Well that's even funnier... I live in a working class town and they yank you from the voter rolls as soon as you fail to return their annual census.
You know what's even funnier, Beavis? When you check in to vote in-person they cross your name off a list for that polling date. No ID poll taxes or sudden spelling tests for the brown-skinned required!
Sir, you are obsessed and cowardly. Clearly you grew up in a bubble of denial which is bursting. If people lodging complaints about the way you behave (do you even know what that is?) and carrying picket signs terrifies you, then you need to grow up and do some introspection about what it really means to live in a diverse and prosperous society.
Most software in free repos really is unsupported. Smart distros like Ubuntu focus on a core OS and some select applications. That's why they can concentrate on fixing regressions from upstream, like the one that shows your desktop+apps while the screen is locked. Other distros like Fedora just let the bug report sit there for years.
What's funny about this conversation is that (apart from slagging 'noobs' in typical fashion) you don't seem to recognize the common thread of user-orientation that runs through Ubuntu's insistence on a coherent, focused UI and that efficacy you so love. You don't get that efficacy and compatibility without a culture of honing UX through a particular perspective.
Um, SJW is just a slang term for someone with morality you don't like, so its not clear who or what you're ranting about. The fact that you're comparing the tendency to discriminate and throw shade on people because of their background, with liking comic books and Harry Potter, should give a clue that your POV is mixed up.
Funny, you say your friends were "stalked" but whenever I look at comment sections on various sites like Youtube, more often than not I see torrents of angry boys (who have quite a reputation for stalking other people) calling people "hoes, fags and n*ggers" thousands and millions of times. Funny that. Everyone in the world sucks except you, darling superhero-secret-agent-golden-boy-with-an-attitude-problem.
I also happen to be a white male who dresses and acts conservatively, and have been around long enough to know that it is the WASP-y guys who try to recruit people into an irrational cult of hate against aforementioned "hoes, fags and n*ggers". And now that economic trends are biting even you, why not blame them for your problems?
Love the WASP bros running around/. pining about "SJWs! SJWs!" (oh, and my faaaavorite--- "cultural marxism") like we're gonna throw them in jail because of what they do in their bedrooms or who their mamma is. OTOH, if the shoe was really on the other foot they would be in a whole other different world of hurt right now.
Those WMs are only there because debian packages them.
Dozens of WMs in the repos does not translate into dozens of versions of each graphical Howto. Hence, those WMs are not really supported. Where is the official documentation showing peripheral configuration or troubleshooting from those environments? You think Canonical runs detailed tests on them? Ha...
You've already shown why your kneejerk false-equivalency presentation of the issue doesn't work: Its facile toward those who have been engaging in a one-way class war against working class people for decades.
Optimists extol the ease and convenience of frictionless electronic transacting without tedious stacks of paper. The less sanguine note that that's pretty much exactly what team Behavioral Econ says is the recipe to maximize impulse spending and consumer debt accumulation.
I know that was far from your intent, but you elevated "frictionless" economics to something real in order to suggest equivalence. The 1990s want their fallacies back.
Neither precious metals nor paper money have any intrinsic value. They only have value be we have decided to give them value.
Precious metals have one good 'intrinsic' quality: they can be traded as an alternative to any/all paper monies. But the overall value is still psychological and trading is still regulated, so that distinction is not so grand as goldbugs like to think.
Ubuntu is not for you, nor for anyone who says "I have no need for a DE at all". Seriously.
Windows 8 made very similar mistakes. It's all quite obvious, and loads and loads of people yelled and warned and such, but they stubbornly went ahead anyway and ignored their base.
You have made yourself eminently ignorable, as you ignore Ubuntu's vision for what a desktop should be while you want to dispense with desktop environments. That's cuckoo...
If you want an amorphous, free-form OS with no particular roles or use cases enforced in their development process then I'd suggest you use debian or fedora or some other random pile of bits.
