Author Archives: Etienne Ruedin2

CAcert’s infrastructure ready for the future

On saturday, 13th of July 2019, in a joint operation, CAcert Infrastructure Team and CAcert Critical Team updated the operation system of CAcert’s infrastructure in the Netherlands sucessfully. The system is now running on the Debian Buster OS release that has been released by the Debian project last weekend.

Timing

The teams started this morning at around 9:30 CEST and finished the upgrades at 16:30 CEST, some of our applications turned back to service afterwards. The system is running smoothly now.

What is new?

The new OS release provides some features that are important for our infrastructure and will allow better operation of our applications in the future:

  • LXC has been upgraded from the somewhat primitive 0.8.0 pre-release to LXC 3.0.3 that has a proper API, better security and which will help application administrators
  • Firewalling/forwarding/NAT should now be faster then the old iptables setup. We still use ferm as a wrapper but the CAcert Infrastructure Team is already considering switching to native nftables rules that will provide a similar but faster rule set.
  • Further details about this major update can be read on our mailing list.

CAcert Infrastructure Team Lead JanDD is happy that we could finish this big upgrade and that we could implement all these changes for you. In a statement made on the early saturday evening, he thanked again to Wytze from CAcert Critical Team for his great support during the day.

The volunteers from these two teams worked for seven and a half hours today, Saturday, to keep our systems up to date. Join us in thanking them and donate now at your own discretion. Your donation will only be used to pay for the infrastructure (hosting, electricity in the data center). «I say thank you to Jan and Wytze and their team with a donation!»

If you find any issues that might be caused by the upgrade feel free to file bugs on https://bugs.cacert.org/ (at project Infrastructure > Infrastructue hosts).

If you want to join one of our teams, please join the development mailing list or write to the secretary.

Service interruption for a major system upgrade for a brighter future of CAcert on Sat, 13-07-2019

The CAcert Infrastructure Team will perform a major system upgrade of our infrastructure host tomorrow, 13th of July 2019, starting at 8am UTC/10am CEST. Wytze van der Raay of the critical infrastructure team will assist via remote console if necessary.

We expect the upgrade to run for at least 4 hours and some services might need fixes that will require even longer.

Most services will be unavailable at least for parts of the upgrade session. We will try to keep the downtime of essential services (email, emailout, lists, blog, wiki) as short as possible. We hope to not cause to many inconvenience but we cannot wait longer to perform these long needed update. The Debian Buster stable release last week and the recently acquired knowledge on how to use the remote console system of infra02 inspired us to perform the upgrade now.

Jan Dittberner
CAcert Infrastructure Team Lead

Please support the hudge work of the volunteers of our Infrastrucutre Team, please donate to continue to run this service. Thank you.

Überholte Technologie ist keine Basis für Datensicherheit

Soll ein Land seine elektronische Identitätskarte (E-ID) selber editieren oder das Ganze an ein privates Konsortium auslagern? Darüber kann man in der Tat geteilter Meinung sein.

Hingegen darf es beim Datenschutz keine Abstriche geben. In der Schweiz wird darüber heftig diskutiert. Die Regierung ist offenbar der Meinung, eine bereits überholte Technologie genüge. CAcert unterstützt die Meinung der Experten, wie eine Zuschrift ihres Präsidenten in der angesehenen Neuen Zürcher Zeitung von 21. Juni 2019 eindeutig zeigt.

The Swiss government is obviously of the opinion that an outdated technology is sufficient for an E-ID. CAcert supports the opinion of the experts, as a letter from its president in the reputated newspaper Neue Zürcher Zeitung clearly shows.

Unterstützen Sie CAcert im täglichen Bemühen für mehr Sicherheit im Internet mit einem einmaligen oder einem regelmässigen Beitrag an die Betriebskosten. Bitte Spenden Sie jetzt, damit CAcert auch morgen und nächstes Jahr noch die Sicherheit im Internet erhöhen kann. Danke.

CAcert is supported by its community

The CAcert Free Certificate Authority is supported by its community. In the period of six weeks from the end of April to the beginning of June, 21 users from seven countries generously donated 725 $/€ to CAcert. This will cover the operating costs of the data center for almost three months.

We would like to thank all donators. If you want to support the work done by the volunteers of CAcert, please donate to continue to run this service. Thank you.

DEUTSCH
Die freie Certifikatsstelle CAcert wird durch ihre Gemeinschaft unterstützt. Im Zeitraum von sechs Wochen von Ende April bis Anfang Juni haben 21 Nutzer aus sieben Ländern CAcert sehr großzügig mit Spenden in der Höhe von 725 $/€ bedacht. Damit können die Betriebskosten des Rechenzentrums während knapp dreier Monate gedeckt werden. Hilf mit, die Kosten zu decken, spende jetzt!

