Difference between pages "Key signing" and "User:Andrew Buckeridge"

From LCA2014 Delegate Wiki
(Difference between pages)
Jump to: navigation, search
(Submitting your key)
 
(Miniconfs/OpenGov discuss)
 
Line 1: Line 1:
= Key signing party =  
+
= Miniconfs/OpenGov =
We should have a key signing party, up for suggestions on where and when and what format
+
<pre>
 +
All information that intended for public consumption should be at least
 +
CC-BY (or lGPL for software). I would prefer CC-BY-SA and full GPL for
 +
software so changes are more visible. This is essential for software.
 +
Software disclosure is more important as software can be used to change
 +
data.
  
 +
I am a member of an Australian Standards committee BD 58. This
 +
committee wanted to borrow just the electrical safety information from
 +
CPSISC Pocketbook V2 for an annex. As the Australian Standards and the
 +
process is closed it could not be a Share Alike style license like GPL,
 +
CC-BY-SA, etc., but the CC-BY attribution license was ideal. This
 +
licence was recommended by the Government 2.0 Taskforce.
  
== Before the event ==
+
The document was a DRMed PeDoFile with just copyright and no mention of
 +
a license. To crack it or use it in any way I needed to obtain written
 +
permission to supercede the secret and unknown DRM conditions.
  
You need a gpg key to start, create one now!
+
I obtained advice which also recommended that I seek to obtain the
You might as well make it with as big a key size as possible.
+
material under the CC-BY license. This was discussed with Standards
<pre>gpg --gen-key
+
Australia and BD 58. Then I had job of finding who to ask. I finally
gpg --list-secret-keys
+
was able to contact DCCEE - Legal at climatechange.gov.au in Nov 2011.
gpg --fingerprint FA9EC035</pre>
+
  
 +
I finally got a reply in Jun 2012 which was CC-BY, but with additional
 +
restrictions.
  
== Submitting your key ==
+
> (a) The material must be used in an appropriate context and reproduced
 +
> accurately without distortion of meaning.
 +
There were many factual errors and only some of the electrical safety
 +
section was useful. We had members of wiring committee EL 1 to assist.
  
Currently nothing has been decided, please add suggestions below.
+
Attribution (b) is reasonable and required by the CC-BY license. By
* create a wiki page containing your fingerprints
+
attributing the original document any changes would be visible.
** [[https://lca2014.linux.org.au/wiki/User:Daniel_sobey Daniel Sobey]]
+
* Some other tool, edit this page and we may use it
+
  
{| class="wikitable"
+
> (c) The material must not be used for commercial sale or profit.
|+ people participating in identification exchange
+
Australian Standard are not free or open. They cost money and
! Real Name !! Key Id !! Key Fingerprint !! Preferred E-mail Address
+
discussions are confidential.
|-
+
  
|-
+
This DRMed PeDoFile cost a bomb and any had marginal entertainment
| J Random Person  || 0x0000000000000000 || FFFF FFFF FFFF FFFF FFFF  FFFF FFFF FFFF FFFF FFFF || jrp@example.com
+
value and with in conflict with the Australian Standard 3999 used by
 +
competent established thermal insulation installers. However,
 +
inspectors off the dole queues were using the bad fiction.
  
 +
They then did another one. This was mentioned at BD 58, but no one else
 +
was interested. I have not reviewed it. We do not use it.
  
|-
+
> Australian Government agencies are required to release copyright public
| [[https://lca2014.linux.org.au/wiki/User:Mark_Atwood Mark Atwood]]  || 0x5BB3D38332608126 || D37B E0BF 09D3 C69B DDAC  78B5 5BB3 D383 3260 8126 || me@mark.atwood.name
+
> sector information under Creative Commons by licence or other open
|-
+
> content licences, wherever possible. This is in line with
| [[https://lca2014.linux.org.au/wiki/User:Daniel_sobey Daniel Sobey]]    ||  0xFA9EC035 ||  || dns@dns.id.au
+
> recommendations of Government 2.0 Taskforce Report.
|-
+
http://www.ag.gov.au/RightsAndProtections/IntellectualProperty/Pages/LicensinganduseofCommonwealthmaterial.aspx
| [[https://lca2014.linux.org.au/wiki/User:Daniel_sobey Daniel Sobey]]    ||  0x7E706939 ||  || dns@dns.id.au
+
|-
+
| [[https://lca2014.linux.org.au/wiki/User:Daniel_sobey Daniel Sobey]]    ||  0x2EC08895 ||  || dns@dns.id.au
+
|-
+
| [[https://lca2014.linux.org.au/wiki/User:Paul_Warren Paul Warren]]  || 0x5341F366208EDB2A ||  DF30 FFE6 CBEE ED60 E340  EEBA 5341 F366 208E DB2A || pwarren@pwarren.id.au, paul@thewarrens.name
+
|-
+
| [[https://lca2014.linux.org.au/wiki/User:Paul_Warren Paul Warren]]  || 0x89A45B0613ABFE97 ||  2D60 F3A8 CB31 9C99 F76E  0637 89A4 5B06 13AB FE97 || pwarren@pwarren.id.au
+
|-
+
+
|}
+
  