No OS should be a paragon of consumer convenience out of the box. That is the "realist" position of convenience taken by the industry for the past couple decades and it hasn't worked.
I don't mind Qubes telling me there are some processes that won't work for risky behavior. The act of not thinking about/where/ workflows take place doesn't fly here... I always have to choose and that in itself is awesome.
Qubes' biggest challenge is hardware support, but that is a factor of consumer attitudes as well. There are probably more suitable models available for it than for OSX, 3D access notwithstanding... its the single most limiting issue (the kind that should be overcome).
Unity's window management makes me want to puke. I used to love Ubuntu, but nowadays, ugh.
What I love about Unity is how Mac-like it is. I have the choice of switching between windows within an app or between the apps themselves -- which is extremely handy.
For me, the global menu debacle forced my hand. I've used focus follows mouse (no autoraise) for nearly 2 decades. I'm not budging on that.
The point about docks I think is valid, but the above quote more than anything illustrates where you're coming from on the other points. You want KDE, but you don't.
The features take 'zero additional code' but you don't want to enable them. If I were Mark Shuttleworth, I'd pay someone to take a user like you off my hands to a different vendor's product.
I think it's "important" to Linux folks who have been repeatedly ignored by Ubuntu's trend to force its choices on everyone.
In other circles, this comment would be a parody of FOSS groupthink. On/. it passes as 'insight'.
The most draconian thing about Ubuntu is that -- like Mozilla -- if you change the distro in any way you have to rename it before redistributing it.
Otherwise, you are free to use Linux in any of the loosy-goosie distros that only vaaaaaaaguely care about usable personal computers, along with all the dick-waving about "my server-grade OS with the very shiny candy-of-the-month on top". In fact, Canonical gives you loosy-goosie distro flavors to use and customize. Or, use Mint if you don't care much for security. Or use Fedora if you're a masochist.
Many people were (and still are) unhappy with Unity and saw Canonical's choices in that regard as part of this "take it or leave it" attitude. Those who were willing to stick with Unity still wanted a little customizability.
Ah, the proverbial "many people". Who cares? Linux users are a tiny segment, anyway. If another distro comes along and increases usership by orders of magnitude, leaving Ubuntu in the dust, then such criticism may be warranted. But as far as I can tell, Canonical have nothing to learn from you... they'd rather learn from Apple and I applaud them for it. That is the reason you can give tech support instructions to an Ubuntu user in GUI terms and have it actually result in a solution; That means something to people who put money and resources on the line when doing installations or writing apps.
Do I want to move my launcher/dock to other screen edges? Yes, I even currently use the Qubes-ified KDE with the dock on the side. When I change my monitors to portrait soon, I'll want them on the bottom again. But... I am so very glad Canonical decided to focus on things like properly managing multiple displays in the first place. Ditto for taming the recurring X11 clusterfucks that cause desktops to be visible when waking computers from sleep; Canonical tests for the problem and quickly issues patches while distros like Fedora/Redhat essentially told people for years they couldn't be bothered. Ubuntu is years ahead in such areas esp. where hardware peculiarities are involved. They have the only decent HCL left in the Linux world, which is a huge service to the users of other distros, IMO.
So all this geek hate aimed at Ubuntu Unity I take with a big grain of salt. It is the same meaningless, elitism-of-the-mediocrities hate that has been aimed at every other distro that wanted to standardize on a single GUI (as if people were incapable of choosing an OS with the UI as a factor in that choice). Its the same shallow idiots and mindset who think good design stops at GUI candy... like that stampede of stupid from a decade ago.
Good reason... Changing the user interface engenders no less upheaval than changing the programming interfaces. Canonical realizes this, so they insist the name of the OS should provide at least a clue to the user. The UI is part of the identity of the OS in the eyes of users and app developers.
Why should Canonical "perfect" Xfce in their distro? Its not their vision for how their OS should look and behave, and standalone "DE" projects do not get that level of vertical integration (in fact, they form out of resistance to it).
