Behind the Mug: Jeffrey Goldberg

We’re starting a new feature here on the Agile Blog to tell you a little more about some of the awesome people who make up the 1Password team. We’ve got a diverse cast from across North America and Europe, and we think they’re all pretty neat.

Starting off this series with a bang is our security guru, Jeffrey Goldberg.

Chief Defender Against the Dark Arts


Jeffrey Goldberg lives in Plano, Texas. He moved there with his family from Southern California in 2005. When asked why, he would answer that he moved there for the weather. In this way, Jeffrey alerted his new neighbors that he was a serious contender for the role of village idiot. A title he has since earned and defended.

The real reason for the move, of course, is that he is a global stalker: He has been following his wife (an academic) around the planet since 1988. That includes living in Hungary, England, Southern California, and now North Texas.

Jeffrey suffers from a pathological compulsion to explain things to people. The people around him also suffer from his compulsion. His actual training is in theoretical linguistics (a PhD dropout), but he barely manages to speak one language.

Jeffrey was invited to join AgileBits (then Agile Web Solutions) presumably because Dave and Roustem liked his posts on the forums explaining security. At the time, he was working toward becoming a high school math teacher, but had learned through student teaching that he just didn’t have the right temperament for it. In a previous life (the 20th century) he had been a system administrator and postmaster at a UK university, a dilettante academic, publishing a few papers with his wife.

A quick Q&A with Jeffrey:

What’s your spirit animal?

Banana slug.

What’s in your mug: coffee or tea?


What’s your favourite family recipe?

Uncle Sweeney’s meat pies.

What’s your pet peeve?

That many useful theorems depend on the Axiom of Choice.

What do you want to be when you grow up?

A fog horn.


8 replies
  1. toasted
    toasted says:

    Nice idea. Posts in the forums by Goldberg are really informative and interesting… Shame that better a effort was not made here to tell us about JG.

    • toasted
      toasted says:

      Here is a few thoughts:

      How did you get into this profession?
      How did it come about that you are at Agilebits?
      What was your biggest professional challenge and how did you meet it?
      What did you do before Agilebits?
      If you could see the future, what will the state of encryption be in 10 years time?
      What advice would you give to someone who wants to learn about encryption or who wants to get into the profession?
      How important is collaborative relationships with professionals in other organisations?
      How do you stay sharp and on the top of your game?
      What do you do when your not working?

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      “How did you get into this profession?”

      This is a really long and round about story.

      Back in my student days, I did a lot of messing about on the various university’s computers. When I got to Stanford as a PhD student, one of the things that I did as part of my Research Assistantship was to do TeXnical work with CSLI’s publications. One of the projects was Gerald Gazdar’s bibliography of work in computational linguistics (this was around 1985 I think).

      For it, we actually set up a system where people could email a particular address with a search query, and the system at our end would email back the results. As part of this process, I learned a lot about email. This was during the transition to APRAnet style email from various combinations of BITNET, UUCP, and all of the other things that Internet protocols eventually replaced.

      Of course one of the first things that I learned as I read the new protocols was how easy it was to counterfeit email. This led to my involvement in a few pranks. Anyway, I ended up being the person who knew a lot about email, so I also ended up managing mailing lists and such.

      So now moving to 1988 when I moved to Hungary (remember the bit about being a global stalker). Here I was at the Research Institute for Linguistics of the Hungarian Academy of Sciences but without an Internet connection. Anyway, the group I was part of had succeeded in getting a grant proposal (from the Soros Foundation) and various permissions to actually get the Linguistics Institute connected to the Internet.

      So as part of that, I ended up doing a fair amount of system administration and also taught a course on Unix and C programming. Anyway, when following my wife to Cranfield University (England) in late 1994, I walked into their Computing Centre and said, “I will work for Internet access” (they didn’t have a Linguistics department). Eventually, I got heavily involved in system administration, including email stuff.

      Now I had always had some interest in cryptography, but had never studied it. But when I was at Cranfield, a number of things came together:

      (1) I was a big advocate of PGP and was trying to encourage its use. I taught a couple of workshops on it there. (Of course, as a US citizen I couldn’t actually give a copy to anyone as that would be illegal export of a munition).

      (2) This was also the time we the predecessor of OpenSSL was being developed and we started to run a “secure web server”.