== At the event ==
+
I was asked to obtain some aerial from a WA state agency. I requested
We will need someone to collate the keys and print them out.
+
TIFFs as they come out of the camera as this had meta data that can be
Please let us know how many we should print and where to print them.
+
used to stitch the strips together. I had made this clear, but what I
 +
got was photoshopped Adobe "JPEGs". I intention was to make JFIF JPEGs
 +
with the size and balance that I wanted, but what I had got was already
 +
JPEGed!
  
What we did last year was go to a lecture theatre with a projector.
+
Some sources of data are plaintext. This is least obfuscated form of
Each person stands up, shows their photo id and read their fingerprint aloud.
+
data. I was told that they will be helpful and paste it in Excel and
printouts of everyone's fingerprints were provided so you can tick off as you go
+
then send you an XLS or worse still an XLSX of it!
This worked ok but took a long time to get through everyone.
+
  
 +
These are examples of undisclosed software being used to change data.
  
 +
Perhaps government agencies can not read my plaintext email as they are
 +
using Outlook?
  
== Ad hoc Signing ==
+
This is why I always discuss via telephone.
  
Put your fingerprint on a piece of paper and hand it out to people.
+
The plaintext version of text/plain media type is described in RFC 20,
No need to do it formally just swap as you meet.
+
822, 2045, 2046 (4.1 Text Media Type), 2822 and 5322. The precedents
 +
for plainetxt go back to teleprinting. In the earliest form you cut
 +
ticker tape on space and that multiple spaces are paragraph breaks
 +
where you skip a line. This was done later with CRLF and CRLFCRLF by
 +
TTY operators. Similar plaintext also the source code basis of software.
 +
</pre>
 +
= Astronomy BoF =
 +
<pre>
 +
CMOS CPUs are clocked much faster than thermal permit so they must slow
 +
down as they heat up. This mode of operation was first used in CMOS
 +
mainframes where a valid process will yield for IO. When processes have
 +
yielded the CPU stops and cools down. This means that the CPU can run
 +
much faster in bursts than it could in continuous operation.
  
Things to watch out for:
+
Linux has ignore_nice_load feature which stops nice jobs breaking power
* does it match thair name
+
management that must now be regarded as essential. Linux does not stop,
* Does the person have a key with that fingerprint, do the numbers match.
+
but it does slow CPU down. This cools the CPU and allows it burst up to
* know that anyone can generate a key and claim an email address
+
full speed when priority jobs become ready.
* if someone can be bothered they can keep trying to generate a key with the first 8 digits the same as another key but getting the whole fingerprint is nearly impossible
+
  
 +
When you are running stuff like https://boinc.berkeley.edu/ you may not
 +
want it to slow down you apps. Running it nice alone will not prevent
 +
your apps from being slowed down. You need to give your CPU a chance to
 +
cool down.
  
== When you get home ==
+
# echo 1 >/sys/devices/system/cpu/cpufreq/ondemand/ignore_nice_load
after the event you should have notes of who to trust the next thing to do is sign the key.
+
</pre>
You can individually sign each key, export the signature and send it to them.
+
= Contact =
 
+
<pre>
[https://wiki.debian.org/caff caff] is a tool that automates the signing a little.
+
!  .  !  .  !  .  !  .  !  .  !  .  !  .  !  .  !  .  !
It will sign and send an email (encrypted if possible) containing the signature.
+
! I am the intended addressee of any email sent to me. Such email is my
It requires some setup but it does make things easier.
+
! property and I may send samples of unsolicited email or randomly
 +
! directed Outlook mail to network news or post on the www in order to
 +
! expose and discourage such behaviour.
 +
! http://n50.bgcaus.com/~andrewb/public.key current or D3572FAE
 +
! Key fingerprint = D6F3 CE30 D359 8288 3C39  34B1 4CED ABD9 D357 2FAE
 +
! Andrew Buckeridge <andrewb@bgc.com.au>, Mob +61 4 29370306
 +
! Work - Tel: +61 8 93344925, Fax: +61 8 93344660
 +
! Home - Tel: +61 8 92846018, Fax: +61 8 92846011
 +
</pre>

Revision as of 09:09, 8 January 2014

Miniconfs/OpenGov

All information that intended for public consumption should be at least
CC-BY (or lGPL for software). I would prefer CC-BY-SA and full GPL for
software so changes are more visible. This is essential for software.
Software disclosure is more important as software can be used to change
data.