I don't rely on SELinux or Linux namespaces or anything else based on that stuff because they are ground up and packaged like a big block of bologna. The nature of the tools you choose are important, and large monolithic kernels are the last thing anyone should use for security.
Its just one of very many examples of Linux security mechanisms failing...and that was hardly even trying. Here is another reason why kernel security cannot protect you:
"Jails" sounds impressive and strong, but its still kernel-based and therefore built on sand. Kernels are great at supplying functional features -- and that's what Qubes uses them for -- but their complexity means their isolation mechanisms don't hold water.
The OS I linked to (which I'm tying on now) shows your apps in the Launcher menu under each 'domain' or VM you've set up. For instance, I have an 'untrusted' VM and a 'personal' VM, as well as 'banking'. Each one of those has a Firefox entry in the launcher; each is completely isolated from the others (especially the VMs I setup with no network access).
Qubes also has disposable VMs that you can use to quickly launch a browser, and the VM is destroyed when you close the browser.
Finally, there is the privacy stuff related to Tor: You can have Tor-specific VMs that are isolated from the rest of the system.
That's why you should only browse inside VMs (esp. an OS that makes all apps run inside VMs)... preferably running on a tight, bare metal hypervisor.
Browsers themselves are way too complex to ever secure them from within. They need to run in strong containment if you want to avoid a high level of risk.
Most threats will come from the network, which means malware attacks.
The fact that 'most threats will come from the network'; does not necessarily mean that this is always your highest risk.
That's why physical security is important, too. (See Qubes anti-evil-maid, USBVM, etc.)
Actually, I have yet to hear of any malware stealing GPG keys and doing anything meaningful with them. So i'm going to say your suggested post-compromise abuse by malware is plausible but theoretical.
They even seem willing to steal a vendor's SIM keys in order to steal an individual's PGP key. You can say they don't seem to be doing anything with stolen keys, but decryption has no obvious effects.
They could also use stolen keys to launch _targetted_ attacks, such as signing backdoored code that is inserted into an update MITM fashion.
If it's a targeted attack, when malware would take specific actions to do with GPG, then why couldn't I target Qubes' hypervisor itself? Spawn some arbitrary code into the host node.... then seek out the disk image files, until I find ones that look like they have a bootsector, and infect those as well...
The point of Qubes is that its isolation mechanisms are simple and strong, and usual channels for vm breakouts are sealed off. The hypervisor in this case is baremetal Xen, at just over 1MB in size and is what runs Amazon EC2. Most hypervisors were designed for administrative convenience (and run on top of a traditional OS), whereas security has been a top priority with Xen. The exploits logged against it are a fraction of what Linux gets and even then they are overwhelmingly DoS. So 'just use a vm breakout attack' is kind of specious. If the community feels they need to strengthen security, they can focus on that tiny bit of code instead of having to wrestle with the unbelievable mess of kernel-based architecture.
Most threats will come from the network, which means malware attacks. The malware can easily wait for you to enter your passphrase. Also note the assumption made by Qubes' threat model: kernel-based security is too complex (in fact, too Rube-Goldberg like) to prevent privilege escalations from a determined attacker. This makes the VM-based solution actually simpler and more secure than normal key use, and at least needing less specialized hardware than the smartcard.
Of course, Split-GPG can also go beyond this level of security by using delegate keys for normal operations.
Finally, there is the concern of side-channel attacks which can be quite effective against public key encryption. Split-GPG gives the user a pronounced "speed bump" in the UI before the key-bearing VM is even started. This gives the user a chance to shut down VMs they consider to be especially risky.
Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the “smart card” plays another Qubes AppVM. This way one, not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations, such as encryption/decryption and signing to another, more trusted, network-isolated, domain. This way the compromise of your domain where Thunderbird or another client app is running – arguably a not-so-unthinkable scenario – does not allow the attacker to automatically also steal all your keys. (We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then.)
