Tag Archives: english

Last chance, hurry up, catch your review!

Dear friend of #CAcert, here comes the last #bugs that needs a #review. We are so glad, that you are willing to #help you #community and review only one of them during the #spring #offensive.

https://bugs.cacert.org/view.php?id=1310
https://bugs.cacert.org/view.php?id=1129
https://bugs.cacert.org/view.php?id=1302
https://bugs.cacert.org/view.php?id=875
https://bugs.cacert.org/view.php?id=1304

We published all ready 12 bugs for review earlyer today in this channel. Maybe, you find a more conviniant one there?

Join the CAcert Spring Offensive

What’s a #review compared to solving a problem? Flutter like a butterfly on one of our bug flowers and check out the code. Here are the second four, if you don’t find anything suitable for you to join the #CAcert spring offensive, we’ll give you four more in a few hours.

https://bugs.cacert.org/view.php?id=1354
https://bugs.cacert.org/view.php?id=1423
https://bugs.cacert.org/view.php?id=775
https://bugs.cacert.org/view.php?id=1253
Nothing that fits you? Have a look to the first four links we published two hours ago in the german post.

What will the Post look like in ten years?

Roberto Cirillo has been CEO of Swiss Post for just under two years. Before that, he was a McKinsey consultant, CEO of the British hospital group Optegra and head of the activities of the service company Sodexo in France. Cirillo took up his post with the aim of stopping the downward trend. In the past five years, the Post’s turnover has fallen by around CHF 1 milliard. The volume of letters is decreasing rapidly, the post offices are less and less frequented.

In an interview with the NZZ, he said: “Today, we make more than 90% of our turnover in the logistics sector with business customers. Especially in e-commerce and goods logistics. Of the CHF 3 milliard we plan to invest in the next four years, the majority will go into logistics and communication services. The reason why the Post was created over 170 years ago was not to transport letters. It was the secrecy of letters. It was about transmitting information securely, reliably and trustworthily. That’s what we want to do more of in the digital world as well.” (22.02.2021)

Merry CAcertmas!

Dear friends and members of the CAcert community. Are you curious and want to know what is wrapped in the package under the tree? This year, Father Christmas has packed something really nice.

As always with CAcert, you can unwrap it faster and enjoy it more quickly if you help out a little. Translate a little. Or do a little programming. Or test a few new functions. Or like this. To do so, you find further information on the web or write to our secretary.

Unspectacular General Assembly 2021

The General Assembly of 2021 will go down as the shortest meeting in the history of CAcert. After only one and a half hours, President Brian McCullough was able to close the last agenda item. Kim N from Sweden is a new member of the committee.

Furthermore, the integration of CAcert in OpenIDConnect could be announced, thanks to a cooperation with RIPE NCC for this project.

Signature server back in operation

Retour en fonctionnement du serveur de signature

Le serveur responsable de signer à la demande les certificats émis par CAcert dispose de deux disques durs, en redondance l’un de l’autre. Lorsqu’un dysfonctionnement se produit, aucune maintenance à distance n’est possible, car la machine n’est intentionnellement pas branchée au réseau. Seul un câble série permet d’échanger requêtes et réponses avec le reste de notre infrastructure. Aucune connexion n’est possible par ce moyen.

Or, depuis le 2 Août, nous observions la mise en attente de toutes les demandes de signature de certificats. L’équipe des infrastructures critiques est donc intervenue sur site ce 21 Août. Un problème dans le traitement d’un des certificats était la cause du blocage. Ce problème est résolu, mais reste à diagnostiquer avec précision. Il s’agit d’une série d’incidents que nous n’avions jamais vus auparavant.

Compte tenu des deux autres incidents intervenus plus tôt cette année, liés au système de fichiers de notre serveur de signature, nous devions accroitre sa résilience. Aussi, ce 21 août, l’équipe des infrastructures critiques a installé dans le rack un second serveur de signature, comme secours passif du premier. La présence de liens série dédiés vers chaque machine permettra à l’avenir de basculer très rapidement sur le second serveur de signature, en cas de nouveau problème. Dans tous les cas, les deux serveurs restent comme auparavant isolés du réseau.

Nous prions nos membres de nous excuser pour ces dysfonctionnements, et encourageons ceux résidant en Hollande où dans sa proche périphérie, à envisager de s’associer au travail de notre équipe des infrastructures critiques, ce qui augmenterait notre capacité d’intervention rapide.

Simultanément, nous espérons que l’intervention d’hier marque la fin de cette longue et exceptionnelle série.

English version

The server responsible for signing certificates issued by CAcert on demand has two hard disks, redundant to each other. When a malfunction occurs, no remote maintenance is possible, as the machine is intentionally not connected to the network. Only a serial cable is used to exchange requests and responses with the rest of our infrastructure. No connection is possible by this means.

However, since the 2nd of August, we have been seeing all certificate signing requests being put on hold. The Critical Infrastructure team therefore intervened on site on the 21st of August. A problem in the processing of one of the certificates was the cause of the blockage. This problem has been solved, but remains to be precisely diagnosed. This is a series of failures that we have never seen before.

In light of the two other incidents earlier this year related to the file system of our signature server, we needed to increase its resilience. So on 21 August, the Critical Infrastructure team installed a second signature server in the rack as a passive backup to the first. The presence of dedicated serial links to each machine will make it possible in future to switch very quickly to the second signature server in the event of a new problem. In any case, the two servers remain isolated from the network as before.

We apologise to our members for the inconvenience, and encourage those living in or near the Netherlands to consider working with our Critical Infrastructure team, which would increase our ability to respond quickly.

At the same time, we hope that yesterday’s intervention marks the end of this long and exceptional series.