Team Reports
DRAFT
do not make changes
accepted by board:
Team Leaders were encouraged to present a report for their team. 16th January. Closed.
- Cats are by Gerhard von Reith, provided to CAcert via Ulrich.
Critical System Administrator team report July 2008 - June 2009
In May 2008 a final plan for migrating CAcert's critical services (web/db, signer) from Vienna (Austria) to Ede (Netherlands) was drawn up. Wytze van der Raay offered to give a helping hand for the transition period in July/August. Lack of documentation and handover prevented a rebuild of the services from scratch on the available equipment in Ede, so the intended data migration did not take place. Instead, a complete copy of the Vienna server disks was made end of September 2008 by Philipp Guehring, and transported by car to Ede. At the start of October 2008, Mendel Mobach and Wytze van der Raay brought up the services in Ede with the help of Philipp, and took responsibility for managing the critical services.
Ian Grigg and Teus Hagen initiated work on establishing a security policy and security manual to govern the service, and this work was augmented by contributions from Mendel and Wytze. Thus the critical server administrator team got kicked into existence. The two main objectives of the team are:
keep the service running and keep it secure.
In January 2009, Stefan Kooman was recruited as the third team member, but untested background check procedures delayed his actual coming on board until May 2009. A fourth person was interviewed in May 2009 to become member of the team as well, but he had to decline due to work commitments. The work on Security Policy and Security Manual, and two visits by (then auditor) Ian Grigg in March and May 2009 led to the creation of a number of technical documents describing various procedures for critical systems management. Formal logging (to a public mailing list) of all configuration and security management activities was also initiated in this period. From this logging the visits to the hosting facility between Oct 2008 and June 2009 can be learned:
- [01.10.2008]: install server disks from Vienna, start services from Ede
- [02.10.2008]: recover broken signer disk
- [03.10.2008]: start system backup
- [14.10.2008]: remove backup disks
- [28.11.2008]: replace broken disk, install new root keys
- [29.11.2008]: remove backup disks
- [28.03.2009]: repair sun4, signing server maintenance, cable labeling etc.
- [05.05.2009]: auditor visit, signing server maintenance
- [13.06.2009]: signing server maintenance, cabling update
- [27.06.2009]: signing server reboot
Plans for the coming year include:
- move services to better hardware (already done for signer)
- upgrade system software to more current levels
- expand critical servers with crl, ocsp, dns
- improve and document installation procedures to support test systems
- move infrastructure services out of Ede for cleaner auditing of critical services
- expand the sysadmin team
Wytze van der Raay, 20091229
Education Team
Besides doing a bit of support for the Assurer Training Events (ATEs) in spring/summer the main job of the Education team in 2009 was CATS ("CAcert Training System") maintenance. A few numbers:
|
2009 |
2008 |
Number of tests made |
6088 |
4721 |
Number of passed tests |
2519 (41%) |
2072 (44%) |
Number of different "users" (Certificate IDs) |
2800 |
2032 |
Number of tests made in english |
2779 (46%) |
2992 (64%) |
Number of tests made in german |
3289 (54%) |
1711 (36%) |
Assurers with passed test according to CAcert statistics page |
3175 |
1375 |
Assurer Candidates (100 points but no test) |
9900 |
10100 |
Number of PDF "Certificates of Achievement" requested |
371 |
387 |
Number of printed "Certificates of Achievement" requested |
53 |
60 |
Distribution of countries of printed certificates: DE: 32, NL: 6, US: 2, IT: 2, CH: 2, PL: 1, IL: 1, CZ: 1, AU: 1, AT: 1
CATS is running quite smoothly, there are a few bugs open in mantis, but none of them is considered severe.
On the downside, work on anything other than maintenance has almost stalled. I wanted to transfer the current set of questions from the development system to the production system but could not find a quiet hour for some time. Translation of the questions to dutch language has stalled, though most work has already been done. No other translations have been started.