The diagram below presents the big picture of Split GPG architecture.
The problem is you're buying "Windows PCs" and expecting "PC" to mean its Linux compatible. If you don't try to stick with PCs that were _designed_ to work with Linux, then you set yourself and your associates up for disappointment _and_ you reward the designers who disregard standards and Linux and deprive designers who honor standards and Linux.
There are Thinkpads that continue to work very well with Linux, in additional to open-source focused brands like Purism and System76. Dell and HP reportedly have laptops made to work with Linux.
Seriously, you have more models to choose from than Mac users do -- so what's your excuse? Seriously, a Windows fan would not be caught dead buying PCs that were not designed for Windows -- so what's your excuse?
If the distinction is not that important to you, then by all means use Windows with your impulse-buy laptop. But if using Linux really matters to you then you must *MUST* plan your hardware purchases around products intended for Linux. Luck will not keep you in the charmed "Gee, it just worked for me I don't know what your problem is" category indefinitely.
Unrealistic expectations about hardware compatibility ("Hey, its a PC and Linux was made for PCs!") is one of the major factors that caused Desktop Linux to fail. These expectations were like a social disease... they just spread effortlessly from person to person. The worst part was that almost every PC appeared compatible on the surface after a cursory 10 min. session. Over the mid-long term it just doesn't work and even people who kept getting lucky will find themselves writing the same kind of dismayed messages about compatibility that you did.
Slashdot Mirror
Well that's even funnier... I live in a working class town and they yank you from the voter rolls as soon as you fail to return their annual census.
You know what's even funnier, Beavis? When you check in to vote in-person they cross your name off a list for that polling date. No ID poll taxes or sudden spelling tests for the brown-skinned required!
Sir, you are obsessed and cowardly. Clearly you grew up in a bubble of denial which is bursting. If people lodging complaints about the way you behave (do you even know what that is?) and carrying picket signs terrifies you, then you need to grow up and do some introspection about what it really means to live in a diverse and prosperous society.
Most software in free repos really is unsupported. Smart distros like Ubuntu focus on a core OS and some select applications. That's why they can concentrate on fixing regressions from upstream, like the one that shows your desktop+apps while the screen is locked. Other distros like Fedora just let the bug report sit there for years.
What's funny about this conversation is that (apart from slagging 'noobs' in typical fashion) you don't seem to recognize the common thread of user-orientation that runs through Ubuntu's insistence on a coherent, focused UI and that efficacy you so love. You don't get that efficacy and compatibility without a culture of honing UX through a particular perspective.
Um, SJW is just a slang term for someone with morality you don't like, so its not clear who or what you're ranting about. The fact that you're comparing the tendency to discriminate and throw shade on people because of their background, with liking comic books and Harry Potter, should give a clue that your POV is mixed up.
Funny, you say your friends were "stalked" but whenever I look at comment sections on various sites like Youtube, more often than not I see torrents of angry boys (who have quite a reputation for stalking other people) calling people "hoes, fags and n*ggers" thousands and millions of times. Funny that. Everyone in the world sucks except you, darling superhero-secret-agent-golden-boy-with-an-attitude-problem.
I also happen to be a white male who dresses and acts conservatively, and have been around long enough to know that it is the WASP-y guys who try to recruit people into an irrational cult of hate against aforementioned "hoes, fags and n*ggers". And now that economic trends are biting even you, why not blame them for your problems?
Love the WASP bros running around /. pining about "SJWs! SJWs!" (oh, and my faaaavorite--- "cultural marxism") like we're gonna throw them in jail because of what they do in their bedrooms or who their mamma is. OTOH, if the shoe was really on the other foot they would be in a whole other different world of hurt right now.
Those WMs are only there because debian packages them.
