[IMC-Tech] Was: about the certificates / Still is: Resigning from tech work

[anna at mail.nadir.org]

+1, as they say ;)

Great big applause from me, too, to everyone who's still keeping  
things running, and to those who maintain active Indymedia sites or  
other projects.

When I read the first post of this thread I was torn between two  
opposing feelings. One being: I can totally understand if people go  
elsewhere. The other: NOOOOOOooooo!

The techies probably know better than anyone else how vital the  
Indymedia infrastructure is for many activists also beyond Indymedia.

I've moved elsewhere with my own media work but for some reason I've  
always kept one toe in the network, as we say. I'm still spending the  
5 minutes a week administrating one of the global lists. Not sure it  
makes much sense, but giving a tiny bit of my time to keep some  
infrastructure alive. I'm saying this not to brag but because it shows  
(myself, mostly) that I find the Indymedia infrastructure so much more  
important than many other projects I've let go over the years.

I'm not going to start to try to convince people to stay when you've  
made the decision to go. Anyone who's leaving now after all these  
years of work deserves nothing but Applause. I'm saying this because I  
hope that some people may get motivated to put in a little of their  
time to wrap things up properly. And that we get to a stage where  
those who are alive and kicking can go on and the rest is documented  
and archived in a good way.

I will help do that, if it's possible with not much time. I propose to  
use imc-communication to talk about how this can be done? Or is  
imc-tech better? Any suggestions welcome!

Anna



Zitat von reven at riseup.net:

