Here comes the next batch of our 72 #CAcert mini tasks. Choose your favourite. Can you manage to solve one by summer?
https://bugs.cacert.org/view.php?id=1544
https://bugs.cacert.org/view.php?id=1473
https://bugs.cacert.org/view.php?id=1440
https://bugs.cacert.org/view.php?id=1343
In the #CAcert #Spring #Offensive we have three small tasks to test whether a problem has really been solved. Look here: Which of the three tests are you doing?
https://bugs.cacert.org/view.php?id=1539
https://bugs.cacert.org/view.php?id=932
https://bugs.cacert.org/view.php?id=1396
You are a hero, you want to support your #CAcert #community during the #Spring #Offensive. You are willing to care at one of 72 small tasks that have been waiting to be completed for months. That is how to deal with the bug tracker: It is described in simple words at https://wiki.cacert.org/Mantis-Crash-Course
A Swiss security engineer develops high-security systems for free after work. A handful of people run a free certificate authority. How can that be?
For the fact that Gary Gregory has had to work through the past few days, even though he is actually on holiday, he is in a surprisingly good mood. The developer is one of the main people responsible for Log4j, the software component in which a serious security vulnerability was recently found. When the warning message reached him, it was immediately clear to him that he and his handful of colleagues were in for some sleepless nights.
Meanwhile, an older vignette has been revived on the internet: it shows an adventurous construction of blocks resting at the base on a fragile pillar. The construction represents “the whole modern digital infrastructure”, the narrow column “a project that someone in Nebraska has been maintaining since 2003 without thanks”.
(source: XKCD Comic / CC 2.5)
True, Gary Gregory lives in Florida and has maintained the Log4j component for “only” nine years. Apart from these details, the picture fits the current situation perfectly. Because the free piece of software, developed and maintained by volunteers, is in applications from the iCloud to the Tesla.
In a survey conducted by the CH-Open association among companies and public authorities with at least one IT manager in Switzerland, 97 per cent said they use open source software (OSS); about half even in more than 15 application areas. The picture shows how this number growed between 2015 and 2021.
Open Source is used in all kinds of areas: Programming languages such as Java and Python, web server and database programmes, desktop applications such as Firefox and Libre Office are just a few examples. So, such software is in computer systems at all levels.
Open source is software whose source code is publicly accessible. With a licence, the authors grant users the right to use the software and the source code for any purpose; they may also distribute it or adapt it for their own use. Because the entire code is transparent, users can find and solve problems themselves. Ideally, there is an exchange that makes the software as a whole better and better, similar to how it works with the online encyclopaedia Wikipedia.
Often, the code is not simply published on random websites, but under the umbrella of foundations that have rules and processes that are supposed to guarantee the quality of the software. Enough money to pay for all the volunteer work the foundations don’t have – as CAcert.
Gary Gregory works an average of about ten hours a week on open source projects. He says, “With a full-time job and three kids, it’s not easy.” He is passionate about it and enjoys it. Compared to his job, he can be more creative. Instead of the ideas of business clients, his own ideas take centre stage, which he likes.
Gregory is lucky. Because his employer supports his commitment and allows him to occasionally work on his open source project during working hours. “My company realises that it benefits from open source and it’s only fair to give something back once in a while.”
This is rather the exception. In the survey of Swiss users cited earlier, less than a quarter of organisations say that employees are allowed to contribute to open source developments during working hours. Donations to volunteers or to organisations behind the code are also quite rare.
Some user companies contribute to open source software (OSS), the picture above shows the different modes of support.
Security engineer Christian Folini knows the situation first-hand. He is one of two leaders of the “Modsecurity Core Rule Set” of the open source foundation Owasp, which specialises in security. The “Modsecurity Core Rule Set” is a set of hard-to-read rules designed to detect and defend against malicious attacks. Such a rule set is part of the infrastructure of security-sensitive applications, such as online banking or the cloud.
Microsoft, Google, AWS, Yahoo, Cloudfare: all integrate and distribute Folini’s rule set. Of those mentioned, only Google supports the project with donations. Folini has been able to recruit smaller companies as sponsors. With the money, the group finances, for example, that a person is available around the clock to answer questions. If there were more money, the quality of the software, i.e. the safety of the users, could be further increased. But this awareness is usually lacking.
If you can help with CAcert as a volunteer or supporter, please contact the secretary at secretary (at no spam) cacert (dot) org
And #Assurer came from the #east and brought #gifts to the #child: a #Fingerprint, a #free #Certificate and a #digital #identity card. Be a #King and spread #CAcert all over the #world! http://f.eg. on a #holiday or a #business #trip https://wiki.cacert.org/AssuranceHandbook2#Make_yourself_known_as_a_CAcert_assurer
Roberto Cirillo has been CEO of Swiss Post for just under two years. Before that, he was a McKinsey consultant, CEO of the British hospital group Optegra and head of the activities of the service company Sodexo in France. Cirillo took up his post with the aim of stopping the downward trend. In the past five years, the Post’s turnover has fallen by around CHF 1 milliard. The volume of letters is decreasing rapidly, the post offices are less and less frequented.
