Adventures in setting up GPG for home, work, and SHA-256

So, 2011 is the year that really brought home just how broken the modern Certificate Authority system is. Basically, if you have a company whose entire revenue model is taking money from people to say that they are who they say they are, it shouldn’t be surprising that they’ll just take money to say somebody is whoever they want. I’d been using S/MIME with a free certificate to sign my emails (at least when emailing people who wouldn’t be too confused by doing so), but I decided that really I needed to switch to the OpenPGP Web of Trust model for it to really be making any sense.

So, I figured I’d set up GPG. I’ve been reading through the Internet, and there was a lot of stuff scattered about, so I figured I’d collect here what I think is the final result of what I’ve set up. Since I didn’t go through all this quite in this order, and I’m doing this from memory, it’s possible that I’ve missed a step in this writeup, though.

Long writeup instructing people how to set up GPG like I did

On Password Management Programs

The recent high-profile hacking of many sites has brought to my attention that I probably ought to change many of my passwords. While I don’t think any passwords of mine that I use in more than one place have been compromised, it’s only a matter of time, especially as like many people I tend to only use a few passwords and variants thereof, particularly on “low-security-needed” sites like message boards.

So, I want to go through everywhere that I use a password (a daunting task to try to figure out in and of itself), and do things “the best way”, of having my passwords actually be completely random strings, and having the list encrypted in some sort of password management program with only one secure master password needed to get to the list.

I’ve looked into some programs online, as there seem to be a variety of programs out there for this task, but I haven’t found anything that’s exactly what I’m looking for. It’s highly likely that exactly what I’m looking for doesn’t exist, but I figured I’d see if anyone knew of one that did.

My absurd list of probably contradictory requirements:

  • Free.
  • Cross-platform, including Mac OS X, Linux, Windows, iPod Touch, and Android.
  • Syncs between computers/devices automatically (sufficient to be able to use Dropbox for this).
  • Easy to verify that all encryption/decryption happens on the client side, so that the only bits sent over the Internet have already been encrypted with the master password. Being open source is probably the only way to really fulfill this requirement.
  • Able to export all data in case of needing to migrate to another program.
  • Generation of ridiculously secure passwords for you, within whatever the constraints are of the system that the password is being set up for.
  • Integration with Opera for login to web sites.
  • Being able to add arbitrary text to store encrypted with everything else, that isn’t associated with a particular web site.
  • Being able to add arbitrary text to store encrypted with a login for a particular web site (such as the answers to that web site’s multi-factor authentication).
  • Being able to include Client SSL certificates or other X.509 certificates with their private keys.
  • Being able to include private keys/files in other forms, such as Bitcoin wallets or GPG keys.
  • Multi-factor authentication, without it being a huge pain every time I need to use a computer. (I said these requirements were contradictory, after all.)
  • Some way for my wife/heirs to be able to easily access it if “something were to happen to me”.

It’s something I’ve been mulling over for a while, but it may be that I want so low-level control of the system that I really just want a TrueCrypt volume on DropBox or something and deal with it not having everything I want. But I figured I’d at least ask for the world in a public setting, and hope that somehow the world will provide me with everything I ask for.

On tie results in elections

It seems to me that there have been a number of ties in Massachusetts recently. First of all, the 6th Worcester District State Rep. race in November, which after a number of recounts and court challenges was deemed to be a tie. (Whether or not it should have been a tie might be up for debate, but that’s what our legal system seems to have produced.) A new election was held on May 10, and Mr. Durant is scheduled to be sworn in this week.

A “race” for Selectman in Boylston recently ended in a tie, where a write-in candidate who didn’t campaign but said “he would take the seat if elected” got exactly as many votes as the incumbent who was on the ballot. The recount showed the same result.

And in Becket, there was another tie vote for selectman, although presumably a recount may happen there as well.