Some improvements on CATS would be nice but currently noone is working on them:
- Creating of a new test for Org Assurers
- Elimination of the session timeout. A stupid thing from the beginning, but noone found the time to fix it.
- Improved support for translations. Currently the translations are handled completely manually. This still works with 3 languages, but once some more are started something has to be done.
- Some additional languages for Questions/Answers as well as for the userinterface. French and spanish would surely be nice...
- Lots of more questions
Other things outside of CATS where work is lurking:
Complete review of https://wiki.cacert.org/AssuranceHandbook2
https://svn.cacert.org/CAcert/Education/Assurer%20Education.odp and its english counterpart are outdated and should be reviewed
Review and extension of the ATE materials in https://svn.cacert.org/CAcert/Education/Material/
- Doing more support for ATEs. IMHO ATEs should be a job for Education team, but currently I'm quite happy that Events (Uli) is handling those..
Ted
Events Team
I took over this job from Mario around CeBIT time this year (March 2009) by losing the game "Volunteers forward."
OK, since than, I have been helping event organizers to organise their events and coordinate requests for events. I have tried to address the responsibility of managing event reports by first introduced the signaling at the PastEvents wiki page (that has now also been adopted by the ArbitrationCases overview). It helps to get an overview of the current and actual state of the event reports. The response to requests for event reports is very, very slow ... recurring reminders do not solve this problem ...
I have managed 37 events up to now, some did not happen, most events with success. The question we've heard each time is:
When will be the root certs in the browsers?
After becoming aware that we still needs helping hands everywhere within CAcert, I introduced a Recruitment Campaign at ATEs, as initiated by Daniel. A plan for expanding CAcert through Europe this year has not had as much results as expected. An attempt at expansion to Belgium did not happen (ATE Lummen is still on the Queue). Andreas Buerki is working on expansion to France, but this still needs time because of cultural differences. I have initiated some expansion to the North and the East with the CBLOS Flensburg event, close to the border to Denmark. Still needs more activities with Assurers from northern Germany. Probably one hop to Kopenhagen, then Malmoe (Sweden) is possible, but it needs some time. Contacts were made after Linuxtag Berlin. Expansion to Eastern Europe are still on the wish list but had no results yet.
In the meanwhile we are trying to develop event procedures we can use in CAcert deserts to create a nucleus of new CAcert groups that can grow, now that the TTP program and the Super Assurer program have been frozen. These initiatives are time-consuming as they mean doing individual educational presentations (relating to the co-Audited assurances). Probably a reduced ATE presentations program will be helpful, first used at mrmcd beginning Sept. But individual, one-on-one educations are also needed despite the ATE presentations, involving lots of Assurance in Practice material.
Support for non-European events is quite a problem. I can send information to requestors for Events, but if they are unable to handle events by themselves, nothing happens. Sending out lots of information does not help, we get no responses, no results.
Assurer Training Events (ATE) Team
In relation to CAcert's audit, Ted (Education Officer) and myself created the concept of Assurer Training Events (ATE's). This became the solution for un-blocking the Audit-over-Assurance Audit issue. The concept of co-auditing by Senior-Assurers helps CAcert move forward in the audit process.
The collection of results of the co-audited assurances reports exhibits the same problem as the events reports. Slow, very, very slow. Currently, I collect these reports to get them compiled for the co-Audit-report (i) and the project of 'experience points increase' for ATE attendees (ii). Once finished, I send these co-Audit reports to the Assurance Officer Sebastian, and the 'Experience Points' list to the Education Officer Ted. The response after each of the ATEs is generally: "Helpful, Great, Continue."
Many arbitrations are initiated after the ATEs surrounding the issue of Names, so the arbitration work-load has peaked. We have included the Recruitment campaign into the ATE concept, because we met active Assurers at these events, and saw positive results. We have now got some new helping hands in Arbitration, Sysadmins, Developers.
regards, uli
20090908
Arbitration Team Report 2009
- the work begans at Munich Minitop
- "we need more arbitrators"
- the recruitment
- the first new arbitrators nominated in August 2009
- the start of the backlog (it relates to the ATE's start)
- the relation to support
- statistics
Munich Minitop 2009-05-17
Arbitrators. We need more. Ted is busy. Sebastian has asked someone but not yet, person busy. Should an Arbitrator be a Senior Assurer? Probably. Arbitration is good, it is working, but it is too slow. Need faster tools for simple actions.