Dozens of WMs in the repos does not translate into dozens of versions of each graphical Howto. Hence, those WMs are not really supported. Where is the official documentation showing peripheral configuration or troubleshooting from those environments? You think Canonical runs detailed tests on them? Ha...
You've already shown why your kneejerk false-equivalency presentation of the issue doesn't work: Its facile toward those who have been engaging in a one-way class war against working class people for decades.
Optimists extol the ease and convenience of frictionless electronic transacting without tedious stacks of paper. The less sanguine note that that's pretty much exactly what team Behavioral Econ says is the recipe to maximize impulse spending and consumer debt accumulation.
I know that was far from your intent, but you elevated "frictionless" economics to something real in order to suggest equivalence. The 1990s want their fallacies back.
Everything comes with problems... https://news.slashdot.org/comm...
Neither precious metals nor paper money have any intrinsic value. They only have value be we have decided to give them value.
Precious metals have one good 'intrinsic' quality: they can be traded as an alternative to any/all paper monies. But the overall value is still psychological and trading is still regulated, so that distinction is not so grand as goldbugs like to think.
Seriously? They'll just jack up the premiums on the cards, or stop accepting them as payment.
Ubuntu is not for you, nor for anyone who says "I have no need for a DE at all". Seriously.
Windows 8 made very similar mistakes. It's all quite obvious, and loads and loads of people yelled and warned and such, but they stubbornly went ahead anyway and ignored their base.
You have made yourself eminently ignorable, as you ignore Ubuntu's vision for what a desktop should be while you want to dispense with desktop environments. That's cuckoo...
If you want an amorphous, free-form OS with no particular roles or use cases enforced in their development process then I'd suggest you use debian or fedora or some other random pile of bits.
That may or may not be TL;DR....
May you or maybe not have a nice day! :)
No OS should be a paragon of consumer convenience out of the box. That is the "realist" position of convenience taken by the industry for the past couple decades and it hasn't worked.
I don't mind Qubes telling me there are some processes that won't work for risky behavior. The act of not thinking about /where/ workflows take place doesn't fly here... I always have to choose and that in itself is awesome.
Qubes' biggest challenge is hardware support, but that is a factor of consumer attitudes as well. There are probably more suitable models available for it than for OSX, 3D access notwithstanding... its the single most limiting issue (the kind that should be overcome).
Unity's window management makes me want to puke. I used to love Ubuntu, but nowadays, ugh.
What I love about Unity is how Mac-like it is. I have the choice of switching between windows within an app or between the apps themselves -- which is extremely handy.
For me, the global menu debacle forced my hand. I've used focus follows mouse (no autoraise) for nearly 2 decades. I'm not budging on that.
The point about docks I think is valid, but the above quote more than anything illustrates where you're coming from on the other points. You want KDE, but you don't.
The features take 'zero additional code' but you don't want to enable them. If I were Mark Shuttleworth, I'd pay someone to take a user like you off my hands to a different vendor's product.
I think it's "important" to Linux folks who have been repeatedly ignored by Ubuntu's trend to force its choices on everyone.
In other circles, this comment would be a parody of FOSS groupthink. On /. it passes as 'insight'.
The most draconian thing about Ubuntu is that -- like Mozilla -- if you change the distro in any way you have to rename it before redistributing it.
Otherwise, you are free to use Linux in any of the loosy-goosie distros that only vaaaaaaaguely care about usable personal computers, along with all the dick-waving about "my server-grade OS with the very shiny candy-of-the-month on top". In fact, Canonical gives you loosy-goosie distro flavors to use and customize. Or, use Mint if you don't care much for security. Or use Fedora if you're a masochist.
Many people were (and still are) unhappy with Unity and saw Canonical's choices in that regard as part of this "take it or leave it" attitude. Those who were willing to stick with Unity still wanted a little customizability.