      (3) The third thing is that Cranfield University was close to Bletchley Park, a close relationship developed between some of us at the Computing Centre and the people who were trying to get the Bletchley Park Museum off the ground. Cranfield hosted the first website of the Bletchley Park Museum, and I spent some time getting to see the progress on projects like rebuilding the Colossus, arguably the first electronic digital computer.

      In 2000 my wife got a job at the University of California, Riverside, and I followed her there. I did some work as a freelance system administrator for a couple of small and medium sized business. Got very heavily involved in spam fighting among other things.

      At various times over the next ten years, I would get frustrated about passwords. I tried more than once to develop my own password manager and I also tried out a couple of different ones that were available.

      During one of these fits of “there has to be a decent way of handling all of these passwords” I tested out 1Password. Now this is when it was Mac only, and I still hadn’t completed my transition from Linux to the Mac (that is another story). I was also a bit of an open source zealot (though that was fading with my transition to the Mac).

      So given this, I wasn’t particularly inclined to go with a closed source, Mac-only password manager. But I thought I would look into 1Passwd anyway. I was so impressed with it and with the design philosophy that these overcame my other misgivings. 1Passwd (soon renamed 1Password) was the system that I would have liked to design (only much better than what I am capable of building).

      “How did it come about that you are at Agilebits?”

      So over the years I became an enthusiastic supporter and contributor to the forums, often explaining the security principles involved. Eventually I was asked to join the team. At the time, I was just starting Student Teaching in an attempt to become a high-school math teacher, so I declined. After learning that I wasn’t cut out to be a school teacher, I accepted.

      “What was your biggest professional challenge and how did you meet it?”

      My biggest professional challenge has been and continues to be clinical depression. This interferes with every aspect of my life, professional or otherwise. Meeting it involves active treatment and modern pharmacology. It is largely “under control”, but it remains a problem.

      “What did you do before Agilebits?”

      I think I’ve covered a lot of that with previous questions.

      “If you could see the future, what will the state of encryption be in 10 years time?”

      I have made so many predictions that have turned out to be utterly wrong, that I am hesitant to say much on this.

      Almost 20 years ago I predicted that “we will do away with most passwords in the next five years”. I was certainly wrong about that. I also thought that by 2005 everyone would be encrypting their email, and I was spectacularly wrong about that.

      Sure, I’ve made some correct predictions. For example I (along with many others) predicted that after Europe moves to chip and PIN credit cards, credit card fraud would become a major problem for issuers in the US if they didn’t follow suit. What I didn’t anticipate was how slow the US would be in doing so. (In retrospect, I see why it has been so slow.) I’ve given up making predictions about Mac malware. (Again, I see in retrospect why my predictions were wrong, but I still have a history of being wrong.)

      So with all of that history of bad predictions here goes.

      (1) Quantum attacks remain a “long way off”. Sure there will be some break throughs in quantum computing, but nothing that should undermine confidence in RSA or DH/ECC. However, we will see advances in algorithms that will resist QC attacks. And so there will be a gradual change toward those as they become better studied, standardized, and freed from patents.

      (2) DH will be replaced with ECC almost everywhere. (But with proper transparency in where the “standard” curves come from.)

      (3) Compromised or corrupt Certification Authorities will become a sufficiently visible problem that some combination of the various ideas milling about will get implemented.

      (4) Toolkits like NaCl (pronounced “salt”) will come to play a wider role. Application developers will need tools that are should make it hard for them to shoot themselves in the foot. (This is more of a hope than a prediction.)

      (5) The outcome of the new Crypto Wars remains uncertain. It will not play out like it did in the 90s, because the options are different.

      (6) We will get another Snowden-like leak of NSA activity and capabilities that gives us a better idea of their actual processing power at brute forcing passwords and keys. It will scare us.

      OK. That’s it for now. I will try to get at some of the other questions later.

    • toasted
      toasted says:

      JG, certainly an interesting and varied background. I bet that makes for a solid foundation for the future. Thanks for going to the trouble to write up such a detailed note. Have a good weekend.

  2. David Marsh
    David Marsh says:

    Hi Jeff, Didn’t want to clutter up the blog comments about the manual update issue, but thanks for your fantastic answer about verifying the download, gpg, and shasums. You should turn that into a knowledgebase article. I had a bit of a look around but couldn’t find one that answered my question so compressively.

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Thank you David! Part of what you saw was drawn from a draft of exactly such an article; and what I wrote in the comments will feed back into that draft.

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.