Arbitration needs better support, need more support engineers, if you want better support, Arbitration should expedite the support engineer background checks
Arbitrated Background Checks where started but never finished until Guillaume's resignation.
Recruitment
At the ATEs the Events- and ATE team meets active assurers, did interviews with many of them. The result was a list of arbitrators that were nominated in August 2009 by the board
Backlog in Arbitration
Starting the ATEs had the intention to train the assurers and help them by their daily work. One of the results was, that now, with better educated assurers many of "old" assurances problems popped up the runs into dispute filings. Therefore the Arbitration team count was too low. The backlog starts.
Relation to Support
Arbitration can only work if support works. With no working support no dispute filings gets thru. No execution requests can be handled. This problem still continued till mid Nov 2009.
Statistics
|
2008/2009 |
2007/2008 |
Total |
47 |
6 |
closed |
34 |
6 |
running |
13 |
0 |
|
2008-III |
2008-IV |
2009-I |
2009-II |
Total |
1 |
0 |
8 |
38 |
closed |
1 |
0 |
6 |
27 |
running |
0 |
0 |
2 |
11 |
compiled 2010-01-06 from
Cases by Topics (state 2008-2009) |
|
Account deletion / Assurer Accounts |
3 |
Account deletion / Non-Assurer Accounts |
5 |
Data matching / Name mismatching |
9 |
Data matching / Name order |
2 |
Data matching / Additional names |
0 |
Data matching / Name Modifications Requested |
9 |
Data matching / Date of Birth |
4 |
Other Assurer errors |
5 |
System operations / Arbitrated Background Checks |
3 |
System operations / System Tasks |
6 |
Others |
4 |
External |
0 |
compiled 2010-01-06 from
regards, uli
20100106
BirdShack Team
During CeBIT 2009 discussions between PD, Ian and Mario discovered that the current CAcert software (libressl) might be hard to maintain. For doing more investigation on this, these three plus Alejandro met up in Innsbruck for a week for digging into it.
Analysing the current software revealed that the software had grown by time and is not well designed and possibly would not stand an audit [1].
A complete rewrite of the CAcert software had been proposed and a design was worked out known as BirdShack [2].
The main target of BirdShack was to be auditable and secure. Therefore a three tier architecture was developed.
The main features of the new architecture [3]:
- Auditability
- Authentication via tokens: A token has certain rights attached. If a priviledged person needs to gain administrative permissions he can request a token. All actions within this token are logged and can be attached to a ticket number. So priviledged persons can no longer dig around in personal information without justification (token).
- Security: Having all security relevant information and functions in the api offers us to implement user friendly frontends without the hard requirements on security. E.g. a content management system could be attached for maintaining the website contents without needing a decent software audit on the CMS.
- Distributability: Certain functions can be outsourced and access certain information via an api. E.g. the find an assurer database or an application for dispute management. Requiring user acknowledment to send data to certain applications maintains the users privacy while giving him the comfort not needing to reenter his data in any system.
Additionally there needs to be a software assessment team build up to meet Security Policy. The board was asked to start Arbitrated Background Checks on several candidates [4]. This is necessary as well for the current software and for BirdShack.
Mit freundlichen Grüßen / Best regards Mario, 20090106
[1] https://lists.cacert.org/wws/arc/cacert-board/2009-04/msg00069.html
[4] http://wiki.cacert.org/Brain/CAcertInc/Committee/MeetingAgendasAndMinutes/20091220 §2.3
Assurance Team Report 2009
The Assurance Team draws from Education, Events and ATE teams. Our first appearance as a core team happened at CeBIT March 2009 when Sebastian was appointed Assurance Officer and Ulrich was appointed Events Officer.