Ah, the proverbial "many people". Who cares? Linux users are a tiny segment, anyway. If another distro comes along and increases usership by orders of magnitude, leaving Ubuntu in the dust, then such criticism may be warranted. But as far as I can tell, Canonical have nothing to learn from you... they'd rather learn from Apple and I applaud them for it. That is the reason you can give tech support instructions to an Ubuntu user in GUI terms and have it actually result in a solution; That means something to people who put money and resources on the line when doing installations or writing apps.
Do I want to move my launcher/dock to other screen edges? Yes, I even currently use the Qubes-ified KDE with the dock on the side. When I change my monitors to portrait soon, I'll want them on the bottom again. But... I am so very glad Canonical decided to focus on things like properly managing multiple displays in the first place. Ditto for taming the recurring X11 clusterfucks that cause desktops to be visible when waking computers from sleep; Canonical tests for the problem and quickly issues patches while distros like Fedora/Redhat essentially told people for years they couldn't be bothered. Ubuntu is years ahead in such areas esp. where hardware peculiarities are involved. They have the only decent HCL left in the Linux world, which is a huge service to the users of other distros, IMO.
So all this geek hate aimed at Ubuntu Unity I take with a big grain of salt. It is the same meaningless, elitism-of-the-mediocrities hate that has been aimed at every other distro that wanted to standardize on a single GUI (as if people were incapable of choosing an OS with the UI as a factor in that choice). Its the same shallow idiots and mindset who think good design stops at GUI candy... like that stampede of stupid from a decade ago.
Good reason... Changing the user interface engenders no less upheaval than changing the programming interfaces. Canonical realizes this, so they insist the name of the OS should provide at least a clue to the user. The UI is part of the identity of the OS in the eyes of users and app developers.
Why should Canonical "perfect" Xfce in their distro? Its not their vision for how their OS should look and behave, and standalone "DE" projects do not get that level of vertical integration (in fact, they form out of resistance to it).
I don't rely on SELinux or Linux namespaces or anything else based on that stuff because they are ground up and packaged like a big block of bologna. The nature of the tools you choose are important, and large monolithic kernels are the last thing anyone should use for security.
You may want to think twice about relying on that:
http://theinvisiblethings.blog...
Its just one of very many examples of Linux security mechanisms failing ...and that was hardly even trying. Here is another reason why kernel security cannot protect you:
http://theinvisiblethings.blog...
"Jails" sounds impressive and strong, but its still kernel-based and therefore built on sand. Kernels are great at supplying functional features -- and that's what Qubes uses them for -- but their complexity means their isolation mechanisms don't hold water.
The OS I linked to (which I'm tying on now) shows your apps in the Launcher menu under each 'domain' or VM you've set up. For instance, I have an 'untrusted' VM and a 'personal' VM, as well as 'banking'. Each one of those has a Firefox entry in the launcher; each is completely isolated from the others (especially the VMs I setup with no network access).
Qubes also has disposable VMs that you can use to quickly launch a browser, and the VM is destroyed when you close the browser.
Finally, there is the privacy stuff related to Tor: You can have Tor-specific VMs that are isolated from the rest of the system.
That's why you should only browse inside VMs (esp. an OS that makes all apps run inside VMs) ... preferably running on a tight, bare metal hypervisor.
Browsers themselves are way too complex to ever secure them from within. They need to run in strong containment if you want to avoid a high level of risk.
Most threats will come from the network, which means malware attacks.
The fact that 'most threats will come from the network'; does not necessarily mean that this is always your highest risk.
That's why physical security is important, too. (See Qubes anti-evil-maid, USBVM, etc.)
Actually, I have yet to hear of any malware stealing GPG keys and doing anything meaningful with them.
So i'm going to say your suggested post-compromise abuse by malware is plausible but theoretical.
Not so theoretical...
https://motherboard.vice.com/r...
http://www.theverge.com/2015/2...
They even seem willing to steal a vendor's SIM keys in order to steal an individual's PGP key. You can say they don't seem to be doing anything with stolen keys, but decryption has no obvious effects.