> Hello --
>
> First of all, thanks Amy for sending this information. It will help IMC's
> and global website groups make better decisions concerning this issue.
> But, first -- it seems to me that the major decision on the table is how
> to stay up and if to stay active or be archived -- and I'd like to add to
> the discussion:
>
> I'd also like to thank everyone doing tech -- legacy or newbies! Even
> though I'm a great example of how to be involved longterm and not get to
> the point of technically maintaining things, I have learned what it takes
> and how to organize it, and want to support what others have said about
> the tech opportunities in volunteering. Respect.
>
> It has been mentioned that only a handful of people has responded to this
> thread, and it does speak volumes for the network's current organization
> and activity level, but I believe that like myself -- there are others who
> are: more focused on local IMC's (or other things), responding to the
> general vacancy, don't feel like dittoing what others are already writing
> is helpful, and don't want to speak up without being able to offer purely
> technical help. So, I just want to encourage those folks to speak up
> anyway, please!
>
> Now, I'd like to support the idea that gdm and Alster raised: that process
> is a hurdle and that politics are very much involved, that vibe is
> important, and that as things end/pause/continue it's important to
> maintain and (I'll add) celebrate history. The SSL issue echoes this along
> with every other decision that needs to be made. But, I want to support
> the stocktaking process that has already begun and encourage folks
> (especially non-techies) to concentrate on that as much as possible.
>
> Over the years, we have seen various non/crucial tech initiatives come to
> an untimely end because of process/political discussions, not that this is
> totally avoidable in such a network (to say the least), but focusing on
> getting the facts straight is paramount to enabling these discussions to
> proceed constructively to the extent that they will -- and even if they
> won't, being able to have some sort of gathering/celebration/respect
> (online/person) even just for having indymedia archived, would really make
> a big difference. Many of us have given much of their time to volunteering
> for this network over the past 10 years, it would be a shame to end with
> endless discussion/s, bad feelings, etc. without coming together at least
> one last time to appreciate all that we've seen and done (the good and
> bad!).
>
> The global situation and our archiving needs will clear up during
> stocktaking. We will also know what resources the network has for the
> future, options for the network will come into focus, and then we can have
> process/political discussions about global pages/groups/resources
> reinvigorated vs. archived; how, who, when, etc. Either way, again, some
> dancing is a must.
>
> As things are now, it seems to me that the most helpful thing non-tech
> volunteers can do (and what I've decided to focus on) is help the tech
> group through the stocktaking process, look for archiving options, and
> possibly refresh the contacts/communications to ensure that as many people
> in the network participate in this process as possible. Seeing as many
> people are not on the global lists as much, it may make sense to draft a
> simple stocktaking announcement (maybe even containing a general
> timeframe, general process outline, specific needs, links) translate it
> and send it out far and wide -- including posting it a global feature. The
> worst that could happen is that we'll be surprised, but either way, I'm
> glad this is taking place in the first place, and really hope this somehow
> helps things along.
>
> In solidarity,
> Rona
>
> (PS -- before I forget, there are already a few expired sites archived on
> archive,org, or at least I've found some there over the years)
>
>
>
>
>
>> Hi Everyone,
>>
>> I wanted to reply to Petros's last note about security certificates,
>> copied below and archived here:
>> http://lists.indymedia.org/pipermail/www-features/2012-March/0304-ry.html
>>
>> I am not an expert but I think Petros might be misunderstanding the need
>> for / nature of certificates. My understanding is its not an optional
>> thing, we have to have some sort of security certificate enabled if we
>> want to have any https traffic.
>>
>> Below I am copying a general explanation that Jamie from
>> MayfirstPeopleLink wrote awhile back to help me and the NYC group
>> understand certificates and why they work the way they do. Its based on
>> an MFPL wiki page
>> (https://support.mayfirst.org/wiki/what_is_an_ssl_certificate), and he
>> adapted it it to Indymedia. I'm forwarding it with his permission. Maybe
>> something like this could be posted somewhere in a way that allows us to
>> refer the sort of confused and frustrated people that Petros is
>> interacting with to it.
>>
>> ----- START Explanation from Jamie, MFPL -----
>>
>> Security is a two-way street. When I go to a web site I have to prove to
>> the web site that it's really me before the web site gives me access to
>> anything private or restricted (such as access to my email). The most
>> common way that is done is via a login in which I provide a username and
>> a password. Because I supply the correct password, the server knows it
>> really is me, because I'm the only one who knows my password.
>>
>> But how do I know that the server I'm going to really is the server I
>> want to go to? Just because I type https://docs.indymedia.org/ into my
>> browser, doesn't mean that the server really is the Indymedia server
>> that I think it is. Any number of things can happen via the Internet
>> between my computer and the server I'm connecting to that might fool my
>> computer into thinking I'm connecting to docs.indymedia.org when in fact
>> I'm connecting to someone else's server specifically setup to look like
>> the Indymedia server. If that were to happen, I might type in my
>> username and password on this stranger's server that is acting like
>> docs.indymedia.org, essentially handing over my identity to a stranger.
>>
>> The purpose of security certificates is to ensure that the site I'm
>> connecting to really is the one run by Indymedia.
>>
>> Unfortunately, the technology for setting up this system is
>> fundamentally flawed.
>>
>> It works like this:
>>
>>   * most major browsers, even free/open source ones like Firefox, are
>> pre-configured to trust a pre-defined set of for-profit corporations to
>> verify the identity of all web sites on the Internet.
>>
>>   * web site maintainers are expected to pay $75 or so to these
>> corporations in exchange for a digital certificate verifying that we are
>> who we say we are.
>>
>>   * once this digital certificate is installed on the web server,
>> browsers will access the secure web site without any errors.
>>
>> If you don't pay $75 for the certificate, then most people will get a
>> security error.
>>
>> There's a word for a setup like this. It's called a "racket."
>>
>> Rather than play this racket, Indymedia uses cacert.org to sign it's
>> security certificates. cacert is a nonprofit organization that signs
>> certificates for free.
>>
>> cacert is not pre-installed on most browsers, however, you can install
>> it by following the directions here:
>>
>> http://wiki.cacert.org/BrowserClients
>>
>> If you install the cacert certificate, your browser will automatically
>> trust all indymedia web sites that have been signed by cacert, so you
>> will no longer get any error messages when you access them.
>>
>> However, in addition, your browser will trust *all* web sites signed by
>> cacert (which could be a good thing or a bad thing depending on how
>> cautious you are).
>>
>> ----- END Explanation -----
>>
>> So, this addresses the "problem" that many of us experienced for many
>> years. Its actually a nice opportunity for political education!
>>
>> However, my understanding is that since last summer, even this
>> explanation won't completely address the problem with the global site...
>> I consulted with a few people offlist before responding to this because
>> I didn't want to add to the confusion. It appears that our security
>> certificate for the global server has explicitly been revoked - see:
>> https://lists.indymedia.org/pipermail/imc-tech/2011-June/0602-g4.html
>>
>> It appears that this may have taken place in conjunction with the
>> conflicts in the UK group.
>>
>> So, even if you import the cacert certificate to your browser (following
>> the instructions below), you may still get a problem connecting to the
>> site.
>>
>> I'm not sure if this means that we can never again have a viable
>> certificate through cacert or whether we have to purchase one from the
>> racket that Jamie refers to?
>>
>> Hope this is helpful,
>> Amy
>>
>> On 3/4/12 10:03 AM, Petros Evdokas wrote:
>>> On 2/28/2012 10:05 PM, Garcon du Monde wrote:
>>>
>>>> the big dilemma i have been trying to face up to over the past few days
>>>> is what to do with the global website: it is lost, isolated, without
>>>> tech support. i (and a few others - i think unknowingly) have access to
>>>> the publish server, but as far as i know there has been no sysadmin to
>>>> really look after it or the primary mirror for greater than six
>>>> months. the site itself is broken - specifically, if you care about an
>>>> encrypted connection, as the certificate has not worked since all
>>>> indymedia certificates were revoked last year.
>>>
>>>
>>>
>>> Thank you GDM, for this update, and for reminding us of this dilemma.
>>>
>>> My experience has been that for many years people who visit indymedia
>>> pages write to me, or tell me in person, that "the website doesn't
>>> work". When I query, I find that it's always the issue of the
>>> certificates.
>>>
>>> Most people find the certificate notice that comes up to be an obstacle,
>>> because they don't know what to do with it. Most browsers have terrible
>>> and incomplete instructions on how to deal with one of those certificate
>>> notices, so people just give up and leave to surf elsewhere.
>>>
>>> I always feel embarrassed to explain that this certificate system is
>>> something we have "because of advice from our technicians", but I can't
>>> really explain how we arrived at this decision, and why we still persist
>>> on having it.
>>>
>>> Millions of websites on the internet work just fine without this
>>> certificate system. I would prefer that we lose whatever security or
>>> protection the certificate system provides, instead of continuing to
>>> lose and alienate our readers.
>>>
>>> Doing away with it entirely would simplify our website and would make it
>>> more accessible to more people.
>>>
>>> Thanks,
>>> Petros
>>> _______
>>> _______________________________________________
>>> www-features mailing list
>>> www-features at lists.indymedia.org
>>> http://lists.indymedia.org/mailman/listinfo/www-features
>>
>> _______________________________________________
>> IMC-communication mailing list
>> IMC-communication at lists.indymedia.org
>> http://lists.indymedia.org/mailman/listinfo/imc-communication
>>
>
>
> _______________________________________________
> IMC-communication mailing list
> IMC-communication at lists.indymedia.org
> http://lists.indymedia.org/mailman/listinfo/imc-communication
>