Or buy $2400 of GPU today to get you something close to get you within 10% of Opus 4.6 on coding benchmarks, that pays for itself in 1 year, AND you can work with private code and data offline as you like with no censorship or restrictions.

The value proposition of Anthropic is comically bad to anyone that understands how to insert PCI-E cards into a motherboard and install linux.

Those are all well worth being a month behind frontier models.

Insert 2-4 $1200 r9700 GPUs in a Linux 7.0.0+ machine with 64GB+ of DDR4-5 memory, fire up llama.cpp, and connect with any OpenAI compatible tools.

A free public anonymous LLM like BigPickle can easily set up the software for you if in doubt.

These days I have significantly higher self respect, always have multiple income and funding sources, and a lot more protective of my time.

I mostly work on custom from scratch Linux operating systems and packages across dozens of languages.

I do 100% of my AI work today using two AMD r9700 pro GPUs on a 10yo pc I pulled out of an old arcade machine.

AI subscriptions only make sense for people who cannot build a basic home computer.

We pull out the deck, he says "Do not need that. How many paying customers do you have?"

Given we were at MVP stage and were running a public sentiment analysis driven social media search engine using our published academic AI work (15 years ago) we said "None yet. The capital to build the paid portion of our product, which is popular, is why we are here."

As he eats his eggs he goes "Come back when you have a hundred or more paying customers" and sent us packing .

Not even a 5 minute interaction with people he asked to fly out to pitch him, and were not even allowed to pitch.

I expect rejection by default at an early stage, but that one was particularly mean.

It will forever remain my go to example of a meeting that could have been an email.

One excited investor we did find for another project ended up being the now famous con man "Michael Prozer" who got on who wants to marry a millionaire using forged bank records and proceeded to get actual capital based on this lie until he was arrested for fraud.

My opinion of VCs is still... recovering. The bar is in hell.

Stop giving Anthropic money and figure out how to take the same money to buy some GPUs, and physically insert them into workstations. It is not that hard, I promise.

OpenBSD does fantastic work, but you and I both know it will never have any significant adoption on the web at this point.

Try to convince an actual Linux distro running any significant portion of the web they should stop using Ed25519 via PGP smartcards and use Ed25519 via signify exposing their keys to system memory (and thus malware) instead, with no key discovery protocol, for unspecified reasons.

Would love to see a threat modeling case for that.

At this point you have shown your hand. You hate PGP so much you would make security for everyone worse to get rid of it. There is no reasonable threat model to support your position.

I would suggest you pick one of the mainline Linux distros that relies on PGP and make a detailed RFC with a plan to downgrade their security to your non standard minisign/ssh solution with private keys exposed in system memory as you propose, and make a convincing case why it is worth it and what advantages they get for doing so.

Let me know if you do. I am sure it will be a great case study.

Okay so drop the IETF standard, web of trust, smartcard support, and external key discovery mechanisms to prove the whole keychain was not swapped out with a fake one, and just have everyone generate minisign keys exposed to system memory with no trust link backwards, and then sign things with probably the same algorithms. But then we cannot sign commits or code reviews with minisign because non standard, so i guess use ssh keys for those, and then maintain multiple keychains for each person.

Minisign is strictly worse in every way. Your camp will never convince Linux maintainers to switch with this pitch.

Many of us actually do verify the web of trust, extensively. I have many Linux maintainers in my own keychain independent from their usage in linux distros. Minisign has no such key distribution and accountability system.

That said protonmails lead cryptographer has been quite public about his support of the refresh and helping lead some efforts https://proton.me/blog/openpgp-crypto-refresh

I have dozens of more examples of high risk orgs with cryptography teams relying on PGP I am compiling for my post right now. Added a bunch of extra ones just for you.

Honestly from my side of the table, it is the anti-pgp camp that appears to be the loud minority. The world quietly runs on "dead" PGP technology so deeply that any calls for a complete replacement without any compatibility or trust transition path are clearly under-researched and should not be taken seriously.

I have a hard time imagining many cryptographers deeply aware of the impossibility of any rapid transition away from PGP would suggest we abandon the migration to secure modern ciphers now.

A lot of people would like to -eventually- move away from openssl too, myself among them, but not updating to openssl 4 and beyond in the short term would be a world burn kind of move.

I really hope I am misunderstanding you.

