before I was actually done typing/thinking because I was going too fast, and you somehow got a response in seemingly instantly. My bad on this one.
Oh THAT is why you are steering people away from OpenPGP, gotchu. I have read it a long time ago. I remain to be convinced. The blog post just reeks of "I can't use it, too complex for me therefore it sucks". Yeah, it can be misused, I do not deny that.
Isn't this more of a theoretical problem, rather than a practical one? In what situations do you want people to discover your key? You create a key pair for Github, upload the public key, and you're done; you can securely communicate with Github. Nobody ever has to discover it. Do they?
> In what situations do you want people to discover your key
Just to name some of the most common use cases I have:
1. When people in my orgs want to encrypt sensitive information to me, e.g in encrypted password databases over git.
2. When prospective new clients or security researchers want to encrypt sensitive requests to me via email. Have some in my inbox right now from today.
3. When people want to verify that commits or code reviews I signed on security critical software were really signed by me, and not masquerade malicious code as mine in a rebase, etc.
4. When people want to verify that public reproducible builds of artifacts I maintained are built by multiple maintainers.
These use cases all rely on a well published set of public keys shared with the public in ways with sufficient history and signatures so no one can impersonate me or other maintainers, or make it possible to easily trick people to encrypting data to keys that are not really ours.
I sign 100% of my commits, and 100% of all artifacts I maintain etc. Anyone claiming to be me on anything important without signatures from my very well established and easy to verify public keys, are not me.
A PGP key is the only standardized cryptographic passport for the internet and if you don't attach your work to an easily verifiable key you are one compromised account away from having your online identity used for supply chain attacks.
All major linux distributions and the core infrastructure on the internet is anchored in the PGP keys of few thousand people that put in the work to maintain well published keychains.
The only alternatives anyone have proposed are use Fulcio and let Google sign everything for you as a single point of failure for the internet. Hard pass.
Meanwhile with solutions like keyoxide, anyone can form confidence my key is mine trivially without relying on a central party:
> A PGP key is the only standardized cryptographic passport for the internet
I think this rather gives the game away.
For people for whom PGP is important, their PGP key is their identity. And there is a community of people like this. But it's small--I'd guesstimate maybe a million people or so at best, a true rounding error in terms of the internet.
For most people, however, their online identity is generally tied around one of a few core providers. The de facto identity for open source is GitHub, for better or worse. Do I like that we've moved to centralized identity management? Not particularly. But it is telling that in the shift towards identity management as a concept (e.g., OAuth2) in the past decade, PGP hasn't played a factor.
And in all of your passionate defenses of PGP, where you've complained that things don't support the PGP identity model, you've never really addressed the issues that a) most people don't have a PGP identity, b) PGP identity doesn't provide any practical value over existing identities, or c) things already work well enough with other identity models, that PGP identities don't integrate well with.
I do indeed strongly believe decentralized identity is critical to free internet. I cannot imagine any good outcomes from trusting a small handful of corporations that answer to a small handful of governments to decide what identity and access mean online.
But to your point, not nearly enough people have a concept of a desire to want digital sovereignty. Ownership of their own identity in a way a company has no control of.
And the ones curious about this concept, find the barrier to explore it impossibly high. That is why I have been so convinced in recent years that UX and social dynamics matter in cryptography as much as the math behind it.
That is why we put so much thought into keyfork. We realized it has to be one or two commands tops to be up and running with a new keychain or no one is going to do it.
This is what I mean when I suggest people who use PGP are LARPing. It's perfectly reasonable to prefer decentralized systems to centralized ones or to think that it's critically important to the future of the Internet that we pursue decentralization. But cryptosystems need to function when lives are on the line; the preference of an system with inferior, flawed cryptography, in pursuit of a philosophical goal about Internet governance, betrays the fact that the security you're after is only a secondary goal.
You see all sorts of different variants of this argument. People cling to PGP because they believe SMTP email needs a future. What does that have to do with protecting the life of a user? Nothing. People cling to PGP because of concerns about open source. Same issue. Not wanting to run things on their phone. Same issue.
Do you use Firefox on Linux, too? 4K Videos freeze so often for me, I don't even try watching them online, and always just download them with yt-dlp. It doesn't bother me enough to give Chrome a try, but maybe that'd make a difference.
I do too use Firefox on Linux, 4K videos seems to work fine for me, but I've never been able to download higher than 1080p with yt-dlp, seems it's just not available without DRM as far as I can tell, so now I'm curious how exactly you've been downloading that?
yt-dlp + 4K works fine for me. The only special thing I remember doing is adding the impersonate feature (which it prompts you to do if it needs it). In other words, instead of `uv tool install yt-dlp`, run `uv tool install yt-dlp[default,curl-cffi]`
The version in the Arch repos does not include the impersonate feature.
Linux can exist because there is a huge industry producing inexpensive open hardware. If that industry transitions to producing only locked down hardware, it will hurt Linux and all open source software. Be careful what you wish for.
not really, vim's visual mode always extends selection, while in Helix the base mode selects with your base commands so you can act on the selection, but it doesn't extend to the next one. For example, moving by 2 words only selects the 2nd one, not both like in Visual mode.
(although in this specific case of selecting everything this difference isn't visible)
The details are different, but they're both select-then-act. Admittedly, I've never used Helix, but I don't see how what you've described is a game changer. Surely, at least sometimes, what you want to do is exactly what visual-mode provides: explicitly select a region, using the combined movement of any available operator, and then act on that region.
Surely you understand the difference between sometimes and all the other times? This is a game changer for all those other times. Otherwise helix has a similar extending selection mode like visual
> This is a game changer for all those other times.
Is it though? I honestly don't understand what the big deal is. The original contention was that the benefit was in offering selection-then-action, unlike Vi. And then when it's pointed out that Vim actually offers selection-then-action as well, there is a new assertion that it's the particular WAY that Helix offers selection-then-action that is key.
To my mind, selection-then-action is provided by Vim if you want it. Maybe it's a few extra keystrokes sometimes, because it's not the default mode, as it is in Helix, but the main concept (ability to think in object-then-verb) is available in both, if that's the way you prefer to think.
> I honestly don't understand what the big deal is.
Honestly, you't not even trying to
> To my mind, selection-then-action is provided by Vim if you want it.
Ok, let your mind be content with ignoring the difference that I've just explained. By the way, you can also trivialize vim as "it's just a fewer keystrokes sometimes to do the same as in notepad, what's the big deal?"
Why do you think that? I've been listening to what you say. But again, you haven't exactly proven that operating on the single-most-recent movement (which as I understand it, also defines the selection) is the thing that you want to operate on the most often, rather than the convenience of being able to use the flexibility of multiple movements to define a selection.
Anyway, many people do claim that an editor isn't the most important thing, and that thinking takes a lot more time than the operation itself, and that therefore Notepad would often be sufficient. What those people don't really appreciate is the ability to operate on multiple lines at once, not a single selection, but across vast swathes of the text being edited. When your thinking is done, and needs to be applied to every single line of the file, you'd much rather have Vim than Notepad. But in such a case Helix wouldn't offer much, if any, advantage over Vim.
You seem emotionally attached to this in a way that my skepticism provokes, so we can drop the debate. People should use whatever they prefer; no harm done.