They could also use stolen keys to launch _targetted_ attacks, such as signing backdoored code that is inserted into an update MITM fashion.
If it's a targeted attack, when malware would take specific actions to do with GPG, then why couldn't I target Qubes' hypervisor itself? Spawn some arbitrary code into the host node.... then seek out the disk image files, until I find ones that look like they have a bootsector, and infect those as well...
The point of Qubes is that its isolation mechanisms are simple and strong, and usual channels for vm breakouts are sealed off. The hypervisor in this case is baremetal Xen, at just over 1MB in size and is what runs Amazon EC2. Most hypervisors were designed for administrative convenience (and run on top of a traditional OS), whereas security has been a top priority with Xen. The exploits logged against it are a fraction of what Linux gets and even then they are overwhelmingly DoS. So 'just use a vm breakout attack' is kind of specious. If the community feels they need to strengthen security, they can focus on that tiny bit of code instead of having to wrestle with the unbelievable mess of kernel-based architecture.
"just copy the file when you're not looking"
Most threats will come from the network, which means malware attacks. The malware can easily wait for you to enter your passphrase. Also note the assumption made by Qubes' threat model: kernel-based security is too complex (in fact, too Rube-Goldberg like) to prevent privilege escalations from a determined attacker. This makes the VM-based solution actually simpler and more secure than normal key use, and at least needing less specialized hardware than the smartcard.
Of course, Split-GPG can also go beyond this level of security by using delegate keys for normal operations.
Finally, there is the concern of side-channel attacks which can be quite effective against public key encryption. Split-GPG gives the user a pronounced "speed bump" in the UI before the key-bearing VM is even started. This gives the user a chance to shut down VMs they consider to be especially risky.
Here is their description:
Split GPG implements a concept similar to having a smart card with your private GPG keys, except that the role of the “smart card” plays another Qubes AppVM. This way one, not-so-trusted domain, e.g. the one where Thunderbird is running, can delegate all crypto operations, such as encryption/decryption and signing to another, more trusted, network-isolated, domain. This way the compromise of your domain where Thunderbird or another client app is running – arguably a not-so-unthinkable scenario – does not allow the attacker to automatically also steal all your keys. (We should make a rather obvious comment here that the so-often-used passphrases on private keys are pretty meaningless because the attacker can easily set up a simple backdoor which would wait until the user enters the passphrase and steal the key then.)
The diagram below presents the big picture of Split GPG architecture.
https://www.qubes-os.org/doc/s...
The problem is you're buying "Windows PCs" and expecting "PC" to mean its Linux compatible. If you don't try to stick with PCs that were _designed_ to work with Linux, then you set yourself and your associates up for disappointment _and_ you reward the designers who disregard standards and Linux and deprive designers who honor standards and Linux.
There are Thinkpads that continue to work very well with Linux, in additional to open-source focused brands like Purism and System76. Dell and HP reportedly have laptops made to work with Linux.
Seriously, you have more models to choose from than Mac users do -- so what's your excuse?
Seriously, a Windows fan would not be caught dead buying PCs that were not designed for Windows -- so what's your excuse?
If the distinction is not that important to you, then by all means use Windows with your impulse-buy laptop. But if using Linux really matters to you then you must *MUST* plan your hardware purchases around products intended for Linux. Luck will not keep you in the charmed "Gee, it just worked for me I don't know what your problem is" category indefinitely.
Unrealistic expectations about hardware compatibility ("Hey, its a PC and Linux was made for PCs!") is one of the major factors that caused Desktop Linux to fail. These expectations were like a social disease... they just spread effortlessly from person to person. The worst part was that almost every PC appeared compatible on the surface after a cursory 10 min. session. Over the mid-long term it just doesn't work and even people who kept getting lucky will find themselves writing the same kind of dismayed messages about compatibility that you did.