I have been signing my email for the last couple of years. I do this because I want to promote a world where people have cryptographic keys as a matter of course. In a world like that, I could send encrypted email to my contacts, and not have anybody being able to snoop on my correspondence.
Unfortunately, this is not an easy task. I use Kmail, because it is the only mailer that I actually like. When it work, it does things exactly the way I want them. When you have to change things, it is often a very difficult task.
So, when Kmail reported that my certificate for signing email was about to run out, it triggered a chain of tasks before I had a new certificate in place. I had signed up for a free certificate from CAcert.org. Fortunately they use my email address for identification. Then I went through the circus of generating a new password for my account. CAcert requires a password with lower case, capitals, digits and special characters. I have no clue what my old one was, or where I wrote it down.
Updating the cert was a breeze, and downloading it in my Iceweasel (Firefox) was also simple. Unfortunately, the backup/export from Iceweasel wasn't importable in Kleopatra. After reading web pages for a while, I realized that using Konqueror would give a different result.
I download the cert and now I can import it into Kleopatra. Great joy!
Unfortunately, I'm not done. Kmail desn't know that I have a new cert. I have to go into the settings of Kmail and point to a new cert, which is just identified with a different hexadecimal ID. Since I just had 2, it was easy to pick the other one. They seem to be hard to remove, so I'll probably have a chore the day I have half a dozen.
So, in summary, I have had to do 4 steps to get a new cert:
1. Generate one at Cacert.org
2. Download it using Konqueror, a browser I normally don't use
3. Manually import it into Kleopatra (don't forget to remove the downloaded file, or to stash it in a safe place)
4. Manually update Kmail
This is not user friendy, humane or usable. I do this once every 6 months, because my cert expires. This is often enough that the job should be made easy. It is also seldom enough that I forget the steps between times and have the same chore every time I have to do this.
What I'd like to see is a plugin module for Kmail, that perfoms all the steps. Takes my password for CAcert from my kde wallet, logs in to CAcert, updates the password, downloads it, stashes it into Kleopatra and updates Kmail to use the new certs.
Before it becomes this simple, cryptographic keys will never become popular.
2011-08-08
An ambition to help improve Debian and Gnu/Linux
I have been a Linux user for close to 20 years by now and I have been a Debian user for more than half of that time. Most of the time I have had Windows machines in parallel, so I have had a rather close comparison with the main competition. My main tool for work has always been the Linux system, when I have had a choice.
I use my machines for a huge number of tasks. Email and web like everyone else. Word processing, spreadsheets and presentations in my tasks as corporate management and technical manager. Python, Emacs and other developers tools for program development. MUD, computer games, music and film for entertainment. Irc, Skype and XMPP for communication. I run mailing lists, servers for booking canoes and selling wine and a server for statistics in a car cooperative. I store and edit my photos. Sometimes I write scripts to do image processing and sometimes I write scripts that spider websites for information. I also do bookkeeping for he kayak club that I am a member of.
Most of this can be done very well on a Linux machine and more often than not, it will work better to do it there than under Windows. Still, there are things that are broken or break unexpectedly on my Linux machines. I use Debian testing since many years back. I'm happy to accept short periods of brokenness in exchange for having access to recent packages. On the whole this has worked extremely well and the problems I want to write about on this blog would not go away if I was using the stable release.
My intention with this blog is to illuminate the problems I run into in my use and administration of my Debian systems. The purpose is to give Debian and upstream developers an insight into the nature of the problems that users have. Hopefully this will improve the user experience in the long run. Maybe the year of Linux on the desktop will happen one day. Currently there are too many hurdles to large scale adoption. While many things have gotten better in recent years, there are still some shortcomings in areas of paramount importance.
To make you aqainted with my environment, here is a brief introduction of the machines I am using:
sangiovese - an AMD64 installation of Debian testing in an HP machine. This is my main workhorse. It has an extra graphics card, a large monitor, analog speakers on a separate audio card and a webcam with built in microphone on a USB plug. The machine has 4 GB of RAM and is on my home network through 100 Mbit/s wired ethernet.
muscat - an i386 installation running Debian testing. It is an old HP/Compaq machine that works as printserver and music server for my squeezebox system. It has a wired connection to my home network.
protagonist - a Thinkpad x60s laptop with 4 GB of RAM running Debian testing. I use it for everything while travelling and for reading stuff and watching video in bed.
enzo - this is my office workstation. It runs Debian testing, AMD64. Its main use is for mail, web browsing and administrative tasks.
theraft - this is the office main server. I am not administrating this machine, but I occasionally need to do stuff on it. It runs Debian stable.
pbf - this is the server for my hobby projects. It runs Debian testing AMD64 and is a virtual host. It used to be a physical machine but was turned into a virtual host after the hardware started acting up.
There are other machines that show up in my life, but they usually have more specialized tasks, and there are other people who manage them.
I use my machines for a huge number of tasks. Email and web like everyone else. Word processing, spreadsheets and presentations in my tasks as corporate management and technical manager. Python, Emacs and other developers tools for program development. MUD, computer games, music and film for entertainment. Irc, Skype and XMPP for communication. I run mailing lists, servers for booking canoes and selling wine and a server for statistics in a car cooperative. I store and edit my photos. Sometimes I write scripts to do image processing and sometimes I write scripts that spider websites for information. I also do bookkeeping for he kayak club that I am a member of.
Most of this can be done very well on a Linux machine and more often than not, it will work better to do it there than under Windows. Still, there are things that are broken or break unexpectedly on my Linux machines. I use Debian testing since many years back. I'm happy to accept short periods of brokenness in exchange for having access to recent packages. On the whole this has worked extremely well and the problems I want to write about on this blog would not go away if I was using the stable release.
My intention with this blog is to illuminate the problems I run into in my use and administration of my Debian systems. The purpose is to give Debian and upstream developers an insight into the nature of the problems that users have. Hopefully this will improve the user experience in the long run. Maybe the year of Linux on the desktop will happen one day. Currently there are too many hurdles to large scale adoption. While many things have gotten better in recent years, there are still some shortcomings in areas of paramount importance.
To make you aqainted with my environment, here is a brief introduction of the machines I am using:
sangiovese - an AMD64 installation of Debian testing in an HP machine. This is my main workhorse. It has an extra graphics card, a large monitor, analog speakers on a separate audio card and a webcam with built in microphone on a USB plug. The machine has 4 GB of RAM and is on my home network through 100 Mbit/s wired ethernet.
muscat - an i386 installation running Debian testing. It is an old HP/Compaq machine that works as printserver and music server for my squeezebox system. It has a wired connection to my home network.
protagonist - a Thinkpad x60s laptop with 4 GB of RAM running Debian testing. I use it for everything while travelling and for reading stuff and watching video in bed.
enzo - this is my office workstation. It runs Debian testing, AMD64. Its main use is for mail, web browsing and administrative tasks.
theraft - this is the office main server. I am not administrating this machine, but I occasionally need to do stuff on it. It runs Debian stable.
pbf - this is the server for my hobby projects. It runs Debian testing AMD64 and is a virtual host. It used to be a physical machine but was turned into a virtual host after the hardware started acting up.
There are other machines that show up in my life, but they usually have more specialized tasks, and there are other people who manage them.
Subscribe to:
Comments (Atom)