Assurance Training Event
Together with Ted of the Education team, we created the Assurer Training Event (ATE) concept, presentations and team. The ATE concept called for 2 parts in each event. First was training and presentations, then followed by assurances which were closely tested from a checklist. Each test in checklist was covered in presentations.
We did this ATE in many events in Germany, and it was also used several times in the Assurance Auditing spring tour.
Report on 'Spring Tour' Audit of Assurance -- Evidence Gathering
After many ATEs the assurance team met for a general team meeting the MiniTop Munich May 17th 2009 1.
A clear signal was set to the community by the Future of Assurance:
- Audit cannot cover the territory cheaply or efficiently.
- CAcert Board cannot help!
- It's up to the community!
Assurance needs to be much stronger. Therefore, the conclusion is that Assurance needs to audit itself. The Assurance team Mission is set:
Assurance needs to be Self-verifying.
Response to Findings
To meet this mission we Assurance team did this:
- Audited or co-Audited Assurance were made by Experienced or so called Senior Assurers over 100s of assurers. A proposed definition has been documented and will be used for 2010.
- The CAcert Assurers Reliable Statement (or CARS) was proposed as a way to get a reliable statement from the co-auditor over the ATE reports, and other issues like Assurer over CAP form, criteria auditing, systems reports or any similar reliable need. We need a symbol to show this, like "Fred, CARS" where CARS stands for CAcert Assurer Reliable Statement. CARS is now in the Handbook, Arbitration and training and is spreading through the Assurer network.
Long discussions about the CAP forms find an end in one Arbitration a20090303.1. It rules
the english common law position on contracts (that is, documents with legal effect) is that as long as the document carries all the elements of a good contract, it is a good. That is, form is not important.
- Therefore, there is no 'official' CAcert CAP form. Every form that includes the elements that are listed clearly in the Assurance Policy, section 4.5. is valid. Invalid documents (e.g. old ones missing the essential CCA agreement clause) can be modified by manually adding this clause.
- The CAP form that can be printed from the main website has been updated by dirk mid June 2009 to include the CCA agreement clause.
- Notify the remaining Assurers. After installing CATS, and implementing a patch about Apr/May 2009, old assurers that have not passed CATS test, are no longer assurers. A mailing has been sent out to these assurers around May/June 2009.
Our work in late 2009
Many results from the Munich MiniTOP:
- We did more ATEs.
- We need more Arbitrators to resolve Name issues. After the ATEs, that are a baseground for recruitments, because the attendees are active assurers, we found a couple of new arbitrators (see Arbitration team report) and helped them to join.
- There was a discussion about Support at the Munich Minitop because Support could not feed Arbitration. We proposed a team with several levels, 1st level, 2nd level and so on. This comes in place after Guillaumes resignation as Support Team Leader with no other team members in the team in November 2009.
Sub-Policies under AP
After the CCA was approved at TOP september 2007, then ratified by both policy group and association AGM, the problems that relates to exceptions continues. We organised a Hamburg MiniTOP in December 2009 to finish off discussions on exceptions from Munich:
junior members/assurers were not acceptable as defined by CCA. At Hamburg, we finished the discussion and introduced a new proposal for Policy on Junior Assurers/Members ("PoJAM") into policy group 3.
- TTPs were also undocumented and not acceptable to Assurance Policy. At Hamburg we started the discussion and documented a new concept. TTP table is already complex and there is general skepticism about the current efforts to make this happen, it looks like the subpolicies cannot resolve the difficulties.
- Tverify subpolicy is a wip with Guillaume. A start was done in Paris 20090503. Tverify was to be stopped when Audit hits it, but did not get done in time, when it was end-of-lifed late December 2009. It is now terminated, and points will drop December 2010.
- Super-assurances are to be identified and deleted. Assurance Policy allows more EPs to be assigned temporarily. So there is still a possibility, but no more then 50 pts. This was used once in Latin America during this report's time.