NEDERLANDS
De CAcert Free Certificate Authority wordt ondersteund door haar gemeenschap. In de periode van zes weken van eind april tot begin juni hebben 21 gebruikers uit zeven landen 725 $/€ gedoneerd aan CAcert. Dit zal de exploitatiekosten van het datacenter voor bijna drie maanden dekken. Help de kosten dekken, doneer nu!

ITALIANO
La Autorità di Certificazione libera CAcert è supportata dalla sua comunità. Nel periodo di sei settimane tra la fine di aprile e l’inizio di giugno, 21 utenti di sette paesi hanno generosamente donato 725 $/€ a CAcert. Ciò coprirà i costi operativi del data center per quasi tre mesi. Aiuta a coprire i costi, donalo ora!

SVENSKA
CAcert-certifieringsorganet stöds av dess samhälle. Under sex veckorsperioden från slutet av april till början av juni donerade 21 användare från sju länder generöst $/€ 725 till CAcert. Därefter kan driftkostnaderna för datacentret täckas under nästan tre månader. Hjälp täcka kostnaderna, donera nu!

FRANÇAIS
CAcert, l’Autorité de Certification libre, reçoit le soutien marqué de la communauté de ses membres. Ces 6 dernières semaines, entre avril et juin, l’association a collecté ~725€, versés par 21 membres. À titre de comparaison, cette somme correspond au budget nécessaire pour maintenir pendant 3 mois l’exploitation de son infrastructure en hébergement sécurisé.

Nous aimerions ici remercier tous ces membres à jour de cotisation, et plus généralement tous nos donateurs. Si vous voulez continuer à utiliser les certificats de CAcert et soutenir le travail effectué par ses bénévoles, faites un don! Merci.

CAcert posiluje svou pusobnost ve strední Evrope

www.cacert.org
wiki.cacert.org/AssurerChallenge/CZ

CAcert renewed root certificates

CAcert has finally upgraded the Root and Class 3 certificates from the old MD5 encoding to the modern SHA-256. Your browsers will like us again! The new certificates were installed in “the usual places” on April 10th. You may go to our web site home page, https://www.cacert.org, and over on the right-hand side, three lines from the top, is “Root Certificates.” The short way to get there is https://www.cacert.org/index.php?id=3.

We would like to thank all software team members for the job they did. All teams consist of volunteers. If you want to support the work done by the Software Team, including the review, please donate to continue to run this service. Thank you.

CAcert erneuert Stammzertifikate

CAcert hat endlich die Stamm- und Class 3-Zertifikate von der alten MD5-Kodierung auf die moderne SHA-256 aktualisiert. Ihre Browser werden uns wieder mögen! Die neuen Zertifikate wurden am 10. April an “den üblichen Orten” installiert. Sie können auf unsere Homepage https://www.cacert.org gehen, und auf der rechten Seite, drei Zeilen von oben, finden Sie “Root Certificates”. Der kurze Weg dorthin ist https://www.cacert.org/index.php?id=3.v

Wir möchten uns bei allen Mitgliedern des Softwareteams für die geleistete Arbeit bedanken. Alle Teams bestehen aus Freiwilligen. Wenn Sie die Arbeit des Software-Teams, einschließlich der Überprüfung, unterstützen möchten, spenden Sie bitte, um diesen Service weiter zu betreiben. Danke.

CAcert a renouvelé ses certificats racine

CAcert a finalement mis à jour les certificats Root et Class 3 de l’ancien encodage MD5 vers le moderne SHA-256. Vos navigateurs nous apprécieront à nouveau ! Les nouveaux certificats ont été installés dans “les lieux habituels” le 10 avril. Vous pouvez vous rendre sur la page d’accueil de notre site Web, https://www.cacert.org, et sur le côté droit, à trois lignes du haut, se trouve “Root Certificates”. Le chemin le plus court pour s’y rendre est https://www.cacert.org/index.php?id=3.v

Nous aimerions remercier tous les membres de l’équipe du logiciel pour le travail qu’ils ont fait. Toutes les équipes sont composées de bénévoles. Si vous souhaitez soutenir le travail effectué par l’équipe du logiciel, y compris la révision, veuillez faire un don pour continuer à faire fonctionner ce service. Merci.

Stability of e-mail verification strongly improved

The e-mail verification on the CAcert web server has recently led to repeated support requests. An analysis of the log files in our data center showed that the corresponding error occurred more frequently. So we have to conclude that many CAcert users have been negatively affected. In order to avoid further negative effects, an emergency
patch was deemed necessary by the Critical System Administrator Team.

The standardised review and testing of the emergency patch implemented yesterday is carried out by the regular teams in the aftermath, which can result in a formal blessing for this patch or a request for additional code or configuration changes. We would like to thank the Critical System Administrator Team for their quick and decisive action. All teams consist of volunteers. If you want to support the work done by the Critical System Administration Team and the review by the Software Team, please donate, to continue to run this service. Thank you.

Software update for secure mail servers

When you add an new email address to your profile, the verification works now also on secure mail server handling TLS1.1 or TLS 1.2. CAcert’s software team has updated our software to get more possibilities to our community members.