In an interview with the NZZ, he said: “Today, we make more than 90% of our turnover in the logistics sector with business customers. Especially in e-commerce and goods logistics. Of the CHF 3 milliard we plan to invest in the next four years, the majority will go into logistics and communication services. The reason why the Post was created over 170 years ago was not to transport letters. It was the secrecy of letters. It was about transmitting information securely, reliably and trustworthily. That’s what we want to do more of in the digital world as well.” (22.02.2021)
Dear friends and members of the CAcert community. Are you curious and want to know what is wrapped in the package under the tree? This year, Father Christmas has packed something really nice.
As always with CAcert, you can unwrap it faster and enjoy it more quickly if you help out a little. Translate a little. Or do a little programming. Or test a few new functions. Or like this. To do so, you find further information on the web or write to our secretary.
The General Assembly of 2021 will go down as the shortest meeting in the history of CAcert. After only one and a half hours, President Brian McCullough was able to close the last agenda item. Kim N from Sweden is a new member of the committee.
Furthermore, the integration of CAcert in OpenIDConnect could be announced, thanks to a cooperation with RIPE NCC for this project.
Le serveur responsable de signer à la demande les certificats émis par CAcert dispose de deux disques durs, en redondance l’un de l’autre. Lorsqu’un dysfonctionnement se produit, aucune maintenance à distance n’est possible, car la machine n’est intentionnellement pas branchée au réseau. Seul un câble série permet d’échanger requêtes et réponses avec le reste de notre infrastructure. Aucune connexion n’est possible par ce moyen.
Or, depuis le 2 Août, nous observions la mise en attente de toutes les demandes de signature de certificats. L’équipe des infrastructures critiques est donc intervenue sur site ce 21 Août. Un problème dans le traitement d’un des certificats était la cause du blocage. Ce problème est résolu, mais reste à diagnostiquer avec précision. Il s’agit d’une série d’incidents que nous n’avions jamais vus auparavant.
Compte tenu des deux autres incidents intervenus plus tôt cette année, liés au système de fichiers de notre serveur de signature, nous devions accroitre sa résilience. Aussi, ce 21 août, l’équipe des infrastructures critiques a installé dans le rack un second serveur de signature, comme secours passif du premier. La présence de liens série dédiés vers chaque machine permettra à l’avenir de basculer très rapidement sur le second serveur de signature, en cas de nouveau problème. Dans tous les cas, les deux serveurs restent comme auparavant isolés du réseau.
Nous prions nos membres de nous excuser pour ces dysfonctionnements, et encourageons ceux résidant en Hollande où dans sa proche périphérie, à envisager de s’associer au travail de notre équipe des infrastructures critiques, ce qui augmenterait notre capacité d’intervention rapide.
Simultanément, nous espérons que l’intervention d’hier marque la fin de cette longue et exceptionnelle série.
The server responsible for signing certificates issued by CAcert on demand has two hard disks, redundant to each other. When a malfunction occurs, no remote maintenance is possible, as the machine is intentionally not connected to the network. Only a serial cable is used to exchange requests and responses with the rest of our infrastructure. No connection is possible by this means.
However, since the 2nd of August, we have been seeing all certificate signing requests being put on hold. The Critical Infrastructure team therefore intervened on site on the 21st of August. A problem in the processing of one of the certificates was the cause of the blockage. This problem has been solved, but remains to be precisely diagnosed. This is a series of failures that we have never seen before.
In light of the two other incidents earlier this year related to the file system of our signature server, we needed to increase its resilience. So on 21 August, the Critical Infrastructure team installed a second signature server in the rack as a passive backup to the first. The presence of dedicated serial links to each machine will make it possible in future to switch very quickly to the second signature server in the event of a new problem. In any case, the two servers remain isolated from the network as before.
We apologise to our members for the inconvenience, and encourage those living in or near the Netherlands to consider working with our Critical Infrastructure team, which would increase our ability to respond quickly.
At the same time, we hope that yesterday’s intervention marks the end of this long and exceptional series.
Unfortunately, there has been a backlog in the delivery of renewed and new certificates in Signer. The Critical Team cannot solve this remotely. A visit to the data centre is planned for next Monday. The stuck certificates should then be delivered. We are sorry that there has been a disruption again.
Im Signer ist es leider zu einem Stau der Auslieferung erneuerter und neuer Zertifikate gekommen. Das Critical Team kann dies nicht per Fernwartung lösen. Ein Besuch des Rechenzentrums ist am kommenden Montag geplant. Die feststeckenden Zertifikate sollten anschliessend ausgeliefert werden. Es tut uns Leid, dass es erneut zu einer Störung gekommen ist.