I am a member of an Australian Standards committee BD 58. This
committee wanted to borrow just the electrical safety information from
CPSISC Pocketbook V2 for an annex. As the Australian Standards and the
process is closed it could not be a Share Alike style license like GPL,
CC-BY-SA, etc., but the CC-BY attribution license was ideal. This
licence was recommended by the Government 2.0 Taskforce.

The document was a DRMed PeDoFile with just copyright and no mention of
a license. To crack it or use it in any way I needed to obtain written
permission to supercede the secret and unknown DRM conditions.

I obtained advice which also recommended that I seek to obtain the
material under the CC-BY license. This was discussed with Standards
Australia and BD 58. Then I had job of finding who to ask. I finally
was able to contact DCCEE - Legal at climatechange.gov.au in Nov 2011.

I finally got a reply in Jun 2012 which was CC-BY, but with additional
restrictions.

> (a) The material must be used in an appropriate context and reproduced
> accurately without distortion of meaning.
There were many factual errors and only some of the electrical safety
section was useful. We had members of wiring committee EL 1 to assist.

Attribution (b) is reasonable and required by the CC-BY license. By
attributing the original document any changes would be visible.

> (c) The material must not be used for commercial sale or profit.
Australian Standard are not free or open. They cost money and
discussions are confidential.

This DRMed PeDoFile cost a bomb and any had marginal entertainment
value and with in conflict with the Australian Standard 3999 used by
competent established thermal insulation installers. However,
inspectors off the dole queues were using the bad fiction.

They then did another one. This was mentioned at BD 58, but no one else
was interested. I have not reviewed it. We do not use it.

> Australian Government agencies are required to release copyright public
> sector information under Creative Commons by licence or other open
> content licences, wherever possible. This is in line with
> recommendations of Government 2.0 Taskforce Report.
http://www.ag.gov.au/RightsAndProtections/IntellectualProperty/Pages/LicensinganduseofCommonwealthmaterial.aspx

I was asked to obtain some aerial from a WA state agency. I requested
TIFFs as they come out of the camera as this had meta data that can be
used to stitch the strips together. I had made this clear, but what I
got was photoshopped Adobe "JPEGs". I intention was to make JFIF JPEGs
with the size and balance that I wanted, but what I had got was already
JPEGed!

Some sources of data are plaintext. This is least obfuscated form of
data. I was told that they will be helpful and paste it in Excel and
then send you an XLS or worse still an XLSX of it!

These are examples of undisclosed software being used to change data.

Perhaps government agencies can not read my plaintext email as they are
using Outlook?

This is why I always discuss via telephone.

The plaintext version of text/plain media type is described in RFC 20,
822, 2045, 2046 (4.1 Text Media Type), 2822 and 5322. The precedents
for plainetxt go back to teleprinting. In the earliest form you cut
ticker tape on space and that multiple spaces are paragraph breaks
where you skip a line. This was done later with CRLF and CRLFCRLF by
TTY operators. Similar plaintext also the source code basis of software.

Astronomy BoF

CMOS CPUs are clocked much faster than thermal permit so they must slow
down as they heat up. This mode of operation was first used in CMOS
mainframes where a valid process will yield for IO. When processes have
yielded the CPU stops and cools down. This means that the CPU can run
much faster in bursts than it could in continuous operation.

Linux has ignore_nice_load feature which stops nice jobs breaking power
management that must now be regarded as essential. Linux does not stop,
but it does slow CPU down. This cools the CPU and allows it burst up to
full speed when priority jobs become ready.

When you are running stuff like https://boinc.berkeley.edu/ you may not
want it to slow down you apps. Running it nice alone will not prevent
your apps from being slowed down. You need to give your CPU a chance to
cool down.

# echo 1 >/sys/devices/system/cpu/cpufreq/ondemand/ignore_nice_load

Contact

!   .   !   .   !   .   !   .   !   .   !   .   !   .   !   .   !   .   !
! I am the intended addressee of any email sent to me. Such email is my
! property and I may send samples of unsolicited email or randomly
! directed Outlook mail to network news or post on the www in order to
! expose and discourage such behaviour.
! http://n50.bgcaus.com/~andrewb/public.key current or D3572FAE
! Key fingerprint = D6F3 CE30 D359 8288 3C39  34B1 4CED ABD9 D357 2FAE
! Andrew Buckeridge <andrewb@bgc.com.au>, Mob +61 4 29370306
! Work - Tel: +61 8 93344925, Fax: +61 8 93344660
! Home - Tel: +61 8 92846018, Fax: +61 8 92846011