Massachusetts law calls a tie result a “failure to elect”, which is a rather interesting result. It basically means that nobody won by getting a majority, so a new race would need to be held. I’m baffled why people would expect a new race to have a different result. It seems that it just changes the statistical sample slightly, such that you might get a different result, but it’s not clear to me that the result you get from that represents the people’s will any better than flipping a coin would.

And, it leads to the bizarre thought that if you as a voter didn’t like any candidates on the ballot, you should try to vote and campaign such that it was most likely to result in a tie. That way, you’d get your wish and nobody on the ballot would be elected.

I wish that we used a reasonable voting system. But I don’t know what system would actually be both understandable and most representative of “who people want”, whatever that might mean.

Elections in Charlton 2011 Summary

I’m always a little confused when people call a year an “election year”. Every year is an election year for something. Charlton has quite a bit happening in a short time:

April 12, 2011: 6th Worcester District State Rep. Special Election Primary

May 7, 2011: Charlton Municipal Election

  • Board of Selectmen (seat 4): Incumbent Scott Brown is being challenged by Brent Sellew and Joseph Safarowicz
  • Board of Selectmen (seat 5): Incumbent Kathleen Walker is unopposed.
  • Town Clerk: Darlene Tully, who was appointed to the position after Sue Nichols retired, is being challenged by William Guy.
  • Tree Warden: Incumbent Todd Burlingame is being challenged by Dennis DiPierri
  • Dudley-Charlton School Committee (1 year): A 4-way race between Elaine Rabbitt, Joshua Evans, Deborah Marquis and Robert O’Brien.
  • And running unopposed:
    • Moderator: me
    • Cemetary Commission: Donna Neylon
    • Assessor: Patricia Gill
    • Board of Health: Matt Gagner
    • Planning Board: John McGrath
    • Water-Sewer Commissioners (vote for 2): Robert Lemansky and Joe Haebler
    • Library Trustees (vote for 2): Richard Whitehead and Karen Spiewak
    • Recreation Committee (3 years): Warren Snow
    • Recreation Committee (1 year to fill vacancy): Linda Bellows
    • Housing Authority: Carol Smeltzer
    • Southern Worcester County Regional Vocational School Committee: Olaf Garcia
    • Dudley-Charlton School Committee (3 years): Ray Chalk
  • And there may also be a Prop. 2½ debt exclusion on the ballot, if the selectmen choose to put it on there.

May 10, 2011: 6th Worcester District State Rep. Special Election

There are many, many interesting contests unfolding over the next couple months. Should be fun to watch and participate in.

It’s a tie

The judge has ruled that our State Rep. election has resulted in a tie, and that a new election be held (Telegram, Boston.com, Walter Bird). The final decision, of course, rests with the State Legislature, which I’m guessing will comply. If they’re feeling generous, they may even help the towns pay for it. In the meantime, I suspect that Alicia will start getting his paycheck again and start voting, since people can reasonably claim that he wasn’t defeated.

I have no idea whether or not the ruling is correct. Maybe this is the logical result of the recount and court process, making sure that every vote is counted. Maybe Southbridge’s procedures were screwed up enough that it’s impossible to tell what the count “should have been” in that town. Maybe there really were just more incorrectly-filled-out ballots in Southbridge, so that’s where the problems were bound to happen. It’s hard for me to get over the fact that out of the 12 precincts in the district, in all 7 that weren’t in Southbridge, every total (Alicea, Durant, blanks, write-ins) turned out exactly the same in the recount as it did on election night, and in all 5 precincts that were in Southbridge, something was different, even if it was just the number of blanks (meaning that the total number of ballots even sometimes changed). I’m certainly going to assume incompetence and faulty equipment before assuming negligence and fraud, but it definitely makes me support efforts to regularly audit machine election results. For instance, after going through this process, I have a lot of faith that Charlton’s elections are accurate, so it almost seems to have been worth going through just for that.

The date of May 10 for a special election is being floated around. I think it’d be a little silly, since the Charlton municipal elections are on May 7 (where I happen to be running for re-election), so it’s probably what’ll end up happening. I have no idea who will win, though. Certainly, supporters of each side will try to get their people out to vote, but I’m not sure who has better enthusiasm, or who will have better enthusiasm by the time of the election. I’m also not sure why people think a new election might have a different result. Perhaps it really is the case that half the people prefer one candidate and the other half prefer the other.