Policy Group's Year
Policy kicked off the year by bringing Assurance Policy to DRAFT, p20080712.1 and then to POLICY five months later. This major effort created the formal framework for all assurance, and has stood the test of time well, with no outstanding calls for rewrites! What it did leave aside were the exceptions, and only slow progress was made there. Work on Tverify was beaten by the end-of-life of Thawte's Web of Trust. A policy for Juniors has been through several iterations but still not received consensus. TTP likewise has seen several versions, none of which gathered more than a few supporters.
Security Policy was a great success, taking a first cut framework and effort from Pat Wilson and filling it out. This went to DRAFT in March, and allowed the systems audit to kick-off. However briefly. What is significant about this document is that it is all ours, and the best example of a community process: Pat, Teus Hagen, Philipp Dunkel, Wytze van der Raay and Iang all made significant contributions.
And, in fine style, the CPS, the granddaddy of all CA document, went to DRAFT in July of 2009. This document took over 3 years to write! And in the process, we found it much more convenient to kick out all of Assurance, all of Security, and all the agreements as well.
Other notable events include a combined OA sub-policy for Europe, a new regime for IDNs, and more methods for checking domain control.
For the future: the priority remains for us to finish the Audit set, fill out the Assurance Exceptions, and then look at Organisation Assurance with fresh eyes.
Philipp Dunkel, documents officer 20090115
Sonance Team
Sonance.net engineers Matthias Gassner and Matthias Šubik supported the shutdown of the CAcert critical servers in Vienna on 30th September 2008. Šubik took charge of the backup disks, storing them in the secure safe of Okto.tv, our community TV station. Gassner rode shotgun over the critical disks with Philipp Guering and Iang from Vienna to Ede, for the handover to the new team.
In February 2009, we got together for a combined assurance and disk destruction event. Philipp Dunkel took the angle grinder to the old CAcert critical platters, and the shreds were distributed at random locations from Vienna to Ede!
Late in 2009, we got the go-ahead to put together a 2nd machine for hosting VMs. We will share our 2 machines between Sonance.net and CAcert's infrastructure team. That 2nd machine is now on the bench, virtualised and is receiving its apps & data. Hopefully, VMs are up and delivered to CAcert for February.
Support Team
In 2009 the support team faced it's own crisis, although not a financial one it led to serious changes.
The Crisis
In the beginning of 2009 the support team consisted of only three members (Guillaume Romagny, Alejandro Mery Pellegrini and Philipp Gühring) who were more and more occupied by other tasks within and outside of CAcert. Although their call for help led to an ABC (Arbitrated Background Check) over Werner Dworak in May, this arbitration didn't progress. In August only Alejandro was left to answer the plenty of requests that are sent to support@cacert.org and it became obvious to him that the circumstances wouldn't change so he downed tools, Guillaume took over and ran support on limited operation. In November Guillaume and Alejandro finally resigned and Ian Grigg was appointed Temporary Support Officer and left with the task to build a new team and get support into full working state again as soon as possible.
The Resurgence
Like in the financial crisis the face of the support crisis made things happen that were not possible before:
- The ABC over Werner Dworak was completed and he was made SE (Support Engineer)
- A bunch of people were recruited from the community to become Triage members (see below) and once their ABC was completed SEs.
The support task was split up:
Triage - People who don't necessarily have to have undergone a ABC are sorting all mail that's sent to support@cacert.org and forward it to the several places where it can be answered (SEs, public support list, disputes, etc.). They keep the amount of mails that hit the SEs low by separating spam and ham and directing mails which obviously have to go to other places straight there, they never answer mails and they are fast (when Triage started we had a backlog of about 1800 mails of which most were already answered, some were not and of some the status was unknown, this was worked off in three weeks).
SE - These guys have to be background checked and do all the more complicated stuff. They answer questions, find people who can answer more complex questions, have access to the admin interface of cacert.org (e. g. to reset passwords) and execute rulings as requested by arbitrators.
