I’m the Keymaster. Are you the Gatekeeper?

It’s time for another of my modern electronic communication security and personal privacy appeals! Catch up on previous episodes here, here, here, or here.

Sometimes I feel like the dude in the clip below (minus the supernatural stuff, natch): I have a lot of keys, and I’m always looking for people to use them with. 1

Maybe you don’t have anything earth-shattering to keep safe, like:

  • state secrets, or
  • insider trading tips, or
  • the proof that the moon landings were faked

Maybe, like me, you just don’t like Big Data™ adding to its growing profile on you when you send email. You can send encrypted email to prevent that, and it’s really not that hard. The biggest prerequisite is that your recipient(s) also have to care enough to allow you to send encrypted mail to them. Without this, you can stop reading right here. Sending encrypted messages to only yourself is the lonely nerd’s endeavor.

Your recipient has to set up a keypair (explicitly or implicitly through an app or sign-up to a key-providing service) for any of this to work.

There are a couple options.

  1. The easy way: use (and get your email contacts to use) ProtonMail.
    Sign up there for free, get a small2 mailbox accompanying your new @protonmail.com and @pm.me email addresses, and write to other ProtonMail users with no chance of anyone but the recipient(s) reading, compiling, analyzing, marketing what you write. They have apps for mobile devices in addition to browser-based webmail UI.

  2. The less easy way: use (and get them to use) some variation of PGP on top of “normal” email.
    You can get most of the benefits of ProtonMail encryption without having to change your address. Some options:
    • Enigmail for Thunderbird Mail (Windows, Mac, Linux)
    • GPGOL plugin for Outlook
    • Most of the default email programs on Linux distributions:
      • KMail
      • Evolution
    • GPGMail plugin for Apple Mail
    • IPGmail app for iOS
    • various GPG-based apps for Android
    • Gmail plugins:
      • FlowCrypt
      • Mailvelope


    The metadata (subject, date, time, sender, recipients) has to stay unencrypted and publicly visible in order to route the message properly. 3 There are differing standards and compatibility with those standards for the composition and display of the encrypted, cleartext, formatted, and plaintext versions of your message, so there can be complications. This way is for enthusiasts and anyone paranoid enough to not trust the Swiss consumer privacy laws, to which ProtonMail adheres.

The Free Software Foundation publishes a page on “Email Self-Defense.” They do a much better job of explaining the steps than I do. But you could also just switch to ProtonMail and let them handle all those steps for you automatically.

However you do it4, if you want to send unsnoopable email to us, you’ll need our public keys. These are the public keys we use if you want to write to us securely.

cliff at cmail dot xyz public key
cliff1976 at protonmail dot com public key
cliff1976 at pm dot me public key
sarah1976 at pm dot me public key
sarah1976 at protonmail dot com public key

By the way, looking for the public key of any ProtonMail user? You can get it from this URL:

Just put in the correct username in place of “username” in the URL above. PGP-nerds with less-tech-savvy-but-still-concerned friends and family: encourage ProtonMail to them, even if you stick to your existing email address but secure it with GPG. You’ll get the best of both worlds: you are secure in your hackerdom and they barely have to make any change to their habits.

  1. Thinking of you, Snooker. []
  2. But really — 500 MB is big enough for “just email,” if you
    • only give out your address to “real people” as opposed to those who would spam you, and
    • you delete any content you receive but don’t need

    And you can always pay them for more storage if you need it. []

  3. Not so when everyone is using ProtonMail; the mail never leaves ProtonMail’s environment! []
  4. Since a few days ago, ProtonMail now fully supports PGP encryption, even for external recipients! []

Perhaps the last bridge update…..EVAR!?

Checking back through old posts, it would seem like the last update on Bavaria’s Slowest Construction Project® was over a year ago: Bridge Work Still in Progress. But maybe this story is coming to a close, after more than 8 years — four years longer than originally planned. 1

Despite major distractions from local life due to work stress and a few short trips out of town in May (did you see our Cinque Terre post?), we somehow managed to hear that the Bruckmandl2 is back at his post since a week or two ago. Continue reading Perhaps the last bridge update…..EVAR!?

  1. Still doing better than the Berlin-Brandenburg airport fiasco! []
  2. “little bridge dude” []

How Not to Visit the Cinque Terre

I find traveling is a set of skills that stays sharp when you do it often, but we’ve been on a bit of a travel hiatus. After spending a couple of weeks (a long stretch for us) in Mexico this January, we pretty much stayed put for early 2018. Besides, there was plenty that needed doing here. But the drought ended with a road trip to the Cinque Terre, on the northwestern coast of Italy, south of Genoa. In blundering ahead with our rusty skills, we missed a few points on the mental checklist. Here is what we learned so that you don’t have to: Continue reading How Not to Visit the Cinque Terre

Dutch Baby

Mom suggested we try one of these based on this WaPo article she read. Great idea, Mom! I also got some inspiration from this YouTube video.

These are like crêpes you can’t screw up.

I’ve converted the English volumes into metric and/or masses, since I like to weigh ingredients whenever possible to minimize my dish cleanup. Continue reading Dutch Baby


Sounds fancy, but it’s an icebox cake. Raw eggs are in there, so if that’s a dealbreaker, best skip this one.

500 g / 16 oz. Mascarpone cheese
157 g / 3/4 c sugar
2 eggs, separated (I use XL; if you use smaller eggs, you might need 3)
250 mL / 1 cup strong, cold coffee
3 T Marsala wine, DiSaronno almond liqueur, Frangelico hazelnut liqueur, whatever sweet booze you enjoy
1 large package ladyfinger cookies (min. 24 pieces)
grated chocolate or cocoa powder

  1. In a large mixing bowl, combine Mascarpone, sugar and egg yolks. Mix until well combined.

  2. Whip the separated egg whites until stiff peaks form. Fold whites into cheese until mixture becomes smooth and light – don’t overmix!

  3. Have a deep 9×13 ready! Pour coffee and liqueur into large shallow bowl or deep plate. Dip (but don’t soak) unsugared half of cookie into coffee mixture and place wet side down on bottom of 9×13. Repeat until dipped cookies cover the bottom of your pan, breaking up cookies as needed. Spread a thick layer of your cream mixture over the cookie layer. Dip and place another layer of cookies over the cream, then top with more cream. Keep going if you have enough cookies and cream left, just make sure you end with cream.

  4. Sprinkle grated chocolate or dust cocoa over the top. Refrigerate for at least 6 hours before serving.