It proposes that dissidents and security researchers from all countries from a wide range of backgrounds and beliefs on privacy, should all just accept the terms of service of their pick of two US based surveillance capitalism mega-corporations, trust they do not have any insiders or vulns, then reveal their identity to cell carriers in most countries, to get signal up and running, whose terms of service they must also accept, and then with the help of two corporations and their proprietary software supply chains, they can then submit an encrypted security vulnerability.

I legitimately laugh every time at the US corpo-brained takes in posts like these.

TL;DR: "Just let the US tech giants handle all identity and communication for the whole internet. What could go wrong? Super secure companies with great uptime like Microsoft GitHub can sign our commits for us and of course Google and Apple pinky swears to disobey executive orders to serve tampered updates of Signal to select devices. It will be fine."

The people that use their PGP keys to sign and securely distribute damn well near every binary that powers the internet are mostly in Europe, and not big fans of letting centralized and mostly proprietary US institutions control their online identity, let alone trusting them to not use a supply chain attack to read their private security correspondence. I for one have found a pile of serious vulns, including in GnuPG, and I do not have a Signal account and never will as I disagreed with the terms of service of Apple Google and Signal. Anyone that does not want plaintext disclosures would be wise to publish PGP keys for people like me. Thankfully most major tech firms still do, even if only to appease non US citizens and my fellow decorpoed americans.

Encrypted email is the only neutral decentralized and IETF standard comms tool we have. I say that as also a big fan of Matrix and would love to see it or something decentralized like it standardized but right now email is the standard so the snowdens and security researchers of the world should use PGP with modern ciphers and learn how to do it offline when doing high risk comms.

Even so, on the other side of this, having setup bug bounty programs for many orgs, the PGP encrypted/signed submissions from reputable folks were always the really spicy shit I would not want anywhere near a modern smartphone, and I would always decrypt them offline with a smartcard for good reason. I would not even consider being party to a bug bounty program that does not publish a PGP key to be maximally inclusive, even if they hate PGP.

Also re tarsnap. It does not even support smartcards, so just shove your private key for your entire filesystem in system memory, and back it up to a conventional password manager I guess? WTF.

Meanwhile with PGP you generate a key on a smartcard, you provide the public key to duplicity, and you can do backups without ever exposing your private key.

The alternatives suggested are strictly worse by any metric, and fail to understand the threat models of existing solutions.

Yep. I have read every single blog post I can find from critics. Most several times. As have most people that work on this stuff. Some were partly relevant when they were posted and even less relevant today. All of them completely missed the boat on the problems PGP solves that none of the alternative do, or have any serious suggestions for migration paths or standards changes.

I will be quoting most of those posts in a blog post in the next couple weeks on https://distrust.co.

Most of them have corporate alternatives to sell you which have no chance of adoption by standards bodies.

If you want to use shiny new ciphers, expect to have limited reach to those on legacy tools. Tradeoffs each user can make for themselves.

That is not an OpenPGP problem, that is just the nature of distributed systems.

If we are going to play the appeal to authority game, I could just as easily challenge you to find any willing to publicly point out any serious issues with the current PQ focused OpenPGP standards with implementations using libraries by accomplished cryptographers. I am sure they would appreciate constructive feedback. Encourage them to join the specification process and recommend specific alternatives and migration paths.

I also wonder if we could find any that would not scrap TLS DNS and a lot of IETF protocols that run the internet today if they could. Decentralized protocols are messy but anything that tries to replace them without first taking the time to understand the current uses and migration path has no hope of success, and that is brutally difficult political work full of careful compromises.

Famous cryptographers have long advocated for things like tcpcrypt, and I even agree with them, but it will probably never happen. Too disruptive. We are still rolling out IPv6 FFS. When faced with an established global internet, compatible lower disruption migration steps are the only way forward as most experienced security engineers would begrudgingly agree.

Cryptographers should absolutely focus on the security of the ciphers, but when it comes to applications, and human privacy and security goals, and human to human trust bootstrapping protocols, the conversation has to get a lot wider. It is normally dominated by security engineers like us close to the hands on use cases, and the people doing the hard work in the working groups and tool development circles that understandably wish to quietly read different takes from a safe distance.

Just like IE6, GnuPG abandoned the global standardization processes and in doing so forced an expensive migration to successors.

Global changes on the internet take decades in part because of all the people far removed from the process spreading outdated information and demanding we give up on standards and move the whole world to centralized solutions that do not even solve the same problems, like Java Applets, Adobe Flash, or Signal.

Meanwhile those standardizing and rolling out longer term solutions roll their eyes and keep doing the work.