The Present
Since November we have been building up and improving support:
- Three more SEs were background checked and appointed by the board
- Wolfgang Kasulke
- Martin Schulze
- Michael Tänzer
- More people went into Triage
Having more SEs and Triage helping them to concentrate on the work that needs to be done will hopefully prevent that support gets burned out again. It also means that we still have time for other things (optimise our processes, improve and update documentation and do other community work).
Right now we are switching from a shared IMAP inbox and a mailing list to a proper issue tracker (OTRS) which Mario Lipinski set up. He also helps us polishing off a few rough edges in it. Using OTRS will hopefully make coordination within the support team easier.
The Future
Although we really got somewhere in these few months we still have things to work on:
- We'll keep recruiting new people for support although we'll decrease the rate. We want to make sure that we have enough people in support that if someone leaves the team or is more occupied by other tasks we can still offer good service to the community
- In order to do that we'll keep the documentation up-to-date and we have started experiments on a ‘Support Challenge’ similar to the Assurer Challenge to educate prospective support team members
- We'll finish our migration to OTRS
- Once we feel comfortable with OTRS we want to invite other teams to join us. There's potential for dispute handling to benefit from the system and maybe other teams want to use it as well.
- Currently, password reset and account recovery is slow, difficult and consumes most of our support resources. We want to investigate new methods, including using the Assurers to authenticate the recovery, and better system operation through patches
Michael Tänzer, Support Engineer
Infrastructure Team
The year of 2009 started with CAcert becoming more open. System documentation became public. All of a sudden the cacert-board list became publicly viewable at about the same time we migrated from mailman to Sympa which had a X509 authentication regime. Mail lists became externally archived at gmane and became searchable by search engines. This was not without controversy and highlighted a lack of policy around privacy which hasn't been totally fixed with new policies.
We had a great staffing influx in July which has spread the workload however further work is still needed to improve documentation and manage consistency and change.
Offers of infrastructure came and died out. Eventually Adfinis came through with a production server and test machine, power, bandwidth and IP addresses all for free. Big thanks to Mathieu, Ernie Schwob, Andreas Bürki and all the Adfinis staff who made it possible. This is going to make the move of non-critical infrastructure out of BIT which will make our critical systems easier (or possible) to audit.
Following our x509 authentication on the email lists and irc came blog and other systems are still in the works.
A request for help in July was answered by:
- Bas van den Dikkenberg (email/monitoring/issue tracking)
- Christopher Hoth (email/lists)
- Jan Dittberner (svn)
- Lance Davis (logging)
- Markus Warg (Translingo/webmail)
- Mario Lipinski (wiki/issue tracking)
- Stefan Freudenberg (blog)
- Nicholas Bebout (issue tracking and later irc)
Other staff volunteered further down the line
- Brian Henson (ldap/puppet)
Philipp Dunkel wrote a board motion tracking system that has helped out the board a lot.
A big thank you for volunteering.
All these new staff created the need for email alias so for the convenience of all here how to contact an admin for a system.
A new architecture for access systems by systems administrators was put in place to increase logging and make it easier to manage access thanks to Wytze and Mendel of the critical systems admin team. Stricter firewall rules were also places around CAcert's infrastructure limiting outbound traffic for the first time.
Systems have had a few changes over the 2009 year:
Blog - system got updated to Debian Lenny, Got X509 authentication so any assured member can now write articles (and fixed a spam problem), got a "I love social bookmarking" plugin to share our stories in other ways.
Bugs - stayed working
cats - had its client X509 authentication improved to give user's better error messages if they don't have a certificate installed.
- cod - is our new documentation server still in development
crl - our crl distribution server - got improved to deliver compressed crls, caching info, and those users excessive downloading crls have been slowed.
Hashserver - still works
email - now has a directory, password changing with and without X509 certificates, webmail, sieve
- forum - is still being developed
irc - gained x509 authentication in early 2009 (maybe?)
lists - got rebuilt from a software point of view and data migrated. More lists were added. old lists got removed. And lists owners were introduced so system admins weren't doing all the work. Thank you list owners.
