Author Archives: Duane

Desperately seeking people willing and able to help with translations

We are desperately seeking multilingual people for a number of reasons, firstly the site is mostly complete in 5 languages other then english and we’d really like to see the website completed in more languages since language is a real barrier for many parts of the world and breaking down this barrier is one of our key goals.

The other reason we are after people is to verify translations, some spelling mistakes and mistranslations on legal documents could be a very big problem in future so it’s important we have as many capable eyes verifying as much documentation as possible. With the verification step we possibly only need people giving feed back in their own language to those helping to translate the website/documents.

One of the big changes of late is being able to produce the CAP and TTP PDFs on the fly via php code, this means our existing translation infrastructure can be used to also translate and keep these documents all in sync, rather then requiring translators to produce and handle PDF files if any changes are made.

The translations of the TTP PDF is especially important to get right since it will be dealing with people most likely unfamiliar with CAcert and our practises and in the past people have been rejected because the documents weren’t translated into their countries official language or because the wording made some people uneasy about signing them.

For more information or if you can help out with any of these things PLEASE by all means don’t be shy and join the translation mailing list and let everyone know what you’re willing and able to help out with.

Dynamic PDF Forms

Some time ago people work trying to work out how to generate dynamic PDFs on the spot to make assurances go a little smoother since a number of the fields could automatically be filled in, and you just setup at a conference or an assurance meeting and print out forms as needed which is a good idea. However at the time the only PDFlib usable in PHP needed a commercial license and CAcert lacked the funding at the time to pursue it further.

Of late I found myself needing to generate dynamic forms for a customer’s billing solution, I ended up using FPDF which is free for both commerical and non-commercial purposes. This then lead me to recall about people making requests for this feature with CAcert and I’ve spent a bit of time today making it a reality as this will be beneficial for a number of reasons.

This now lends itself to be translated in the same manner as the website, so the procedures to track and update phrases in other languages can now be applied to both the CAP and TTP forms. Already a number of people have translated these PDFs into other languages, and further progress is being made as I type this.

So this means that we don’t need to keep a bunch of PDF forms on hand in numerous languages, and updating forms in future is now a very easy task, as changing the layout or information on one form effectively changes them all so reduces work loads all round.

You can view the new forms by going here and here.

Why PKI is a better option then biometrics or RFID tags

I’ve touched on this before, but I recently stumbled upon a link again to an early example in the real world which makes the point very obvious.

The biggest benefit about biometrics and RFID tags is also the biggest problem. Biometrics and RFID are designed to not change, and make use of things such as your finger print, and in the case of RFID tags a fixed hexadecimal number. While you can never “loose” your fingerprint like you can your password, people can’t easily duplicate your fingerprints on the spot either so they start taking body parts instead.

Of course RFID tags only become a similar problem when it’s actually embedded under your skin, but already a lot of people are doing this, or contemplating doing it for more “convenience”, and while they think they only have limited range they haven’t played with highly directional antenna, people thought blue tooth problems weren’t an issue because you had to be within 10m of the person you’re targeting, that is of course until someone started playing with high gain antennas and manged to get between 100 to 1000m range to a normal mobile phone.

The US and other governments around the world are currently pushing for contact-less RFIDs in passports, as a security measure, but time and time again these “feel good” security measures don’t do much for security and simply give the community at large a warm fuzzy feeling about how their governments are protecting them with better security measures at border crossings. Quite frankly if current estimates of 10 million illegal immigrants in the US is correct what’s to stop the big bad enemy (I refuse to say the “T” word because it’s really a pot calling the kettle black) from sneaking in the same way, oh sorry forgot that they were actually buddies with guys in power and were let in the front door!

Also this little sound bite from the CAcert Support mailing list today:

Here in Nebraska we implemented a 3D bar coding system on the drivers license, and all sorts of new security features on our licenses in 2003, making them extremely hard to duplicate. Within months the machines used to manufacture them was stolen, enabling the thieves to make perfect forgeries.

At the end of the day all these new security measures do is make it easier for governments to track and control their citizens, the bad guys will still do bad things!

More Photos

Continuing on with photos of PKI kit, I was sent this photo by Ralf of his Aladdin e-Token, apparently it can be submerged and survive 5m of water and 95 deg C temperatures.

Aladdin e-token

So tell me again why we’re such a threat if we’re included!

Recently yet another debacle has unfolded with Citigroup sending out letters to customers and former customers informing them that their data was lost in transit, all up an estimated 3.9 million records. This is about the 4th such incident in as many weeks to come to light, and the worst to date.

Surely the US banking industry should be loosing money over this as karmic retribution for such poor standards in handling private and confidential information, yet this just doesn’t seem to be the case.

So why are we being punished (by not being included) because we might cause harm, when these banks are doing everything they can to look like a fly by night operation?

CNN has the full story.

Gemplus Kit

I had a few more PKI cards turn up today, so far no luck with those either, even though they have been pre-loaded with a GemSAFE image. I plan to contact the local distribtor in the morning to see if we can nut something out. I did take a stanley knife to the GemSAFE card I have to fit it in the GemPC Key reader, and it works quite nicely.

Below are some photos I took earlier on tonight.
Continue reading

Group Meeting – Assurance Party for Hawaii

McKinley Community School for Adults
634 Pensacola Street, Room 208
Honolulu, HI 96814
on June 4 @ 10am.

The contact at the Linux Group is: Michael Bishop

2005 Annual General Meeting

This is the official 30 days notice for the next AGM.

The next AGM will be held on the 3rd of July 2005 at 1PM GMT, it will be held via IRC again this year.

Conversions for local time:

11pm Sydney
9pm Perth
2pm London
9am New York
6am San Francisco

As of the other day invoices for membership payments were sent out to all current members, everyone wishing to vote and/or be nominated for a board position must be a financial member at the time of the AGM and we must receive payment on or before the 1st of July (local time) so that we can have time to prepare for the AGM.

So far the agenda only consists of a few items.

1) Financial Summary
2) Any pending membership forms to be voted on
3) Call for nominations of board positions and votes if needed

Please contact me ASAP if there should be any alterations to the agenda ASAP.

Industrial Espionage using Trojan horses

Interesting run down on the trojan horse doing the rounds in Israel and how the whole kit and caboodle was brought down by simply targeting the wrong person, and then that person finding their information leaked on the internet.

Read on for more details

Solving the certificate distribution problem

For a long time now I’ve realised one of the biggest problems with PKI, especially in organisations, is distribution and management of the keys/certificates. So now that I actually have some hardware to play with it’s enabled me to start working on some solutions to this problem.

My first solution to this problem was also my first attempt at coding a PHP-GTK application as well, one of the benefits of PHP-GTK is it’s ability to be run across many platforms similar to java and .net, the down side was a major lack of decent examples and documentation. I came across numerous applications in the “Hello World”, and some very very advanced applications such as the novap2p app, but there was very little in the way of what I was attempting, so hopefully it will serve as a good demo for others as well as a useful tool for people with hardware crypto devices. The other down side is poor GUI design tools, I ended up using glade, but it is by far the worst GUI design tool I’ve ever used, although I don’t know that the full blame lies with glade, but it could have been made so much better, all the elements are there just some of the defaults are brain dead.

In any case, and a number of other non-php/gtk related issue later, I’ve posted the app online as well as some screen shots to the wiki, it’s a very basic app to make things easier in getting certificates signed and onto PKI cards, but it does work pretty well even if I do say so myself.