Tags: security

Filing to become a licensed CA

Originally published at The Pædantic Programmer. Please leave any comments there.

Hey there gentle readers,

I am completing paperwork on behalf of Collier Technologies LLC which is required (as described in chapter 19.34 RCW [pdf]) to file with the state of Washington to become a licensed Certification Authority.

CPS (signed)

Look! I’m also running a(n unrecognized) repository!

Neat, huh?


Looking to get Iron* and the DLR into RedHat

Originally published at The Pædantic Programmer. Please leave any comments there.

I sent an email to the Fedora Legal list asking whether they will accept software released under the MS-PL license. My friend and former colleague, Brett Lentz mentioned that he was concerned that the Fedora folks might not accept software released under the MS-PL. So I asked. I also bcc’d a certain troll on said mail so as to get lots of flame mail. I’m practicing to become a master twitterbaiter.

14:43 < cj> wakko666: so… we are building ironruby/ironpython debian packages over on OFTC/#debian-cli
14:43 < wakko666> k
14:43 < cj> meebey just packaged up mono in .deb
14:44 < cj> with some backported patches required to get the DLR language engines running correctly
14:44 < wakko666> k
14:44 < cj> we’re using xbuild to perform the build, thanks to ankit’s recent patches.
14:44 < cj> alarm went off. need to address food.
14:44 < wakko666> i know that mono is already in Fedora.
14:45 < cj> great. any idea what version?
14:45 < wakko666> http://koji.fedoraproject.org/koji/packageinfo?packageID=30
14:45 < cj> we’ll need + some patches. This is pretty bleeding edge, but I expect the fedora packagers are as ‘on it’ as the debian folks
14:46 < wakko666> fedora tends to be a bit further ahead of the curve than the debian folks
14:46 < cj> we can supply them the patches required. they are also being merged into the 2.4 branch, so should be in the next official release
14:46 < wakko666> k.. shouldn’t be a problem.
14:47 < cj> here is the tarball we’re using to build the .deb
14:47 < cj> http://github.com/mletterle/ironruby/tarball/20090805+git.e6b28d27
14:49 < cj> most of the stuff you’ll need as far as build commands go are in debian/rules:
14:49 < cj> I’ve got to finish making lunch for kids ;)
14:49 < cj> back shortly.
14:55 < wakko666> cj: my main concern about packaging ironruby is licensing. Fedora will accept packages under the MS-Shared-Source license [ed: this is not at all true.], but the MS-PL isn’t on their list of acceptable license. [ed: it is now.]
14:58 < cj> wakko666: alrighty. jschementi is the guy to talk with about licensing issues. He’ll be back some time soon, I’m sure
14:58 < wakko666> of course, i can always write the spec file and you guys can host your own rpms, but it would be nice to actually get it into Fedora proper.
14:59 < cj> also, MS-PL is dfsg compliant and OSL-approved. Is it a decision to deny MS-PL or that it just hasn’t been reviewed yet?
14:59 < wakko666> not sure. we’d need to ask on the fedora-legal-list mailing list
14:59 < wakko666> http://fedoraproject.org/wiki/Licensing#SoftwareLicenses
15:00 < cj> alright. at another time. it’s nap time for scarlet and zelda. ;)
15:01 < wakko666> sure thing. if you ping the fedora-legal list, let me know what they have to say.
19:49 < cj> wakko666: firestorm initiated.

[edited] Does MS Windows store the password typed when password is incorrectly entered?

The subject says it all. I do not know, and as yet, I have not been informed either way by anybody I trust at MS as to whether incorrectly entered passwords are logged.

I can confirm that the default configuration of Debian does not log incorrectly entered passwords. You can, however, make your system log these if you really want to.

[edited 10/06/2006]
Thanks, Eric. I trust that Microsoft does not store in any way passwords incorrectly entered into the login prompt.

Generate a GnuPG key

Nota Bene
The key indicated below has been compromised since around 03/2007. I'll generate a new one and upload it to the MIT key server when my domain is securely back in place.

to generate a gpg key, run the following:

gpg --gen-key

when that completes, run

gpg --list-keys <email you used>

for instance, to get the key information from my pub key, I run:

$ gpg --list-keys cjcollier@mysql.com
pub 1024D/6CC27EA8 2001-04-27
uid C.J. Collier <cjcollier@colliertech.org>
uid C.J. Collier <cjcollier@sinclair.net>
uid C.J. Collier <cjcollier@mysql.com>
uid [jpeg image of size 9187]

After you generate it, you should publish your public key:

gpg --keyserver pgp.mit.edu --send-keys <your id>

mine looks like this:

$ gpg --keyserver pgp.mit.edu --send-keys 6CC27EA8
gpg: sending key 6CC27EA8 to hkp server pgp.mit.edu

You can get my GnuPG key with the following command:

$ gpg --keyserver pgp.mit.edu --recv-keys 6CC27EA8

Let me know what your ID is when you complete this. When I see you
next, I'll sign your key. Provided you remind me :)

Are you familiar with this?

Hash: SHA1

If you are not familiar with this act and you live in the state of
Washington in the US, you should become familiar with it.


I intend to create a Certificate Authority and will sign keys,
assuming I can prove your identity. Signatures may be revoked if, for
instance, your key is lost or stolen.

- --
+1 206 226 5809
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


From MoveOn

The White House is pressuring Congress to reauthorize a new version of the Patriot Act that is worse than the original law and doesn't include needed reforms. This could come before the Senate as soon as Thursday.

A bipartisan group of senators have agreed to fight the Patriot Act –by filibuster if necessary.

This is a huge moment. Senators from both parties are standing together to protect freedom and liberty --and they’re ready to fight. Can you sign this petition to show them and the rest of the Senate that you support filibustering this bad bill? The Patriot Act has to be stopped until it includes reforms.