- logging - under the hood we now have a centralised log server to preserve the integrity of our logs even in the case of partial server compromise. Logging on all systems has been reviewed to make sure we are capturing enough logs and they are readable by system admins.
- ocsp - this service got updated to support OCSP HTTP GET requests which was causing CAcert's Opera users a lot of grief
- paypal - payment interface for staff is in development
svn - still works
translingo - still works - minor issues fixed
infra-ch01 - new virtual machine host for infrastructure
cacerttest-ch01 - new virtual machine host for testing stuff
puppet master - new puppet master server at Bern
ldap - ldap server - plan centralise authentication and provide optional X509 repository there
- issue - Nick did the initial install of OTRS. Configuration and roll out was done by Mario. Actually issue tracking went live for support work (Triage and Support Engineers) and we are continuously fine tuning the parameters to their needs. Other areas like Disputes and Organisation Assurers will be integrated in the future. Maybe also all teams (e.g. system administrators, software) in the long term - need a plan for separating this from bug tracking and development management. Email interfacing (controlling OTRS via email) might be another thing to keep an eye on in the future.
wiki- Was updated to a vanilla version of MoinMoin and fixed some bugs introduced by using the installed debian version (e.g. GUI editor). Also many configuration tweaks and adjustments many regarding ACLs and ongoing adjustments of ACL. Started with development of a CAcert wiki style. See http://wiki.cacert.org/SystemAdministration/Systems/Wiki for plans (deploy style, certificate login, additional modules) and documentation.
Daniel Black Infrastructure Administrator
Software Team Ad Hoc Formation and Report
- in late 2009, Teus created a mega-patch to do a sophisticated CAP-Form layout. It had problems due to language support, international characters, PHP version incompatibility and overall completeness. It was not completed, but installed as newcap.php for availability. This first effort provided a first signal to others: small patches only, mega-patches are too hard.
- At CeBIT 2009 we had some talks about the CCA, including which CAP-Forms to use etc.
- Dirk detected that it is not necessary to set the CCA-Checkmark to get an account. So he tried to setup a test-environment on his machine, which failed, and also tried to write a patch, where the state of this checkbox was used to decide if an account can be created or not (read: checkbox checked or not).
- This patch was submitted with a warning that it was untested, and was installed in a broken fashion on the production machine. This was an early warning that the process was not robust.
- Some weeks later Dirk managed to set up a test-environment and then was able to write several patches. This slowness in setting up was a warning that the process of development was not easy.
- Several patches from Alexander Prinsier and Dirk found their way to production:
- CAP-form adds "I Agree to the CCA" clause, installed June, inspired by Munich MiniTOP meeting
- a speed-up of SQL-queries
- additional functions for Support
- In July, Dirk sent CCA-Patches in three mails in one week into cacert-devel and installed them on test1.
- However, test1 had a software-state from March or April, another forewarning.
- For many months, a test team of half a dozen people was formed and did lots of testing, but found it very tough to test all the combinations. This repeated the signal that mega-patches are too hard.
- In November, Dirk removed the CCA-patches from test1 since testing the entire patches proved too hard.
- Dirk then requested that test1 should be put in a state compatible with the software-state of CAcert.org so further tests could be run. However this has not happened, and is a further warning that the software development process is not good.
- In January, Jan helped to get test1 running again after problems with disk space. This involved configuration changes to apache and mysql, which was necessary and useful, but again the system deviates further from the production system. Therefore it is not easy to do reliable tests of new patches on test1. Another warning.
- Conclusion is that that it is a problem for one person only to participate in the development, assessing of patches, installation of the patches into the prodcution system, as well as manage the test systems to provide robust and accurate environments.
- Andreas Baess has taken on the task of re-developing the software development process. First step is to build a repository for patches and then a good test-environment. Then, patches will be installed and tested by the test team before being presented for production use.