6th Worcester District Election Trial Coverage

News and commentary of the trial so far:

What I find most interesting is that there is very little talk of the infamous “spoiled absentee ballot” that nobody knew anything about. Perhaps it’s a very small part of the court case, or perhaps its story just wasn’t considered interesting by the reporters. I wish I could have attended the trial to see it all firsthand instead of relying on these reports.

So, closing arguments are this morning. I do wonder how long the judge will take to make a ruling, and whether the House of Representatives will bother following it.

6th Worcester District Election Update

I haven’t updated this in a while, but the election is still in court, even though the legislative session started yesterday. I briefly turned on the video feed of the state house yesterday in the background while I worked, and during the roll call of voting for the Speaker of the House, they called Alicea’s name. It appears Alicea remains state rep for now. I think there was a court hearing today, although I don’t know if there will news coverage of it.

Of course, the court case is really completely irrelevant, since according to the Constitution of the Commonwealth of Massachusetts, “The house of representatives shall be the judge of the returns, elections, and qualifications of its own members.” (Chapter I, Section III, Article X) This power has been upheld by the state Supreme Court, that any court order to the House relating to the election of someone to the House is merely a suggestion, and that the House can select whomever it wants to be a member of itself. (Larry F. Wheatley v. Secretary of the Commonwealth & another, 2003)

I do have to wonder what the authors of the state constitution were thinking when they wrote that, since it seems very much against the concept of separation of powers to curtail abuse, since I don’t see any reason why the House would ever choose to listen to the people. Although I suppose if another branch could just take over the House, then no separation would exist at all. Maybe there’s just no way to win.

But since one person’s vote is statistically unlikely to actually influence an election, it’s very discouraging that here, in the one time in my life where my vote might have actually mattered, it seems that it won’t have mattered at all, since the House will just do what it wants anyway. It definitely doesn’t make me want to bother to vote for a State Rep. again.

On the plus side, since the recount in Charlton led to exactly the same results for all Charlton precincts, I now have a lot of faith in Charlton’s town election process.

6th Worcester District Recount Update

Following up on my prior post, Oxford’s recount, just like the other towns other than Southbridge, came up with the same exact result as election night. Alicea’s going to bring the election to court. The main issue is an absentee ballot in Southbridge that was in the “spoiled ballots” envelope, marked for Alicea. The spoiled ballots envelope is for if one is at the polls and makes a mistake marking one’s ballot, one can bring it back to a poll worker, who puts it in the spoiled ballots envelope and gives you a new ballot. There’s no reason for an absentee ballot to be in that envelope. The ballot in question is marked as having been run through the voting machine, but rejected by it. So, did a poll worker write out a new ballot for this person and put it in to let the person’s vote count, and thus this person’s vote has already been counted? Or did the poll worker just put the ballot rejected by the machine in the spoiled pile, and thus it still needs to be counted? Nobody seems to know, and it seems that the Board of Registrars in Southbridge decided just to not count it and let the courts figure it out (2–1, on party lines, of course).

Even if the courts do accept and count the ballot, there are other votes that Durant lost in the recount that he thinks might end up in his favor, plus there were all the ballot box issues in Southbridge. My father, who attended several recounts on behalf of the Durant campaign, said that Southbridge was just “chaos” compared to the other towns, and that Southbridge took 7 hours to count less ballots than Charlton counted in 3 hours.

So, it should be an interesting court case to watch.

Related news articles and commentary:

A Recount Timeline

A saga of the election in the 6th Worcester District of the Massachusetts State House, between challenger Peter Durant (R–Spencer) and incumbent Geraldo Alicea (D–Charlton). The district is composed of all of Charlton, East Brookfield, and Southbridge, two of the four precincts in Spencer, and one of the four precincts in Oxford.