- Ulrich convened a week of meetings in Germany and that included a full day with all the new software developers in Essen. As Birdshack was moving (too) slowly, we decided it was urgent to do something. All were happy with the basic plan presented by Andreas, and gave it enthusiastic thumbs-up.
Contribution from ex-Auditor
Critical Systems! Audit opened the financial year (FY08/09) with serious pressure on the Critical Systems. An early 2008 plan had collapsed, governance controls had failed on temporary hosting, and temperatures were running high.
The primary blockage is, in my opinion, the difficulty of integrating new people in to help with the tasks.
1.
This led to Auditor insisting on an entirely new team, and an end-of-2008 deadline. Teus Hagen invited a new critical systems team with Wytze and Mendel, and the Board confirmed the decision m20080624.1 m20080901.1 to move the servers, come hell or high water. The Vienna team of Sonance and CAcert members prepared the machines and disks for transport, and Matthias Gassner and Philipp Guering drove the disks from Vienna to Netherlands. In the event, the transition was smooth and painless, with the systems coming up by midday on the 1st October. The prior planning paid off.
With the systems moved and a new critical systems team in place, a work-through period was required. They were guided by a new security manual from Pat, which took the place of a checklist for work required. This document settled into its ultimate Security Policy form p20090327 after many reviews, and the team declared itself ready for review. The first (and only) formal audit visit was conducted early April as the Security Policy became effective in DRAFT, and reviewed the uptake of the policy, the physical infrastructure and facility, and roots.
Assurance. Assurance Policy kicked off the year's work by going to DRAFT p20080712.1, and with the CCA in place this provided the policy foundation for review of the Registration Authorities or RAs. However, the new policy did not get rolled out to the Community in any cohesive form, and it wasn't until CeBIT in February 2009 that a group formed to get AP moving via training and testing of the Assurers.
The Assurer Training Events and the concept co-auditing was then rolled out across Germany and wider Europe, with the combined results sufficient to be termed a review or audit over Assurance. This base would have supported a formal audit report over the Assurance part of CAcert (known as Registration Authority audit) but this opportunity was not grasped.
Policy. Other policy work moved forward, primarily the CPS which received continuous improvement over the year, to go to DRAFT p20090706. A big gap in policy work was identified, being the Assurance Exceptions. Because these were optional, they were left out of scope of the audit. Also, concerns over the gap between Organisation Assurance Policy and the practice observed caused that to be moved out of scope as well.
Software. The slowness or absence of patching to make necessary changes demanded by audit, policy and the board led to rising concerns about software. Audit inspired a casual review of the source code by CAcert community members in February 2009, and concluded it was difficult to support. Because of skepticism of this result, a formal camp was organised at Innsbruck in April 2009 to investigate the code. This effort reported it as substantially unmaintainable and started a new project called BirdShack.
Although a very good start, the dual-track approach was barely sufficient to appease Audit, and as the SGM process rose up, Birdshack stalled. Consequently, CAcert's software has regressed while most other teams have advanced in leaps and bounds.
Admin. The review-proper of the systems and Assurance only got into high gear in early 2009, and this caused a substantial increase in the demands for changes and work on the Community. The Board was not capable of responding to this work, and as work dragged out with little change in sight, and as funds ran low, with schedule running about a year behind, Audit terminated in June 2009.
This crisis sparked an SGM which resulted in a new team of management, including the now ex-Auditor. From the inside, it quickly became clear that the previous Board was a victim of the myth of who was "doing the audit"; it was not the Auditor, nor the Board. Rather it is the Community who progresses the audit work. Since then, we have engaged in a marketing and PR campaign to ask the Community how their contribution feeds into the audit process.
The FY's audit activities was heavily funded by NLnet Foundation, and Audit spent most of 2 phases of NLnet funding of 18,000 euros. Additionally, Audit was funded in cash and in kind by contributions from many members of the Community.
Ian Grigg, ex-Auditor.
20100112
Other Teams
Add your teams here! Your one chance for fame & glory! Eternal long life in words and pictures!